michaelkirkland.org/blog


svg_graph

I've decided to release a tool I developed for the self quantification system I'm building. svg_graph is a Javascript object that builds timeline graphs and injects them into XHTML documents.

I've tested it on Firefox, Chrome, Safari and Opera, and it should work on any browser that supports XHTML and SVG. Unfortunately IE doesn't support either, so it won't work there.

More information and download here.

3 Comments >> Bookmark and Share

USB Shenanigans, part 2

In Part 1 we demonstrated a lean usb bootable system that could be used for shenanigans. That approach requires a rather unattended system, and has the potentially noticeable drawback of requiring a reboot.

Here we'll discuss a method to get similar results without a reboot, and perhaps without even access to the computer in question. That method is the Windows autorun feature, which of course only our friends from Redmond are "helpful" enough to provide.

The autorun feature is a simple script that must be in a file named autorun.inf at the root of a drive. It lets you set a command to be run if the drive is doubleclicked in My Computer, one or more commands to be presented when the drive is inserted, and change the icon used in that list. All very thoughtful and convenient things for people up to no good.

The following is an autorun file that we'll be using:

[autorun]
shellexecute="stuff\stuff.bat"
icon=%systemroot%\system32\shell32.dll,4
action=Open folder to view files
shell\Open\command="stuff\stuff.bat"

This gives us a command in the list displayed that looks very similar to the default "just open the drive" command:

Many people will barely look at the dialog before clicking ok and running whatever shenanigans you have in the command. So long as you do actually open a folder on the drive for them, they may never notice. We can make it less obvious by appealing to our friends in Redmond's tendency to spam about the crapware they like to include. Put an image and audio file on the drive, and Microsoft will happily fill out the dialog with nonsense:

Microsoft has toned down this silliness in Windows 7. You'll not be able to crowd out the real command with spam, and your shenanigans won't be the default action. You can still make your script look inviting, but you'll be a lot less successful as people start upgrading:

I'll assume this is on purpose, most likely at least somewhat due to the multimillion node strong botnet built with the help of this sort of trickery.

However, there are still other ways to pull these shenanigans on Windows machines, without any (human) trickery and we'll cover them in part 3.

0 Comments >> Bookmark and Share

QT now LGPLed

I'd been hoping this might happen ever since Nokia bought Trolltech, but now it's happened.

Qt, the cross platform library most widely used as the base for KDE can now be used by all projects, regardless of the license they use. Qt is an awesome library, and Trolltech was certainly justified in charging for commercial licenses, but it effectively nixed any non-open source activity on the KDE platform. If you just needed Qt for KDE support, the licensing fees were just too onerous to consider. (They stopped advertising them at some point, but IIRC they were about $4k per developer per year.)

This didn't nudge people to opening proprietary software, it just pushed them away from KDE to Gnome/GTK. Now that this hurdle is gone, both projects can compete on their merits rather than their licenses.

0 Comments >> Bookmark and Share

Router side chats

Change.gov

Did the Americans just elect the first internet president?

I thought this was when he was supposed to sit down and soberly explain that, regardless of the campaign, he does not in fact poop sunshine.

He doesn't... right?

--

Update:

Apparently they've silently removed all the pages under the "agenda" topic. Granted this is all happening fast, but doing it surreptitiously isn't very encouraging.

1 Comments >> Bookmark and Share

Google releases a browser

Today Google released their new browser, Chrome. It's very pretty, sleek, and it implements an idea that's a been sorely needed in the browser space for a long time.

Chrome separates each tab into its own process, so if a page or plugin (*cough* Flash *cough*) causes a crash, it can only take out that tab. The rest of your tabs and browser instances keep going on their own.

This has been desperately needed in browsers for years. Most people keep at least one, and often several browser instances open at all times so it's quite a nuisance when some silly plugin brings the whole show down. Firefox has made some kludges to handle this, like the ability to restore a session after a crash, and they probably would have moved in this direction eventually.

Chrome also has a new, streamlined Javascript engine, v8. This, along with the robustness that a multi-process browser brings, makes Chrome an excellent platform for the web applications (like Gmail and Google Docs).

That's what Chrome is really about. If they can get it installed widely, they (and anyone else) can make an end run around Microsoft's OS monopoly. The clincher is an open document standard, which is why Microsoft has been fighting the Open Document standard so viciously, and trying to force their proprietary format through the ISO process. Without that, Microsoft can hold on to their OS monopoly by withholding Office from any serious competitors.

There are a few disappointments with Chrome. There's no ad filtering, and as yet no extension mechanism to implement it (though they've promised to rectify the latter).

Google is, of course, not going to be terribly keen about people stripping advertisements from the web, but they also will have to face the fact that it's necessary. I realize they have to walk a fine line with this, but they're in a great position to help mediate between the extremes of filtering absolutely everything (as many Firefox users do with Adblock Plus and EasyList/Element) and the downright offensive lengths some advertisers will go to to annoy the crap out of people.

Google could start a clearing house for web advertising with a voluntary code of conduct requiring advertisers to tag their ads appropriately for filtering by the browser. Public key encryption could be used to verify that an ad is released by a member in good standing. Users who don't want to see animated ads, ads with sound, ads for porn or whatever could filter those and let less obnoxious advertising through to support the sites they visit. There could even be an automatic negotiation between the browser and ad server. A user who may be willing to accept text ads could be presented with those instead of being forced to block all ads to keep the annoying ones out.

2 Comments >> Bookmark and Share

<< Previous Entries