Month: March 2005

my bad

Safari
Available for: Mac OS X v10.3.8, Mac OS X Server v10.3.8
CVE-ID: CAN-2005-0234
Impact: Maliciously registered International Domain Names (IDN) can make URLs visually appear as legitimate sites.
Description: Support for Unicode characters within domain names (International Domain Name support) can allow maliciously registered domain names to visually appear as legitimate sites. Safari has been modified so that it consults a user-customizable list of scripts that are allowed to be displayed natively. Characters based on scripts that are not in the allowed list are displayed in their Punycode equivalent. The default list of allowed scripts does not include Roman look-alike scripts. Credit to Eric Johanson (ericj@shmoo.com) for reporting this issue to us. More information is available here (9).

OK, it took 6 weeks.

learning all the time

After reading this post (1), I thought about my recent/current reading:

  • I picked up “Silent Spring” (Rachel Carson) this weekend. I’m about 1/2 way through and I’m struck by the familiarity of what she writes with current events, even 40 years on. People who object to eating foods treated with pesticide sprays are not always viewed as “fanatics or cultists” but you wouldn’t have to look hard to find some folks who regard such objections as silly or unfounded.

I wonder just how much has changed. I realize we use fewer herbicides/pesticides (biocides, as Carson calls them) and many of the ones written about are now banned. But I can remember using Chlordane dust, just shaking it out of the bag. I’ve used household foggers, and various consumer products whose labels I never read.

  • I also read “Blink : The Power of Thinking Without Thinking” (Malcolm Gladwell) in about two days. Gladwell’s voice is so seductive and unassuming: one can almost hear his voice as he slowly builds his case through a mixture of fact and anecdote. I found myself wondering how I had survived with what felt like such a limited ability to thin-slice, as he calls the unconscious and intuitive assessments we all make. He finds such extraordinary examples: I find myself wondering how these gifts were distributed through the general population.

reviews I wish I had written

Tom Waits’ 10 most beloved disks and why he loves them.

The Observer | OMM | ‘It’s perfect madness’:
On hearing Nessun Dorma for the first time:

It was like giving a cigar to a five-year old.

On Rant in E Minor by Bill Hicks:

He will correct your vision. His life was cut short by cancer, though he did leave his tools here.

On Trout Mask Replica:

The roughest diamond in the mine, his musical inventions are made of bone and mud. Enter the strange matrix of his mind and lose yours. This is indispensable for the serious listener. An expedition into the centre of the earth, this is the high jump record that’ll never be beat, it’s a merlot reduction sauce. He takes da bait. Dante doing the buck and wing at a Skip James suku jump. Drink once and thirst no more.

And I’ve heard very few of these: his feelings about Nessun Dorma match mine, so perhaps I need to pick up a few of these.

how not to run a hosting provider

Crooked Timber is Down

Our transition to WordPress (204718) radically increased our database usage. Then we got a bit of an uptick in traffic on top of that and our host provider (1538) pulled the plug on us because we were gobbling up a lot of resources that needed to be shared. I have to say I think they were a bit peremptory about it. But in any event it seems we’re going to have to get a dedicated server now. Bit more pricey. Hopefully we’ll turn this around quickly and be back online soon.

Posted March 17, 2005 04:26 PM

You’d think Dreamhost would have a little more clue about capacity planning and the products they support — ie, how much load will this add to our infrastructure? when all the the html pages are parsed as php with 15-20 queries per page, can we handle that? How close are we to the threshold where we have to make some changes? — to avoid something like this. It’s a black-eye for them more than for the CT crew.

Two interesting posts on DRM/iTunes and Apple’s purported malevolence

Eric Rescorla weighs in on the latest attempt to undermine Apple DRM: turns out the restrictions are added on the client side. Simply blocking the insertion of the controlling bits makes the files free of DRM. Look for an update the client (and perhaps the server) Real Soon Now. But the underlying questions is Is it good for you if people crack DRM?

[E]very time Mr. Johansen or someone else figures out how to crack Apple’s DRM, the main effect is to inconvenience Apple and you the consumer. Yes, yes, it demonstrates the futility of software-only DRM against a determined attacker, but so what? We all knew that already. The chance that Apple will respond by removing DRM seems slim. The chance that when they rev the format it will involve new inconvenient restrictions (whether justified for security reasons or not) is high. What’s in it for me again?

UPDATE: Chris Lightfoot argues in the comments that: “By creating an inconvenience every time the DRM is compromised, the attacker creates a disincentive for people to buy from companies which use DRM.”

Absolutely true, but that serves their interests, not yours. The question here is how you should react when you hear that someone has broken Apple’s (or anyone else’s) DRM. What I mostly hear is “Stick it to The Man!”, but I suspect a more rational response would be “Those darn hackers are at it again.”

A way to attack DRM that isn’t pointless:

[T]here’s basically no way for CD copy protection to actually be effective without inconveniencing far more users than the manufacturers would ever be willing to do. Pointing that out to them [as in the SunComm/shiftkey fiasco] is a public service. Forcing Apple to tighten their DRM is not a public service because it’s something that Apple is perfectly willing to do and so the only real effect is to make everyone more miserable.

And yes, I do recognize that this implies that there is a middle ground in which the manufacturers might be able to shift which region they’re in by credibly committing to using DRM no matter what the cost…. Call this the “You’re just making it harder on yourself” defense.

As noted elsewhere, I’ve always been a bit wobbly on this issue. But I am coming around to the idea of making it clear how bad idea an DRM is to its proponents, by raising their costs (either in developing new methods or making their customers question their motives).

killing your own baby

I tried to post some comments to a local weblogger’s site this AM and my comment was rejected:

Crunk

Apparently MT-Blacklist is blocking spam words like “I” and “he.”
Comments broken by questionable content:

Update: Ted told me this is a problem with MT-Blacklist. I won’t have time to resesarch it until tonight.

__________________

I don’t know what has happened in the past two days but it seems now my blog is rejecting comments based on content, any content at all.

Comment Submission Error
Your comment submission failed for the following reasons:

Your comment could not be submitted due to questionable content: he

Please correct the error in the form below, then press Post to post your comment.

I was not aware that this blog had a filter for comment content so I am surprised. Ted is busy preparing for an upcoming conference and neither one of us knows what is wrong.

So in the meantime, two options for feedback are:
1) write it up and post it with a link (create a blog at blogger.com)
2) write it up and send an email to harrowme AT yahoo.com

Sorry for the inconvenience.
Thanks to those who have let me know it was broken and sent comments by email.
Thanks for understanding.

Why does anyone use MT anymore, besides inertia? If it’s not plagued with spam (still an issue in the payware releases, I hear), its performance issues are enough to make high-profile sites (3341)migrate away. Do they — the cuddly bunch at 6A — care at all?

Bah. It’s hard to take them seriously, given how the end-users have fared post investment.