urn page 7 - Dave's Blog

Caught with Fake Info for Albertson Grocery Card

2009 May 25, 3:02

Checking out at a grocery store to which I rarely go, the cashier asks me if I want an Albertson's card. I respond sure and she hands me the form on which I give up my personal information. I ask if I need to fill this out now, and she says yeah and it will only take two minutes, which surprised me because at QFC they just hand me a new card and send me on my way. I fill in my phone number as the first ten digits of pi so I don't have to worry about getting phone calls but its something I can remember next time I'm there and don't bring the card.

I turn to leave and the cashier asks me is that a '759' or '159' in my phone number. I stop for a second because I only know the digits as a sequence from the start and pause long enough reciting it in my head that its clear its not my phone number. And she calls me out on it: "Is that your real phone number?" I sigh, "No, does it have to be? Are you going to call me?" "Yeah," she says, "I'll call you." (ha ha) "Well I'll try entering this number," she says doubting the computer will accept the fake phone number. "On the number's already registered," she says, "So you already had a card." "No," says the manager who had walked up during for this exchange, "It means someone else used that same number." So the moral of the story is, try your fake phone number before trying to use it to get a new card.

personal2 pi albertsons

Star Trek Thoughts

2009 May 8, 8:23

I watched the new Star Trek movie Thursday morning, along with many others who work on Windows. Microsoft rented out a theater and played the movie on all screens. I greatly enjoyed the movie!

Spoilers follow... I'm obviously not the biggest Star Trek nerd (or at least TOS nerd) since I didn't even pick up on the fact that Kirk's dad being dead was a discrepancy from the TV series. I only figured out the alternate time-line stuff when they killed most of the Vulcans. I was just surprised they didn't set right what once went wrong by the end of the movie with some more time travel magic to bring back Vulcan. On that note, I'm pretty sure the Spock-Spock conversation at the end, is Nimoy Spock sending Sylar Spock off to school so that Nimoy Spock can get freaky repopulating the Vulcan race. Although at first after his 'two places at once' comment I thought he was saying... something else. Also, was the main evil guy a random miner turned psycho? And his crazy looking spaceship that destroys the Federation fleet was just a mining vessel from the future? Once they invent time travel anybody can get drunk, go back in time, and conquer Earth.

personal2 nerd movie star-trek spoliers time-travel

Netflix CSRF - Stolen Thoughts

2009 May 3, 10:36

Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the theif doesn't even have the common decency to let me have the thought first!

With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.

technical stolen-thoughts csrf netflix security

Netflix Watch Instantly Recommendations

2009 May 3, 9:17

Netflix lets you watch a subset of their movies online via their website and a subset of those movies are available to watch on the Xbox 360's Netflix app. so its not always easy to find movies to watch on Xbox 360. Yet, I regularly see my Xbox friends using the Netflix app and its a shame they didn't make an easy way to share movie recommendations with your friends. Instead we must share movie recommendations the old fashioned way. Here's the movies I've found and enjoyed on my 360.

Weeds

You don't have to be a stoner to enjoy this humorous and dramatic satire featuring a widow trying to raise her children and deal pot in suburbia.

Avatar The Last Airbender

An American animated series that's an amalgamation of various Asian art, history, religion, etc. that maintains a great story line.

Paprika

If you enjoyed Paranoia Agent you'll enjoy this movie in the same animation style and by the same director and writer, Satoshi Kon. Its like a feature length version of a Paranoia Agent episode in which a dream machine lets outsiders view one's dreams but eventually leads to blurring the dreams and reality.

Grindhouse Planet Terror

I didn't see either of the Grindhouse movies when they first came out, but of the two, Planet Terror is the more humorous and exciting gore filled parody.

Outsourced

A refreshing romantic comedy that still has a few of the over played tropes but is easy to enjoy despite that.

The King of Kong

A hilarious documentary on the struggle between the reigning champ hot-sauce salesman and the underdog Washington state high school science teacher to obtain the Donkey Kong world record high score. After watching, checkout this interview with the creators of the movie and the villain.

Primer

I've mentioned Primer before, but I put it on here again because its really good and you still haven't seen it, have you?

movie personal netflix

Flickr Visual Search in IE8

2009 Apr 10, 9:48

A while ago I promised to say how an xsltproc Meddler script would be useful and the general answer is its useful for hooking up a client application that wants data from the web in a particular XML format and the data is available on the web but in another XML format. The specific case for this post is a Flickr Search service that includes IE8 Visual Search Suggestions. IE8 wants the Visual Search Suggestions XML format and Flickr gives out search data in their Flickr web API XML format.

So I wrote an XSLT to convert from Flickr Search XML to Visual Suggestions XML and used my xsltproc Meddler script to actually apply this xslt.

After getting this all working I've placed the result in two places: (1) I've updated the xsltproc Meddler script to include this XSLT and an XML file to install it as a search provider - although you'll need to edit the XML to include your own Flickr API key. (2) I've created a service for this so you can just install the Flickr search provider if you're interested in having the functionality and don't care about the implementation. Additionally, to the search provider I've added accelerator preview support to show the Flickr slideshow which I think looks snazzy.

Doing a quick search for this it looks like there's at least one other such implementation, but mine has the distinction of being done through XSLT which I provide, updated XML namespaces to work with the released version of IE8, and I made it so you know its good.

meddler xml ie8 xslt flickr technical boring search suggestions

Platonic Ideals in Anathem and The Atrocity Archives

2009 Apr 7, 11:58
This past week I finished Anathem and despite the intimidating physical size of the book (difficult to take and read on the bus) I became very engrossed and was able to finish it in several orders of magnitude less time than what I spent on the Baroque Cycle. Whereas reading the Baroque Cycle you can imagine Neal Stephenson sifting through giant economic tomes (or at least that's where my mind went whenever the characters began to explain macro-economics to one another), in Anathem you can see Neal Stephenson staying up late pouring over philosophy of mathematics. When not exploring philosophy, Anathem has an appropriate amount of humor, love interests, nuclear bombs, etc. as you might hope from reading Snow Crash or Diamond Age. I thoroughly enjoyed Anathem.

On the topic of made up words: I get made up words for made up things, but there's already a name for cell-phone in English: its "cell-phone". The narrator notes that the book has been translated into English so I guess I'll blame the fictional translator. Anyway, I wasn't bothered by the made up words nearly as much as some folk. Its a good thing I'm long out of college because I can easily imagine confusing the names of actual concepts and people with those from the book, like Hemn space for Hamming distance. Towards the beginning, the description of slines and the post-post-apocalyptic setting reminded me briefly of Idiocracy.

Recently, I've been reading everything of Charles Stross that I can, including about a month ago, The Jennifer Morgue from the surprisingly awesome amalgamation genre of spy thriller and Lovecraft horror. Its the second in a series set in a universe in which magic exists as a form of mathematics and follows Bob Howard programmer/hacker, cube dweller, and begrudging spy who works for a government agency tasked to suppress this knowledge and protect the world from its use. For a taste, try a short story from the series that's freely available on Tor's website, Down on the Farm.

Coincidentally, both Anathem and the Bob Howard series take an interest in the world of Platonic ideals. In the case of Anathem (without spoiling anything) the universe of Platonic ideals, under a different name of course, is debated by the characters to be either just a concept or an actual separate universe and later becomes the underpinning of major events in the book. In the Bob Howard series, magic is applied mathematics that through particular proofs or computations awakens/disturbs/provokes unnamed horrors in the universe of Platonic ideals to produce some desired effect in Bob's universe.

atrocity archives neal stephenson jennifer morgue plato bob howard anathem

Thoughts on registerProtocolHandler in HTML 5

2009 Apr 7, 9:02

I'm a big fan of the concept of registerProtocolHandler in HTML 5 and in FireFox 3, but not quite the implementation. From a high level, it allows web apps to register themselves as handlers of an URL scheme so for (the canonical) example, GMail can register for the mailto URL scheme. I like the concept:

• Better integration of web apps with your system.
• Its easy for web apps to do.
• Links to URNs can now take the user to the sites the user prefers for the sort of thing identified by the URN. For example, if I have a physical address in HTML, instead of making that an http link to Yahoo Maps, I can make the link a geo scheme URI and those who follow the link will get their preferred mapping site that has registered for that scheme. Actually, looking at the geo scheme's RFC, maybe I'd rather use some other URN scheme to represent the physical location, but you get the point.

However, the way its currently spec'ed out I don't like the following:

• There's no way to know if you are the handler for a particular URL scheme which is an important question for web app URL protocol handler authors.
• There's no way to fallback to an http URL in the case that a particular URL scheme isn't registered. A suggested solution to testing the registration of a scheme is for browsers to provide an additional script method to check if a scheme is registered. I don't like the idea of writing script that walks over all my page's links and rewrites them based on that method. I'd much rather see a declarative and backwards compatible fallback mechanism, although I don't know what that would look like.
• There's no way to register for a namespace within the urn scheme URI, the info scheme URI, or the tag scheme URI. I want to register info:lccn/... (Library of Congress Card Number identifiers) to LibraryThing or Amazon and I want to register urn:duri:... (dated URIs) to the Web Archive, among other things.


• Will this result in a proliferation of unregistered URL schemes with clashing namespaces? The ESW Wiki notes why this would be bad.
• And last, although this is nitpickier than the rest, I don't like the '%s' syntax used in the registration method. I'd much rather pass in an URL template, like the URL template used in OpenSearch. If an URL template is used for matching rather than registering against a particular URL scheme, this could also allow for registering a namespace within a URN. For example something along the lines of: registerProtocolHandler("info:lccn/{lccnID}", "htttp://www.librarything.com/search_works.php?q={lccnID}", "LibraryThing LCCN")

url template registerprotocolhandler firefox technical url scheme protocol boring html5 uri urn