Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the theif doesn't even have the common decency to let me have the thought first!
With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.
More of my thoughts have been stolen: In my previous job the customer wanted a progress bar displayed while information was copied off of proprietary hardware, during which the software didn't get any indication of progress until the copy was finished. I joked (mostly) that we could display a progress bar that continuously slows down and never quite reaches the end until we know we're done getting info from the hardware. The amount of progress would be a function of time where as time approaches infinity, progress approaches a value of at most 100 percent.
This is similar to Zeno's Paradox which says you can't cross a room because to do so first you must cross half the room, then you must cross half the remaining distance, then half the remaining again, and so on which means you must take an infinite number of steps. There's also an old joke inspired by Zeno's Paradox. The joke is the prototypical engineering vs sciences joke and is moderately humorous, but I think the fact that Wolfram has an interactive applet demonstrating the joke is funnier than the joke itself.
I recently found Lou Franco's blog post "Using Zeno's Paradox For Progress Bars" which covers the same concept as Zeno's Progress Bar but with real code. Apparently Lou wasn't making a joke and actually used this progress bar in an application. A progress bar that doesn't accurately represent progress seems dishonest. In cases like the Vista Defrag where the software can't make a reasonable guess about how long a process will take the software shouldn't display a progress bar.
Similarly a paper by Chris Harrison "Rethinking the Progress Bar" suggests that if a progress bar speeds up towards the end the user will perceive the operation as taking less time. The paper is interesting, but as in the previous case, I'd rather have progress accurately represented even if it means the user doesn't perceive the operation as being as fast.
Update: I should be clearer about Lou's post. He was actually making a practical and implementable suggestion as to how to handle the case of displaying progress when you have some idea of how long it will take but no indications of progress, whereas my suggestion is impractical and more of a joke concerning displaying progress with no indication of progress nor a general idea of how long it will take.
More ideas stolen from me in the same vein as my stolen OpenID thoughts.
Fast Pedestrian Crossing on Four Way Stops. In college I didn't have a car and every weekend I had weekly poker with friends who lived nearby so I would end up waiting to cross from one corner of a traffic lit four way stop to the opposite corner. Waiting there in the cold gave me plenty of time to consider the fastest method of getting to the opposite corner of a four-way stop. My plan was to hit the pedestrian crossing button for both directions and travel on the first one available. This only seems like a bad choice if the pedestrian crossing signal travels clockwise or counter clockwise around the four way stop. In those two cases its better to take the later of the two pedestrian signal crossings, but I have yet to see those two patterns on a real life traffic stop. I decided recently to see if my plan was actually sound and looked up info on traffic signals. But the info didn't say much other than "its complicated" and "it depends" (I'm paraphrasing). Then I found some guy's analysis of this problem. So I'm done with this and I'll continue pressing both buttons and crossing on the first pedestrian signal. Incidentally on one such night when I was waiting to cross this intersection I heard a loud multi-click sound and realized that the woman in the SUV waiting to cross the intersection next to me had just locked her doors. I guess my thinking-about-crossing-the-street face is intimidating.
Windows Searching Windows Media Center Recorded TV's Closed Captions. An Ars-Technica article on a fancy DVR described one of the DVRs features: full text search over the subtitles of the recorded TV shows. I thought implementing this for Windows Media Center recorded TV shows and Windows Search would be an interesting project to learn about video files, and extending Windows Search. As it turns out though some guy, Stephen Toub implemented Windows Search over MCE closed captions already. Stephen Toub's article is very long and describes some other very interesting related projects including 'summarizing video files' which you may want to read.