The Wikipedia community is trying to respond to whitewashing of politically-sensitive articles that appear to be coming from congressional staffers themselves (with the staff of Marty Meehan (D, MA) being one of the biggest culprits).
I'm always amazed that Wikipedia works as well as it does — hopefully the bad press Meehan and other congress-critters get over this flap will outweigh any good press specific staffers may have hoped to achieve.
I'm sure you can think of your own scenarios where this would be a Bad Thing™, but the case that brought it to my attention was from a supposedly-anonymous reviewer of an academic paper who discovered Remote's website in his firewall logs.
The simple moral of the story is that content formats should not be able to run arbitrary code, but the more general point is one of setting limits and expectations. End-users need to be able to limit what's run on their own computers, and when the actual limits are broader than what a naive user might expect (such as when their supposedly-static PDF document can actually access the network) it's extra important for the system to alert the user what's happening and get permission first.
To their credit, Adobe seems to have heeded the moral: the current version of Acrobat Reader (at least on the Mac) gives a pop-up warning saying the PDF is trying to access a remote URL, and allows you to save your security settings on a site-by-site basis. I don't know when they added this alert or whether it was in response to problems like those I mentioned, but regardless it's nice to see the feature.
(Thanks to Dirk for the link.)
I just posted another DIY-trap page, this one an exploding-cap trap for a drawer. This is what I'd call a third-level trap: it takes a bit of dexterity and knowledge to disarm, but anyone with a little experience shouldn't have any trouble getting past it. I never sent this one off to Jay; it just sits on my shelf to surprise visitors who haven't learned to be careful when opening boxes around my place.
You can browse through previous traps at my Traps Gallery (I've only posted a couple so far, but more will be coming).
I'm a bit late on this, but I'm psyched to see that last week Google flipped the switch to allow all their Google Talk instant messenger accounts to talk to any other Jabber client out there. I've not verified it yet, but I think that included people with .Mac accounts using iChat, and BigBlueBall has a nice tutorial on how to use the federation to hook up your GTalk account directly to AIM, Yahoo!, MSN and ICQ using Jabber transport services.
This is the final step I've been waiting for before ditching my AIM account and going entirely to Jabber!
...sounds crazy, no?
File this one under "Only in San Francisco." One of the attractions at a friend's birthday party this past weekend was watching them have their chimney swept by a gargoyle.
In hindsight, I guess being a chimney-sweeping grotesque architectural decoration is an odd odd job to have, but somehow Shadow (a costuming major from USCS who always swept out his Dad's chimney every year) made it seem like a perfectly normal thing to do. Heck, maybe it is...[more pictures]
For over fifteen years my friend Jay and I have exchange trapped presents at Christmas. When I say trapped I mean it in the classic Circle of Death game style — if you open the present carelessly a buzzer will sound or explosive cap will trigger.
I usually focus on making it difficult to find and disarm a simple explosive-cap trap, but this year I wanted to change things up a bit and focus on the effect itself. In particular, I wanted to make a box trap that would shoot darts out in all directions, machine-gun style. It had to be completely mechanical (what can I say, I like the style better), and had to be stable enough to ship through the mail without going off or getting jammed. After many attempts I landed on this rather elegant sprung-hammer design (click for video and construction notes).
The Free Software Foundation has posted a draft version of the new General Public License v3.0, and are soliciting comments. One thing that caught my eye is language intended to make it more difficult for people using GPLed code in DRM systems:
3. Digital Restrictions Management
As a free software license, this License intrinsically disfavors technical attempts to restrict users' freedom to copy, modify, and share copyrighted works. Each of its provisions shall be interpreted in light of this specific declaration of the licensor's intent. Regardless of any other provision of this license, no permission is given to distribute covered works that illegally invade users' privacy, nor for modes of distribution that deny users that run covered works the full exercise of the legal rights granted by this License.
No covered work constitutes part of an effective technological protection measure: that is to say, distribution of a covered work as part of a system to generate or access certain data constitutes general permission at least for development, distribution and use, under this License, of other software capable of accessing the same data.
I gather the second paragraph is intended to grant specific permission to reverse-engineer and make derivative works under the DMCA. It's an interesting tactic, but I'm not sure how often the licensor of the software (and thus the person granting general permission) would also own the copyright on the data being produced. If I make a DRM-enabled video-player and you break my crypto on the new Disney movie it's playing, isn't it Disney who'll come after you under the DMCA? What difference does it make if you have my permission?
I just installed TurboTax Deluxe 2005 for the Mac (Intuit annoys me, but TaxCut discontinued their Mac version). Their installation program includes the following End-User Licence Agreement dialog-box::
Notice anything missing in this agreement that asks me to confirm that I've read and printed a copy? Like, say, a way to actually print the stupid thing? No print button, no menu items functioning, not even a way to resize the tiny window. About 20% of the way down (just below the part saying I agree to notify them promptly if my email address changes) is a note saying:
(f) Printing. You may print this document by clicking on the print button or by going to the TurboTax web site at www.turbotax.com to access and print a copy of it.
Of course, there's no print button and no indication of where on their website this elusive copy of the EULA can be found (I eventually found the link in the fine print at the very bottom of their page).
And I'm trusting these guys with my taxes?
The European Space Agency & Australian National University just announced a new type of ion engine that has four times the efficiency of previous engines. That's pretty cool, but the part of the story that really impressed me was this:
The new experimental engine, called the Dual-Stage 4-Grid (DS4G) ion thruster, was designed and built under a contract with ESA in the extremely short time of four months by a dedicated team at the Australian National University. "The success of the DS4G prototype shows what can be achieved with the passion and drive of a capable and committed team. It was an incredible experience to work with ESA to transform such an elegant idea into a record-breaking reality", says Dr. Orson Sutherland, the engine's designer and head of the development team at the ANU.
I don't know how much technology they were able to leverage or really what's involved, but 4 months sounds really fast to go from idea to working prototype. Wow.
(Thanks to Nerfduck for the link!)
My friend Jay got me an SeV Sport TEC jacket for Christmas — I haven't used the "Personal Area Network" channels for iPod headphones or the like (yet), but man is it nice to have all these pockets. I gave it a test drive in Joshua Tree National Park last weekend, and it was great to have one pocket for the camera, another for the wallet, a third for "little important things" like matches, LED flashlight & pocketknife, a fourth for trail maps, a fifth for trail mix, a springy lanyard for the car key, a back pouch for the removable sleeves, etc. I kept finding new pockets all through the trip, each with a little card in it printed with suggestions for what I might use it for. Definitely the great geek-gift of the season!
Denim giant Levi Strauss said on Tuesday it had designed jeans compatible with the iPod music player, featuring a joystick in the watch pocket to operate the device.
The Levi's RedWire DLX Jeans for men and women, which will be available this fall, also have a built-in docking cradle for the iPod and retractable headphones.
BBC News reports the jeans will be launched around August for around $200.
(Update: forgot to thank Aileen for the link!)
Boing Boing reports that Apple's iTunes 6.0.2 has a new "feature" where clicking on a song in your playlist pops up related albums on sale at the iTunes Music Store in a little window at the bottom. Apple does it by sending the song, artist, album, genre and ID to Apple (presumably — the IP addresses are in the 69.144.123.xx range, which is Akamai).
GET /WebObjects/MZSearch.woa/wa/ministoreMatch?an=Music+From+The+Motion+Picture&gn=soundtrack&kind=song&pn=Austin+Powers+-+The+Spy+Who+Shagged+Me HTTP/1.1
This is rightly being decried as spyware (really, how could it not be?) though at least iTunes will stop announcing what you're listening to if you close the mini-store window (using the new "box with up-arrow" button in the lower-right corner).
My PhD thesis was all about designing software that provides information based on what you're doing and I have a soft spot for applications like this, but I see three fundamental problems in what Apple has done here. First and most importantly, the mini-store is for their benefit rather than mine — they're taking advantage of the impulse buyer in all of us, hoping we'll make purchases we wouldn't make if we had time to think about it. Second, their application requires that personal (if not personally identifiable) information be sent over the net rather than processed locally, with no idea how long the info is kept or how it might be used. Music collections are personal things, and even if I liked the mini-store application I'd think twice about clicking on a lewd song for fear of how that info might be used or eventually tied back to me. Finally and most obviously wrong, they're snooping without asking, which is just plain rude and makes me distrust the company and the software.
Update 1/12/05:As Charles points out in the comments, MacOSXHints reports that Apple has told them that absolutely no information is (currently) being collected from the MiniStore. I'm glad to hear it (and would have been a little surprised if it was otherwise), but it doesn't change my not liking such data going beyond the bounds of my own domain. If the Mini-store was actually useful to me I might be willing to make that sacrifice, but as it is it's just annoying.
As my friend Aneel points out, Apple just announced their new Intel-based computers, and in response their stock rose... to 80.86. They say markets have a mind of their own — do you think they have a sense of humor?
One of the gadgets announced at CES last week was Celestron's SkyScout, a hand-held viewfinder that identifies stars being viewed, based on GPS + compass and accelerometer to tell your location and where in the sky you're looking. Cute concept — assuming they did a good job on the implementation, it's nice example of hand-held augmented reality that avoids most of the normal difficulties: the environment being tagged (the night sky) is extremely well-modeled and predictable, the user tends to be looking in one place rather than walking around or moving his viewfinder, it's always outdoors with a good view of the sky so GPS always works, and it's night so you don't have to worry about the sun washing out the display (it also uses both text and audio, so presumably you can also avoid having the display wash out your night vision).
(Link via B.K. DeLong.)
The thing that scares me about data mining is not that super-secret information about me is revealed — my Amazon wish-list doesn't contain anything I'd be embarrassed or concerned if it was seen by any of my friends or for that matter 99% of the other people in the world. And odds are good that anyone bothering to look me up by name or go to my website will fall into that category. The trouble is that if I pop up in a trolling-expedition at all it's much more likely the troller is among that 1% of the people that I would be upset about reading my wish-list. Ed McMahon doesn't mine the Internet to pick winners of the Publishers Sweepstakes, but over-zealous FBI agents do look for people promoting the wrong politics, companies look for suckers to blast with seemingly perfect-for-you product announcements, con artists look for rich recently-widowed women above a certain age, and pedophiles look for young latch-key kids with their own webcams.
Podzinger is a nice little search engine for podcasts that indexes the podcast audio (using BBN's speech-to-text software) as well as available metadata. They also have a nice interface for showing searched-for words in their transcript, with the words linking to the proper segment in the audio clip.
Bush's eavesdropping program was explicitly anticipated in 1978, and made illegal by FISA. There might not have been fax machines, or e-mail, or the Internet, but the NSA did the exact same thing with telegrams.
We can decide as a society that we need to revisit FISA. We can debate the relative merits of police-state surveillance tactics and counterterrorism. We can discuss the prohibitions against spying on American citizens without a warrant, crossing over that abyss that Church warned us about twenty years ago. But the president can't simply decide that the law doesn't apply to him.
This issue is not about terrorism. It's not about intelligence gathering. It's about the executive branch of the United States ignoring a law, passed by the legislative branch and signed by President Jimmy Carter: a law that directs the judicial branch to monitor eavesdropping on Americans in national security investigations.
It's not the spying, it's the illegality.
Personally, I think it's the illegality and the spying, but in the name of keeping the debate clear I'm happy to keep the two arguments separate.