Sunday, December 25, 2005
Wednesday, December 14, 2005
Sunday, December 11, 2005
Monday, November 28, 2005
Has anybody experienced a similar issue with Java J2SE 5.0 Release 3 on Mac OS X Tiger, and Xcode Tools 2.2?
Thursday, November 17, 2005
The concept of cross-site-scripting (XSS) has been around for quite a while, fun was had, holes were plugged. Yet, once a while, as i troll around some open social network, i still see a few vulnerabilities crop up here and there.
Putting XSS back on our collective radar can't hurt.
In not-too-nerdy terms, some of the sites most vulnerable to XSS are sites which allow users to contribute richly-formatted content. The concept of a "user" is also key, because a user account's integrity could get compromised by an XSS vulnerability.
For more info, the Wikipedia article has the meat. See also their related vulnerabilities at the bottom. I wonder whether the whole HTTP TRACE vulnerability was ever plugged in IE/Mozilla?
On a nerdier note, are there free/open-source libraries in various application platforms such as Java, PHP, Python, Ruby that handle various forms of HTML content parsing and harmful markup/scripting filtering? The tried-and-true Tidy by Raggett sure helps as a foundation.
Here are a few of the things I would try to look out for, when allowing any foreign markup to make its way onto my site.:
1) filter out all <script...> ... </script>
2) filter out all event handler html attributes from all html tags. Such attribute always starts with the word "on". "onmouseover". "onload". "onclick".
5) to be on the safer side, and to avoid annoyances, i'd also remove all basic html document constructs such as "html" "body" "head" "title", and all complex object embedding constructs such as "object" and "embed".
6) and ensure the resulting html snippet remains clean, valid html.
... what am i leaving out?
Sunday, November 13, 2005
Wednesday, November 09, 2005
Keegan stays! Yay!
J.R. Reviczky stays! Yay!
Art Toon yields his seat to Howard Fishman.
Measure E did not pass, yay! I liked its stated goals, but a sample ballot is no place to amend a poorly drafted measure, no matter how much its proponents want to believe it is. Let's try again by specifically designating the areas the measure is supposed to protect.
Monday, November 07, 2005
Friday, November 04, 2005
Thursday, November 03, 2005
Friday, October 28, 2005
Thursday, October 27, 2005
Tuesday, October 25, 2005
The main issue is that most user-agent implementations tie a user interface paradigm, an "anchor", to an HTTP method, "GET".
In an attempt to explore alternatives to scripting, I've started toying around with the "button" HTML element. So far, I've found that Mac MS IE 5 doesn't appear to support it. Everything else is looking reasonably happy.
Here's what i'm looking at so-far.
It seems to work in: Opera, Gecko, Safari, Treo650/Blazer, Windows IE
It does not seem to work in: Mac MSIE5, SideKick (thanks Kevin).
- Can anyone try more handheld devices?
- One might add a wee scripting to set window.status.
- Removing various CSS directives from that example gets you closer to the original "button" construct, as rendered by default by the user agent. Good to play with.
- You no-longer benefit from a browser's "default way of rendering a link".
- I need to test this with images. - done: it works :)
- Notice what the browser does when your mouse is "down": it lowers the text. Not sure how to override the initial "position" with CSS.
JAH, by Kevin Marks.
Tuesday, October 18, 2005
Back in August, KABC-TV, channel 7 of Southern California stopped-by the house to do a brief bit on blogging.
They called me this morning, telling me they're finally airing it *TODAY 10/18/2005*. Chances are i might show-up for a whole 5 seconds :)
They're saying it should air on News that come-on at ... around ... or after 5pm. I'm never home during that time, so i really don't have a way to tape it, watch it, or see how much of a fool i made of myself, which i guess, is a good thing. heh, heh.
If you're able to TiVo or VCR it, that'd be cool.
Thursday, October 13, 2005
I share many of his frustrations, while i've come to reluctantly embrace yet another onslaught of acronyms.
These days, the surest way to call attention to your work is to file it under "Ajax" and "Web 2.0".
While a very useful tool in our shed, the almighty XmlHttpRequest object isn't a panacea for building compelling applications. It's just a newer tool, which happens to have polarized certain developers' creativity, who in turn felt compelled to create a new buzzword that would give it a more central position.
Most buzzwords to-date have either focused on the wrong technology, or put too much emphasis on a particular technology.
Just to mess with the minds of the three people who read this blog, and see whether i can either start a trend or get flamed into oblivion, I'm hereby coining one ugly acronym:
SBIIC: Standards-Based Interactive Interface Components
"sbeeek". oh yeah baby. stop the presses on those Ajax books, we've got something hot here.
Sunday, October 09, 2005
Wednesday, September 28, 2005
Friday, September 23, 2005
Dear .Mac Member,.Mac membership now comes with 1 GB of combined .Mac Mail and iDisk storage. Because you purchased additional storage for this membership year, we've increased your total storage to 2 GB (and increased your monthly data transfer limit to 25 GB) for the duration of your current membership. This update has already taken place. You can use your Account Settings to take advantage of .Mac's storage flexibility and reallocate storage to best fit the way you use the service.In addition, .Mac is now available in French and German as well as in English and Japanese. You'll also find that .Mac now includes new Backup 3 software and the ability to create .Mac Groups.We value your membership and hope you enjoy these enhancements to your .Mac service.
Monday, September 19, 2005
His firm's analysis, which was funded by cable and phone companies that stand to lose customers to the Wi-Fi initiative, shows that providing Internet access wirelessly over 100 square miles would cost $31 million over five years. [ Read the Article from mcall.com ]Of course phone companies are just a little bit scared. I can't say they didn't have it coming. Once residents start realizing that they can pay $10-$20/month for Internet connectivity and perhaps another $20-$25/month to a company such as Vonage, Lingo.com ( my favorite so-far ), or even EarthLink for Internet-powered phone service, allowing them to make unlimited calls to anybody in the U.S., while preserving their current normal phone number, suddenly, paying phone companies $20/month just to have a phone line (no voicemail, call waiting, call forwarding, or any of the stuff you get for free from VoIP providers), an extra $10-$20/month in metered long-distance charges, and $50/month for basic broadband will no-longer make that much sense.
See also: Video Prodcasting, Broadband, and You
Sunday, September 11, 2005
Speaking of Business 2.0 Magazine. I recently subscribed, received my first issue, and was very impressed by the quality of its content. Subscription right now is only $10 for the whole year. With that cheap a price, I was expecting the magazine to just be a collection of ads. But it isn't!
I've also recently subscribed to the quarterly Make magazine
I've heard good things about it, and their online journal posts are always interesting. And free! I haven't yet received my first issue, but will try to report back when I do get it.
Saturday, September 10, 2005
Friday, September 09, 2005
Okay vanity takes over - Business Week is having best of the web poll and I am against some heavy hitters in the tech-sites @ Work Category. I mean up against News.com, Slashdot, Digg, and O’Reilly Radar. Not even have a prayer, but hopefully all of you can at least help me put up a decent showing. Here is the link to cast your vote.
Verizon Fiber is Here
Originally uploaded by chrisholland.
Daryll, who lives right up the street from me, is among the lucky first in my area to be eligible for Verizon FIOS. He had me plug his phone number on the VZ site, and this image shows you what they're offering.
Here's an interesting disclaimer from the fine print: "The Verizon Online version of MSN® Premium is not Macintosh® compatible".
This is pretty consistent with MSN's overall message to Mac Users: "Eat Sh*t and Die". That's because they don't know how to build applications.
Whatever. Who uses MSN anyway?
If you care about online services such as 8 email addresses, free online calling, web space, spam blocking, scam blocking, spyware blocking, ubiquitous address book synchronization all nicely packaged, on Mac and PC, 10 hours of free dial-up with dial-up accelerator (convenient when you're traveling), just buy the "EarthLink Experience" for $10/month. You'll get everything other members get. It's not advertised, but if you call'em up and ask for it, they'll know. I just switched my DSL account to it.
With the above VZ $35/month package, you're still only out $45/month.
I've seen the Verizon trucks install fiber on poles around my neighborhood, so I would expect we're not far behind.
Wednesday, September 07, 2005
Team Lesser Weevils
I've known Oakley for about a decade. She was one of the first life-forms i got acquainted with when i first moved here. She's a fun chick who packs 10 times more energy by herself than an entire Trojan Cheerleading Squad. Taz meets Pinky, if you will.
Here's to pain!
Tag: AWLA 2005
Tag: Aids Walk
Monday, September 05, 2005
Sunday, September 04, 2005
Josh and Scott updated katrina.earthlink.net today with key building blocks for interoperability with the other sites, testing is still underway.
PLEASE FORWARD. Thank you.
Refugees can search 20 web sites for lost relatives and still miss their entry on the 21st web site. There is a need to combine all the refugee data from big databases like Red Cross, large posting forums like Craigslist and many other sources on the web. The Katrina PeopleFinder Project seeks to create a single repository combining as many sources of refugee data as possible from all over the web without interrupting existing momentum.
We need help for both regular people and software engineers. Everybody is critical to building a central repository of ALL the refugee records we can find on the web. The Social Source Foundation, CivicSpace Labs and Salesforce.com Foundation are coordinating hundreds of people and organizations, including Craigslist and Earthlink.
Please consider giving us just an hour of you your time to do volunteer data entry. The PeopleFinder Project is seeking volunteers in four primary areas:
(1) Creating a technology specification for easily exchanging refugee information. A volunteer effort is working to assist online databases in implementing the specification.
Volunteer here (techies): http://www.omidyar.net/group/katrinarefugee/news/1/
(2) Coordinating volunteers that are writing software that takes information from online databases and putting it into a central database provided by Salesforce.com Foundation.
Volunteer here (software engineers): http://www.omidyar.net/group/katrinarefugee/news/2/
(3) Organizing a massively parallel volunteer data entry project to enter refugee data posted to online bullitin boards into a central database by hand.
Volunteer here (regular people): http://www.omidyar.net/group/katrinarefugee/news/0/
(4) Market the Katrina PeopleFinder Project and recruit volunteers.
Volunteer here (marketing folks): http://www.omidyar.net/group/katrinarefugee/news/3/
Additionally, I'm trying to get my hands on a Google Search Appliance, which I want to point at some or all of the Survivor Search Sites and Forums listed here. But those are typically hard to come-by.
There's a lot of very valuable unstructured information in many ad-hoc forums put-up by industrious developers. Volunteers are already working around the clock to get the information in a structured database (see above). Having a search appliance should add a very effective fall-back/catch-up layer: One "free-form" search box, with access to both structured and unstructured data.
Tag: Katrina Survivors
Friday, September 02, 2005
And right now, they don't have anything to take the edge off. And they've probably found guns. So what you're seeing is drug-starving crazy addicts, drug addicts, that are wrecking havoc. And we don't have the manpower to adequately deal with it. We can only target certain sections of the city and form a perimeter around them and hope to God that we're not overrun. [Read]Another Interview Transcript of Mayor Nagin.
Tag: Katrina Survivors
Thursday, September 01, 2005
Katrina Survivor Search Site
KatrinaHelp.info Missing/Found (via BoingBoing)
CNN Safe List
More sites listed at:
Katrina Covered at Wikipedia
If you know of more sites, or run a site of your own, by all means, list it in comments.
Tag: Katrina Survivors
Wednesday, August 31, 2005
I fear to open my news reader. I've taken a few step backs in the past few months, and have only been sporadically checking one or two sites, such as Om Malik's or TheAppleBlog (to which I also contribute). I rely on Dan to IM me anything important I may be missing out on.
Work's been keeping my mind busy 24/7, while Brandy and I try to stay away from the computers on weekends to catch-up on our sunburns at the beach. The water was fantastic last Sunday. I had a good time boogie-boarding while Brandy was snuggled-away in the shadow of her umbrella.
I covered ScamBlocker last year. It's quite cool. It's no replacement for constant vigilance, but it most certainly helps.
Tuesday, August 30, 2005
Over a longer term, what this trend of constant commoditization of voice, will manifest itself in a whole new meaning of “voice.Many surmise this trend will globalize itself far beyond the desktop PC once friendlier handheld IP-enabled devices hit U.S. consumer markets, as they already have in many countries such as South Korea. Could we see a major comeback of "thin clients" in the U.S., much to the dismay of Microsoft's thick desktop-bound cash-cows? Could the computing powerhouse PC of today simply be a very temporary, albeit powerful and convenient testbed for IP communications and messaging? Malik and Microsoft Geek Robert Scoble duked it out.
Monday, August 29, 2005
Saturday, August 27, 2005
Thursday, August 25, 2005
Originally uploaded by chrisholland.
i was eating a sandwich on this mound of sand by the pier, with a strong wind coming from the ocean. 'Gulls had been eyeing the food for quite some time. This mofo was gliding right next to me, so i slowly turned over, raised my right hand with the camera, and snapped the pic in its face.
Wednesday, August 17, 2005
Tuesday, August 16, 2005
The director of Microsoft's security response center, Debbie Fry Wilson, said the computer giant was in an "emergency response" mode. "Right now, we're mobilizing our two war rooms," she told CNN.Read more of this riveting tale.
Here's the dirt on this latest virus, named Zotob. Wikipedia has also initiated coverage of the Zotob worm.
It apparently does a buffer overflow exploit on Windows 2000 machines running the LSASS on TCP port 445, just like the Sasser worm did before it. Why this service is running on a default installation of Windows 2000 is beyond me.
I've said it many times before and i'll say it many times again. Operating system vendors need to distinguish between "Client" and "Server" distributions of their operating system. The vast majority of end-users, even advanced users, do not need, on a default installation, to be running any service listening on any port.
Apple has grokked this very simple philosophy a long time ago. This is why you have Mac OS X Server for people in the business of running servers. And Mac OS X Client, for the rest of us. Both are equally advanced versions of the same operating system, they're simply configured differently for different purposes.
Friday, August 12, 2005
Thursday, August 11, 2005
Tuesday, August 09, 2005
DTV is a new, free and open-source platform for internet television and video. An intuitive interface lets users subscribe to channels, watch video, and build a video library. Our publishing software lets you broadcast full-screen video to thousands of people at virtually no cost. The project is non-profit, free and open source, and built on open standards. A Windows version of DTV and a full website are well underway and will arrive in the next several weeks.
Wednesday, August 03, 2005
Hermosa Beach was crawling with people.
Both the Men's Final on Saturday and the Women's Final on Sunday were broadcast on NBC. The stands were packed and long lines were formed to get in, as the event was free.
On Saturday, after waiting in line, I managed to get in for the Men's final just at the right time to enjoy most of the 3 games. It was a close call I did not want to repeat for the Women's final on Sunday. So i bought a "Beach Club" pass, which gave me access to the sand, right below the stage. I'll be saving-up to do the same next year.
It was very impressive to watch the Women wield such grace and power in their play. Their serves were very powerful, more powerful than most Men's games I saw, where the ball was mostly lobed over the net.
I managed to videotape the Women's final on Sunday, I've yet to import it and put it up on Google Video. I got sunburned on the face pretty badly in the process. During the lunch break, the AVP Girls were kind enough to pose for this picture. They had some very impressive choreographed bits.
On Sunday Tom and I took our Tmaxxes out for a spin at the park. We had to change our glow plugs. I busted the front bumper last weekend. Poor car. I'll be buying more parts soon.
Derek has a very-nice breakdown of the various blogging systems out there.
Beyond blogging, there's also Social Networking. A few sites such as Friendster and Orkut have entered this field a couple of years ago. LiveJournal, primarily a blog system, also has a notion of "friends" and social networking which blogger.com lacks. Now Yahoo and MSN are looking to blend these concepts and more with burgeoning all-inclusive content sharing portals: Yahoo 360 and MSN Spaces. Those systems make it easier to establish connections around common interests and develop new interests around social connections. For technical and security reasons, those social networks will never allow you to customize look, feel, functionality of your online journal content, to the extent that pure blogging systems do. Which is partly why I still favor blogger.com over most alternatives out there.
The king of Picture Sharing remains Flickr.com, which integrates very nicely with many of the blog systems out there.
Tuesday, August 02, 2005
BEGIN:VCARDThe vCard RFC doesn't define a field for a SIP address.
ADR:;;123 Some St.;Hermosa Beach;CA;90260;
TEL;type=WORK:123 456 7890
However, most developers are agreeing on a URL representation of a SIP address, using the "sip:" protocol, the same way an e-mail address might be represented as a URL using the "mailto:" protocol.
I'm currently looking to specify a SIP address in a vCard payload using two fields:
1) a custom X-SIP field.
2) a URL field whose value contains a SIP URL.
The problem I'm running into is that in Mac OS X, Address Book.app appears to treat all URLs as HTTP URLs. Even though the field might display sip:email@example.com, clicking on the blue link will trigger the browser to open: http://firstname.lastname@example.org.
Gizmo Project.app registers in Mac OS X as a handler for the sip: protocol.
I was wondering whether somebody out there might point me to better ways to represent a SIP address in a vCard entry and/or ways to get around these limitations in Mac OS X.
Monday, August 01, 2005
Wednesday, July 27, 2005
Just wanted to invite you all to watch the premiere of
a new reality TV show called The Law Firm.
Why you might ask? Well, my friend Kelly is one of
the lawyers on the show. Here is a link to the
The first show is tomorrow nite, Thurs 7/28 at 9 PM on
Hope you can tune in!
*looks at Oakley* ... GO BRUINS !@!@ BAHAHAHA.
Saturday, July 23, 2005
Thursday, July 21, 2005
ISO declared Southern CA Region STAGE 2 Electrical Emergency for
07/21/2005 14:32 through 07/21/2005 23:59
The information in this email distributed by the Governor's Office of Emergency Services from the California Independent System Operator. Although every effort is made to ensure the accuracy of this email, mistakes can occur. The State of California neither warrants the accuracy of the information, nor the timeliness of delivery. If the information you need is sensitive or urgent, please check the web site or other sources directly.
If you no longer want to receive notifications from My California, please update your profile at www.ca.gov. Please do not reply to this message.
I'll try and snap some good pictures with the old Sony DSC-P50 and videos with the PV-GS120. Pictures will likely go to Flickr. Videos will likely go to google video.
My goal is to eventually park my car street-side and not go anywhere all week-end.
Rumors are ... TriZilla and CheyZilla will be joining the festivities!
Wednesday, July 20, 2005
Headsets are not supported on your bluetooth hardware dbt 120Fear not! Just apply the Mac OS X Bluetooth Firmware updater 1.2. Then relaunch the bluetooth setup assistant. You'll notice that "headset" is now an option. It wasn't prior to the update.
I'm on my merry way to test out Brandy's new hs810
Saturday, July 16, 2005
As always, Om Malik gets the scoop: EarthLink co-founder David Beckemeyer has just released his very own masterpiece: PhoneGnome.
You might remember my lamenting on the lack of competition among long-distance phone service providers ($2 per month PLUS 7 cents per minute??? F-THAT), where this service is the one tied to your phone line. There is a myriad of "calling card services" that offer very competitive national and international rates, but those, until now, required calling a 1 800 number, punching-in an account ID, and PIN. If you're lucky to have a smart mobile phone you could program that in. But cell phone reception is often spotty in many homes.
Jump forward to the advent of the SIP protocol, and calling card companies who offer SIP interfaces to their services, such as iconnecthere.com, which i covered in this article. The key was to make it easy to "call long-distance from home". The article was outlining steps to use your computer with free software to do that. I do again wish to emphasize the cool-factor of using a hands-free headset to converse.
Forget about owning a computer and running software. How about an all-in-one device that does it all for you, into which you can plug your existing phone. Though I do not yet own one, i believe this is what PhoneGnome aims to achieve: As a U.S. residential phone customer, it is already granted that you can make unlimited phone calls to "local numbers" as part of your monthly phone fee. Many people (i'm one of them) are uncomfortable disabling phone service altogether as phone service will always still work during power outages, and 911 is still more effective and reliable. PhoneGnome will pass all local calls through to your normal phone line. You'll also keep receiving calls to your normal phone number, the same way you use to.
Now, when you dial a long-distance number, PhoneGnome will send the call through your broadband connectivity to one of a myriad of potential long distance service providers you may have configured, at rates that are truly competitive, i'm talking 5 cents a minute to talk to my GrandMa in Paris, 2 cents a minute to talk to Brandy's parents in Texas, with no monthly fees. I'm willing to bet, i'd be able to configure my iconnecthere.com account into PhoneGnome, the same way i configured it into my SIP client.
It's kind-of a bummer i'm only reading about PhoneGnome tonight, after I've already ordered an extra hs810 for Brandy's iBook. Then again, it will still give her the hands-free freedom to make calls. She can take her laptop anywhere about the house, upstairs or downstairs. The PhoneGnome kinda needs to be tied to one phone jack, and one LAN port. But it'd be much nicer to allow house guests to make long distance calls, rather than handing them a computer and a headset.
Uhm. I'd say the days of traditional long-distance carriers are numbered. And more specifically, the days of recurring monthly fees to make long-distance calls are numbered.
Friday, July 15, 2005
1) A layman's introduction to SIP
3) Gizmo is cool
4) Phone 2.0
The fourth one "Phone 2.0" shows how I'm able to use the same account to place calling card calls over a traditional 1 800 number programmed into my cell phone, on-top of using my computer to make calls through the exact same account, over SIP this time. In neither case, do i ever have to type-in my calling-card information: On the cell phone, it's programmed-in, it sends the tones for me. On the computer, it's baked-in the SIP authentication credentials.
Here's a little bit of Math:
- my Sprint "Simple 7" long distance service costs me $2/month and calls cost me 7 cents per minute anytime. I still can't call France using this long distance service, without paying out my ears.
- iconnecthere.com lets me make calls for 3 cents a minute anywhere in the U.S., anytime, with no recurring fees. Calling France is about 6 cents a minute.
- Gizmo Project lets me make calls for under 2 cents a minute anywhere in the U.S., anytime, with no recurring fees. Calling France is about 5 cents a minute.
The only reason why I stuck with long distance service until now was because of the past inconvenience of using cheaper services. Now that i call through the computer for cheaper and more conveniently, Sprint is about to go bye-bye, as soon as the dbt-120 and the hs810 arrive here for Brandy's iBook.
So recap, to reach cheap communications Nirvana, i'm looking for:
1) a good global traditional calling card account, that lets me use worldwide toll-free numbers to make calls, through traditional phone.
2) the same account needs to be tied to a SIP interface, so i can leverage it to make calls from any SIP-enabled computer, or device. Such "device" might for example be a hybrid SIP/GSM/3G phone, an ATA, an asterisk box.
3) the same account would ideally also provide me with an easy-to-remember/use SIP address: email@example.com so people may call me for free.
4) the same account would allow me to purchase a phone number in the area code I want, which i might advertise as my "mobile" or "global" phone number. This number would be tied to the incoming SIP interface defined in 3).
that'd all be a pretty good start. What i have so far is pretty good. In all cases you've gotta distinguish services that have recurring costs associated with them, such as Vonage, and services that let you "pay as you go" by putting money into an account, where "per minute rates" make more sense to me, as they really reflect what I'm paying.
Thursday, July 14, 2005
- I planted nails in wood! Watched Brandy paint wood. Brandy redid the backyard very nicely!
- Brandy's Brother's came over with his Fiancee and his 2 boys! We grilled meat!
- I hosted a Bachelor Party. Ate meat.
- Got sunburned. tanned. ran 5 miles.
- Ate more meat. I rode a bull. Did silly drunk things. Climbed on my roof to watch invisible fireworks (sober! that was another day). Played with TMaxx. Broke TMaxx. Repaired TMaxx.
- had birthday fun at Lindy Groove.
- tanned some more. ran 5 miles.
Allons enfants de la patrieeeeeeuuuhh
le jour de gloire est arrive' ....
contre nous de la tyrannie ....
l'etandard sanglant est leve' (bis) ...
... and all that ...
Heh. I remember 1989 and the crazy sh1t Jean-Paul Goude had put together.
Mad shouts to Oakz :D
Wednesday, July 13, 2005
Release notes for version 1.0.5 indicate stability improvements and important security fixes.
If you wish to promote Firefox in a somewhat creative, rebellious way, you might consider this.
Monday, July 11, 2005
i had the sneaking feeling it was a matter of time before the real skill would come out of the woodwork to throw me in the deepest pits of irrelevance :)
Join Blingo Friends with Me
Blingo is a new search engine that gives away prizes every day
like Sony PlayStation Portables, Apple iPods, Visa gift cards,
a year of free movies at Blockbuster Online, and more.
By joining Blingo Friends you can invite your friends to use
Blingo, and when one of them wins a prize you win the same prize.
That means if one of your friends wins an iPod, you win one too.
Your Blingo Invite.
Chris Holland and Blingo
Thursday, July 07, 2005
... despite the fact that the team behind the blue E did invent XmlHttpRequest. Then again, nobody's arguing the Blue E is bad for "Ajax developers".
So my point is ... err ... i actually don't have a point. Sensical ranting is highly overrated anyway.
I've been mulling this idea in my head for quite a few years now, and i'm pretty sure there are a bazillion people out there who've been mulling over the same idea for far longer, and likely have implemented it in many places, but since i'm too lazy/busy to google for it, i figured i'd just ask here, so people can educate me.
Many Unix daemons that run Internet services such as named/bind, smtpd/sendmail, etc, have for years been implemented and run in C. It makes sense, C is very fast, native to Unix and Linux. Many security issues over the years have been found and, thanks to the open-source process, plugged very fast. Some of those security issues have typically been "remote buffer overflow" exploits, allowing malicious attackers to gain access to those servers and compromise them at very low levels, often undetected.
Flash forward to Java and its virtual machine. Would it be conceivably decent to build Java implementations of most popular Unix daemons out there? I'm not looking to start a whole "Java is slower than C" flamewar here. I'm merely considering the fact that if a service runs from the Java Virtual Machine ... the worst that could be done against said service, might be crash the Virtual Machine it runs from, leaving the host machine un-compromised. There's a Java VM for just about anything that has a CPU out there, so deployment should be fairly trivial. Apache Tomcat is a successful example, used on many production systems to serve HTTP requests. So that covers your typical port 80. What about SMTP/25? POP/110? Hell, let's be crazy here, SMBD/135-139's been cracked *MANY* times.
While I understand such Java implementations would not be the kind of thing people would jump on to deploy on production systems, they might make for interesting "science projects"/case studies for industrious developers, and would help further test the limits of Java.
While the use of GCC on your platform of choice makes most daemons implemented in C pretty darned cross-platform, Java would obviously push this portability even further ... use the same .jar file ... maybe hack some cross-platform happiness into startup scripts (a-la tomcat.sh), bickity-bam you're done? Things might get hairy when a daemon needs to access OS-specific features, such as local User information/permissions, likely making it harder to implement simple "drop-in" replacements, and instead requiring some re-architecture of host systems such as moving to LDAP-based user management, etc ... which might be a serious deterrent Eeek.
I'll try and scour sourceforge for such projects. If I'm simply crazy/clueless, please do say so in comments >:D
Tuesday, July 05, 2005
I totally believe Hermosa Beach is one such community. We've got no debt. We've got the money, the means, motivation from constituents. For reasons that are beyond me, two council members have kept this project at a deadlock since its original roll-out a year-ago. For an investment totalling under $200,000 since the project's inception, we could have had near-ubiquitous WiFi-powered broadband, with ongoing costs entirely subsidized by unobtrusive advertisement from local businesses, keeping usage free to end-users, with plenty of opportunities to further monetize the system by selling power-features to end-users such as routable static IP addresses. The plans we had in place were backing our Internet link by a fiber backbone, allowing the city to keep buying more DS3 circuits as usage would increase. The city has a roughly 2-mile radius, with about 10,000 Homes and 19,000 residents.
To put things in perspective, we're about to complete a very nice "Pier Renovation Project" that has cost the city upward of $6 Million.
Are we screwing the pooch? I believe we are. Eric Black, from LA Unplugged, had scored us a bid for roughly $100,000 worth of free WiFi equipment, we missed the offer window, now if look to do this again, the project will go from $146,000 to $246,000. Still a steal, all things considered.
Friday, July 01, 2005
See also A Brief Introduction to SIP.
See also Gizmo Project Wish List.
Dan just pointed me to the Gizmo Project, yet another player in the SIP field of Voice Communications over the open SIP protocol I keep raving-on about.
Other major players have also been:
Pulver.com Free World Dial-Up: a long-time pioneer in the field.
SIPphone.com: actually powers the Gizmo Project, has been around for a while too.
EarthLink Free Online Calling (which i use): launched in late 2004, opened for free to everybody 2 months ago.
The Gizmo Project appears to be a re-branding of SIPphone.com's original offering, with possibly the most polished SIP Software for Mac OS X around.
While the Gizmo project ostensibly advertises that Gizmo users can chat for free with other Gizmo users to encourage people to sign-up for their service, since it's built on the SIP protocol, the first thing I did was to plug my EarthLink SIP address into the input field: sip:firstname.lastname@example.org. It worked! The key here is that with true SIP providers, any SIP user can talk to any other SIP user by simply using the person's full SIP address:
After some digging around, I found out that any SIP user can call a Gizmo Project user as such:
sip:email@example.com (in my case, sip:firstname.lastname@example.org)
sip:email@example.com (in my case, sip:firstname.lastname@example.org)
Conversely, any SIP user can all any EarthLink Free Online Calling user as such:
sip:email@example.com (in my case, sip:firstname.lastname@example.org)
sip:email@example.com (in my case, sip:firstname.lastname@example.org)
It's kinda wild: I've got SJPhone, a plain SIP software configured for EarthLink SIP and the Gizmo Project SIP software, running at the same time on Mac OS X. Both of them are configured to use my Motorola HS810 headset for sound input/output. And I'm able to ... call ... myself ... hah hah.
Aren't interoperability and open standards loads of fun? I'm having fun! Are YOU having fun?
If anybody out there cares to make my day, they'll give me a ring at sip:email@example.com after 2pm pacific time and/or leave a message if i'm not picking-up, to say "happy birthday". If you don't already have SIP running on your computer, you could follow these instructions. If you wish to learn some mostly-non-nerdy basics about SIP, you might consider this article.
SIP is cool. It's open. It's free. It works. It's also now usable. If you have a computer with some kind of microphone, some headphones laying around to avoid feedback loops, broadband connectivity, you're good to go, right now, you can send and receive calls from anybody, to anybody.
Skype is fun, and likely the most user-friendly way to make free online calls, but it's a closed platform, a closed protocol. Skype is to real-time communications what Compuserve was to messaging in the early 90's: a closed ecosystem. Consumers need to get excited about SIP to encourage developers to build better SIP software and infrastructures.
I'm working on Mom and Dad right now.
Wednesday, June 29, 2005
Oh and check this out. The right column.
BIG THANKS TO DARYLL FOR SHOWING ME THIS ;] !
Well, everyone I know is an expert... in something. If I have questions about electronics or radios, I'd ask my Dad. He's always looking at that stuff on-line. Astronomy and Astrophotography? My Uncle. Construction and remodeling? My brother in law. Real estate? A couple of my old college friends. The list goes on.Some readers are pointing out that My Web 2.0 possesses features similar to what del.icio.us has for years offered to the rest of us. But I'd say Yahoo pushes things further by adding a dimension of private networks, and enhancing your casual web searches by giving a higher priority to sites that may have already been noticed by people who belong to your private social network. I think it's fantastic.
The point is that for most topics I might want to know more about, I already know someone that's smarter than me on the subject. I have my very own community of experts (we all do). I just need a way to tap into their accumulated experience. Read More
Google has for many years lacked a key feature: the concept of a user. Until GMail came out and more recently, iGoogle, there was no such thing as a "Google User", part of a larger community of web surfers. Google's "Page Rank" algorithm doesn't currently have a way to take advantage of social networks. Yahoo introduced "My Rank".
There is a limited Beta registration period. To check it out, go here.
Tuesday, June 28, 2005
Or you can start right-away building richer web applications with free and open-source frameworks maintained by communities of developers such as Ruby on Rails and the Prototype JS library.
The article about Microsoft Atlas mentions they'll be offering a text completion widget. Not that I'm pretentious enough to even dream of Microsoft including my hard work into their framework, but I'm wondering whether I should move it from a BSD License to a GPL License. Right now, the code isn't even close to be as clean or elegant as it should be, but as I strive to meet standards put forth by the Prototype JS Library, so the framework becomes more maintainable and extendable, i wouldn't be surprised to see entities sell their own frameworks built on-top of WICK, without contributing anything back to the project.
What do you guys think?
The following quotes from the Atlas roadmap are worrying me:
With Atlas, we plan on providing programmable access to a local store/cache, so that applications can locally cache data easily, efficiently and securely.As far as i know, and i may be wrong, this type of caching mechanism isn't yet available in any browser code base but Windows IE. I believe they're referring to the "Internet Explorer userData cache". I've used it back in 1999 in experimental projects, and it came-in handy at times, but use cases for this feature are limited. It worries me because I can see many developers who currently think of AJAX as this cool cross-platform way of doing things, seeing Atlas as an AJAX framework, and start abusing features such as this one for which there are no standards, and will bring us right back to the dark ages of a broken web.
It's a more efficient and elegant way to quickly access time-sensitive data throughout the day.
Yahoo, are you trembling, yet? :)
Monday, June 27, 2005
Tuesday, June 21, 2005
EarthLink won one of the Star Developer Awards given to a handful of eBay developers under various categories. We were in the Affiliates Program category and James and I got to go up on stage to accept the award for our teams amidst very good company, such as Andale and Yahoo Small Business. We shook the hands of Paypal and eBay executives, including eBay CEO Meg Whitman.
If you're ever curious to see some of the things we do with eBay, consider heading over to My EarthLink, register for a free account if you don't already have one, and take a peek at the "My eBay" feature. This uses the eBay XML API. It's likely one of the sexiest insanely usable tiny auction tracking tools out there. I'm just sayin' :)
You might also take a look at our Google Search: the bottom of the page features "shopping results" for terms users search for, which are partly powered by eBay. This feature uses the eBay REST API, which eBay launched in late 2004.
For the first time in 10 years, the portal is open to everyone. By the same process, you get to reserve for free your very own firstname.lastname@example.org EarthLink Identity, which instantly gives you a SIP address to send and receive online calls.
Shouts out to the mpire.com guys. We chatted with them a bit at the conference, they've built a comprehensive online tool for eBay sellers to manage all aspects of their eBay business. Their stuff sounded very cool.
uhmmmkay. enough plugging ... for the next couple of posts at least. really!
Saturday, June 18, 2005
... is there really no one out there who could use these machines?
Thursday, June 16, 2005
Tuesday, June 14, 2005
Updated: Warning Canceled: 04:09 UTC
TO - TSUNAMI WARNING SYSTEM PARTICIPANTS IN ALASKA/BRITISH COLUMBIA/WASHINGTON/OREGON/CALIFORNIA
FROM - WEST COAST AND ALASKA TSUNAMI WARNING CENTER/NOAA/NWS
SUBJECT - TSUNAMI WARNING BULLETIN - FINAL
BULLETIN NUMBER 2
ISSUED 06/15/2005 AT 0409 UTC
...THE TSUNAMI WARNING AND WATCH STATUS IS CANCELED FOR CALIFORNIA - OREGON - WASHINGTON - BRITISH COLUMBIA - AND ALASKA...
Monday, June 13, 2005
After an upbeat introduction showing us how drug [X] will get rid of all that ails us, the obligatory disclaimers arrive:
"Ask your doctor about drug ... [X]"
And then "the voice" starts outlining in a most charming tone all its frightening side-effects. To further soften the blow, they'll show images of happy people going about their lives. Ugh. It's nasty stuff.
Saturday, June 11, 2005
Smarter? Last I checked, a car still goes where I tell it to go, let's keep it that way and not go crazy with "smart".
Imagine me driving to the theater, looking forward to a yet another fine Jerry Bruckheimer summer blockbuster and pigging out on hot dogs, when my Smart Car, upon sizing me up, suddenly intervenes to drag my lazy ass to the nearest Bally Total Fitness ... "No hot dogs for you!".
Keep cars dumb!
I wouldn't mind a flying car though.
While I can live with an open network infrastructure that doesn't require passwords or encryption, encouraging its users to use secure protocols and encryption at the application layer, such methods still don't address issues of open user-run WiFi access points, and the dangerous liability they may represent.
If I access a WiFi network that is owned and operated by the city I live in, or some other private entity, it then becomes clear that any mischief perpetrated by some other user of this infrastructure is not my responsibility, there is clearly no reason for feds to come knocking at my door, because hey, it's not my network. Feds will be knocking at somebody else's door.
Now, I have a DSL connection, all traffic that goes through it is clearly traceable directly back to me. For convenience, I decide to open a WiFi hotspot that's linked to my DSL connectivity. Because I'm lazy, I don't bother locking it down with WEP or WPA. An online thief drives by my house, picks-up my signal, uses my connectivity to "get online" and hack a bank. Since all criminal traffic was easily traced back to me, the next morning the Feds are knocking at my door, my computer equipment is seized, and I'm finding myself obligated to defend myself for a crime I didn't commit. Some will argue I have "plausible deniability". Hey, whatever, I'd much rather lock my sh*t down in the first place.
As much as I'd like to live in zeroconf utopia, I believe being wirelessly connected to a network presents additional accountability challenges most end-users aren't prepared to face, and shouldn't have to face. I entirely agree with James that makers of end-user home broadband routers have a responsibility to strongly encourage, facilitate, if not enforce some level of encryption/password protection. Here are a few possible steps I'm just throwing out there without that much thinking:
- A WiFi access point/router would by default allow unencrypted WiFi connectivity to facilitate initial set-up
- Until encryption and a password has been set-up, the router side of the device would hijack all HTTP traffic to present the user with a warning message: "YOUR DEVICE HAS NOT YET BEEN CONFIGURED. Please use the Wizard provided to you on the Welcome CD to set-it up. Or you may click here to set it up manually"
- Upon successfully configuring the router, the Wizard software would trigger the user's operating system's WiFi support to reconnect to the newly created SSID with the correct encryption scheme and pass phrase. On OS X, ensure that stuff gets stored in the keychain.
Of course none of this would really help me when I buy a hybrid WiFi/SIP/3G Phone from SK-EarthLink while hoping to roam around neighborhoods leeching open WiFi access points to make free phone calls. But these phones should come with the easy ability to create multiple WiFi profiles with support for any level of encryption.
Thursday, June 09, 2005
Wednesday, June 08, 2005
I'd like to take a couple of minutes to remind us all that Dashboard Widgets are full-blown applications that have the ability to do as much damage to your privacy, home directory or system as any other application would. Be mindful of whom you download a Dashboard Widget from, make sure you can always trace a given widget back to a website owner or company. Just because it is listed on Apple's website does NOT mean it is safe for consumption. The barrier to entry for creating a widget is low, very very low, a lot can be done with little scripting knowledge, it's very easy to package and "ship" one.
Monday, June 06, 2005
Sunday, June 05, 2005
I'm off to take Brandy out to a delicious El Torito dinner before taking to the road ... with the trusty night vision goggles, and valentine one.
Hello, I-5, i'm back, i've missed you :)
Hey Chris,I signed-up for their Q4 2005 beta release of a Mac OS X version of Meetro.
I don't know if you are extremely open to shameless self-promotion on your blog or not, but I've developed a new type of IM that might strike your readers' collective fancy. It's pretty much exclusively for wifi networks (for now), and is completely proximity/radius-based. Check it out: www.meetro.com -- I'd deeply appreciate any feedback you might have.
Shameless self-promotion is always a good thing, i'm sure the two persons who read my blog won't mind. And it does look interesting.
Meanwhile, if you've got Windows XP, I guess you're good to try out Meetro. Feel free leave your thoughts in comments.
Friday, June 03, 2005
While primarily your average Google-powered web-search interface with a customized EarthLink look and feel, you might notice a few nifty features:
- "Shopping Results" at the bottom of the page, with up to 3 tabs showing you previews of items from Shopping.com, Amazon.com and eBay, if anything relevant was found from each site.
- If you have a my.earthlink.net account, and are signed-in, you'll see a handy "Save Search" link by the search box, and an "add to favorites" link next to each search result. You can get a free my.earthlink.net account here and you'll also get to have fun with the rest of us making free SIP phone calls
- It's crazy fast. I've used it while dialed-up to my earthlink account from a GSM phone (the dsl comes with 20 hours of free dial-up/month, handy when traveling). Analog dial-up over a mobile phone pretty-much guarantees you speeds below 14.4Kbps, imagine pre-1995 web surfing.
When I'm out to find the best deal on whichever doohickey i'm buying, there are a few resources I always check out while heavily leaning on tabbed browsing in Safari or Firefox:
- Advertisers on Google Sponsored Results. It's the one time I'll happily click on those!
- Shopping.com not only helps you narrow down your searches, but also compare specific item prices from multiple vendors, read vendor and product ratings powered by epinions.com. I like their stuff very much
- Amazon.com doesn't necessarily surface the absolute best deal, but has helpful suggestions, reviews, and gives me a good idea of "what things go for" beyond retail-land
- and of course eBay
- I sometimes head over to froogle
- If I'm shopping for computer components i'll always be sure to check out pricewatch.com. I just found out today about dealram.com which could have saved me $50 on those 2gigs i just bought from outpost.com which was already a good deal.
If you like this search and wish to always keep it at your fingertips, you might consider adding this favelet to your browser's favorites toolbar:
EarthLink Web Search
Sunday, May 29, 2005
Here's the problem: Each time you come back to that site, the ActiveX alert shows-up again. "Well don't go back to that site, you big dummy!" you might tell me. Fair enough, but when the site we're talking about is being served by doubleclick.net from within an iframe embedded in a site I actually need to visit, I'm still in trouble, this alert is going to keep showing-up despite my repeatedly clicking "No, i do not want to install this piece of software!".
The fundamental problem, in my opinion lies in the spontaneous alerting mechanism: It needs to go away. It gets in the way of my browsing experience. The original idea for its implementation was to convey a clear message to users that some content might be missing from the page they're looking at because they're missing a software component. I may not care about this site, I may not even be looking at it (if it lives in an iframe), i may just be passing through on my way to somewhere else, yet my browsing is repeatedly interrupted as I'm forced to make a decision about installing a piece of software. Many end-users will notice that clicking "Yes" is the surest way to make "the annoying pop-up go away". This is bad. Most Internet Explorer users still don't grasp the potentially dire consequences of their browsing habits.
Microsoft needs to make the spontaneous pop-up go away. Once and for all. If a web page requires an additional software component to be installed on a user's machine for optimal viewing, then it should be up to the page's author to convey this message inside their web document while presenting the user with a "special link / UI widget" they could make the conscious choice to click to then offer the user the type of warning that's currently being thrown at them for simply visiting the site. The basic requirement I'm trying to define is to never interrupt the user's browsing, and make the process of installing a piece of software an opt-in step, a choice consciously made by the user. If the page's author doesn't do a good job of convincing the user to click on the "special software installation link/UI widget", it'll never get installed.
Until then, I'd love to see an industrious Windows developer come-up with an ActiveX control that downloads Firefox, installs it on the user's hard drive, imports all IE favorites, cookies and other applicable settings, sets Firefox as the default browser on the operating system, quits Internet Explorer, and reopens the web page the user was viewing into Firefox. I don't know for a fact that any of this is possible. But if it is, it would give Microsoft an added incentive to truly nail-down the end-user experience surrounding ActiveX. Until they did, their browser would keep losing market share. Checks and balances.
Update: I've more recently seen Windows XP (still not win2k though) show a pull-down notification drawer, which I think is a most definite improvement. I wonder what the behavior is with iframes? I really still wish the process of installing a piece of software on one's operating system was more the result of an opt-in process, rather than a byproduct of stumbling upon a web site. Note that I mentioned "operating system" vs "browser". Internet Explorer being an integral part of the operating system, ActiveX basically gives you access to the operating system, instead of confining developers to a browser's plug-in API.