Recently in Hacking Category

Flickr Google Gadget

| | Comments (3)

If you are a fan of Flickr and happen to use iGoogle you may want to check out a Flickr Gadget I recently wrote. It looks like this:

The gadget currently offers three tabs/views. You can see either the latest photos from your Flickr contacts (requires specifying your flickr userid in the settings), a sampling from recent 'interesting' photos, or specify keywords to search across all Flickr photos. You can view larger versions of the thumbnails overlaid in the gadget or jump right into Flickr proper.

I enjoyed creating the gadget and would love to hear any feedback or ideas for improvements.

To add the gadget to your iGoogle page just click the screenshot above or install with this button:

Disclaimer: I work on the iGoogle team at Google.

Email DOT com

| | Comments (3)

Having one's email address appear plaintext on a website is something most people try and avoid. Spammer's actively harvest email addresses from the public web and very few want their address on yet another spam list. In situations where it is unavoidable, people often use techniques like spelling out their address (Eg. user AT example DOT com) or adding in extra text (Eg. user_NOSPAM@example.com) or a variety of other approaches. Unfortunately these are easily detectable and extractable with some simple regular expressions and don't do much more than maybe prevent copy-and-paste of your address for legitimate users and maybe force spammers to add another regular expression to their script.

Some quick searches with Google shows how common these approaches are and also how easy it is to detect such patterns.

A slightly better approach, although not always feasible depending on the input restrictions, is to use JavaScript to write out the address. Something simple like:

<script>
document.write("us");
document.write("er@ex");
document.write("ample");
document.write(".com");
</script>

If a spammer were to process each scanned webpage with a JavaScript engine before extracting the addresses then the above wouldn't work, but the overhead (technically and CPU) is such that I don't see this happening anytime soon.

Google Translation API

| | Comments (0)
A quick post to try out the new Google Translation API. This API allows web developers to do dynamic text translation from within a webpage. Specify some text, set the language to translate from/to and then display the text that Google returns. Let's see if it works on this very appropriate Richard Feynman quote. You can also check out the Official Google blog post announcing the API. Note this won't likely work if you are reading this within a feed reader.

English
There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!

French

Spanish

Japanese

SONOS and mime-types

| | Comments (0)
Sonos Controller I ran across a fairly obscure problem with the Sonos music system related to mime-types, file extensions and dynamically generated playlists. This is fair warning that this post will get a tad technical.

The Sonos music system supports Internet radio stations and is capable of parsing remote M3U playlists. My plan was to write a simple script that retrieves the latest This American Life archives page, parses the HTML to extract the set of show URLs and returns a dynamically generated playlist with the desired show URL.

Sonos didn't like my dynamically generated playlist and it took me a while to figure out exactly why. In the end it seems the Sonos ignores Content-Type HTTP header and instead relies solely on the file extension in the URL it is accessing. In this case the file extension was .cgi and since Sonos doesn't know what .cgi means it ignored the contents of the response.

The workaround I found was to enable the execution of CGI scripts with a .m3u file extension but only in a single directory. This is the contents of the Apache-style .htaccess file I used:
Options +ExecCGI
AddHandler cgi-script m3u
AddType audio/x-mpegurl .m3u
Then I renamed my script.cgi to script.m3u and Sonos no longer complained about corrupt contents and treated it like a regular playlist. Dynamically generated This American Life playlists streaming through my Sonos. Wonderful.

I've contacted Sonos and explained the issue so hopefully they'll fix it in a future firmware update and others can avoid the headaches.

Steal This Film

| | Comments (0)
Regardless of how you feel about the legality or ethics of filesharing of copyrighted media, you should check out Steal This Film for a straight-forward, human-scale viewpoint on where filesharing is today from the perspective of people that actively share files and the people that operate the popular Pirate Bay BitTorrent tracking site.

A low quality version of the film is available on Google Video or you can download a higher quality .mov via BitTorrent. To download a BitTorrent file I recommend one of these fine clients: uTorrent, Azureus, BitComet.

It is also interesting to look at the latest anti-piracy productions like this anti-piracy ad from Australia, and this Jackie Chan / Arnold Schwarzenegger team-up and this video titled The Global Avalanche of Piracy found in the anti-piracy section of the MPAA's website.

About this Archive

This page is a archive of recent entries in the Hacking category.

Google is the previous category.

HOWTO is the next category.

Find recent content on the main index or look in the archives to find all content.