Stuffis
Welcome to Brent's pile o' stuff. More for my use than yours, so
why organize?
This is cool: In Google Maps
you can now customize your route. So here's
the path I use if I bike to work
or
to the Northtown Mall transit center.
Four stories on why iPhone third-party apps matter, from a long-time Treo user
For 2 years I've been using the Treo 755p which meets my needs admirably; the above article sums up nicely why platform openness matters to me.
I am among those who
"watched with frustration as [Palm] stopped innovating and was passed by"
and have been eager to see Palm be a leader again.
And now the Palm Pre is here!
Security
DRM
Voting
Jon Stokes at Ars Technica has written an article entitled "How To Steal an Election". The PDF file is available here. (It's copyrighted, but permission is granted to distribute it if you link to the original article and PDF, as I've done here.) The rush to implement touchscreen voting with no paper trail as a backup is extremely worrisome; how long before we have a successful fraud that tips the balance of an election?
Web
- Dan Kaminsky talks about browser UI, user expecations, and EV certificates — insightful analysis as always
- Pilosov and Kapela publicize a BGP rerouting method (more) (it isn't really even an "attack" since this is the way BGP is designed to work) which allows someone to intercept (and eavesdrop on) traffic bound for a certain IP range. Mudge from L0pht had already pointed this out a decade ago.
- A nifty hack: If we have to have CAPTCHA, why not put the recognition to use in digitizing books (reCAPTCHA).
- Great article on current state-of-the-art in CAPTCHA technology — Google's fared best but even theirs has been broken and broken again — Schneier points to a "group [that] is the best out there at defeating CAPTCHAs" (check out their own pretty 3D CAPTCHA)
- Steven J. Vaughan-Nichols says in his article How CAPTCHA Got Trashed that CAPTCHA isn't a viable solution any more. One of his contributors said "harder CAPTCHA solutions mean harder problems for people as well" which I think is the key point — we've reached the "crossover point" where CAPTCHAs that are sufficiently hard to break are harder to use than users will tolerate. (And that doesn't even cover solutions that use humans to break the CAPTCHA for you...)
- Current research on breaking CAPTCHA: Preventing segmentation (breaking the CAPTCHA word up into individual characters) is very important to making it resist attacks (apparently OCR'ing individual letters, however distorted, is not too hard). Microsoft's CAPTCHA algorithm apparently allows segmentation too easily.
- Article on The problem(s) with OpenID
- Insidious automated ARP cache poisoning/HTML injection attack: a machine sits on the network, and poisons the ARP cache for clients on that network to make them think its NIC is the default gateway; acting as a man-in-the-middle, it rewrites HTTP sessions to insert a hostile 0-size <iframe>; client web surfing to any site can now include code for anything the browser is vulnerable to
- Dan Kaminsky continues to astound; his work in 2007 includes circumventing the browser's trust model using a combination of DNS entries, a custom TCP/IP stack written in Flash, etc. — now you have a "beachhead" behind the firewall/within the intranet to send whatever exploits you want
- "Inter-protocol Exploitation" technique: (1) Establish a control channel between a browser's JavaScript engine and an outside controller, so that JS commands can be passed to it, and then (2) have the JavaScript engine assemble protocol frames to attempt exploits from within the network; optionally (3) combine with XSS for an even more dangerous combination
- "Drive-By Pharming" (or Cross-Site Request Forgery, CSRF): JavaScript on a web page that attempts to log into routers and other local network devices using default passwords, and then alters DNS settings to point to a poisoned DNS server
- Applying "fuzzing" techniques to browsers: Michal Zalewsky (2004), HD Moore (Metasploit, 2006) — Month of Browser Bugs
- Why Phishing Works ("To summarize the summary of the summary: people are a problem." — Douglas Adams)
Mac OS X
VoIP
It turns out that even though most VoIP streams are encrypted, the ones
that use variable bit-rate (VBR) compression are
vulnerable to analysis.
Mobile
Small is beautiful:
UK mobile application developer Masabi
has launched EncryptME,
a Java ME security component with officially validated implementations
of 4096-bit RSA and 256-bit AES... in only 3K! "Using a single
SMS message, or a few bytes of GPRS data, EncryptME can set up a
secure session and sign up a new user, a new credit card, and make
a transaction." Nicely done.
Hardware
- Donald Knuth's MMIX 2009 architecture — Knuth is a CS luminary, the author of The Art of Computer Programming (which had MMIX's predecessor, MIX)
- Homebrew CPUs: Ever since my college microcomputer architecture course, I've always wanted to do a project like this; hats off to those that have done it. Here are some cool ones:
- The GPUs in modern graphics cards have their own architecture and APIs, so they can be used for other compute-intensive tasks than just graphics
- Theo DeRaadt (OpenBSD) on serious security vulnerabilities in the Intel Core Duo, some of which can't be worked around by the OS (Intel apparently disputes this)
- References from Dan Kaminsky on the issue that biometric hashes are reversable: researchers have found ways to turn fingerprint or faceprint hashes back into an image that will match the hash
- Device drivers are starting to become a focus — Attackers pass on operating systems: "Now that the OS layer is harder to crack, you are seeing a lot more people going higher up the stack, to applications, or lower, to device drivers" — Hijacking a Macbook in 60 Seconds or Less (was actually an external USB WiFi modem's drivers)
- Interesting interview with the discoverer of a way to obtain "ring 0" access via System Management Mode (SMM) on some x86 hardware
- FreeBSD's Poul-Henning Kamp describes the NTP flood coming from D-Link devices to his NTP server, similar to the earlier NTP DoS from Netgear devices to the U. of Wisconsin.
Social-networking site malware (Jul. 2006)
Windows: The WMF vulnerability (Dec. 2005)
XSS: The "Samy is my hero" MySpace Ajax worm (Oct. 2005)
Security at Microsoft
- eEye has a list of Upcoming Advisories where it tracks as-of-yet unfixed vulnerabilities in Microsoft products
- Secunia also keeps a log of unpatched IE 6 flaws
- Nice interview with Dan Kaminsky (Doxpara) about Microsoft and security
- Brian Krebs at the Washington Post did an analysis of
how long it takes Microsoft to release patches for "critical" vulnerabilities
and the results are interesting. In cases where there's no full disclosure, despite their "Trustworthy Computing" initiative, their time to release "critical" patches has actually risen to an average of 134.5 days (over 4 months). Microsoft steadfastly maintains that the reason for this long time is testing — quality control of the patch to ensure the public trusts Microsoft patches and is willing to install them (which I think is telling in itself). But when there's full disclosure and publication of a working exploit, he says:
one area where Microsoft appears to be fixing problems more quickly is when the company learns of security holes in its products at the same time as everyone else. Advocates of this controversial "full disclosure" approach believe companies tend to fix security flaws more quickly when their dirty laundry is aired for all the world to see [...] In cases where Microsoft learned of a flaw in its products through full disclosure, the company has indeed gotten speedier. In 2003, it took an average of 71 days to release a fix for one of these flaws. In 2004 that time frame decreased to 55 days, and in 2005 shrank further to 46 days.
- "[Dan] Geer's graph shows that Microsoft increased its time-to-patch gap by a little more than one day per month from the start of 2003 to the end of 2005."
Sanitizing MS Word documents (removing hidden data)
Research reveals that even "sanitized" anonymous data is easy to correlate to real people. "Using public anonymous data from the 1990 census [...] 87 percent of the population in the United States [...] could likely be uniquely identified by their five-digit ZIP code, combined with their gender and date of birth." "It turns out that date of birth, which (unlike birthday month and day alone) sorts people into thousands of different buckets, is incredibly valuable in disambiguating people."
As copiers and fax machines get "smarter" we have to start treating them like servers that must be secured and like storage units that must be purged.
An insightful SecurityFocus article from Robert Lemos on
the challenge of defending against zero-day attacks
if your organization uses the traditional patch-cycle approach.
Interesting editorial on
embedded device security.
Good description of, and summary of research into,
practical MD5 collisions.
Schneier
writes
about "identity theft" which he points out is a misnomer (identity is not
"stolen"; the issue is fraudulent use of identification info.). There
are two parts to these crimes: obtaining private data that can be used
to impersonate, and using that data to conduct fraudulent transactions.
Solutions that only focus on the first are insufficient.
IBM's
rebuttal (PDF)
to criticisms about TCPA. In short: TCPA might be used with Palladium
and/or DRM, but those are separate elements requiring separate critique.
TCPA is basically a "smart card built into the computer" and with ties
to the BIOS. Cf. also the classic
Ross Anderson FAQ on TCPA.
HD Moore (Metasploit) points out that in the current climate,
"There is no way to report a vulnerability safely"
(Robert Lemos article). This is a bad trend. Security researchers
(including students) who act responsibly in good faith should be
rewarded for reporting vulnerabilities, not prosecuted for it! Pascal
Meunier at Purdue (CERIAS) describes
his recent experience
with this problem.
Pinch My Ride (Wired):
Insurance companies often believe modern auto "passive antitheft
systems" are infalliable, and deny theft claims since the car is
"impossible" to steal. Worse: Some Honda models apparently have a back
door (pulling the emergency brake, of all things) coded to your VIN.
Spam, Viruses, Malware
NEW Botnet worm that targets routers
NEW ARP spoofing + JavaScript insertion — one compromised host on your net can insert itself between all hosts and the router, and then inject JavaScript malware into every web page received by every browser — use arpwatch to detect
Conficker (a.k.a. Downadup) is the most significant malware seen since 2003 Blaster/Sasser.
Oct 2008, a new malware technique "return-oriented programming" which evades defenses like W^X and signed (trusted) code. Very clever stuff.
Oct 2008, a new TCP threat "Sockstress" is starting to be discussed; apparently it's a flaw in the TCP state table implementation of a whole lot of vendors, which can lead to DoS; could be quite a widespread issue.
SRI's new Malware Threat Center has stats.
New virus Kraken which uses dynamic DNS; not only can that redirect to new IPs when the old ones are shut down, but Kraken has an algorithm for switching to a new dynamic DNS hostname when the old one is shut down.
Washington Post article showing how the amount of malware is skyrocketing (look at that graph!) and AV vendors are struggling just to keep up; what a way to run a railroad.
Latest trends: Viruses that creates a free webmail account to send spam through it (apparently circumventing their CAPTCHA?), and conversely, viruses that use CAPTCHA-like distortion in attachments to prevent their email from being detected as spam. (Speaking of CAPTCHA, see elsewhere on this page for a cool article.)
Since new vulnerabilities are always coming along, 0wned computers
may get swiped by a new 0wner at any time. "The bot network industry
has become so profitable, and hijacked computers so valuable, that
rival gangs are now fighting over them."
Some of the worms in the last few years, notably
Witty
(CAIDA analysis)
and
SQL Slammer (Sapphire)
(CAIDA analysis),
have been amazingly elegant: small (fit in one packet) and quick to
saturate their targets
("flash worms").
Scary stuff. See
The 10 Most Destructive PC Viruses Of All Time.
The latest malware is stealthier and more resilient:
- Dec 2007: Article on Storm and Nugache (via the Schneier on Security blog): Storm uses P2P to hide its command-and-control (C&C) server, and fast-flux (DNS) to change the C&C server; Nugache doesn't use DNS at all, and encrypts the C&C channel — the trend is away from IRC and toward custom C&C channels (SecurityFocus article, IronPort "malware trends" article)
- Jul 2007: Honeynet analysis of the fast-flux (DNS) method that recent malware like Storm is using
- Mar 2007: Gozi trojan horse, which went undetected for over a month; harvested user names and passwords, so the authors could put those up for sale
- Feb 2007: The authors of Storm Worm
(actually a trojan horse) chose peer-to-peer protocols to avoid control chokepoints,
and are adapting the "hook" over time: storms in Europe, greeting cards, Microsoft updates, racy pictures and
club memberships and
YouTube videos and
Blogger posts and
Christmas/New Year's/Valentine's Day greetings and ... (stay tuned). Security Fix puts the number of Storm-infected machines in the hundreds of thousands; Microsoft's MSRT scrubbed Storm from 250,000+ machines in Sept 2007 (SRI CSL in-depth paper)
(SecureWorks analysis by Joe Stewart)
(summary of functionality by Bruce Schneier)
- Raising the Bar: Rustock.A and Advances in Rootkits
- Hiding the Unseen (Mailbox.AZ a.k.a. Rustock.A)
Excellent set of articles describing the history of the spam arms race, and
in particular how viruses (beginning with Sobig) have added a new dimension.
Another article with a history of recent worms and viruses (author's
perspective is that legal punishment is too rare and light):
The sender-pays method of preventing UCE, back in 1933:
10 cents to ring my doorbell
(via Bruce Schneier's blog)
[I don't believe sender-pays is a workable solution for spam, by the way]
IPv6
Alternative Energy
- NEW Micro Wind Generation
- NEW Grass Makes Better Ethanol than Corn Does: "This means that switchgrass ethanol delivers 540 percent of the energy used to produce it, compared with just roughly 25 percent more energy returned by corn-based ethanol according to the most optimistic studies."
- Google.org's RE<C (Renewable Energy Cheaper than Coal) and RechargeIT (plug-in vehicles) initiatives
Mapping
- NEW Topographical Overlay (over Google Earth)
- Mailbox Map: find a blue USPS mailbox near you, and see the pickup time — great example of a useful mashup
- Maps of War: visual history of Middle East empires in 90 seconds
- Worldmapper: maps where territories are resized to show the relative weight of population, immigration, etc. (fascinating)
- CommonCensus Map Project (influence of cities on the surrounding country)
Fun Stuff
- Stubborn "nail houses"
- In search of the click track
- Amazing Tetris play — keep watching and being more amazed — special level at the end
- Straight Up Chess — "playing with fine art"
- Fantastic Contraption (another physics game)
- Poke the Penguin (with new defenses)
- Auditorium
- The eyeballing game
- Oktapodi HQ — for those who like Pixar-style short films
- People Bucket — a physics-based adventure
- Sunny Day Sky — a happy little bear-with-umbrella game
- Boston Dynamics' BigDog robot
- Tower Bloxx: build your own (teeterin') city!
- If Star Wars had come out two decades earlier (and Saul Bass had done the credits...)
- Squirrel Obstacle Course
- Human Tetris (Japan game show)
- Cat Alarm Clock
- Bloxorz
- They're Taking The Hobbits to Isengard! (I think the cheezy Casio music is the funniest part — well, that and the look on "Stareagorn's" face)
- Quiz sites like Sporcle
- Real-life Space Invaders
- Singing Tesla Coil
- Circlo
- Tim Fort's Kinetic Art (not your father's dominoes); worth watching all the way through
- Castle Smasher (catapult)
- Line Rider
- Merry Christmas
- Goggles: The Google Maps flight-sim
- Can you exercise both hemispheres of your brain at once? (Flash; click "JOUER" (play) to start the "JEU" (game))
- Amazing 3D chalk drawings
- The mouse pointer game (Flash)
- Rubik's cube: two-handed in 10.48 sec or one-handed (!) in 20.09 sec or while lip-syncing; also proving the maximum moves required to solve any cube (currently 26)
- Optical Illusion: Big Spanish Castle
- Lemmings (original)
- Bilbana (race cars)
- Goldburger to go (Rube Goldberg game)
- Homemade
- Websites as graphs, one of the coolest visualizations I've seen in a while
- The case of the 500-mile email
- Katapult
- Animator vs Animation and Animator vs Animation 2
-
giraffe,
chase me (Hexstatic's "Master-View" album is cool),
clive the frog,
kenya,
hos,
badgers,
footy,
badgerphone
- Amateur (very clever) — Lasse Gjertsen — who had previously done Hyperactive, and a Flash version so you can try yourself
- Quartet on one instrument (a viola de gamba)
- Guitar, a la hammered dulcimer (simply amazing)
- Rad Monkey electric cowbells (they have a pickup)
- Top 10 Most Curious States of Equilibrium
- Drum Machine
- Stomp
- Yeti Sports - Yeti-Penguin baseball, Orca Slap, etc.
- Throw Paper
- Benford's Law: in a set of multi-digit numbers, numbers with "1" as the first digit occur more frequently — can be used as a way to detect fraud
- craymachine
- Warthog Launch - 40 levels
- sodaconstructor
- Credit Card Prank and
Credit Card Prank II
- Virtools
- LEGO logic gates
- Guide to Roguelike Games and
BALROG
- Animated Engines
- Google Image Labeler, the ESP Game, and Human-Computer Symbiosis
Coding
- Keeping Score: "[I]magine a simple test that you could do at the end of each day which measures the impact of your actions on your own health [...] How would you score? Would you want to know?" — "If you don't measure it, you can't manage it." (Peter Drucker)
- How Hard Can It Be?
- Poul-Henning Kamp on bike sheds (dynamics of management, civility, FOSS projects and their email lists)
- The Shlemiel way of software, Salon interview with Joel Spolsky
- 3D Graphics: Java3D, Firefox Canvas 3D extension (Mozilla/Khronos) intro, Google O3D API (for browsers)
Astronomy/Astrodynamics/Space
- All (known) Bodies in our Solar System Larger than 200 Miles in Diameter
- Satellite Watching
- Very cool: If you upload a photo of the night sky Flickr 'astrometry' software attaches labels to the photo identifying the objects in it
- Interesting civilian spaceflight initiatives:
- Google Lunar X-Prize, $20M to the first team that can land a rover on the moon
- Armadillo Aerospace (John Carmack), "working on computer-controlled LOX/ethanol rocket vehicles, with an eye towards manned suborbital vehicle development in the coming years" including the X-Prize Cup
- SpaceX, developing the 2-stage Falcon 1 rocket which first successfully launched from Kwajalein March 20, 2007; ultimate goal is deployment of payloads (satellites), and actually some of the Google Lunar X-Prize entrants may go up on Falcon rockets
- Scaled Composites (Burt Rutan), whose SpaceShipOne won the original X Prize for the first private manned spacecraft to reach space twice in two weeks ... they are working on SpaceShipTwo, a commercial version designed to take passengers into space ... sadly they suffered a fatal accident during a test in the Mojave Desert
- AMSAT-DL (AMSAT Deutschland) is working on a mission to Mars
- 100 Explosions on the Moon
- Celestia: great FOSS space simulation software
- Stellarium: FOSS planetarium software
- The Antikythera Mechanism: "amazingly accurate" 2nd Century BC metal astronomical calculator made by the Greeks
- GPS demonstrates Einstein's Theories of Relativity
- Good explanation of LaGrange points(L1 through L5)
- Everything (in powers of 10) — or xkcd's version — or How far are the stars? — or Scale Model of the Solar System in Maine — or, another way to visualize it: The Size Of Our World
- Constellations and Stars
- Astronomers have decided to make the definition of "planet" less inclusive and exclude Pluto (now considered a "dwarf planet"); I wholeheartedly agree. Poor Pluto! Interestingly though it does have three moons (Charon, Nix, Hydra)
- Astronomers were previously thinking about making the definition of "planet" more inclusive
- The proposal would have included 3 dwarf planets (Ceres (asteroid—discovered in 1801 and considered a planet at that time), Charon (Pluto's moon), and Eris (2003 UB313—Kuiper-belt)) as "planets" — so we'd have had 12 "planets" total
- Apparently the proposed definition had to do with whether the object (a) "has sufficient mass for its self-gravity to overcome rigid body forces so that it assumes a hydrostatic equilibrium (nearly round) shape" and (b) orbits a star but isn't a satellite of another planet
- But: Pluto's moon Charon would qualify because, since the center of mass of the two-body system is outside Pluto, technically they are a "double planet"
- 581 c, a new Earth-like planet found orbiting Gliese 581 (20.5 light-years away) in the Libra constellation
- Two largest asteroid-belt objects: Ceres (dwarf planet), Vesta
- Trans-Neptunian objects (Kuiper belt, Scattered disk, Oort cloud)
- Eris (2003 UB313 — formerly "Xena"/"Lila"): Kuiper-belt dwarf planet, bigger than Pluto
- Sedna (2003 VB12) — most distant object (more precisely: object with greatest average orbital distance) known in our solar system (Oort-cloud)
- 3753 Cruithne, 2003 YN17, and other quasi-moons of Earth
- Bode's Law (Titius-Bode Law), an easy way to remember the major planets' distances from Sol — holds true except Neptune
- Newton's Principia
- Solar Activity
- Solar Activity and Aurora Borealis
- Solar Activity
Hardware
Yet another reason why I love AMD's HyperTransport. AMD really shines in 4-way and larger configurations (NUMA).
My TINI site.
Fiscal Responsibility
Wireless
Broadband
Broadband Performance Testing - at home I'm getting 880Kbps on my 1.5Mbps DSL from VISI.com
Oh, and if you're in the market for a hosting provider,
RealMetrics provides some
very useful statistics
to help you sort the providers out. A friend of mine highly recommends
1&1 Internet which he uses to host
a lot of his clients.
Language
NEW MLA interactive map of 'speakers per language in the USA'
Very insightful article on why Google offers free GOOG-411, the new Android speech-search app, etc.: It's to build a large phoneme database to improve speech-to-text which will then allow them to index video (YouTube).
Sometimes Google doesn't help when all you have to go on is a phonetic exchange. From That Thing You Do: Guy: "If Jimmy's a genius then I'm [oo tahnt]." TBP: "Who's [oo tahnt]?" Guy: "He's the sec- Forget it." Try Googling "Oo Tant" or "Ou Tante" etc. and you'll get lots of pages talking about TTYD, but nothing else. Turns out the reference is to U Thant, the 3rd Secretary-General of the United Nations, 1961-1971, from Burma (now Myanmar). "'U' is an honorific in Burmese, roughly equal to 'Mister'." — Wikipedia
Language Links
- Ambigrams Ambigrams: words that can be read in more than one way or from more than a single vantage point
- Confusing Words
- grimblepritz and blurfldyick: nonsense words used in the Perl "Configure" script and autoconf, when checking how grep behaves on some platforms
- aargh, hmmm, and ahhhhhh
- Baby Name History
- Survey of "Pop" vs. "Soda", or this one
- Speech Accent Archive
- The Bad English League: Interesting site that shows how many web pages use an improper word/phrase compared with the proper one they should use. My contributions:
- "a whole nother" vs. "another whole" (one I've been training myself out of) - currently at #4. I can understand people speaking this one, but I'm amazed someone would type "nother".
- "should of" vs. "should've" - currently at #9. I realized the other day that it's hearing the "'ve" contraction that makes people learn "of". See also the "could" and "would" variations on this.
- Also try "alot" vs. "a lot".
- Omniglot: a guide to writing systems
- Apparently I am not the only one who is compelled to blurt when remembering something with regret. ;-)
Media
Science
Odd
Philosophy of the Internet
Mac OS X
Never in a million years would I have imagined myself a Mac user. But
Mac OS X has changed all that, and it's now my
primary desktop. For a long-time Unix/FreeBSD/Linux user it has everything I want: a
mature and stable
Unix operating system and the
open source software I could not do without
(security
software;
mail routers,
servers,
tools, and
agents;
languages;
web
platforms;
directory), with
a beautiful graphical environment,
multimedia viewers, and
productivity software that are to be had only with great difficulty on Linux, if at all. And then there are the
stunning extra goodies.
Web Standards
Safari 1.3.1/2.0 bug with CSS borders.
Reactions to IE7 beta 1 (from the standards perspective) from Dave Shea (precious little improvement) and Molly Holzschlag (plea for patience). That's supposed to be a smiley-face, where IE7 beta 1 runs the Acid2 browser test. Microsoft response detailing plans for IE7 beta 2. Chris has said that MS' highest goal isn't to pass Acid2, it's to work first on what they perceive the most important CSS issues are.
The conversation between WaSP and MS continues... the issue is that web developers who care about standards have been forced over the years to use "hacks" to distinguish browsers and emit standards-compliant code that works for that browser (working around bugs, non-standard behavior, etc.). Starting with IE7, the IE team strongly recommends that instead of "hacks", developers use the MS-developed "conditional comments", which Dave Shea comments on, but note that since conditional comments aren't XML, they cause trouble with XSL/XSLT. Sigh.
Dave Shea seems much happier with the latest IE7 preview, in how far they've come in addressing CSS and rendering standards problems.
David Hammond publishes the site Web Devout which tries to put some objective "percent compliant" numbers to modern browsers. He and Chris Wilson traded comments on Chris' blog related to this site; sounds like the IE beta feedback channel hasn't produced the kind of results David and others were hoping for. (I like the idea of having the community "weight" the line items on that site for importance.)
Support for standards in IE/Firefox/Opera:
Tim Berners-Lee says New Top Level Domains Considered Harmful. Good thoughts on why .mobi is a bad idea: breaks device independence of the web and URIs specifically.
An interesting article on
the way to use XHTML properly.
A little dismissive ("what's the point?") of people like me who
validate their pages but send them as MIME type text/html so they
can still be read by most UAs. Still, it gives some clarity to what
the issues are. There's an
XHTML 2.0 FAQ which
also talks about this issue, and shows a trick to get IE to accept
XHTML sent as XML, and has other good information. More about XML
"encoding" vs. Content-Type "charset" in the melodramatically-titled
XML on the Web Has Failed.
See
The non-world non-wide non-web and
State of the WHAT
for a snapshot of the W3C WHAT-WG today and their answer to XAML, and see
questions of W3C relevancy.
An article at ZDNet gives more background on XForms (W3C, enterprise vendors, needs plugins), XAML (Microsoft, Longhorn+Avalon), and Web Forms 2.0 (browser mfg. e.g. Mozilla/Apple/Opera, works with today's JS).
This site is slowly crawling its way toward
a design (cf. A List Apart)
that complies with
web standards and is
viewable with any browser,
and uses
CSS (amazing site).
Here is
a great essay explaining why. It will probably use the "Websafe Palette" that
Webmonkey
alluded to
(the "Reallysafe Palette" is a bit extreme).
Oh, and here's a
Webtechniques
article
on designing to accommodate color-blindness. See also Webmonkey.
(web standards advocacy)
Memes
"The contact lens of Sauron" — apparently this gag was done
on a "Family Guy" episode. I first heard the joke when reading these
two comments on this Schneier Blog page on border security:
So, will Boeing's "Eye O' Sauron" system designed for the Mexican border fail for the same reasons? — Sean
@Sean:
No... as long as he's got his contact lens in, we're okay.
— Anonymous
"Thanks, but snow thanks" — this sums up my feelings about further
further frozen precipitation this year.
Brent and Genealogy
My
brief autobiography
such as it is, and
our family tree,
and a somewhat out-of-date
list of genealogical links,
and the dream of visualizing GEDCOM using a hyperbolic tree browser like
this,
or maybe with
RGraph.
My contact information
