By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: May 29, 2017

Monday, 29 May 2017

Cooperstown Celebrates 25th Anniversary of ‘Homer at the Bat’ ★

Joe Posnanski, in his column for MLB.com:

“It is with great humility I enter the Hall of Fame,” Simpson said in his recorded acceptance speech. “And it’s about damn time. I’m fatter than Babe Ruth, balder than Ty Cobb and have one more finger than Mordecai ‘Three Finger’ Brown.”

The thing about “Homer at the Bat” that endures is the obvious love for baseball that fills the episode. Yes, of course, there are classic Simpsons bits in it, such as Boggs and Barney having a violent barroom argument over the greatest British Prime Minister (Lord Palmerston! Pitt the Elder!), Jose Canseco continuously running into a burning home to save a woman’s furniture, Roger Clemens clucking like a chicken, Bart and Lisa arguing about who gets to bring Homer a beer after he crushes a game-winning homer (“Kids, kids, you can BOTH bring me a beer”).

“Mattingly, get rid of those sideburns!”

“What sideburns?”

“You heard me, hippie.”

Castro 2.4 With Enhanced Audio ★

Speaking of Castro, the latest version adds a much-requested feature:

Enhanced Audio improves the listening experience for many podcasts and makes it easier to hear in loud environments. Under the hood, Enhanced Audio applies a dynamic compressor and a peak limiter to increase volume just where it’s needed.

Enhanced Audio helps when playing a show where voices are at different levels and makes it much easier to listen to podcasts in a car, on public transit, or in a busy noisy place.

These smart speed and equalizer features are becoming table stakes for a podcast player today.

Breaker Adds Support for JSON Feed ★

Erik Michaels-Ober:

The decentralized structure of podcasts creates a chicken-and-egg problem for JSON Feed to gain adoption. There’s no incentive for podcasters to publish in JSON Feed as long as podcast players don’t support it. And there’s no incentive for podcast players to support JSON Feed as long as podcasters don’t publish in that format.

Breaker is hoping to break that stalemate by adding support for JSON Feed in our latest release. As far as we know, Breaker is the first podcast player to do so. Unlike other features that differentiate Breaker, we encourage our competitors to follow our lead in this area. The sooner all podcast players support JSON Feed, the better positioned the entire podcast ecosystem will be for the decades to come.

Three years ago I wrote that podcast players had replaced Twitter clients as the leading UI playground — the space where there’s a lot of competition and new ideas being tried out. I still think that’s true. Overcast and Castro keep getting better, and Breaker is a new and interesting take. The big difference with Breaker is that they have a social networking model, where you can follow your fellow Breaker-using friends and get podcast recommendations based on what they’re listening to.

Russian Hackers Are Using Google’s Own Infrastructure to Hack Gmail Users ★

Lorenzo Franceschi-Bicchierai, reporting for Motherboard:

The “Change Password” button linked to a short URL from the Tiny.cc link shortener service, a Bitly competitor. But the hackers cleverly disguised it as a legitimate link by using Google’s Accelerated Mobile Pages, or AMP. This is a service hosted by the internet giant that was originally designed to speed up web pages on mobile, especially for publishers. In practice, it works by creating a copy of a website’s page on Google’s servers, but it also acts as an open redirect.

According to Citizen Lab researchers, the hackers used Google AMP to trick the targets into thinking the email really came from Google.

“It’s a percentage game, you may not get every person you phish but you’ll get a percentage,” John Scott-Railton, a senior researcher at Citizen Lab, told Motherboard.

So if the victim had quickly hovered over the button to inspect the link, they would have seen a URL that starts with google.com/amp, which seems safe, and it’s followed by a Tiny.cc URL, which the user might not have noticed. (For example: https://www.google[.]com/amp/tiny.cc/63q6iy)

A huge reason that phishing works is that most people just aren’t technically savvy enough to tell a phony-looking URL from a legitimate one. But a URL that really is coming from the google.com domain — that’s the sort of link that even a web developer might think looks legit, especially at a glance.