A good friend sent me a link to a wonderful article called Am I Ugly – the harrowing article discussed a new social media trend, namely young girls who go to Youtube and post videos asking whether they are pretty or ugly. To see this in action, head over to Youtube and search “Am I Ugly”. If you don’t want to take the time to search Youtube, do yourself a favour and watch this video.

Before you dismiss this as another teen girl social media trend (remember the moronic haul videos?), consider the introduction to this video:

“Hey guys, umm, I just wanted to make a random video, oh yeah this is a koala hat, um, yeah I just wanted to make a random video to see if I’m like ugly or not because a lot of people call me ugly and I think I am ugly. I think I’m ugly and fat.”
(keep reading…)

I accidentally said something on Twitter today that I think has caused some confusion. I wrote, “While you could technically acquire customers via social media, the acquisition cost is astronomically high…” When I wrote that, I was thinking of the following scenario:”

Imagine that you work within a reasonably new company that builds a consumer good. You believe that this consumer good fills a legitimate need, so you know that your next task is to get out there and let potential customers know that it exists. So, what do you do? Do you start buying traditional advertisements? What about PR – should you blanket the world with press releases? Or what about that newfangled social media? Should you start up a Twitter account/Facebook page/etc and try to build a following through social channels?

(keep reading…)

Time for an obligatory ‘predictions’ blog post – I polished off my crystal ball, started a sketchy 900 number (Mister Greg’s Psychic Line), and am here with my first set of predictions. Have a great year everyone!

(keep reading…)

A few years ago, a friend and I started something called The Regina Streets Magazine. We are no longer publishing that magazine, but we learned a huge amount in the process of publishing it. So, we have decided to rebuild reginastreets.ca, this time with a collection of all the stuff we learned. We hope this will be useful to anyone out there who is interested in publishing their own street magazine!

Forgive me for writing something so dorky, but I noticed this and had to post. This page can be reached via hluska.ca/?p=404 and, being a geek, ’404′ has special meaning to me. So, I guess that you just found a page that couldn’t be found…errrr, or something like that.
Since this is my error code page, I thought it would be fun if I gave you a bit of an update (so as to explain my serious lack of activity). My new gig is going extraordinarily well – I just finished my first newsletter and am loving every single moment of it. In a personal note, the publishing bug hit me hard and I’m starting another magazine, plus (possibly) another publication about indie music in Regina. I’ll keep you updated…

I have some excellent news. Mark Maunder (who originally reported the zero day in timthumb.php) forked timthumb.php into a new, more secure (and more functional) solution called WordThumb. I read over the source code and it is much better designed than the original. Excellent work!

Perhaps something positive will come out of this episode. First off, I hope that Ben Gillbanks (who maintains timthumb.php) learned a few lessons about secure programming. Second, I hope that the rest of the online community learned proper zero day procedures. While I give Mr. Maunder all due respect for releasing a much better version of this utility, I really wish he had written this version, then announced the vulnerability.

Yesterday evening, I read an article and had one of those truly classic ‘facepalm’ moments. Someone named Mark Maunder, who runs a Seattle based company called Feedjit decided to write an article detailing a zero day vulnerability in a very popular WordPress utility called timthumb.php. This particular script is bundled in many free/commercial WordPress themes, so this is a very dangerous exploit.

Timthumb.php has some pretty serious problems which make me question why it was released in the first place. The script has this cute little $allowedSites array which lets users remotely load files from domains like flickr.com, or picasa.com. Not really a bad idea, except the developer decided to use strpos to see if that string appears anywhere in the domain. This means that if you are malicious, you can set up something like http://flickr.com.criminals.com/attack.php and timthumb will fetch the file for you and put it in your cache directory ready to be executed. From a design point of view, this is about as bad a mistake as a developer can make.

As I see it, nobody in this sad affair can go without blame and frankly, I am pissed.

(keep reading…)

I am rather averse to promoting myself and prefer to spend my days promoting others. However, I was quite touched by the response this article got and wanted to drawn some attention to it (and the blog it was published on). My friend Darren helped start a project called “Then Life Happens“. The only way I can describe the project (and do it justice) is to say that it is exactly what I want to accomplish with End Magazine – it is a collection of positive, uplifting ideas that cannot help but make you feel a little more human.

A number of weeks ago, I read an article on Then Life Happens that shook me to my core. Years of fighting for the homeless had left me feeling…blah. There had been too many fights, too many hurt feelings, and too many problems, so I stopped writing about my friends. But, this particular article revved me up and literally forced me to write a guest post. That guest post was released last Tuesday and, I figure it is time to link to it.

Two surprises came out of writing this article. First, I am surprised by the fact that I am rejuvenated – writing that article was strangely cathartic and…I feel the urge to jump back into activism in a particularly wild and crazy way. Second, I was surprised to realize that Canadian Dimension magazine may be right and I could actually be a progressive thinker. I have always thought that everyone sees the good in everyone, but based on feedback I have received, that trait possibly makes me a progressive libertarian!

Thanks a million, Darren. Being published on TLH was an incredible honour!

Time for something a little new on this blog. I’ve noticed that lots of writers I respect have a weekly roundup of interesting articles from around the web. Rather than truly innovate, I’m going to steal a page from them and start doing my own roundups. Here are some of my favourite articles from the last week:

First off, on July 28, antivirus maker Avast released an interesting article on the state of rootkit infections. Their findings really shouldn’t be much of a surprise – pirated versions of Windows XP are a major attack vector for rootkit infections. This simple (and fairly obvious) fact leaves me wondering something very important – why don’t the people who use pirated versions of Windows XP switch to a modern (free and more secure) operating system like Ubuntu?

I have been closely following the Airbnb saga for the past week. It began when a relatively old article reached the front page of Hacker News, continued through some awkward TechCrunch coverage, and culminated in a little blowup between Paul Graham and Michael Arrington. I am a huge fan of both Mr. Graham and Mr. Arrington, so reading them spar was difficult, yet utterly fascinating. Then, another similar case came forward and finally, Airbnb did the right thing. Founders – this whole episode is a wonderful learning experience!

Chris Dixon (the co-founder of Hunch/Founder Collective) released a really wonderful article called “The downside of accelerated investment decisions“. From an entrepreneur’s perspective, getting a quick term sheet from an investor sounds like a dream, but Dixon shows how going too fast is bad for both parties. I admire any person who can take my beliefs, urinate on them, and leave me feeling a whole lot smarter for the process.

Finally, my favourite webcomic released an incredibly poignant strip about cancer. Randall Munroe’s (the author of XKCD) fiance was diagnosed with breast cancer last year. My family has been ravaged by cancer and, frankly, this strip is the first time that I have ever read anything that has made any sense. Mr. Munroe nailed what it is like seeing people you love suffer with that vile disease, and for that, I thank him.

I had a conversation with one of the smartest developers I know yesterday over Twitter. She was looking for a tool that she could use to detect HTML5 features, only she wanted to detect these features server side, using PHP. A few months ago, I tried to build a Python library that would provide that service, however I ran into many problems. Eventually, I realized that the only reliable way to poll for available HTML5 features is to sniff out user agents.

The user agent approach to HTML5 feature detection is fraught with problems. But the biggest one was code quality and maintainability. Feature detection via user agent ultimately revolves around a whole lot of ‘if’ statements – if you use Chrome, these features are available; if you use Internet Explorer 9, these features are available and on and on. The problem with that is that HTML5 is a moving target – to keep that library maintained, I would need a team of people constantly monitoring changes in browsers and the degree of support that they provide.

This experience scared me off of HTML5 and, while I continue to work with it to make sure that my skills stay current, I refuse to use it on a production site. As I see it, working with HTML5 is the equivalent of going back in time to the days before Microsoft introduced the DOCTYPE declaration and trying to build a site. At that point, you literally had next to no way of controlling how your page would render on various browsers, so every page you built had to contain a litany of HTML hacks. Pre-doctype page source was ugly and difficult to maintain.

(keep reading…)