Categories
From The Archives Podcasts Review

Podcasts: what’s on my iPod

I’m pretty sure I’ve made at least a couple of posts about podcasting. I can’t be bothered to read my past entries to see exactly what I said, but I’m pretty certain it was somewhat negative. My main problem with ‘podcasting’ was (and still is) the term itself…Even though I’ve made a couple attempts at podcasting myself, truth be told I didn’t really get it. That is, until I got an iPod.

My wife bought me a black 2GB iPod Nano a couple of weeks ago as an early birthday present. Once I got comfortable with the iPod interface in general and iTunes itself (not a pretty app to run on windows) I started subscribing to a couple of podCasts. A few I’d listened to before and a couple of new ones – I’ll get to that in a minute. After loading up a few hot new podCast, I was immediately impressed, it gave my iPod a completely new use. The way the iPod seamlessly syncs with iTunes makes it an extension of my computer and the internet. If you have an iPod and you’re not listening to podCasts you’re missing out on half the functionality. If you spend a lot of time in front of the computer and you find yourself getting tired of listening to music (maybe you’re just old), check out a podcast.

Anyways, I thought I’d list a podcasts I’m currently subscribed to:
CBC Radio 3
100% Independent Canadian Music
A weekly podcast, with 19 episodes to date. Plays a mix of indie music, similar to what you might hear on DNTO, everything from emo to hiphop. I’ve listened to 3 episodes so far. One of them was pretty good, but i might just be saying that because they played moneen. The other 2 weren’t really great. It’s the sort of mix I might like to listen to a road trip, or late at night. It does makes use of mp3 chapters, which is interesting from a technical standpoint.

Diggnation
Diggnation is a weekly tech/web culture show based on the top digg.com social bookmarking news stories. Hosted by former The Screen Savers hosts Kevin Rose & Alex Albrecht.
Always entertaining, usually informative. As these two guys have actual broadcast experience, it’s one of the best. Also has a corresponding ‘vidCast.’

Hi My Name Is Mark
defeat, crushed dreams, and high karate. The life and times of Mark Hoppus…
former bass player for blink 182. Only 2 episodes. So far it’s better than I’d expected. For fear of legal repercussions most podcasts either stay away from music altogether, or limit themselves to “podsafe” music. Because Mark Hopus is actually *IN* the music industry he’s able to get permission play anything he likes, additional he interviews almost every artist he plays. The music is obviously lite, pop punky/emo. Mark also makes great use of the mp3 chapters feature.

Security Now!
Steve Gibson, the man who coined the term spyware and created the first anti-spyware program…discusses the hot topics in security today with Leo Laporte. Published weekly late Thursday night.
I’ve listened to all 7 episodes. The topics discussed in classic Leo Laporte style fairly rudimentary. I could see this show being educational/useful to a lot of customers i used to talk to when i did tech support. Initial I thought I’d give it a chance, the subject matter is a little more technical that the normal Leo fare. It’s going down hill. If the dumbing down-ness continues next week, I will probably unsubscribe.

techPhile
Gadget, Tech & Geek on the go. Listen in for news, reviews, and interviews with today’s shakers and movers in the techworld.
Essentially tech news with a Canadian spin. I was about ready to unsubscribe – the content isn’t too interesting – but it looks like he’s got some good interviews coming up. So I’ll give those a listen.

The Dawn and Drew Show
Gadget, Tech & Geek on the go. Listen in for news, reviews, and interviews with today’s shakers and movers in the techworld.
This show is podcast daily (as far as i understand it’s their fulltime job at the moment, they’re syndicated on satellite radio). That’s probably one of the only reasons I listen to it. I first heard about this show on another podcast. Dawn and Drew get a lot of props, but the show isn’t anything special. The show really isn’t about anything, they basically talk about their life and their fans and joke about sex. It’s serves as my mildly amusing morning radio show on the bus.

The Web 2.0 Show
Welcome to the Web 2.0 Show podcast with your hosts Josh and Chris! Join us as we discuss Web 2.0 technologies, business and ideas with industry leaders.
Pretty straight forward. If you’re not familiar with the term ‘web 2.0’ check the wikipedia article. They’ve only put out 3 episodes to date. The first had horrible audio quality, I couldn’t listen. The second was only midly educational. The 3rd is still sitting on my iPod. I’m pretty excited about web 2.0 so I’ll give this podCast another chance.

Saved the best for last…
This Week In Tech
Your first podcast of the week is the last word in tech. Join Leo Laporte, Patrick Norton, Kevin Rose, John C. Dvorak, and other tech luminaries in a roundtable discussion of the latest trends in high tech. Winner of People’s Choice Podcast and Best Technology Podcast in the 2005 People’s Choice Podcast Awards. Released every Sunday at midnight Pacific.
This is *THE* tech podcast. It’s a behemoth. They don’t know for certain, but I don’t think anyone would be suprised if they found upwards of a million downloads per episode. The original name of the show was “Revenge of The Screen Savers” and that’s essentially what it is. In addition to the reccuring hosts, the discussion often includes former TSS guests and personalities. Despite Leo Laportes presence, this show manages to be an exteremly informative discussion of tech topics. Reoccuring topics tend to be: google, digital rights, IPTV/IPMedia, bittorrent as well as other generally geeky topics. They’ve recently moved the show to a “live” venue (first the apple store in cupurintino, then a bar in toronto, now rotating california resturants) with a live audiance and a video shoot – a first in podcasting. The majority of hosts are media veterans making this a very well produced affair. Episodes typically run 60 – 90 minutes.

Categories
From The Archives

Comment Spam Begone!

Oddly enough I’ve been seeing a lot of comment spam in the past few weeks. By “a lot” I mean more than zero. I may have been getting comment spam since the beginning, I didn’t really look into it. But I only started noticing after I added code that emails me new comments. So I just added http referer checking to the comment module. Hopefully that stops the spam. I have no idea how well spam bots are typically written. Any reasonably experienced developer should think to fake the referer. If this method is ineffective I’ll have to come up with something else – i’m thinking along the lines of ajax fired by the text field’s onChange method, I’ll have to think about that further.

That’s all for now.

Categories
From The Archives Google Review Websites

IM, OS and Pirates, Oh My

Google Talk

If you haven’t already heard Google released Google Talk Beta on Wednesday, Google’s answer to AIM and MSN. As a nerd I feel it’s somehow my duty to talk about google even though I’m sure this has already been “blogged” about 10,000 times since Wednesday. Wired has already written a review. My two cents: the classic google simplistic design is sheer brilliance as always, I couldn’t be happier with Google’s choice to to use the jabber protocol – open protocols are where it’s at – fo shizzle, voice sound quality is superb – the use of cellphone style connect quality bars is brilliant, i hope they implement file transfers soon, multi-chat is overrated – i hope they don’t include it, tabbed chats would be nice. That’s a quick rundown of my thoughts on gTalk. Next up, windows Vista…

Asta la Vista

I installed Windows Vista Beta 1 (legally obtained, I assure you) the other day. I am definitely unimpressed. Granted I didn’t take a super close look at it. I’m convinced that Vista is going to be to XP what ME was to 98, especially at the rate they’re removing features. The main features I noticed where silly GUI ‘improvements.’ I suppose GUIs are what desktop OSes are all about. But the Vista GUIs features fall into to categories 1) ripping off Mac OS X, 2) stupid/pointless. blah….i can’t talk about this any longer

Pirates of the Spanish Main

I recently moved in close proximity to a Geek Games Store. While waiting for my bus the other day I noticed an interesting looking game in the window, Pirates of the Spanish Main. The publisher is calling it “world’s first constructible strategy game.” It’s essentially a miniatures game, wrapped in the facade of a collectable card game. You purchase the game in packs of cards which punch out like paper dolls. The cards consist of ship pieces, crew members, islands and treasure. The empty cards can then be used for in game measurement, all measurements are in S or L (short or long side of the card), pretty brilliant. The rules are dead simple and the ships are fun to build. So in conclusion, add me to your gtalk list and buy yourself some Pirates! cards i need someone to play with. (cards are water and wine proof btw)

PS. Check out A List Apart 4.0, interesting layout.

Categories
From The Archives Winnipeg

Winnipeg Web Firms

Earlier this week I sent my resume to a bunch of Web Design, etc based in Winnipeg, in hopes they would be looking for an awesome hip web developer to give a bunch of money to. Unfortunately, none of them were. I consider myself quite good at googling, but I had quite a hard time finding Winnipeg firms the first time I looked. Such a hard time in fact, that I compiled a list and saved it to a txt file. So, in hope that this list gets picked up by google or something here it is, all Winnipeg Web Design firms I’m aware of:

Cocoon Branding Inc.
IdleWorks Inc.
Mars Hill Group
Meterx Systems
Okina Consulting
Planisphere Communications
Smokehouse A Design Company
spacecadet design
Transcension Media
ViewSource Media
Visual Lizards Inc.
WebMomentum
Web Slingers Inc.
Web Wizards Inc.

Categories
From The Archives Web Development

better bandwidth protection: revisited

I meant to post this a couple of days after my initial bandwidth protection post, but alas, updating this site is usually the last thing on my mind.

Firstly, I glazed over something I probably should have explained in more detail. That is, the php file masquerades as the media file. The media files should not be in a web accessible location, this way it is not possible for anyone to direct link the the media file itself. To accomplish this you first need to send the proper content-type header, to tell the client it’s receiving media not a php file (the webmaster-toolkit.com has a good list of mime-types. For instance, if you’re protecting a real video file, you’d want:

header("content-type: application/vnd.rn-realmedia")

I’ve found that some browsers choke if they’re not given the proper file extension, so you’ll want to have .rm at the end of your request_uri, something like:

mediafiles.php?uid=uidstring&itemid;=id&abitraryvalue;=somethingirrelivate.rm

In case it is not completely clear, you do not necessarily want your code to do anything with the arbitrary value, it’s just there as a placeholder to tack on the file extension.

Next you’ll need to pass on the contents of the media file (after doing database queries or whatever is necessary to figure out the file path). In my original example I used the include() function. That was actually a pretty bad choice, php evaluates the content of the file being include()d and therefore will eat up some cpu cycles and potentially do really bad things if it happens to find a <? somewhere.

A function like readfile() would be a much better choice. Also, some feedback i received on digg suggests that php might bring your server to it’s kneels if you try to process a file larger than 100MB in this manner. My testing on my PII 400 fedora box did not encounter any problems, but it was far from scientific.

Security

I would also like to point out that my code snippets were not meant to be usable example code, but rather very brief outlines to help illustrate my ideas. As such, my code actually suffers the filename/path security hole I “paid lip service to.” I assumed that you would be able to figure out how to write the code yourselves. Here is an old post on NotIan.net that illustrates the bad things that can happen if you include filenames as request parameters, but fail to check the integrity of said filename/path.

Proxies

Apparently AOL (and some other ISPs) use a system of rotating proxies, in which each http request may be shunted through a different proxy server, ie. different IP address – even within the same page. This makes IP based filtering completely unreliable. I’m unsure how much internet traffic is routed through this sort of system and so I’m unsure how large of a problem this might be.

A Lighter Approach

Fear not, there is another similar approach that can be done without IP addresses whatsoever. The same concept of obfuscated keys can be applied to system for expiring links based on time.

In the first protection scheme, we essentially expired any keys which did not match the current IP address. In the last example, I included a date() value. Well, it should be fairly obvious that if you drop the ip address shenanigans you’ll get a key which expires based on date. The meat of a key generation function that expires daily would look like this

$key = md5(date('zY')+'MYSECRETSTRING');

Re: MYSECRETSTRING
Adding a secret string can be used to create a completely unique hash, making it harder to duplicate the hash. Although, i’m not cryptologist, but my gut tells me that doing so makes the hash easier to crack, as each seed contains a static token which could be used to calculate a pattern.

an important note:
Because our example uses a hashing your key generation cannot actually calculate an expiry DATE. The hash cannot be reversed so your validation function cannot retrieve to expiry date to determine if the it has passed. The only thing it can do if evaluate if the current hash matches the requested hash. Also for this reason the date format has to be exactly as precise at the duration of the key. An hourly key would have to use ‘HzY’ (24-hour format of an hour, day of year, year). If you fail to include the hour in 24hr format, the key will be valid in the morning and afternoon. If you do not include the year, the key will be valid every year on the given day. And so on.

Conversely, if you had reason to only allow access to content at certain times of day, or on certain days, you could ONLY specify that date() parameter.