Author: Tim's Bookmarks

The T’s construction work has opened a crack in the wall of Old South Church. Grrrr.

If you have anything in c:program filestinyproxy and you’re running a service called Security Accounts Manager (SamSs), you’re infected.

It would be interesting to see how the infection is spreading, but I think it’s likely just a conventional virus using Facebook as a vector, not exploiting a hole in Facebook’s security.

Another one to see in the theatres. If it’s anything like “Machers and Rockers” it’ll be a brilliant ride.

One to see in the theatres?

Here we go down the rabbit hole. This is what I was afraid of when I started getting these fringe conspiracy theories forwarded to me. How do you fix these broken minds?

Matthew Guerrieri gets an indepth interview with Elliott Carter reaching back to his student days.

Overflow from Guerrieri’s Elliott Carter interview. Very nice stuff.

Simple URL shortcuts like http://itunes.com/ArtistOrAppDeveloperName. Brilliant!

An intelligent approach to managing application security risk.

WordPress 2.7 drops tonight for all the guinea pigs, er, users on WordPress.com. Looking forward to trying it out when it hits GA.

New Google Reader UI. The ability to turn off unread count is probably the best thing here. But is it better than Helvetireader?

The API docs for the YouTube player document a parameter that turns off the new default Search bar that suddenly appeared on every embedded YouTube video today.

iTunes 8’s Grid View has more features than meets the eye, including some nice playback features.

Interesting design resource for grid based design.

Tyler Shields begins an interesting series on practical development considerations for application security, starting with "anti-debugging"–methods used to hinder the reverse engineering of a process.

Lightweight JavaScript solution for transparent PNGs in IE6.

Supported integration between Google Calendar and Apple’s iCal. Hopefully the iPhone won’t be too far behind.

Interesting perspective on the role of the designer in agile development.

More details on the YouTube virus.

Simple truth: Product managers can live in the marketing or development organization or report directly to the CEO and they’ll still be product managers.

Setting the record straight about Bush’s “regret” for the failure of pre-war Iraq intelligence.

Sign the Open Government petition asking President-Elect Obama to publish transition materials in a barrier free way.

You know those YouTube links you get sent? Check and make sure they’re really pointing to YouTube.

Documentation of the RSS XSS vulnerability fixed by WordPress 2.6.5. Get out there and patch.

Shifting from discovering new vulnerabilities to being more proactive about the defenses is good practice. I also think that finding your own vulnerabilities and fixing them before someone else finds them makes good business sense.

Interesting analysis of Clinton’s new position in the Obama administration.

It’s interesting how “national security” trumps every basic decency that has come to pass in the last hundred years in this country. Thanks for illustrating that so well, Mr. Bush.

The new BSO download service gets a lengthy review. I’m very excited to see what repertoire becomes available. (Brahms Requiem 2008 and Gurreleider, please?)

A much better look and feel for Google Reader.

Brilliant new download service does classical music right: you can buy by the track, major work, or album, and it’s available as MP3s or high fidelity recordings (the latter, unfortunately, only available for PCs). The real news is that they’ll be releasing new performances, including the performance of Daphnis et Chloe that I was in in 2007.

HRC is officially on board. I think the dichotomy in NYT’s analysis of Obama’s policy (more diplomats or more soldiers, how can he afford both?) is disingenous and forgets where a lot of the defense budget is spent: on weapons system contracts that the Pentagon didn’t really want.

The guest poster, Shyama Rose, is right on that tools aren’t as capable as security professionals in finding flaws. But her argument misses a critical point: the guild of security professionals isn’t large enough to find and identify one tenth of one percent of the critical security flaws that exist out there. We’re past the time when only manual analysis can keep us safe. That’s one of the reasons why the SAAS model at Veracode is an interesting solution–keep the security expertise on demand rather than trying to teach a developer how to use a tool to find security flaws.

Computer security issues have real world, national security, life and limb implications.

Annoyed by all the crud in your Google search results? A few tips on turning the SearchWiki features off.

Master’s thesis looking at the performance of user generated tags in the context of LibraryThing.

Amazing piece of WWII history surfaces, for sale by BT.

Why a bias to action might not be the best thing.

Dramatic retelling of the Kaminsky flaw discovery.

How to ask for money for your alma mater.

Oh, there’s no end to the possible puns. My favorite is at the end: “Storm isn’t such a bad name for this phone. It’s dark, sodden, and unpredictable.”

The Criterion Collection folks are now doing online streaming. And their commenting features are letting a lot of spammers through, apparently.

The irony, as PC World points out, is that the iPhone DOES NOT translate HTML into an XML format and reformat the page for display on the phone’s browser. In fact, it’s one of the few mobile phones that doesn’t.

Doc Searls sums up the role of open source thinking in the Obama campaign.

35 killer photos of Barack during the campaign (hat tip to Talking Points Memo).

Detailed look at Bernanke’s handling of the meltdown.

New WordPress version, doesn’t fix the CSRF issue reported earlier but recommended anyway. A quick upgrade if you look at the changeset.

OK, now this is starting to get scary.

I think the actual word was “nog your egg,” but I’ll never think of nutmeg the same way again.

Nonintuitive and hacky way to batch-compile an ASP.NET 1.1 app.

How to do a “related posts” sidebar in WordPress.

Interesting collection of WP hacks.

It would be really nice to see this move forward. Glad to hear that it’s not Apple or the surviving Beatles causing the problem, but EMI and the Beatles’ agents.

Great profile of the Bidens as they prepare to move to Washington, for the first time ever.

This couldn’t be more absurd if we tried. Time to get Bush’s team out of there and get Obama’s team in, before they give ALL the money away and get nothing in return.

Essential reading for fans of sans serif type. Exhaustive and brilliantly illustrated.

Holy frickin’ cow. Gotta check out the quad mixes of Johnny Cash and Bob Dylan.

At the risk of going all Zippy, “Allan Sherman box set! Allan Sherman Box Set! Allan Sherman BOX SET!!!”

The motivation for doing the iPhone 2.2 upgrade.

Interesting wishlist for iPhone features.

Guess I know what I’m doing tonight.

To read– detailed review of the state of the auto industry.

The counterpoint to the idea of “a team of rivals” in the cabinet.

Check out the video of Sarah Palin pardoning turkeys, then talking to the camera as the turkeys get slaughtered behind her.

The 2009 Tanglewood season is out. For the TFC it’s Brahms Requiem, Carmina Burana, Die Meistersinger, B9… and you might hear some more about that James Taylor/John Williams/Pops gig from me too.

New working group to write the spec for HTTPOnly cookies. HTTPOnly is an unspecc’d browser flag that would prevent client side scripts from reading or writing cookies.

Nice roundup of using CSS for charts and graphs for image-free, accessible data.

Man, I’ve made this error so many times it’s not even funny.

Cool–cutrate tickets. Time to start shopping.

Was there a coverup of a friendly fire death in Iraq?

Julian Bond steps down from the NAACP. Job well done, Mr. Bond.

A sad day for Harvard Square, and for print.

Chilling overview of Jonestown, and scary thoughts about how getting politicians indebted to religious leaders can lead to trouble.

Sounds like a good party.

Just what I needed, another way to waste time on the Internet.

Interesting way to get fixed keyboard shortcuts for bookmarklets. Wonder if there’s a Windows equivalent?

Oy. Not a good day for Redmond.

“In the next installment, our green eyeshade-wearing superhero gets tangled up in his own cape when he is suddenly forced to reverse course and abandon his initial bailout plan. And don’t miss the stunning conclusion! In a gripping cliffhanger, the runaway locomotive of financial crisis hurtles toward certain destruction while our superhero is busy polishing his reputation in interviews with the local press.” Heh.

Sobering look at the relative priority of product management on the chopping block come layoff time. I’m not up for a RIF, I just thought it was interesting.

Amazing stupid Transact SQL trick.

Interesting and complex real-world test of responsible disclosure for security flaws.

Pretty awesome tool for doing affinity maps. Look forward to trying it out.

An inspiring presentation about the state of the music business. No, not for the labels: for the artists and fans.

I’ve wondered the same thing about Google’s iPhone search results. They clearly went to a lot of trouble for the optimized look, so why wouldn’t they enable it for the most common search scenario on the iPhone?

I’m guilty of 24/7, myself.

I missed this announcement about Citigroup ending the CitiAssist loan package at Harvard, Sloan and others. CitiAssist was the best loan package at Sloan, much more responsive to interest rate changes and much more affordable than the MIT Tech Loan, which looked predatory in comparison (7+% interest rate in 2001). Sloan just got a lot more expensive.

Killer plugin for WordPress. Considering looking at it, but will wait until I can futz around with some caching plugins–not eager to take a half-second hit for each page just for hyphenation.

Very cool WordPress theme that takes off on Die Neue Tyopgraphie, Tschischold’s early sans-serif + grid manifesto.

Nasty last minute surprises from the outgoing administration.

Oops. Motrin touches the live wire. I’m surprised that no one at the agency had a clue that the baby carriers are much, much better for the back than carrying the child in your arms.

Discussion of “Angler” with the author and the book’s critics. Sounds like pretty essential reading for foes of the outgoing administration.

Interesting study of the sociology of combat troops in Afghanistan.

Delicious review of something that should go on the shelf next to my copy of Mencken’s “The American Language.”

This article is why an independent software security testing service, like that provided by Veracode, is so important. We promise not to insert /*Flawfinder: ignore*/ in your source code.

That’s my old friend Rob (also Robb) Munro, now a law intern in the North Carolina State Supreme Court and a law student at UNC — and a great photo of him and his service dog Pilaf. Way to go, Rob.

A great profile of Sam Calagione from Dogfish Head Brewery, with some context around the larger world of craft and “extreme” brewing. I’d like to read an expanded version of this that covered the past 30 years of US brewing in the same depth, kind of “The Rest Is Noise” for beer.

I don’t care how pretentious Calvin Trillin is, this is a moving and appetizing review about an underdog barbecue joint being voted best in Texas.

Interesting review of what it’s like to live in the First Residence as a family member.

Looking forward to seeing this for four years.

So maybe we’ll do some sweet potatoes this year.

You know, I missed watching this when the local Boston reviewers pointed to it, but this could be the most awesome documentary ever.

Nice. Susan Crawford will school the “series of tubes” people.