Posted on
by

WickedI’ve been catching up on last year’s movies. I finally saw Frozen last week, which prompted me to track down the soundtracks to both that movie and Tangled (more about that later), and listening to those prompted me to dig out the cast album for Wicked for the first time in, well, forever.

I was reminded of why I hadn’t listened to it much. Aside from a handful of songs (“Corner of the Sky” and “Colors of the Wind” come to mind immediately), something about Stephen Schwartz’s music just doesn’t stick in my head, and Wicked isn’t an exception. No matter that I like the story, that I like the characters, that I like Idina Menzel and Kristin Chenoweth…the songs just don’t stick. Not even “Defying Gravity,” except for the title refrain.

But remember how I mentioned I was catching up on last year’s movies? I had a disc out from Netflix of Oz: The Great and Powerful, and several episodes of Once Upon a Time on the DVR…the ones introducing the Wicked Witch as the villain for this half of the season. And it was weekend of Emerald City Comicon.

It seemed appropriate to continue catching up.

For the record, so far I much prefer Zelena (OUAT) to Theodora (Oz:TGAP) as far as characterization goes (she has some), though I haven’t seen enough to decide how she stacks up against Elphaba.

Posted on
by

A few nights ago I watched the moon rise. This isn’t actually very common, just because hills and buildings mean that I rarely get a clear view of the horizon, but I had been working late and drove past LAX, which gave me a long flat stretch off to the east.

The weird thing is: it was gray.

I’m used to the moon looking white when it’s up high in the sky, yellow when it’s low, sometimes orange when it’s near the horizon, especially when there’s smoke or smog. A few months ago while the Colby Fire raged in the mountains to the northeast, I reached the top of a hill and had a fantastic view of a deep red moon through the smoke.

But gray? That was a surprise. It looked just like photos of the moon that are taken at the right exposure level to show you details instead of washing everything out. Squished a bit, of course, because it was so low.

As I kept driving, I passed more buildings and lost sight of it. A few minutes later, I caught another glimpse after it had climbed a little higher, and it looked slightly yellowish, just like I’d expect it to at that height.

I don’t know if it was something about how my eyes had adjusted, or if there was something in the haze above Los Angeles or even just nearby that counteracted the normal effect of scattering.

It did, however, remind me that the next full moon will feature a lunar eclipse, visible from our neck of the woods…the first since my son is old enough to (maybe) appreciate it. That should be fun.

Posted on
by

It’s always annoying when someone figures out a way to exploit intentional behavior, especially when it’s a key part of the design.

Sucuri reports on a denial-of-service attack that used thousands of legit WordPress sites to distribute the attack by sending fake pingbacks “from” the target site to all of the reflectors. Those blogs would all contact the targeted site to confirm the pingback and retrieve a title and summary…all at once, overwhelming it and taking it offline.

The quick-and-dirty solution is to remove XML-RPC functionality, but that also breaks certain plugins (like Jetpack) and the ability to connect to your blog using the WordPress mobile apps.

A little background on why Pingbacks work this way:

Waaaay back in the early days of blogging, most bloggers would interact by way of comments. If you wrote a blog post, and I was inspired to write a response, I would then go over to your site and post a comment letting you know about my own post. Two systems were proposed in 2002 to automate this process: pingbacks and trackbacks.

  • Trackbacks sent a complete summary to the remote blog, including the title of your post, the link, and an excerpt (which you could manually craft, or let your software handle).
  • Pingbacks sent a notice — a “ping” — to the remote site with the URL of your post, and then the remote site would retrieve it and extract the title and a summary.

This was also around the time that blog comment spam and spammy blogs were getting to be a big problem. What would happen is a spamming site would send out trackbacks to as many sites as possible claiming that they’d responded to some post, thereby getting backlinks on a zillion blogs and increasing their page rank. Pingbacks had an advantage: Because you were calling back already, your server could check to see whether the other site really had linked to you. It took a long time, but eventually this escalated into spammy blogs creating a temporary post with real links to the pages they pinged, then replacing it with a spam page after a short amount of time.

The problem now is: How do you block abuse of an as-designed behavior? That’s happened before: Back in the early days of the internet, it was considered polite to run your mail server as an open relay and rude to lock it down, but after spammers started massively abusing them, an open relay became a sign of a sysadmin who didn’t know what he was doing.

The comments on the Sucuri article suggest that Akismet, as a collaborative comment-spam filter, might be able to mitigate this type of attack. Wordfence’s collaborative security filter seems like another system well-positioned to detect it. But if that approach fails, pingbacks might just go the way of open relays.

Update March 18: Akismet has released a new version of the anti-spam plugin that mitigates this problem in two ways:

  1. Spam checks on pingbacks are now done before the verification request is sent, so that once an attack is identified, Akismet will prevent blogs from participating.
  2. An X-Pingback-Forwarded-For header is added to the verification request identifying where the pingback actually came from, making WordPress+Akismet a less attractive choice as a reflector by removing the anonymity.

Item #2, IMO, belongs in WordPress itself, not in a plugin, but I imagine this was a way to roll out the feature more quickly, at least to those sites using Akismet.

Update April 8: The X-Pingback-Forwarded-For header has been added to WordPress 3.8.2 and the upcoming 3.9.

Posted on
by

Since speculating idly on replacing roadside and median grass with more drought tolerant landscaping, I’ve started noticing spots around town that have done just that — some of them on my daily commute! An office building here, a mini mall there, an island, or the sidewalk strip in front of a single house. Not a sea change, but a beginning, or at least an experiment.

I’ve also spotted a few more houses that have taken out their lawns in favor of wood chips or rocks and a less-thirsty garden. Maybe it’s the variety, maybe it’s just that the people who’ve put in the effort to convert their lawns have actually, you know, put some effort into it, but they actually look better than a lot of the lawns out there. (As renters, we don’t really have the option of replacing the lawn, but we’re trying to be smarter about our patio and the strip we manage alongside a walkway.)

Spiky shrubs, lavender flowers, agave, and tufts of scrub grass are all common. Some of the roadside strips look like well organized chaparral. Birds of Paradise are common too, but I’m not sure how well they handle low-water conditions.

On the other hand, none of that helps if you keep watering like it’s grass, or use sprinklers that water the street and sidewalk as much as the soil around the plants. Just on my lunchtime walks I’ve found patches of grass where the dirt is always on the verge of becoming mud, and driveways that always seem to have puddles below them. Someone didn’t get the memo.

And then there are the strips of bare dirt that remind me why ground cover of one sort or another is necessary: erosion has left concrete plugs sticking up out of the ground around fence posts, or brick walls leaning out toward the street.

I suppose you could go the route I saw along one street: fill the island with concrete and paint it green. But that’s not only uglier than dirt (literally), it has the critical disadvantage that when it does rain, the water doesn’t even have a chance to sink in. And we desperately need to convert that rain to groundwater instead of flushing it all out to sea.

Landscaping

Posted on
by

I was reading up on wearable computing today, and with the SDCC badge presale looming, I found myself wondering whether a smart watch would be useful for Comic-Con.  (No plans to actually buy one, I’m just thinking.) I don’t normally wear a watch these days, but it does get annoying to have to reach into my pocket when I want to check the time. For this reason, I make a point to wear a watch at conventions so that I can see the time at a glance and avoid missing events or meetup times.

So, keeping in mind that the current generation of smart watches (Pebble, Galaxy Gear, etc.) mostly pair up with a phone to do the heavy lifting…what might a smartwatch do better for a con than a phone (or a regular watch)?

1. Messages. Between the noise and the walking, it’s already too easy to miss calls or even texts when you’re out on the floor of the convention. It’s easier to notice a buzz on your wrist than a buzz in your pocket, and less intrusive to glance at your wrist to see if it’s something urgent when you’re interacting with people in the real world. You can also tell instantly when you’re crowd-weaving to meet someone whether that text they just sent is “I’m here,” “Running late,” or “Change of plans, meet me at Hall G lobby.”

2. Schedule reminders. Put the event, time, and room number on the screen. How to make it more awesome: pull down the floorplan and use your location to calculate how long it’ll take to get there, and notify you far enough ahead of time that you can make it, Google Now-style. This is more useful for smaller conventions or at least smaller panels at SDCC, since the big ones require you to line up way ahead of time anyway.

3. Wi-Fi hotspot detector. Even if the watch doesn’t support wi-fi, your phone does, and it can ping the watch to let you know.

4. Breaking news alerts. Ironically, I feel like I miss more news when I’m at Comic-Con than when I’m following along from home. This would have to be very well filtered in order to be useful without pulling you out of actually experiencing the convention.

A step counter would be interesting, but I can probably find an app for my phone.

I doubt I’d use a wrist-mounted camera like the one on Samsung’s Galaxy Gear much. Google Glass would be more practical for the blink-and-you’ll miss-it moments, and if you have time to compose a shot, you have time to pull out a phone or dedicated camera. OTOH, a wrist camera is probably a little less creepy than Glass. (On the gripping hand, maybe not.)

Of course the absolute best use of a smartphone at Comic-Con:

5. Get one that can actually handle calls, and wear it with a Dick Tracy costume.

What uses can you think of?

Posted on
by

The city of Los Angeles recently finished replacing all of its streetlights with high-efficiency LED lights. They use less power, last longer, and require less maintenance than even the sodium vapor lights — an all-around win. They also cast a slightly bluish light, eliminating the amber look of sodium. But my first thought was that with all that work, they could have taken the opportunity to combat light pollution. The night sky doesn’t seem any darker than it did when we moved up to this area.

Then I took a good look at these LED street lights near work. The new fixtures actually do aim all the light downward, shielding upward leakage. They’re plenty bright from the ground, but from a few stories up, I couldn’t tell which lights were on without looking below them to see whether there was a pool of light on the ground.

So if the streetlights really are leaking less light into the sky, why is it still so hard to see stars to the north? Seriously, I can see Orion clearly most nights, but the Big Dipper is practically impossible to pick out.

  • It was a city project, not a county one. There are plenty of other cities in the area that either haven’t been converting their lights, or have only converted a few.
  • They didn’t actually convert all the streetlights in town, just the standard, boring ones (141,089 of them). Phase 2 is converting decorative street lights.
  • There are lots of other lamps that leak light upward: Parking lots, building lights, private roads. LAX is to the north, and there’s a reason for the phrase “lit up light a landing strip.” There’s also a park nearby with a baseball field; those lights drown out quite a bit when they’re on.
  • The ongoing drought has caused smog levels to climb, making the skies hazier.

Rain lit up by a car headlight.Speaking of the drought, I found myself wondering: How much water would we save if the city did a similar project to replace all the grass along street medians, parking lot boundaries, etc. with drought tolerant native plants? A home lawn at least has a potential use as a gathering place, or a play area. But a little strip of lawn six feet across? What’s the point?

And what do they do with medians out in the high desert, anyway? I remember driving out to Joshua Tree once and noticing in one of the towns along the way that all the houses were built on a standard suburban lot plan with space for a lawn, but that they used it for rock gardens, or native plants, or just left it empty. But I can’t remember what they put along the sides and middles of city streets.

And that gets me to the other article: It was a summary of a study on the vulnerability to climate change in various parts of the region. Most of LA will handle a rise in sea level fine, except for the beaches, Marina del Rey, and San Pedro…but depending on how the climate changes, most of LA would be vulnerable to severe flooding.

In any given decade in California, you can expect at least one drought and at least one winter of heavy rains and flooding. And sometimes those floods can be spectacular. A flash flood in 1825 changed the course of the Los Angeles River (it used to flow into what’s now Marina del Rey). And then there’s the Great Flood of 1862, which covered huge swathes of California and Oregon with water, including all the lowlands of what are now Los Angeles and and Orange County.

So in addition to planning for drought, the region also plans for the occasional flood — unfortunately, by trying to channel all that water out of the way as quickly as possible, because, as the study pointed out, more than 80% of the ground in the area is covered with impermeable surfaces — you know, asphalt, concrete, buildings, etc.

They do have spreading ponds to replenish groundwater from at least part of the storm drain system, but a lot of that water just goes straight into the ocean, and in heavy rains, the ponds get overwhelmed anyway.

It just seems like there ought to be a better way to capture the rain we do get.