Two interesting posts from Omar Shahine.
He discusses IMAP client development issues he encountered while implementing IMAP support in Microsoft's Entourage (?) and has this to say about Thunderbird (Mozilla e-client still in development):
Thunderbird is an almost perfect IMAP client for Windows. If you use IMAP, this is the product for you.
He also points to a nice table showing the effect of HTML DOCTYPE settings on the CSS Box Model (read layout depends on DOCTYPE).
Google-free Yahoo Search is out (via Scott Loftesness). The interesting thing is that ranking algorithm used seems to be very similar to PageRank used by Google. For example, I am the 11th 'Don' on both services. I used to be the 9th but the acceleration of global warming trend dropped me down a couple of notches.
A banker from downunder and a wee to the right just informed me that he can't read my blog because WebSense, used by his bank, is blocking the Docuverse domain. I know where to go for regular checkup of my credit ratings. Where can I go to find out whether I am on blacklists and how can I get myself off them? Is there a notification service and correction procedures for blacklists? If not, I think there is a need for such a service so I'll help in putting one together.
I know that Orkut is a tired topic already, but here is a map from DataWhoreHouse showing distribution of Orkut members who exposed their general location on Orkut (via Scoble and Liz at Many2Many). Hmm, no, I didn't have to pay to get layed.
<
p align=”left”>Mostly what I expected except Silicon Valley looks like Death Valley for some reason. A bug?
As the dictator of this blog, I need your input, suggestions and criticisms alike, so I can improve the blog. So tell me what you like or don't like about my blog. I know I need a shave, but the damn thing keeps growing so don't bother with comments about my beard. Love confessions and blatant admirations or disgust are welcome as well. If you are a hacker, I would love to hear what you think also.
Oy. I have been thinking too much about syndicated data feeds. I looked at my neighbor's willow tree and saw feeds. I see a feed when I look at a roll of toilet paper. Thank goodness I chose Japanese over Italian for the Valentine's Day dinner. It's time for a break, hopefully as far as away from any string sales persons, before I start thinking of myself as a feed.
Update:
Speaking of feeds from the restroom, Jeneane Sessum drew up this excellent diagram:
Hey, it's Party Time! – A-List Dungbeetle
I didn't know how the Mars rovers landed until I saw this picture that shows how Opportunity landed and then bounced into a crater.
Amazing. I wonder if they planned to put the rover into the crater. Here is an overhead picture of the rover and the lander.
This post describes variations of an idea that reduce the vulnerability discussed in Visual Spoofing and Visual Illusions posts.
Below is an example of a phishing attempt using the visual spoofing techinque (clickthrough to see it fully). It shows a browser window containing an image of a explorer window and an fake HTML form inside a DIV section. While wary experienced users will catch on to what is going on, naive users are not likely to.
The idea of phishmarking is to introduce features to the UI that clearly distinguish the real UI from the fake UI. Appearance of the feature should vary depending on on who (user), when (time), and possibly what (site). Site dependent feature is a big topic so I'll discuss it in future posts.
When I came up with the idea of phishmarking, I was thinking about tigers, so I originally thought of using tigerprint-like patterns to be embossed into the background of UI components like toolbars and titlebars. Other patterns will work just as well as long as the pattern is not a simple geometric shape and has some random elements to it. I call these patterns phishmarks.
Note that phishmarks doesn't have to be present all the time on the UI as long as the phishmark appears briefly within the time frame that typically takes to be fooled by a fake UI. In fact, I recommend brief display of animated (to draw attention) phishmark over static phishmark which could clutter up the UI.
A simple, easily implemented, form of phishmarking is changing UI colors. But this technique is not as effective as using animated phishmarks as you can see for yourself in the following screenshot. It's same as the screenshot above except I have changed the UI theme from default blue XP theme to silver XP theme.
In this example, the color change was not drastic enough to cancel the illusion created by the fake UI and the power of branding (logo, graphics, layout). Making more drastic color changes is possible, but not without affecting aesthetics negatively. More research is needed in this area to find the right balance between protection against phishing and aesthetics.
I have other ideas related to visual spoofing and visual security and will post them in the near future under the Secure UI series. Stay tuned.
See Also: Visual Spoofing, Visual Illusions
Update:
Please read the post about PassMark patent that could affect phishmarks.
It's always amazing to see your own neighborhood from out the space. Below is a picture of my home using Acme Mapper (via Esther Dyson).
The red circle is where my house is. What's funny is that I never been to the island across from my house and I am looking at it through a satellite's lense. Too bad there was nothing in the lagoon when the photos were taken. Oy, I am less than a pixel.
I wrote a comment elsewhere that was memorable but not exactly right, so I'll post it here as a note to myself.
Being fearless without being peerless is a formula for tragedy.
Maybe some of my quotes will make it into the book of quotes someday. 🙂
Don Park's Weekly Habit 