You are here

Aaron's blog

Google Reader Keyboard Shortcuts

I use google reader in an effort to more efficiently waste time every day. It's quite handy for RSS/news reading.

Every once in a while they change a feature here or there.. sometimes for the better, sometimes for the worse. The other day Scotty and I noticed that f5 no longer refreshed google reader.. instead it brought up a tagging box... and I noticed that If I hit f6, it'd make the left pane with the subscription list hide or show itself.

IE's CSS does letter-spacing stupidly

I know most of my readers (all 2 of you) will probably stare blankly at me over this topic, (I guess this is mostly for the search engines) but IE continues to piss me off, and I need to tell SOMEONE.

Today's problem is IE7's math, and their implementation of kerning. (having wiki'd that, I see I may be talking about tracking, but who cares.)

In css, you use a parameter called letter-spacing to change kerning on things. As with all other css, you can specify the units you want to use as pixels, points, percentages, or em. (there are others.)

An em is essentially the width of a standard 'M' character in your font of choice. For IE's mathematical purposes, it's a percentage of the font size you specified elsewhere.

So if I have a font-size: 12px; for my entire document. I can make my headers: font-size: 1.5em; and they will be displayed 150% of 12px. (18px)

So.. an example.

i'm letter-spacing of 1 em

if you're using any recent browser, that should look all spready...

Now.. I rarely need massive letter spacing like that... (though it does come up.) More often than not, I get handed a nice layout from a pro graphic designer that has text in it that is crammed together, ever so slightly, but it really does change the look of certain things.

in IE.. the best you can do for 'ever so slightly' is this:

i'm letter-spacing of -0.05 em... the quick brown fox.. yadda yadda
i'm letter-spacing of -0.00 em... the quick brown fox.. yadda yadda

that's not so bad in trebuchet or whatever the hell i'm using here, but in an italic serif font, it looks pretty tight. Now, IE can take any unit ABOVE .05.. (or 5%).. which.. in negative kerning terms.. isn't too useful.. but I sleep well at night knowing that I can always choose to do something like:

DRM Free Itunes Tracks contain water marking. Not a bad idea.

The EFF is digging into what hidden data is contained in the new DRM free tracks in Itunes

At the very least, it appears that your name is attached to each file.

This seems like a fine idea. People can do whatever the hell they want with their music, but if they share it widely, Apple and others know who to sue. (I'm not sure how the tech will actually shake out.. like all other methods, stripping this info out of the file for someone who's suitably determined would be a trivial act.)

vista rant #1

You no longer seem to have direct access to 'c:\Documents and Settings' it appears to be in multiple places all over the system (as symbolic links) and none of them will give you the ability to browse their files. All I ever get is 'access denied'. I hack program files in there all the freaking time.. in this case, I want to put a heavily modified copy of my mouse configuration's xml file on the new box, so it matches my laptop. That ability seems to have been taken away from me in the interest of security. Fuck security.. I was reasonably secure before..

Arduino Time Lapse Photography IV

Not much to say here, this is the final result of my latest attempt. Took about 20 days or so. I've still got the camera in place, and I'm going to leave it shooting until that bloom falls off.

Arduino Time Lapse Photography III

The results are in! (well, offloaded from the camera anyway.) This one turned out much better. Much more consistent.

there's a bit of an unfortunate shift at the end where the bloom we really want to see gets a bit cut off, but the movement is really cool!

Arduino Time Lapse Photography II

Partial results are in! They more or less suck.. ; )

I initially set this system up and had it shoot in our living room, on a wobbley tv tray with no flash. (I figured my wife wouldn't be happy about a clamped down monstrosity and a flash going off in the dark every 30 minutes.. turns out, she's fine with it!)

Arduino Time Lapse Photography

I've been building this thing for quite some time. For the last 2 nights or so, I spent some time finishing up version 1. It is now functional. (and has taken 23 or so pictures of my desk plant in the last couple hours)

Photos of the rig (with notes pointing out the parts) can be found here:

What happens on the internet.. stays on the internet.

A 27 year old teaching student was denied her teaching certificate
because they saw her 'drunken pirate' picture on her myspace page and deemed it 'unprofessional'.

Cross Site Scripting Response

I listen regularly to security now, and there has been a lot of talk lately about cross site scripting vulnerabilities on blogs and websites.

For a more detailed writeup of what cross site scripting is than I could ever produce, check out trusty wikipedia.

Aaron's really basic overview

For a really basic overview, here it is. Basically, in html documents (such as this one) you can put client side code (javascript, generally but it can be many flavors) anywhere on the page.

You can completely mix content and code however you want.

Now, years ago, when the web was young, and pretty much a 1 to many broadcast medium. (I post content, you look at content, nothing more) this was not a problem. The only way you could make my server spit out content was to get my ftp credentials.

The problem comes when you accept content from users.. which is all the rage with the young kids ever since... 1995? ; )

So, I have a guest book on my site. If that content is not properly checked, a you could include a line of code that would kick all users that hit that web page to a porn site... or cover it in platypuses. Worse still, you could include a line of code that would have javascript send you a copy of all the user's session cookies.. which would allow you to pose as them on the website.

Not a big deal for your average blog.. but banking? You get the idea.

Solution: uh.. browser manufacturers?.. w3c? turn that stupid crap off!

With current html standards and practices.. there is absolutely zero need for tag attributes that execute code such as 'onclick' 'onmouseover' etc. There is also absolutely zero reason a <script> tag should ever be found mixed in with content. Most useage of both at this point is due to either backward compatibility with really old browsers, or sheer laziness.


Subscribe to RSS - Aaron's blog