Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Portables (Games)

Journal: First tilt-action game runs on new Powerbooks

Journal by babbage
When Apple revised their Powerbook line earlier this year, they added Sudden Motion Sensor (SMS), a detector that can be used to protect the hard drive if the machine gets dropped. Chances are, they probably weren't expecting it to be used as a video game controller, but Balooba software figured out a way, as demonstrated in Bubblegym. According to the author, "this might be the first computer game that is controlled by moving the notebook computer itself." Who says Macs can't play the best games?
Google

Journal: Interesting start to Google Maps, but much remains undone 3

Journal by babbage

The UI is definitely slick, but it definitely has some quirks, some annoying. Some random observations:

  • The maps seem to be three dimensional. Look at the map of a complicated highway interchange and you'll see that it seems to get the over / under ramps correct. (For example, look at this map & zoom all the way in -- it pretty accurately reflects a complicated, braided set of onramps & offramps).
  • On the other hand, it's not completely three dimensional: while the map has surprisingly current data for Boston's Big Dig, for example, it doesn't actually illustrate the points at which the roadway goes underground. Considering that some of these tunnels have surface roads over them, or will in the future if they don't already, finding a way to denote a tunnel seems important.
  • It doesn't show one way streets! This is absolutely essential, especially in urban areas where a lattice of one-way streets can force you to take convoluted routes to follow the seemingly simple paths you could have taken if all the streets were bidirectional. A map service that can't show this data is much less useful than one that does. (That said, the trip planner does seem to show routes with an awareness of one-way streets, and will plot different to & from directions accordingly. So they do have the data, and they do use it where it matters, but they aren't making it visible in the interface. This may have been a deliberate attempt to constrain against information overload, but in this case I think the user really does need that data visible, at least optionally.)
  • While the UI is nice and responsive in a way few other web sites are, it has some idiosynchroncies. For example, if I search to a map, then scroll somewhere else, then go to a different browser tab, it sometimes snaps back to the original search when I come back, rather than whatever I was looking at. If I do a new search, it scrolls to the new location from the old one; while this looks cool and may be the desired result if I'm thinking about directions, other times I may be thinking of a completely new & discrete search, and don't want to treat the two searches as a set -- some kind of "new search" option would be good. (This last one is subtle to describe, but kind of annoying once you pick up on it -- it's definitely useful, but maybe a little too helpful, ya know?)
  • I like the way it dynamically fills up the current browser window size: note the way the map is always just a bit shorter than the current view is tall. If you resize, the page will start scrolling or have a white margin on the bottom, but will quickly redraw to match the new geometry. Clever.
  • The overlay of local data seems much more polished than it was with last year's Google Local. Maybe this will mean abandoning Google Local as a separate entity and incorporating its functionality into Google Maps -- they're already most of the way along to doing exactly this.
  • As widely requested, non-US/Canada data would be nice, but I'm sure such things are on the way. Moreover, Google already pulls interesting geolocation tricks, such that a request for google.com from an internet cafe in, say, Switzerland, will automatically and transparently redirect you to google.ch. Likewise, a search for http://news.google.com will redirect you to http://news.google.com/news?ned=de_ch&hl=de. I'm sure that once this gets going, Google Maps will also automatically send visitors into a mapping application that is relevant to their location.

Wish list items:

  • Realtime traffic data would be nice, the way Yahoo is now offering. Factoring traffic data into trip planning would be a good next step. Factoring in predictive traffic data would be better -- e.g. "when should I leave and what route should I follow if I want to get from Boston to Washington, D. C. without hitting rush hour traffic in New York City?"
  • Being able to place constraints on planned trips would be nice. "How do I get from Medford MA to Burlington MA without using a limited-access highway?" (Maybe I'm riding a bike; maybe my crappy car can't go above 40mph -- it doesn't matter why, it should just be possible to ask for it.). "How do I get from Medford to Burlington, with stops in Reading and Woburn along the way?" (Maybe I have errands to run in those towns and don't want to make a series of trip plans when I can just have one with waypoints.) "Accounting for traffic lights, frequent traffic jam areas, highways, and tolls, what would be the fastest & cheapest commuter-time route to and from Somerville MA to Waltham MA?" (Taking the turnpike is longer but might be faster, but it will cost a couple bucks each way; surface roads might be fast, but congestion in certain areas is chronic; what route will be most reliable?)
  • Topographic data would be nice. Using it as a factor in trip planning would be better, e.g. "I want to bike from Somerville MA to Waltham MA on a route that avoids major roads and big hills. Please find me a route."
  • Weather data would be nice, but not as critical.
  • Accurately showing one way streets is essential. Finding a way to depict underground streets (or bridges, etc) would be nice, but the lack of it isn't critical.
  • The functionality to create a link for the current view doesn't work properly: it'll give you a search that more or less shows the region that was being examined, but it will be all zoomed out and improperly centered. It would be nice to have a better approach to this.
  • Support for Safari would be nice, but I suppose it's on the way...

This is an intriguing start, but I can see all kinds of ways to build on it, and hope that Google will continue to improve the product now that it is available to the public (as opposed to services like Google News, which is good, but seems to be basically identical to what it was when the beta went live a couple of years ago). Unlike Google News, the unfinished aspects of this tool are obvious enough and annoying enough that I'm not sure I'd yet be willing to make this my primary tool for searching for this kind of information.

Spam

Journal: Anti-blog spam efforts

Journal by babbage

So, anecdotally, it looks like Google's anti-blog-spam campaign may be working. A handful of easy changes to my home blog seems to have helped tremendously:

  • I looked over Google's plan, and Movable Type's recommendations.
  • I added the Movable Type implementation of the "nofollow" plugin
  • I renamed all the MT CGI scripts so that spammers have to actually look to find the comment URL.
  • I added a new script at the old comment & trackback URL:

    #!/usr/bin/perl -wT
    print "Content-type: text/plain\n\n";
    1

  • After noticing that the spammers all seem to have a referer of "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)", I added the following code to the comment script:

    sub squash_spammers {
    my $agent = $ENV{'HTTP_USER_AGENT'} ||= "";
    my $referer = $ENV{'HTTP_REFERER'} ||= "";
    if ( ( $agent =~ m/NET CLR 1.1.4322/ ) ||
    ( $referer =~ m@\.info/$@ ) )
    {
    # print "Content-type: text/plain\n\nsorry\n";
    die "Sorry, this is a spam-free zone. $!";
    }
    return;
    }

    This is now called in the eval block that does the rest of the work for the comment script, so attempts to spam me automatically fail. If I need to add more criteria, I can hook them in as needed, but these two rules seem to have caught everything so far.

Since making these changes, things have gotten much better. I've had no comment spam this week (usually, a handful makes it past the comment spam plugin), and more strikingly, the amount of referer traffic -- requests for random URLs with referer fields like "http://buy-zanax-online.best-buy-site-4u.info" -- has almost, if not quite entirely, disappeared. This is wonderful.

We'll see how well it's working a month from now though ...

Hardware

Journal: Mini Mac mechanism 5

Journal by babbage

So, out of curiosity, has anyone seen the guts of a Mini-mac yet ? The pictures I've seen on Apple's site -- particularly one of the motherboard and one with the cover removed -- give you some ideas -- compact motherboard, RAM on one side, skinny optical drive on top, mini-speaker in front -- but I'm curious about the hard drive: did they actually jam a full sized IDE drive in there, or is it a compact laptop model or a super-compact iPod one?

Some of the rumor sites were paying slavish attention to the deals Apple was making for bulk purchases of minature hard drives from Asian manufacturers. All of this speculation centered around the possibilities for new iPod models, but it occurs to me that at least some of those drives are probably going into the new Mac as well.

So -- has anyone had a chance to get pictures of a disassembly of a mini Mac yet ?

News

Journal: Arbeit in der Schweiz? (Practicing my German, more like...) 5

Journal by babbage

My wife's company would like to transfer her to an office in their Swiss office in Lucerne / Luzern, but she's got baggage -- me.

So, they're willing to sponsor her, take care of her visa & other paperwork, help set her/us up with an apartment, and bring her over for a couple of year, while she learns how the European side of her company works and she gradually makes her way up the management ladder.

Meanwhile, I'll have to leave my job and basically start over; there's basically no chance that her company's Swiss office would have any IT work (it's all either in the US or outsourced to India). But that's alright, it's an opportunity strongly to be considered, right? But I haven't the slightest idea what the IT market is like in this little, seemingly rural part of the country, and there's so much that needs to be sorted out before going and once we get there.

  • What skills are in demand in central Switzerland? How does one go about learning such things? Same as here, I guess -- find & browse job listing sites...
  • Is there any IT work in a medium sized city, or is it better to commute to Zurich or Bern? How feasible is it to commute that far each day?
  • How much of a liability is my weak grasp of the languages? I'm sure I can pick it up once I get there, but at this point my German and French are both very weak, and I only know as much Italian as I can puzzle out from the Latin I took waaaaay back in high school. I've heard it said that most IT work is done in English, but as a practical matter, don't you have to have a grasp on the dominant local language[s] as well?
  • Is there any chance of finding full time, salaried employment, or will it all just be consulting gigs? I guess I don't care either way, but a nice predictable job sounds appealing right now...
  • Is it better to be paid in Swiss Francs, Euros, or US Dollars? Or will that question even come up? If the dollar keeps plummeting, as it seems like it will, the Euro looks more appealing -- but then when the IRS comes knocking it could become painful, fast.
  • What happens back home? We bought a car before this opportunity came up -- a Subaru Forester -- a nice, reasonable car for snows and mountains. Is it insanity to ship it over with us? Is it insanity to sell a three month old car with less than 4000 miles on it? And what happens with our mortgage back home -- does it make more sense to rent or sell?
  • Will it make sense to talk to someone at a Swiss consulate before going, or getting in touch with some kind of relocation agency? I suppose it would make more sense than babbling about it on Slashdot, but oh well, the timing of this article caught me right as I was starting to consider all these questions...

Maybe it would be easier to just bus tables at a ski resort and take a few years off from IT...

I need to start working on my resume, or CV I guess. European CVs don't bear much resemblance to American resumes, do they? It seems like they're a lot chattier & biographical than the dry list of titles & skills & credentials that is expected over here. Just one more thing to do in the next handful of months....

User Journal

Journal: Google Desktop Search + Apache Reverse Proxy for LAN search

Journal by babbage

So Google has finally offered a form of desktop search, but it only works on localhost. This seems reasonable for the average home user, but an obstacle to setting up something even cooler: a slick Google powered local LAN search engine. Think about it: even on a mostly Mac / Linux network, you can set up one Windows box that has Samba mounted your main network shares with the Google software, and through the magic of HTTP reverse proxying, your whole LAN can have a nice Google search interface into your local documentation.

So. The obvious thing to try then is to set up Apache (or Squid, or similar software) running as a reverse proxy on that machine.

The first thing I did when finding out about this tool was to install it on a spare Windows machine with a couple of Samba mounted network drives (I'm hoping that it will index the content of these drives, but I can't tell yet), then set up Apache as a reverse proxy to provide the indexed material as a URL that would be widely accessible on the local LAN.

So far I can't quite get it to work -- I can connect from another computer (a Mac running Safari), but first I get complaints about running the wrong browser, and then I get errors about invalid URLs that apparently aren't being passed through. Still though, it seems certain that this should be doable, and if it can be done, this would beat the living snot out of the current ht://Dig based search engine we're using.

Google is right to make this tool inaccessible from non-localhost access -- the average home user does not need to have the contents of their hard drive set up with an easy to browse, globally accessible search interface. And I can see where Google wouldn't want this to work on LANs either -- it would cut into their business of selling search appliances. But come on, this is right on the cusp of working as it is, and it's only in beta. If Google doesn't provide a way to turn on access for local (e.g. 192.168.x.x) addresses, I'm sure that Apache or something like it can be configured to do this.

Security

Journal: Apple Remote Desktop bug ?

Journal by babbage

I think I've found a bug. I'm not sure if it's an ARD bug, a Fink bug,
or something else, but I definitely triggered some unwanted results.

I used ARD2 to install Fink (the 0.6.2 installer package) on two remote
machines, neither of which had a currently logged in user.

When installing Fink locally, one of the last steps is to invoke a shell
script that sets up basic environment information for your account -- it
adds /sw/bin to your path, etc. If Terminal isn't already running, it
will launch for this. I'm not sure how or why Terminal gets launched
when it seems like it should just be able to run silently & detached,
but no matter; suffice to say that the Fink installer launches Terminal.

The installer was taking a very long time to finish, so I took a walk
around the office to see what was going on with these machines. Here,
roughly, is what I found:

        http://devers.homeip.net:8080/images/ard_bug.jpg (204kb)
        http://home.comcast.net/~teridon73/ard_bug.pdf (mirror of original, 1.2mb)

The screengrab above was a 1.2mb download from my poor little bandwidth starved computer at home, but then someone offered to mirror it -- thanks! -- and someone else pointed out that a JPEG would be much smaller. Which it is. So the bandwidth issue shouldn't be such a big deal now.

What we have here is a system displaying the normal login screen while
in the background a Terminal instance is running with the root user's
priviliges. Because running Terminal means having a normal menu, I can
also click on the menu items, launch things like Software Update and
System Preferences, and open up new Terminal windows -- with root access
no less -- from which I can run just about anything I please.

For laughs, I launched the Finder & Dock so that I would have something
resembling a normal login session, even though the login window was
still sitting there greedily hogging the middle of the screen.

For more laughs, I used the login window to log in as myself. This
seemed to work, kind of, in that now I had GUI programs running at the
same time, some with my access level (according to the "log out cdevers"
item in the Apple menu) and some with root access (according to the "log
out administrator" item).

If I hadn't manually walked by to see what was going on, I might have
ended up leaving these machines on with unattended root access
overnight. If these machines had been at a remote location, I wouldn't
have necessarily realized what was going on at all -- I didn't even know
it was possible for any user to launch GUI programs from the login
screen, so I'm not sure it would have occurred to me to control the
desktop and see what was going on.

As I say, there are several possible sources of this problem -- ARD,
Fink, something else -- and I'm not sure who to blame. I can't imagine
that this was the intended behavior though, was it ?

OS X

Journal: Vulnerability with the OSX screensaver password lock

Journal by babbage

No one wants other people messing around with their computer when they're away from their desks, but what can you do? It's not practical to log out every time you want to go for a cup of coffee, so many people put a password lock on their screensaver instead.

This is much more convenient, but it has a serious Achilles' heel: if you are in an environment where many people have logins on your computer, such as an office with centralized login (NIS, ActiveDirectory/Kerberos, LDAP, OpenDirectory, NetInfo, etc) where everyone has an account on every computer, then anyone can use their own login to disable your locked session. The only record of this will be an entry in /var/log/secure.log, which is only useful after the fact -- provided that the person who logged in didn't know to cover their tracks.

For a lot of people, this probably defeats the purpose of locking the screen to begin with; until & unless Apple provides a way to change this behavior, it may be wise to avoid the screen saver lock and fully log out of the system whenever you will be away from your computer for a long time (lunch break, overnight, etc).

Addendum:

This may only work for Admin users, which would be a lot less serious than I was thinking at first. I need to test that...

Apple

Journal: General URI handling problem with OSX?

Journal by babbage

It occurs to me that the recent Safari/Help security issue in OSX could be broader than is being generally portrayed so far.

Consider: the fundamental issue here is that an OSX web browser -- Safari in the original reports, but apparently also Mozilla etc -- is acting as a broker for any URI that the user may come across, delegating the request out to external handler programs. Whether those external programs handle their URIs safely may be an open question.

The problem isn't really that Safari or Help is broken, but that the interaction between them, arising from the URI handling mechanism on OSX, is leading to Unintended Consequences.

OSX can handle many different URI namespaces, some of which seem to be used nowhere other than OSX. I'm having a hard time finding an exhaustive list of the URI protocols that OSX supports, but a partial list includes, in no particular order:

http://
https://
ftp://
mailto://
ssh://
telnet://
aim://
afp://
nfs://
smb://
sherlock://
itms://
daap://
help://

So far, I can think of published vulnerabilities in the telnet:// and now help:// protocols, but is that the end of it, or is the whole framework vulnerable to these sorts of attacks?

I have a hunch that we're just seeing the thin edge of the wedge...

Apple

Journal: MacWorld thinks an iMac G5 is imminent? 2

Journal by babbage
There may be nothing to this, but it seems interesting anyway. I recently bought a PowerMac G5, and when I registered it with Apple, I was offered a free subscription to MacWorld. When signing up for the subscription, one of the questions you're asked is which Apple product you purchased most recently -- and one of the items on the list was "iMac G5". Does the MacWorld marketing department know something that the rest of us don't, yet? Very interesting...

Addendum:
A version of this story was picked up on Slashdot's home page.

Apple

Journal: Dead Applejuicemen

Journal by babbage

GarageBand looks okay and all, but they totally dropped the ball on the name. For one thing, they broke then "clever" iName scheme that the rest of the iLife suite uses. For another thing, they missed a chance to get an oblique 80s punk rock reference, which clearly all software should aim for. How could they have fixed this?

Or if they wanted to go for that trendy leetspeek "we meant to mis-spell that, thankyouverymuch", they could have used...

Is it too late to go put new label stickers on the packaging, and to change out the strings in the software? I hope it's not too late...

Joe - Wow, Pretty good Jim Morrison impersonation there.
Rod - Yeah, I hope those guys have a good sense of humor and don't take us to court.
Joe - Uh, what's the court?
Rod - Never mind that,
Joe - Oh, you mean like the People's Court?
Rod - Well, that's another story; the important thing here is you gotta ask me how I'm gonna get down to the shore.
Joe - Uh, how you gonna get down to the shore?
Rod - Funny you should ask, I've got a car now.
Joe - Oh wow, how'd you get a car?
Rod - Oh my parents drove it up here from the Bahamas.
Joe - You're kidding!
Rod - I must be, the Bahamas are islands, okay, the important thing now, is that you ask me what kind of car I have.
Joe - Uh, what kinda car do ya' got?
Rod - I've got a BITCHIN CAMARO!

++++

Yes, this is a repost, but dammit I think it's funny... :-)

Slashdot.org

Journal: Moderation whining 4

Journal by babbage

Not that it's cool to whine about moderation, but what exactly was wrong with these two comments?

Someone was complaining in the Boston's Big Dig Finally Open thread about the lack of pedestrian access to the new Zakim Bridge, and seeing as I was lucky enough to have a chance to ask the project's chief engineer that exact question, I thought I might share what I learned. And yet an explanation as given to me straight from the horse's mouth, as it were, is "overrated", while someone complaining that the reason sounds like "bullshit" is left as is.

Moderate however you want, but I'm not a troll, and when I can't be funny, I do try to be constructive in the threads I participate in. This isn't the first time this has happened in the past month or two though -- maybe someone just doesn't like me or something. Oh well...

User Journal

Journal: Slashdot fortunes 3

Journal by babbage

Seen on the Slashdot footer right now:

Live Free or Live in Massachusettes.

Do I take it that the joke here is that the charming libertarian wackos from New Hampshire are too dumb to spell the name of their next door neighbor? :-)

The more cordial the buyer's secretary, the greater the odds that the competition already has the order.

Working...