Conan Made Huckabee; We <3 Hulu

We finally got our invite to Hulu today and any lingering doubts we had about the awesomeness of their delivery, architecture and overall business model were quickly dispatched after wonking about with their controls.  There are several specific features that made us raise an eyebrow and vow to continue brushing up on our RoR knowledge, including a 'dim the lights' feature which grays out all the busyness surrounding your currently streaming vid - and the smooth transitions between popping out, full screening then going back to the original embedded version, with nary a hiccup or restart.  *knocks back a shot of single malt Glenlivet*  Smooooooth man... smoooth.  Not to mention they have quite a solid lineup of content, including NBC, Fox, Bravo, G4, Sundance, plus lots more.

The most fun we've had so far was watching Conan's recent opening monologue/on-air faux battle with Messr. Colbert over who actually MADE Mike Huckabee.  Was it Norris?  Was it Colbert?  Or did Conan actually make ALL of them?  We think you know the answer.

That was followed closely by the fun of picking our own clip, then auto generating the embed code.  YES it was fun.  We swear.  Lookit.

Not only is the embed process seriously intuitive and easy to grasp, even for non-technophilez.. it just works.  The delivered stream looks top notch, the supporting ad is non-annoying and lasts exactly as long as it should, namely a few seconds. 

Who knows where Hulu will end up in the totem pole of 2.0 but they are strong out of the gate and we'll be watching them, and their content closely.  First we're gonna go eat someone else's lunch from the company fridge though.  Anybody need anything while we're up?

Our lonely days are over, and life is like a song...

Is it the extra swig of `tussin we just gulped down with our espresso shot that has us feeling so floaty and hopeful?  Possibly.  We're also slightly encouraged by the finally announced developments in the percolating CBS/last.fm team up.

We feel compelled to point out though, that the labels still don't get it.  They're being led by the nose at this point and just trying to hold on to some shred of their former glory by insisting on silly limitations that make no sense in the context of the deals they are entering into.  At least, not for anyone who doesn't work inside the belly of the beastie.

Here's the OK news.  You will soon be able to listen to each FULL track at last.fm instead of the useless 30 second clips that everybody loves to hate.  You'll be exposed to an ad for this privilege... hey, no problem.  We've gotten to be experts at blocking out ad placements like everyone else.

Here's the stupid news.  The labels are demanding that you only get three plays of the full track.  OK.  Like we said, this must sound really great when you weasels are yammering on and enjoying the sound of your own voices in conference rooms.  We know your bosses sit there and nod their heads approvingly as if you've somehow staked a claim for your industry, protecting your ass(ets) and really played hardball with those content plunderers that keep you up at night.  Bullshite.  That limitation will be removed shortly because it's arbitrary and makes no sense.  Either you give music fans the chance to experience your content so they can decide if they want to buy it or you don't.  It's the legacy you created for yourself by litigating against your own consumer base and keeping your heads stuck in the sand for so long.

BUT, here's the really good news... and why we're listening to Etta James while we eat lunch.

Last.fm is launching an unprecedented "Artist Royalty" arrangement, whereby those artists not signed with a label who choose to upload their music to Last.fm will receive payment, directly from Last.fm, every time one of their tracks is played. This means artists without traditional recording or publishing deals will be able to reach millions of music fans, offer their music for free, while generating revenue.

Leaving aside that's it's not 'unprecedented', it's still cool enough to almost offset the three song limitation.   How will this affect some of the other ad supported models that are sputtering along, like imeem?   We're anxious to find out.

Even though ZOMGPWN! hasn't been the biggest supporter of last.fm, we've always quietly rooted for it even after it got subsumed by CBS.  It just gives off that punk rock ethos that makes us dare to dream that there's a better future out there for music fans.  Probably not, but hey... don't harsh our `tussin buzz, man.

Actual MySpace URL pedo exploit still alive and kicking. Nobody really cares.

User videos on MySpaceTV that are not individually made 'private' - but still behind a private profile barrier - are accessible to anyone by fiddling with the URL minimally.

This is identical to the image exploit that was plugged up earlier this year by the Space staff.  Kudos, we guess?  But wouldn't videos be actually worse than images for the lonely mouth breathers to get all hot n bothered over? 

Don't believe me?  Try it yourself.

Step one: Find a private profile.
Step two: Navigate to an accessible videos page for a user who is your friend or who simply has everything out in the public.
Step three: Paste in the friend ID of the person who has their profile set to private.

Even if they don't have any videos posted, you are now partially behind their privacy screen.  If they DO have videos posted, you can view them to your hearts content.

ZOMGPWN! will monitor this one and report on any fixes.  However until a larger site picks this up, we suspect that nothing will change.

Mashable and Wired drop the ball on alleged MySpace 'bug'

Yes, it's quite page view inducing to pimp a headline about how pedophiles are secretly grabbing the private photos of underage kids to populate ad-supported sites with illicit images of your children.   So much so that it must be tempting for all the so called tech bloggers out there to pull a quote or two from the original story, and re-post it as news.  The only problem is, it's not exactly true.

First let's be clear about this.  There are all KINDS of crazy, evil perverts out there dreaming their evil thoughts.  We're not saying that there aren't plenty of problems with the newly deposed king of the socialz either.  However...

Item One: There have been many exploits along the lines of 'replace friend ID in URL' that would let users see things like friend lists, photos and the like.  But the method reported on by Wired and subsequently Mashable... was one that had been plugged for months.  However it was relayed via their posting as if the story on Mashable had caused MySpce to run and plug that hole immediately in a 24 hour period.  This was simply not the case.

Item Two:  The best evidence of the general lack of understanding regarding this exploit, on the part of the so-called tech blog-verse is the fact that both sites reported it incorrectly.  Perhaps they were trying to not tip off would be perverts, but in the comment section of the first story posted at Mashable, writer Mark Hopkins made this statement:

"I don't know any folks under-age for me to try it on, but I did give it a shot on several of my own friend's profiles, and it seemed to work as described."

To be very specific, this had to be someone who had their profile set to PRIVATE but had PUBLIC photo albums.  Being underage has nothing to do with it... except that MS users under 16 default to private profiles.  Regardless, 'not knowing' any underage people has zero relation to this issue.  You can browse or search and find an underage user easily.  However this applied, as stated, to private profiles with public albums.   His very specific statement shows clearly that he just misunderstood the nature of the exploit.  If you are already friends with someone, replacing your friend ID with theirs in the URL is the same as clicking on the 'pics' link.  No l33t skillz required there.

Anyone who works in online security has been aware for a while that this one was plugged in early 07, thank goodness.

So there is simply a fundamental misunderstanding of what's being reported. This could be solved by the people reporting on it actually being users of the sites they cover, or at least putting in some research time on the specific issue. 

Of course though, this item was dutifully picked up by ABC News and many other major outlets and people got to be all indignant about how awful this is... which harbors a far MORE evil result - namely that other, worse exploits are STILL EXTANT and being thoroughly ignored by the same bloggers and reporters.

If the issue is child safety, instead of increasing your ad revenue - then why not do the full story instead of ctrl-v-ing your way through it? 

This issue spurred the resurrection of zomgpwn! and we will be reporting on it as much as possible in the near future.  Stay tuned...

Fanning folds in W.O.W.

Rupture FTW!  Dang, Shawn.  Keep bringing the Intarwebz sweetness, yo.

Fannster is prepping his own flavor of 'Teh Socialz' for apparantly all too eager keyboard slingers, Warcraftians. It's called Rupture and until recently had only been rumored to be fully integrated into the W.O.W. TOS.  Now we know that it's official.

Not only will Rupture have a W.O.W. plug-in that will allow players to network directly from inside the game, it will have plug-ins for other games as well.  Sccchhhnap!

So go give them your Guild, Realm and character name (seriously) and they'll get back to you when this is all done cooking.  You may now return to the grind.

Verizon <3's YouTube!

First things first - let's give the fools at MotleyFool credit for the best headline so far.  We thought of it second, swears.  'Can YouTube Me Now?'  *slaps knee*  Nice one Motleys!

While it's not the first team-up in the new economy space, tis certainly the largest so far.  It makes us wonder who is getting the money for every YT Vcast stream on your phone.  Some of YT's biggest stars are already gravitating towards revenue sharing models like Revver, so how will they feel when their clips are being consumed en masse, sans watermark and they aren't getting a cut?  Maybe Mark Cuban had a point after all.

Does Mixi have a 'Tom'?

Maybe they're just going the 'If it ain't broke' route but seriously NewsCorp, could you not give the JPN version of StalkerSpace at least a slightly different feel?  No you say?  K, then.  We can't figure out how to sign up anyway.

Which is why we can't really comment on what kind of competition MyS might be running up against in the land of the ubuquitous vending machines b/c we can't break into Mixi no matter how hard we try.  At least they have an enticing entry page.

One young Japanese girl in a sundress, out in the middle of a field reading a book - while another young Japanese girl in a sundress walks up behind her with a mischevious smile on her slightly downturned face.  We may not have the right font set installed Mixi, but we get where you're going with this.

Be worried Rupert.  Be very, very worried.