Cosmo, the Hacker ‘God’ Who Fell to Earth

Mat Honan, at Wired's Gadget Lab:

“I called Netflix and it was so easy,” he chuckles. “They said, ‘What’s your name?’ and I said, ‘Todd [Redacted],’ gave them his e-mail, and they said, ‘Alright your password is 12345,’ and I was signed in. I saw the last four digits of his credit card. That’s when I filled out the Windows Live password-reset form, which just required the first name and last name of the credit card holder, the last four digits, and the expiration date.” After Mat fell victim to similar social engineering miscreants weeks ago, he has begun investigating how widespread this issue is. What he has found, through a goldmine source, is that this sort of thing is prevalent within the industry. This is a must read article. I applaud Mat for exposing these security issues and hope the MANY companies mentioned in this article will take action to close these vulnerabilities within their systems.

Dropbox Doubles Space For Pro Users

Dropbox just announced on their blog that all Pro account users are getting free storage upgrades. * 50GB $10 accounts now become 100GB accounts. * 100GB $20 accounts now become 200GB accounts. * a new 500GB account option will be available (pricing not announced) The changes go live tonight. This is great.

A Patent Lie: How Yahoo Weaponized My Work

Andy Baio, writing for Wired:

Yahoo's lawsuit against Facebook is an insult to the talented engineers who filed patents with the understanding they wouldn't be used for evil. Betraying that trust won't be forgotten, but I doubt it matters anymore. Nobody I know wants to work for a company like that. I'm embarrassed by the patents I filed, but I've learned from my mistake. I'll never file a software patent again, and I urge you to do the same. For years, Yahoo was mostly harmless. Management foibles and executive shuffles only hurt shareholders and employee morale. But in the last few years, the company's incompetence has begun to hurt the rest of us. First, with the wholesale destruction of internet history, and now by attacking younger, smarter companies. Yahoo tried and failed, over and over again, to build a social network that people would love and use. Unable to innovate, Yahoo is falling back to the last resort of a desperate, dying company: litigation as a business model. Yahoo is now a patent troll. This fact makes my worry about the future of Flickr grow greater still.

The Information Diet: You Are What You Read

J. A. Ginsburg, writing on TrackerNews:

It is not a pretty picture. And, yes, SEO (Search Engine Optimization), the insidious practice of using keywords to game search results, is driving this race to the inane. The only metric that counts is popularity. “The problem is no one is searching for the Pentagon Papers,” notes Johnson, “No one is searching for high quality investigative reporting.” The next time someone asks me why I dislike SEO, I'm going to direct them to this piece.

Comments Still Off

MG Siegler, writing on his blog ParisLemon:

Here’s the thing: while some try to paint comments as a form of democracy, that’s bullshit. 99.9% of comments are bile. I’ve heard the counter arguments about how you need to curate and manage your comments — okay, I’m doing that by not allowing any. MG's post is very short and therefore I do not want to quote the entire post here, verbatim, but the last paragraph is also important. He basically makes the same point that I've made here before. If you wish to comment on a post you see here, do so via Twitter, or your own blog, or your LiveJournal site…whatever, I don't care. The vast majority of people do not read blog comments anyway. By not allowing comments on my own site, the barrier to entry to do so usually eliminates most of the idiots typically found within the comment sections of most websites who have comments. As MG says: Commenting is a facade. It makes you think you have a voice. You don't. Get your own blog and write how you really feel on your own site. Earn your voice. Perfectly put. Also, I've linked to this several weeks back, but if this topic is new to you then I suggest you read Matt Gemmell's post as well.


Today I learned about a great new (to me) service that allows you to create your own personalized Podcast feed of audio you fine on the web. Perhaps I'm late to the game on this, but I had never heard of it before. The service, called Huffduffer, sports a tastefully designed site which I appreciate. The user interface is intuitive and simple. I first saw mention of Huffduffer over on the website of one of my new favorite podcasts, Roderick on the Line. Merlin Mann, one of the co-hosts of the podcast, has enabled a "Huffduff It" link at the bottom of each post. Curious as to just what Huffduffing was, I soon found out what Huffduffer did. I love it. I pass a lot of my time during the week while working, coding, doing chores around the house, cooking, etc… by listening to podcasts, mostly from Dan Benjamin's great 5by5 network but sometimes NPR. Occasionally I find one-off episodes of some random podcast I want to listen to, or a random interview of someone I manage to find in audio form. Gone is the old, tired, and tedious was of having to drag random audio files into iTunes in order to get them on my iPhone or iPad to listen to, only to then get out of my house and realize I forgot to configure that particular audio file to sync (I selectively sync only certain podcasts/music to different devices). Huffduffer allows you to create your own new personalized podcast RSS feed, and easily add random bits of audio you find around the web to that feed. iTunes treats it just line any other podcast, and downloads the audio. Once setup, that feed is always set to sync to your respective devices, so it works beautifully. From the best I cans tell, the service is free. This worries me, because I don't want the service to be sold to some behemoth corporation which will ruin it, or to have ads on it. My only request would be for Huffduffer to charge money to its users customers so that we can insure it continues to operate successfully. You may be interested in subscribing to my own Huffduffer feed.

How Facebook Tracks Users and Non-Users Alike

Ben Brooks, writing on Brooks Review:

Byron Acohido reporting on Facebook tracking cookies:

Facebook thus compiles a running log of all your webpage visits for 90 days, continually deleting entries for the oldest day and adding the newest to this log. If you are logged-on to your Facebook account and surfing the Web, your session cookie conducts this logging. The session cookie additionally records your name, e-mail address, friends and all data associated with your profile to Facebook. If you are logged-off, or if you are a non-member, the browser cookie conducts the logging; it additionally reports a unique alphanumeric identifier, but no personal information. Later Arturo Bejar, Facebook’s engineering director, is quoted as saying: “But we’re not like ad networks at all in our stewardship of the data, in the way we use it, and the way we lay everything out,” Bejar says. “We have a very clear and transparent approach to how we do advertising that I’m very proud of.” So I guess the real question is, do you trust Bejar, and therefore Facebook, in general when they say these things? What about now: Adding fuel to such concerns, Arnold Roosendaal, a doctoral candidate at Tilburg University in the Netherlands, and Nik Cubrilovic, an independent Australian researcher, separately documented how Web pages containing Facebook plug-ins carried out tracking more extensive than Facebook publicly admitted to. I just don’t buy anything Facebook is saying these days. Ben has been on a roll with good commentary. I quoted entirely to much of his piece, but did so anyway because I didn't know how quote just one part without leaving out the main point of his piece. Therefore, please please go to his site and subscribe to his RSS.

Which Is Mobile?

Jen Simmons asks, "Which is Mobile?" This is the link that Jen points to in that last tweet. This has been something that has frustrated me more and more recently. I keep clicking on links in Twitter from someone I follow, while on my iPhone or iPad, only to have the destination site try to reload the webpage as their mobile version of the site, which breaks the link and just sends me to their homepage. So let me get this straight: You've decided to implement a special, mobile version of your Web site that is going to supposedly make it easier for me to use on my iPhone or iPad (which can browse "full" versions of sites just fine, thank you very much), and your supposed "mobile friendly" version of your site actually makes it harder to use because it prevents me from arriving that the linked designation because that same link fidelity doesn't have parity with your non-mobile site. Lovely. Suffice it to say, I hate mobile sites. Just give me the full webpage, by default. Don't make me scroll to the bottom to hunt for your "Switch to full site" link, that is, if you even have one. I think Jen Simmons is spot on here.