Mitsubishi just announced its Pocket Projector, which is about the size of your hand and can project a 20″ image from just over a foot away. The press release doesn’t say how bright it is or whether you’ll need lights out to see it well — it uses three colored Lumileds LEDs. SRP $699.
Mitsubishi Pocket Projector Read More »
There’s a nasty phishing exploit that was made public yesterday that lets anyone fake any domain including SSL certificates. The problem comes out of international domain name support and the fact that the English letter a and the Cyrillic letter а look almost identical. It affects pretty much every web browser except IE and Lynx, which don’t support international domain names yet. (If you installed the IE plugin for IDN support, you’re still vulnerable.)
The phishing attack is really simple. Domain names can now include non-Latin characters, which are mapped back into a “common name” so it’s backwards-compatable. So, for example, the Latvian domain name in http://tūdaliņ.lv translates into the common name http://xn--tdali-d8a8w.lv/. So all you have to do is register something like the domain www.xn--pypal-4ve.com and then send people to the innocuous-looking www.pаypal.com. (Course, if you’ve already fixed your browser you won’t be able to follow the link anymore….) If you look carefully or if your browser isn’t displaying this page as Unicode you can see the letter а is in a different font (in fact, it’s a Cyrillic “a”).
Temporary fix for Firefox:
You can check to see if you’re vulnerable by going to the website http://www.shmoo.com/idn/
Update: It turns out the fix I listed does not work in at least some versions of Firefox (sigh). The user preference gets set all right, but for some reason Firefox ignores it. Tech.Life.Blogged has posted both a somewhat kludgy workaround that at least disables IDN support until you install a new plug-in, and a nicer fix that just involves installing the AdBlocker extension and configuring it to block URLs that contain characters outside of the normal ASCII.
Longer term we really need a preference that paints the address-bar or otherwise warns us when a domain contains characters from more than one language set — that’d solve both the problem of pаypal and the equivalant domain that’s all Cyrillic except for the Latin character a.
Update 2/15/05: Sounds like one of the original authors of IDN, Paul Hoffman, has proposed something that goes one better than what I was proposing: highlight characters from different languages in different colors. That way it’s not a “warning” (and constant false alarm for languages that routinely mix character-sets) but still stands out if you weren’t expecting it. (Thanks to Boing Boing for the link.)
Update 2/26/05: Firefox 1.01 has been released with a fix — now punycode appears on the URL line as the encoded www.xn--pypal-4ve.com (it can be changed back to the old display in the configuration). While not as pretty as Hofflan’s solution, it’ll work. Note also that Shmoo has stopped hosting https://www.pаypal.com, though they still have a test link up at http://www.shmoo.com/idn/.
Major Firefox Security Vulnerability Read More »
Google released their Google Maps service today — one look shows yet again that interface design is one of their serious strengths. The maps are just plain pretty, the drop-shadows keep you from confusing map & overlay and they’ve even managed to glide to new positions rather than blank the screen and reload when you recenter. The link to directions even includes the zoom level and where you were centered on the screen. It’s also fast, and apparently the client-side stuff is all done in Javascript — I’m impressed.
If I were any of the other mapping services I’d be scrambling to catch up right about now…
I just started playing with Disk Inventory X, a nice treemap diskspace visualizer for Mac OSX. (Windows users can use the older and more complete WinDirStat to do something similar.)
Disk size has nothing to do with importance, but I still get a weird feeling seeing my music collection as a big blue block some 50 times bigger than the project I’ve been working for almost two years. Now I wish I had a treemap for how I spend my time during the day…
Update: and for Linux there’s KDirStat, which is apparently older than either of the other two…
Treemap diskspace visualizers Read More »
Lovely hack pointed out to me by mdlbear — a “worst novel ever” written by some 30 SF writers & editors as a part of a sting operation to out Publish America as a vanity press. Some links:
Technology Review recently declared they are trying to get back to being more science & analysis, less breathless hype. Let’s hope David Talbot’s Terror’s Server in the February ’05 issue was just still in the pipeline before they made that decision. Here’s the letter to the editor I just sent:
David Talbot’s “Terror’s Server” was the kind of rambling, analysis-free hand-wringing we came to expect from the mainstream press in the mid 90s, not from Technology Review in 2005. Talbot’s main point that terrorists are (gasp) using the Internet is obvious and trivial. Terrorists are also using telephones, SUVs, credit cards, textbooks and mail-order catalogs to plan their attacks. Why is there no call for the automobile industry to “fix” their terrorist SUV problem?
The Net amplifies individual voices, be they the voices of civil rights activists, cancer survivors or terrorists. The real issue is not whether terrorists use the Net (just like everyone else does these days), but whether society is better off allowing individual voices to be so easily heard. This is an important debate with historic undertones; Gutenberg’s press amplified Luther’s 95 theses and led to hundreds of years of war and bloodshed — and to the Protestant Reformation and Renaissance. Please, next time address the issue directly instead of simply hiding behind the terrorism flag.
Bradley Rhodes
PhD, MIT Media Lab (2000)
Tech Review waves the terrorism flag Read More »
Yesterday’s Close To Home cartoon pretty well nails the current state of copyright…
Art immitates life… Read More »
I’ve finally upgraded to the latest version of MovableType. I was sore tempted to swap out to WordPress, since in general I prefer using open source software and I’m not all that pleased with MT’s Passport-like play for lock-in, but in the end convinience and the prospect of having to redirect hundreds of blog entries and comments won out.
The biggest upshot of this is that comments are now working again (I’d disabled/broken them in a diluge of spam a while back), and hopefully the latest version of MT Blacklist is up to the task.
Upgraded blog software, comments enabled again Read More »
The Makyoh (Japanese for “magic mirror”) is an ancient art that can be traced back to the Chinese Han Dynasty (206 BC — 24 AD). They were made of metal, usually with an intricate pattern carved or cast on the back and the front polished to a mirror finish. The front looks like a smooth reflecting surface, but when sunlight or other bright light is reflected onto a wall a glowing pattern emerges. Usually the image seen would be the same as the image on the back of the mirror, often an image of the Budah or other focus for meditation. The art later moved to Japan (especially Kyoto), and after missionaries brought Christianity into Japan in the mid 1500s many mirrors were made with secret images of the Holy Cross or of Christ. Because Christianity was punished at the time, many Christians wore such magic mirror as a secret sign of their faith.
I just received a modern makyoh from the Grand Illusions toy shop, a wonderful site for exotic, clever and scientific toys (and they now accept PayPal). One thing I love about Grand Illusions is that they include videos and articles about how their toys work, including the magic mirror. Much as I respect the secrecy magicians have for their tricks, I much prefer the magic scientists perform — real magic isn’t spoiled when you know the secret, it’s even more amazing.
I’ve posted a few other pictures on my pictures page.
Makyoh (Japanese magic mirror) Read More »
 |
In early November & late January MIT has a little local astronomical phenominon known as MIThenge, when the sun shines directly down the 825-foot infinite corridor that forms the spine of main campus. This year’s convergence starts at around 4:49pm EST for the next few days.
I always loved this little architectural Easter egg when I was a student, but according to the MIT News Office the phenominon is likely by accident rather than design:
Historical data suggests that the solar alignment was not intended by the buildings’ architects, who were more concerned with the view of the Charles River. According to a recent article in Sky & Telescope magazine, the phenomenon was noticed and publicized in the 1970s by Thomas K. Norton, a research affiliate in architecture. Students at the time did some calculations as part of a class project, and posters were put up around campus advertising a “sun set celebration.”