Thursday, December 16, 2010

Revving Chrome for a Cause

Google's launched this great initiative/Chrome extension called "Chrome for a Cause," where for every tab opened (up to 250 tabs/day) Google will contribute towards charity. You can download the extension here:

http://www.google.com/chrome/intl/en/p/cause/

Now let's say you're in the mood to speedily log 250 tabs open, but your Ctrl+T muscles are sore. Several code solutions have popped up, including a full-on Chrome extension which automates the process.

My question: why can't this run in Javascript?

My response: Chrome for a Cause Fastest bookmarklet

Here's the code:
javascript:i=260;function addTab(){if(--i==0){clearInterval(j)}x=window.open('');x.close()}j=setInterval('addTab()',1000);void(0);

Just let it run for ~5 minutes, and you're done. You've helped provide a year's supply of clean drinking water for someone on earth.

Saturday, May 29, 2010

"And now no oil nor cartel doth besmirch"

O, that this too too oily spill would thin
Spread and disperse itself into the Gulf!
Or that the Deepwater Horizon
Had not ignored all warnings! O BP!
How crude, slick, fine and most profitable,
Seems to you all the black gold of this world!
Fire on't! ah fire! 'tis an untamed leak,
That thrives to bleed; men rank and gross in nature
Extract it dearly. That it should come to this!
But six weeks gone: nay, not so much, not six:
So excellent a crop; we are, to this,
Unquenched addicts to a poison; so vital to my country
That it might not beteem the Saudi princes
Restrict its flow too harshly. Profits and greed!
Must we remember? Why, we are drunk on it,
As if increase of appetite had grown
By what it fed on: and so, over the years--
We wish not think on't--Frailty, thy name is petrol!--
In little time, or ere that well was killed
From which there flow'd that darkest Texan tea,
Like Niobe*, no rest:--why she, even she--
O, God! a beast, that gushed by both day and night,
Would have run dry sooner--spew'd from the sea floor,
Our country's life-blood, but no more like our life-blood
Than curdled milk to cream: within the Gulf,
Ere yet the fisherman of most fresh shrimp
Had left their harbors for their season's catch,
Oil spread. O, most wicked speed, to wreck,
With such penetration, fragile wetlands!
The size of the spill is not understood:
But break, my drill, your blowout preventer.

*In Greek mythology, Niobe cried for her dead children so much that the gods turned her into a stone which continuously gushed water.

Oh, and BP? More matter, less art. Or rather, less matter, less art. Just kill the thing already.

Wednesday, May 26, 2010

Browser Bonanza

I've noticed that a lot of my posts on here are simply reminders for myself, but really, does that matter at all?

First off, I'm trying to compile a list of my personal favorite Firefox add-ons, so I can simply come to this post on a new download of FF and install everything. I did a post on add-ons and stuff a while back, but in the 1.5 years (!) since that post my focus in add-ons has moved. Here is my new list.
Onwards, to bookmarks and bookmarklets. Things to have in a bookmarks bar:
*denotes bookmarklet.


Finally, Chrome 5 is here, so get it, right now.

Saturday, May 15, 2010

Excellent, Dr. W̶a̶t̶s̶o̶n̶ Yahoo.

Yahoo! remains one of my favorite places for incredibly late internet news. I can just imagine all those old people loading the page, fighting back the page-covering advertisements ("ABP? Is that a heart condition?"), only to see some video of some British kid named Charlie biting his brother's finger. Stay topical, Yahoo.

Anyway, I saw this HEADLINE STORY and couldn't not fix up the page quickly with a little Firebug. Enjoy.



(By the way, if you don't get it, go here, right now.)

Sunday, March 21, 2010

Manhattan Scavenger Hunt

Yesterday, we had a scavenger hunt across Manhattan. The prize was a ton of Pocky, so we called our group Pockystan. There were like 140 things on the list, so we licked street signs and got Starbucks baristas to sign coffee cups and proposed to strangers and pole-danced on street poles and rapped with strangers and got an egg from an old lady in a townhouse and yelled through central park until we found a guy named Steve and played limbo with kids and futterwacked at the Alice in Wonderland statue and argued with crazy Jesus people and raped a church and burned a woman and sang Disney songs in a drugstore and high fived cops and Mr. Softee truck guys and a guy with an awesome mustache and staged public breakups and rode the carousel and walked piggyback into a parking garage making cars noises asking for the cost to park for a day and serenaded with Shakespeare and sang the prince of bel air theme with a guy on the street and beatboxed with strangers and got free macarons and impersonated elvis in grand central station and screamed "STELLAAAA!" in a subway car and hugged another crazy Jesus person who smelled like manure. Then we did kareoke.

In other words, yesterday was awesome.

Friday, February 26, 2010

An Open Suggestion to Wolfram|Alpha

It's just a suggestion, really: nested queries. This feature is partially implemented currently, as you can search things like "weather Chicago the day Barack Obama was born", but there's no reserved character system to input queries in queries and use the sub-queries results as arguments in the main query.

Example of possible use: "max({{life expectancy USA {{USA median age male}} male}}, {{life expectancy USA {{USA median age female}} female}})", where {{query}} denotes a subquery.

That particular example finds the life expectancy of American men and women of the median American age for their gender and returns the larger of the two. Normally this would take five queries:

USA male median age --> 35.4 years
USA female median age --> 38.1 years
life expectancy USA male 35.4 years --> 77.35 years
life expectancy USA female 38.1 years --> 81.76 years
max(77.35, 81.76) --> 81.76

With subqueries, however, we get a single mega-query which returns our answer (81.76 years) without several queries and copy and paste.

Just my two cents.

Saturday, January 30, 2010

iPads for Obama!

It's the latest trend in the world of online scammers. Someone makes a group on Facebook promising free merchandise/hidden Facebook features/true love if you join and invite all your friends. Of course, these pages restrict viewing of their Walls, so people must join before they find out that it's fake.

The second step is to connect some external website to the Facebook group, which you must visit after you join and invite everyone you know to the group. This web page is where the group creators may collect usernames/passwords with a fake Facebook authentication page, or collect names and addresses, or even credit card info. Whatever their motives, the group spreads too fast for the original adopters to warn those they've already invited about the site. And so, like a virus, the group grows and spreads.

Earlier today, I saw on my Facebook wall that someone I vaguely knew had joined a group entitled "Get a FREE Apple iPad Test Unit!" The group followed the usual procedure of adding all your friends and clicking a link. This time, however, I was curious. Without joining or spamming my friends, I clicked the link. I was greeted with this friendly page:

http://cpalead.com/adblock.php

As a rule, any site douche-y enough to restrict access based on an add-on doesn't really deserve your attention anyway. Still I pressed on. I discovered that cpalead.com (which is completely blocked by the EasyListUSA subscription list in Adblock Plus) was noticing that I was restricting the execution of its stuff and therefore redirected me from the original page to let me know that I was a bad person.

After fishing around for a few minutes, I discovered what .js file on cpalead.com was causing the matter and exempted it from screening. The site then loaded, Adblock Plus filter ignored.

That filter, for those of you who may encounter this in the future, is:
@@|*cpalead.com/mygateway.php?* UPDATE: This code wasn't covering all cases, so I had to tweak it. Use the current version.

---------

After finally accessing the web page, I was greeting with a page-covering DIV and a notice which said that I had to fill out a survey before I could enter my info, "to verify that I'm not a bot". Back on the Facebook group page, they did apologize for the system, but all I can think is, why not be like EVERY OTHER website and use, oh, I don't know, a CAPTCHA? I looked int he lower-left corner of the giveaway page, where a "HACKER-PROOF" logo made the non-https site look very secure. HACKER-PROOF? We'll see about that.

At first, I tried removing the div and just accessing the form directly. That triggered some hidden JS file and promptly warned that I had been "reported" for trying to "hack" the site. Excuse me, but editing local HTML source code for a loaded web page is NOT hacking. I could go on my YouTube channel page and locally edit the HTML to make it look like I have 9001 subscribers. That's still not hacking, because if I refresh, my hard work is gone. Still, at this point I didn't feel like bothering with the annoying .js file, so I decided to do as I was told.

I BS'd my way through one of their dumb surveys (which then started spamming me with product requests, so I'm glad I did not put a real email address. Unless "wmnbd1@a0l.com" is a real address, in which case, please forgive me.) Thankfully, the giveaway page at this point removed the blocking DIV, allowing me to submit my details in order to (potentially) receive a FREE iPad!

But then I noticed something. The form was in a frame. And I could load the frame in my browser independantly of the main giveaway page. And the frame was just the relevant form field which submitted my info, nothing more, especially no hidden JS files.

So wait a minute. I have to "disable" Adblock, not tamper with the HTML source code, and take a spam survey designed to steal my details, but you don't even bother to put security on the actual FORM?

For those of you not familiar with how these kinds of security measures interact, it's kinda like this:



So now I have unrestricted access to the form. The thing is totally unsecured. Hell, I could probably just re-send this form over and over--

It doesn't take long for me to complete a simple form submission page which uses GET variables from the URL to choose the name, address, and email you'd like to submit, and automatically on page load submits the form for you. Embed the form page half a dozen times on another page, set an auto-refresh system up on the meta-form page, and you've got a submission system.

Now all you need is a name, an address, and an email.

At this point, I think back to the State of the Union on Wednesday. Obama had said that "our economic growth increasingly depends on our ability to sell American goods and crops and services all over the world." Perhaps, then, Obama would know of some good places to put to use a few hundred iPads?

Name: Barack Obama
Address: 1600 Pennsylvania Avenue
Email: potus@whitehouse.gov (I doubt this is a real email address, but it sounded cool.)

I let the program run for around fifteen minutes, watching the giveaway's "Thank you!" page for successful submissions appear briefly before each refresh. So much for "hacker-proof".

------------------

I come back after a little while and notice that something had changed on my little form submitter: the "Thank you!" pages now read "403 Forbidden".

I had submitted at most 300 forms in that time-span. Surely that wasn't enough to take down the website in that time.

I did a little checking and discovered that the website was still online, but the owners had clumsily restricted the main directory, completely destroying the website's layout.

So what have I done? I've broken a scammer website, and I've requested 300 iPads for the President of the United States. That's a good day in my book.

-----------

UPDATE (2/21/10):
Their site's up and seems to have been back up for a while now. However, they have yet to fix the frame issue. Go figure. Also, as you'll note above, I fixed an issue in the ABP code to work around the ABP-blocker.