The new Google Docs design features custom square (rectangular) OS X Lion style scrollbars.

Start, Middle, End.

Google+ lets you respond to notifications right inside the notification dropdown menu. The notification bar is present at the top of all Google pages…pure genius!

MBFloods.ca is a resource for crowd-sourced flood data. Background info is on Ushahidi.com.

MTS has a few webcams setup around the province, The Winnipeg Free Press plotted them on a google map.

Look at all the water!

This is a bad, very bad.

To combat this security hole, Facebook enabled secure HTTP connections in January. Enabling this feature renders Firesheep useless.

Unfortunately, Facebook’s implementation has one serious flaw. When you use (almost) any Facebook app you’re required to switch back to un-encrypted HTTP mode! You’re presented with this dialog:

The wording used in the dialog may make you think the setting is temporary while you’re using the app. I don’t know if it’s designed that way or if it’s just poorly worded. But in fact clicking “continue” will permanently disable your HTTPS preference!

Sad.

I suspect there’s probably a technical reason for this requirement, something about the way that apps include data from external domains. I haven’t looked into it. Facebook really needs to address this.

My suggestion would be to disable some sort of alert when navigate away from the app, which a one click solution for re-enabling HTTPS.

Starting today we’ll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the “Account Security” section of the Account Settings page.

Enabling this option will effectively prevent you against Firesheep and similar account hijacking methods. I think it’s fairly safe to assume this feature is a direct response to Firesheep, even if it seems to have taken them 4 months to roll out. Though, it could also be a response to Zuckerburg’s account hack yesterday.

I’m going to go one step further than Facebook and say, you should absolutely enable this option as soon as it’s available to you.

• Monday: Protocol relative URLs
  Turns out, you can leave out the protocol (http, https, ftp, etc) when including a URL in html and browser will figure out what to do with it. This is particularly useful when including unsecured content on a secure page. I’m sure knowing this years ago would have saved me one or two headaches.
• Tuesday: What Jason Calacanis Learned From Zuckerberg’s Mistakes
  In his weekly LAUNCH newsletter Calacanis talks about his take on rollout hiccups and privacy mistakes Facebook has make over the years. In his educated opinion “Facebook’s success — and mistakes — are based on its developer-driven culture, not because Zuckerberg is some evil mastermind.” Essentially, Facebook developers have historically been allowed to roll out new features with little to no oversight, allowing the site to iterate quickly, keep ahead of the competition and occasionally annoy foreign governments. He makes a convincing argument.
• Wednesday: How a quartz watch works
  I already had a rough understanding of the piezoelectric effect as used inside digital watches, the video does an excellent job of explaining the concept. As usual reddit commentary filled in the gaps, explaining in detail exactly how the electronics translate the quartz vibration into time. 
• Thursday: Google Bookmarks exists
  Someone leaked that Yahoo! would be shutting down delicious and the internet lost it’s ever-loving mind! Turns out there’s some hope for delicious. Anyways, I haven’t used delicious much since the days it was still called del.ico.us. As far as I can tell, Google Bookmarks has done a pretty good job of pulling out delicious’ most useful features, plus you get the added bonus of having your bookmarks appear at the top of Google results when your search is relevant – if you’ve ever starred something on a search results page you’ll already have some links in Google Bookmarks. I had actually been looking around for a good bookmark service, this discovery couldn’t have come at a better time.
• Friday: Word Lense
  This iPhone(3GS+) app instantly text on-screen. As in, you point your iPhone at a Spanish sign and the words are replaced onscreen with the english translation. This is easily the most impressive augmented reality technology I’ve seen to date! We are truly living in the future.
  iTunes Link
• Saturday: Boardgame Remix Kit
  I am a huge fan of the boardgame revival hitting nerdom over the past 10 years, as such, I’ve become quite bored of the classics like Monopoly, Clue(do), Trivial Pursuit and Scrabble. When I came across Boingboing’s post about the Boardgame Remix Kit I was absolutely blown away the creativity and simplicity. The kit is a set of tweaks, mashups and completely new games built on 4 classic board games. It’s available as a PDF for £2.99 on the official site or as an iPhone app for £2.99 ($4.99 in the Canadian store). Both are beautiful.
  

There you have it, my week in links. This post contains something like 13 links in addition to the main links, I really suggest you click them all.

They only left out one little piece of info, your password may have been exposed even if you’ve never logged in to a Gawker site. Multi-IM client Digsby is owned by Gawker and Digsby username/passwords are also in that database! Seriously, this is bad. No more blogging after midnight…This was totally incorrect, my apologies. I didn’t read the email very well (or possibly at all). Thanks for the comments from the Digsby team. I incorrectly made the connection based on the password Gawker had on file; it was an old password I was sure I had only ever used for IM clients.

Again, if this is the first you’ve heard this, here are the important links:

• Widget to check if your password has been compromised [salon.com]
• Lifehacker FAQ [lifehacker.com]
• The raw data [thepiratebay.org]

The method in this post no longer works. But, I’ve found a new workaround.

Disclaimer: The method described below almost certainly violates Hulu’s Terms of Use. I do not know the legal ramifications of breaking these TOU. I am not suggesting that you actually follow my fictional instructions.

Instructions:

1. Open Firefox. The workaround requires a Firefox add-on, so unfortunately the method is Firefox-only at this point in time.
2. Install the “Modify Header” add-on, download it here: http://addons.mozilla.org/en-US/firefox/addon/967
3. Configure the add-on using the instructions I previously posted for watching Comedy Central in Canada. Here’s a quick reference image: http://imgur.com/Feb4 VERY IMPORTANT NOTE: The IP address referenced in the instructions “12.13.14.15″ is being actively blocked by Hulu, You’ll need to replace it with a known American IP address. Ask an American friend for their IP or see Appendix A for instructions on how to find a US IP address. The address you use should not affect the method, it’s merely being used to trick a portion of Hulu’s geo-location algorithm.
   NOTE: These settings interfere with other sites that you WANT thinking you’re from Canada. You can always disable the rule in modify headers when not using Hulu.
4. Block port 1935.
   This is the real breakthrough I came across. Turns out Hulu’s flash video player attempts a direct connection to your computer via the RTMP port to verify your real IP.  When you block this port it the falls back to HTTP allowing the video to play. Blocking ports is fairly straightforward on Mac and Linux, but looks to be somewhat difficult on Windows. See Appendix B for complete Port blocking instructions for all OSes.

Notes:

• If you are able to navigate Hulu.com, load a video and watch the commercial but then get a blank player or an error message afterwords, then you have not properly blocked the port.
• If you are not even able to navigation Hulu.com, you have misconfiguration the modify headers plugin, or you are using an IP address Hulu is actively blocking.
• This work-around also works for other sites that have video players powered by Hulu on the backend. Discovery Channel for example.
• It’s likely that non-Hulu-related restricted video websites may use a similar RTMP verification method will not function. You may want to disable the Port block when not watching Hulu. See Appendix C for instructions.
• It’s unclear whether the holes that allow this workaround are a bug or a feature. My guess is that closing them my results in certain IP on US soil to be blocked inadvertently.

Thanks to Jason Pollock, who’s slashdot comment pointed me in the right direction; and the Reddit /r/Canada community – especially MarshallX and got_milk4 – who helped me out with my initial instructions.

Thoughts about Hulu:

In the past I’ve had some limited experience checking out Hulu in hotel rooms on trips to The States, I’ve generally been impressed by it and I’m sure I’ve written about my impressions in previous TV posts. After a few days of “real world” usage, I’ve changed my mind a little. I no longer see Hulu as this Holy Grail of online TV watching experiences that Canadians could only dream of. It’s not a real alternative to torrenting and it’s only somewhat better than Rogers On Demand or the various individual Canadian network TV experiences.

The selection of available shows is (I hesitate to say “terrible,” Hulu has a metric tonne of content) not great, I was not able to find full episode of any recently aired show I wanted to watch. As far as I could tell, if the show is new Hulu only has short clips. On the other hand, I was able to find full series of shows I’d have difficulty finding in torrents or elsewhere online – like Sliders and Firefly. Hulu’s movie selection is not even worth mentioning.

Aside from the selection, I was astonished by the amount of ads. Full length shows typically have a 15-90 second pre-roll ad, plus network ID, plus 15-60 second interstitial ads during the show at broadcast TV; due to the heaps of praise Hulu generally receives in the Tech media, I was under the impression that they served little to no advertising. Granted it’s less than regular TV, but more than I’d accidentally watch on a PVR and it’s more than the 0 I’d see in a torrent.

The TV industry needs to find a better way to make money.

Appendix A. How to find a US IP address.

As I mentioned above in step 3, the X-Forwarded-For header requires a valid US IP address. It’s best if you use a unique-ish IP address, instead of the ones listed in my example. There are 2 simple ways to find a US IP address.

Method 1)
Ping a known US domain name, record the result. For example:

PING google.com (74.125.95.104): 56 data bytes

Downside: it’s hard to know for if the server that responds is actually located in the USA. If it works, run with it.

Method 2)
Pick a random valid IP address for a known US Organization. A few examples:
AT&T: 12.0.0.0-12.255.255.255, 32.0.0.0 – 32.255.255.255
MIT: 18.0.0.0-18.255.255.255
Xerox: 13.0.0.0-13.255.255.255

Downsides: none

Appendix B. Blocking Ports.

This is the tricky part. If you have a router or firewall that gives you a simple interface for blocking ports, I’d suggest using it, rather than OS-level configuration. Anyways, here are the instructions for various OSes:

Mac OS X:

sudo ipfw add 0 deny tcp from any to any 1935
sudo ipfw add 0 deny udp from any to any 1935

Third-party firmware routers (Tomato, DD-WRT, OpenWRT):

iptables -t nat -A PREROUTING -p tcp --dport 1935 -j DROP
iptables -t nat -A PREROUTING -p udp --dport 1935 -j DROP

Windows XP, Vista, 7:
See section 3 of MarshallX’s stellar Google doc for instructions. Based on comments I’ve seen on the Reddit post, this method is a little finicky.

Linux:

iptables -A INPUT -p tcp --dport 1935 -j DROP
iptables -A INPUT -p udp --dport 1935 -j DROP

Appendix C. Undoing the Block.

Mac OSX:

If these are the only firewall rules you’ve ever added:

sudo ipfw delete 00100
sudo ipfw delete 00200

If you’ve got other rules in the firewall run:

sudo ipfw list

Output will look similar to this:

00100 deny tcp from any to any dst-port 1935
00200 deny udp from any to any dst-port 1935
65535 allow ip from any to any

Use that first number as the ID for the ipfw delete command.

Windows: Delete the policies and filters you created (the ones with “Hulu” in the name).

Linux: you’re on your on. I think you run the same commands you use to block the ports, instead of “DROP” use “ADD”. But I can’t guarantee that.