These guys in Germany built a 3D facial reference model out of some 200 faces (watch the video at Wired) then used it to extrapolate 3D face model out of 2D photos. Since the reference model includes facial expressions and variations, resulting models can be changed to add weight, age, and even smiles. Wow. Face morphing application alone could be very useful but 2D to morphable 3D face modeling is just fantastic.
 

I think discovering security holes is clearly benefitial but inventing new tools that make it easier to exploit those holes seem overzealous to me. Yes, I understand these tools can be used to protect but what about tools that use questionable means? Jikto, for example, uses unsuspecting website visitors' browser to scan other websites for holes. Would any businesses use such tools to protect their sites? If not, who does it benefit? Is it security researchers' job to push the envelope of black hat's state of art?

"This is going to drastically change the scope of evil things you can do with JavaScript," Hoffman said. "Jikto turns any PC into my little drone. Your PC will start attacking Web sites on my behalf, and you're going to give me all the results." – Billy Hoffman, creator of Jikto, a researcher at SPI Dynamics

  <p>I believe that even the loftiest principles should be bounded by context. While I don&apos;t think security research should only be done reactively, I think active research community should provide better guidelines to prevent people going overboard. 

Adobe released an alpha version of Apollo, a rich-client platform based on a tightly integrated mix of Flash and web browser. The Flash part of Apollo builds on Flex2/Flash9/AS3/AVM2 bundle of acronyms and the web browser part comes from WebKit, which Apple is also using in Safari. The weight of the merger amounts to about 8MB of runtime code. With runtime installed, AIR applications (*.air) can be downloaded and run. It's similar to the way Java WebStart works: almost but not quite like regular applications.

Flash runtime footprint has always been rather small and so is WebKit so it's a good match. And Flash applications can be pretty small but I have a high respect for engineer's capacity to be sloppy and wasteful so monster-size Apollo apps is likely to be a norm. It will be interesting to see whether graphics-oriented nature of Flash developers will outpace over-architecturing nature of Java developers when it comes to bloated code.

The major issue I have with Apollo is this: it's too WebStart-like.

RUNTIME DEPLOYMENT: I haven't been able to locate any document outlining Apollo runtime deployment strategy. I don't see box-makers nor OS makers shipping Apollo runtime built-in without forcing Adobe to bleed a lot of money or years of lawyering so they are in the same muck as Sun is with Java and WebStart. Cross-platform advantage of both platforms is nullified by .NET's built-in advantage IMHO.

APP DEPLOYMENT: AIR app installation, as of this alpha, require a file download, double-click to launch, then three dialogs on Mac (haven't tried it on PC yet). It's IMHO unnecessarily complex and annoying. WebStart app installation is annoying too but to a lesser degree. .NET apps are regular executables so .NET has the advantage here.

MEMORY FOOTPRINT: Like Java and .NET apps, Flash app memory footprint is rather large, in tens of megabytes. While this is not a major issue for really useful rich client apps, it's a burden that will suppress popularity of simple (in terms of functionality and developer time investment) Apollo apps which are necessary if not essential to float an application platform like Apollo. But then both Java and .NET shares this problem so this is a non-factor from competition perspective.

I can go on but I'll stop here for a premature conclusion: Unless Adobe make some serious changes, Apollo will be relegated to same lackluster status as WebStart and a tool for building pretty-yet-rarely-used widgets. If all Adobe wants to do is grab some headlines and become a subject of empty speculations for a while, I am sure they wil accomplish that, until attention moves elsewhere. But if they want more, they will have to stress more on shipping Apollo as the next generation web browser, not a not-quite-visible tide carrying a flotilla of cute apps functionally indistinguishable from other apps.

There he goes again. Dave Winer hooked up NYT feed to Twitter, turning Twitter into a high frequency syndication network of sort, a killer app for Twitter IMHO. Since it's a personal use, it doesn't have the hangups of social use. Social angle can still have high relevant though if it is easy to 'bounce' individual one-liner news (hopefully with links intact) to one's twitter account. Bouncing incoming news to network of followers makes Twitter viral and turns useless "what I am doing" chatter into more useful "what I am interested in", a meaningful context for conversations and reference point. In simple-speak, interests last much longer than acts (most of which are irrelevant, not only to others but to the user).
New solutions create new problems. If Twitter becomes a medium for real-time mobile news delivery, user experience could suffer because there is only one inbox: the user's Twitter account. Something clever has to be done to help users sort things out. Another big problem is the misfit between Twitter's trickle-like user experience and flood-like output news media as a whole pumps out. News filtering technologies will have to be weaved in carefully to choke the flood without destroying ease of use.
Anyway. Kudos to Dave for coming up with an ass-simple (aka obvious in hindsight) use for Twitter. 

I've been eagerly waiting for Tiger Wood PGA Tour 07 for Wii because I enjoyed the golf game in Wii Sports. But the game didn't live up to my expectation. Why the hell didn't they just embrace and extend Wii Sports golf game?
Instead of just swinging the club to practice, I have to press '-' to get into practice mode. And to hit the ball, I have to press the B (trigger) button instead of the A (thumb) button. Swinging the 'club' while keeping the B button pressed feels very awkward, enough to make me wary of repetitive strain injuries like carpal tunnel syndrome which I've learned to avoid while typing. It feels better when the club is swing one-handed but that's not what I want to do.
Just as aggravating is the putting screen. Once the ball is on the green, putting mode starts which turns the tranquil green into a f**king disco. WTF? And having to watch a cut scene of my character grimacing every time I hit the ball made me feel like strangling my own avatar.
All I really wanted was more courses and more accurate swing detection for Wii Sports golf game because that game was designed to perfection. Instead, what I got was a moronic game which I stopped playing after just 10 minutes of constant head-shaking.

Update:

There are many things wrongs with the game which I forgot to mention: confusing flow, unreadable scores and stats, frequent false swings, putting stutters, unusable character designer, etc. When you first start the game, a tutorial starts automatically without an obvious way to get out of the tutorial. Then when you try to start a game, you have to do this funny dance of selecting your character. And overall feel of the game just didn't compare to Wii Sports golf game. Definitely not recommendable. I would rather pay $100 to get a dozen new courses for the Wii Sports version than this crap.

Like Dave, I have little use for Twitter. Even if I did, chances are that others won't. As a consumer social networking technology, I think it'll be popular enough for fame and fortune to revisit Ev. But as an enterprise groupware technology, I doubt it will make it over the looming wall of…office complacency. Even more established technologies like blog and wiki are still scaling that wall.
Having it installed is not the problem although tyranny of the IT department is no joke. The problem is in getting people to use the tool. Unless you can build up a critical mass of users fast, the tool will eventually tossed aside from disuse and rotting bits.
Opt-in adoption of new technologies works in the consumer market but, in enterprise settings, the same will rarely work. The fact that social software's effectiveness depends heavily on wide-adoption also makes that weakness critical.
It's easy to idly project latest coolio technology into enterprise software market, as easy as pointing a flashlight into a thick bank of fog. Don't believe what you see is what you'll get.

I think the problem with Web 2.0 and AJAX hype is not with the metapor nor technology but with the people. They seem rather empty to me, more class clowns than bread earners. What ever happened to all the startups mentioned in TechCrunch? In reflection, they were more like TV pilots than businesses. Here today, gone tomorrow. How many of their products are truely useful? Coolness doesn't put bread on the table nor is it a good measure of usefulness. All it brings is 15 minutes of fame. For  something to be useful, people have to use it everyday from day one until something better shows up. Do you use YouTube everyday? Digg? Do you see yourself using it a year from now?
I agree that the world is changing right before our eyes but I think the stuff we see now are more likely to be flying debris than newfoundlands. And it doen't help much that so much of that are built on mushy ad-based landscape. Lacking utility and ad-based…doesn't that sound like an entertainment business? Is that all Web 2.0 is? A geek version of entertainment business?

Sorry. I am in a pissy mood tonight.

This morning — technically noon, ahem — I woke up with some search engine ideas to add to my pile of ideas, all duly buried/planted in my notebook. Once a week, I sit down and shift through my notebook of ideas, reassessing old ideas and cross-polinating with new ones. Two of today's search engine ideas look good while the third is less interesting because it's probably what Wikia is working on: wiki-based web directory.

Speaking of web directories, Yahoo should think about rekindling their web directory business. I think it's going to come back in style soon.

According to this article at Hardened PHP site, well-placed image upload will let any flash movie cross-domain access to the image URL's subpath.
Flash cross-domain policy file can be anywhere and, because Flash plugin doesn't check the file format throughly enough, even hidden inside an image masquerading as a valid cross-domain policy file. Once the image file is there, any movie can call loadPolicyFile with the image's URL to access resources without tripping cross-domain policy check.

Oy. Now we have to scrub images as well?

I've been tinkering with sound synthesis using Flash. This wasn't possible before but, with Flash 9 player, one can do using Loader.loadBytes to create and load SWF files (containing sound or whatever) from within a running Flash movie. You can find details and some code at FlashCodersBrighton blog.
Aside from CPU load affecting sound and random clicks from timing mishaps, I think this method is too slow because a movie has to be created every time a sound channel needs to be filled again and, at 44K samples per second, even Flash 9 JIT-compiled code will start to sweat if buffer is too small. And, if buffer is too large, latency will affect the sound output. Also, since a 16-bit stereo track will need a 176K buffer for 1 second of sample data, memory requirement for multi-track real-time synthesized music becomes problematic.
One short-term solution is to give up the nicety of assigning a SoundChannel to each track and mix internally so that only one SoundChannel is used as output. I think this is how André Michelle got relatively good performance with his synthesized drum demo because I had trouble getting similar result using per-track SWF loading. Track-specific pan and stuff has to be done manually instead of relying on SoundChannel though. Also, even André's demo has problems on slow or old machines.
In conclusion, I don't think it makes much sense to dance on this particular bleeding edge when the next version of Flash could have built-in support for this and more. Unless you are desperate, of course.