DocBug

Amazing photos 

I so want inside this photographer's head! (Thanks to Beemer for the link!)

Snooping search terms from the browser cache with JavaScript 

SPI Dynamics has an interesting proof-of-concept page that can snoop your browser's cache of visited URLs and figure out whether you've searched for specific terms on Google. Or rather, I assume it can on some people's computers... for some reason it always returns "yup, you searched for that" on both Firefox and Safari on my Mac.

Regardless, it's an interesting attack. It's based on the fact that your browser changes the color of links you've already visited, and sites can determine which style the browser has applied to a link using JavaScript and CSS, thus determining whether a particular URL has been visited or not. This basic concept was described by Jeremiah Grossman's history extractor at Black Hat his year. SPI Dynamics takes it one step further by probing for the URL corresponding to a set of query terms on the popular search sites. They can't just get a list of all your searches, but they could in theory troll for a list of interesting search terms, be they names of competing products, porn sites, common illnesses, etc. and then modify the page being displayed based on that information. (Via Google Blogoscoped.)

Spam, spam, spam, beaked beans, spam, spam... 

According to this graph of spam volume by spam blacklister TQMcube, spam volume has increased more than tenfold in the past six months. I'm not sure if this is some kind of attempt to overwhelm spam-filters and blacklisting services or just another ratcheting up, but I do find it disheartening that doing a news search for "major increase in spam" results in posts and news reports that span several years. (Thanks to Jeff for the link to the graph.)

Where am I? 

Radio Lab had a great hour production called Where Am I?, all about how mind and body collaborate to determine where you and all your assorted parts are in space and how that can sometimes get out of whack. Audio is available for streaming and download, and well worth the listen.

It reminds me of the "That's my hand!" illusion, where you can give someone the uncanny feeling that an obviously-plastic severed rubber hand is actually their own by simply hiding their real hand from view and then simultaneously touching each hand in the same spot at the same time. After about 20 seconds of such touching the illusion kicks in, and is a wonderfully eerie feeling. They have a station for trying this out at the SF Exploratorium, but my first introduction to it was from reading a recent study where scientists induced the illusion while the subject was being scanned by an MRI. What they found was that the illusion corresponds with activity in the premotor cortex, a part of the brain that receives input both visual and touch information, implying that we build our idea of where different parts of our body is in space by correlating our own sense of touch with what we can detect with our other senses. (They also have a more recent study showing that it's not just vision combined with touch — you can get the same effect bindfolded by making the subject think she's touching her left hand with her right when actually she's touching the rubber hand.)

patently obvious 

patently obvious, adj. An idea so blazingly obvious, only the patent office would think it novel enough to patent.

Another reason to not let your toddler watch TV? 

Economics professors at Cornell and Indiana U. have found a possible correlation between watching TV before the age of three and autism. The evidence looks even more circumstantial than the study linking early TV viewing to ADHD, but still interesting: really what they've found is a correlation between diagnosis of autism and the number of rainy days in a particular county for a given period, which is known to correlate with hours kids spend watching TV. I wonder if they also looked at birth month and whether that has an effect — if it did that might imply a critical period of only a few months. (Thanks to Andrea for the link.)

Update 3:30pm: Here's the actual study. Plus, Steven Levitt offers some skepticism at the Freakonomics blog. (Thanks to Judith for the links.)

Do not taunt happy fun ball 

Anders Sandberg has posted some fabulous Warning Signs For Tomorrow over at his blog. And in a similar vein, check out how Dow Chemical designed the biohazard symbol. (By way of Schneier on Security.)

Last day to register to vote in California 

Today's the last day for Californians to register to vote in time for the November 7th election. If you've not yet registered, download the registration form and mail it directly to your county elections official. Forms must be postmarked by today's date.

Reuters opens Second Life bureau 

A few days ago Reuters opened a bureau in Second Life, the online virtual world that's more second home than game to some 400,000 (presumably part-time) residents. Adam Pasick is bureau chief and sole reporter, and is dedicated fulltime to Second Life. As science fiction writer Charlie Strauss put it a month ago, "Truth stranger than fiction? Must write faster, the clowns are gaining ..." (Via NPR's Marketplace.)

Fox uses Treo to break plane crash news 

A Fox News cameraman was about 20 blocks away when the New York small-plane crash occurred last week, so he broadcast live via his Palm Treo smart-phone. (Thanks to Jamey for the link.)

Google Maps for Treo 600, 650 and 700p 

Google just added support for the Treo 600, Treo 650 and Treo 700p to their Google Maps Mobile software (a client application that runs on your phone). Looks pretty good, and includes the ability to see the current traffic conditions along your route, which ironically the main Google Maps software can't do. (Thanks to GirlPurple for the link, via Jill!)

Why don't we only search terrorists? 

Bruce Schneier answers the question "why do we bother making people with security clearances go through airport security?" with the obvious answer "how would an airport screener know if you have a security clearance?"

Heck, as long as we're living in fantasy land, why don't they let non-terrorists bypass security and just focus on The Terrorists? After all, it must not be too hard to tell who's a Terrorist and who isn't, since we're already single them out for torture, rendition to Syria and indefinite detention without review. What's forcing them to spend extra time in line at the airport compared to that?

Fun with Google Code search 

Google just launched a page for searching through publicly-posted source code (including the ability to search by regexp, language and licence), and Kottke.org has compiled a list of some interesting searches people have uncovered, including password files, backdoors, inside jokes and kludge alerts.

(Thanks to Rawhide for the link!)

Custom scream tones 

You've probably already heard about the cell phone that screams after it's reported as stolen. My friend GirlPurple has suggested the perfect add-on market: Custom Scream Tones.

The danger of forwarding 

Kevin Drum has posted an email exchange between convicted lobbyist Jack Abramoff and Karl Rove's assistant, Susan Ralston, part of a larger set released in a bipartisan report by The House Government Reform Committee. Apparently Abramoff sent an email asking for favors to Ralston's personal(?) pager, and that email was forwarded to the Deputy Assistant to the President and then on to a White House aide. That aide in turn warned a colleague of Abramoff's that "it is better not to put this stuff in writing in their email system because it might actually limit what they can do to help us, especially since there could be lawsuits, etc." Abramoff's response to his colleague's warning: "Dammit. It was sent to Susan on her mc pager and was not supposed to go into the WH system."

Political scandal aside, this teaches a fundamental security issue with email. I have no idea whether Ralston's pager was set to automatically forward email while she was on vacation or (more likely) that she forwarded it on to the Deputy Assistant herself as a way to keep him in the loop. Regardless, it's clear that Abramoff recognized that having such emails in the official White House system would be a liability, but he had no control over whether its recipients (either Ralston or possibly her automatic forwarder) would be as prudent.

People who want to speak "off the record" usually think about whether a communication channel is likely to be archived, is subject to subpoena, is secure and so forth. But as it becomes easier to transfer between channels that becomes harder to predict. You might not expect me to archive my voicemail, but if I automatically forward my messages to my email as audio attachments then it probably will be. Similarly, you might expect email sent within a company to stay protected inside the firewall, but if just one recipient forwards his email to his GMail account then that security is blown wide open. The folks involved in the Abramoff scandal deserve to be outed, but the next person to be tripped up by this kind of error might not be so deserving.

Blogging in Motion 

The overall winner of this weekend's Open Hack Day at Yahoo! was Blogging in Motion, which mounts a camera and pedometer in a handbag and then uses the Flickr API (and I presume a cellphone) to automatically blog one picture every minute. Sounds like a purse version of Steve Mann's Wearable Wireless Webcam, and more recently Microsoft Research Cambridge's SenseCam system, all hacked together in just one 24-hour marathon.

Link courtesy of Aileen, who also points out that one of the team members, Diana Eng, was also one of the contestants on last season's Project Runway.

New York Times holding out for a "simple" civil war? 

In an interview with NPR's On The Media, New York Times Deputy Foreign Editor Ethan Bronner had this to say about what it would take for the Times to decide that Iraq has finally turned into a civil war (question is 3:10 into the interview):

I don't think I could answer that you know, sort of, we need to see X, Y and Z. I think that broadly speaking if it seemed that the sides of conflict in Iraq had separated themselves into full-blown millitias / armies and war was the full-time occupation in Iraq, that would be a civil war and I imagine that's when we would start calling it that.

...

At a certain point it will, if in fact it grows to the point where the sides have divided into clearly defined groups fighting one another, I mean the government for example is a mix of Sunni, Shia and Kurd. Is it a player in this "civil war" that other people see? It's not clear to me.

I wonder how the Times reconciles this whole Blue vs. Grey definition of civil war with the fact that wars are increasingly being fought by networks of loosely-affiliated like-minded allies rather than clearly defined armies. If they can accept that the US is at war with a "transnational movement of extremist organizations, networks, and individuals" (to quote a recent Defense Department publication) why insist on clearly-defined armies in the case of a civil war? If anything, civil wars have historically been messier and more complicated than other wars, not simpler.

If the Times is waiting for the situation in Iraq to congeal into a simple pie chart before they decide it's in a state of civil war, I expect they'll be waiting quite a while.