A few weeks ago, Microsoft had its VML zero day exploit; this week, it's Firefox's turn.

Obviously, as more people are switching from Internet Explorer to Firefox, hackers are doing the same.

The thing that struck me about this particular problem was that the hackers gave no advance warning to Mozilla prior to their presentation, and

The hackers claim they know of about 30 unpatched Firefox flaws. They don't plan to disclose them, instead holding onto the bugs.
why are they holding on to them? one of the hackers explains:
what we're doing is really for the greater good of the Internet. We're setting up communication networks for black hats
for the greater good of the Internet? yeah right.

The scary thing is though that one of the hackers works for Six Apart, the company behind popular blogging software like Movable Type, Live Journal and Typepad.

Six Apart needs to do some major damage control, fire this guy immediately and review all code he may have had access to. It doesn't exactly ease my mind to know my weblog is running on code this guy may have had access to. Maybe it's time to move to WordPress...

UPDATE: it looks like this may have just been a hoax. Still not exactly good publicity for six apart though...

In my "Spam Suspects" email folder today, I noticed some spam which used Google as a redirection service, by linking to http://www.google.com/url?q=http://www.somespamsite.com. When trying this technique with some other site, I found that google responds to this query with a 302 redirect to the site in question. Clearly, the spammer was using this system to lure people who trust Google into visiting their site.

What I don't understand is why Google needs a public redirect system like this that is so obviously open to abuse. The google.com/url?q=... page doesn't seem to accept anything but already fully specified urls, so the sole purpose of this page is to do redirects.

The only reason I can think of for them needing a service like this is if they serve up one in a thousand search-results pages with redirect links, in order to log what people actually click on. If this were the case though, why not at least check the referrer to see if the user actually came from a google.com page? Am I missing something here?

Scott Hanselman and his wife will be joining the walk for diabetes on May 6 2006. They've set a goal of raising $10,000 for this event and could use your help in reaching that goal. I encourage all of you to go to Scott's blog to find out more about this worthy cause, or go directly to diabetes.org to make your donation. Thank you.

After seeing it in stock through their inventory locator, I drove by Circuit City yesterday to try and get myself an xbox 360. Since the store is about 20 minutes from my home, there was a pretty big chance they'd be gone by the time I got there, and they were indeed nowhere to be found in the showroom by that time. Then I noticed an employee carrying two to a counter, so I followed him, asked if they had more in stock (the ones he carried were spoken for), and was finally able to get me one.

When I asked the guy why they hadn't put them on the floor, he responded "we can't - there would be fights", suggesting this had actually occurred before. Then again, in an attempt to sell me their $70 extended warranty, he also told me half of them were returned to the store because of defects, so he wasn't exactly that trustworthy I guess.

First impressions:

  • While it looks pretty good on a standard TV, it's clearly designed for HDTV. Some of the in-game text can be hard to read at times on a regular TV, and the Need for Speed most wanted demo looked better on my PC with 20" monitor than it does on my 52" projection TV. Since I won't be buying a HDTV any time soon, I might just end up getting the VGA cable and connect it to my monitor instead.
  • Having finished Need for Speed Underground 1 & 2 on my PC, I thought I was pretty good at racing games. PGR proved me wrong - I've got a lot to learn (like: you should actually let go off the gas and brake before turns).
  • The built in PC connectivity is very cool, allowing me to access my entire music collection from the living room. There's also supposed to be iPod connectivity, but I don't think I'll even need to try that since the PC connectivity works so well.

For people still looking for one: Best Buy also has an inventory locator (though it's a bit buggy), or you could subscribe to xbox360tracker's RSS feed to be notified of availability at dozens of online stores.

Gamertag: aMillionMonkeys

My hosting company ran into some issues this weekend that, besides causing a two day outage for both my blog and for sharpreader.net, also potentially caused some email to get lost. If you sent me anything on Friday, Saturday or Sunday, you may need to resend it - I'm not sure how much is lost for good and how much will be redelivered later :-(

Also, if anyone has any positive experiences with hosting a 50+ Gb/month site at a reasonable price (I currently only pay $17/month), please let me know. This wasn't the first outage I've had, nor do I expect it to be the last. Maybe it's time to move on.

update: looks like my hosting company still has some issues to be worked out; I can't send any emails through outlook for getting some weird "503 valid RCPT command must precede DATA" error (though sending through the web-based interface seems to work fine), and for some reason my movable type install is not showing any of your comments. Comments have not been lost though, as I can see them through the MT admin interface, and am also getting the email notifications (i'm actually getting those twice now... weird) - I just need to figure out why it's not rebuilding the pages correctly...

update 2: email issue has been fixed - for some reason I had to use some outlook setting that wasn't needed before their servers crashed... now all I need is to figure out what's going on with MT...

update 3: turned out that all comments were in a pending status and needed to be manually approved (the email notifications conveniently failed to mention this though). My MT-Blacklist was setup to only force moderation on old posts, but since the crash-recovery it now seems to force it on new ones as well. Oh well - I'm long overdue for an upgrade to MT 3.2 + SpamLookup anyway; guess it's time to stop procrastinating (but not tonight).

Looks like Firefox doesn't like downloads over 2Gb... Or am I uploading instead of downloading? (the download completed just fine btw - the bug seems to be cosmetic only)

So yesterday, Apple finally announced their video iPod.

Personally, I think being able to play videos on your iPod rates somewhere between "Music Quiz" and "Photos": I just don't see it as being very useful. Owning an Axim x50v Pocket PC, which can play videos at twice the resolution of the new iPod, I've tried watching videos on a portable device before. My experiences with that device were:

  1. The screen's just too small
  2. The portability is really not that important as video (unlike audio) takes your full attention, so you might as well sit in front of a TV or computer instead. (That is, if you have that option of course. For people who commute by public transport, portable video may be useful (until they get mugged anyway))
  3. Windows Media Player on the Pocket PC sucks. The user-interface is clunky and video can at times be choppy or lag behind the audio. The Core Pocket Media Player works much better, but doesn't support wmv (so can't play any videos from channel 9 for instance).
  4. Moving video to the Axim is a pain. Using the standard (USB 1.1) interface is way too slow, and the alternative of using a USB 2 card-reader instead makes me feel like I'm back in the early 90s again, but with smaller floppys.
The iPod video should definitely improve upon 3. and 4. (though I'm sure it still won't support wmv), but can't do much about 1. or 2. unless you get the universal dock and remote, but then you're back to a non-portable solution again.

All this being said, my 3rd gen 15Gb iPod is on its last legs; its battery only lasts for maybe 2 hours at a time, and I'm tired of having to decide what songs/podcasts to take off every time it's running out of space again.

So once my iPod settlement check comes in, I will most likely pick up a new iPod anyway. Video may be getting all the publicity, but much more important (and worth the purchase) to me are features like a thinner body, a big color screen, 30 (or even 60) Gb of space and 20 hours of battery life.

But video? Meh.

UPDATE: According to Gizmodo, "there is going to be another, even bigger announcement from Apple next month". Considering it will probably take about another month before they send out the settlement checks anyway, I may just get whatever they come out with at that time. I wouldn't mind a 40Gb player in a scratch-proof iPod mini enclosure...

The American Red Cross Following Scott and Randy's great idea, I will be donating my Google Adsense revenue for both hutteman.com and sharpreader.net for this month to the Red Cross.

I have also added ads for the Red Cross to sharpreader.net, and to my weblog through this post (which, at my rate of posting, will be on my front page for quite a while:-).

If you have a site, go here to get your own banners.

To donate, please click the ad. Thanks.

Copyright © 2003, 2004 Luke Hutteman