Indistinguishable from Jesse

Aamuli writes:

Yes, yes, I gladly admit that this idea is stolen from Pornzilla project which claims that "Firefox is the best porn browser". I beg to differ so I present to you: Opera - Naked Joy of Surfing!

• 267209 - Halloween nightly disk images are ghosts of their former selves.
• 267445 - More options to Windows Users - Firefox with IE control.
• 107162 - Release Pornzilla 1.0.
• 266199 - Figure out RV for Firefox 1.0 release.
• 132534 comment 12 - "The dreaded cyndilauper bug"
• 255245 comment 2 - "This got to be the fastest bug fix on a module I've ever seen."
• 96232 comment 30 - "Patch: Added some kung fu death grips."

A presidential candidate could be elected with as a little as 21.8% of the popular vote by getting just over 50% of the votes in DC and each of 39 small states. This is true even when everyone votes and there are only two candidates. In other words, a candidate could lose with 78.2% of the popular vote by getting just under 50% in small states and 100% in large states.

The optimal set of states to take (the one that lets a candidate win with the smallest popular vote) is not the N states with the smallest population. It's also not the N states with the smallest value for (population/electors), which would be optimal if you could get exactly 270 electoral votes that way.

The optimal solution happens to get exactly 270 electoral votes. In this solution, the winner takes DC, the 37 smallest states, the 39th smallest state, and the 40th smallest state. (The winner takes Alabama, Alaska, Arizona, Arkansas, Colorado, Connecticut, Delaware, DC, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire, New Mexico, North Carolina, North Dakota, Oklahoma, Oregon, Rhode Island, South Carolina, South Dakota, Tennessee, Utah, Vermont, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.)

Read on for my assumptions and algorithm.

• 66984 - Need name for new image library (rename libpr0n).
• 108816 - World War III: "What should Backspace do (or not)".
• 259207 - Mozilla firefox needs a title song.
• 261354 - RSS button looks like it says "ASS".
• 262173 - Firefox Icon Problem - new firefox icon appears to be giant red panda that is humping south america.
• 266457 - Inappropriate content in the Firefox Crew's Pick list (default bookmarks).
• 34669 comment 11 - "Fixing summary to not end with 'loads of ass' when truncated at 60 chars."

Thanks to Peter van der Woude for telling me about several of these bugs.

Part 1

Google Desktop Search is useful enough for me to keep it installed, but I wouldn't say that it works well.

Functionality

• The file I'm looking for is often missing from Google Desktop Search's index. Even the filename is missing. I can't tell if it decided to skip the file because of its extension, contents, location, or changed-on date. Sometimes touching the file gets it indexed, but sometimes it doesn't.
• It "caches" old versions of files often enough to take up disk space unnecessarily, but not often enough that I can rely on it for a revision history when I break something.
• Since Google Desktop Search is slower than www.google.com, leaving "Show Desktop Search results on Google Web Search result pages" checked makes it slow down web searches.
• It gets much slower if I add num=100 to the URLs. A search with num=100 usually takes 3 seconds. This would be ok if it streamed the results, but I just don't see anything for 3 seconds. (There's no UI for adding num=100, so it's not really fair to complain.)

Security

• "Show Desktop Search results on Google Web Search result pages", which is checked by default, elevates any XSS hole in www.google.com to a read-my-files hole.
• Google Desktop Search uses an interesting scheme to mitigate XSS and CSRF holes: it includes a hash in every URL, even the root. The hash includes the path and sometimes includes the query parameters. If the hash is missing or doesn't match, it returns "Invalid Request".
• Clicking a link to an .exe file in search results runs it without any warning.
• The web site doesn't mention the current version number. The program doesn't have a "Check for upgrades" link, and if checks automatically, it makes no indication of that fact.
• Any web page can detect whether you have Google Desktop Search running by loading an image (or perhaps any URL) from http://127.0.0.1:4664/.
• The index is stored in a predictable location. "File upload holes", which let sites read your files if they know the filenames, are common in web browsers. File upload holes that require no user interaction are usually fixed quickly. But file upload holes that do require user interaction are not always fixed quickly. Two file upload holes requiring user interaction that I reported in 2000 are still present in IE and Firefox.

My bookmarklets have appeared in print media several times:

• PC Magazine, Fall 2004 Digital Home issue: Security Watch: Revealing Passwords mentions my view passwords bookmarklet.

  KMGI focuses on Microsoft products, but we also found a bookmarklet (a piece of JavaScript you save as a browser bookmark) that's more brand-agnostic -- and free. It's called "view passwords" and is available at www.squarefree.com . "View passwords" exposes saved password text in IE, Firefox, Mozilla, and Netscape. The script also reveals hidden text in Opera, but the way that browser executes saved passwords -- by filling in the user name and password, then activating the Submit button -- prevents the bookmarklet from working, except on a very slow page load.

• O'Reilly's Google: The Missing Manual (May 2004) devotes almost two pages to my search and seo bookmarklets.
• PC Magazine (February 2004): Bookmarklets Boost Web Surfing.
• Heise c't (November 2003) has a screenshot of the result of using the "number rows" bookmarklet, if I'm remembering correctly.
• New York Times (August 21, 2003): Fishing for Information? Try Better Bait had a paragraph about the @alltheweb bookmarklet.

I have print copies of all of these except the Feb 2004 PC Magazine article. O'Reilly shipped me a free copy of Google: The Missing Manual, Matti sent me a copy of the issue of Heise magazine from Germany, and I bought the others at bookstores.

The Mozilla Foundation plans to run a full-page Firefox ad in The New York Times soon after the launch of Firefox 1.0. Spread Firefox is asking for donations to fund the ad and expenses related to the 1.0 launch.

All donors' names will be included in the ad. In addition to creating an incentive to donate, this strengthens the ad by showing that it was paid for by a large community rather than a corporation. (Why don't more political and non-profit ads do the same thing?)

I donated today. If ten readers donate through my donation link, I will be listed as a Community Champion instead of just a donor.

What new Firefox extensions would you like to see?