Tag Archives: hacking

False positives, false negatives

You’ve probably already read the news about Microsoft’s broken anti-piracy system breaking down completely over the last weekend. This caused an unknown, but presumably large, number of legitimate copies of Windows to be marked as pirated.

This video, however, shows an Ubuntu Linux computer running Wine, a Windows emulator, and IE 6 from ies4linux, running the same anti-piracy validation software. And the punchline? The validation succeeded; Microsoft’s program marked the computer as legitimate.

Of course, everything happening in this video is legitimate; Wine is a totally legal reverse-engineering of the Windows system libraries, and ies4linux works by downloading all the necessary, freely available parts of IE 6 from Microsoft and installing them. All legal, assuming you own a copy of Windows. But wouldn’t you expect that the anti-piracy tool from one of the biggest software companies in the world would notice that it was being run on what is effectively a different operating system?

(URL) Hacking Facebook

I got a Facebook invite from someone I haven’t seen in years. Awesome! Unfortunately, my long-lost friend used a very old email of mine. This is to be expected; I haven’t seen or corresponded with him in years. Facebook wanted me to sign up using this jurassic email in order to accept the invitation.

I tried logging in to Facebook and looking at the invitation again. No luck. Viewing the invitation while logged in silently failed, sending me to the Facebook home screen, with no error message.

Next, I tried searching for my friend on Facebook. Armed with his first and last name, and his email, I found that there was no way whatsoever to find him. I don’t use any of the popular web-mail programs or email clients that Facebook can import from, because I’m a hella old-school motherfucker.

My options now seem to be limited: spend the time to write a program to create a fake exported address book in one of the formats that Facebook accepts, or download and install a converter, like abook, in order to invite just one person, or just send my friend an email, explaining that Facebook sucks, and by the way, how the hell have you been?

I’m about to send that email, when I notice the invitation URL:

http://www.facebook.com/p.php?i=XXXXXXXX&k=ZZZZZZZZZZ&r&v=2

That XXXXXXXXX looks suspiciously like a user id. So, I copy the id onto the facebook user profile URL:

http://www.facebook.com/profile.php?id=XXXXXXXXX

Voila! My friend’s profile, complete with a button to add him as a friend on Facebook.

Why is this so hard? What would be wrong with sending me a link to his profile in email, or detecting that I’m already logged in and showing me his profile rather that silently failing when I click on the invitation? Why can’t I just type in his name or his email and add him that way?

Facebook started out focused on the somewhat closed, school-oriented social scene, so the lack of ability to add people outside of preordained networks made some amount of sense, at some point. But they are clearly going for the whole market now, so it’s time to drop the draconian network boundaries entirely. The vast majority of my friends aren’t friends from past universities or previous jobs — they are friends from Real Life. No wonder I only have a paltry three friends on Facebook. Hell, I even have more friends on LinkedIn, and I hate LinkedIn.

What’s that? Facebook hasn’t noticed this problem because their users don’t have real lives? Come on, I’m sure that can’t be true. At least not anymore.

A Codeville user speaks

Fraser Speirs has an informative post about Git which concludes with:

I don’t hear anything about arch, monotone, BitKeeper, codeville, SVK or darcs from anywhere except the nerdiest of SCM nerds.

Git has also been getting attention from Michael Tsai, John Gruber, and Digital Web.

I’m not a SCM nerd. I’ve never used Git, mostly because I’ve never had the time to check it out. But I am a Codeville user, and here are my thoughts about it.

Continue reading

Proposal for labeled break and continue in Python

I’ve created and submitted a new PEP proposing support for labels in Python’s break and continue statements. Georg Brandl has graciously added it to the PEP list as PEP 3136. Yay!

For added weirdness, read the alternative specifications… I came up with a few quite bizarre ways to implement loop-specific break and continue.

Eat your heart out, Google Browser Sync

I’d like to take this opportunity to recommend Glyphobet Browser Sync as an alternative to Google Browser Sync. Here it is:

rsync -av --delete user@remote.host:~/.mozilla/ .mozilla/

Some of the great advantages to Glyphobet Browser Sync include the fact that all your browser settings are transmitted securely over SSH, are password protected by UNiX file ownership and permissions,1 and do not require the presence of a large corporation with a dubious privacy & security track record. Plus Glyphobet Browser Sync takes advantage of industry standard technologies, just like MacOS X.

  1. Not all features available under MS Windows. []

Get out of the way

It’s becoming increasingly obvious that the W3C is stuck in 2001. Shape up. Quick. We don’t need to wait another five years for a grand unified theory of document presentation and mark-up. We need incremental improvements, and we needed them six years ago. If you don’t get with the program quickly, the industry is going to move on (CSS 2.2) without you (HTML 5).