2009 May 3, 10:36
Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would
prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty
neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the
theif doesn't even have the common decency to let me have the thought first!
With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be
done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.
technical stolen-thoughts csrf netflix security 2009 May 2, 8:54Humorous Firefox bug description: "This privacy flaw has caused my fiance and I to break-up after having dated for 5 years."
firefox bug humor privacy browser web 2009 Apr 22, 10:00Including music that's been otherwise sued out of existence.
video art politics copyright mp3 ip images law media 2009 Apr 15, 7:38The Improv Everywhere's "Best Funeral Ever" April fools prank is reported as news and then runs into copyright issues: "The biggest fools of all were the CW 11 news team who reported on the funeral
as if it actually happened... I of course uploaded their story to my personal YouTube channel to show the world their lack of journalism skills. Tonight I got a copyright notice from YouTube
informing me that Tribune ... had filed a copyright claim against the video and that it had been removed."
copyright humor video prank improv-everywhere funeral via:boingboing 2009 Apr 13, 1:11These have been popping up all over the internet, but I just had to share them with you in time for Easter. I'll take one of each in my Easter basket!
cute cat bunny easter photo for:hellosarah 2009 Apr 13, 10:17If the face drawn onto the robot hadn't been as cute I doubt as many people would have helped =). "Tweenbots are human-dependent robots that navigate the city with the help of pedestrians they
encounter. Rolling at a constant speed, in a straight line, Tweenbots have a destination displayed on a flag, and rely on people they meet to read this flag and to aim them in the right direction to
reach their goal."
tweenbot video social map robot cute nyc society humor 2009 Apr 7, 5:26"According to an exclusive interview Penn gave to Entertainment Weekly's Michael Ausiello, he's been asked to serve in the Obama administration as as the associate director of the office of public
liaison." Spoilers in the link.
kal-penn house tv politics 2009 Apr 7, 11:58
This past week I finished Anathem and despite the intimidating physical size of the book (difficult to take and read on the bus) I became very engrossed and was able to finish it in several orders of
magnitude less time than
what I spent on the Baroque
Cycle. Whereas reading the Baroque Cycle you can imagine Neal Stephenson sifting through giant economic tomes (or at least that's where my mind went whenever the characters began to explain
macro-economics to one another), in Anathem you can see Neal Stephenson staying up late
pouring over philosophy of mathematics. When not
exploring philosophy, Anathem has an appropriate amount of humor, love interests, nuclear bombs, etc. as you might hope from reading Snow Crash or Diamond Age. I thoroughly enjoyed Anathem.
On the topic of made up words: I get made up words for made up things, but there's already a name for cell-phone in English: its "cell-phone". The narrator notes that the book has been translated
into English so I guess I'll blame the fictional translator. Anyway, I wasn't bothered by the made up words nearly as much as some folk. Its a good thing I'm long
out of college because I can easily imagine confusing the names of actual concepts and people with those from the book, like Hemn space for Hamming distance. Towards the beginning, the description
of slines and the post-post-apocalyptic setting reminded me briefly of Idiocracy.
Recently, I've been reading everything of Charles Stross that I can, including about a month ago, The Jennifer Morgue from the surprisingly awesome amalgamation genre of spy thriller and Lovecraft
horror. Its the second in a series set in a universe in which magic exists as a form of mathematics and follows Bob Howard programmer/hacker, cube dweller, and begrudging spy who works for a
government agency tasked to suppress this knowledge and protect the world from its use. For a taste, try a short story from the series that's freely available on Tor's website, Down on the Farm.
Coincidentally, both Anathem and the Bob Howard series take an interest in the world of Platonic ideals. In the case of Anathem (without spoiling anything) the universe of Platonic ideals, under a
different name of course, is debated by the characters to be either just a concept or an actual separate universe and later becomes the underpinning of major events in the book. In the Bob Howard
series, magic is applied mathematics that through particular proofs or computations awakens/disturbs/provokes unnamed horrors in the universe of Platonic ideals to produce some desired effect in
Bob's universe.
atrocity archives neal stephenson jennifer morgue plato bob howard anathem 2009 Apr 6, 10:47"It's 1976 again. Abba are on the charts, the Cold War is in full swing - and the Earth is flat. It's been flat ever since the eve of the Cuban war of 1962; and the constellations overhead are all
wrong. Beyond the Boreal ocean, strange new continents loom above tropical seas, offering a new start to colonists like newly-weds Maddy and Bob, and the hope of further glory to explorers like
ex-cosmonaut Yuri Gagarin: but nobody knows why they exist, and outside the circle of exploration the universe is inexplicably warped."
charles-stross scifi read fiction free literature 2009 Apr 1, 10:42Lol at actual Facebook app that does IPv6 over Facebook. "...most network users are not aware of what IPv6 is or are even afraid by IPv6 because it is unknown. On the other hand, Social Networks
(like Facebook, LinkedIn, etc.) are well-known by users and the usage of those networks is huge... With IPv6 over Social Network (IPoSN): * Every user is a router with at least one loopback
interface; * Every friend or connection between users will be used as a point-to-point link... A working prototype has been developed by the author and is freely available: IPv6 over Facebook Social
Network [IPv6overFacebook]."
humor social network ipv6 ip iposn facebook ietf rfc 2009 Mar 23, 12:58Details on a particular browser exploit and how its been resolved in IE8. "One approach they presented allowed attackers to use .NET framework DLL's to allocate executable pages of memory at
predictable locations within the iexplore.exe process. They were then able to demonstrate how .NET behavior could be combined with a separate exploitable memory corruption vulnerability to run
arbitrary code."
security ie8 ie browser hack via:ericlaw 2009 Mar 23, 8:13
I've made another extension for IE8,
Outline View, which gives you a side bar in IE that displays an outline of the current page and lets you make intrapage bookmarks.
The outline is generated based on the heading tags in the document (e.g. h1, h2, etc), kind of like what W3C's Semantic data extractor
tool displays for an outline. So if the page doesn't use heading tags the way the HTML spec intended or just sticks img tags in them, then the outline doesn't look so hot. On a page that does
use headings as intended though it looks really good. For instance a section from the HTML 4 spec shows up quite nicely and I find its
actually useful to be able to jump around to the different sections. Actually, I've been surprised going to various blogs how well the outline view is actually working -- I thought a lot more
webdevs would be abusing their heading tags.
I've also added intrapage bookmarks. When you make a text selection and clear it, that selected text is added as a temporary intrapage bookmark which shows up in the correct place in the outline.
You can navigate to the bookmark or right click to make it permanent. Right now I'm storing the permanent intrapage bookmarks in IE8's new per-domain DOM storage because I wanted to avoid writing
code to synchronize a cross process store of bookmarks, it allowed me to play with the DOM storage a bit, and the bookmarks will get cleared appropriately when the user clears their history via the
control panel.
technical intrapage bookmark boring html ie8 ie extension 2009 Mar 20, 6:18
IE8, the software I've been working on for some time now, has finally been released at MIX09.
As I mentioned previously, I worked on
accelerators (previously named
Activities) in IE8. Looking at the
kinds of things I blog about on the IE Blog, you might also
correctly guess that I work on the networking stack. Ask me about what else I worked on during IE8 development. The past few months were very busy for me and I'm happy this is finally out.
technical internet explorer ie8 2009 Mar 16, 2:35"Society doesn't need newspapers. What we need is journalism. For a century, the imperatives to strengthen journalism and to strengthen newspapers have been so tightly wound as to be
indistinguishable. That's been a fine accident to have, but when that accident stops, as it is stopping before our eyes, we're going to need lots of other ways to strengthen journalism instead."
internet clay-shirky newspaper copyright history journalism via:ethan_t_hein 2009 Mar 12, 2:17
I've made an extension for Internet Explorer 8, FormToAccelerator which turns HTML forms on a web page into either an accelerator or a search
provider. In the design of the accelerators format we intentionally had HTML forms in mind so that it would be easy to create accelerators for existing web services. Consequently, creating an
accelerator from an HTML form is a natural concept and an extension I've been meaning to finish for many months now.
This is similar in concept to the Opera feature that lets you add a form as a search provider. The user experience is very rough and requires some knowledge of accelerator variables. If I can come
up with a better interaction model I may update this in the future, but at the moment all the designs I can come up with require way too much effort. Install IE8 RC1 and then try out FormToAccelerator.
activity html accelerator ie8 internet-explorer activities formtoaccelerator extension 2009 Feb 28, 1:53
sequelguy posted a photo:
On the bridge in front of Treasure Island just before the first show of 'Sirens of TI' that day.
vegas friends beer nevada collegefriends 2009 Feb 23, 10:34Lots of neat web APIs. Added to Delicious network. "Over the past year, I've been tagging interesting data I find on the web in del.icio.us. I wrote a quick python script to pull the relevant links
from my del.icio.us export and list them at the bottom of this post. Most of these datasets are related to machine learning, but there are a lot of government, finance, and search datasets as well."
api data semanticweb information reference 2009 Jan 22, 9:43'Behind the press reports, the academic community has been engaged in a hot debate over whether the evidence supports a connection between the violent content of games and any behavioral effects. One
of the researchers who has argued forcefully that it's not is Christopher Ferguson, who has just published a paper that argues that the continued societal focus on games as a causal factor in
violence is an example of what's termed a "moral panic."'
game violence society videogames 2009 Jan 15, 10:28Thanks to Matt, for the first time I can see myself using Twitter. Twitter app on my phone notifies me when something's posted so my build process can let me know when its done, or when sync finally
finishes, etc. I'd been meaning to setup a mini-notification system with a command line tool to my phone (w/o paying per text msg) but I didn't think of Twitter.
via:swannman api internet curl cli twitter
Some rights reserved