Hi! Do you remember blogs? Well, this used to be one. Now it just serves as an archive for my multiple Twitter accounts.

3 November 2008

My wrist hurrrrrts. What a counter-productive karmic punishment for my not getting started with NaNoWriMo on time.

Merde, mais où j’ai pu laissé traîner mon tube de superglu ?

4 November

Fluid JavaScript API

Fluid SSBs automatically include some additional JavaScript APIs in all browser windows that can be accessed by either webapp developers via remote scripts or Fluid users via Userscripts. This API is very similar in nature to the window.widget API from Dashboard Widgets.

Oooh. I just added « window.fluid.dockBadge = “1” » to web is pink, it’s cute. (And it also works in Cruz, as you might expect.)

5 November

The very concept of electoral college gives me the creeps.

Wow, I didn’t really think it was going to happen after all, but I ate an apple.

Ah fuck, GTA IV multiplayer is deserted.

Pimp My Mac

If you feel the need to personalize an Apple laptop with a bunch of stickers, that’s a pretty elegant way to do it. Although it looks like the circle isn’t centered correctly.

I can never believe the pictures of laser-engraved MacBooks where the engraving doesn’t take the apple into account all. And it isn’t that much better when the illustration stops with square edges wherever the source pictures happened to end.

Selection

Playing with marching ants is always fun.

7 November

Gizmodo reviews the Griffin Clarifi iPhone Case

And the macro lens turns out to work. Cool. Sure, you’re not going to pay $35 just for the stupid QR code iPhone applications (wherein “stupid” qualifies the idea of offering — sometimes selling — barcode-reading applications for a cameraphone with no macro capability), but if you feel like you need to have a case protecting your iPhone there’s just no reason to use any other one (as the Clarifi doesn’t look half bad, either). And if, like me, you’re on the fence about having a case, then the added functionality makes a good argument. As a matter of fact, I’m two bankruptcies away from ordering one online right now.

9 November

Blok Candles

Now they need compatible metal bricks, because the plastic ones won’t survive much use near a candle. Or maybe wooden bricks.

11 November

Wall-E

There’s a lot that isn’t quite good about this movie (Pixar tends to make movies that would be better if they only lasted for thirty minutes, and in this particular instance mixing CG characters and live actors was very, very wrong), but I guess it deserves bonus points for getting me to care at all about the main characters in the end.

 

The X-Files: I Want To Believe

I really wonder what’s going through Chris Carter as he writes and directs this kind of useless crap. It can’t be just about the money — he’d give us aliens and flying saucers and conspiracy if he was just whoring it out, wouldn’t he? It looks like he’s clinging desperately to the idea that his creativity is worth something; like the story should be entitled “I want to believe I’m not a total hack and I can make a good movie.” I’m actually feeling oddly empathetic towards him right now, but that’s just because I didn’t have to pay to watch this crap, and wasn’t locked in a movie theater for two hours.

Incidentally, the movie misses the distinct X-Files look and feel; wonder if it’s a failure of the director of photography, or just because every single movie these days is shot the way X-Files episodes used to be.

 

Wait… did creepy Russian Cylon abduct young girls to stick his abused gay husband’s head on their bodies?

I guess the ugliness of my invoices reflects how much I hate billing. No matter how closely related it is to getting money in the bank.

Gear’s Heart

I have a hard time believing the video isn’t CG — especially if it’s supposed to be papercraft.

12 November

Left 4 Dead (360 demo)

The introductory CG is very competently directed and paced, and quite representative of the game itself: it’s very well done and I don’t think I ever want to play it again. I was creeped out during some sections of Gears of War, mind you (it’s mostly the sound design that does me in), so I’m not going to spend time in a realistic zombie survival simulator — especially one with no shred of a plot to keep me going.

Interestingly, the first option in the menu is for online play; but I didn’t go there because I wanted to experience the game at my own pace (as in, I suck and don’t want three other players shouting at me to go faster and aim better) and in the full glory of its carefully-crafted environments (as in, without Xbox Live morons screaming and whining all around). So I can say that the graphics are good, level design is adequately confusing at first then linear once you’ve gotten to look into all the corners, and the sounds are pretty good and creepy, but I could never tell where the action was coming from (and I’m not quite sure if the fault is mine, for sucking, or the game’s). And the demo is quite long enough.

What I can’t say is how good the network code is, or how playable it is with random strangers (not much, though, I’d expect — Xbox Live matchmaking isn’t really great for co-op games), because I certainly wasn’t going to dive back into twenty or thirty minutes of dark zombie action, with no possibility of pausing or quitting before the end (without being one of those assholes who leave online games when they don’t go their way).

Fortunately, I also had the Lego Batman demo to try out and take my mind off oh my god I can hear shuffling in the stairs!

Lego Batman (360 demo)

Maybe I’m more of a Star Wars fan than I like to admit to myself: when the Lego Indiana Jones demo was a disappointment, I decided that the good writers and designers were too busy with the Batman game, but it turns out that I find Lego Batman just as boring.

I don’t know if the Star Wars universe is more appropriate to legoification, or it’s the locations that were interesting rather than the characters (while Indiana Jones takes place in generic jungle, and the Batman game has no connection with any movie), or the idea of Lego games was just more fresh at the time, but I just know that I’m not interested in this one more than I was in Lego Indy.

Plus, the messy controls and stupid co-op AI were acceptable for the first game in the franchise, but you might have expected the developers to improve on them since then.

 

13 November

New: RSS daily digests

In preparation for the possibility that I might start posting news on #FF00AA and Beware The Frog again (not that it’s in any way likely to happen) you, yes, you, my fifty remaining loyal — or lazy — readers, can now switch to a new RSS feed with only one article per blog and per day, summarizing all posts from that day (the way tweets were already presented).

For garoo.net (which aggregates all my posts from all my blogs, remember), the new feed is there; for the individual blogs, replace “index.xml” with “daily.xml” in the URL or use any modern browser’s feed auto-discovery.

 

P.S. As usual when you change something about your RSS feeds, all apologies for the bunch of articles appearing as unread in your aggregator.

iPhone for 99 €

As leaked a couple of days ago — and the 16GB version is only thirty euros more; it’s gonna be a very iPhone Christmas. (Well, except for the fact that, as far as I can tell, there’s still no way to gift an iPhone with Orange.)

A redesign for Games for Windows Live

It took Microsoft a while to figure that PC users might enjoy a PC-optimized interface rather than a direct port of the Xbox blades; but, while 360 owners are looking forward to a nice Apple-inspired interface next week with fancy avatars, Windows gamers end up with what looks like a very limited redesign that replaces the console’s visual codes with Vista style. And still no stand-alone application (which is even more jarring, now that the Live interface is Aero-based instead of coming from a parallel gaming world).

More like a “yeah, yeah, we’re still thinking about you” ping.

Clara Sheller 2.01–2.02 en streaming

Il faut croire qu’ils sont tellement contents à France 2 de la nouvelle saison de Clara Sheller qu’ils pensent que mettre deux épisodes en ligne une semaine avant la diffusion va booster l’audience. Et ils ont peut-être raison : les dialogues irréels, la voix off atrocement mal écrite, et l’histoire sans intérêt, tout ça est parfaitement fidèle à la première saison, et je crois comprendre qu’elle avait eu un certain succès.

Je ne supporte plus la fiction française. Pourquoi est-ce qu’en prime d’être mal écrit ça se sent obligé d’être mal joué ?

It’s weird that it’s so weird to see a picture of head-of-state(-elect) smoking a cigarette.

Glue Toolbar

File under “Good ideas that Facebook needs to steal, because in the current market a small start-up will never reach the critical mass needed for it to work” (although Facebook has already screwed the pooch as far as interaction with third-party websites is concerned): Glue is a Firefox toolbar that recognizes when you’re viewing a web page about a book, movie, restaurant, and so on, and displays reviews about it from your friends — and it works even if you’re looking at a movie page on Amazon and a friend of yours reviewed it while visiting the IMDb (hence the plug-in’s name). But it doesn’t work if your friends aren’t using Glue.

Investissez dans WIP : c’est toujours mieux que d’investir dans la pierre, par ces temps !

Safari 3.2

Paypal had threatened several times to prevent Safari users from accessing their sites because the browser didn’t have anti-phishing measures to prevent morons from clicking a link in a fraudulous e-mail and not realizing they didn’t end up on the real paypal.com; you can now imagine that the reason they relented on the boycott side was that Apple was able to promise them that such functionality was coming in the following months. Actually, they probably reiterated the threat rather recently just because they figured the change wasn’t coming fast enough.

The new Safari is available in Software Update, and I haven’t tried it out yet because I’d have to reboot. (And, if I sound dismissive of Paypal, I have to admit they weren’t completely wrong, and something needed to be done against phishing, because whatever you do users won’t suddenly bother to be more intelligent. It’s just that I’m biased against Paypal, even though — or all the more as — I have to use them.)

14 November

Gmail voice and video chat

It’s funny how Google Talk has completely disappeared and has been assimilated into the Gmail web interface — clearly Google isn’t so motivated by the idea of pushing desktop applications separate from the web experience. Or, well, pushing any of their secondary products at all, come to think about it.

Unfortunately Gmail voice and video chat is not available for PowerPC Macs.

Oh yeah? Well, I didn’t want to install your stupid plug-in anyway! So there!

 

Seriously, though: a restrictive plug-in just to be able to detach Flash windows from the main interface? That’s so Microsoftian.

Laura. Roslin. In. Grey’s Anatomy. Oh FUCK NO. She’s gonna ruin the mood for the BSG finale before we even get to see it.

15 November

Steve Jobs demos the iPhone

I read two mentions of “kremlinology” in relation to Apple rumors over the last week; looks like the comparison was not abusive.

When he demonstrated the iPhone in January 2007, Jobs showed the favorites management of the phone application by adding Phil Schiller to his favorites and removing… Tony Fadell (at the 5:50 mark on the video). More than eighteen months before the head of the iPod division left Apple in one of the most commented executive switcharounds of the year.

Since it was the launch of the iPhone, and everyone must have assumed at the time it was coming out of the iPod division (which it didn’t, turns out, because Cocoa Touch won over the idea of another custom OS*), nobody thought anything of it. Well, nobody outside of Apple — I guess everyone on campus knew what that was about, and Fadell just spent all of 2007 biding his time, and hoping the iPhone would crash and burn.

Google advertising Chrome

With Google, honestly, it’s hard to tell whether a project is just a “hobby,” to speak in Jobsian terms, or a definite, determinate endeavor. Probably because they never know themselves and change their minds from one day to the next.

So let’s not jump to conclusions, and just note that Google is actually shelling out real money to advertise Chrome on a third-party site, with a big and prominent campaign outside of the AdSense blocks, rather than linking to it on YouTube or mentioning it for a few days on the Google home page.

For a first try, LinkedIn is probably the best place on the web to be plugging Chrome: computer-literate users who might be tempted to try out a better browser (as opposed to Facebook or YouTube users who couldn’t care less), but don’t already know about it because they’re not authentic geeks.

 

(Oh, I guess you could motivate Facebook users to switch if you could demonstrate in a video that Chrome is the only browser that manages to load that goddamn home page in less than ten minutes.)

@wryredhead:

When people don’t understand why I use Twitter, I try to explain that it’s like a writing exercise. It takes mad skillz to stay under 40 cha

Après une bouteille entière de Destop dans l’évier, il pue encore. Help !

16 November

Gmail video chat on iChat

Oohh… didn’t try it personally, but it’s got to be true if they’re saying it is. We finally have something that can work to replace MSN on dating sites.

All you have to is create a new Jabber account in iChat and enter your Gmail address as your Jabber login […]

Server: talk.google.com

Port: 5223

Check SSL and self-signed certificates

 

P.S. A subsequent post update seems to indicate that this is just iChat video chat running on top of the Google Talk Jabber servers, which is nothing new and isn’t compatible with Google’s actual video chat. That’ll teach me to trust another blog and write about something without testing it.

Failed launch for Google’s voice recognition

On Friday morning, when Google announced its updated iPhone application, everyone was as dubious about the functionality (is there really a point in sending an mp3 to Google’s servers, and hoping to evade voice recognition errors, rather than typing a short query with your keyboard? cool as hell, no doubt, but useful?) as about the launch date — knowing the App Store’s approval process as we do.

First, let me be clear about one thing: this is a great idea, and one day, far in the future, voice input to various pieces of hardware around us might become a part of our everyday life. But right now, I’ll eat my hat if this thing is reliable enough - and we’re talking street conditions, crowded coffee house conditions; in short, normal situations - to use on an everyday basis. I bet that two times out of three Google’s software will misunderstand you and give you the wrong results. And I bet that in the end, the majority of users who try the feature out will go back to standard (virtual) keyboard input.

Google’s updated iPhone application could arrive as early as today, though we’re all familiar with how consistent Apple’s approval process is. Still, when it does arrive, Google’s Mobile App for iPhone will remain at the wallet-friendly price of free.

 

Two days later, it’s Armageddon! Apple completely screwed Google, Google is dead, Wall Street is gonna collapse!

For tech bloggers, this was bigger than Barack Obama.

Sometime Friday they found out Apple wouldn’t be pushing it, despite the fact that Google submitted it for review earlier in the week and got a thumbs up for Friday. One source says they’ve had little direct contact with Apple during the review, instead getting their updates via the standard iPhone developer tool, which has said “in review” for the last few days.

Who knows why Apple delayed the application, or why they tend to treat every application developer equally poorly. But in this case Apple really screwed up in our opinion.

I hate bloggers, and reporters alike.

Did I just read, in the same article, that Google had never had any definitive information from Apple, yet decided to announce publicly that the update would certainly come out on Friday, and now it’s Apple’s fault if the application is late?

I’ve already written and talked about how awful the App Store’s process is, but counting on predictable, reasonable release dates now, knowing what we know about how it works, makes Google double as stupid as Apple.

 

Anyway… as far as commenting on the application and functionality itself, I’m waiting for it to be downloaded onto my iPhone, just like I was two days ago. (And I wouldn’t be surprised if the updated application was restricted to the U.S. territory, like version 1.0 originally was. There was no apparent good reason at the time, but now there might be.)

Socializing Windows Live

Speaking of botched launches, I’ve kept several tabs open in my aggregator for days now, waiting for the announced Live redesign to come online — and it hasn’t.

The new profiles look nice, and it seems like Microsoft is moving globally from MySpace- to Facebook-inspired design, which can only be for the best, but why would you want to announce that before it’s online, and without giving even an idea of when it’s going to happen?

You need to pre-announce a Hotmail redesign because millions of people use Hotmail and are going to be destabilized by the most minor change (by the way, I assume the recent compulsory move to a new interface was linked with the new Live, which purports to integrate all services more tightly — at last); same thing for Facebook, with the added coolness of allowing users to beta-test the new layout months in advance. But the Live and Spaces home pages? Nobody uses those, Microsoft is wasting a bunch of blog coverage on something that isn’t online, or in beta, yet — don’t think you can entice people to check out home.live.com every week, they’re too busy checking their Facebook news feed.

Speaking of which, since I’ve been reloading my Live home page every day since Wednesday, I’ve had time to realize that most of what you may see on the new Live is already there, only hidden by a completely obscure interface. Yes, the Facebook-like news feeds are there, as are friend lists and profiles and some integration of Spaces, Photos and SkyDrive; it’s just that nobody has actually been using those, so there’s no content.

Still, one shouldn’t underestimate how a good layout and interface can make a web service gain users, especially when it’s as ubiquitous as Windows Live (everyone has an account there — well, more usually several). And you shouldn’t underestimate Microsoft’s historic capacity to turn on its heels and suddenly throw enough money and talent at a market to overcome it.

Windows Live has advantages over Google — Microsoft knows how to tie services together, whereas Google is only beginning to figure it might be beneficial — and over Facebook — Live can be as tied to Windows and ubiquitous as Microsoft wants, and probably has more users already thanks to Hotmail. The war isn’t over, it hasn’t even begun yet.

The Case for Used Games

A developer who worked on Spore (and Civilization 3 and 4) reacts to the latest anti-used-games initiatives of several game publishers (you can only get Gear of War 2’s revamped multiplayer maps from the first game, or Nintendo’s Wii Speak channel, if you buy the game or the device new, respectively) with several esoteric points and concluces with the one very pragmatic argument that I keep screaming at the top of my lungs every time I hear a publisher say that a used game sale is a lost sale:

The used games market increases the perceived value of new games.

Many factors come into play when a consumer decides if a specific game purchase is worth the money, and one of those factors is the perceived value from selling it back as a used game. In other words, people will pay more for a new game because they know they can get some of that money back when they trade it in at the local Gamestop. Importantly, this perceived value exists whether the consumer actually sells the game or keeps it. Wizards of the Coast has long admitted that the existence of the secondary market for Magic cards has long helped buoy the primary market because buyers perceive that the cards have monetary value.

To be fair, GameStop has extensively screwed the pooch, by actively deterring its customers from buying new games because they get a huge margin on used sales, and they partly deserve what’s coming to them; but, like in the music business, it’s always disheartening to hear the voice of reason coming from a content producer and now that the businessmen governing the industry are physically incapable to hear it.

17 November

Finally got started on Half-Life 2 and I’m gonna die of seasickness.

Urgent! Looking for someone to listen to me moan about how much my head hurts.

Hall House

I’m not sure you wouldn’t go all The Shining if you lived there, but at least it looks amazing.

18 November

On ne peut plus acheter de grec-frites à emporter après minuit et demie ?! Il est vraiment temps de quitter le pays.

Jerry Yang Leaves Yahoo

Yeah, all start-up founders can’t enjoy Jobsian “second comings” when they’re hired back to be CEO again.

i strongly believe that having transformed our platform and better aligned costs and revenues, we have a unique window for the right ceo to take ownership over the next wave of mission-critical decisions facing the company.

In other words: the board will shed as much blood as Ballmer demands before he considers buying the company again.

 

I love (as in: I’m gonna have nightmares tonight about this memo) that in 2008 the founder of Yahoo still adds the exclamation mark at the end of the company’s name, and doesn’t use a single uppercase letter in the entire memo. I’m not sure how exactly, but it makes perfect sense and explains a lot.

First details about Halo 3 Recon

It’s nice to see Bungie taking this opportunity to try a little something new: Recon, the Halo 3 expansion pack that’s actually a complete game and takes place during Halo 2, will have a semi-open world that sounds more like a multi-linear hub world with a few enemies in it, from where you can access four “flashback” missions to investigate the disappearance of your team-mates.

Nothing revolutionary, of course — and Bungie already tried the idea of changing characters mid-game in Halo 2, after all — but it’s still an interesting idea. Judging from the few details we have, it doesn’t sound like it would make sense for the main game to have co-op multiplayer, but the flashback missions could (along with the finale, where presumably all characters come together or something).

And, if the story is delivered through four 30-minute flashbacks, it’s really hard to imagine the game selling full-price. Which is a good thing, unless Microsoft really wants to screw Bungie and sacrifices the game.

Google Mobile

There it is: the updated Google application for the iPhone is available — you can ask iTunes or your iPhone to look for updates, or install it if you haven’t already. And it’s pretty much what you’d expect.

Voice recognition works pretty well, and it’s surprisingly fast (when it works; the application tends to hang for a bit when the servers don’t understand the query — maybe they ask the iPhone for more information then?), but it’s not very useful, and you can get results just as easily and quickly by using the keyboard. Particularly with Google offering type-ahead suggestions while you formulate your query, not to mention that keyboard-based searches return results from your address book (the Google app kinda sorta wants to be your iPhone’s Quicksilver) where as voice recognition only searches Google for now — which isn’t quite surprising, technically, but is a pity, because voice dialing is one of the most requested missing features on the iPhone. (The same day comes out “the only voice dialing application for iPhone that supports French language,” but it doesn’t have a free demo.)

Still, it’s a nice technical demo: the interface is clever, detecting automatically that you have the phone next to your ear and playing a sound so you know you can speak, and the data sent to Google’s servers is amazingly light (a couple hundred bytes — yes, bytes — as phoneme recognition is evidently handled by the application itself — so there shouldn’t be anything stopping them from adding voice dialing pretty soon). Interestingly, the system can differentiate same-sounding words by context (“bear market” vs. “bare ass” in Gizmodo’s classy example), which seems to indicate that Google isn’t recognizing words so much as comparing your vocal input to a database of all queries ever typed more than once, and how they’re supposed to sound. For better results, they’ll eventually have to tweak their search algorithms to handle homophones.

All in all, the most useful functionality remains geolocation (not sure whether it’s new to this version, or just a recent addition): if you type (or say) “pizza” or “sushi” you’ll get classic results plus a list of nearby restaurants. But the results aren’t as good (they don’t take distance into account as well) as those you can get by typing the same query into Apple’s Maps application — and voice recognition couldn’t understand “Starbucks.”

Which means that, if you can speak English with a vaguely American accent, you just owe it to yourself to install Google Mobile, and park it with those other applications you only keep on your phone to wow your iPhone-less friends.

 

Incidentally, that implementation of voice recognition that would be much more interesting on a Google/T-Mobile G1 phone, which doesn’t have a virtual keyboard and requires sliding the screen out and switching to landscape mode whenever you want to type anything. And, on the G1, voice recongition could be available directly from the home screen, and not restricted to a third-party modal application.

Did they think of having an API-accessible proximity sensor on the Android specification?

Numberkey Transforms iPhone Into Sweet Wireless Numberpad

It’s silly and unusable, but it’s so cuuuute!

MacBook Owners Enraged As Apple Blocks Some Displays

We already knew that the other “advantage” of switching to DisplayPort was that this standard includes HDCP (which is, basically, DRM on your TV cables), so owners of new MacBooks shouldn’t be surprised that their laptop uses it; there is a surprise, though, in how many of iTunes Store downloads include HDCP — and you can play them from an older Mac onto any secondary screen, but a new MacBook will only play them on the internal screen or the upcoming 24-inch DisplayPort Cinema Display.

People are reporting this on non-HD movies though. That seems likely to be a bug. No studio should be enabling HDCP on SD movies. I doubt that it is intentional.

Considering that iTunes gleefully ignores HDCP if your computer doesn’t handle it — and that Apple’s only HDCP-compliant monitor is only now beginning to ship — it’s hard not to see that as a bug that’s going to be fixed.

But then, in the world of DRM, there’s no such thing as common sense.

Dexter 3.08

I never thought the show would manage to recapture the creepiness and strength of the beginning — I’m not even sure it ever was that creepy to begin with — but I still can’t believe how great an addition Jimmy Smits has been.

19 November

Alan Moore / Dave Gibbons, Watchmen

Wow.

I feel like I just attended a master class in storytelling and screenwriting… and most of it was way over my head.

 

I’m not going to say anything more about it other than it is just an unqualified masterpiece, and of course you absolutely need to have read this before the movie comes out. Nevermind that the story is so dark and gritty and at times bone-chilling that I can’t imagine a Hollywood flick living up to it; Watchmen is the first comic or graphic novel where I didn’t flip the pages quickly, at reading pace, as if it were a storyboard, and I think Moore is spot on when he rejects the very idea of an adaptation (well, now that I’ve read him, I realize he’s evidently smart enough to know what he’s talking about):

Moore told Graydon about his response [to Terry Gilliam], “I had to tell him that, frankly, I didn’t think it was filmable. I didn’t design it to show off the similarities between cinema and comics, which are there, but in my opinion are fairly unremarkable. It was designed to show off the things that comics could do that cinema and literature couldn’t.”

Moore also told Entertainment Weekly in December 2001, “With a comic, you can take as much time as you want in absorbing that background detail, noticing little things that we might have planted there. You can also flip back a few pages relatively easily to see where a certain image connects with a line of dialogue from a few pages ago. But in a film, by the nature of the medium, you’re being dragged through it at 24 frames per second.”

“Why the Drudge Report is one of the best designed sites on the web”

Many news sites have lost their balls. They’re afraid to really call out one big story. They may have a leading headline, but it’s not all that obvious or different from the others. It may be a font size or two bigger, but it’s not confident. They hedge. Drudge, on the other hand, says “this is the story of the moment” with a huge headline.

The site feels like a chaotic newsroom with the cutting room floor exposed. I think that’s part of the excitement — and good design.

Sometimes he will post an email or a memo on his site, but it’s 99% links out to other news sources. […] This is one of the secrets to building traffic: The more you send people away the more they’ll come back.

 

Of course, it’s a post on 37 Signals, who have a thing for minimal design.

Google Mobile cheats the iPhone’s public API

Wondered why there aren’t more iPhone applications using the proximity sensor to detect when you want to speak to them? Well, that would be because the corresponding API functions are undocumented.

As in, you’re not supposed to know about them; you’re not supposed to use them; Apple is not supposed to accept in the App Store an application that uses them.

Not that I think it’s a big deal (the iPhone SDK is still relatively fresh and unstable, which is the main reason why some functionality may be restricted; and I don’t find it horrifying that Google might get a bit of preferential treatment, as they are a partner providing integral services to the iPhone), but it’s an interesting tidbit. And maybe I’d actually be outraged if I’d shelled out the $100 to be an iPhone developer.

 

Plus, they can’t really prevent third-party developers from using that API from this point on, right? Yeah, right. Of course they will.

New Xbox Experience

Well, the new Xbox 360 interface is here, and it’s… horribly, literally painful. Not the installation — which was surprisingly quick and straightforward (I originally hesitated to rush and install it, but there have been so many people invited to the preview, with little or no complaints, I figured it must be reliable) — but the interface itself.

I don’t know if it’s my brain, or my screen (I’m using a 17-inch 1280x1024 computer monitor), or my sustained caffeine overdose, but I’m having a tough time with my console right now: Half-Life 2 already made me cower in the darkness and claw at my brain with an ice pick (that’s a known feature, apparently due to the game’s unusually narrow field of view), and now the 360’s interface itself makes me howl in terror.

Once again: literally.

Can’t describe what’s going on exactly, but when I’m scrolling horizontally through panes, there’s something in the way they move that my brain perceives as just wrong — it’s not so much seasickness, like in Half-Life 2, as witnessing a rip in the space-time continuum. Simply something that makes my eyes and brain explode. It’s most evident when scrolling through tall panes (e.g., paging through game details in the marketplace), and I have yet to find anyone having the same… eh, Experience in the blogs and messageboards.

So I’ll just move on to my other nitpicks.

Before I got to screaming and having to look away from the screen whenever I navigated through the interface, the first thing I encountered (dismissing the very pretty intro video that a menu item helpfully offers to replay at any time) was avatar customization… and that was also a disappointment. Or more like a return to my original impressions.

First, the music: considering how much Microsoft has been mocked for imitating Nintendo’s miis, you’d think they’d try to steer as far away from them as they could; instead, the music that plays when you’re customizing your avatar is blatantly, shockingly Wii-ish. I can’t imagine how anyone would have decided that was a good idea.

Second, customization: much more limited than I imagined. As low-tech as the system is, mii faces are almost infinitely customizable because you can move, resize and rotate each feature; no such thing on the 360. It makes sense for the nose and ears to be more limited, because they’re more complex 3D models, but you can’t modify the eye or mouth placement, and you can’t play with textures. Even hair colors are limited to natural hues (although that part will undoubtedly be “fixed” with marketplace downloads), and while you can change your avatar’s height and weight, you can’t make it more or less muscular — not that they could be any less muscular than they already are. And, yeah, that’s both the whole point of the idea, and the biggest flaw: they definitely don’t look Xbox-like at all.

I mean, they’re launching at the same time as Gears of War 2, for crying out loud.

Not to say that I don’t like the new interface: I always thought that it looked good, and I still do (here’s hoping my brain and eyes will eventually get used to it); it looks much more approchable and attractive, although it isn’t that much better organized than it used to be (but it’s more responsive, and you see more of what’s around at a glance, which is good).

I can’t say how good the new party system is, because I don’t play online that much; installing games to the hard drive doesn’t do much for loading times, but I already knew that from Eurogamer’s benchmarks (and at least that means I can be content with my 20GB hard drive); custom theme previews are still amazingly insufficient in the marketplace (the coolest feature is the special backdrops in the friends list, and they’re not previewed); and you’re now able to schedule marketplace downloads from the web, but it doesn’t work right now (and I’m not sure whether it’ll require Silverlight, or that’s just a home page animation).

In conclusion, the new dashboard may bring more disappointment than satisfaction for existing users; but I think it makes the Xbox prettier and friendlier to new users, by removing much of its computer-ness (now they only need to have a downloadable patch that makes the box nicer, too). A clear win.

Qui veut une Xbox 60 Go pour 180 euros ? (Un mois d’âge, peu servi, pas la mienne.) Pour les beaux jeux HD et me tenir compagnie en ligne.

Let Me Google That For You

Heh.

 

After all, give a man an answer, and he’ll come back tomorrow asking for more. Teach a man to search Google, and you’ll have to offer tech support when he ends up downloading malware while cruising shadier purveyors of adult entertainment and file sharing software.

20 November

Gmail themes

Of course (what with Google’s rolling rollouts) themes aren’t available on my account yet, but some of the screenshots look really nice and/or fun.

I really don’t want to whine right now and about something like this, but… come on, Google! Some consistency? Please? Many Gmail users are also Google Reader and, of course, Google users; don’t you somehow think it would make some kind of sense for your different services to look alike for them?

And sorry about the abuse of italics, but it’s supposed to convey the pleading you can’t hear in my inner voice right now. The way Google operates, as a conglomerate of loosely integrated, separate start-ups, is exhausting to watch, really.

Mirror’s Edge PC

The PC version of Mirror’s Edge will be optimized with the PhysX technology NVidia bought; the visual improvements, with particles, smoke, and plastic curtains, are of course a little gimmicky, but very cute — and they give the game’s universe a little of the depth and authenticity that it tended to miss.

I’m not quite sure whether the improvements will be available to all NVidia card owners, or only gamers with a second, dedicated NVidia card on their system (or PhysX card), but I’d assume the latter. And methinks the PS3’s CPU must have had a couple unused cores that could have been given the same task. That’s what the Cell processor is supposed to be good at, after all.

Listening to the NPR piece about Tesla, I wonder: are there electric car prototypes in Apple’s labs?

Augmented reality in Flash

I wasn’t going to test it, because you’ve got to print a special symbol and my webcam is crap and CPU-intensive Flash applications are a pain on my computer, but I just couldn’t walk away from the page without checking, because I couldn’t believe it actually worked and I had to try.

And it actually works and you absolutely need to try it for yourself.

So you print a symbol (with a big black outline and “Hiro” — for some reason — written on one side to indicate the orientation), authorize the Flash app to access your webcam, and present the symbol to the camera. Bam! an animated 3D monster appears.

There’s nothing extraordinary about the technology (it’s been presented in digital imaging showrooms for twenty years, and Sony uses it on the PS3’s Eye of Judgment game), but what amazes me is that it’s working in a Flash app — no additional install necessary, nothing.

Of course, on my iMac I only get 5 to 10 fps with 100% CPU usage, but that isn’t that much different from what I get just displaying my unmodified webcam image in Flash. And nobody uses an iMac G5 anymore. (Hint, hint, jingle bells.)

Some info about the GTA IV DLC

For some reason, the long-awaited information is coming out through USA Today — and there isn’t much to go by. (Oh, wait, I know why: because Rockstar can get an article in USA Today, so why the hell would they not?)

First, a date: February 17th. Which is close enough that you could expect development is advanced enough the DLC won’t be more than a month late.

Second, a price: not. Of course they’re not going to tell you yet.

Third, the contents: basically, we don’t know anything beyond the confirmation of a long-standing rumor (actually, I’m not so sure — was it a rumor or officially confirmed?), and the first screenshots; the DLC will abandon Niko and focus on a member of the biker gang “The Lost” (which was encountered in the GTA IV story), and… well, and that’s pretty much all we know. But there are pictures and, at least, he’s not a bearded cliché of a biker. More like a leather-wearing Niko doppleganger kind of cliché.

Oh, and there will be new multiplayers, which, duh. Here’s hoping you can finally choose not to end up with aim-assist enabled in ranked matches.

Google Kills Lively

I’d like to say that it’s slightly suicidal to launch a product like Lively today with no Mac version — many early adopters, bloggers and buzz makers are using MacBooks now, and won’t open a Windows session just to chat in an even less functional clone of Second Life.

But, really, it’s not like it ever made sense for Google.

 

Lively didn’t offer Google any relevant data. And that, ultimately, is what killed Lively.

The world of Google — everything on which Google focuses its time and effort — is built on relevant data. A portion of that world involves making that data searchable. But the far more lucrative portion of that world involves analyzing how users are accessing that data and finding ways to monetize those behaviors.

 

 

21 November

Pushing Daisies R.I.P.

Fucking philistines.

[ABC president] Steve McPherson called me, and said ’We gave it the best shot we could.’ […] We are talking to DC Comics about doing comic books that will wrap up our storylines, and I already have a pitch for a movie ready to go.

Oh, yeah, because, obviously:

Production wrapped this week on the show’s thirteenth episode, which will end with a cliffhanger.

Goddamnit.

Apple re-invents the 90s

There’s one thing I miss from my 1998 Nokia 6110, and it’s not the metallic purple/green paint: you could just look at the screen whenever you wanted and know what time it was and whether you had new messages. It’s been bugging me for years that those fancy modern phones with pretty, shiny color screens had taken such a dramatic step back in usability, and most people didn’t seem to care one bit (with only a few clamshell designs adding a tiny external screen to that purpose).

Well, it must be bugging some Apple engineers, too; they have patented the idea of cutting icon-shaped holes in the screen’s primary backlight, and putting LEDs behind them that will turn on, and possibly blink, when the backlight is off and you have new incoming notifications.

I was initially going to write that this was one of the new functionality that would make you want to buy the 2009 iPhone, but come to think of it I’m not so sure it’s not just a case of patent trolling: it seems to me that cutting holes in the screen’s backlighting will require a lot of engineering to retain homogenous lighting over the whole screen (looking at my iPhone last night in the dark, I realized what a feat it must already be to achieve such perfect lighting on such a big screen and such a thin device), whereas it would be so much simpler to just put a couple blinking lights above or below the screen, near the speaker or Home button — at least as long as the iPhone is bigger than the screen itself.

Which reminds me: why the fuck aren’t there blinking lights to notify of new messages already? (Answer: because some Apple engineers care, but Steve doesn’t.)

iPhone 2.2

Here it is, and it presumably requires updating iTunes first.

  • Street View works fine, but I’m not quite sure how usable, or useful, it might be: sure, you can check out what your destination is supposed to look like, but moving along a street yard by yard is so slow and frustrating, you’re not going to do much with it (I guess where it really shines is when streets or roads are not labeled).

  • Public transit directions don’t work in Paris (unsurprisingly); walking directions do, but they don’t seem to interact with Street View, which is too bad.

  • The new Safari address bar feels awkward just by virtue of being different; more importantly, Google searches still don’t send you to the iPhone-optimized results.

  • Downloading podcasts on the iPhone is definitely cool; what’s cooler yet (and couldn’t have been known before iTunes was updated, I guess) is that, when you sync your iPhone back, those podcasts appear in iTunes with a “subscribe” button.

  • And, finally, you can disable auto-correction on the keyboard. I’ll have to test it over a longer period of time, but from my first tries it feels like it’s really worth having to type a little more slowly and be spared the obnoxious false corrections (which I think might be more of a problem in French than in English). Disabling auto-correction also seems to disable the magical “I’ve invisibly made this key smaller because I don’t think you wanted to press it, Dave” functionality, which is a relief because I anticipated they might forget to do that.

 

Street View and the other new Maps functionality aren’t included in the iPod touch upgrade, and I’m not surprised at all: that’s perfectly in line with Apple’s idea that the Touch can’t be given new functionality after it’s been sold, for accounting reasons. I’ll just never, ever understand how it made sense for anyone not to use the same accounting rules for the iPod touch as for the iPhone and Apple TV.

Google SearchWiki is live

…and I’m not the only one not seeing the point.

 

So you can post comments about websites. Woohoo, the web needed that so much. (Incidentally, they’re supposed to be public, but I couldn’t find what I’m supposed to do to see other people’s comments.)

And you can rearrange results… but the ranking is only affecting your own search results (at least for now; but it’s so easy to game I don’t see how they could get any significant data from that). I guess you could see a tiny benefit if you’re the kind of person who uses Google in lieu of bookmarks, but then the “I’m feeling lucky” button doesn’t even acknowledge your personal ranking (at least for now, again).

Still, you can press the “x” to remove a page, and I guess it’s always nice to vent your frustration at an unrelevant search result by deleting it, but…

Oh, right, so it’s a placebo?

22 November

Someone just rewrote the entire internet this afternoon to say that the “h” in “hour” is 100% silent.

Ow ow ow ow. So that’s why I had stopped wearing those shoes. Shit.

Sony Vaio LV

I don’t care about Sony’s iMac knockoff anymore than you do; I just wanted to note that it has a trackpad on the keyboard. Glee! Apple, are you paying attention?

Okay, of course they aren’t — but they’re so in love with multi-touch technology these days, it’s not beyond the realm of possibility that they might get to it one day. Only if Steve Jobs has a non-MacBook computer either on his desk or in his living room.

Remove your MacBook’s battery, lose 40% of its power

I couldn’t believe this, but the knowledge base entry is real: if you take the battery out of a MacBook or MacBook Pro (not sure is strictly all models are concerned, and the entry dates back to August 2008), the processor speed will be reduced.

This prevents the computer from shutting down if it demands more power than the A/C adaptor alone can provide.

I guess it may make some kind of sense, from an electrical engineering point of view, but unless you’re using a MacBook Pro on a MacBook adapter (in which case, if I remember correctly, the battery was known to take eons to charge) it seems like the problem would be pretty rare — otherwise you’d have heard by now of lots of people draining their battery by watching HD video on their MacBooks while connected to a power outlet.

And it seems to me that there could be much more elegant approaches to that edge case than forcefully and secretly cutting down 40% of your computer power when all you wanted to do was extend the life of your battery, and avoid having it explode on your desk in the middle of the night. (Although I think batteries are basically just as likely to blow up even when removed from the computer. You can’t stop progress.)

It’s just a little bit counter-intuitive that you can set your CPU to full power while on battery alone, but it will slow down without warning if you’re on A/C alone. Or maybe the system does reduce CPU speed while on battery, regardless of what energy settings you’ve chosen? After all, the Mac knows best.

More colors for your Xbox avatar

If you remain on the “Change my features” menu long enough, the hair icon will rotate; select it immediately and you’ll hear a chime and be able to choose from a dozen additional hair colors.

Wuh?

Okay, it’s taken me a while, to figure out what was going on: Microsoft thinks the avatars are a cool functionality (most people seem to agree to disagree). And that additional hair colors are a cool treat (more interesting facial features or clothes would be much better). And that the combination of both makes waiting for a minute in front of the avatar screen, doing nothing but listening to the dreadful Wii music in the background, ready to pounce on the “A” button when the icon rotates, a cool Easter egg.

I’d posit that it’s not.

And the colorful colors are dull.

 

By the way, Microsoft has confirmed that the forthcoming avatar updates, bringing new clothes every two weeks until the Avatar Store is available next spring, will be free. As you could already have inferred from the fact that there would be new clothes, but no Avatar Store yet. Hence the “confirmed.”

@texburgher:

FINALLY iPhone 2.2 lets me tirm off spellchrckrr, its abput fucking tome.

I think I’ve screwed up my haircut.

Louis vs. Rick

The saga of a man who taught his cat how to use instant messaging.

 

23 November

Of approving applications

Two concurrent stories that should surprise nobody who’s ever really thought about what it means to have a service going through all submissions to decide what’s acceptable for publication — no matter what the criteria are.

[BdEmailer] is the “the first wide email iPhone app that supports client SMTP.” That means, in essence, that it duplicates an exact function of Apple’s Mail application on the iPhone and touch. That’s kind of a huge deal, because up until this point we’ve been led to believe that this duplication of functionality is one of the company’s red flags when it comes to approval. […]

Apple… what the hell is going on? You refused MailWrangler and Podcaster for similar reasons, yet BdEmailer passes through your review process, SMTP functionality intact?

I have this friend who submitted an application to Apple for review. After a few weeks, it came back with one of those embarrassingly stupid rejection letters that said more about the person reviewing the application than it did about the application itself. In a nutshell, the application violated one of those user interaction rules that seem to exist in certain pompous minds rather than in the actual Apple Human Interface Guidelines. […]

After a day or so of calming down, this person decided to go ahead and resubmit the application. And did so without making a single change to the application. […] If you think for just a second, you’ll figure out the punch line, and you’ll be right: that application was accepted into the store, exactly as is, without any changes whatsoever.

Eva Funderburgh

Eva Funderburgh is a ceramic artist located in Seattle, Washington. Coming from an education in chemistry and sculpture, she has focused herself on making strange whimiscal clay creatures. She works on exploring the colors natural to the clay and the finishing process of woodfire, and strives to present creatures that equally mix whimsy, mischief, and threat.

@texburgher:

Has it occurred to anyone else that a great start to NaNoWriMo would be to stop abbreviating the damned thing??

@jkottke:

If I live 170 years, I still won’t understand how to fold a fitted bed sheet. It’s like you need an extra dimension.

Laundry day

By the way, all my stalkerish fans will be glad to learn that I’m gonna be seen at the local laundromat sometime during next week. Prepare yourselves!

The Mist

That’s funny: I was perfectly sure it was an awful movie, mostly because I completely confused it with the remake of “The Fog”, and whenever I didn’t confuse it (by virtue of it not showing Ashton Kutcher Tom Welling on the trailers and posters) I reverted to my general prejudice against stories adapted from Stephen King.

But it’s not a horror story — well, it is a horror story, but about people, not monsters. So how could I not approve of such a formidably misanthropic movie?

The director revised the ending of the film to be darker than the novella’s ending, a change to which Stephen King was amicable.

Yeah, I’ll bet it’s darker than what King wrote. (Although I was surprised to find out that the preacher woman’s fate is the same in the book.)

Even if I need to sleep with the lights on for all of next week (I said it’s not about monsters, not that it doesn’t have those specific monsters and the accompanying scenes I don’t ever ever ever want to see — I’m gonna have to torch my hard drive to make sure they don’t come out of the deleted AVI file), and even though the… uh, twist ending is a bit too much, really (and that entire part is much better written than directed anyway), it’s all worth it.

Does “Add This Tweet to Favorites” work in Twitterific for anyone?

24 November

Has the night always fallen so early? 5:30 is a little… caricatural.

The iPod touch 25% faster than the iPhone?

The most clear difference is that fact that the iPod Touch’s processor was quietly boosted to 532MHz (up from 412MHz) with the 2nd generation model introduced in September. Meanwhile, the iPhone 3G, Original iPhone and 1st Generation iPod Touch continue to run at the original 412MHz.

Hmm.

I guess it makes sense to limit the iPhone’s CPU speed in order to extend battery life, but what puzzles me is why Apple wouldn’t limit the Touch to the same speed, if only to preserve some sort of consistency across the platform.

Are they really serious about making the iPod touch a gaming device? Or are they just using it to beta-test the 532MHz processor?

It seems that there are additional factors, however, as there are performance differences even found between the models that run at the same speed. […] Due to the heavy 3D nature of his game, Fessler speculates the GPU speeds could have been tweaked as well, but there is no hard evidence of this at this time.

If anything, that changes my perspective on the rampant speculation that Apple would be planning to design custom CPUs for future iPhones: I thought they’d try to avoid segmenting the platform any more than they absolutely needed to, but it now seems entirely possibly that they don’t give a damn about that.

How podcasts work with iPhone 2.2 and iTunes

Selecting “get more episodes” launches mobile iTunes and usually brings up the podcast in question. This doesn’t always work if the naming of the podcast in the iTunes subscription differs from that on cloud iTunes (the Store), or if the podcast is one of the three or four that isn’t listed in the cloud iTunes podcast directory.

I hadn’t realized (because I hadn’t tried the “Get more episodes…” button, but only subscribed to a new podcast straight from the iTunes Store) that the iPhone 2.2 had no concept of what the podcast’s feed URL was, and was only sending you to a title-based search on the Store.

And I disagree with the writer’s assertion that it only affects “the three or four” that aren’t listed in the iTunes Store. The point of podcasting and RSS is that it’s free, as in beer and speech; so far, iTunes was a decent RSS aggregator, allowing you to subscribe to any podcast feed — yet now Apple is relegating unlisted podcasts to second-rate citizenship, punishing their subsribers who want to listen to them on an iPhone or iPod touch.

Some people may have a good reason not to submit their podcast to the iTunes Store (not everyone is trying to get thousands of listeners, after all); besides, some podcasts can actually be rejected for offering “questionable content.” I can’t see any good reason for those to be excluded from over-the-air downloading, when iTunes could just as simply give the feed URLs to your device.

That’s monopoly abuse of the worst kind, that doesn’t benefit Apple in any way but is just born of the developers’ laziness.

 

Oh, and the Ars article also points out an interestingly related missing feature of the iPod application: it only displays podcasts for which you already have episodes on your iPhone. If, like me, you delete episodes immediately after listening to them, your device won’t allow you to download new shows from those “empty” podcasts; if you’re away from your computer, you’ll have to remember the podcast’s name and search for it in the Store.

Obamafy

I’ve never managed to get a .qtz plug-in to work in Photo Booth or iChat (presumably because I don’t have an iSight), but this looks cool.

And you can probably use it to make interesting variations in Quartz Composer.

TaskPaper 2.0

No matter how clever it is (screencast here), it’s just a text-based task manager, and $30 is a tiny bit steep for that.

I’m still waiting for my ideal task manager that lets me easily embed attachments of all kinds and formats right into my tasks, and read them back easily, all in a simple, streamlined interface.

Fuck winter. I wanna move to Fort Lauderdale too.

True Blood 1.12

Well, that was that, then. I don’t know whether Alan Ball is bogged down by the weight of the original story (which, judging by Wikipedia’s short summary of the books, isn’t getting any better down the line, and is uncannily reminiscent of what I’ve read all this week about the Twilight series — i.e., supernatural Mary-Sue fanfics) or he’s just out of his depth, and nobody will ever know if another actress could have saved Sookie or she’s just written that way (still judging from the summary, it definitely looks like she was), but the upshot of it is that it doesn’t work, it’s not interesting, and I’m not particularly happy that I watched this show. Except for the naughty bits, obviously. And discovering Michael Raymond-James, my future husband.

It doesn’t look like there’s much of a chance of next season being cancelled and Ball getting back to doing what he knows best. Damnit.

A new/renewed Gmail security flaw?

The mis-reporting of this story is killing my brain cells right now. So a couple people got their domain name stolen, and held for ransom (that seems to be a popular sport, I probably shouldn’t tempt fate), because the thief had somehow installed a filter on their Gmail accounts that forwarded and deleted emails from their registrars — stealing a domain name is easy that way, you just need to intercept password reminders and confirmation requests and you’re done (that may depend on how thorough your registrar is, but there isn’t all that much they can do… it’s just that password reminders are evil, but users expect them).

The article most linked is a guy imagining how it might have happened, and I can’t get over the fact that so many reporters link it without thinking. Nevermind that the proposed “proof of concept” requiring knowing the target’s numerical Google account identifier (I’m willing to believe there is a way to find that out, but it definitely involves targeting a specific person, which is anything but efficient); the author also needs your session key to form a complete URL:

Obtaining the at variable on the other hand can be done by tricking a user into visiting a page that contains malicious code that subsequently steals a cookie from the user called GMAIL AT which is the same as the at variable, just named differently. Once the cookie is stolen the malicious code creates a hidden iframe with a url containing the variables that authorize Gmail to create a filter for your account.

As simple as that. Only it’s not. There’s just a tiny, silly bit of security in modern browsers that prevents web pages to access an external site’s cookies. I’m sure there are still a few Explorer 6 installs around the web that are vulnerable to some kind of cookie-stealing exploits, but they ought to be fairly rare — and those users deserve to have their domain names stolen anyway. (Plus, they’re using Hotmail, not Gmail.)

But you don’t just create “a page that steals a cookie from the user”; when that kind of thing happens, it’s called a brower vulnerability, not a bug in Gmail. If you want to steal someone’s cookies, what you do is intercept their wi-fi connection. (Which isn’t what the attackers did in that case, either; more about that in the rest of this article.)

For the record: I don’t care that an invididual blogger doesn’t understand cross-site scripting and writes like he’s an authority on browser security; I mind that all technology blogs and news sites link to his post indiscriminately.

 

That leaves us with the original post, from the guy who did get his domain name stolen. I’m willing to accept that the attacker didn’t just have his password, even though the most successful hacks often involve social engineering, but I’m interested in this part of his post, where he quotes an article about a 2007 Gmail vulnerability involving filters:

This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.

Now, the interesting part is that update on the above GNU Citizen link states that vulnerability was fixed before 28 September 2007. But in David’s case, the incident took place in December, 2-3 months later. So, was the exploit really fixed back then? Or was it a new exploit in David’s case? And most importantly is there a similar security flaw in Gmail NOW?

You know what? I don’t want to insult your intelligence, and this story is already bugging me enough as it is, so I’m just going to let you find out how the logical flaw that resides between those two paragraphs, without adding my own emphasis.

I’ll list as aggravating evidence the fact that the author’s first tip for fellow domain name owners and Gmail users includes: “Also make sure to disable IMAP if you don’t use it.” Because, yeah, that will totally make your account safer from Javascript-based attacks. (And half the blog posts about this event also copy-paste this bit. Good grief.)

 

And I’m not saying here that it’s impossible that a cross-site scripting vulnerability might be back on Gmail; it’s just that I haven’t seen much reason to think that there is, and I’d be willing to assume that whatever anti-XSS measure Google implemented shouldn’t have suddenly disappeared from the site — even though regression can happen to anyone. What I’m reacting to is not the accusation against Google, but the way it’s quoted verbatim all around the board. Not that I should be surprised, by now, but I can’t help myself.

 

The moral to this story, though, besides “those damn technology reporters could fact-check if their life depended on it,” is that you shouldn’t use web-accessible mail accounts for anything remotely important (domain names, PayPal or bank accounts, etc.) — well, you shouldn’t use clear-text email at all, but you can’t really avoid it. There will always be security flaws everywhere, and having a web interface is only making yourself more insecure.

And you should totally log out of Gmail when you’re done reading your mail. Like, do as I say, don’t do as I do.

25 November

Dead Space (360 demo)

Um… yeah. That doesn’t look like a level cut from the beginning of the game; I’m getting mauled, killed, and frustrated by the weapons, although maybe I’d have gotten used to them if difficulty had been ramping up more progressively.

So no rating from me here; I’d say it’s a bad demo that doesn’t say much about the game itself, but then it’s never been a game I actually wanted to play, so I wouldn’t know.

Damnit, it’s happened again. I turned around for a minute, and now it’s night time.

Student Writes to Steve Jobs, Gets Free Final Cut Studio 2

Gee, Steve Jobs has to be fiercely bored these days.

I don’t wanna work / do the laundry / do the dishes / work out / stay home alone / go out / meet people / be in France / move / live / die.

“Dumbing Down the Cloud”

Just to grab me, you have to:

  • Make it look and feel like magic.

  • Work flawlessly in the first 10 minutes. If you can’t survive 10 minutes of critical analysis, I’m gone.

  • Provide additional, unexpected awesomeness.

A nicely argumented writeup of Dropbox, the excellent (and excellently free) file sync / web access solution that will very unfortunately and undeservedly get slaughtered by Microsoft Live Mesh and whatever half-baked solution Google will launch at some point. (Notice how I didn’t include Mobile Me in the list?)

In the mean time, do install it, and welcome to the future. That way at least you’ll know what you’re losing in a year or two, when you’re dragged to another, more famous service by your clueless social circle. (Or when Google buys out Dropbox and proceeds to sink it.)

PC gaming still has a thing to say

First, Bethesda’s announcement of a free “Garden of Eden Creation Kit” (which I know is a clever name from reading about the history of past Fallout games) that will let owners of the PC version of Fallout 3 “[build] landscapes, towns, and locations [along with] writing dialogue, creating characters, weapons, creatures, and more.” Not that the concept is new (I needn’t tell you that the modding community is pretty strong… and wasn’t there something similar for Oblivion already?), but it’s enough to make some gamers regret buying the console version (in which case, they should probably have known better from the start).

 

Second, a demonstration video of GTA IV PC’s video editor, which seems quite full-featured and streamlined (the only drawback being that I don’t think you can record more than 30 or 40 seconds of footage at a time — from everything I read, you can’t just say “start recording now,” but only save a buffer to disk, which is more appropriate for FPS post-game debriefing than a machinima creation engine).

There are going to be a lot of “home movies” taking place in Liberty City next year. And I’m wishing so very hard right now I had a PC. A good one. (Although I’ve been disappointed by the few editor-made videos Rockstar released last week; the graphics don’t seem any better than the console at all.)

Si tous les blogueurs socialistes convainquent Royal qu’elle doit monter son propre parti, le PS peut encore avoir un vague futur.

26 November

Set Mail’s sending account via keyboard shortcut

I’m never going to bother (I always forget to set the right e-mail account when I send a new mail anyway, adding a keyboard shortcut won’t change that), but you can magically set shortcuts for your e-mail accounts in System Preferences, as if the account drop box was just a menu.

I wonder if that could work in other places where you wouldn’t expect. Can’t think of one where it would be useful, off the top of my head.

Google Assures Gmail Perfectly Secure, Users Stupid

With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords. […]

Several news stories referenced a domain theft from December 2007 that was incorrectly linked to a Gmail CSRF vulnerability. We did have a Gmail CSRF bug reported to us in September 2007 that we fixed worldwide within 24 hours of private disclosure of the bug details. Neither this bug nor any other Gmail bug was involved in the December 2007 domain theft.

And I see no reason to doubt any of this. Like I wrote in my comments about the news coverage, the simplest and most efficient way to hack anything has always been social engineering; it’s much more efficient to harvest logins and passwords in bulk and check out who owns domain names than to set up hidden filters on every Gmail account you can possibly hack and request random GoDaddy password reminders, hoping to hit one of the accounts you’ve hacked. Or, even less efficient, target a specific domain owner.

The hidden forwarding filters weren’t the essence of the hack; they were just set up as a convenience, so that the attackers would minimize the time they had to spend logged in on the web interface, and to make sure that the victim wouldn’t also receive the transferral confirmation messages through POP, IMAP, or accidentally opening their Gmail page at the exact right moment.

 

By the way, Gmail does favor that kind of hacking in that it never deletes an e-mail unless you insist very hard; so that an attacker with access to your archive is sure to find out whether you have domain names, and where. Chances are they’ll even find a password reminder in there without having to request it. Assuming your registrar password isn’t the same as your Google account, of course.

And Google is also contributing to Gmail fishing by using the same credentials on all their sites. It’s bad enough that social networking gizmos ask for your Google or Hotmail password so that they can “conveniently” read your address book; the more legit, distinct services exist where you are supposed to input your Google credentials (including App Engine sites), the more easily people will give them to anyone who asks.

 

Now… should I be scared that the “google-hosts.com” example given in their blog reminds me of something? Or is there a legitimate address that sounds like it?

I don’t usually type my passwords when I have any doubt on who’s asking (I even changed my Twitter password after I found out that an iPhone application stored it on the developer’s server without warning), but nobody’s above making a mistake sometime.

And, I, like, totally change my Gmail password every week. No, every day. Like, I’ve always had an iCal alert reminding me to change it every six hours (along with my domain name passwords, server access credentials, and credit card number).

 

You know that all the passwords in the world are useless if you’ve truthfully answered the “secret question,” right?

 

P.S. Cross-promoting Blogspot is nice and all, but when I’m arriving to googleonlinesecurity.blogspot.com from TechMeme, how the hell am I supposed to be sure it’s an actual official Google blog?

Tilt-Shift Monster Trucks

Awe. Some.

I’m not quite sure whether it’s fake or real tilt-shift; if you want to do the same, adding a blurred layer in After Effects would work just fine for a subject like this, but the key is to drop frames so it looks like animation.

QuickTime 7.5.7 fixes (some) HDCP issues

Apple released today a QuickTime update specifically for owners of new MacBook/Pro/Air laptops — those with HDCP-enabled DisplayPort that prevented them from playing all sorts of iTunes Store videos on an external display.

The weird part is, they apparently only removed HDCP from standard-definition videos (which was an obvious bug, as the “HD” in HDCP stands for high-def — oh, wait, actually it doesn’t, but it might as well if the committees hadn’t tried to muddy up the acronym), so they’re basically confirming that it is supposed to be active for HD videos — thereby punishing early adopters of the brand-new laptops.

I guess it couldn’t be avoided, Apple had to use HDCP at some point to satisfy their iTunes Store partners, but wouldn’t it have been safer to wait until DisplayPort had been adopted on every computer for a couple years before actually pulling the switch? I know I shouldn’t complain that they aren’t being more deceitful, but it’s just strange; are the studios breathing that hard down their neck that they couldn’t wait?

Can we please all agree that the “Yes we/you can” meme is already tired?

27 November

Ars gets a 24-inch Cinema Display

The real nicety of the display is that Mac OS X knows when you have attached the display to use its integrated devices. That is, when you’ve hooked it all up, it will use the iSight in the display instead of the notebook’s, and it will use the USB audio on the display and disable the output on the notebook. That is, until you plug a set of headphones into the port on the notebook, at which time the display’s speakers will disable and route the audio directly to your ears automatically.

Nice touches.

First µTorrent Mac Beta

The interface is pretty good (Transmission is more streamlined, but µTorrent feels surprisingly native to Leopard — quite the refresher after I tried using Azureus/Vuze for a few months), the feature set is adequate, and it takes 120% of my Mini’s CPU with no transfers at all — I’m not the only one, so it’ll get fixed.

If you’ve got an Intel Mac with Leopard (it will be available for PowerPCs after some bugs are fixed) and you need to download Linux ISOs, feel free to try for yourselves. It’s supposed to be faster than Transmission, I guess.

Mac Mini Apple Pie

Featuring a laser-cut logo because why not?

Finally done the laundry. I think that was enough good will to earn myself two weeks of reading under the covers.

28 November

L’amendement anti-ripose graduée saute

Le Conseil européen des ministres Télécoms a décidé de supprimer l’amendement 138 du Paquet Télécoms. Cet amendement avait par ailleurs été adopté par les députés du Parlement européen le 24 septembre dernier.

Ah bon, c’est possible, ça ?

Déposé par les euro-députés Guy Bono, Daniel Cohn-Bendit et Zazana Roithova, l’amendement 138, qualifié d’anti-riposte graduée, garantissait qu’aucune “restriction aux droits et libertés des utilisateurs finaux ne doit être prise sans décision préalable de l’autorité judiciaire”. Il allait à l’encontre du système de la riposte graduée contre le téléchargement illégal voulu par Christine Albanel dans le projet de loi Création & Internet.

This T-shirt makes me look fat. So does that one. And the other one. Must be a curse or something.

29 November

Fizz Saver

Kinda makes sense.

Do I even know anyone who’s happy?

Wanted

I’m not sure why I expected nothing of it, really.

30 November

O’Reilly: “Why I Love Twitter”

Several good points about Twitter’s success that all web service developers should pay attention to. Especially this one, which is applicable to any web 2.0 site:

Twitter even lets competitors (like FriendFeed or Facebook) slurp its content into their services. But instead of strengthening them, it seems to strengthen Twitter. It’s the new version of embrace and extend: inject and take over. […]

There’s a real lesson to Facebook here about giving other services (like Twitter) access to their social graph. They have the best one going, but because they try to keep users coming back to their interface, and even the applications built on their service have to live in Facebook, they end up as a ghetto rather than a true internet service. It’s the data, not the interface! Let other people use your data, build on it, and it will still belong to you. Hold it too tight, and they will compete with it.

With just a little catch — Twitter has no business model whereas Facebook is kinda sorta not very far from being profitable if they wanted to, if I remember correctly.

I used to care. I’m pretty sure I must have. At some point. There must have been something I vaguely cared about.

Archives

2001 01 02 03 04 05 06 07 08 09 10 11 12

2002 01 02 03 04 05 06 07 08 09 10 11 12

2003 01 02 03 04 05 06 07 08 09 10 11 12

2004 01 02 03 04 05 06 07 08 09 10 11 12

2005 01 02 03 04 05 06 07 08 09 10 11 12

2006 01 02 03 04 05 06 07 08 09 10 11 12

2007 01 02 03 04 05 06 07 08 09 10 11 12

2008 01 02 03 04 05 06 07 08 09 10 11 12

2009 01 02 03 04 05 06 07 08 09 10 11 12

2010 01 02 03 04 05 06 07 08 09 10 11 12

2011 01 02 03 04 05 06 07 08 09 10 11 12

2012 01 02 03 04 05 06 07 08 09 10 11 12

2013 01 02 03 04 05 06 07 08 09 10 11 12

2014 01 02 03 04 05 06 07 08 09 10 11 12

2015 01 02 03 04 05 06 07 08 09 10 11 12

2016 01 02 03 04 05 06 07 08 09 10 11 12

2017 01 02 03 04 05 06 07 08 09 10 11 12