Some interesting advances in the art in the past couple of days:


Jason has been following up on Josh's Bikes Against Bush arrest.

Some interesting posts on /.:

Instiki - wiki w/ Desktop (OS X menubar) integration. One less thing on the todo list. [via mathowie]

Redacted by the Justice Department:

The danger to political dissent is acute where the Government attempts to act under so vague a concept as the power to protect 'domestic security.' Given the difficulty of defining the domestic security interest, the danger of abuse in acting to protect that interest becomes apparent.


Holy Crap, this 18" Spider-Man figure has 67 points of articulation, which includes 14 in each hand (fully articulated fingers!). Time to trade-in those ol' hardwood manikins for something way better (and with free webshooters!). Wal-Mart sells this bad boy for $21.68.

Spider-man on TV

I've been really digging on the new Good Life album:

How Long Can the Country Stay Scared? , Bruce Schneier

A terrorist alert that instills a vague feeling of dread or panic, without giving people anything to do in response, is ineffective. Even worse, it echoes the very tactics of the terrorists. There are two basic ways to terrorize people. The first is to do something spectacularly horrible, like flying airplanes into skyscrapers and killing thousands of people. The second is to keep people living in fear. Decades ago, that was one of the IRA's major aims. Inadvertently, the DHS is achieving the same thing.

I think you can safely cross out the 'inadvertently' part.


Stiki Wiki, a WYSIWYG wiki platform has been undergoing a lot of changes in the past few weeks. Very cool stuff. I like the previews for the incoming/outgoing links (the hover lines are a nice touch). These are great for giving context to otherwise hard to visualize structures.

Nearly 36 Million Americans Live in Poverty

Some 1.3 million Americans slid into poverty in 2003 as the ranks of the poor rose 4 percent to 35.9 million, with children and blacks worse off than most, the government said on Thursday in a report that fueled Democratic criticism of President Bush.

holy typo

Follow-up on mefi about Bush's latest accomplishment.

Ya'll don't get it, do you? Poor people don't vote. And he controls all arms of the federal government and has corporate media in his pocket. Add electronic voting systems with no oversight, and, well, ya'll are being tooled.

Probably mentioned before:

What I need to do is sit down for a week or two and make a big chart comparing these things. Luckily I'm getting paid to do that. The next thing I need to do is to take the best of these, mix in with my improvements, and build something better. Maybe I can get paid to do that too...


Sony marketing manager Atsushi Kubota said his company wants to promote a wide range of music players in the Walkman lineup, including various types of disks and memory cards, not just the hard drive. Global Walkman sales still total US$20 million a year, according to Sony, compared with more than 3.7 million iPods shipped worldwide so far.

This blurb from a Taipei Times article tries to make it seem like Sony is still in good shape (20M > 3.7M), but when you realize that it's comparing dollar to unit sales you can see the gravity of the situation. At a conservative 1M units/yr @ $300 (I know it's more and it's going up), we're talking about a 15x (and realistically, probably more like 20x) sales figure difference here. Sony is getting its ass completely handed to.

Don't worry, I'm sure that converting all music to DRM'd ATRAC is the way to go. People love that.

Dustin, from yesterday's Andrew WK / They Might Be Giants show.

Dustin on the decks

(file under: improving portraiture)


I was telling a friend about the IP minefields I had implemented in various folders to keep snoopers out. I remember that I mentioned this at OSCON and other people had also mentioned that it was a great idea (that hadn't been done before?). It is a good idea, and trivially easy to implement. So here's the PHP source:

$deny = '# ' . date("D M j G:i:s T Y") . "\n";  
$deny .= 'Deny from ' . $_SERVER['REMOTE_ADDR'] . "\n"; 
fwrite(fopen('.htaccess', 'a'),$deny);

The hard way to write persistent logins:

First create a secret salt:

// For SHA1 hashes
define('SECRET_SALT', 'SHA1 a seekrit salt...');

Then, look for a previous authentication ticket:

// First, check to see if there's an authentication ticket
if($authticket = sha1($_COOKIE['upauth'])) {
  $sql = "SELECT * FROM user WHERE authticket = '$authticket'";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());
  if($row = mysql_fetch_assoc($result)) {
    if($authticket == $row['authticket']) {
      // Welcome Back
      $_SESSION['username'] = $row['username'];
      $_SESSION['password'] = $row['password'];
      return 1;

Set the authentication ticket in the login check:

if($_POST['remember']) {
  $authticket = sha1(SECRET_SALT . $_SESSION['user_id'] . time());
  $sha1ticket = sha1($authticket);

  // Update SHA1 of authticket
  $sql = "UPDATE user SET authticket ='$sha1ticket' WHERE id = {$row['id']}";
  $result = mysql_query($sql) or die("Failed query: " . mysql_error());

  // set authticket in upauth cookie for a year
  setcookie('upauth', $authticket, time() + 31556926);

Add the ticket removal code to logout:

// remove upauth cookie
setcookie('upauth', '', time() - 86400);

Note: if you want to make sure that the ticket expiry hasn't been tampered with, you're going to need to digitally sign or store the expiration date in the database.

Now, the easy way for permanent logins:

$session_expire = 60 * 60 * 24 * 365;
ini_alter("session.gc_maxlifetime", $session_expire);
ini_alter("session.cookie_lifetime", $session_expire);

I can't really see anything wrong with this approach actually... Makes your session id's a bit more exposed (Also, you don't have a choice for one-time logins, you just have to remember to log out). Not sure how running the ini_alter() affects performance.

Movies to see:


I've set up Trac at work twice now. I haven't had too many problems with that, but it is a couple of steps on Debian.

While not perfect, it is the closest I've seen to an integrated SCM/PM/KM tool. Also, it's progressing pretty well. v0.8 and v0.9 should add most of the missing features that I'd like. It's written in Python and Clearsilver and is GPL'd.


The current biggest things I'd like out of Trac:

A bunch of co-workers and I swung by Scott Kelby's Photoshop: Down & Dirty Tour class at the Convention Center today. A lot of very, very good stuff. Among the best:

So very worth your time and money.



It's been a while since I put up any music, but Jason's recent post on The Killers reminded me of putting up some of the stuff I've been listening to that I'd label as 'damn catchy.' Yeah, the Killers are pretty good in the regard, but here's some more:

More: Wrens, Sparta, Subset, The Album Leaf


Hardware edition:


I finally picked up a WRT54G ($61 now, + $10 rebate). This is a v2 model (200MHz MIPS chip), and seems to load up firmware 3rd party firmware ok. The main thing I want is traffic shaping, but stats might be nice too.


This RIAA TP is a great idea. Maybe there should be a Bush version.

Now this is interesting, w3compiler, a self-proclaimed next-generation markup and javascript optimizer.

Unfortunately, it's a Windows application. What I really want is a standalone compressor/script that will compress on check out from CVS/Subversion (would be nice if it automatically tracks updates to the publish tree). This would be stupendous for webapps. An Apache module to do the same might be interesting, although you'd probably want to cache the resulting JS optimizations.

As far as space saving goes, mod_gzip/mod_deflate probably has you 90% covered already, but it'd be interesting if someone wrote a JS compiler based on real-world JS-engine performance results. You could create different targets for each browser based on those profiles. Also, you could probably get some mean compression (and maybe some additional security) if you had distributions of lookup tables for compression/as pads.

Ahh, if only I had minions to do my bidding...

Doctor Unclear went offline from his old site a couple years ago but a Google search turned up his new (to me, at least) site. Dr Unclear was a favorite from a while back for his interactive JS/DOM demos. It's one of those random, rarely touted and easy to miss sites that's a complete gem. (I'd include Jeff Greenberg's JavaScript Optimization page in that group)

TODO: gather good documentation, resources for JS/DOM/CSS

Some collected tweaks to Apple Mail.app:


I've been meaning to finish my new updating system before posting, but looks like that's going to be at least a week or two off while I clear my plate off with other things.

I got the latest issue of Res last week, and while there weren't any new spectacular music videos (one of the results of going to the monthly Res screenings), there was an amazing trailer for an amazing looking documentary, BattleGround: Dispatches From the End of Empire.

While a medium-sized trailer is available on their site and on archive.org, I decided to rip a high-quality XviD AVI [53.1MiB]. I've been showing it to everyone at work, it's that good.

BattleGround Trailer

From the forums, it was shot in three weeks, on a DVX100 (although it looked like there was a secondary camera as well) by two people. The footage is amazing and the editing is really great. I hope this gets picked up. (it's been submitted to Toronto, Venice Biennale, and Telluride) It would be a shame if it weren't and I'd love to see it playing on the big screen.