Blog

take a minute now to check out the cookies that your browser has. for mozilla-based browsers, opera, and safari, you can do this by going in the preferences somewhere; for IE you'll have to head over to your Cookies directory in your Documents and Settings folder. take a look at how many cookies are labelled __utma, __utmb, or __utmz (possibly others that start with __ut as well). IE users will probably have to do a grep or find-in-files for this.

these are all google analytics (formerly urchin) cookies. i don't know about you, but i've got a LOT of these cookies, and all they do is track me as go from one site to another. every time you go to any page on one of those sites, google knows about it. they log your time of access, referer URL if available, and (presumably) any other information they can get their hands on, almost certainly including your IP address. given that information, so they can certainly correlate page views from a single person during a browsing session by looking for page views from the same IP within minutes of each other, and use the referer URLs to further consolidate the information. with the cookies, they can link different browsing sessions together to the same user. overall, i'd guess that google could probably replicate a significant chunk (> 50% in my case, but depends on the types of sites you visit) of your browser's history - and as more sites use google analytics, they'll be able to do even more of it. (note: i doubt they actually do this right now, but the data's there, just waiting to be hacked into/obtained by court order/whatever.) that data is a prime target for targetted phishing attacks, identity theft, and who knows what else.

as a webmaster, it's nice to be able to generate accurate statistics of the people visiting your site so that you can better customize the experience. as a consumer of web sites, i don't think the customization is really worth the ever-increasing risk of identity theft. as a programmer, i'm tempted to try and write a browser that explicitly doesn't store tracking cookies like the __ut* ones, and provides random referer URLs and user-agent strings to the pages it visits. and possibly uses a set of proxies to randomize the IP address, too.

[ 2 Comments... ]

it snowed today! now that i've gotten that announcement out of the way, on to the main topic: time travel.

at work today (or rather, during lunch at the mall) some of my co-workers and i were discussing the possibility of time travel. the main problem we ended up with was that of matter creation/destruction. time travel implies moving a bunch of matter from one time to another, which is effectively the same as destroying matter in one time and creating it in another. also, what happens to the matter in the place you appear? since (i assume) at most a single particle can occupy a given position at a given time, it's possible for you to travel to some other time and have your particles collide with other particles already there. swapping the volume (i.e. you go back in time 10 minutes, and the air that you replace moves to the present) also doesn't work because of density differences (it's a different mass, and so you end up creating/destroying matter).

in the end, we came to the hypothesis that the only way to pull it off would be to shrink the object in question down to a point of infinite density, and then swap it with another point of infinite density in another time. since black holes do shrink things down to points of infinite density (maybe), we postulated that black holes are really time portals created by some super-advanced species in order to travel through the fourth dimension.

looking back at this now, i guess it still doesn't solve the problem of matter creation/destruction. hmm. anyway, what do you think?

[ 7 Comments... ]

had a random conversation with some guy on the bus back from badminton today. he asked me the time at the bus stop and we just started talking. turns out he switched out of business to get into actsci, seemingly for the money. so i launched into my spiel about how picking a career for the money is.. inefficient would be the best word, i guess. money is just a means to an end, and the end is happiness in life. sure, money can buy you goods and services, which in theory can make you happy, but if you spend 8 hours a day hating yourself to get to that point, well, it's inefficient. much better to spend 8 hours a day doing something you enjoy and taking a shortcut to the happiness.

in the end, he got my point and agreed with it in theory (i.e. it made sense, but it's unlikely he's going to put it into practice). it seems that most people i have this conversation with seem to find the concept non-obvious, even though they agree it makes sense after it's been explained. and they then proceed to ignore it completely (understandable, unless the person in question is an economist - they should understand when to let go of their sunk costs). i guess it is partly society that's to blame for this kind of behavior, and it's unfortunate society is so stupid that way. argh.

[ 4 Comments... ]

so i left work yesterday at 14:10 to get to the airport to catch my flight at 20:35. does anybody else find it weird that i had to leave over 6 horurs before my flight was scheuled to depart in order to make the flight? as it was, i just barely made it. took the iXpress to the charles street bus terminal and got on the 15:30 greyhound to toronto (via guelph). due to long weekend traffic, i only got in to toronto at around 18:30, then TTC'd my way to the airport, getting there at around 19:10. 5 hours to get to the airport. i suppose it could have been a lot less time if i had taken the airporter or a limo, but meh, i'm cheap :)

at the airport, i used the check-in booth thingy which for some reason didn't accept my credit card as ID (it didn't even suck in the card). anyway, after going through the line to get the baggage tag for my one check-in piece, i got through US customs pretty easily. then the fun began: whenever i've flown from pearson to the US, i've always noticed there's a separate line for people flying in to DCA. well, this time i got to take that line. turns out the only difference is that they're more explicit in checking your check-in piece. there was a lady who opened up my check-in handbag and went through everything in it. since i was only going for the weekend, there wasn't much there, but she was still pretty thorough. then the bag went off to the conveyor belt and it was back to normal.

the other difference was that they did another check of the hand baggage before boarding the flight. i assume this was only because it was flying to DCA; I didn't see other people having to do that. also, the flight was departing from gate U - i'm not sure if any of you have ever boarded a flight from gate U, but it is the furthest gate. at around gate R, they actually had a little sign listing distances and travel time to gates S, T, and U (it was 184 metres to gate U). so anyway, after the manual search of my backpack, i got on the plane, which taxied away from the terminal pretty much on time. as it was, i got on the plane halfway between the boarding start time and depart time - if I hadn't made it to that iXpress bus, i would surely have missed the flight.

on the flight there was more fun with the enRoute inflight entertainment system. this is the first time i've been on an air canada flight with personal enRoute systems in each seat, so i played around with it a bit. it looks really snazzy, and has a relatively usable UI, but definitely has scalability issues. a couple of minutes after it was turned on, due to heavy load, it crashed. i got a black screen with a few blue "function mysql connect" messages in the top left corner. they looked kind of like hyperlinks, which led me to believe that the UI is built on top of some web interface. flash wouldn't surprise me. i guess they didn't test the system under theoretical maximum load when they designed it. anyway, they rebooted the system, which took another 5 minutes, during which i was staring at a blinking block cursor. other than that, it was pretty nice - i got a red hot chili peppers album added to my playlist and listened to it as i poked around the various tv/movies/games selections.

oh, what else: the food. why is it that the food offerings have become increasingly pathetic on these flights? this time they managed to take it step lower than the usual peanuts or pretzels: gourmet sesame. i can only imagine that "gourmet" was the brand of the sesame, since there was nothing otherwise gourmet about it. the bag came with about a dozen sesame thingies, and the nutritional information actually gave the information "per bag", as opposed to the usual "per serving", which leads me to believe that it wasn't even a single serving. meh well, at least they're honest about it.

[ 5 Comments... ]

google code search has been released (even though i seem to recall google already having some sort of code search thing a while back). anyway, i googled the first thing i could think of: foo. ah, good ol' foo. although, as it turns out, not all that popular. foo turned up 1,480,000 results, whereas bar whipped it with 2,950,000 results. baz came in third with a measly 110,000. there were also 55,700 "hello world"s and 142,000 instances of doit, for those curious.

[ 1 Comment... ]

[sarcasm]if this isn't a beautiful car, i don't know what is.[/sarcasm]

i wonder if they only took photos of the ugly/crappy cars, or if there were only those kinds of cars there. i remember some really kick-ass cars at that show a few years ago. there was a nissan model that was awesome. i don't it ever got mass-produced, though :(

[ 1 Comment... ]

i've been working on getting OpenID working with my site, so that instead of creating an account using a username/email address/password and then logging in using your username/password, all you need to provide is your openid identity URL. accounts will be created automatically the first time you log in, and account info will be stored on the server. you will optionally be able to specify a screen name and email address (required for the delaygames).

as it turns out, openid is much simpler for both you (the user) and me (the website owner). so much so, in fact, that instead of supporting two different login/account systems, i'm planning on migrating all the accounts to openid and getting rid of the traditional account system altogether.

so this is how it's going to work.. the first step is for existing users to specify their openid identity. you can do that by going here (make sure you're logged in to stakface.com first, or it won't save your identity). in a week or so i'll change the login to be openid-based instead of username/password. at that point, any accounts that have not specified an openid identity will receive a reminder email, and will be deactivated a few days after that.

a lot of you probably haven't heard of openid before, so here's a quick summary of how it works: some website serves as your identity provider. this can be any site with an openid server set up (LiveJournal is one of these; see the list here). the identity provider website is usually one you're logged in to all the time. when you log in to some other website using your openid, that website redirects your browser to your identity provider with a request to validate your identity. since you're logged in to your identity provider, the provider can ensure that you are in fact you, and redirects your browser back to the original website with a yes/no response. there's some additional stuff like cryptokeys and getting your permission to share your identity, but that's the high-level overview. for details, see the OpenID website. or you could just figure out how to use it as you go along (it's not hard).

if you already have an account with some website (such as LiveJournal) that provides you with an OpenID identity, great. if not, i suggest creating one at one of the free servers listed here. or not, if you don't think it's worth the hassle. it's up to you.

Click here to get started.

[ 5 Comments... ]

.. apparently i completely forgot to post this in my entry two entries ago but ink_13 graciously syndicated my blog on LJ, so you can add it to your friends list if you use the friends list feature on LJ.

[ 0 Comments... ]

i just spent a couple of hours going over the apache logs for my site for september.. as usual, the vast majority of hits are coming from bots and crawlers (Yahoo! Slurp seems to take the lion's share on that, although I didn't actually generate statistics). there's also a fair number of spammers who are being foiled by my IP blocking and captcha tactics. hopefully they don't get any smarter, and hopefully i'm not boxing out non-spammers.

on the rise from the last time i checked are aggregators: Bloglines, Google Reader, etc. most of them are web-based, although at least one person seems to prefer SharpReader.

i was suprised to note 16 people hit my website from the BarCamp page, where i registered as not being able to come (i hope they have another one that I can attend). i didn't expect that number to be so high, although i suppose it makes sense that most of the people who even care about BarCamp are also going to be the types that want to find out more about other similar people. i know i clicked on a few of the links on that list, too.

and finally, it appears that other people out there do seem to check their server referer logs on a fairly regular basis. one of these people came snooping around my website, trying to find out more about a particular URL that is only accessible to me. perhaps i should implement a google-esque redirection page, so that all outgoing links from my site have a bland and non-informative referer URL. but i suppose that wouldn't be fair to others, and it wouldn't be as much fun for me, either :)

[ 2 Comments... ]

finally got around to updating the RSS and Atom feeds. the feeds now contain the full entry text (instead of just the first 150 characters as before). they also contain html stuff like links, which were being stripped out before. the only things that now get stripped out are polls, photos, and thumbnails. they'll be replaced with little notes like [poll] so you know they've been stripped.

the Atom feed has also been updated to v1.0, and both feeds now validate with the feed validator. sorry if the changes cause the last n posts to show up again in your aggregator, but that should be a one-time thing. as usual, let me know if there's any problems.

[ 0 Comments... ]