random($foo)

Internet Explorer SuperCookies bypass P3P and cookie controls

There is a significant privacy problem with Internet Explorer because of a design flaw in the Windows Media Player (WMP). Using simple Javascript code on a Web page, a Web site can grab the unique ID number of the Windows Media Player belonging to a Web site visitor. This ID number can then be used just like a cookie by Web sites to track a user’s travels around the Web.

However this ID number becomes a SuperCookie because it can be used by Web sites to bypass all of the new privacy and P3P protections that Microsoft has added to Internet Explorer 6 (IE6). IE6 ships today with all Windows XP systems. SuperCookies also work in all previous versions of Internet Explorer with all older versions of Windows…

But honestly, who’s surprised? At home, I’ve been using Mozilla almost exclusively for just about everything. Blogger I use in IE, but not for long.

Mac OSX tip: drag a PDF into the Desktop Preference panel to make it your background image. It scales. Wee…

An old high school buddy sent me a pretty amusing little clip entitled: why cows hate winter. It’s funny. Laugh!

I was surfing around and spotted this great little gem on a blog called SuperSquish.

See kids? Font choice matters.

Hmm, a rather strange Blogger/Mozilla bug – if you have an ampersand in a Blogger post, and you edit it, it automatically changes the ampersand to the HTML character entity (&). Of course, if you’ve already escaped the character, it becomes “&” and if you post and edit it again, it becomes “&” and ad nauseum.

I’m assuming it’s Blogger automatically sending out ampersands as the character entity for the textarea value, but Mozilla displaying it literally instead of translating it (which it probably should).

From the KernelTrap Alan Cox interview:

JA: You still maintain the stable 2.2 kernel, the most recent release in that series being 2.2.20. In the changelog building up to this release was a controversial tag, “Security fixes. Details censored in accordance with the US DMCA”. What prompted you to censor these fixes? Was it intended as a political statement, or done out of fear of possible prosecution?

Alan Cox: It was simply a matter of following the law and avoiding liability. The fact that American citizens are forbidden by their own government from hearing, or speaking the truth turns itself into a political statement.

It’s an unfortunate situation when the major Linux conference pretty much has to be in Canada because the US will not let some of the attendees even pass through their airspace, and many of the others fear to visit. I just hope that over time things will improve.

At the moment the US, UK and much of the EEC slide slowly toward a police state. Innovation is hard, and innovators are generally buried in courts by established interests. I don’t want to become a citizen of the new soviet union, forbidden from watching DVD’s from the outside world, from burning flags in protest, and risking jail for offending a large company. People have to get involved in fighting such things. If they do not fight, they may well be swimming to Cuba, or serving in restaurants in Mexico City while trying to avoid deportation within thirty years.

I’m working with FIPR (the foundation for information policy research) to do my bit. It’s up to everyone else to do their bits too.

JA: You mention the UK moving toward a police state, as well as the US. Has the UK passed similar laws to the US DMCA, or the proposed SSSCA?

Alan Cox: The UK already has certain anti-convention laws, and the EU is implementing a common set at the moment. In some ways it is a lot saner than the DMCA (eg its a lot more explicit about reverse engineering for compatibility) and it doesn’t seek to censor people in quite the same way. Nevertheless it has many of the same effects as the DMCA such as getting people arrested for helping the disabled read e-books.

Could Sklyarov have happened in the UK. I think the answer is yes but as a civil case. Regardless of what the law says large companies can always play the system against the little guy.

Damn the electric fence. One of my hard drives is having conniptions. I don’t think it’s an actual drive/head problem; it seems to be spinning up, but I may have to break out the old-skool kung-foo.

Interesting, it looks like GoLive 6 is teaming up w/ Zend to integrate Zend Debugger w/ GoLive. That along with some of the othe other neat features, like: SVG/PDF site diagramming tools, DTD-profiled and Accessibility syntax checkers seem pretty interesting. Maybe Adobe finally plan on actually competing with Macromedia…. although I never got into Dreamweaver or any of those ‘WYSYWIG’ web tools anyway.

I have some longer thoughts on various web-related topics but since I’m not going to get around to finishing those tonight, here are some more videos.

• craig_david.rm – Yeah, it’s Real Media, it’s evil, blah blah blah. But it’s a cool clip. Young Craig giving props to Hairy B and the boys w/ a little One/Walking Away medley (not a long stretch by any means).
• dennis – A decent little freestyle clip which has a few pretty cool moves and some nice flow. More videos at Shaddup and Dance, an online dance community.
• Mr. Wiggles – A clip of Mr. Wiggles, of Electric Boogaloos and RSC NY, etc. fame doing his thing (yes, that is his own website, which he maintains himself. I’m impressed). He hosts a few low-res but really cool clips on his site as well.

Hmm, just noticed that my current CSS borks IE6… I might get around to fix it, but I’m already doing so many work arounds for IE that it’s almost not worth it (go ahead and look at the source, and check out how it makes the validator barf).

Who knows if this is a good idea, but since I’ve only used about 0.1% of my monthly bandwidth right now (300 GB+), here’s a few little treats for faithful readers (all five of you):

• q-bert freestyle – Check out DJ QBert cutting it up. Just a reminder of why he’s the best at what he does. If you can catch any of the now defunct Invisibl Skratch Piklz doing their own thing, just do it.
• Basement Jaxx – Romeo – The song is pretty catchy, standard Basement Jaxx fare, but the video takes the cake. If you’ve ever seen any Bollywood movies on some strange local access/cable channel, you know what I’m talking about.

If you’re on ‘doze and you haven’t tried it yet, give Sasami2K a spin. IMO, the best media player available.