The YouTube Of Tomorrow

DivX's new Stage6 site will host, for free, pretty much any legal DivX-encoded content you like, with much better quality than GooTube.

Stage6 video files are of course generally much bigger, and you need to install their special player extension, and the site still seems to have that occasional GooTube problem where you upload a video and then it never goes live.

But I consider this a small price to pay to be able to watch (and download!) stuff like A Gentlemen's Duel and Team Roomba's hilarious instalments one and two of their TF2 griefing, in decent resolution.

(Unlike many other video hosting services, Stage6 does not have interstitial ads, or weird code that only works right on Internet Explorer. Actually, the current FAQ notes that "The Stage6 beta website is optimized for experience in the Mozilla Firefox browser. It may kind of work in IE as well.")

As a test, I've uploaded my battling robot bugs video from the other day to Stage6; it's here. I think the stereo audio improves it considerably.

(Joey, the Amazing Fetching Cat may now also be enjoyed in higher resolution and stereo on Stage6. He's here.)

DirectX redux

So, I've got that DirectX Acceleration Not Available problem again. DirectDraw Acceleration, Direct3D Acceleration, AGP Texture Acceleration; all Not Available. Direct3D was available until I tried turning it off in dxdiag, then ran dxdiag again to see if all of the options were back.

Nope, that trick doesn't even work once, any more; now they're all gone. Again. Graphics card allegedly has "n/a" memory on it, et cetera et cetera.

The last time this happened I tried all kinds of things, not a one of which worked, and ended up reinstalling Windows. But somebody mentioned that this was exactly the kind of problem that Windows XP's System Restore (which I of course did not have turned on) was created to solve.

So in this Windows installation, I left System Restore turned on. And when DirectX screwed up yesterday, I used System Restore to roll the system back to its status of about a week ago.

And hooray, the problem was solved!

For about twelve hours.

I'm not crazy about the idea of restoring my system to that save point once a day for the rest of my life. I can see no other option, though, unless I get a whole new computer. I know for a fact that cleaning out all of the drivers and DirectX files before reinstalling will not help at all; all that does is take a long time and require a large number of reboots.

Perhaps a new video card would do it. This GeForce 7800 GT is pretty old and dusty; perhaps the problem does in fact have something to do with the video card failing some kind of obscure internal test, as when hard drives drop back into PIO mode.

The graphics card does still work just fine, as far as I can see; 3D mode is A-OK when DirectX is, you know, working, and OpenGL 3D is A-OK even now. I just ran OpenGL Quake 2; everything's fine, and the video card fan ran up to higher speed as it's meant to.

But perhaps the card didn't give Windows the right password yesterday, or something.

I could try digging up another graphics card, but I haven't another PCIe card in the house, and this computer's too young to have an AGP slot. So I'd have to find some ancient PCI card, and I think the only one of those I've got is in the file server.

God damn it.

e4b48fd541b3dcb99cababc87c2ee88f = elephant

This post on the Light Blue Touchpaper blog tells us all yet another thing we can do with Google:

Find a password, if our l337 h4XX0r skillz have already allowed us to harvest the MD5 hash for it.

The completely stupid way to store passwords, implemented by small children writing programs in BASIC and by $300-an-hour consultants writing enterprise software, is to just save all of the usernames and matching passwords as plain text in a file somewhere. If an attacker can read that file, they can now log in as anybody.

A much better, but still not as secure as it should be, method of saving passwords is to "hash" them using a "one way" or "trapdoor" algorithm, like MD5. A trapdoor algorithm runs very quickly in one direction (turning a password into an almost-unique string of seemingly random characters), but is almost impossible to run the other way, if you don't have access to cubic kilometres of sci-fi nanotech.

If someone gets hold of the file in which you store password hashes, the one-wayness of the hash algorithm means the attacker still can't figure out what passwords correspond to what hashes, and so cannot make use of his discovery.

Well, that's the theory.

In practice, attackers can take a dictionary of passwords, hash them all, then search for matches between their new hash dictionary and the password hashes. There are even helpful online tools that'll do it for you, like the long-established, or md5oogle. When there's a match, you've got the password.

And this is what Google allows you to do in two seconds, if the password hash you're trying to "reverse" corresponds to a common word.

The word "elephant", for instance, hashes to e4b48fd541b3dcb99cababc87c2ee88f. Search for that in Google and you'll get a bunch of pages which, for reasons explained in the Light Blue Touchpaper post and its comments, often also have the word "elephant" on them, or right in their title.

(This post will probably be very high in those search results in a day or two. Check out the above-linked online reverse MD5 hash lookup tool if you'd like to explore other options - it lets you hash any string you like, then checks some databases for it. While it's checking, you can be Googling the same string. Md5oogle lets you generate MD5 hashes as well, but it converts everything to uppercase first - which many password systems also do.)

This technique only works for passwords that're common words - or, at least, have for some reason been hashed and stored in a Google-visible file. If your password is something nonsensical like dj347F, which hashes to 54041c87e2e431f3fc4c47e55d114ef3, the hash won't be found anywhere on the Web (except, again, on this page, once Google indexes it).

This technique also doesn't work if the passwords are "salted" with some extra data before being hashed. So if a user foolishly decides to choose "mypassword" as his password, the software actually hashes, say, 28391mypassword, and thus creates an un-findable hash.

Adding a simple fixed salt to every password still doesn't give you really industrial-strength security, but it's streets ahead of a lot of the junk that makes it to production. And it does stop dumb attacks like Google searching - well, at least until people find out that MurderDeathKill 3D's online gaming logon system just adds 28391 before hashing passwords, and start making tables of dictionary words with 28391 in front of 'em.

Lots of current popular software uses unsalted hashes, including the WordPress software that runs this blog.

So it's pretty lucky that I made my admin password "3hv78UEr", isn't it?

Yet more seam carving

When last we visited the wonderful world of image "retargeting" by means of the cunning seam carving technique, I envisaged a decent free seam carving Photoshop plugin in the near-ish future.

Well, that hasn't turned up yet. But a couple of options besides and that GIMP plugin have.

The inventively named Content Aware Image Resizer is a simple command line utility that can only cope with BMP format images, but gets the job done (a bit slowly...), is multithreaded, and is GPL-licensed so C++ hackers can fiddle with the source.

Resizor is a standalone Windows app, which is only single-threaded but still seems a bit faster than CAIR (I think is faster now than it used to be, too), has a bunch of fancy resizing algorithms as well as the seam carving "Retarget" option, and has a graphical interface too.

Resizor only lets you make an image smaller by seam carving (one of the interesting features of the technique is that it can just as easily enlarge images as shrink them), but it does what most people want to do.

New Nvidia drivers: Worth having.

I just installed the brand new v163.71 Nvidia drivers (the last non-beta release was v162.18), and benchmarked Supreme Commander before and after. There's a small but significant improvement.

I'm tired of seeing articles about AMAZING NEW DRIVER IMPROVEMENTS OMG and then discovering that there's only any difference if you're using a GeForce 8800 on Windows Bloody Vista.

I've got a 32-bit-WinXP computer with a 2.2GHz (at the moment) dual core Athlon 64 and a 256Mb GeForce 7900 GT.

That's probably still faster than the average, but it's pretty far from the current cutting edge. (Only two cores, dahling? However can you cope?)

Driver tweaks aimed at the super-expensive dual-slot super-cards won't help me at all. I'm guessing that they won't help most of you, either. Tweaks that help a GeForce 7900 ought to be some use for various other current affordable Nvidia cards, though.

I've also got an effing big monitor, so I ran the tests in 2560 by 1600 resolution. That's practical for fullscreen Supreme Commander if you've got some flavour of 8800 (ATI aren't really in the very-high-end race at the moment), but it's actually very playable if...

Supreme Commander at 2560 by 1600 split the monitor between the normal view and the easy-to-draw topographic-view map.

Running the standard "perftest" benchmark in that resolution guarantees, despite Core Maximizer, that the game will be video-card-limited most of the time.

The Supreme Commander benchmark reports total frames rendered, "sim" performance (how fast the game calculates everything-but-graphics), "render" performance (graphics alone) and a "composite" score that roughly represents overall performance.

In this graphics-heavy test, my "render" result increased by nineteen per cent with the new drivers. The giant resolution and less-than-incredible video card meant that, in the peculiar jargon of the perftest benchmark, the "render" score only improved from minus 1029 to minus 863. But trust me, that's still good.

The logged-frames difference was +0.7%, which probably means less than experimental error and definitely means nothing you'd ever notice. The sim score improved only slightly more, at +1.6%. But the composite score improved 4.7%, from 5794 to 6065.

You probably wouldn't actually notice that in play - it's a general rule of thumb that differences of less than ten per cent aren't noticeable. But almost five per cent is not a bad improvement to get for free.

Complex Supreme Commander games are almost 100% CPU limited. Smaller games, though - and even complex games when you can't see much of the enormous map you're playing on - don't give your graphics card much time to breathe, especially if you've taken advantage of SupCom's still-rare ability to make use of a second monitor. So I don't think I'm lying with statistics, here.

(I'm not, to be fair, actually playing much Supreme Commander at the moment. I got ETQW yesterday, and intend to Strogg 4 Life for a while before getting back to the direction of vast robotic armies.)

Seam carving comes home

The remarkable "seam carving" image resizing technique that I and everybody else posted about a month ago has now been implemented in at least two ways.

First, there's the Liquid Rescale plugin for GIMP.

[UPDATE: Picutel's "Smart Resize" is a Photoshop plugin that does the same thing. You have to buy the full version if you want to work with images bigger than 640 by 480, though.]


Second, and much more interestingly for casual dabblers, is (of course).

Rsizr lets you watch the seams being carved before your very eyes in a Web browser.

It's not the fastest process I've ever seen, since this is a rather computationally intensive technique (since it's doing it in Flash, I suspect it may be based on one of the open-source ActionScript seam carving implementations mentioned here). If you want to mess about with Rsizr, I therefore recommend you use images no bigger than 1024 by 768, even if you've got a firebreathing computer.

Note also that after you've done the seam-carving, you still have to click the image and drag its border to actually resize it. Well, I think you always have to do that; Rsizr's pretty much documentation-free at the moment.

But it definitely does work.

Original image

It allowed me to turn this 1280 by 850 pixel original...

Seam-carved version

...into this 855 by 640 pixel version. Click the images for full-sized versions.

The reduced-size version now has rather cramped composition, and the terrain looks a lot more hilly than it really was. But all of the major image elements - the sharp trees, the two buildings, the man and the boy - are preserved almost unchanged. They're just closer together than they were.

The server's being hammered a bit at the moment, so the "Save" function takes rather a long time to work. It's easy enough to get around that, though - once you get your image the way you want, just take a screenshot of the window and cut the image out of it.

(I presume there'll be a decent free Photoshop-plugin image carver Real Soon Now. In other news, one of the guys who came up with the idea has been hired by Adobe.)

Today, I received a press release whose title was "FixMyMovie Launches with James Bond-Style Video Enhancement".

This did not fill me with joyous anticipation. "Video enhancement" is one of those ridiculous action movie cliches - any old security camera footage can be "enhanced" to hundred-megapixel detail whenever it's necessary to move the plot along.

FixMyMovie does not, however, actually make such stupid claims. It would, in fact, probably be perfectly useless to James Bond.

What it aims to do is apply MotionDSP processing muscle to low quality video, to make it better looking without losing detail. At the moment you can make a free account on and upload any video clip smaller than 352 by 288 pixels in resolution and 20 megabytes in file size, and see what transpires.

So I did.

When I reviewed the Aiptek Pocket DV2 toy digital video camera back in early 2003, I strapped it to the top of a model tank and took it for a drive around a park. The Pocket DV2 produces grainy, fuzzy, nine frame per second 320 by 240 video, which is pretty much on par for cheap phone cameras these days. FixMyMovie is specifically designed to enhance phone camera video, so I figured one of the Aiptek clips would be a good sample.

Here's a Google Video version of the clip. [UPDATE: Now moved to YouTube.] Video of this quality is one of the few things that GooTube compression won't make a whole lot worse, but it's still lost some quality; you can download a DivX-compressed version of the original footage, which looks almost exactly the same as the original Motion JPEG video but is quite a bit smaller, here.

Here's the FixMyMovie-d version. If you can't see it, you probably need the latest beta Flash plugin. [UPDATE: This post is years old now, and the above FixMyMovie player code doesn't work any more. The YouTube version of the stabilised video is below.] If you've got the right plugin already, you've probably noticed that the FixMyMovie player currently has a MySpace-style auto-play function, which you can't turn off. Sorry about that.

The difference really is quite impressive. FixMyMovie has gotten rid of the prominent blocky compression artefacts in the original video, without noticeably blurring it. It's not an amazing, incredible, action-movie-bulldust improvement, but it's very worthwhile. Rapid camera movements - an acknowledged weakness of the enhancing technique - leave noticeable ghosts from previous frames. But they're only noticeable if you're trying hard to see something wrong with the video. The improvements far outweigh the problems.

The deal with FixMyMovie - once it leaves its current beta state - is that it'll only enhance the first ten seconds of any clip for free. If you like the look of it you can "Order" a fully processed version, which will cost money - 99 US cents, to enhance this clip.

(It took quite a long time to process this clip, presumably because people are already hammering the FixMyMovie server. You get an e-mail when processing is finished, though, so you don't have to sit there refreshing the My Videos page.)

At the moment, you get $US25 credit when you create a free account - and no, you don't have to give them a credit card number; use a disposable e-mail address if you're really paranoid. $25 should plenty to try the service out.

The player lets you play the whole clip even when only ten seconds have been enhanced, seamlessly connecting the enhanced beginning to the unprocessed rest of the video. Click the bar on the right-hand side of the video and you can compare processed and unprocessed still frames with a nifty mouse-drag interface.

As the FAQ explains, once you've fully processed a video, you can download it in various popular formats, including native h.263-encoded FLV flash video format, for upload to YouTube, which will then not recompress the video.

Here's the video on YouTube - I only just uploaded it, so it ought to be viewable in a moment. If you can't be bothered installing the new Flash player, or if it's not available for the computer you're using, this is pretty close to the version.

Google Video and YouTube still aren't completely harmonised; you can upload FLV-format video like this to YouTube, but not to Google Video.

The enhanced WMV and MOV versions of this dinky little one-minute clip were fifteen megabytes in size. They've got a bit more detail than the online Flash version - they look a bit better than the 7.5Mb FLV-format version too - but they're not nearly better enough to justify that huge file size.

The FixMyVideo enhancement hasn't done anything to the frame rate (which is good), but it's blown the file resolution up to 640 by 480, which along with 64 kilobit per second audio (which the crappy-camera original didn't have) accounts for the file size inflation.

The smaller FLV-format version is 320 by 240, as it should be, because that's the native resolution of GooTube.

The big file sizes aren't really a problem, because this enhancement technique is based around interframe interpolation; it tries to find the same image components in different frames, and overlay them to leave the image data and eliminate various forms of distortion. So it's kind of like speckle imaging and image stacking, but for motion video. Sticking with the original resolution would have thrown away some of the interpolated detail.

In brief, though: Yes, FixMyMovie works. I don't know how much value it'll have for video that looks OK to start with, but if you've got some crappy phone, web or toy camera video that you'd like to improve, check FixMyMovie out while it's still free.

1337 H4XX0rZ wanted!

It's great to see such impressive strides being made in the important field of protecting children from boobies.

Back in the day, there was software that confidently classified the Mona Lisa as porno. And also classified porno as being perfectly squeaky clean.

Nowadays, there's software on which my very favourite Australian Federal Government ever has apparently spent 84 million Australian dollars (about $US69 million, as I write this).

This software can, it is said, be bypassed by a kid in a matter of minutes.

(I see no reason to change my conclusion from the end of 2000: It doesn't matter, to the people who make it or the people who pay for it, whether censorware works or not.)

The piece doesn't actually tell you how the pictured smirking 16-year-old bypassed the NetAlert suite of programs (while leaving them apparently running!). I presumed it was something rudimentary, like killing a couple of processes in Task Manager. Maybe a few seconds with regedit, too.

[UPDATE: As of 2012, that page disappeared, in accordance with their ancient tradition; has it, but without the picture of the smirking teenager. The government Netalert site has been quietly led beghind the barn and shot in the head, too; here's how it looked when it was young and optimistic. Netalert-dot-COM-dot-au is alive and well, but it's not quite the same thing. I've had to a few other pages, too.]

This ITWire piece details an inelegant way of temporarily and invisibly disbling Optenet, one of the three programs, by... killing a couple of processes in Task Manager.

This page mentions ways to prevent people from "tampering with Integard", which are hilarious enough that I'll leave them as a surprise, but which include not letting anybody boot the computer from CD.

That is, of course, well beyond the capabilities of the average parent (change boot order in BIOS setup program, set BIOS password, and then just hope your kid doesn't know how to clear the CMOS, which wipes the password and resets the boot order to default in one hit).

Just booting from BartPE or a Linux disc and nuking the nannyware isn't, of course, the sort of elegant and undetectable hack that's being advertised here. So there's probably something neater out there.

I'll be pretty surprised if you even need Process Explorer to nobble the rest of these marvellously enterprisey programs so wisely purchased from their skilled authors with my tax dollars. But who knows?

You mission, gentle readers, is to Outflank the Nanny, in as few keystrokes as possible. The software's a free download.

Our Government's dedication to quality software extends to the "Required" e-mail address and postcode on the download page. The postcode can be any four digits, and the e-mail address just needs to have an @ and a . in it, with two or three characters following the .

(The Safe Eyes download requires some kind of further account creation folderol. I also don't know whether they check to see if you've got an Australian-looking IP address.)