É única palavra que tenho para descrever minha reação ao descobrir que o MercadoLivre, supostamente o maior site de comércio eletrônico do Brasil não usa SSL para login (figura 1). A atitude padrão deles é dizer que a alterção dos dados pessoais e efetivação de compras só pode ser realizada por SSL, estando o cliente portanto protegido. Isso é verdade, pero no mucho. Um atacante bem disposto (ou simplesmente capaz) irá atacar o ponto fraco do sistema, que é a passagem de senha de no login sem criptografia. Ora, quem tem nome usuário, senha e o mínimo de malícia, há de fazer estrago rapidamente.

Figura 1: o MerdacoLivre NÃO USA SSL por default para login dos seus usuários

Mas tudo bem, dizem os conformistas: “digitai https na tua barra de endereço e tereis uma conexão segura”. Pena que o certificado expirado (Figura 2) deles não vale nem o trabalho dos pobres electróns movimentados para sua transmissão. Na verdade, eles têm um certificado válido… para o super confiável domínio www.mercadolibre.com (la garantia soy jo!)

Figura 2: o certificado de mercadolivre.com.br está expirado

E claro, o certificado expirado não seria exatamente um problema; idealmente, certificados poderiam ser verificados manualmente, checando-se a fingerprint por algum outro meio de comunicação (e.g. telefone ou pessoalmente). Infelizmente, o MerdacoLivre não informa endereço, e-mail ou telefone para contatos; tudo que oferece é uma porca página de troubleshooting. Comunicar-se diretamente com o atendimento deles é bem difícil.

Bom, há quem diga que os riscos em questão valem a pena por ser possível encontrar bons preços no mercado livre. Eu achava isso até conhecer o www.dealextreme.com que, pasmem, entrega no Brasil sem cobrar frete!

Caiu o estádio, morreram 8 pessoas?
Vamos demolir o estádio!

Menina de 15 anos é presa numa cela com 20 homens por um mês?
Vamos demolir a cadeia!

Pra fechar todas, só falta um escândalo no Congresso…

I just received word of a really cool web-2.0ish tool. It is called walkietalkie. It allows you to easily open full-duplex push-to-talk voice chat rooms. To create a new room or join an existing one, just point your favorite browser to http://www.yackpack.com/walkietalkie/?room, where room is the name of the room. Then you can just paste that URL to your friends and start yapping. You can also add a gadget to your home page pointing to the room, allowing people to talk on your channel directly from your home-page or blog. Snappy.

It is totally based on Flash and, therefore, requires no installation (other than the you-already-have-it Flash plugin). You must, however, “allow” your Flash plugin to capture stuff from your microphone when it asks to. This is a security measure provided by the Flash plugin itself, as means to protect people from being eavesdropped inadvertently when they visit some evil page.

Of course, it is a free and beta software (read limited and buggy). Additions like text chat or presence list would make it really more useful.

credit: Bruna, via NDI.

1. Pegar um livro próximo;
2. Abra-o na página 161;
3. Procurar a 5ª frase, completa;
4. Postar essa frase em seu blog;
5. Não escolher a melhor frase nem o melhor livro.

You can allow users to connect from as broad or narrow a set of host as you prefer.

–Kerry Cox & Christopher Gerg, Snort and IDS Tools

• … post a that draft I was working on two months ago
• … retake the “string theory” thingie (heroes is getting interesting again)
• … do something I should’ve done months ago

But, right now, I gotta finish this bloody internal report.

Weird… the tag “pizza” could fit in this post…

Então senta o dedo nessa porra.

Não viu o filme ainda? Veja logo. Veja de novo. E depois veja no cinema porque tem cinco minutos a mais que o que ‘tá rolando na rede.

I will no longer use MSN messenger services. Reasons:

• Does not work properly with my client of choice (pidgin on linux). I can login, logout, change my nick, but I can’t CHAT! And it is not pidgin’s fault. It fails intermitently, so it must be their service;
• Does not work properly even with Microsoft’s own client on Windows. File transfer are a mess, voice chat is sub-par;
• The official client sucks badly;
• Most of my contacts there are happy gmail users who, in turn, have access to GoogleTalk;
• MSN has no further “killer” feature keeping me there.

Therefore, I will move to GoogleTalk jabber-based services, which has an excellent support in alternative platforms (as it is based on an open protocol), has a amazingly good official client and it is accessible for anyone with their web interface.

So, if you feel like talking to me, please use the aforementioned service. My contact is the same e-mail as it was in MSN.

I strongly advise everyone to do the same. Thanks for your attention.

Sala de Redação, dia 25 de Maio de 2007. Paulo Santana, finalmente falando alguma coisa que faça sentido:

“A coligay é o único caso de gays que se regeneraram…hoje são machos, usam bombacha e estão todos incorporados à geral”

Duvidam? Ouçam então!

Credit where it is due: Thread original no orkut

As promised, I am posting the new version of the Heroes’ String Theory graph, now considering events showed in the latest episode (1×20 - Five Years Gone). It took me hell to make it, because lots of things must be considered now:

• Candace’s power (illusion) is helping some characters fake reality in unexpected ways
• Future Hiro is not aware of these illusions, and maybe passing incorrect information to Young Hiro
• Future Mohinder somehow remembers the Subway encounter.

Thus, this graph has some new conventions, separating what really happened (ie. what WE know as truth) and what Future Hiro and Young hero saw. Some stuff still remain as conjectures. If Candace was alive after the explosion, it means Sylar (and not a Candace-induced illusion) was stabbed by Hiro, so how could he regenerate? The only reasonable explanation I have is Linderman, but I don’t see WHY he would do that, no matter how evil he could possibly be.

I may be totally wrong, but whatever. Here is the graph. DISCLAIMER: There be dragons. As usual, if you feel like something is terribly wrong, if you can suggest better layouts or conventions, use the comment box below.

Some generic smart-assery about this feat(?):

(08:15:27 PM) Prometheus: dude this has to be the nerdiest thing I've ever seen :-)
(08:15:38 PM) mobus: hehehehehe
(08:16:19 PM) Prometheus: who else would ever think of making a flow diagram of Heroes :-)
(08:16:33 PM) Prometheus: try making one for Lost and I will applaud you!
(08:17:15 PM) mobus: good idea :) the problem will be the flashbacks, but it's doable
(08:19:38 PM) Prometheus: make them in a nice colour, like pink
(08:19:46 PM) Prometheus: and cloud shaped :-)
(08:20:00 PM) mobus: the idea is to be nerdy, not gay
(08:20:39 PM) Prometheus: the result is the same you don't get to sleep with women
(08:20:44 PM) Prometheus: :-D
(08:21:01 PM) mobus: point

Unless you have been living under a rock since last September and assuming you are neither Dale Smither nor Matt Parkman, you surely heard about this NBC sci-fi series called Heroes. Great production, deep characters, abundance of resources (series, comics, blogs) and intriguing plot.

Maybe calling the plot intriguing does not do justice to its complexity. Hiro’s time-traveling ability adds an unusual twist in causality relations aboard Heroes universe. Many fans debate over which time-travel model should be considered when resolving the events and no model so far seems to be free of issues. However, in the wake of the latest issue of the Heroes’ Graphic Novels (comics that explain parallel arcs), it seems that Hiro has devised a “String Theory” model, representing distinct events with pictures, drawings, and news, chained by strings according to their causality relations. The result is big web (nerd-speak: graph) where Future Hiro tries to find a way to fix past events in order to save the world from a terrible catastrophe.

This is where I come in: I love playing with graphs. My first experience with them came after stumbling upon attrition’s sexchart, a diagram showing sexual relationships between IRCers that has grown to over 2000 people. I started assembling a version of it for the now-deceased IRC server I accessed in the glorious IRC days. Some friends, acting as informants, helped me and it quickly grew up to over 180 people. Maintaining it took me countless (nonetheless fun) nights rearranging the graph.

Back on topic, I realized that Heroes’ Hiro String Theory is a good case for collaborative graphing, so I’m releasing the first version of the graph, which details the most important events and conjectures after considering the nineteenth episode of the first season (%.07). Of course, it is by no means complete nor accurate, but this is where YOU readers come in: send your suggestions, corrections, flames, praises, money, cries of terror through my comment box below and we shall build a kick-ass String Theory graph.

Please be gentle with my bandwidth: if possible, mirror it at will. If you’re willing to mirror, please keep attribution (a link would be extra-cool!), license and non-commercial status (as per Creative Commons by-nc-sa license).

Before someone asks: No, I will not release my version of sexchart for, erm, my personal safety. Not for now, at least. Maybe in the future I’ll release an abridged version but, meanwhile, you will only be entitled to see it if you are part of it (which is the catch-22: how could possibly you know you’re inside without seeing it?).