taint.org: Justin Mason’s Weblog

RFID: Over on Adam Shostack’s weblog, in a comment on an entry regarding the plans to mandate remotely-readable RFID passports, Martin Forssen brings up a great idea:

What I want is a device which beeps every time somebody scans me for RFID-tags. I assume this would be fairly easy to construct since the scanner must send a signal of some strength to activate the chip.

I wonder if that’d work? A keyfob, for example, something similar in size to the dinky Chrysalis Wifi Seeker I have on my keyring, would be perfect. It’d be probably pretty cheap to make, would make a great geek toy, and be quite educational too. ;)

Tags: comment, device, entry, idea, rfid, rfid-tags, scanner, somebody, time, weblog

Blogs: Just to expand on a linkblog posting I made yesterday, Google’s search team have announced support for a new piece of Google functionality; they’ll fix their crawlers to ignore links with a rel="nofollow" attribute, for PageRank calculations, the idea being that spammers will stop blog-spamming once they can’t get PageRank out of it.

The blog world has been all aflutter:

• Google Blog
• MSN Search
• SixApart
• Dave Winer
• Robert Scoble: ‘now we can link to things without raising their search engine whuffie’
• burningbird: ‘I remember something like this being discussed before’

BurningBird is right, to a degree. In fact, it’s been solved before.

Here’s a taint.org posting from November 2003 where I point out that by using a trivial Javascript URL one can link to another page without conferring PageRank. The format is:

javascript:document.location=target

The result looks like this, and work in any browser with a basic JS engine, from IE 3.02 and Netscape Navigator 2 onwards. I’ve been using it for my referrer logs, among other things, for over a year. I wrote a patch that implemented it for external links in the Moin Moin wiki software.

Amazingly, despite my plugging this idea at virtually every opportunity, it seems nobody noticed! At least, nobody among the people who (it would seem) should be looking into comment spam, thinking about how to deal with it, etc.

Disappointing — the echo chamber keeps talking to itself, once again. Maybe I’ll stick with dealing with email spam instead ;)

Ah, whatever. Anyway, this is a nicer fix; relying on JS isn’t a good thing. So nice work, Google.

(PS: worth noting that while this is a good plan, comment spam won’t be going away any time soon, as Mark Pilgrim noted. Still, here’s hoping it’ll help in the long term…)

Tags: blogs, burningbird, engine, google, idea, javascript, moin, nofollow, pagerank, search, spam

Code: Here’s something I came up with recently — it’s actually an evolution of the idea of pushd and popd, as included in BASH. To quote the POD docs:

cdhistory is a perl script used to implement web-browser style “history” for UNIX shells; as you use the cd command to explore the filesystem, your moves are remembered, and you can go “back” through history, and “forward” again, as you like.

Download the perl script here.

Tags: bash, code, evolution, history, idea, perl, pod, popd, pushd, script, something

Spam: oh man, Spamusement started off well, and has just been getting better and better; * HEATH WARNING * had me laughing out loud, and the idea of linking the entries since August 8 as a series is genius.

Tags: august, genius, idea, man, series, spam, spamusement

Net: So, it looks like closed-group filesharing will be appearing in several more implementations soon. NTK writes this week, ‘the big new (yet old) killer app this year is going to be a some dinky little program that lets you easily and selectively share individual files with groups and sub-groups of your friends.’

It’s interesting to see this — it’s been several years in the offing. So far, there seems to be two main angles: secure collaboration in a private workgroup, and private filesharing in a closed group, defined socially (I’ve taken to calling this the ‘playgroup’ ;).

Groove is an example of the ‘workgroup’ idea. However, to my mind it’s been crippled by a strict one-platform policy, and possibly because it’s proprietary, commercial software. Still, nice idea.

Several MS researchers helped kickstart the ‘playgroup’ idea with this paper: The Darknet and
the Future of Content Distribution. Clay Shirky’s thoughts.

WASTE is the classic implementation of a ‘playgroup’ darknet, sadly killed off due to ownership issues. NTK state that it ‘was too crypto-tastic to succeed’, but I don’t see that — it was actually excellent software; in particular, its entirely-decentralised and public-key-crypto-based architecture worked surprisingly well in practice, even with NAT, firewalls and all that problematic stuff.

More of the up-and-coming projects — at least the ones that intend to take heed of ‘playgroup’ needs — need to take cues from this app. The only negative in their approach is that the ‘gating’ of new members is too relaxed; all it takes is for one existing member to accept them into the group, their public key is flooded out to all, and pretty much everyone is set to accept the new key by default.

Robert Kaye has written about his thoughts on how this all should work in this ETCON presentation and this O’Reilly Network article. I’m not sure that a loosely-coupled SSH-based system is easily deployable, though; IMO an ‘all-in-one’ app is easier to get installed and deployed.

iFolder is Novell’s new tool in development. This sounds pretty interesting, although it seems very strongly workgroup-oriented, as does Foldershare, a new Windows-only app from some ‘ex-AudioGalaxy staffers’, apparently.

Both operate by using some kind of file-sync algorithm, along the lines of rsync or Unison, to synchronise multiple copies of a dir across a network. (Here’s hoping it’s up to the standard of Unison.) So very large collections will be duplicated throughout the net — which may actually be quite cool for backups, but strikes me as bad news for users on slow links.

And finally, there’s Clevercactus Share — this sounds interesting, is cross-platform, and is now in beta, apparently. Haven’t seen it, though ;)

So far, techie details on the internals of the latter three systems are scant; it’ll be interesting to see how heavily they tilt towards the ‘workgroup’, how well they deal with firewalls and NAT, the extent of crypto use, etc. But nice to see more software entering the field…

Tags: app, darknet, group, idea, key, net, ntk, playgroup, software, the, workgroup

Tech: Excellent post from Colin Charles here:

Which brings us to an interesting point. Computers today are largely based on metaphors that the average urban bloke understands. Like we have a desktop, to represent our workspace. How do we transpose such an idea to someone in a rural area? What about a blinking cursor, in a language like Urdu that has no translation? They’ve resulted in calling it a ‘firefly’!

That’s taking Danny’s ‘eating out of the trash bins outside a cubicle farm’ comment even further…

Tags: bloke, desktop, excellent, idea, point, post, someone, tech, today, transpose, workspace

Web: Plain text, transparently turned into nice markup, is an idea that’s clearly never going to go away.

Setext has been around for over a decade, I wrote EtText myself for use in WebMake and elsewhere (including this very weblog!), Zope came up with StructuredText, and more recently, there’s been Textile and reStructuredText. Now welcome the newest arrival: Markdown.

First impressions: looks an awful lot like EtText, TBH, but I’d presume that’s the shared heritage from Setext. ;)

My feedback: I’d recommend supporting ‘-’ (dash) for list bullets — it turns out that’s a whole lot more widely supported than ‘*’ (asterisk), including in Vim. Also, automatic link inference is very handy; picking up http: URIs and turning email addrs into mailto: links may not look super-pretty, but saves a lot of typing, and EtText Auto links are pretty handy for stuff that’s never going to be anything other than a link (take uncommon nouns like ‘SlashDot‘, for example).

Tags: decade, ettext, idea, link, lot, markup, plain, setext, text, use, web

Quickies: I like Thanksgiving! A holiday based around a roast fowl and some booze; can’t go too far wrong with that. Thumbs up.

FrodoPalm — run C=64 games on your Palm handheld. Insanely cool. (via /.) I wonder what the controls are like, though — that can totally kill a game’s playability.

Escape From Woomera — nice press-grabbing idea, but I can’t imagine that the game will be too hot, though. (via Boing Boing)

The Bearer of This Card is a Genuine and Authorized Tsar, via Blather Shitegeist.

ABC.net.au: push for ‘open source’ biotech. I was just thinking about this last week; interesting to see this happening.

‘Biotechnology, the way it is right now, is needed in the developing world like a screen door on a submarine,’ said Jefferson. ‘What it really needs is what good science can do in biology, in biotechnology. And that means a different agenda and a different group of innovators.’

‘He added such tools could also help us understand and improve agricultural management systems such as organic approaches. An example of this would be the development of new ‘bioindicator’ plant varieties that would tell farmers about their soil nitrogen levels.’

Fantastic idea. I hope this takes off…

Tags: biotechnology, boing, booze, fowl, game, holiday, idea, quickies, roast, thanksgiving, thumbs

USPTO seeks to block WIPO open source meeting.

(WIPO) is not the place for discussions about ‘open source’ software (…) a senior U.S. official argued on Monday. Reviewing the original mission of the World Intellectual Property Organization (WIPO), said Lois Boland, the U.S. Patent and Trademark Office (PTO) acting director of international relations, it is ‘clearly limited to the protection of intellectual property. To have a meeting whose primary objective is to waive or remove those protections seems to go against the mission.’

Boland was referring to a July request by a group of scientists, academics, open-source advocates and others for a meeting at WIPO on ‘open and collaborative projects,’ including open-source software. The WIPO secretariat initially replied favorably to the idea.

Well, that’s a shame. Let’s hope WIPO reconsider, because it really would be an interesting idea to have everyone involved talking about this stuff.

Tags: idea, meeting, mission, official, place, property, software, source, uspto, wipo

Mozilla Firebird has this feature that obviously seemed like a good idea, but unfortunately isn’t really — automatic image resizing.

Well, while surfing about looking at the next-gen Bluecurve screenshots, I came across a screenshot with a link to linuxart.com, which had a top tip:

• type ‘about:config’
• scroll down to browser.automatic_image_resize, double click, change to ‘false’

Hey presto!

Tags: bluecurve, com, feature, firebird, idea, image, link, linuxart, mozilla, screenshot

Chuq van Rospach has a great idea — instead of a do not spam list, an I am your customer, not your asset, and quit treating me like one list:

Where do-not-spam lists are useful (and ought to be mandatory) are third party sales and rentals. Any time someone buys or rents a list, that list has to be filtered against the do-not-spam list. If you’re on it, you fall out of the transfer. that would include any time that information moves from one company to another, the do-not-spam restrictions apply. (ditto, IMHO, for phone and other personal information. I’ll go further, actually. I think there ought to be a generic ‘do not sell me as an asset’ list, preventing transfer of personal information of any kind without permission. Or more correctly, a I am your customer, not your asset, and quit treating me like one list.

Great idea. Really, the resale of contact information for marketing purposes sounds fantastic to marketers — but as The Story of Nadine demonstrates, it only takes two years for the contact information to be sold (via a chain of increasingly dodgy operators) from DeliverE, a subsidiary of Excite to horse bestiality porn spam.

Tags: asset, chuq, contact, customer, idea, information, list, spam, time, transfer

during this ongoing European software patents thing, I was reminded of a comment I heard a while back from a pro-patent guy.

He was around in the bad old days of SSLeay’s patent woes. SSLeay, like many cryptographic products in the 80’s and 90’s before the RSA and other patents expired, was in a legal grey area due to patent issues. To quote the ‘Is This Legal?’ section of their FAQ:

That is one of the hard questions on which there is as yet no clear answer. You need to read quite a bit of information to draw your own conclusions - and then go and talk to a lawyer. Again this document is my opinion and as such should be treated in that light - reality could be quite different to how I happen to see things :-).

In short:

• outside the USA there should be no problems
• inside the USA RSA hold patents over the RSA algorithms, however if you use RSAREF (which SSLeay can link to) then non-commercial use is probably okay. For commercial purposes you need to talk to RSA to license one of their toolkits (BSAFE) or come to some other licensing arrangement with them.
• IDEA may be a problem inside Europe and RC4 inside the USA; both can be removed with a simple compile-time option or you can licence the IDEA algorithm.

Eventually, RSA relicensed their algorithms to be freely usable. Thankfully IDEA could be avoided by using alternative algorithms in the SSL transaction, so it wasn’t a biggie; most SSL users just switched it off. Finally, the RSA patent finally expired — so nowadays SSL is commonplace, and using SSL to protect security is a lot easier than it used to be.

Anyway, I’m diverging here… the relevance is this mail from Hartmut Pilch discussing the current euro-swpat proposal. He reckons even the SSLeay defense — saying ‘do not download this software in these countries unless you get these licenses’ — would not work with the current proposal:

To make this clearer: according to the CEC proposal, you still risk being sued even if you only publish a program and warn people ‘please do not execute unless you have obtained a license from XXX’.

Tags: comment, idea, patent, proposal, rsa, software, ssl, ssleay, thing, while

ReVirt is very, very cool security functionality:

ReVirt (part of the CoVirt project) is a complete Linux-on-Linux virtual machine with replay capability: you can explore the state of the entire virtual machine at any point in the past. For example, if you discover an intruder, you can ‘go back in time’ to see how they broke in, watch the exploit in progress, and discover what was compromised. The overhead of virtualization and logging is only 15-30%, even for kernel-intensive applications.

Can’t wait until this is stable…

Games: The Body Behind Vice City’s Tommy Vercetti (Escape Mag): an interview with the guy who did the motion-capture for Vice City:

What advice do you have for any readers interest in doing motion capture?

… Stuff your Spandex mo-cap suit. That’s the key.

Patents: SFGate: Inventors patent ideas to pre-empt their rivals: ‘(IP lawyer) Dennis Fernandez has come up with an idea for TV sets with built-in cameras and small screens that would let viewers talk to one another while watching a show. … Fernandez has no intention of actually building such a device. But the idea is his — and he has a certificate from the U.S. Patent and Trademark Office to prove it.’

And there was me thinking these things had to be non-obvious, and have novelty, to be patentable. :( What is the US PTO up to? And what’s going to happen if the European Patent Office get their way?

I’m beginning to think a pro-bono collection of freely-licensable defensive patents, filed by the FSF or similar, is the only way to work around this brokenness.

Tags: covirt, functionality, idea, machine, office, part, project, revirt, security, way

Caelen and Barbara’s travelogue from Luang Prabang just fills me with reminiscence for Laos — I’d go back in a shot, it’s an amazing country (well, for tourists at least, not sure about the folks living there).

Also interesting to see that Caelen went for some minor surgery while in Bangkok. Great idea — 150 bucks is a hell of a lot cheaper than you’d get it pretty much anywhere else, and the Bangkok hospitals that cater for tourists are, by all accounts, super-swanky. Great idea!

Tags: caelen, country, hell, idea, luang, prabang, reminiscence, shot, surgery, travelogue

A classic Ali G moment, via Maureen Dowd in the New York Times (username: sitescooper/sitescooper):

• YOUNG MAN: How does you make countries do stuff you want?
• MR. BAKER: Well, the way you deal with countries on foreign policy issues . . . is you deal with carrots and sticks.
• YOUNG MAN: But what country is gonna want carrots, even if it’s like a million tons of carrots that you’re giving over there—-
• MR. BAKER: Well, carrots — I’m not using the term literally. You might send foreign aid — money, money.
• YOUNG MAN: Well, money’s better than carrots. Even if a country love carrots and that is, like, their favorite national food, if they get given them—-
• MR. BAKER: Well, don’t get hung up on carrots. That’s just a figure of speech.
• YOUNG MAN: So would you ever send carrots? You know, is there any situation—-
• MR. BAKER: No, no.
• YOUNG MAN: What about if there was a famine?
• MR. BAKER: Carrots, themselves? No.

Beautiful.

Initially, there were a lot of media reports in the UK and Ireland, about how negatively it was taken in the US; this interview with the director reckons that was rubbish put about by UK media:

‘I’ve got a theory about this: In Britain, we’re no longer world leaders in anything. … Yet the one thing we still maintain, and cling on to jealously, is that we’ve got the best sense of humour in the world. So we don’t like the idea that people in other countries get our sense of humour. We prefer to cling to the idea that our comedy is too sophisticated for the Americans And yet the truth is rather different. If you look at sitcoms, with a couple of exceptions, all the best ones come from America, like Friends, Frasier, Seinfeld and so on.’

‘I actually think Americans get the undertones of satire almost better than the British. It can’t be coincidence that the best comedies on our TV are all imported from America.’

But then even the bad reviews never said that Ali G was too sophisticated, complaining instead that the satire wasn’t subtle enough. Maybe the Americans are the more comedy-literate, after all.

Tags: ali, baker, country, humour, idea, money, satire, sense, sitescooper, world

reStructuredText is apparently the new wave of text-based markup – in the Python community at least. ;)

It’s basically a reworking of Zope’s StructuredText, which — like my own EtText, which is what this blog is written in — is itself a reworking of Setext. Setext is an old Amiga smart-text format which I first encountered in the Plexus web server back in 1993. Plexus, BTW, was what HTTP server number 70-something ran.

It’s interesting. I’d been considering modifying EtText to use some StructuredText ideas, such as indentation indicating tag-nesting levels. But it looks like reStructuredText has got rid of that idea, and instead does what EtText does: ie. indentation indicates quoting. So it must have driven someone up the wall in that case.

There’s a reStructuredText primer here. Compare with EtText’s quick intro. (gack, what is that font I’m using there? ;)

Still, a few other nice ideas to steal ;) — I like the idea of ending the paragraph with colon-colon to indicate that the next quoted block is a code sample in monospace format. hmm…

Tags: ettext, format, idea, indentation, plexus, restructuredtext, server, setext, structuredtext, wave

Some folks reckon that mailservers should have reverse DNS — in other words, that the SMTP server should have a fully-valid forward-to-reverse mapping for its address, to cut down on spam and forgeries. All well and good.

Some other folks reckon that filtering on it is therefore a good way to cut down on spam.

It’s a nice idea, apart from 2 things:

• filtering based on this suffers the same problem some DNSBLs have: a false positive hurts the user, rather than the person who is at fault; also the user is virtually powerless to fix it.

• the correlation between spam and missing reverse DNS is no longer as strong as it used to be, as far as I can tell; spammers know they should pick a relay or proxy with a reverse DNS entry to get through filters, and as it becomes a requirement for relaying in general, more hosts have this anyway (regardless of exploitability or not).

Tags: address, dns, idea, mapping, reverse, server, smtp, spam, user, way

George W. Hart is a sculptor who works with incredible geometric forms. “Classical forms are pushed in new directions, so viewers can take pleasure in their Platonic beauty yet recognize how they are updated for our complex high-tech times. I share with many artists the idea that a pure form is a worthy object, and select for each piece the materials that best carry that form.”

I like “ Gonads of the Rich and Famous“, a 3D printing. But what exactly is a 3D printing?

(Link from Forteana, via a discussion on edible trilobites. George has a recipe on his site ;)

Tags: beauty, classical, form, idea, object, piece, platonic, pleasure, printing, sculptor

A great idea for a blog — “who would buy that?” — featuring auction oddities from all over the web. There’s some absolutely horrific tat to be found out there…

Tags: auction, blog, idea, tat, web