More Theory

Typography & Typesetting Tidbits

Some nifty typography and typesetting links today.

If you haven't already seen it, The Alphabet's Bastard Children links to a number of totally rad projects that push the boundaries of typography (including my Alphabet Soup).

The MicroFoundry looks like it touched on some pretty interesting font variation techniques, although the site design is hideous and everything requires "Shockwave," c. 1998.

Read Regular is a pretty nice looking font designed "For more effective reading and writing" (too bad it's not available for download or purchase anywhere).

P.J. Chmiel's type/lettering samples are some nice examples of typography in middle america.

The Untitled Project showcases how us type designers really see the world.

Parameterizable Fonts Based on Shape Components (PDF) uses the same idea as Alphabet Soup for constructive rather than creative purposes.

Saad D. Abulhab's Mutamathil is a variation of the Arabic alphabet that can be used to write arabic in rightward or leftward manner with the same characters.

In the typesetting direction, you don't have to be a genius to have noticed that Wiki is the markup/typesetting language for the aughts.

And finally, Markdown is a fantastically easy to use, powerful markup language (it was used to generate this blog post) that borrows from wiki ideas and invents some of it's own.

Nautilus Goes Spatial

This post on FootNotes/Gnomedesktop.org outlines the Nautilus project's decision to implement an object-oriented or spatial file browser. This means it will be more like the Mac OS Finder, and less like Windows Explorer. Diving into Gnome 2.6 has more details about what this means. I could not be happier about this; the Mac OS Finder was incredibly flexible, powerful, and easy to use. The "navigation" metaphor (think your-hard-drive-is-a-website) implemented in Windows Explorer (and unfortunately parrotted in most Linux file browsers, until now) is more constrained, artificial, and less functional. Three cheers for Nautilus!

Hacking Social Networks part II (Don't search private data)

This installment of Hacking Social Networks is about search and private data. The point we want to make is that public searches should never be allowed to return results based on private data. To be clear, we do not mean results that explicitly include private data, but results that, while only containing public data, are constraind by private data. Let's take three pieces of private data on Friendster: last name, zip, and email adress, and consider how they can be abused or discovered.

Visualizing Disk Space

A few months ago, Steffen Gerlach's scanner introduced the useful technique of visualizing disk space and file size within folders concentrically (the app runs delightfully well under Wine). Now there's Filelight, a KDE based tool which uses the same concentric rings layout (unfortunately not yet available for Debian testing/stable). And there's kdirstat, which uses the terminally nifty treemap layout technique to show file & folder sizes. A technique for quickly and clearly visualizing exactly what's eating up all of your disk space is suprisingly missing from most standard OS interfaces and file browsers. But in this age of massive music, movie and porno file-sharing and hoarding, it becomes all the more important to have a tool like this. Say goodbye to du -ks * | sort -n!

Hacking Friendster, Part I

EDITOR'S NOTE: I have posted these hacks in the hopes of publicizing security holes and forcing the networks to close them. Please do not send me email, myspace messages, or friendster messages asking me to spend my free time helping you duplicate this hack. Both Myspace and Friendster have modified their sites enough so that these hacks no longer work. In addition, this article contained far more than enough information to duplicate these hacks (when they worked), and still contains enough information to build similar hacks today. If you do not understand how to make similar hacks, consider doing your own research. If you want my help learning CGI and DHTML/JavaScript, I am available as an independent contractor and instructor at the rate of $60/hr. If you contact me asking for assistance in stealing other people's personal information I will forward your email to the relevant social network's abuse contact person, and recommend that they deactivate your account.

This is the first in a series of articles that expose security flaws in social networks. The two hacks described here are cross-site scripting attacks.

My Friendster profile has a link to my homepage. And my homepage has an embedded iframe in it, which uses a get string to call the "Forward this profile to another user" function of friendster.

A UI my mom could use

Segusoland is a new file browser that has what I think are some truly revolutionary ideas behind it. The program presents several lists to the user, of files, programs, actions, times, and devices, and then narrows all the lists as you select items from each, until you are left with the command you want to run. Check out the screenshots & tutorial.

A Better Threader

Microsoft Research is cheerleading for a threading technique which sorts messages vertically by time, and horizontally by thread (Screenshot) (PDF). There's lots of hullabaloo about how good a job this will do for email, but where it really stands to improve things is in instant messaging interfaces. Similar techniques are present in Lurker, and probably in other places too.

Seeing Stars

A comment Jon made about the Moscow Metro maps prompted me to google about for some pictures. I found this page, a comprehensive archive of Moscow subway maps going back to 1935. Since I'm a graphic design junkie, I checked them out. And I noticed something interesting. When the orange and purple lines were completed in 1973 or 1974, the map suddenly changed from a seemingly random jumble of lines to a distinct star pattern.

User Interfaces

I'm ringing in the new User Interface category with two of my previous posts to nooface.com.

Billowing or Fisheye text interfaces have been around since at least 1999. The idea is similar to the OSX Dock's technique of enlarging icons near the pointer. Here's an implementation in CSS/Javascript, one in Flash, and a third in Java.(original post)

The folks over at freedesktop.org are working on bringing true translucent windows to X Windows. XDirectFB also is working on transparency in X. Until I was forced to use OSX, I thought this was soley eye-candy, but it turns out to be suprisingly useful. Check out the screenshots.(original post)

Putting People in Possession of Knowledge

It is one thing to show a man that he is in error, and another to put him in possession of truth.

-- John Locke

This quote reminds me how knowledge is passed around in geek communities. It is not enough to explain that someone is wrong, we tend to require backup (references) of our claims and sometimes will forgo even the mention of why someone is wrong and just yellout "RTFM!".

It appears this line of reasoning is also becoming a staple in grassroot organizations. It is the mantra of truthout (where the quote was found), can be seen as the footnotes in the Daily Misleader, and was one of the operating principles in the Matt Gonzalez mayorial campaign's attempt to educate the voters (instead of muckrake the opponent).

Perhaps a product of an online world where providing reference links is part of our writing system and a response to the FUD we find ourselves constantly bombarded by.

A Family Friend Experiences DRM; The Loss of Digital Rights

This morning, I received an email from a family friend. Recently, they joined the new Napster: a music service that let's you buy Windows Media Audio (WMA) music files of your favorite artist. Things went awry when they decided they wanted to listen to their music purchases on their Archos Jukebox MP3 player. The Archos player does not support WMA. They emailed me asking how they could play their WMA music on their Archos. They had tried software to convert WMA to MP3, but it failed. "Help!", they said. They didn't know the software they need is illegal under the Digital Millenium Copyright Act (DMCA).

Why can't you just transcode the WMA file you paid for to MP3? Because WMA supports Digital Rights Management (DRM). Continue reading "A Family Friend Experiences DRM; The Loss of Digital Rights"

Why I don't like blog comments

The trouble with web-based discussion boards, especially the comments on blogs, is that it is hard to have conversations in such a fractured space. If you only read one blog, it is less of a problem (but still has issues). For example, danah boyd suggested a dinner to which a friend of mine responded in a comment on the blog entry. I then fallowed up with a response of my own. The thing is, unless my friend brainsik goes back to check the comments of the entry, he may never find I responded. What we lose with blogs and have with email is when someone posts to a list, you can respond not just to the list but directly to the person you are responding to. This is a lesson we should have already learned: direct addressability is one of the core features of the internet. RSS aggration starts to make this better, but are we just reinventing the wheel? Really, what do blogs have over moderated mailing lists read with a threaded mail reader? This "new" social software is supposed to make it easier for us to communicate, not harder.

Learning From Kaleidoscope

Back in the heady days of Macintosh System 7.5, Greg Landweber released Aaron, which changed the system's windows and buttons to match the "Platinum" appearance in the upcoming MacOS 8 (codenamed "Copland" after the composer Aaron Copland). Hacked versions of Aaron quickly appeared, with the MacOS 8 images replaced by images of the hacker's creation. Landweber realized he had a cash cow, and released Kaleidoscope, which could switch 'schemes' on the fly.

Apple devotees had learned of a few "Appearances" slated for introduction in MacOS 8: Platinum, Gizmo, Hi-Tech, (and Drawing Board, released only in Japan).

This may have been the birth of the idea of the 'skinnable' user interface; and Kaleidoscope was an early popularizer of the idea. Continue reading "Learning From Kaleidoscope"

Choice words

Why is it called breaking and entering when I do it but when they do it it's called Dynamic Entry?
Word choice is a powerful thing, it can shape how we approach or look at an idea. There have been many theories of how language affects thought, Newspeak, Neurolinguistic Programming, and others. These theories are mostly dubious or just outright fiction, but how does language affect the way we think? What is the motivation behind the political correctness movement? What does it mean when the state uses terms, collateral damage, in an attempt to affect our views of things? Maybe the answer is that it helps us avoid the truth that we already know . Maybe it is for our own benefit.

The 'Net Builds Itself

With the proliferation of community web spaces such as wikis, blogs, forums, and commenting systems comes worries of vandalism. A recent article by Dan Gillmor, Remembering the People Who Give Back to the Net, and All of Us, discusses the vandlism of his WordPirates site. The vandals showed Dan the "downside of the Net" while the mass of people who helped restore the site to its intended state showed Dan the "profound upside".

One of the most interesting things about open sites is that they are forced to become what the net wants them to be. Who's good and who's bad (vandals vs maintainers) is really a popularity contest. Wikipedia persists because there are a lot of people who like to work and build Wikipedia. The BitTorrentFAQ wiki node often appears vandalized because there isn't a strong community behind the wiki (and possibly because people don't know how to easily fix it). Friendster thrives with fakesters because there is a strong community of fakesters (even a manifesto) and people who want to connect to fakesters.

The net builds what it wants. If there is a stronger force that doesn't want a site the way it is and the force works to take the site down, it will go down. Is this wrong? I don't think so. I think anyone should be able to have an open site but they will have to build community if they want it to be successful and protected. Foreign policy sans WOMD?

RMX records and spam

RMX records are a good way to prevent being bombarded by bounce messages when someone spoofs your domain in their spam. However, since domains are cheap, I do not think it will do much to stop spam. If spam is profitable, why not buy a domain for $10 - $30 and spam from it? You can even use open relays point your RMX record at them. I think RMX offers improvments we should add to SMTP, but it (like any thing else) is not a silver bullet.

John Waters is a genre

I re-watched But I'm a Cheerleader last night. It struck me, besides being a great film, this movie makes John Waters a genre. There is nothing too profound about this post, I just thought it was a interesting way to describe the movie. I find it amusing that Waters is a genre now.

You know its bad when...

Recently, the CTO, Dan Geer, of @Stake was fired for signing on to a report (PDF) that said the prevailance of windows was a threat to the internet. The thing I find worth noting is not that he was fired but what @Stake said in defence of Microsoft:

Chris Wysopal, director of research and development at Boston-based AtStake, also appeared on CNNfn to "set the record straight" about AtStake's position. He said there are ways to secure networks without having to get rid of any Microsoft software, such as patching systems better and compartmentalizing them so problems don't spread.

Directions for community wireless development

Given that the Grid group at MIT seems to be commited to doing real work on real networks (building exactly what we need) maybe the focus of community groups should be on other parts of the problem. The issues, in my mind, are such things as distributed back haul, deployment/installation, and hostile network enviroments where there are nodes that are not functioning within the protocol spec.

Distributed back haul seems to be one of the tougher problems. The trick is how do you allow for a multi-point border without being an autonomous network. My soultion for now is to get some cheap colo and back haul the traffic there using ip tunnels. This has the disadvantage that it does not use the internet efficiently as all traffic will bounce through the colo as it leaves or enters the network. Maybe we could do something smart with ICMP redirects or triangle routing (a la triangle boy).

The deployment issues are getting the hardware in peoples hands, making it easy to install, and knowing the current network topology to know where new nodes can go. Both these issues have had some progress on them. On the hard where side, I know BAWRN has a nice hardware setup [PDF] they are using.

These units do take a bit of construction. What can we do to make them more off-the-shelf? I think this will probably lead to better results then trying to hack on linksys hardware which has a history of changing often, making it hard to offer simple instructions for users to install alternate software. The disadvantage to this approach is its expense. For now, I think we should probably just live with this and wait for prices to drop.

The other half of the problem is the provisioning bit. There is also progress in this as well. Two places where we see this is in the captive portals such as no-cat authentication and no-cat mapping.

On the hostile network envrionment side, I do not know of much published work. I have put some thought in to it, but have not written anything. The answer to this problem may very radically depend on the routing protocol used. This needs some thought as it is not just about people trying to hack the network, but also about bugs in the software (which I am sure we will have). In my opionion, the goal should be to avoid non-local DOS attacks on the network. By non-local I mean ones which can be used across the network as opposed to attacks that only work on the local links, like a radio jammer. I supect this will require the solution to be based on information local to each node that computes itself. One non-local attack would be route poisoning. I think the freenet next generation routing may be a good place for inspiration.

This type of approach could probably be used on top of arbitrary routing protocols by acting as a multi-player on top of the protocols decisions about metrics. I think protocols that pass link state around the network are good from a efficiency standpoint, but not from a robustness standpoint.

A further issue is network scaling. I have some thoughts on this, but my guess is they are totally wrong. Really, I think we will have to incrementally grow the networks and discover what the real traffic patterns and scaling problems are.

The Britney Twisty Puzzle Contention

There are two problems in contention for resource discovery in social networks. One is that there are cases where you want to create partitions in the network to allow for diversity of ideas . The second is that you want to make it easy to find esoteric subjects. The first I will describe in terms of Britney Spears fans and fetishists: the fans and fetishists problem. The second I will describe in terms of twisty puzzles: the esoteric resource discovery problem.

The Fans and Fetishists problem is the desire to create partitions of the social network so that diversity can exist. Take for example two groups of Britney Spears devotees: fans and fetishists. The fans are mostly young people who actually enjoy the singer's music. These fans want a place to discuss Britney and engage in other such wholesum, fan related actvity. The fetishists on the other hand are mostly adults who have impure thoughts about the pop-icon. They are instead in discussion and activities not appropriate for the majority of the fans. The goal is to allow both to exist, guard against the fans from accidently stumbling in to a fetishist discussion group, and (probably) increase the difficulty for the fetishists to find a fans group.

In meat space, the separation between fetishist and fans is largely accomplished by performing resource discovery in the social network. The fans are unlikely to accidently end up hanging out with a bunch of fetishists because they are not connected to the adult network that the fetishists exist in. Similarly, adolescent fan social networks are inaccessible to the fetishists; they would find it difficult to know when and where the fans meet to trade gossip.

The twisty puzzle probliem is much simpler to describe. Simply, avid twisty puzzle fans are a disperse and disconnected group which would like to have a common discussion forum. A single forum is desired beacuse there are only a small number of true twisty junkies and they are physically and socially distant. This type of situation is not solved well in meat space but is handled fine on the internet. A short session with google will find you the twisty fan sites and mailing lists.

The contention between these two problems is the of ease of resource discovery. It should be easy for twisty and hard for Britney. For the Britney problem, we can borrow from meat space and allow a Britney group to be discovered only by reference from someone in your online social network. For the twisty problem, one common solution is to have a searchable directory interest groups. One could provide an option in group creation as to whether or not it should be listed in the directory. My issue with is I don't trust users to make the right choice when deciding to have their group listed or not. For me, the challenge is to find an approach that is "natural", requiring the user to make no choices about how resource discovery works.

A note about central directories.

There is a general problem with central directories. Over time, popular topics tend to have a poor signal-to-noise ratio. This can be seen in what happened to usenet news as the internet expanded. It seems largely, the answer people took to this change was to create mailing lists and move off usenet. Since there was no central directory of mailing lists, they are harder to find and there are often multiple ones per topic. I think both these factors help to increase the S/N ratio for mailing lists over usenet, but of course, again, at the cost of making it harder for esoteric groups to form.

Airplane Saftey

So there is this current article, Mobiles ring out air warning, that claims it has been conclusively proven that it is dangerous to use electronic equiptment (mobile phones, computers, etc.) on planes. The thing that has always disturbed me about these comments is I really don't think it should be so easy to cause a failure in the navigation or auto-pilot systems of passenger air craft. I mean, really, could you hijack a plain by threatening to turn on your mobile?

Creepster

I have been thinking about different creepy ways to use friendster latley. This is my first hack: It is a bookmarklet that will search friendster for the currently selected text as an email adress. Basically, what that means is you select an email address on a web page, click, and see whether there is a friendster profile using that address.

Friendster email lookup (bookmarklet)

I have only tried it under mozilla, but it should work in ie as well, and it does not work when there are frames. As I probably will not use this much myself, it is unlikey that I will fix the frame issue. If you want to use it, drag the link to your short cut bar.