?

Log in

Jen's Sweetie and Code Poet [entries|archive|friends|userinfo]
Jen's Sweetie and Code Poet

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Google, Firefox, and Privacy [Dec. 11th, 2007|05:42 pm]
Jen's Sweetie and Code Poet
[Tags|, ]

[Hey, I'm on a roll.]
[Edit: forgot step #5]

While I'm ranting about potential privacy issues, I thought I'd point out something annoying that happens when Google and Firefox get together.

At some point, someone convinced some of the Firefox developers to add a 'prefetch' feature to speed up web browsing. This means that it will automatically download some of the links in the background, making your browsing experience appear to be a bit faster.

Google makes use of this feature -- they mark the first few links (the ones you are most likely to click on) with a marker that says 'prefetch these links'. Thus, while you are pondering what result is actually useful, it can actually load them.

Sounds good right? The uncomfortable part comes along when you have a site like Amazon.
  1. You do a search for something and Amazon ends up in the top-5. Amazon has a huge Page Rank and has a ton of content, so this isn't especially unlikely. Even if you aren't looking for a product.
  2. Pre-fetching kicks in. A request is sent for some product page.
  3. As a side-effect, Firefox will send your Amazon cookie (if you've previously logged in).
  4. It will also send the contents of your query (because it is embedded in the Referrer header).
  5. Amazon now associates it with your account as a 'visit' (for recommendations, history, etc)
The first time I noticed this, I visited Amazon after a doing a few Google searches and noticed that it had recommendations for me that were "similar to one of my recent searches". I thought I was losing my mind for a while ;)

How to turn this feature off:

You can read more about link prefetching (pretty technical) at the Link Prefetching FAQ. They also explain how to disable it. 

Unfortunately, this isn't exposed via the UI (you need to play around with about:config).

Link1 comment|Leave a comment

Facebook and Privacy [Dec. 11th, 2007|05:03 pm]
Jen's Sweetie and Code Poet
[Tags|, ]

[Still not dead ;) The recent privacy issues with Facebook Beacon have inspired me to post.]

The Beacon sounds like a neat idea. I like being able to share my (dubious) tastes with other people automagically. I like Amazon's wishlists, Last.fm's automatic music tracking, I've flirted (briefly) with twitter, and played around with some interesting mobile phone tracking tools.

Clearly, I don't mind sharing :) So what's wrong with beacon?

The problem is that they don't give their users (or anyone) a way to control information leakage. It works roughly like this:
  1. Purchase a product or perform a 'trackable' operation at an affiliated site. (a list of these is available in my first link)
  2. Some Facebook-provided script is included in the page by the affiliate. This script sends a message to the beacon web service. It looks something like: "A movie called 'The Matrix' was purchased".
  3. If the user has ever logged into Facebook, the message will have a cookie attached. The message becomes "A movie called 'The Matrix' was purchased by 'Adam'".
  4. If the user has never logged into Facebook, the person associated with the purchase is unknown. However, they will get a cookie of their own. The message becomes "A movie called 'The Matrix' was purchased by '12345'".

This doesn't seem too invasive for the case of a single 'leaked' purchase. However, it becomes more interesting once many different 'beacons' are sent out. Instead of having a single pseudo-anonymous entry ("Someone purchased 'The Matrix'"), they now have a lot more data to work with:
  • Ebay is participating. Now you've leaked your ebay ID if you've posted any auctions. That's much easier to link to a real-world identity.
  • Travelocity is also participating. Now you've leaked your travel plans.
  • Check out the link for a more complete list.
They claim that data from users that aren't Facebook members is just discarded. This still isn't acceptable:
  • It requires that we trust a company that doesn't have any reason to have access to personal information anyway.
  • It assumes that they won't change their mind in the future.

Want to disable this completely? Some helpful person wrote a quick howto for firefox.
LinkLeave a comment

Scouting and Wilderness Encounter Distances [Feb. 14th, 2007|04:50 pm]
Jen's Sweetie and Code Poet
[Tags|, , ]
[Current Mood |geekygeeky]

[More ad&d stuff for your reading pleasure(?)]
[Updated: one of my players saved the day and pointed out the section in the DMG that I had been missing!]

I've found determining the exact distance between the party and a wilderness encounter to be a little difficult. So I spent a bit of time reading about Spot and Hide and figuring out how I wanted to apply it. I came up with the following house rule for scouting.

LinkLeave a comment

Adventure: The Erstwhile Apprentice [Jan. 27th, 2007|01:49 am]
Jen's Sweetie and Code Poet
[Tags|, , , , ]
[Current Mood |pleasedpleased]

As posted by gaeming, I DM'd an AD&D game (set in the Forgotten Realms) this evening. I decided it would be fun to post my thoughts on the session here.

Cut to avoid flooding everyone's friends page :)Collapse )
Link2 comments|Leave a comment

still alive (who knew?) [Dec. 11th, 2006|12:29 am]
Jen's Sweetie and Code Poet
Oh my. I haven't updated my journal in over a year.

What is even more slack, is that my motivation for posting is to see if Mugshot will automagically pull the RSS feed for my journal.

I'll try to post something actually meaningful later ;)
Link3 comments|Leave a comment

Kraft giving away DDR pads for the cost of shipping? [Jan. 22nd, 2006|04:16 am]
Jen's Sweetie and Code Poet
This is really strange.

Apparently, Kraft (yeah, the pseudo-cheese company) is giving away DDR pads[1] for the cost of shipping ($10). It is USB-based (for the computer only) and works with Stepmania[2] as well as some Kraft-branded games.

Links:
[1] http://www.kraftbrands.com/activegame/pad.aspx?e=email
[2] http://www.stepmania.com/

If someone tries this and gets one, let me know :)
LinkLeave a comment

LocationFree and the PSP [Jan. 14th, 2006|04:35 am]
Jen's Sweetie and Code Poet
So I've been playing around with a LocationFree basestation for a few weeks now. It allows you to stream an audio-visual feed from your vcr/cable/tivo/dvd player/etc to a LocationFree player. The most interesting player is, of course, the one baked into the 2.60 firmware for the PSP.

Notes:

+ The quality is pretty good. Although, it obviously isn't a DVD and it doesn't look as nice as an AVC encoding played from the memory stick.
+ It comes with a remote-control "repeater" and a reasonable set of codes for common devices. This allows you to use an on-screen remote control to interact with your device from anywhere with an internet connection. I haven't tried using it yet.
- There is no way to "learn" new remote codes. The format seems to be closed and the EULA threatens you with dire consequences if you mess with it. However, the set of remotes is downloaded from their server, so I imagine they could update it.
- The encoder seems to have a 4 second buffer. This delay makes navigating DVD menus (for example) very awkward.

Wishes:

* I wish you could publish your mpeg4 encoded files (divx, etc) from a PC to your PSP, instead of having to get a base station. If you had your content pre-transcoded to the right settings, you could stream it directly to the PSP with a minimum of CPU load (the encoding is the expensive part).

* I wish the PSP was a upnp-enabled media player client.

* I wish they would allow you to "remote" applications from your computer to your PSP this way. (VNC, RDP, etc)

* Even better would be the ability to forward games from your PS1/PS2 (PS3?) to your device. Currently, the encoder latency makes this totally infeasible. Even if they improved that, WAN latencies would probably make any non-turn-based games unplayable. And the controls are quite different. Still, I'd love to play through the entire final fantasy series again on my PSP.
LinkLeave a comment

Microsoft releases "Express" editions of visual studio for free [Nov. 16th, 2005|08:08 pm]
Jen's Sweetie and Code Poet
You can download the Express edition of visual studio 2005 for free until Nov 2006. Pretty neat. (they don't expire, so I don't know why they added the "until Nov 2006" part)
Link1 comment|Leave a comment

Sony DRM Saga, Episode 5: Microsoft Strikes Back [Nov. 14th, 2005|10:36 am]
Jen's Sweetie and Code Poet
It looks like Microsoft will be removing the Sony rootkit in the December Malicious Software Removal Tool update.
LinkLeave a comment

Sony music CDs, rootkits, and you. [Nov. 10th, 2005|11:25 am]
Jen's Sweetie and Code Poet
[Tags|]

[Edit: I forgot to mention that this shoddy software can also crash your system and makes it easier for attackers to hide from your anti-virus software if your machine is infected with malicious software.]

If you've missed out on all the drama, a quick summary:

It turns out that Sony has been installing "rootkits" on their customers machines when you insert their copy-protected CDs into your machine.

The EFF has a great summary of this, along with a list of "protected" CDs that you should probably avoid.

A partial list follows:

Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (labeled as XCP, but, oddly, our disc had no protection)
My Morning Jacket, Z
Santana, All That I Am
Sarah McLachlan, Bloom Remix Album


The EFF article also lists some techniques that you can use to spot this abusive technology before you make a purchase at a retail store.

I strongly recommend that anyone using windows takes their advice and disables "autorun". This will prevent software from being automatically installed by just inserting a CD into your drive. This will prevent installation CDs from doing the same thing, but you can still get to your installer by browsing to the drive from "My Computer".

Other interesting events:

CA (an anti-virus/spyware vendor) will soon flag this software as spyware (in their next update).

A number of lawsuits have been filed.

Some clever folks have totally wreaked the amazon review rating for many of the copy-protected CDs.
Link4 comments|Leave a comment

navigation
[ viewing | most recent entries ]
[ go | earlier ]