I got some really awesome comment spam recently. Here's an example, from my post on Nerdcore music (I deleted the comment because it contained a spam link):

LOL. I think you may have missed your calling. What you need to do now is get some oversized pants and some dark shades. Add a little bling, and they go on tour. You'll pull geeks out of the woodwork. Heck, I bet you could fill a decent sized coffee shop. On second thought, maybe you should stick to your day job.

If this was written by a human, they put some actual thought and energy into it. If it was written by a chatterbot, I'm seriously impressed. Either way, great work, whoever you are!

Google doesn't provide any "official" way to embed a YouTube video in 480p. It always drops you down to 360p by default, and that just looks crap. You can embed in HD so why not 480p? No one knows. But don't despair, there is a way!

Here's some code for you:

<object width="853" height="505">
  <param value="http://www.youtube.com/v/MOVIE_ID&amp;amp;hl=en_US&amp;amp;fs=1&amp;amp;rel=0" name="movie">
  <param value="true" name="allowFullScreen">
  <param value="always" name="allowscriptaccess">
  <embed width="853" height="505" allowfullscreen="true"
    allowscriptaccess="always"
    type="application/x-shockwave-flash"
    src="http://www.youtube.com/v/MOVIE_ID&amp;amp;hl=en_US&amp;amp;fs=1&amp;amp;rel=0"&gt;
</object>

That will give you an "HD width" 480p video. Just change "MOVIE_ID" to the ID of your video (e.g. "J-lHxxToCfo") in both places. The width of the embed will be 853px, which is 16:9 for HD video.

What if your video is 4:3, i.e. 640x480? I can't find any clean way to embed at exactly that size, if you use the above code you'll get black bars on either side. However you can use a negative margin to get a box of the right shape. Just wrap your object like this:

<div style="width: 640px; overflow: hidden;">
  <div style="margin-left: -107px;">
    <object etc ... ></object>
  </div>
</div>

The controls will go off the screen but at least the user will still be able to click the centre of the video to start and stop it. Here's an example:

My column width is less than 640px but hopefully you get the idea.

Apparently it's 1.15463195 * 10^-14.

I binned apache finally on semacode.com. It was easy. A little bit of "this is really the last straw" frustration with mod_rewrite and I ditched it.

I've been threatening to leave you, apache, for years. Ever since I first cursed your horrid rewriterules, I knew that it would never be the same between us. You were good, once. You weren't just "a patchy" web server, but a scrappy one... once. But 2.0 you just didn't live up. You didn't fix your big warts. You got flabby. Even the decision by your developer team to finally remove the default MIME type didn't redeem you in my eyes.

No, it was just one poke in my eye too many, when you insisted on unencoding my percent encoded URLs before passing them to the rails/mongrel proxy, and there was just no way to make you stop doing it, no matter how many googles I searched. And so I said: enough is enough. Everyone on Rails uses nginx now, and I will too. I'm tired of learning how to sacrifice chickens to the apache configuration gods. Bring me something new, clean, shiny, fast, and easy to configure!

Learning how to configure nginx took an hour on the outside—it's very easy and keeps all the good parts of apache's syntax and throws away the complete crap. It even allows me to compress stupid blocks into one-liners! :

  if (-f $document_root/system/maintenance.html) { rewrite  ^(.*)$  /system/maintenance.html last; break; }

Isn't that gorgeous! I agree. And so the "engine x" russians get my love now. It's all over. Sayanora. End communication.

Intelligent online cartoons:

• xkcd. yes everyone already knows about this one. IPv4 space (notice how apple has as much space as all of japan? trust me they don't need it). how pure is your scientific discipline? frequently a bit ... odd.
• Basic Instructions. How to make a good impression at a job interview. How to converse with someone you don't want to talk to. Scott Adams experimented with him in turning it into a print cartoon but it just wouldn't fit into the restricted size.
• Savage Chickens. Peace and wisdom. Dachshund. My most recent discovery.

There's plenty of crap out there. Can you add any other good ones?

I absolutely hate the latest Facebook redesign. And, for the record, I loved the last one, so I'm not some kind of knee-jerk negativist. The new facebook removes the single most important feature, the live news feed. Facebook's major contribution to the online world was the live news feed. Everything—updates, pictures, interests, links, notes, etc. etc. etc. all in one time-sorted feed. It was brilliant, and obviously I think so since I make some kind of minimal replication of it on my own front page.

And now they have removed it. The new... thing ... whatever it is .. that I get is more like twitter. I don't need another twitter. I already have twitter. What I want is my live facebook feed. Now, if I want to see what photos people have been tagged in, what apps they have been using, etc., I don't know what to do. The right hand side seems to have some stuff there ... but I can't filter it.

Now what kind of idiot would destroy their company's chief asset in an eyeblink? When you've got something that good, you don't change it, you nurture it. Look at google's home page. They are so careful in making changes. They do statistical A/B tests on every single change they ever make, and only keep the ones that make people's results better. When they make a change that sucks, it's also minor and gets rolled back quickly. So my point is this: for FB to ruin their own user experience is really out of the ordinary and insane.

Who would do such a thing? Only a tyrant who's lost touch. Which means Mark Zuckerberg has become a tyrant and lost touch. For evidence that he's become a tyrant, we can look at the following evidence:

Gawker: A tipster tells us that Zuckerberg sent an email to Facebook staff reacting to criticism of the changes: "He said something like 'the most disruptive companies don't listen to their customers.'" Another tipster who has seen the email says Zuckerberg implied that companies were "stupid" for "listening to their customers."

TechCrunch: Facebook says this is about getting a CFO with public company experience ("We have retained Spencer Stuart to lead our search for a new CFO and will be looking for someone with public company experience."). Which is complete nonsense (and poorly thought out nonsense at that), because [Gideon] Yu, after a short stint at YouTube and an even shorter stint at Sequoia Capital, was the treasurer and SVP Finance at Yahoo. Which is very much a public company.

For evidence that he's lost touch, well, there's plenty. As of now over 1 million users have gone to the trouble to install an app specifically to complain about the new layout. I know that facebook has ~ 175 million users, but that's still a HUGE user backlash.

Now apparently they are going to roll back some of the changes... we'll see how that goes. Presumably at a company of that size the investors are going to force Zuckerberg to back down. See this Joy of Tech comic for an idea. But people are also going to compare Zuckerberg to Steve Jobs of the 80s, when he was forced out of Apple for being an asshole.

Let's be completely clear on this. Steve Jobs WAS an asshole in the eighties! My impression is that the film Pirates of Silicon Valley is quite accurate. And from working at Apple during Steve's second coming, I can say that he still could be a real asshole, the kind that gets things done and doesn't have patience for idiots. The difference is, that Jobs never did anything really stupid to his user base.

So, what's going to happen now? I suspect that Z won't back down very easily, and that we're going to see more conflict, clashes and problems in the future. It's unfortunate, and I hope that wiser heads prevail and FB recovers the truly awesome user experience that it used to have.

Update: Gawker thinks Zuckerberg should go. Strong stuff.

And Business Insider: Mark Zuckerberg has begun "believing his own hype," a source says. He believes he is the genius the magazine covers say he is. Mark has always been an executive who made life difficult for those he disagreed with. "Mark is a very demanding person to work for, if you screw up, one day you are in, the next day out, persona non grata," says one former employee. Now that he thinks he's Steve Jobs, he's unbearable.

Hello! I've got a big update for this post, so skip to the end for the goodness!

I use WYM Editor for editing my posts, it's awesome, there's only just one small thing that I don't like about it, which is out of the box it doesn't allow you to copy/paste embed tags like you would use to embed a flash video, youtube video, etc. into your posts. It actually strips out embed tags if you try to put them in.

Why they would not support this, is out of my mind, I can't understand it. There doesn't seem to be any sense in it. Oh well, I know javascript and XML so I can fix it right? Sure, why not.

So, here is a patch that enables basic support. You can switch to "HTML mode" (i.e., the mode where you can see the sourc code, 2nd button from right in the standard view) and paste in some embed code, the stuff you get from YouTube that looks like this:

<object width="480" height="295">
<param name="movie" value="http://www.youtube.com/v/jzHBszZn6uo&amp;hl=en&amp;fs=1"&gt;&lt;/param&gt;
<param name="allowFullScreen" value="true"></param>
<param name="allowscriptaccess" value="always"></param>
<embed src="http://www.youtube.com/v/jzHBszZn6uo&amp;hl=en&amp;fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="295"></embed>
</object>

The embedded item might or might not actually appear in the preview mode at that point. Don't worry about it. Save it, view the final result, it should be there.

It would be nice if the developers would take this and build it in so that you can actually copy/paste them in the "normal" way.

Here is the patch, apply it by hand, or copy/paste it into a patch file and apply using the patch command.

Index: wymeditor/jquery.wymeditor.mozilla.js
===================================================================
—- wymeditor/jquery.wymeditor.mozilla.js	(revision 119)
+++ wymeditor/jquery.wymeditor.mozilla.js	(working copy)
@@ -80,10 +80,11 @@
     
     //replace em by i and strong by bold
     //(designMode issue)
-    html = html.replace(/<em([^>]*)>/gi, "<i$1>")
-      .replace(/<\/em>/gi, "</i>")
-      .replace(/<strong([^>]*)>/gi, "<b$1>")
-      .replace(/<\/strong>/gi, "</b>");
+    // this messes up embed tags—changes them to ibed
+    //html = html.replace(/<em([^>]*)>/gi, "<i$1>")
+    //  .replace(/<\/em>/gi, "</i>")
+    //  .replace(/<strong([^>]*)>/gi, "<b$1>")
+    //  .replace(/<\/strong>/gi, "</b>");
     
     //update the html body
     jQuery(this._doc.body).html(html);
Index: wymeditor/jquery.wymeditor.js
===================================================================
—- wymeditor/jquery.wymeditor.js	(revision 119)
+++ wymeditor/jquery.wymeditor.js	(working copy)
@@ -2068,6 +2068,17 @@
     "13":"dl",
     "14":"dt",
     "15":"em",
+    "embed":
+    {
+      "attributes":[
+      "allowscriptaccess",
+      "allowfullscreen",
+      "height",
+      "src",
+      "type",
+      "width"
+      ]
+    },
     "fieldset":
     {
       "inside":"form"
@@ -2243,10 +2254,11 @@
     {
       "attributes":
       {
-        "0":"type",
+        "0":"name",
+        "1":"type",
         "valuetype":/^(data|ref|object)$/,
-        "1":"valuetype",
-        "2":"value"
+        "2":"valuetype",
+        "3":"value"
       },
       "required":[
       "name"
@@ -3449,7 +3461,7 @@
     this.block_tags = ["a", "abbr", "acronym", "address", "area", "b",
     "base", "bdo", "big", "blockquote", "body", "button",
     "caption", "cite", "code", "col", "colgroup", "dd", "del", "div",
-    "dfn", "dl", "dt", "em", "fieldset", "form", "head", "h1", "h2",
+    "dfn", "dl", "dt", "em", "embed", "fieldset", "form", "head", "h1", "h2",
     "h3", "h4", "h5", "h6", "html", "i", "ins",
     "kbd", "label", "legend", "li", "map", "noscript",
     "object", "ol", "optgroup", "option", "p", "param", "pre", "q",

The Big Update

Thanks to Maxwell Scott-Slade for commenting and pointing to his even more improved version on his blog. I've taken his & my work, added the ability to support flashvars attribute (required for flickr embeds among others) and forked the wymeditor svn repository into GitHub. Get WYMEditor that supports flash on GitHub.

If you want to use it, just:

% git clone git://github.com/sbwoodside/wymeditor.git
% cd wymeditor/trunk
% make

The result will be in build/build/wymeditor.tar.gz.

In my email:

From: root+f90z4fj9@facebookmail.com

Unfortunately, the settings that control which email notifications get sent to you were lost. We're sorry for the inconvenience.

To reset your email notification settings, go to:

http://www.facebook.com/editaccount.php?notifications

Thanks,
The Facebook Team

So this is spam right? Blatant phishing? But wait, the URL is real, not fake. I still don't believe it, so I go to Google. Apparently this is real.

OK, so the good news is that FB sent the message as plain text, but since most email programs auto convert to links, that's not helping. Every FB user in the world is now being desensitized to phishing.

They should have said "log into facebook, and go to this or that tab to fix"

Of course, why did they lose everyone's settings in the first place.

The last time I blogged about mesh networks was 5 years ago (almost exactly!). I was pretty pumped about the possibilities in those days — like the idea of creating a 2nd internet using mesh protocols, routing from house to house using WiFi, circumventing ISPs.... hey, it's still a cool idea, and maybe even possible still, especially with the excess capacity that we have with e.g. 802.11n. Latency would probably be pretty high..

Anyway, back then mesh was a DREAM but now it's a REALITY. The OLPC "XO" laptop for developing nations uses it! The perfect use case actually. And we have 802.11s, etc., etc... cool.

In the long run I expect that "self-forming" (if not exactly "mesh") networks over wireless will be a VERY important part of the internet and future networks, if not the most important way that data gets moved around in local and regional areas.

I decided to revisit the mobile CSS situation today. It's actually pretty good. HTML Dog has a pretty good update as the to the situation but I'll summarize it for you.

Basically CSS comes with so-called media types which include all, screen, print, handheld and some others that presently aren't probably worth bothering about. I've already been using the print thing as you can tell if you have a recent browser and you do a print preview of this page. The styling is quite different from the screen version. It's pretty easy to do, just look at the source of this page, you just define a print.css and a screen.css and then, in each one, @include common.css which would contain basic character styling and colours that are used in all the medias.

So the point here is handheld media type, if supported correctly in the mobile browsers, can be used the same way. Is it supported correctly? Yet? Well, the test page http://htmldog.com/test/handheld.html will tell you - just point your phone browser at it. The CORRECT answer SHOULD be, "no" for the screen ones and "yes" for the handheld ones.

My Nokia 6630 incorrectly ignores all the styles. My Sony-Ericsson S710a correctly ignores the screen styles and uses the handheld styles. Yay SE.

Also notice that if you grab the Opera web browser, View menu, Small Screen, you can see the correct result as well.

So, using that I've set up a few things.

• Repeat the page title at the top of the page - useful because a lot of phone browsers don't show the full title on the screen
• Hide a lot of the bling, like the banner, the footer - keep from spamming the small screens. I do this by defining div#footer { display: none; } and so on in the handheld.css file
• Add a "Skip navigation" link at the top of the page - add an anchor #contentbox link at the top of the page that only shows up in the mobile version of the page - this is so that people don't always have to scroll down every new page

That's about it for now. My pages are already really lightweight in terms of KBs and I assume the phone browsers don't bother loading images that are hidden by CSS. So the result is an HTML + CSS solution that doesn't require any browser detection, rewriting any of your pages, or server-side junk.

Choosing Tunisia for the 2nd phase of the ITU World Summit on the Information Society ... good move? or not?

Well, you can argue that since the other side of the digital divide definitely lives in Tunis, among other places, it's good principle to hold the summit there. There is, however, one slight disadvantage. Tunisia has a less-than-optimal record on Human Rights . In particular the government engages in internet filtering (like China) (apparently they use SmartFilter ) and has a terrible record on free expression .

Whether or not that means WSIS is a waste of time or a negative thing I'm not sure. The first WSIS was most interesting as a struggle for the civil society to claw their way into place amongst the governments and organizations. Now the 2nd one might wind up being dominated by the theme of a free internet. That might not necessarily be a bad thing.

Anyone who's been around the internet since before the web will know the name Panix well as they were one of the very first ISPs ever. Well, their domain panix.com was hijacked yesterday by means currently unknown (see panix.net ). Check the link for NANOG thread. If this was a cracker attack it indicates a very serious infrastructural problem. If it was an administrative attack it indicates a huge domain administration problem. Either way, anyone who owns a domain should be very worried, and everyone on the internet, because:

• Panix is going to go out of business if this isn't fixed ASAP
• All of Panix's users are having their userIDs and passwords stolen as we speak
• All email to Panix's users is being intercepted as we speak

Panix has a large and sophisticated user base, and those passwords could potentially be used to comprimise a wide range of systems. The obvious solution at the moment is technical - the DNS operators should revert the domain ASAP.

OK... technically, this is not pr0n. It's probably about as close as you can possibly get with a bathing suit on and hands off, though. I mean, c'mon. But the real deal is the puppy. What is this? Is the puppy supposed to make it all OK? Is the puppy for women to look at? Is that the idea, that men will get the hussy with her ass in the air and women will get the puppy? And this thing is all over the net. I guess it sells...

I've been tracking the efforts of Brian Longwe for a few years now (and communicated with him a few times). I just got this via Balancing Act Africa the essential african internet weekly news email.

It all hardly seemed possible for as Brian Longwe of AfrISPA remarked in the opening session: "Three years ago who would have thought that VoIP could be mentioned in public, let alone that we would be talking about the business implications of it?" But Sammy Kirui of the Kenyan regulator signalled the end of the beginning: "We have come from a regulatory environment that was dictated by—consciously or unconsciously—the protection of the incumbent's revenue. That obsession even though its revenues fell anyway was like trying to hold on to an illogical scenario...If you have restrictive clauses in your licences, bring them to us and we will delete them."

This is no joke. The domination of telecommunications by Telkom Kenya (facilitated by their tight ties to the government, which ran them until recently, and to which they used to generate major revenues) has been a major barrier to the proper deployment of any kind of communications service in Kenya and, as a matter of fact, all of Africa. Now we're seeing some strong lobbies emerge for the ISPs (like AfrISPA) and also the government in Kenya is serious about stomping out corruption and making a serious effort to liberalize telecom. It's been a long time coming, but it looks like finally the Longwe's of the world are getting somewhere. (I'm sure that holding ICANN in South Africa helped a bit too.)

I just added some new pics to my flickr feed. BTW, you should be using flickr. You know how picky I am. It's good stuff.

So I just finished sending letters of complaint to VeriSign and a certain online vendor that shall remain anonymous until I'm sure they flushed my CC number from their system. These guy are really, really stupid.

Here's what they do. They offer me an HTTPS secure connection to set up my account to buy this techno item I needed. As part of registration I HAVE to enter my credit card number, which is kind of annoying, but they're going to get it eventually anyway. They also want a password, so I choose a new secure-ish one to protect my information, right? And I note that my full CC number is visible afterwards in My Account info, which isn't great. Amazon does the right thing by only showing the last digits. But the site has this gold "Verisign Secure Site" logo so I figure I'm covered.

Then they EMAIL me IN PLAINTEXT my PASSWORD! Fools!

If I was some average idiot, I would just leave the password the way I set it and any fool who can intercept or read my email would be able to log in and suss my CC number. Not good.

So I emailed then and cc'd Verisign, and filed an abuse notice on Verisign's site. I want them to delete my account info clean from their system. And Verisign ought to do something about giving a seal to this lame security. No matter how good your security on-site is, it sucks if you leave such a gaping hole in the email response system. Sheesh.

I'll update with the name of the idiot vender once I'm sure they've removed me from the system.

So let's say you are reading along and you want to read MIT's Technology Review article: A Remote Control For Your Life . And then they want you to pay and you don't want to pay. OK, fine but how is it that the content of the article got indexed into google in the first place? Well as it turns out, they just check the User-Agent string on the HTTP requests. So if you were clever you would just do this:

curl -O -A 'Googlebot/2.1 (+http://www.googlebot.com/bot.html)'  'http://www.technologyreview.com/articles/mann0704.asp?p=0' 

and then you can read the article. There are other sites that play similar tricks.