/wp

waving android

I am currently a software engineer at Google, where as a member of the Android platform team I build frameworks and user interfaces.

The blog here at is mostly historical; you can find more recent posts on .

Archive for February, 2005

YURL, PetNames, etc.

February 8th, 2005

Phishing is an attack upon the user’s mind. The attacks exploit human frailties in recognizing trusted entities and confusion in the user’s mind about what trust applies to a particular entity. Defending against phishing attacks requires defending the user’s mind by bolstering the user’s ability to identify and track his trust relationships.

In response to the IDN sploit: YURLs and PetNames. Short version: Assign a name of your own choosing to the hash of the pubkey of a trusted resource. (Now how do you establish that trust relationship in the first place? That part’s always tricky—any trust system is elegant if you already know whom you trust.)

Update: The CapTalk mailing list has been abuzz about this problem. (start here; February archives)

Comments Off on YURL, PetNames, etc.

IDN considered harmful.

February 7th, 2005

[2:39] <dsandler> So, I don’t know how to respond to this: http://www.shmoo.com/idn/

[2:40] <dsandler> (the hack: using the Cyrillic ‘a’, which looks exactly like the Roman ‘a’, as the second letter in “paypal.com”)

[2:40] <dsandler> phished!

[2:41] <dsandler> So, what’s the answer here?  Eliminate PunyCode encoding of so-called “international domain names”?  Seems draconian.  What you’d really want to do is come up with some way to trust a website above and beyond the orthographic appearance of its domain.

Comments Off on IDN considered harmful.

Adam Cadre on Videophones.

February 7th, 2005

“It is no wonder that Kids These Days™ use IM to ask each other out — she can’t hear you stammer when you pop the question and when she turns you down she can’t hear you cry.”

Comments Off on Adam Cadre on Videophones.

To A Theater Near You, In The Night, Is When He Comes, As It Turns Out

February 6th, 2005

Those of us watching the Super Bowl for the most exciting movie trailer were looking in the wrong place. Coming soon from Videlectrix Films: Peasant’s Quest: The Motion Picture! (Another soon-to-be-hugely successful film adaptation of a video game.)

Comments Off on To A Theater Near You, In The Night, Is When He Comes, As It Turns Out

Starbucks Double Shot.

February 6th, 2005

Someone’s taken it upon himself to photograph the double-Starbucks in River Oaks, on West Gray at Shepherd. (Non-Houstonites: the original location is mirrored across Gray by a drive-thru location.)

[Seen on delicious links tagged “houston”]

Comments Off on Starbucks Double Shot.

ePOST 2.1.3

February 5th, 2005


ePOST 2.1.3 is out, fixing bugs. [x-ref: ePOST: peer-to-peer email.]

Comments Off on ePOST 2.1.3

Jeevelines

February 5th, 2005

Wow, search engine also-ran Ask Jeeves is suddenly relevant again, now that it’s buying Bloglines.

Aside: By grepping dsandler.org for bloglines you can see how my affection for Mark Fletcher’s brainchild has waxed and waned over the last year.

Read the rest of this entry »

Comments Off on Jeevelines
newer: older: