The Pittsburgh Post-Gazette has a great profile of John Gilmore, as well as the fight he’s taken up against the government’s requirements to show ID before boarding planes. It’s a more in-depth and balanced piece than the others I’ve come across, well worth the read.

This morning (don’t you love that 12:55 PM is “morning”?), I’ll share a few links that found their way into all the tabs I have open, waiting to be read. The sharing is partly because I have to update my web browser, so I’ll be losing all those tabs soon; it’s also partly because they’re all share-worthy.

• The City Record and Boston News-Letter: this is a (TypePad-driven!) site run by Charles Swift and devoted to Boston’s history; Charles came across my June 2003 post about moving to Boston and wanting to spend time delving into the history of the region, and was kind enough to drop me a line overnight letting me know about his site. This is the kind of weblog that sits smack in the middle of my danger territory — I could start reading it, and get so engrossed and so obsessive that I might never come out.
• Guide to Using XmlHttpRequest (with Baby Steps): I posted last Monday about Jesse James Garrett’s piece on Ajax, the newest Big Thing in web development, but lamented that there still wasn’t a user-level guide on implementing it. Well, now Bill Bercik has done that, and I couldn’t be happier. I’m currently finishing off the reimplementation of one of my web applications in PHP, and after reading Bill’s piece, I’ve already started forming a mental checklist of places that I might want to think about using Ajax in v2.1 of the app.
• The MN Musolfs: OK, this one is mostly personal — it’s the new Blogger site of a friend of mine. The part of it that isn’t personal, and what motivated me to include it in the list, is that she (or her husband) is a natural-born blogger; in one page of posts, there are baby pictures, recipes (a hot tuna wrap!), and laments about the cancellation of the NHL season. I can’t wait to see where the site goes, and it’s nice to have the added way of keeping up with long-distance friends.
• Rolling with Ruby on Rails: this is a O’Reilly review of the web development technology that’s being called The Way Of The Future, and while I’ve been at this long enough to know that there’s as much hype as reality in claims like that, I’ve also been at this long enough to know that, at a minimum, being called that means that the technology is at least interesting. And according to this MetaFilter thread, some of my favorite websites were built using RoR. So I’ll give it a read.
• Stage Fright Remedy: this is a brother-sister guitar and vocal duo that Shannon and I heard on the “Talent from Twelve to Twenty” Prairie Home Companion show last weekend, and even though they didn’t win the competition, we really liked them. Turns out that they’ve got music online, and it’s already made its way onto both of our iPods. (Of note, I also loved the bluegrass music of The Lovell Sisters Band, but they’ve got nothing online, so it’s hard for me to keep listening to them!)

I tried to reply to Joe Holcomb’s rant about the Google Toolbar violating the DMCA over on his website, but his comment page won’t accept my comment, so I’ll do it here. This is the comment I tried to post:

Joe, I assume that you mean that Google violates Title V of the DMCA because it creates a copy of a protected design and then republishes it for use in trade; if I’m wrong, then I apologize. But if I’m right, then I feel I need to correct you, because despite you saying that Title V is “the section that protects copyrighted works online,” that’s just not true — Title V protects “certain original designs” (note the lack of the word copyright anywhere in the Title). And to be very specific, Title V only applies to boat hull designs. (The definition is right there in Chapter 13, Section 1301(b)(2): “A ‘useful article’ is a vessel hull, including a plug or mold, which in normal use has an intrinsic utilitarian function that is not merely to portray the appearance of the article or to convey information.”) Perhaps that’s why the short title of Title V is “Vessel Hull Design Protection Act.”

I seriously wish that people would stop trying to redefine reality in order to try to satisfy their position in this argument. Nothing in the behavior of the Toolbar is automatic, the links that the Toolbar creates have characteristics which distinguish them from any and all other links on the page, and the Toolbar never rewrites links that authors have already included in their websites which earn those authors affiliate money. And now, I can add to that list that web pages are not vessel hulls, and Google isn’t profiting on the backs of the poor, mistreated boat hull designers’ work.

UPDATE: It turns out that Joe must have comments set to need moderation before posting, because he’s been putting ‘em up when he posts his replies. And his latest reply is hilarious — he makes up or assumes definitions to fit his idea of what the DMCA should protect. The best example is Joe’s statement that Title V of the DMCA extends its legal protections to “an original design of a useful article,” but then totally omits that Title V very specifically defines what “useful article” means: “a vessel hull, including a plug or mold, which in normal use has an intrinsic utilitarian function that is not merely to portray the appearance of the article or to convey information” (section 1301(b)(2), to be exact). I think I’ve come to the realization that he’s not doing this with total intention to mislead, but rather, he just doesn’t have any idea how to read the law. I guess that’s why there’s a whole cadre of professionals out there who make a living interpreting and defending the law!

Oh, great — there’s word on the IP mailing list that there’s now an eBay phishing scam that actually uses redirecting links which originate on eBay’s own servers, making it that much harder for lay people to know that they’re being taken for a ride.

To explain a little bit more: various web services have occasionally made use of scripts that redirect users to other locations. That is to say, the user visits a URL on website A, and a script running at that URL on website A does some bit of processing and then sends the user on to website B. They do this for any number of reasons; Yahoo does it to gather statistics on how many people use the entries in their directories, Movable Type does it to try to prevent comment spammers from gaining too much worth in search engine listings, and Google does it for a bit of both reasons. (You can hover over those three “does it” links to see that they all originate on the servers of the respective web services; you can click on them to see that they all take you back to this website.) Unfortunately, the nefarious elements of the web — spammers, multilevel marketers, and outright thieves — have taken advantage of these redirection services to try to make their scams look more legitimate; they bank on the fact that more people are likely to click on a google.com link than an im-a-scam-artist.info link. Some of the redirection services are designed so that it’s nearly impossible to take advantage of them in this manner (i.e., Movable Type); others are designed completely open, and any user can change the URL to change the site that sits as the final destination of the redirection. It’s the latter group that are open to exploitation by thieves and miscreants, and that have been a source of much consternation to IT security people for the past few years.

Well, we learned today that it turns out eBay is running its own open redirector, which means that those emails you get saying that you urgently need to go and “correct” your eBay password and billing information might have links with actual ebay.com addresses in them. This is obviously a cause for concern, and a sound reason to remember the advice that until the world figures out a good solution to problems just like this, it’s best to avoid clicking on any email links claiming to be from businesses that need to help you verify your account status, payment options, or any other financial information.

Jesse James Garrett has a great new piece up on the Adaptive Path website describing the technology behind the newest generation of web applications. Instead of providing the standard click-and-wait approach to doing things on the web, companies like Google, Ludicorp, and Amazon are implementing apps built on a foundation of asynchronous communication, JavaScript, and XML (hence the nickname “Ajax”); the combination allows the apps to behave more like desktop applications, with fast response times (like being able to move a map around in real time) and a ton of activity on the client side (like autocompleting entries into text fields, or an entire interface implemented at the client like in Gmail). The idea is catching on enough to show up on personal sites, as well — for example, the search functions on Anil’s and Dunstan’s weblogs return results as you type.

Jesse’s right — Ajax is a revolutionary step in the evolution of the web, and it’s certainly going to be fun watching how developers use it to create the kind of applications that make users stop noticing the difference between the web and the desktop. Google Maps and Gmail are already doing this; as soon as there’s an Ajax implementation that’s easy for the lone developer to install and use, the sky’s truly the limit.

Over the past few days, I couldn’t figure out why the portrayal of bloggers as mainstream media checkers didn’t sit well with me, but I knew that something was wrong. After reading a few more bloggers’ versions of what Google’s trying to do to America with their latest Toolbar beta, I now realize what it is: bloggers are just as bad as — and in some ways way, way worse than — the mainstream media about taking an out-and-out falsehood and running with it, usually without doing anything other than taking what they’re told and repeating it more vehemently. In this instance, it seems that all it took was a few people claiming that AutoLink automatically changes the text in web pages, and now that’s all anyone’s saying despite the fact that it isn’t true; website operator forums are literally exploding with outrage, media watchdog bloggers are repeating their complaints without any attempt to verify them, and scores of users are hopping mad that someone would dare mess with their web browsing experience (even though they’re happy to use popup blockers and other tools that modify the display of a web page’s HTML code). The only thing I can conclude is that none of them have even installed the Toolbar, the same conclusion I’d make if someone told me that they hated the graphing calculator feature in AOL Instant Messenger.

Don’t get me wrong — there are a lot of people maintaining weblogs who could factcheck anyone’s ass better than a huge chunk of the mainstream media (for example, cross the folks over at MetaFilter at your own peril!). But at least in most segments of the mainstream media, there are editors who would check to see if what a writer describes has any basis in reality. Then there’s the tabloids, and in the Google Toolbar outrage, that’s what a ton of bloggers are showing themselves to be.

Hey, cool — Anil was quoted in the New York Times! The article provides a look at the entry of investment bank ThinkEquity into the world of weblogging, and tries to predict how such moves might affect the conversation between the financial industry and consumers. And like much of their coverage of weblogs in the past few months, the piece is as much about testing the Times’ own understanding of the medium as it is about the industries’ use of the medium.

A plea to all the reactionaries who are thinking about jumping onto the anti-Google bandwagon over the latest beta of the Google Toolbar: perhaps you might think about trying the freaking thing before you lambast the company for behavior that you’re inventing?

For those who haven’t come across the brouhaha today, the Toolbar now has a feature, called AutoLink, that is able to search a web page for specific forms of information and then link that information to sites that provide additional detail. (For example, it can turn a FedEx tracking number into a link to FedEx’s package tracking site.) Almost every outrage I’ve read today decries the horror of Google “automatically” rewriting the text of web pages, neglecting to mention that there’s nothing automatic about it, but rather the user has to click on the AutoLink button in the toolbar in order to use the feature. So it’s no different than the “highlight search text” button — it’s a way for the user to choose to modify the information in a web page in a fashion that’s useful to them. It’s also no different than a user choosing to zoom in on images, change the display of nofollow links, or even block popup ads, in that users are making conscious choices to increase the utility of their web browsing experience.

(And understand that even if the user didn’t have to click on the AutoLink button, I’m still of the belief that installing the Toolbar, or any tool, constitutes a choice made by the user to accept the utility offered by the tool. Sure, the maker of the tool should be nice and offer the ability to either turn off or uninstall the tool, and likewise should try to offer ways for content publishers to know that the tool is in use and decide how to handle that, but there’s nothing inherently evil about such tools being available to users!)

I know that on a more-often-than-I-care-to-admit basis, weblog bookmarks of mine go into that little sidebar to the right and then promptly die; I get a jones for a site, and then its owner gives up and stops posting. One site that firmly fit into that category was Dan Hartung’s Lake Effect, a site that showcased Dan’s acumen for dissecting arguments and generally elevating the level of discourse on the personal web. Alas, Lake Effect fell off the face of the planet a year and a half ago, but I kept the bookmark in place hopeful that things might start back up someday. This morning, I was happy to learn that Dan’s resurfaced with a new site, Stilicho — welcome back, Dan!

I’m so freaking sick of today’s headlines claiming that “hackers” somehow broke into ChoicePoint’s (obscenely comprehensive) consumer databases and obtained information which allowed them to then steal people’s identities. This is a story that’s been discussed on Dave Farber’s Interesting People mailing list since yesterday, and the truth of the matter — reported correctly only by MSNBC thus far — is that a group of criminals managed to create fake businesses and then set up entirely valid accounts with ChoicePoint in the name of those businesses, and then obtained the information about consumers via those accounts.

Notice the difference? If it’s reported that nefarious hackers broke into ChoicePoint and stole the data, then ChoicePoint comes out looking like a victim. On the other hand, if it’s reported that the failure was in ChoicePoint’s internal mechanisms for verifying the validity of an account application, the existence of the company behind that application, and the right of that company to obtain credit information, then ChoicePoint is revealed as a remarkably large part of the problem. Add to that the fact that ChoicePoint is only notifying consumers in the one state that requires them to (hell, there isn’t even a note about it on the company’s news release page), and doing so four months after they sold consumer data to criminals, and the story truly does take on a different character.

In trying to explain the vagaries of how electronic payment transfers work, the banking industry has just made me want to vomit.

In her latest column (addressing Ward Churchill’s firing from the University of Colorado for being a nitwit), Dahlia Lithwick has what might be my favorite opening paragraph she’s ever penned:

File Ward Churchill under “Annoying Blowhards Who Have Come To Embody Important Policy Questions.” One couldn’t unearth a less attractive poster boy for free-speech rights in academia. Churchill may be fired from his faculty position at the University of Colorado for having written and spoken some of the most moronic nonsense ever to emanate from the mouth of an alleged academic. But he shouldn’t be punished for being a hack. The folks who hired him should.

Whoa — Google Maps. When did this appear? (Oh, it looks like it’s new as of today!) The implementation looks awesome (as you’d expect), right down to the three-dimensional shadow beneath the locators. I’ll definitely have to play with this a bit more later today! (Update: Rafe says everything I’ve thought of so far, and then some, so all I’ll add is that I’m equally impressed.)

It’s funny — the American airport security loophole that Andy Bowers revealed in Slate today actually occurred to me last time Shannon and I flew back from Philly, but I immediately assumed that there was something I was missing and stopped trying to figure it out. Apparently, I wasn’t missing anything! Of course, now it won’t surprise me if the TSA does away with Internet check-in while they figure out how to negate this.

As soon as my TiVo downloaded the latest operating system and enabled TiVoToGo, I downloaded the trial version of Sonic’s MyDVD that includes support for burning the TiVo files to DVDs. For the most part, the software worked — despite an incredibly slow transcoding process, out of the ten or twenty shows that I tried to burn to disc, only two or three of them failed. (I wasn’t ever able to get MyDVD to burn non-TiVo videos to disc reliably, but that’s another story entirely.) All in all, I’d have to say that at the end of my trial period (last week), I was just where Sonic wanted me — ready to send them money to buy the full version of MyDVD.

Alas, that’s when I started reading the TiVo Community forums, and came across a post that described someone’s experience with what happens when a computer’s clock accidentally gets changed during a MyDVD trial period. After resetting the clock to the correct date, MyDVD still wouldn’t work; uninstalling and reinstalling it didn’t fix the problem either, and Sonic didn’t reply to requests for help. In the thread, someone mentioned that installing MyDVD created a few registry keys and directories on their computer that referenced “PACE Anti-Piracy,” and I filed that little fact away to look into later, before deciding whether I’d buy the software.

Today’s when I looked into it, and I’d have to say it’s opened my eyes a little bit. It turns out PACE Anti-Piracy is a company that develops applications which can enforce trial periods and other restrictions on downloaded software. That’s all fine — companies should be able to release trial-period software without knowing that they’re going to lose business to people who figure out how to get around the restriction — but it also turns out that PACE does a bit more. According to this page by an end-user and PACE’s own documentation (PDF file), the software installs a kernel-level driver onto your Windows machine, does its best to blend into the woodwork (the device driver is named “TPKD”, the support files get buried in a common-apps directory, and at no point in the its process of validating a trial period does it display its name or other information to the user), and uses some method of compiling unique information about your computer in order to do its anti-piracy thing. And there’s no obvious way to get the PACE Anti-Piracy software off of your computer once it’s there.

So in this specific case, I installed MyDVD and had no idea that I was also installing another company’s application that includes a kernel-level driver and doesn’t include any mechanism for uninstallation. The MyDVD website omits this fact, as does the email that I received with my trial serial number and the clickwrap license to which I had to agree during the installation. Hell, even the Sonic privacy policy talks about their use of updater software that sends out information about your computer, but is silent on the fact that they also install another company’s apps alongside their own that could be doing pretty much anything. (Where I come from, they call that spyware.) This all doesn’t sit well with me; I guess I’ve swung from being a ready, willing Sonic customer to being a person who’s unlikely to spend any money at all with the company unless they clean up their process of giving customers complete information.

Yesterday was a good programming day; there’s something obscenely satisfying about checking in a set of revisions to the application on which I’m working right now that includes over 400 new or changed files.

This might be the best thing I’ve ever seen: a company named Americas & Americas Inc. runs an online store for synthetic silicone bracelets, and has so many bracelets “supporting” different causes that it needs a color definition chart. According to the chart, the color burgundy signifies awareness of cesarian sections, headaches, hospice care, or multiple myeloma, whereas the color yellow signifies awareness of Amber alerts, bladder cancer, endometriosis, equality, liver disease, missing children, spina bifida, or suicide. (Amber alert? Aside from the fact that it’s hard to imagine a bracelet that one might pull out of the drawer only when authorities declare an Amber alert, wouldn’t the logical color choice for that one be… amber?) And does it get any better than the half-black, half-white “God Bless The Dead” bracelet?

For those of you who, like me, have been following the saga of the disabled Manhattan C train from afar: the train is now back up and running, less than 10 days after MTA officials estimated it would take five years to repair. Over the past week, New Yorkers have reportedly taken much glee in talking about the huge tasks of the city’s history that took less than five years to complete (the George Washington Bridge, four years; the Empire State Building, one year and 45 days; the entire IRT, which is the subway that went on to form the City Hall to Grand Central portion of the West Side’s red line, four years); it’s nice to see that the innate New York skepticism was proven to be correct.