Month: June 2005

Sidebar Communication

Hollywood social networks are using IM Status (i.e. Busy, Away) as a communication channel (i.e. Status: Need Work). Excellent idea!

For Dave's Instant Outliner, this could be done very easily so one could see status of team members, friends, and family.

For blogrolls, a short status description element can be added to each feed. Blogroll has to be live though for this to work. How would it look? Where you see the orange XML pseudo-image on my blogroll to the right, you would see short messages from the bloggers like Need Work, Help Wanted, In Japan, Sick, or simply RIP for grave bloggers.

Note that the status could be little graphics like Sparkline or an image. Status of a dog, for example, will be a webcam snapshot.

Wie and Hee-Seop Choi Day

Just finished watching Wie, cute 15 year old Korean-American amateur golfer, finish second place in the LPGA Championship, just 4 shots behind Annika Sorenstam. Excellent. Too bad her amateur status means she won't get the prize money ($160K!).

Meanwhile, Hee-Seop Choi (LAD) is having another great back-to-back home runs. He hit 2 on Friday, 1 on Saturday, and 2 so far today, all against Minnesota Twins. Go Choi!

Update:

Make that three! He homered again in the 6th, right after I pushed the submit button. Crazy. Let's see if it works again. 😉 Go Choi!

Korean Netizens Attack Dog-Shit-Girl

It began in a subway train with a girl whose dog made a mess on the train floor. When nearby elders told her to clean up the mess, she basically told them to fuck off. A nearby enraged netizen then took pictures of her and posted it, without any masking, on a popular website which started a nationwide witchhunt.

Within hours, she was labeled gae-ttong-nyue (dog-shit-girl) and her pictures and parodies were everywhere. Within days, her identity and her past were revealed. Request for information about her parents and relatives started popping up and people started to recognize her by the dog and the bag she was carrying as well as her watch, clearly visible in the original picture. All mentions of privacy invasion were shouted down with accusations of being related to the girl. The common excuse for their behavior was that the girl doesn't deserve privacy.

While the girl clearly behaved badly, those Korean netizens' behavior is even worse and inexcusably so. Abuse by the mob is indistinguishable from abuse by dictators yet they just don't see it in the heat of righteousness. Are they wary of ruining her life or hounding her into suicide? I doubt it. To quote some of them: her life deserves to be ruined and she won't kill herself because she is a thick-skinned bitch.

WTF?

Update:

What would I have done if I was at the scene? I would have just cleaned up the mess without saying anything just like the elderly man did: mess is cleaned up and the girl, embarrassed at the right level.

Transparent society? It looks more like a society of gadget-wielding finger-pointers to me.

Update:

Dog 'Poop' Girl Redux is an excellent recount of the DSG incident and news trail that followed.

Using Random Names Against Browser Frame Injection Vulnerability

As you can experience though this Secunia Multiple Browsers Frame Injection Vulnerability test page and recently reintroduced into Firefox,  other websites can easily inject their own page into a frame from another website. How does it work? Just set the link target to the name of the victim's frame.

One possible quick protection against frame injection uses random frame names. If the name is random, they can't target the frame. For dynamic content pages, random frame name can be saved as a session attribute and injected on the fly into outgoing pages. For static content pages, javascript code can be used along with a session cookie to set frame contents from the client-side.

Note that older unpatched version of browsers that allows cross-domain script access to frame names are still vulnerable. I've checked that IE6 SP2 and Firefox 1.0.4 do not. Not sure about others though.

Caveat: I whipped this up after only a brief study of the vulnerability today so beware that it is offered only as-is.

Identity as a Verb

To me, identity is not something one has, like InfoCard or a key, but something one does, a verb if you will. Identity is like the equal sign of an equation. For identity to happen, you need both sides of the equation.

In the real world, identity happens when I see someone I met before. I compare the face in front of me with the face I remember and, voila, identity happens. Identity stops happening as soon as the person walks away or the person hits me hard enough to faint.

Likewise, online identity happens when a website and I agree on some piece of secret and then I later show it. Yup, the website would say, you showed us what we saw before. As soon as that is done, the website has to give me something else because identity is an event and the website will forget who I am otherwise. Usually, they give me a ticket which I have to show everytime I say something. When I am done with the website, the ticket is thrown away.

But does the website know who I am? Nope. If I tell them that I am the Don Ho who sang Tiny Bubbles, they'll accept that so, when online identity happens later, they'll be able to say Yup, you showed us what we saw before from a guy who claimed to be Don Ho.

At this point, I forgot what I was going to say. It's too bad that, like identity, enlightment is a verb.

Music in MMORPG

Star Wars MMORPG is having an interesting problem: how to let people play virtual instruments without violating copyrights? Adding a smart melody detector wouldn't work for technical reasons, probably not for another ten years so.

More practical solution would be to introduce a virtual gadget that lets people record music, more specifically record the notes generated from the music instrument a targeted player is using. Since the instruments are probably simply generating MIDI notes, storage won't be a problem. The recorder should be invisible though so it can be used without others noticing. For fairness, the recorder could easily take into account the number of players within listening distance and the nature of the space (private or public).

Yes, I am talking about using reward and penalty combined with evidence collecting device to solve the problem. So when a player playing a Madonna song gets reported, reporting player gets some online money anonymously (voiding the violation event pointed to by the evidence void). Copyright violating player can pay a fine ($1 on the next bill) or choose to buy a reasonably priced license to perform publically in the online world a month. If they don't pay up, their musician skill is suspended for escalating durations.

As to how the violation is determined, violating player is sent a notice of violation and, if they dispute, a reward-motivated player playing the mediator/judge decides whether the violation claim is bogus or not. If not, then it's kicked up to another level and so on. Ratings on each player prevents abuse of the system.

The solution outlined above will make both players as well as copyright holders happy without stressing resource. It will add a lot of emotion to the game as well. LOL.

As Usual

Not much happened this week except the usual. Execs mused. Marketers pumped. Engineers argued. Grunts humped. Busyness as usual. The only thing that keeps me from exploding out of this boring situation is that I am too busy to think. APWG meeting in San Jose came and went before I looked up long enough to remember that I was planning to attend. Sheesh.