Sikuli: automating GUI interaces

Wow! This demo video is impressive. You can write code to interface to anything you can see.

I wonder if I could use this to write a facebook-bejeweled-cheat-app in a matter of minutes...

Seam Carving: when do we get it in-browser?

It seems to me like it's about time that our web browsers supported seam-carving, and it's about time that JPEG & PNG supported advanced seam-carving metadata.

I guess the corollary to that argument is that Firefox and Chrome are open source, so I'm supposed to just write the code instead of complaining about it. The video is impressive.

Seam Carving for content-aware image resizing:

Spamarrest: the spam filter that spams

I've been using spamarrest for years as a spamfilter. It's an extra POP mail server that sits between you (meaning your mail client: outlook, thunderbird, etc.) and your actual email POP server. If a sender is in your whitelist, it gets through. If not, the sender gets a bounce message with a captcha challenge that will let them add themselves to the whitelist. You can override senders into a blacklist too.

The pros:
You don't have to scan email to recognize spam. You don't even download the spam at all.
Real people can still get through even if you don't have them in your whitelist.
Spam is reduced by 100% - not 98% (as you may get with Bayesian or advanced filters)

The cons:
Asking others to help you manage your whitelist is obnoxious.
Spamarrest bounces on every non-whitelist & non-blacklist email - that means they are increasing global email traffic by a 1:1 ration of spams received by their customers.
Spamarrest emails your new whitelist contacts with advertisements - i.e., SPAM. I think it's a no-brainer that spam-filtering companies should avoid spamming.

They do have a feature where you can use them for SMTP too, and every outgoing message you send can automatically add the recipient's email address to your whitelist. That ensures your new contacts won't get a bounce or a spam, and it doesn't take any work on your part.

The layers are a lie

I scratched my head when I saw a cake icon light up in Adobe Acrobat today. The mouseover text explained.

I don't usually expect this level of snarky-ness from Adobe. I usually only see this in open-source applications.

Beatpaths builds NFL power rankings from win stats

At beatpaths.com, Curt Siffert generates NFL power rankings using a clever win/loss & automatic strength-of-schedule algorithm. This is where I kick myself for letting him beat me to it. I used to track team's rise & fall throughout seasons using ESPN's power rankings, but I've been annoyed by how much ESPN commentators let the wrong factors influence their subjective ranking system.

Curt's beatpath system is completely objective; to be ranked above another team, you have to beat that team, or beat a team that beat that team. It's simple, concise, and makes neat graphs. Check it out.

Googletalk & AIM becoming officially compatible?

Google linked up their arguments to allow the Yahoo-Google ad deal to go through without government regulation. I was actually most surprised by slide #8, which reads that "Yahoo! will enable interoperability with Google instant messaging".

Does this mean Yahoo Instant Messenger will use jabber, and as such, talk to any jabber client?

This may be the first good news for googletalk since it was launched, as Google doesn't seem to be doing any work to update it or add features.

Amazingly well-done robot flash game

This robot-programming flash game is just really fun. I got to level nine before I had to leave for an appointment. How far can you get?

http://www.gameroo.nl/games/light-bot

My daily wtf: MTP default action

I enjoyed the prompt that Windows XP provided to me the last time I plugged in my mp3 player, especially the "always perform this action" checkbox:

What I'm Playing Now: Puzzle Quest

OK, I'm actually done playing Puzzle Quest, one of the better recommendations that Penny-Arcade has made, but I forgot to post about it before; probably because I was too engrossed in the game.

Apparently I was not too engrossed to screw around with the game, though, something I've been doing since I downloaded ResEdit on my mac and learned what a Hex Editor is. The beautiful thing about Puzzle Quest is that all of the art, sound, storyline, spells, items, maps, mounts ... almost everything is stored in open format, user-readable and user-editable files that are loaded at runtime by the game executable. That turns Puzzle Quest into a veritable Z Machine of puzzle-questing.

Anyone could write a completely new game without compiling a line of code - just invent a new story, design your new stuff, and save it in text & JPEG form.

I didn't do that, though. I just screwed around by inserting a pic of me (just home from work, still in my CPC insignia polo) in the game in place of the hero. This makes my kids giggle like mad every time the in-game me starts talking with knights and elves. Some screenshots [click for detail].

Seinfeld Microsoft ads: wtf?

After chatting with Ryan Delucchi last week about how Jerry Seinfeld is the wrong guy for a new Microsoft Ad Campaign, and then witnessing these two horrible advertisements during NFL football this week, I was glad to see Penny Arcade express their opinion in this Monday morning's comic :


Even though Apple's get a mac campaign is definitely out of gas, John Hodgman is a much hipper comedian than Seinfeld is (now that the 1990's are long over), doing a spot that's actually relevant to the product Apple is selling.

How to stay safe on the dangerous internet

I get asked a lot of questions about viruses (virii?), malware, and computer security by friends, family, & co-workers. I like to try to keep my advice as simple as possible for people who don't really want to learn all the complexities of computer hardware, software & networks - not that I could know every detail myself, anyhow.

I summarize it with 3 bullets. Here's how I stay safe on the dangerous internet:

1. Don't open file attachments that you aren't expecting.
   
2. Don't click links provided in emails that you aren't expecting.
3. If a website or popup requests you to click somewhere, close it with ALT-F4.

I'll elaborate now on the details, but for those of you who need it simple, those bullets will go a long way.

Regarding item 1, Virus protection: I keep hearing people saying "only open attachments from your friends." Here's why that's foolish: when a virus infects a computer, it can replicate itself by emailing it to everyone in your contact list. That means an attachment is almost more likely to be a virus if it's from your friends than otherwise.

I say "only trust attachments that you are expecting." I mean that you are safest if you've already had a discussion with someone in person, on the phone, in IM, or in email that says "I've got that file you need. I'll email it to you." If that hasn't happened, be wary.

You have more leeway if you know how to spot dangerous attachments. As of September 2008, the only real dangerous attachments are files that contain executable computer instructions: i.e., files that end with .exe or .scr (and perhaps also .com and .bat - if these are still executable on modern windows operating systems). That list could grow if exploits are found in other software products (see JPEG virus attack), and it could include Microsoft Office documents if your macro security is too low. Try not to fall for the double-extension trick, though. A file called britney.jpg.exe is an EXE, not a JPG. The final extension always wins, even when it is invisible.

Regarding item #2, phishing protection: I just got another great phishing scam email today. It was from equifax, a company I have done business with. It was from a good email address (possible because of spoofing), it made a reasonable request (log in and update information), and it provided a link to eport.equifax.com, a valid website. However, if I read the HTML email source, I find the link lies about what it links to. It actually links to eport.equifax.file3.com - which is a completely different host owned by scammers collecting personal financial data. If you don't know how to examine URLs to recognize URL spoof attacks, it's safest to follow #2 and avoid clicking emailed URLs you're not expecting. If you want to click a untrusted link, instead try opening your browser and typing in the desired website directly - you're less likely to be redirected to phishers that way.

Don't let emotions block reason. The ILoveYou virus and the common "You've received an eCard from a friend!" emails play on people's emotional desires to have positive social interaction. A good eCard site should at least provide the name & email of the card sender before they ask you to click links, to help validate the message. Also, be logical - if your birthday isn't for 8 months, who would send an eCard today?

Regarding item #3, malware protection: when websites popup windows asking you to click anywhere, they may be trying to get your authorization to install malware, whether or not they say it. Clicking anywhere on these windows is dangerous, because sometimes they are imagemaps that pretend to be windows with closeboxes but actually act like a big hidden "OK" button. Using the keyboard to close them (ALT-F4 in windows, CTL-F4 if it's a tab in a tabbed browser) is much safer than clicking anywhere on them.

It's also good to note that malware often comes bundled with "free" software. You should question any free software product available on the web, especially if it's advertised. Where does a company get money to pay for advertising for a product that's given away for free? They get money from malware writers that pay them to infect your computer and collect your data, and/or send you popup advertising even when you're not browsing. Gator was a company that was expert at this; now they've changed their name to Claria to flee bad press.

If you're unsure, err on the side of caution. Do you really need that custom browser toolbar or the little weather application? Is it worth risking your security?

Wrap-up: I considered adding more bullets to the list. Item #4 might be "keep your software up-to-date". I'm trying to be concise, though. A lot of home users aren't running professional operating systems with web services running, so they are less exposed to worms. I could add items like "set your boot priority list to boot only from hard disk", but the goal is internet security, and not many people are still getting infected from removable storage media.

Good luck and happy safe browsing.

Comments? Suggestions? send them to matt@mattmullen.net.

What I'm Playing Now: Final Fantasy 1

Well, not really. I remember loving FF1 when I was about 11 years old. It was fun to revisit recently using an NES emulator (FCEU). The fun with emulators, though, is being able to use savestates and cheats to alter the game experience. I couldn't find a listing on the web of Hex locations of major data locations, though, so I'm posting my own small list here. Perhaps the next person to google for "final fantasy 1 fceu hex addresses cheats gold experience potions" will get this handy list.

Note you'll need a hex editor to get this done, I use WinHex. Also note that many values are stored in 2 bytes, with the second byte as most significant. (so to write "4000" to an address, which is 0x0FA0, you write A0 to first byte and 0F to second byte.)

0x1313-1314 Gil

0x13FE-13FF Experience, Party member 1
0x143E-143F Experience, Party member 2
0x147E-147F Experience, Party member 3
0x14BE-14BF Experience, Party member 4

0x132D Tents
0x132E Cabins
0x132F Houses
0x1330 Heal potions
0x1331 Pure potions

Microsoft: I ALWAYS want to paste unformatted

Every time I past in an office doc, office carries the formatting over for me, which drives me nuts.

Consider a scenario: I copy from one doc where the font is 9 point garamond dark-blue italic, and paste in another doc where it's a title block of bold 14-point arial black, and office *carries over the formatting* and obliterates the point of copy/paste: saving time. I have to do more work fixing the formatting than the work I saved with copy paste.

Instead of reformatting, I often try to use a paste special where I can navigate a dialogue to specifically "paste unformatted", or I (faster, actually) launch notepad and paste then recopy paste, because notepad handily strips the formatting.

With all this work to copy a bit of text, why don't I just re-type my text at this point? I can do a lot at 80WPM and never have to touch the mouse. Copy/paste has been completely broken for me by Microsoft's attempts to make it more advanced.

Tor semi-works

The EFF is great and so is Tor, but it's definitely not 100% useful. I've let Tor encrypt my traffic lately to test it out. It's highly functional, easy to install, and the graphic feedback is great.

However, it's clearly slower - I feel a little like I'm back on a modem in 1998's internet. On top of that, some websites are watching the source data requests and modifying their output. For instance, when I use Tor, google keeps changing languages on me. Another US Government-funded site rejected me altogether, telling me it only took requests from USA IP addresses.

This is actually the fault of the Government site, of course - Americans should be allowed to conduct their business whether they are currently in the states or abroad (or anonymized) - but it makes Tor harder to use.

Flash: Not Easy

I thought I'd fire up Flash for the first time, and quickly whip up a SWF that would preview audio, much like Amazon likes to do when they sell audio CDs.

What I found was a surprisingly convoluted interface, where widgets didn't do what I expected. See screenshot.



I wonder if there is a fundamental difference in design for applications sourced on a mac than their counterparts that are natively designed on Windows. Perhaps that's why photoshop wasn't an intuitive application for me to use either (I'm still sticking with PSP5 from 1998).

The Gimp isn't very intuitive to me either. Do Linux designers have even different philosophies?

Google Subscribed Links

Google Subscribed Links looks interesting. I just can't think of a link category that would be immediately useful to me.

block flash by default - flashblock

There is a firefox plugin called flashblock that "takes a pessimistic approach to dealing with Macromedia Flash content".

Basically it blocks all flash on websites, and gives you a placeholder where you can click to allow the flash manually.

This great plugin won't make myspace.com tolerable (nothing could possibly), but it at least will make navigating the web a little bit safer.