Monthly Archives: February 2006

DEF CON 14

Posted on by
1

I just saw an email on the bugtraq list announcing the call for papers for DEF CON 14. I started having flashbacks of the one DEF CON that I attended, DEF CON IV in the summer of 1996. I’ll always remember that year because I have a very vivid memory of returning to the hotel room and watching the breaking news of theOlympic Park Bombing in Atlanta, GA.

I haven’t been back to DEF CON since then, but I understand that it has grown quite a bit. Not quite the underground hacker scene it once was I suppose. Hard to be underground when you have main stream media reporting on it :-)

TrackBack as an Internet Standard

Posted on by
5

I resisted the urge to comment on the process of submitting trackback as an internet standard the other day because I didn’t want to just completely flame the idea. I knew there would be folks who would want to push pingback instead and I’m doubt that would be much better.

The biggest problem with both trackback and pingback is spam. Plain and simple, spam. Neither of them do enough to even put a dent in slowing down spam, let alone preventing it. Because of this I think that go through the effort to make a standard is pretty much a waste of time. Who wants to enshrine one more way for people to send spam as a standard? Want to do something helpful, come up with a completely new trackback/pingback/pick-a-new-name mechanism that is designed to actively slow down/prevent spam.

For background checkout trackback and pingback sites and specs. There is also a pingback vs trackback paper (via Matt).

UPDATE Thu 23 Feb 2006 @ 2:45pm: I should add that I like the general concept of trackback. I like the site to site (S2S?) interaction that it provides. More than once I’ve discovered a pointer to my site with additional feedback that didn’t show up in any of the blog search engines for several days (and sometimes never showed up at all). Keeping it decentralized means I don’t have to worry if Technorati isn’t responding to searches right now. I hope that Adam is right and that they do find a way to deal with the huge potential for abuse via spam.

Google Pages

Posted on by
1

Just came across Google Pages (in Beta of course) a few minutes ago. This service allows you to create web pages. Unlike Blogger these seem be just plain web pages, not blogs. Think plain static pages. In order to use this service you’ll need a Gmail account.

The editor is certainly very advanced. This is almost as good as a regular desktop editor. There is a lot of AJAX going on to provide a pleasant experience. All of the traditional HTML editor buttons are there; image, link, bold, italics, bullet lists, text color, font selection, text size, text alignment and text type (heading, subheading, minor heading and normal). You can choose one of four different layouts and 41 styles. For those of you who want to get in the guts you can also edit HTML directly.

Just like some of their other recent service releases, the performance is very rough. Although the editor usually works, saving can take quite a bit of time. About half the time that I try to view my Google Pages home page it returns a 404 not found error. I’m sure why I still expect more from Google since performance problems are nothing new. When Google Analytics came out it was completely useless.

They even let you upload images for use on your pages and presumably anywhere else. The total space limit is set to 100MB and it isn’t clear if this will grow over time like Gmail. My test page claimed to be “XHTML 1.0 Strict”, but running it through the W3C Validator showed 7 errors.

I’m just not sure what to make of this. The pages that you can generate aren’t that interesting, but the web based editor is slick. But what do they expect people to use this service for exactly?

My Google Page is at http://josephscott.googlepages.com/

UPDATE Thu 23 Feb 2006 @ 10:50am: I still haven’t seen an official announcement from Google on this. Search Engine Watch seems to have had the initial scoop.

Signing Your Social Security Card

Posted on by
5

One of the forms that was filled out when Rachel was born last month (and Alice just over four years ago) was for a Social Security Number (SSN) and card. We just got Rachel’s card the other day and I noticed that there is a signature line at the bottom. Being just over five weeks old she obviously isn’t able to sign her name just yet. So I guess we’ll just leave them unsigned until at some point they she can sign for it herself.

This just strikes me as very odd. Leaving something like this just doesn’t feel right. But having Sarah or myself sign doesn’t make any sense either. The next question that comes up is when to have the girls sign their cards. Alice can spell and write her name, but I wouldn’t call that a signature (she is only four). So they should be at least old enough to have developed some sort of signature. Or perhaps waiting until they turn 18 is the right thing?

I didn’t see anything in the instructions on the card indicating what the right thing to do is. There are plenty of people having kids so I know I’m not the only who has wondered about this.

O'Reilly Make Over

Posted on by
Reply

I’m not sure when, but O’Reilly had a make over on their website recently. Not all of their sites are using the all of the new template, most notably the O’Reilly Network that seems to only being using the top navigation section of the new style. This is unfortunate because I think the O’Reilly Network would look better using all of the new layout.

I like it, the additional white space makes things easier on the eyes. The navigation is clear and easy to follow.

Now if I could just find a way to get up to the 2006 Open Source Convention in Portland, Oregon this July :-)

REST Versioning

Posted on by
1

Adam Kalsey has been discussing how to version his REST interface for Tagyu. It is an interesting read, mostly because there really isn’t a good standard way providing for different versions of a REST interface. In the end he came went with including versioning details in the REST URL and including pointers to the previous, next, latest and in use versions.

As more and more services are exposed in similar ways I expect there to be a lot more discussion on this topic.

I'm Sold on Prototype

Posted on by
Reply

For years I avoided Javascript as much as possible. It was a pain to try and support all of the versions of Internet Explorer (IE) and Netscape Navigator. It just was not worth it. As time went on my aversion to Javascript lessened, but I never made the effort to really learn it as a language. I would learn just enough to accomplish a small specific task.

Fast forward to 2005/2006. AJAX has become the buzzword of choice. Some smart folks have learned to deal with most/many of the issues that are still there between IE and (now) Firefox. This has given rise to Javascript libraries, with Prototype being one of the more popular.

After a few brief attempts trying to figure out how to do something useful in Javascript with Prototype I figured my lack of real Javascript skills were just not up to the job. Then Yahoo came out with their Yahoo! User Interface Library (YUI), which got me thinking about Prototype again. After reading through more examples and documentation I was finally able to accomplish exactly what I wanted.

I’m now sold on using Prototype. Sam Stephenson deserves heaps of praise. To help out others who are looking for documentation and examples, here is a list of resources for Prototype.

While trying to debug AJAX I recommend using the Firefox plugin called FireBug. Turn on the “XMLHttpRequest Spy” feature and you’ll be able to monitor all of the AJAX transactions that are going on.

Of course Prototype isn’t perfect, there are still important limitations and issues to keep in mind. For instance, the target platforms for Prototype are (from the README):

Microsoft Internet Explorer for Windows, version 6.0 and higher
Mozilla Firefox 1.0/Mozilla 1.7 and higher
Apple Safari 1.2 and higher

I’m also curious to see how it stacks up against the new Yahoo User Interface Library. Either way this is an exciting time in the land of Javascript.

The BSD Licensed Application STack (BLAST)

Posted on by
1

There are a lot of open source licenses out there. For me open source license usually implies GPL, LGPL and BSD/MIT, although there are over 50 on the OSI‘s list. I tend to be partial towards the BSD/MIT licenses over (L)GPL, I’ve mentioned this before. For the purposes of this article thought, I’m going to focus on BSD licensed software. Don’t take this as a slam against the GPL, I just wanted to focus on the largest amount of flexibility and ease for developers.

It really is amazing that today you can develop an entire application or service using BSD licensed software up and down the stack. This particular license allows you to modify code and it is up to you if you want to share it. Although it is always recommended to participate in the community, this license doesn’t make it a requirement if you want to distribute modified code (this may be a good or a bad thing depending on your point of view). Thus all types of applications and services can be built upon BSD licensed code, from top to bottom. If you’ve ever tried to figure out which license you have to buy from a company that offers more types of licenses than cars on the road you know that not having to go through that maze can be a great time saver.

So here is what I’m thinking of when I talk about the BSD licensed application stack. At the lowest level we need an operating system. I prefer FreeBSD for this, but there is no reason why NetBSD, OpenBSD or DragonFly BSD couldn’t be used instead. Any of these will provide a complete operating system and depending on your wants or needs you may find one fits you better than the others.

Now that we have an OS (FreeBSD), we’ll need some place to store data that our application or service will be using. SQL databases have grown to fit this need quite well. Because we are focusing on BSD licensed open source software one database really stands above the rest, PostgreSQL. Not only is it a perfect fit for our criteria, it is a great piece database software. PostgreSQL supports many features that users of commercial databases have come to expect (Views, Functions, Schemas, etc).

The way to deploy applications and or services today is on the web. Here again we are fortunate because the most commonly used web server is open source and BSD licensed. The Apache web server is flexible (mod_rewrite anyone?) and powerful.

Finally we’ll need an a programming license to get things done. This one piece of the stack is probably the most difficult to pin down. My pick though would have to be PHP, whose license is close to the BSD license. It is also targeted at for web apps, but I’ve used it for command line applications as well.

The BSD Licensed Application STack (BLAST) is about software that does its job well and has a license that is easy to understand and gives you the ability to get distributed changes to yourself. Activity in the community is optional, but encouraged. For me this means FreeBSD, PostgreSQL, Apache and PHP.

Many of you reading this will be jumping up and down that this is just a rehash of L.A.M.P.. On one level this is true, Linux, Apache, MySQL and PHP/Perl (L.A.M.P.) do satisfy one part of BLAST, open source software that gets the job done. Unfortunately the licensing for some of these products is difficult to understand and in some cases the same license is interpreted in different ways (yes MySQL I’m looking at you).

The components of BLAST may change over time, (perhaps another language besides PHP?) but the intent and abilities will be the same. Good open source code with ability to do what you want with it.