Matt emailed me asking how to do the little photoset thingy I've got in the sidebar. I initially sent him back the code we're using, but it's got a lot of unnecessary stuff in it that serves to merge Catherine and my photosets, sort them, and distinguish them. I took another pass at it this morning and stripped all the unnecessary junk out. I figured that others might find it useful, too, so here you go.

It's not rocket science — this is very simple PHP. It's just that it makes use of a couple of useful third party libraries. You'll have to install those, which can admittedly be a pain in the ass, particularly in the case of PEAR. But it's definitely doable.

• Flickr photoset-listing PHP script

Of course, after doing all of this I remembered that Matt's on blogspot, and consequently is probably unable to install the necessary PEAR libraries (or even use this script). But some borderless IFRAME action should be able to get around that (hacky though it may be). For folks with webhosts of their own, there shouldn't be any problem.

The WMV format's DRM has been cracked. Since various folks have expressed interest in cracking Napster's WMV protections in the past, it seems worth mentioning.

For me, anyway. Farecast now provides airfare predictions for a whole bunch of markets, instead of the handful it had during its testing phase. Of course, the Summer Of Neverending Travel is just about over for me, so I no longer have a huge amount of use for it — I still have an epic, four-consecutive-weekend death march ahead of me, but all the ticket-buying is done. But I imagine this might be useful for travel in the future. Assuming that I survive.

This poll would be slightly harder to manipulate than the last one, because it sends you an email with a link that has to be followed in order to confirm your vote.

But it's still beatable. Register a domain — say, theatermail.net — and put up a front page explaining that it's an invite-only mail portal. Set all incoming mail at that domain to be forwarded to a script that scrapes the message for URLs and does a simple GET on any it finds. Then rewrite the script from the last entry to fill out the form, randomly generating emails @theatermail.net (or whatever). Bang! Votes cast and automatically confirmed. If anyone started digging it'd look suspicious as hell, but odds are kind of low that they would.

But I won't actually be doing that this time, I don't think (drunk talk notwithstanding). This is a little more serious than the last poll, and the folks involved deserve a legitimate victory. So I'll just encourage you to head over to WUSA's site and vote for Rorschach.

Any interested developers who've found themselves wanting to match users with their congressman — while simultaneously not wanting to pay hundreds of dollars to do so — should head over to the EchoDitto blog, where I just opensourced a database scraped from the house.gov servers.

I'll be interested to see if we get any C&D letters. There aren't any terms of use attached to the house.gov DB, so far as I know. And, in general, the materials produced by congress aren't able to be copyrighted. However, it seems possible to me that house.gov actually got their data from another vendor (who in turn produced it by chewing through the monstrously big and freely available census tract databases). So it may just be a database licensed by house.gov that they aren't able to give away.

Here's where it gets tricky: my understanding is that, in the US, you can copyright a database in its entirety, or the content of a database, but not individual facts contained in a database. For example, a database containing a collection of poems and their authors' names could be copyrighted as a whole, and the poems themselves could also be protected by copyright. But if you learn from the database that author A wrote poem B, you can freely redistribute that factual information.

In this case there's nothing within the database that can be copyrighted — it's just district numbers, zip codes and state names. And I'm not grabbing the database in its entirety. Instead, I have a specific list of zipcodes, freely obtained from a third party, that I then gather information on from the congressional database, one at a time. I've taken a subset of the database — a collection of uncopyrightable facts — rather than the entire thing.

So, to summarize: I don't think I'll be sued. But we'll see. Also: intellectual property law in this country is seriously fucked up. But then, you already knew that.

People occasionally ask me how my DCist SMS thingy is going. Usually, I have to say that I have no idea. My early configuration options weren't quite right, which would lead to unresponsiveness every few days. So most of what little time I had to spend on the service was used debugging it. I think it's finally stable — at least, I haven't had to restart the scripts or reboot the phone in a week or two. And I've got a monitoring system in place to tell me when things really go to hell.

But I'd never spent any time going over the stats that the system has dutifully collected. Charles has been telling me that the little light signifying an incoming message has been going off more often (it's over by the TV), so I thought I'd have a look. The short version: it gets between two and three hundred requests per week, made by a little under a hundred users. I haven't yet crunched the numbers (it'd be a nasty SQL query), but I imagine that those are mostly the same folks, week to week. It's not really being publicized anymore, after all.

I can't decide if I'd like LastCall to be more popular or not — on the one hand, I put a lot of effort into it and would like to see people get some use out of it. On the other, more users means more stress on the system, more bug reports, and more of my time spent trying to support it. Overall, it seems to be in a place where I can mostly ignore it, and it's occasionally useful to myself and others. I'm pretty happy with that.

MAN has it been busy. I'll spare you the boring details, but things have been a little rough. Working on a project where priorities are largely defined by the sponsoring organization's primary donor and his wife can be tiring. When wealthy Mrs. X asks for the website to be rose-scented, and intermediary Y decides he'd better hop to it or risk the collapse of the entire enterprise, humble web programmer Z has some long nights ahead of him.

But, with a minor milestone accomplished, I can return to the lovely internet for a little bit before attending to Crushingly Urgent Project #2 in a few hours. There's been a lot of good stuff that I've missed:

1. DCeiver's analysis of the Post Best Bets is predictably excellent. But I do have to give the GoGs credit for making their own picks. The merit of those selections aside (they seem fine), it's a shrewd move to point out the stupidity of WaPo poll participants before the rest of the internet can snarkily associate your paper with the Cheesecake Factory. I hereby suggest "blogproofing" as the technical term. Expect an RFC from the W3C shortly.
2. You might remember that AOL stupidly released a bunch of search data last week. It included the search query, the date, and a unique identifying number corresponding to the user who made the search. By tieing search queries together by those numbers, some users could be identified. The New York Times managed to positively identify an individual pretty quickly. But the real fun is coming now, as other organizations pore over the data to expose just what kind of creepy weirdos populate the internet. Something Awful has a pretty great collection of examples (text, but still probably NSFW).
3. George Allen got into trouble! This is fantastic, and not just because he appears to be a racist asshole who needs to be kept off the national stage. No, it's much more urgent than that: if his presidential ambitions aren't ended by these sorts of public displays of awfulness, I'd have to see Virginia political expert and UVA professor Larry Sab/ato on television for an entire electoral race. I'll do whatever it takes to prevent that grim, dystopian future from coming about.
4. Now for some geeky tech complaining: how did this make it to TUAW? For those who aren't interested enough to follow the link, it's a means of stripping iTunes copy protection by embedding an AAC file purchased from the iTunes Music Store into an iMovie project. You can then get it decompressed to an AIFF (like a WAV, but on the mac), which can be recompressed into a copy-protection-free MP3.

   But you can only do one song at a time. And because you're recompressing, it's a lossy process. In other words, this is a really stupid, inefficient way to remove DRM from ITMS songs. I haven't checked in on the HYMN Project recently, but if I wanted to un-DRM a bunch of songs, that's where I'd start. And if that no longer works, I'd see about writing an Applescript that methodically moves through an iTunes playlist, playing songs, capturing the output via Soundflower, then compressing to MP3. You could even have it automatically use the existing song metadata in the ID3 and filename. Alternately, you might look into burning to a virtual CD-ROM, which you could then rip (I'm not sure how feasible this is in OS X, but it's certainly doable in Windows).

   So the iMovie method: stupid. Don't bring that weak-ass shit in here, TUAW. That's right, I said it.

5. This hack walkthrough was linked off of the Slashdot frontpage. But it doesn't make any goddamn sense. If I understand correctly, step 1 is to fool the user into trying to log into the target website, except on your own server. This is called phishing, and it's not very complex — it's just tricking people.

   But instead of simply capturing the login and password before sending the user along, the author embeds some Javascript that eventually shows up on the target site (when the user's login request is sent in, via the phishing server). That Javascript sends the cookie that maintains the user's session back to the phishing computer, allowing the author to hop onto the user's session.

   The thing is, by that point he already has the user's login and password. He can make new session cookies whenever he wants — the cross-site-scripting stuff is completely and utterly pointless. Worse that pointless, it's stupid, since session cookies generally expire much faster than login credentials.

   From there he goes on to pwnz0rz the website, thanks to some security lapses that one would only find in high school CS classes. It's all kind of ludicrous. I'd really like to see an XSS attack example that does something useful. And hey, maybe I'm missing something here. But as far as I can tell, this article is kind of like writing up "How To Rob A Bank", with step 1 defined as "assume the security system is off and all the doors are unlocked."

if the house burns down, you should know who to blame.

i need a mac tout de suite.

Via Begging To Differ, this strikes me as a pretty encouraging development. A federal judge has held that fantasy sports leagues don't have to pay licensing fees to the sports monopolies (Major League Baseball, in this case) in order to use the names and statistics of players.

That's all good and correct. Fantasy sports aren't the most important front in the intellectual property wars, but the general trend of restricting others' ability to describe reality — patenting genes comes to mind — is a nasty one that we've been headed down for a while.

Of course, the really important implications of this decision relate to videogames (as does anything of import). You might remember that EA has been buying exclusive deals with the various sports leagues, freezing out any potential competition. Well, the leagues' official imprimaturs and team names will still be protected as trademarks. But now a non-lawsuit-averse company could create a game with all the players from your favorite teams, but call the teams something different. Variations on this have been done before; this would seem to make it safer.

The flip side is that the decision undercuts individual players' bargaining positions. It seems that we'll never have another NBA Jam style-situation: that game famously features Scottie Pippen as its best player because the game producers couldn't or wouldn't meet Michael Jordan's licensing demands (every other player's likeness was licensed under a blanket agreement with the NBA, I believe).

On a sadder note, this decision also seems likely to allow the NCAA to abuse their student athletes even further. If I remember correctly*, the NCAA Football videogame franchise only assigns numbers to players, not names — if they did the latter, they'd actually have to pay some money to the athletes. And that would be terrible. Now that likenesses, names and stats aren't protected, it appears that nothing is stopping them.

I'm sure there are mountains of law related to personal endorsements that I'm not aware of. But I'd expect that a fantasy baseball league and a football videogame are fairly similar enterprises in the eyes of the law. If that's true, it just got a lot cheaper to produce both.

* this may have changed — it's been years since I played an NCAA videogame

Here's an opportunity to get in on all this consumer electronics modification that I'm perpetually going on about. Say you're an AT&T cable subscriber. You've got a bunch of set top boxes, but only one works as a DVR, due to a nonsensical policy of AT&T's.

What to do? Plug in the hard drives on the others. That's it.

It kind of boggles the mind. Major points to the DVR engineers for the outstanding degree of contempt that they showed to their foolish corporate masters by choosing this method of crippling their hardware.

It turns out that anonymously rigging a frivolous online poll is pretty easy.

1. Install Tor
2. Install Privoxy
3. Use a script like this one:

   #!/usr/bin/perl

   use WWW::Mechanize;

   my $url = 'http://some/survey/';
   my $desired_number_of_votes = 100;

   my $mech = WWW::Mechanize->new();
   $mech->proxy(['http', 'ftp'], 'http://127.0.0.1:8118/');

   for(my $i=0;$i<$desired_number_of_votes;$i++)
   {

   $mech->get( $url );
   $mech->submit_form(

   form_number => 0,
   fields => {

   form_field_to_set => 'value_to_set_it_to'

   }

   );

   }
   

If you wanted to get serious about it, you'd probably want to put in some logic to make the script's behavior on the remote site look a little more normal: adjust the browser string it reports, put in some believable referring URLs, add a sleep entry between requests, have it click around the target site at random, and perhaps run a few instances of the script in parallel. But none of that stuff is too difficult, and for a poorly-secured poll (as this one would have to be — there aren't that many Tor exit nodes to provide varying IPs), much of it would probably be unnecessary.

Actually, it turns out that the hardest part about this whole process is remembering what day voting ends. And on that note: fuck.

Alright. It turns out that this is actually somewhat boring. BUT! I was determined to fix it, capture it, and put it on the internet. So I'm going to, goddammit. Behold, the custom XBMC theme I put together for the company Xbox:

A combination of stupidly quick scrolling on my part and camera refresh frequency problems makes it a bit tough to see the logos I put over the default skin — you'll just have to take my word for the fact that they're there (and mind-blowingly awesome, of course).

More important is the fundamental softmod functionality, which allows emulators, homebrew games and the excellent XBMC media player to be installed. And installing it is considerably easier than putting in a modchip. You have to resolve yourself to never using Xbox Live, but you don't have to open the Xbox or do any difficult soldering.

The method, in a nutshell:

Sorry for the light tech content recently. I've got a bunch of stuff brewing that I just haven't finished yet, as you may have seen from the two Flickr shots I just uploaded.

For one thing, I did a custom EchoDitto theme for the softmodded xbox I brought to the new office. For another, I'm trying to muddle through some circuit design in order to give our wall-mounted cattle skull some darkness-activated glowing red eyes. And I'm speccing out a custom-fabbed laser-cut sign for the new space. And there's been some talk of setting up a webcam running Motion that'll send everyone a snapshot Growl notification whenever someone gets off the elevator and wanders into our office. Somewhere in there we should probably get the VoIP phones working properly, too.

As you can see, EchoDitto is pretty deeply in the throes of Extreme Home Makeover: Geek Edition. Whenever something actually gets accomplished, you can be sure I'll document it.

Oh yeah, I also have a mostly-finished post explaining the setup for the LastCall SMS service. If anyone's dying to read a bunch of config files, let me know and I'll try to finish that one up quickly.

this is awesome. sorry if it's been all over the internet already.

Oh Jesus. So I've had a little trouble with certain folks from New York who handle the tech administration for a certain regional blog (site A) that I do some tech things for. And tonight I learn that at least some of these NY tech staffers are also affiliated with a public transport arrival time SMS service (site B) that invaded site A's comment section after I declined to cover site B, given that my own site A-branded public transport SMS service was about to debut. I chased their apparent spamminess out of site A's comment section with some testy replies.

Man. This kind of explains a lot of the intransigence I've experienced from the NYC gang. And it's kind of a pain in the ass. What a tangled web we weave, when first we write some PHP.

I've been holed up in the apartment coding an Awesome Science Project all weekend, so I'm a bit too exhausted to try this out at the moment — but I just got an email indicating that Mozes has just announced developer support for their text-messaging product.

If you don't remember Mozes' debut, I don't blame you. Basically, they've bought an SMS short code — one of those nifty five-digit phone numbers that you can text things to (instead of using a cumbersome ten digit code like some services I know). You go to their website, register for a keyword that's unique to you, and then... uh... things happen. Maybe. When other folks SMS your keyword to Mozes, they get your contact info. And you can store song titles and stuff. It doesn't make much sense to me, to be honest.

But! Although I don't see the appeal of their SMS-based note-taking functionality, I think the newly-announced developer access is a big, big deal. So far as I can tell, it lets you hook a script up to your Mozes keyword. So you can host a service elsewhere on the web and get free SMS service via Mozes. This is a fairly cool thing to get for free — shortcodes cost $2k to set up, then $1k/month after that — and that's before the charge you have to pay for every SMS you send or receive. Having your users specify your keyword for every query might be a pain, but for simple apps this could be a great way for developers to get SMS capabilities without having to find funding first.

Of course, if you start to make money off of the service you can bet that Mozes will shut you down pretty quickly. Hell, if Mozes starts to make money off of reselling their short code, I imagine the telcos will shut them down pretty quickly.

But it's a neat service, and a step in the right direction. Mobile services are a pretty closed set of systems right now. But that can't last. This stuff is going to continue to get more accessible to the common geek, I think.

Controversy! So, This American Life, the astoundingly good public radio show, finally got around to ditching the irredeemable RealAudio format for its online offerings and put everything up as mp3s. Geeks, doing what they do, immediately created podcast feeds out of this newfound bounty. Then the trouble began.

TAL seems to be run by nice and generous folks, but they sell their episodes through iTunes and Audible.com. They also give royalties to their contributors and the folks they license music from (they have good taste in music). These entanglements mean that they can't endorse the free downloading of permanent copies of their shows — although they seem to be okay with old episodes being streamed off of their website (they wrapped the new mp3s in m3u playlist files; for the non-tech-savvy, this would conceal the downloadability of the underlying mp3s and appear to be a stream-based offering).

TAL has begun contacting the folks who put up the podcast feeds and politely asking them to take their feeds down. The feed maintainers have all complied, so far as I know. But folks aren't uniformly happy about this, or convinced that TAL is unambiguously in the right. BoingBoing has been operating a clearinghouse for the resulting discussion. See here, here, here and here. Folks seem to be backing off due to their fondness for the show, but the copyfighting contingent isn't particularly happy.

That sums up my position pretty well, too. I'm conflicted about this. I love This American Life and I want it to survive. And, after reading this glowing profile, I'm pretty much ready to pledge my undying allegiance to Ira Glass.

On the other hand, I don't really believe in the idea that content producers have a right to restrict how their work is consumed after it's been given away in one format. Consumers shouldn't be begrudged the right to time-shift programming and consume it as they see fit. That's the underlying idea behind DRM, and it'll produce an incredibly irritating system for interacting with our culture if it's allowed to take hold.

So what to do? Compromise — and be discreet. The dopes who submitted their homebrew TAL feed to the iTunes Music Store had precisely the wrong idea. If TAL doesn't want other folks to decide their distribution system on their behalf, I suppose that's fine. So long as they don't bother those of us who quietly make use of technology to more easily enjoy their show, everyone should be happy. I'll admit that it's not a very democratic solution, but it seems like the best one available at the moment.

And on that note, if you happen to have a web hosting account available to you that can run PHP scripts, you might be interested in the one I whipped up this afternoon (you'll probably want to secure it from prying eyes). Also: shhh!

BTD, Unfogged, Kriston — all have been having trouble with their Movable Type 3.2 installations. The culprit in all cases seems to be an overabundance of comments and trackbacks in the junk folders — for some reason these continue to be indexed as part of day-to-day MT operations. Eventually the load gets too large, scripts start timing out, and shared hosting providers shut you down for consuming too many resources. Maybe it's just a coincidence, but I'm not convinced — assuming a constant level of spam, these breakdowns have all occurred very close to one another. It looks to me like an inevitable shortcoming of MT 3.2 is surfacing.

From what I hear, SixApart hasn't been very helpful — despite these folks owning licenses. I'm sure this new Vox thing is going to be very cool, but they probably ought to spend some time fixing their existing flagship product, too. It seems to be breaking in a fairly serious way.

For those MT users who haven't crashed yet, all I can suggest is that you delete everything from your junk comment and trackback folders. That hasn't been a cure-all for everybody, but it can't hurt.

UPDATE: Check out the comments for more detail from Becks on the problems Unfogged ran into. Spawning lots of individual Perl processes isn't necessarily a bad thing (or avoidable, given MT's overall architecture), but the scripts clearly need to be made lower-impact — at least until the submission is definitively identified as non-junk (at which point resource consumption can be escalated).

Meanwhile, WordPress, MT's chief rival, continues to not-quite-intrigue me. I like that it's in PHP and that it's open source. But it's not capable of handling load in its default configuration, and it's been built with a nasty coding approach that, while intended to make template designers' lives easier, mostly just infuriates me with its quirkiness, opacity and illogical nature.

Gizmodo has a hands-on with the Sidekick 3, which apparently will be unleashed on T-Mobile customers in 8 days. Perhaps it's just the Gizmodo reviewer's lack of familiarity with the SK platform at work, but I find this piece somewhat discouraging. Yes, there's Bluetooth, an audio player and a slightly better camera, but large parts of this review read exactly like the author is talking about the Sidekick 2:

Little notifier icons in the top right corner inform you when you have a message in IM, mail, or SMS/MMS. Messages appear in a little bubble for a moment before disappearing, so you can assess the value of emails and messages before reading. There is an airplane mode that turns off the wireless and basically lets you browse your mail like a madman but little else.

The trackball is a real winner. It lights up with all the colors of the rainbow—actually about 10...

The battery lasted one full day....

Voice quality was fine and reception as about as good as can be expected. One pet peeve—it would lose its GPRS connection and only a full reboot would get it back...

Ah well. I think the GPRS speeds have been bumped up, too. If that's the case, it's probably enough of a reason to upgrade (the Bluetooth is the main attraction for me). Still, I was hoping for better battery life... maybe even... GPS? I know, I know, I'm asking too much.

Trend prediction! I think that the next skill that IT recruiters are going to be looking for without knowing why is knowledge of KML. It's really just a simple XML format that lets you keep track of geographical locations. Check out that Wikipedia link — KML's not rocket science, but it seems like it's suddenly showing up all over the place.

Maybe it's just my perception of it. Irongeek put together a KML-based hack a while ago allowing a database of unsecured wifi access points to be mapped into Google Earth, but I just saw it today. But there are other, more timely signs: cheap GPS loggers like this one and this one seem to be popping up very quickly. And Mologogo appears to have only gotten KML support in January. I'd say we're hovering near buzzword-dom.

There are plenty of other ways to store geographic data, but Google Earth seems to have tipped the hobbyist balance in favor of KML. Everybody says that location-based stuff is going to hit big in the next year or so. Seems like KML is going to be the format of choice for powering it.

That is all!

Also, I swear, entertaining blogging to resume soon. I'm brainstorming, people.

Because I've been working pretty hard this week, and because my plate of things that have to get done right away turned out to be relatively small today, I decided to treat myself to a little recreational nerdery this afternoon. Sadly, it wasn't successful. But I'm posting anyway in order to help the nerds of the future.

See, I really, really hate that MySpace doesn't let you link directly to songs. Not necessarily the raw MP3 (though my hardline copyfighting inclincations say they should), but at least to the band page with something in the URL that tells it: "Play this particular song. Don't just randomly select one of the other, crappier ones in the featured playlist. I want to send this to my friends, goddammit."

So I fired up Ethereal and the Firefox LiveHTTPHeaders plugin and started looking at the conversation that happens between your computer and MySpace when you click on a song in their Flash audio player.

First things: an XML file comes back, specifying the playlist. It's called mediaxmlprovider.xml, and it's served by a fairly easy-to-find URL (which has to be passed some of the random codes specified in the HTML of the band's page — I didn't bother to confirm this, but it seems pretty likely). The contents of the file look like this:

<?xml version="1.0" encoding="iso-8859-1"?>
<profile>
<timestamp><![CDATA[1150454435]]></timestamp>
<name><![CDATA[regina spektor]]></name>
<playstoday><![CDATA[33341]]></playstoday>
<downloadedtoday><![CDATA[0]]></downloadedtoday>
<totalplays><![CDATA[1811136]]></totalplays>
<autoplay><![CDATA[0]]></autoplay>
<allowadd><![CDATA[1]]></allowadd>
<playlist><song bsid="7548074" title="Fidelity" songid="0" plays="685573" comments="" rate="" downloadable=""
imagename="http://c.myspace.com/BandSongs/48/41/3071484/bs7548074_m.jpg" imagedesc="Begin To Hope<br>2006 Sire Records" filename="48/41/3071484/3071484_c4b21abc.mp3" url="http://home.myspace.com/Services/Media/mediaHitCounter.ashx?i=MIGdB
gorBgEEAYI3WAOuoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwICAMAE
CNxa3NiUig5fBBBBZNK8fzHa3nXq%2fQXZNaSJBFClWYkcVz5a2X%2bUe5yft5iC9Cn
mboEQKrW%2fPBrUqXlO7VwTgCxy%2bptjwvoaQsx2O4AAqXzpF63IosE0kZY0bsZ
k1XznxMS9l8rzeTgwz14T9w%3d%3d" lyrics="" purl=""/><song bsid="7494789" title="Better" songid="0" plays="358965" comments="" rate="" downloadable=""
imagename="http://c.myspace.com/BandSongs/48/41/3071484/bs7494789_m.jpg" imagedesc="Begin To Hope<br>2006 Sire Records" filename="48/41/3071484/3071484_141017ab.mp3" url="http://home.myspace.com/Services/Media/mediaHitCounter.ashx?i=
MIGdBgorBgEEAYI3WAOuoIGOMIGLBgorBgEEAYI3WAMBoH0wewIDAgABAgJmAwIC
AMAECLuj4EHcSIfyBBD5z%2fO%2bh8P26LaTqDiG07JMBFBq5PV2kJDM%2b07hGBsp
xCmC3nxdreIiWFPw4nt3onOecM5NqoOaEjWPyNYCOvCD8X77svdho%2bSmW7Ok
a9F67YoFS10RfyZ0UADznDzj6ZJelg%3d%3d" lyrics="" purl=""/><song bsid="67359" title="Us" songid="42627" plays="336564" comments="42627" rate="42627" downloadable=""
imagename="http://c.myspace.com/BandSongs/48/41/3071484/bs373400284_m.jpg" imagedesc="Soviet Kitsch<br>2004 Sire Records" filename="48/41/3071484/3071484_e2b7a709.mp3" url="http://home.myspace.com/Services/Media/mediaHitCounter.ashx?i=MIGVBgor
BgEEAYI3WAOuoIGGMIGDBgorBgEEAYI3WAMBoHUwcwIDAgABAgJmAwICAMAECFG4n
aZwuIbOBBDLD%2flDSGXRFNcjgKaiVaXWBEjwVg5Sd1IoyLFpHt%2fb85q41kwbAwufnVR
CexWU%2fziYdY66mVw7vIGNx37awMxokOQ%2foEtupSdopInRyczeNZCRfb3wI4G1VIM%3d" lyrics="" purl=""/><song bsid="67063" title="Ghost of Corporate Future" songid="42522" plays="387912" comments="42522" rate="42522" downloadable=""
imagename="http://c.myspace.com/BandSongs/48/41/3071484/bs356236944_m.jpg" imagedesc="Soviet Kitsch<br>2004 Sire Records" filename="48/41/3071484/3071484_8fcdc23f.mp3" url="http://home.myspace.com/Services/Media/mediaHitCounter.ashx?i=MIGVBgor
BgEEAYI3WAOuoIGGMIGDBgorBgEEAYI3WAMBoHUwcwIDAgABAgJmAwICAMAECPTQc
TjZI5BPBBDldE4GvP%2bEfHTN%2bZP%2fyPupBEhHCQ6QrxvOGCaM5nRpJPRJO35ivJEb
6%2f%2fTVNDzWOPiZj04wesbPi6WP9jUubZFoXdQ7UIW92EqnCvEOnYM9c1Mqfdoyzy4
ZZ0%3d" lyrics="" purl=""/>
</playlist>
</profile>

Those yellow parts look pretty promising. In fact, it seemed like this might be susceptible to a variation on this method (which has since become outdated). But those mp3 filenames are relative URLs, not absolute, and I got 404s when I tried them against any of the likeliest domains & paths.

It's possible that URLs like http://c.myspace.com/BandSongs/48/41/3071484/3071484_8fcdc23f.mp3 were just being clever, noticing my lack of a myspace.com HTTP referer, and lying to me about the file's presence. But I don't think so: I went to the page of a random band that offers downloads and found that the URLs used to obtain the mp3 look like this:

http://mp3download.myspace.com/index.cfm?fuseaction=bandprofile.downloadSong&bsid=11466&song_name=Its Dange&fid=1943559

There's no redirect or anything like that going on here. It looks like they've set up a dedicated mp3 gateway that serves the song out of a non-public part of their filesystem. This lets them lock things down as tightly as they care to — ie, they can check against the database to see if a song is genuinely supposed to be downloadable before sending it out. Nuts.

Of course, the Flash player still has to get the audio somehow. But I don't know enough about Flash to figure out how that happens. If I had to guess I'd say that it might use a proprietary (and secure) Flash streaming audio solution. It's still possible to grab the audio to an mp3 — until we get trusted computing forced on us, it'll always be possible — but for purposes of linking directly to mp3s, there isn't a lot of remaining promise here. Not that I can see, anyway.

Ah well. Perhaps a cleverer geek will pick up the mantle and figure out how to make MySpace mp3bloggable. Or perhaps MySpace will eventually remove its head from its ass and allow incoming links to specify particular songs. Till then I'll maintain the attitude of apathy and gradually-spreading terror that I'd been directing at the site up until this point.

neat to think about - can you believe that just five years ago iPods and social networking sites amongst other ever-present tech and media things weren't part of our day-to-day lives? five years from now, "which products, used by few today, will be essential?"

Unsigned editorials are terrible. I realize that I should be getting into the habit of dutifully reading the ones on offer from the Post and Times so that, during the dinnerparties of the future, I can cluck my tongue insightfully over the latest institutional outrage (in between lighter conversational fare, e.g. "Preschools Are So Expensive Now" and "We Think The Maid Is Stealing From Us").

But I just can't do it. They're like particularly badly-written blog posts, except without a name to offer accountability or references to back up their bizarre arguments-by-fiat. If newspaper editors had any brains they'd ditch the unsigned editorials (and political endorsements) immediately, before people start laughing in their faces in social settings. But I suppose they're too focused on fomenting the next war (how'd that last one work out for you guys, by the way?).

Today's an exception, though, because the Post's anti-net neutrality editorial is so staggeringly dumb that it deserves to be reprinted everywhere — to ring throughout the online universe as an emphatic testament to the fact that Writing, Editing, and Not Being A Total Fucking Idiot are three distinct disciplines.

It appears that Cox Cable is throttling access to Craigslist — presumably because Cox offers its own classified ad service. Via Dave Winer.

Between the LASIK and my generally geeky ways, my friends give me a lot of shit about my potential for becoming a post-human abomination. Digital-themed tattoo? I've thought about it, but probably not. RFID chip? Maybe in a few years. Intracranial bluetooth headset? Eh, I'll wait until I start seeing them in rap videos. I'm not actually all that anxious to modify my body in permanent ways.

But this... Oh man. I want this. The ability to feel electromagnetic fields, people. To tell when a wire is live, or a hard drive is being read, or a transmitter is on, or if a surface is ferrous. It's just a little too cool. Make it safe, then sign me up. Sorry, humanity.

I wrote about the GNU Radio project a long time ago, but my efforts were probably fairly incomprehensible . Today Wired has an excellent story that profiles the project, explains why it's so cool — and does so in more lucid terms.

The signal processing applications that are opened by this project are truly mind-boggling. The linked article mentions that some folks are already using it to track which department store window displays are the most popular by triangulating the cellular keepalive signals emitted by shoppers' cell phones. That's just astoundingly awesome.

Some of you might remember me asking for career advice a while back. I ended up deciding to take the new job, then blogged the first day. Then everyone at work discovered this site (using their strange internet powers), and, aside from some generalities, I haven't mentioned it.

Well, let me fill you in. It's been about six months, I think. People use the phrase "it was the best decision I ever made" to describe getting a hair transplant, or buying a boat, or ordering a Cobb salad. So I'd like to avoid joining their idiomatic ranks, but I can't. It just seems so obvious. These are the smartest, coolest, funniest, most talented people I've ever worked with, and the job itself is interesting, varied and rewarding. I look forward to work every day. Okay, every non-hungover day.

The reason for my gushing: we're hiring. If you're geeky, really smart and interested in working in the non-evil sector, you should think about applying. You'd like it. Seriously.

Prompted by a WSJ article, Bunnie, the man most frequently credited with cracking the copy protection on the original Xbox, lets us in on the work he's doing on the Xbox 360. The recent exploit that allows DVD dual layer backups of commercial games came thanks to the other star of the WSJ article — a guy named TheSpecialist (he didn't release his work, but it was replicated). Bunnie's been mostly quiet about the XB360, implying at times that he wasn't planning to really get his hands dirty with it.

Well, that didn't last. Exposing a chip's silicon and extracting the cryptographic keys hardcoded on it = BAD ASS.

I was talking about Google with Matt last night — more specifically, when they'll fall from grace. He thinks it might be a while, and considers the period when the Gmail Generation begins running for office a likely date for the turn, what with all the secrets that have been entrusted to them.

Personally, I think it'll be much sooner. The cracks in the facade are showing: Google Pages is a bust; Orkut is mostly a bust; Google Talk is mostly a bust; and I'm deeply dubious about Google Base ever turning into anything. Amazon S3 seems to have beaten GDrive to market. We'll see if they ever do a web-based office suite replacement, I suppose — their Writely acquisition is suggestive, but I have doubts about them being able to pull off a really compelling Word replacement in the browser.

There are plenty of failures that I'm forgetting, too. Google fans generally defend this hit-or-miss history by saying the company throws stuff at the wall and sees what sticks. But now they're having trouble with their core offering, too: from what I'm reading, their search difficulties extend beyond the Sitemaps problems I've been having. The "site:" operator hasn't been working correctly, and the debut of a new crawler codenamed "Big Daddy" has been wreaking havoc with folks' PageRanks.

The trouble in search-land seems like big news. If they can't keep a handle on the cornerstone of their business, the company will stop looking quite so much an eclectic whiz kid and begin appearing a bit more like an ADD-addled savant. Now that they're public, a loss in confidence could send their suspiciously dot-commie culture and strategy spiralling off into unpleasant places.

Or maybe I'm just feeling pissy because Gmail has been screwing up all day. Either way, I'm souring on GOOG.

A small victory, it's true. But I had to fight long & hard with Windows XP to get this far. The Mac has a nasty habit of quickly hanging up the connection when the Airport is simultaneously on. I think that's because OS X is clever and tries to save you modem charges when you have cheap wifi. Let's hope it's really clever and doesn't extend this policy to when you're sharing your modem connection over an ad-hoc wifi network.

I'm heading to the beach this Memorial Day weekend, and I'm intent on bringing the internet along with me. Last year I still had a fly-by-night dialup ISP that only charged you in months when you used the service. That business model has since run its course, and I'm casting about for another way to ensure connectivity. Needless to say, the alternative is too horrible to contemplate.

So I stopped by the Ver/iz/on store on my way home and signed up for EVDO service. By the numbers: $80/month, $150 for the PC5740 card and — most importantly — 14 days to return it all. I'll still get charged a prorated fee for the service I use, so it's not totally shady. Just mostly.

There's one complication, though: the card doesn't work with Macs. Well, okay, it sort of does: I've already gone through these instructions, but they mean it when they say the account has to be activated on a PC. Sadly, Charles' laptop isn't up to the task (it's always been flaky about PCMCIA cards, and refuses to recognize this one). But we have one sort-of-working PC laptop at work, and a number of EVDO cardholders who've successfully gotten their Powerbooks working with the nominally PC-only technology. So spirits remain high.

Remember when I was singing the praises of Google Sitemaps, only to quickly reconsider? Well, I'm moving from "reconsidering" to "being kind of pissed off".

For those who don't know, the idea behind the sitemap is to give Google a specially formatted file that says "here's where my content is, here's when it was updated, and here's how important each piece of it is relative to the rest". It's supposed to make the Googlebot that crawls your site work more efficiently, and give you better results. Personally, I'm sick of having old-style URLs (e.g. 001234.php) showing up for our site.

But so far the sitemap hasn't managed to do anything except banish every included URL from Google's systems entirely. Which is pretty much exactly the opposite of what it's supposed to do. I posted the following message to the Sitemaps Google Group; I'll let you know if I hear anything back.

I hope someone can help me figure out what's going on. Last week I submitted a sitemap for my blog (http://www.zunta.org/sitemap.xml). Everything seems to be working properly according to my Google Sitemaps account dashboard.

However, since submitting the sitemap every page that is in it has been excluded from the index, including many that I know used to have relatively good pageranks. I know that there have been some recent hiccups with the site: operator, but this applies to other queries as well. I wrote an SSH tutorial with the word "sshirking" in its title a while ago that got a number of links and attained a high pagerank for the unusual word "sshirking". The proper permalinked URLs used to be among the top hits; now they can't be found anywhere in the index (as proven by entering the full url as a query, e.g. http://www.zunta.org/blog/archives/2005/08/30/sshirking_work_1/index.php).

What's more, the old version of these pages -- before I changed permalink naming styles -- are still in the index. http://www.zunta.org/blog/archives/004498.php was the original URL of the above link (it now redirects to the proper URL). Only this second, less descriptive URL (which is NOT in the sitemap) is still in Google's index. It's only the files included in the sitemap that have been dropped from the index.
I tried deleting and resubmitting the map, and have patiently waited since May 18 for a new crawl to include the results. Nothing so far.

Can anyone tell me what's going on? Right now it seems that having a sitemap achieves nothing other than nuking your results from the index entirely.