The following User stylesheet snippet can be used to highlight particular search results (such as your own domain, if you want to quickly find it in Google search results):

@-moz-document url-prefix(http://www.google.com/search)
{
a[href^='http://www.vitavonni.de/'] { background-color: yellow; }
}

@-moz-document url-prefix(http://www.google.de/search)
{
a[href^='http://www.vitavonni.de/'] { background-color: yellow; }
}

a[href*=vitavonni.de] { background-color: yellow !important; }

This modification obviously only applies to your browser; it's meant to help you finding links to your own site more easily.

Here's a code fragment to track outgoing links with Google Analytics. As usual, use it at your own risk. I can not give you support for Google products, for obvious reasons.

To use it, you need at least understand where to put it (call it in a try-catch in onLoad) and how to adjust the variable name of your page tracker (I'm not using the default).

function trackLinks(){
  var as=document.getElementsByTagName("a");
  var ig=["mydomain.tld","google-analytics.com"];
  for(var i=0; i<as.length; i++) {
    var ignore=false;
    var oc=as[i].getAttribute("onclick");
    if(oc!=null){
      oc=String(oc);
      if(oc.indexOf('urchinTracker')>=0
      || oc.indexOf('_trackPageview')>=0
      || oc.indexOf('javascript:')>=0)
        continue;
    }
    if(as[i].href.indexOf("mailto:")<0){
      for(var j=0;j<ig.length;j++){
        if (as[i].href.indexOf(ig[j])>=0)
          ignore=true;
      }
    }
    if(!ignore){
      as[i].onclick = function(){
        var o=this.href.replace(/:\/*/,"/");
        pt._trackPageview('/out/'+o)+";"
        + ((oc!=null)?oc+";":"");
      };
    }
  }
}

This code tries to attach an onload handler to any outgoing link, ignoring internal links or links that use JavaScript. If such a link is clicked, it generates a virtual page access with an "/out/" URL that can be analyzed in Google Analytics.

A side benefit (apart from knowing which links are interesting to your visitors) is that you should get more accurate "time on page" statistics for your pages.

I do not really understand why they don't support this themselves, but Google Analytics will not track keywords for Google image search. Instead it just shows up as "referrer". A site I'm webmaster for, Swing and the City, gets a lot of image search exposure (funnily for an image that is gone since August, Google also needs to work on their index, too), so it was a bit odd to have images.google.com show up as top referrer but not "organic search".

Here's the code I use to fix this:

var r=document.referrer;
if(r.search(/images.google/)!=-1 && r.search(/prev/)!=-1){
 var e=new RegExp("images.google.([^\/]+).*&prev=([^&]+)");
 var m=e.exec(r);
 pt._addOrganic("images.google","q",true);
 pt._setReferrerOverride("http://images.google."+m[1]+unescape(m[2]));
};
pt._addOrganic("maps.google","q",true);
pt._addOrganic("forestle.org","q",true);
pt._trackPageview();

Note that image search is more complicated than the maps and forestle search engines I also add for keyword tracking. The original query is encoded in the "prev" parameter, and the easiest (or only?) way to get working tracking is to use the ReferrerOverride function of analytics.

Note: this is not a straight copy & paste, since I use this code in a compressed and encoded (for injection into the page via DOM ops) form. So no guarantee of syntax completeness. You'll need to adjust it to your variable naming anyway (I use "pt" instead of "pageTracker"). This is just to show you the use of unescape on the "prev" parameter for this purpose.

I wonder if it's possible to identify link spammers (you know, these bots that mass-submit a link into as many blogs/etc they can find in order to boost their page rank) by the simple measure of how many of the links to their site are marked 'nofollow'.

Say, a regular page should have less than 5% (and less than 20) nofollow links; a site that goes significantly above this value probably employs some spam bot.

The only really hard thing is how to avoid attacks on a site using this ... say, I write a bot that spams links to Microsoft on as many sites as it can find that DO use 'nofollow', in order to get that site above the limit, and have google penalize it.

So in general I don't think Google would automatically penalize such things, still it could be used to e.g. have a human check the destination site for useful content, and then only blacklist when it doesn't seem to be useful.

P.S. Which BTW is a reason why some of the SEO "do nots" are bullshit: it would be too easy to deliberately use these to blacken a competitor. So a 'link farm' will at most do nothing to raise your ranking; but Google must not allow you to actually lower a competitors ranking by setting up a link farm to him!)

P.P.S. On another side note: Who guarantees that Google actually ignores "nofollow" links? They could also just be assigned a lower weight or a penalty, so that a "nofollow" link from a strong site such as Wikipedia would still be worth a lot, while the average blog comments page link goes down to 0. Say a "nofollow" link from a PR 6 site is as much worth as a regular link from a PR 4 site, and PR 2 becomes PR 0. Would already do much of the trick in discouraging the use of blog spam bots. Because after all, ignoring the links on Wikipedia for page rank would be quite stupid. In German Wikipedia, the page contents are even "sighted" (aka: peer reviewed); this is a rather trustworthy source, especially when you take time effects into account. A link being constantly in Wikipedia on a popular page for more than a month very likely is good.

When I got my Google Wave account, it took the invitation about a week to arrive. A few days ago, I got my first own invites, and invited some colleagues (in an attempt to actually find a use for Google Wave beyond "rich media live messaging"). Within a few minutes they were "in". Now I just got my second set of invites. So is Google Wave now getting ready for mass opening, rocketing user numbers?

As you might have already guessed, I'm not convinced by Google Wave. It's technically interesting and well-done. The demos are all nice. It's just that the UI in the browser is a bit fragile and cumbersome, and the big question so far is:

What does Google Wave allow you to do that you couldn't do before?

• You can use it for mail, but it only works with other users of Wave and lacks good offline operation.
• It beats pretty much any instant messaging in functionality, but the UI isn't well for running in background. Most IM clients have a great UI for "background" operation.
• Collaborative editing - I prefer having a real editor and real files for that. Check out Gobby for that. I've heard Wave is good for remote brainstorming, though.
• Social networking, read "facebook". Wave doesn't have all the filtering stuff that Facebook is still trying hard to get useful. Just wait until someone releases "Mafia Wars" for Wave ...
• Blogs. Sure, I could do a 'Blog Wave' and invite my friends there. Makes sense for small-audience private blogs; not for blogs like mine where I mostly write to people that I do not know.
• Games. This probably is the current killer app on Wave: Sudoku. Although the (widespread) implementation sucks somewhat. Magnetic Poetry is a nice idea, but doesn't even work in Chrome for me properly ...
• All the web 2.0 stuff just gets on my nerves. I'm not going to use it for my blog; I by design do not have comments on my blog, either. Being able to web 2.0 everything doesn't make up for a lack in benefits.

Yes, I'm aware that you should differentiate between the protocol and the ui. Still pretty much everything is currently designed for the web browser with full JavaScript and Flash capabilities.

Of course this isn't the end yet, Google Wave will evolve. Maybe into something cool, maybe it will remain just a niche thing. Maybe some cool apps will just use Wave as protocol. But I figure, I'll mostly wait for these things to happen first before I become a frequent user of Wave.

The biggest thing I see is the "spam" (this especially includes 'Quiz', Mafia Wars and similar Scamville type of 'apps' that surely will show up in no time, once Wave is open to the public). What will Wave provide to me to handle this flood of worthless information that I'm getting more and more?

P.S. Please don't bother to ask for invitations to Wave.

P.P.S. here's how to replace the odd scrollbars with the regular OS scrollbars with a really simple user style (CSS).

If you are doing a complex web layout (such as my Swing and the City layout which features alpha-transparent fixed layers), and want to embed Flash (e.g. on the Was ist Swing? page - German: What is Swing), make sure you add the attribute wmode="transparent" to your embed tag, and <param name="wmode" value="transparent"></param> to your object. Otherwise, a layer - in particular popup menus - might end up below the flash.

This includes you, YouTube. In HD view, the user popup menu only has the top 3.5 entries out of 5 accessible for me.

The following XSLT stylesheet can be used to find such embeds in a bunch of XHTML files using the command line xsltproc findNoWmode.xslt $( find -iname '*.html' )

<?xml version="1.0"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
 xmlns:html="http://www.w3.org/1999/xhtml">
<xsl:output omit-xml-declaration="yes" indent="no"/>
<xsl:template match="/">
  <xsl:call-template name="t"/>
</xsl:template>
<xsl:template name="t">
  <xsl:copy-of select="//html:embed[not(@wmode) and (count(param[@name='wmode']) = 0)]"/>
</xsl:template>
</xsl:stylesheet>

You can of course also write a XSLT stylesheet to insert the wmode statements whenever there is none, to make transparent your default.

[Update: I've received comments that this comes at qutie a performance cost for Flash, and that this might be the reason why YouTube doesn't use it - in particular for the HD videos. Also it isn't supported by WebKit based Browsers so far (so Safari neither?) and nor does it seem to be working in Gnash, an opensource flash plugin. So you have to choose between multiple evils if you are using Flash...]

We've opened a completely redesigned Swing and the City web site today. The layout was quite a pain to get working because of transparency and non-scrolling parts. But on my last tests, it was working quite well in all of the major browsers. But if you notice any issue, please tell me (email: erich AT debian org)

I'm aware that the red-yellow border on the left doesn't line up right. I'm waiting for fixed graphics from the designer for that. There is also a glitch with clicking the logo when scrolled just a little bit down. These are on my to-do. At some point I also want to increase the use of CSS spriting to further reduce page load times. Oh, and Internet Explorer sucks, btw.

The web site is about Swing dancing in Munich (so no tech today), and at this time only in German. At a later stage, we might add English, too.

During August we'll also be building our own studio, "Cats Corner", which will actually be somewhat similarly decorated. :-) Congratulations to Christine for doing all that for the Lindy Hop scene!

P.S. Bring Down IE6.com, IE6 No more.com

P.P.S. See this blog post on how it is impossible to use the CSS "clip" property in a way that both IE7 and IE8 will understand. While only one is W3C standard, Firefox just accepts both ... but at least IE8 goes with the official standard now.

Is there any way to provide an alternate CSS stylesheet for GoLive CS2 only, not for regular browsers? Because there are some things in that layout that are too difficult for the GoLive renderer, it doesn't display them right. The pages are still editable (just plain XHTML), it's just not looking right in GoLive (advanced CSS).

The site already has alternate stylesheets for browsers such as the broken Internet Explorers, so if I could convince GoLive to use their stylesheet it might be looking a lot better in the editor, too ...

I am aware that GoLive CS2 has been abandoned in favor of DreamWeaver. Still it's going to be used in a project I help with the web templates.

(Other options would be Kompozer and Amaya, but none of them seem really fit for production use: Amaya was just removed from Debian because it had some security issues and the maintainers had the impression the code was such a mess that there will be much more such issues. And Kompozer seemed to be a mostly dead branch of a Gecko hack (although there has been a new alpha release this year) ... is there some reliable opensource non-source HTML editor that I'm missing?)

P.S. Sorry, no comments in this blog. Use Email: erich AT debian ORG

Has anyone experience with Dropbox?

It seems to be an interesting web storage service, with 2 GB of free storage.

However, the Linux client seems to be closed source (which is understandable, it seems to have a lot of neat features) - so I intend to use the web interface only (at least for now).

Update #2: There is a RFP bug for Debian, some Source is on the download site. And while this sort (except the images) is GPL, it's just the nautilus integration part, not the daemon you also need.

Did you try Dropbox? Does it work well? I know some people (especially Windows users) who could benefit a lot from a service like that, so I wonder if I should recommend them Dropbox. Or is there some better alternative (it should allow sharing of files though - synchronization is not as essential, it is a lot about exchanging files too large for usual email in small user groups; still synchronization probably is a comfortable way of transferring the files without having to think about it yourself)?

No comments in this blog - email me via erich AT debian ORG.

P.S. I know there is some referral program to get more storage, feel free to send me your referral link - I'll remove this PS once I've signed up.

P.P.S. There also is Ubuntu one, but as far as I can tell Ubuntu only so far. Looks very similar.

P.P.P.S. So far, I've received a lot of praise for DropBox.

P^4.S. My own referral link, feel free to use this to sign up (+256 MB for you, too!) and "upgrade" my account.

Quoting MSDN on the CSS "clip" property:

As of Internet Explorer 8, the required syntax of the clip attribute is identical to that specified in the Cascading Style Sheets (CSS), Level 2 Revision 1 (CSS2.1) specification; that is, commas are now required between the parameters of the rect() value.
...
In Internet Explorer 7 and earlier (and in Internet Explorer 8 or later in IE7 mode, EmulateIE7 mode, or IE5 mode), the commas should be omitted.

I see a few options:

• Giving both rules, hoping that the browsers will just ignore one they can't parse (and not revert to no clipping) - untested
• Use Conditional Comments to use a "ie7fixes.css" file (works)
• Do not use clipping (the most commonly used solution)
• Ignore the existance of Internet Exploder 7 and just follow the CSS 2.1 standard (that's the way it should be)

DarkSEO has some code to attack php3bb captchas. (Note: I didn't even look at the code, it could be a virus or anything).

I do not find that very surprising that this has happened, most of the captchas around are very naive, and I've seen multiple scientific articles detailing how to attack various captchas. Many use colors and thin lines to make them look hard, but after applying a naive energy function and doing some blurring to remove the thin lines, they break down.

ReCaptcha is quite interesting, because it doesn't bother with some useless colorification that doesn't change contrast. But I wonder if it can't be overrun by spammers and how long it will scale. Still I figure it is what I would pick right now, because they can upgrade it if it actually is attacked by solvers.

It doesn't help much for the proxy attack on Captchas though (offer users to view some pr0n in exchange for solving a Captcha that you actually were given to solve by another site) - at least not when combined with some XSS and/or bot net. (The 'obvious' proxy approach can be IP-filtered.)

For a research project, I'm looking for some real-world time series data. Time-series are an interesting thing to study, however it is hard to get access to interesting non-trivial real-world data.

I was wondering if some people could contribute me some summarized web access data; no URLs or IP addresses.

The data I'd like to get can best be explained by the preprocessing step:

... | perl -ne '/\[(\d+\/\w+\/\d{4}:\d\d):\d\d/
&& print $1."\n";' | sort | uniq -c

That should produce 24 lines per day (one per hour), looking like this:

  count day-of-month/month/year:hour

It would be cool if you could send me some series for a couple of sites, if you happen to be in the position to provide this data. The data should cover at least a few weeks, the longer the better even up to a few years.

Too small sites are however not very useful but might be too noisy (so probably not the personal home page of your mom). If you are providing a larger number of series, you are of course free to include them.

I don't care much about what the site actually contains, I'd just ask you to give a tiny amount of meta information:

• Server timezone if not UTC
• Typical user timezone (if applicable, that mostly applies to 'regional' sites)
• Coarse classification of site (e.g. "product website", "web service", "search engine", "company site", "OSS software site" or something like that ...)
• Redistribution permission (if possible; most likely I'll only use data series where redistribution is allowed, since some conferences ask you kindly to provide such material)
• Your email address will be withheld, to increase anonymity of the data

Data use:

The main project idea is to evaluate different distance metrics in their capability of separting the different data sources, assuming that there is some difference in the shape in these curves. A different problem can be constructed by breaking the series into chunks covering approximately a day and then trying do separate different days, starting hours of the series (or offset server timezone vs. user timezone) and/or weekdays from weekends.

In our experiments, we've come to the conclusion that the experimental results are most interesting when there is a sufficient number of classes; so I'd like to get like 20 different interesting data series. At the same time, the series should be long enough, so I can break them into multiple chunks to have a reasonable number of 'sub-series' per class. If I have really long series, or e.g. series covering the same site but from multiple servers, I could even experiment with taking sample of different length from these sets.

(Say I have series covering 2 years, that is ~17k samples, from 3 servers, then I can take 51 disjoint sub-series of length 1000, or 102 of length 500, ...)

But it's obviously not possible for me to collect this data myself - I don't operate two dozen of such sites myself ...

An extra project I've been considering some time is some peak prediction for web accesses. Say you're running some fast growing site, wouldn't it be useful to have a prediction when the number of accesses will likely hit some magical limit (and e.g. overload your server) so you can increase your capacity on time? Of course it would be more sensible to apply this prediction e.g. onto CPU usage, e.g. predicting when your system might hit 90% load average over a 5 minute window in regular operation. Network bandwidth and disk IO also come into mind. You get the idea.

Please send them via email to erich.schubert AT gmail com

Thank you.

[P.S. Already recieved the first series, thank you! I can take care of sorting myself, no need to worry about that. And yes, I'm aware that the series will probably all be quite similar - common computer usage patterns such as work hours - but that is common in real world data and part of the challenge. Separting apples from dinosaurs is not a challenge.]

I've previously mentioned my plans on redoing my blog. Well, I've settled down on some design issues already (posts will be stored as mini Atom feeds, which makes the generation of Atom feeds for the blog and categories trivial, and gives me maximum flexibility. I already have a working converter for my existing blog to Atom posts.)

Generating static HTML pages from that will be easily possible using an XSTL transformation (for example), and I got the feedback that I could just use Google AppEngine for blog comments, so my actual blog could remain static-only (and thus much more secure and reliable). Any attack/spammer/bot can then only kill the comment functionality, not my own site.

Which brings me to another design consideration: the editing widget. Either for the blog comment application, for writing my own blog entries (via a https protected script or whatever) or maybe for a small CMS I've been thinking about - having a reliable HTML in-browser editing widget is something I could use every now and then (well, I'm not doing much Web stuff anymore these days).

Geniisoft has a good overview over in-browser (aka: Through The Web, TTW) editors. The top candidates seem to be:

• FCKeditor
• TinyMCE
• Xinha

I've heard before of FCKeditor and TinyMCE; I think I've been on the Xinha page before, too. However, comments on them have not always been good.

To some extend they all seem to have (to some extend) feature creep which usually is a bad sign - most often this means that there are security issues in one or another module or plugin.

TinyMCE for example has been described as "a bit of a pain" and "a tad clumsy" on the GSoC mailing list. I have had less fights with it than with the Debian Wikis (MoinMoin) markup language though.

I'm not looking for anything as big as these - I just need an editor that allows for some basic formatting (bold etc., links) and that produces reasonable XHTML output. I'll be feeding the output through some custom cleanup script anyway, which will kill disallowed code. So I don't want any editor which allows the user to create code that will then be killed afterwards.

Any personal experiences with any of these, or an important alternative that I might have missed (no PHP involved, please!) - email me (no comments on blog) at erich AT debian org.

Update: I've received a couple of pointers. Please don't send me links to projects that are not actively maintained anymore - I don't want to care about having to fix bugs in the editor widget myself.

One link I've received twice is actually quite impressive: WYMeditor. It doesn't try to look like a word processor, but actually is more of a semantic editor. Much more what I'm looking for than any of the others. I've also received a link to the Yahoo! UI Library Editor, which is quite clutter-free, but in the default setup at least very text-formatting oriented, not very semantic (that doesn't mean you couldn't change it that way, I guess you can). I was also pointed to Dojo, but that framework is totally feature creep (which also explains why it loads so slowly I guess), and the last time I looked at it's source code, I had some WTF moments - code quality at least outside of core doesn't seem to be very high (Yes, that code implements the "mod 7" operation using list shifts instead of a simple arithmetic operation).

Looks like I'll give the first try to WYMeditor. Update #2: the code seems to be rather ... complex. I'm looking for something neat and clean; it doesn't need to bring along yet another XHTML schema and validator ... Maybe I should try one of the others first?

Many people are already aware of the amount of data Google can (and does) collect on them. Some people therefore refuse to use certain google applications altogether. Others just like them too much.

There are some services that won't work with heavy ad blocking and anonymizing services - others will work just fine. A prime example everybody uses is Google search.

Google search will work just fine if you use anonymizers. Google Mail won't.

Privoxy and TOR is a great combination for anonymizing, however you won't want to use them for bandwidth-heavy web surfing, and there is little benefit of using them for web sites where you authenticate anyway.

Here's a way to do a compromise:

1. Install and configure Privoxy and TOR. Make sure they work.
2. Setup a proxy.pac file (proxy autoconfiguration) for your browser like this:

   function FindProxyForURL(url, host) {
       var google = /https?:\/\/([^/]*\.)?google\.[a-z]*($|\/)/;
       var tor = /https?:\/\/([^/]*)\.(exit|onion)($|\/)/;
       if (google.test(url)) {
           if (shExpMatch(url, "*.google.com/mail*")) {
               return "DIRECT";
           }
           return "PROXY 127.0.0.1:8118";
       }
       if (tor.test(url)) {
           return "PROXY 127.0.0.1:8118";
       }
       if (shExpMatch(host, "config.privoxy.org")) {
           return "PROXY 127.0.0.1:8118";
       }
       return "DIRECT";
   }
   

   and point your browser to it.
3. Add the following to your privoxy/user.action file:

   { +client-header-filter{hide-tor-exit-notation} }
   .exit
   { +filter{js-events} +crunch-all-cookies }
   .google./(search|blogsearch|scholar|images)
   

   And don't forget to reload privoxy.

When using Google Search (including image, blog and scholar search, feel free to add additional services) you should be seeing a login button, while you could be accessing Google Mail at the same time in another tab.

This list is of course not exhaustive. You might want to actually use privoxy and TOR by default, and only disable it for certain sites (or configure privoxy accordingly). You get the idea: this is just a very minimal approach to disable tracking exactly by the Google search site. It all depends on how serious you are about privacy and how important data throughput is for you.

Also it will allow you to access certain TOR functionality (such as hidden services) without running TOR all the time (after all, it is and will always be slower than direct access).

[Update: apparently some TOR exit nodes trigger a spam protection on Google, and without cookies you can't solve the captcha. So the use of TOR doesn't work well with Google. All the privoxy cookie blocking however is still recommended.]

Sometimes, companies come up with the most stupid restrictions. And unfortunately, other companies enable them to do that.

In this particular case, the DHL parcel service and Acrobat teamed up: You can buy and print shipping labels online with DHL. I thought I'd give that a try, especially since there is a 24h dropbox nearby.

The label can be printed either using a Java applet or a PDF file. It thought PDF - sounds great. But it isn't. It's a very special PDF file. It has a scriped printing button that will print with the default settings (so it comes out at a completely different printer that I would have wanted to print it). In fact I would have expected the printing dialog to come up, and thought the button had not functioned at all. Also I could probably not have used it if I had opened the PDF file in a different PDF viewer. At my own laptop I might not even have Adobe Reader anymore - I use Evince. It's faster and has a much better UI. But I don't have a printer, so I used a computer at the university which used Acrobat by default, fortunately.

And: you may only print the real shipping label once. Only 'sample' labels can be printed arbitrarily often. This is counted on the server side, btw., and also applies to the Java applet.

Apparently you also must not rename the PDF file (WTF?) and you need to be online to print the file. So you can't save the PDF file and take it to an offline computer that does have a printer...

Dear DHL: have you heard of that ancient technology called 'Photocopiers', sometimes also dubbed 'Xerox'? You know... lots of people still have these. Heck, I figure I could even use Adobe Reader to print the label into another PDF file with the print restrictions removed...

So you gain nothing by preventing multiple printouts, but you can seriously annoy users (e.g. when their printer malfunctions)

Please stop imposing such stupid restrictions on users.

Do you know some web sites sporting an Art Deco or Roaring Twenties web design? I find that period (the Swing and Jazz age, where Gangsters were still stylish) very fascinating, and I'm looking for things to get inspired.

Art Deco is usually described as being "simple shapes, geometric, vibrant colors", which would fit to web design restrictions quite well, wouldn't it? Other important aspects seem to be the use of materials; which obviously isn't really possible in web design (mind you, textures are only a bad approximation).

If you know some sites where you'd say "this is Art Deco Webdesign", please let me now via EMail, erich (AT) debian (DOT) org

[Update: Web Designer Wall has a list with a couple of nice pages. Not all of them are Art Decoish or Roaring Twenties, but some a pretty nice.

I'm looking particularly for Art Deco and Twenties, but any Vintage and Retro Design can be inspiring.

And I'm not looking for pages to blindly clone, but to get some inspiration from. I don't copy, since I do pages in my own particular (XMLish) way anyway.]

With the latest flash for Linux update, two of the biggest annoyances have disappeared. Yay for usability!

• Flash no longer steals the keyboard focus - Ctrl+L to go to the location bar now works even when the mouse is over the flash embed
• HTML overlays over flash finally work. This makes some web sites finally usable even with Flash on (I still recommend using FlashBlock!) - they had a navigation menu that would open up under some Flash animation they had displaying below the menu, effectively making these parts of the menu inaccessible.

It still sucks, and I'm only using it in rare cases by selectively loading Flash. I love FlashBlock, which replaces any flash crap with a 'Play' button. Now if we could only do the same for some of the Web 2.0/DHTML annoyances...

[Note: it's not a particularly new version. r115 according to about:plugins. I was told it's like 3 months old. I just noticed the difference, maybe cause the Debian flash-installer package was just updated to this release, or because I use Flash so little. It was so unreliable for like ever that I wouldn't even start using any site that uses Flash for anything serious. Granted: I do use youtube, because there are some great Swing dancing clips there. But that only uses a tiny fragment of Flash but still has been killing my browser every now and then.]

[Update: I was misled by a clever Javascript that actually disabled the flash or shrank it or so when the menu popped up. E.g. the Toyota site http://www.toyota.com/corolla/ is still unusable unless you're using some flash blocker or do not have flash installed (apart from the flash assuming it were transparent, but it's rendered on all white). The menu still pops up under the flash, making it impossible to access many pages.]

When reading this number

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

The first time I came across it, it was encoded in a puzzle; not a particularly difficult one (what key is inbetween of F8 and F10 on your keyboard?).

Turns out that this number can be used to decrypt most HD-DVDs produced so far.

No, you can't really think you have a copyright on this number? You could have it as a registered trademark, I guess. But I think everybody will be using it to refer to you. :-)

From a crypto point of view, it was just a matter of time until this number leaked out. And in fact, the HD-DVD encryption was designed to handle this cases (but it wasn't used correctly). Face it: cryptographers have been telling you right from the beginning that your encryption will be broken by it's very nature (remember: you are shipping decryption keys worldwide in your HD-DVD player devices).

[Update: others thought it might be an IPv6 address maybe?]

[Update #2: Google thinks there are about 300k pages with this number. Maybe we can stop this meme now? :-)]

[Update #3: it was pointed out to me that nobody claimed to have copyright on this number, but that it is a device to cirumvent encryption and thus violates the DMCA. And that this is similar to distributing magic markers that could be used to 'crack' a famous CD protection used by Sony some time ago...]

1 und 1 (1 & 1), "world's largest Web hosting provider by known servers", which recently bought GMX (Germanys largest Webmail provider) and has a significant market share in the DSL retail market in Germany, added an instant messenger service.

The best: it's not just "yet another IM service", but just like Google, they have chosen the XMPP/Jabber protocol ("Extensible Messaging and Presence Protocol"). So they can interoperate. I've successfully tried exchanging data between GMX and Amessage, which I'm using for my IM.

Configuration was trivial in Pidgin/Gaim, pick Jabber as protocol; username and server are just these two parts of your email address. The password is the same as for your GMX services. This is set up in a few seconds.

Hooray for open standards!

Most of the time when I lookup the IP addresses used in FTP and SSH scans, they belong to some network in china. And apparently the last two times when the Asus website was modified (this time exploiting another unpatched vulnerability in Microsoft Internet Explorer, with .ani files), they were loading exploit code from certain servers in China.

Well, I guess you just cannot trust their regime; if it isn't actively encouraging the hacking activities, it at least completely fails to do something about them (you might recall that China tries to censor much of the Internet, but apparently they aren't able to firewall off hackers going out?).

It's hard to tell what their motivations are. I guess it's military interests (i.e. having points of attack in case of a war) combined with industrial espionage.

To me this means, that I can't really trust developers from China, and that I better double-check their code. While I don't assume them to be bad guys, you never know what their government might force them to do. Sorry about that.

Lars Wirzenius blogged about the end of bitmaps.

I do know his problems very well: both my current and my previous notebook feature 1600 by 1200 pixels on an 15 inch screen. That makes 135 dpi.

So I'm at around the double of the "traditional" dpi value, which was 75 dpi for a normal screen. (Albeit most users are at around 96 dpi now I think)

I do not think, bitmaps will come to an end. There is so much you can easily do with bitmaps that is hard to do with vector graphics.

But: Web design will have to adopt to that. Bitmaps in the web will no longer be displayed 1:1 on the screen, but will require scaling or similar adoption.

I think I've seen a web page investigating the possibilities to have images being automatically scaled to match your font size. I thought it was Clagnut Sandbox, but there are only some related things. Sorry I don't remember the correct page. Maybe it was on A List apart (another of the best CSS tech sites I know) but I couldn't find it there with a quick look-over, either.

I think the core idea was, that in about every browser, 1 em is 16 px. (For a reasonable font size on a standard screen at least), so you divide your image size by 16 and give it in em units. If a user uses a bigger font (or uses the zoom button of his browser), the image will scale with the text. Sounds interesting for me. Unfortunately, zoomed images may look awkward sometimes (but that is generally the case when you should indeed use vector graphics and not bitmaps...).

P.S. Lars, there is no Eric Conspiracy. Especially not since I'm not aware of coolness points for not recruiting yourself, but using the headers anyway.