Sunday, December 25, 2005

Merry Christmas!

Quality time with the Fam' down here. Good stuff.

8 days 'till Brandy!

Wednesday, December 14, 2005

iTunes Database Issues

The Apple Blog has an in-depth analysis of the way iTunes stores its music catalog information, and various issues encountered when handling huge music libraries. From the article: 'Each time I play a song - any song - iTunes has to write out 122MB of data.' Is it time for Apple or the developer community to come-up with a "Pro" music management tool? Or should Apple tweak things a bit to address those issues?

Monday, November 28, 2005

latest Java ant broke in Tiger?

Upon installing the latest Apple Developer Tools, if your "ant" acts up with an error complaining about a "-cp" argument, you might consider opening-up /Developer/Java/Ant/bin/ant, going to line 295 and removing -cp \"$CLASSPATH\" toward the end of the line.

Has anybody experienced a similar issue with Java J2SE 5.0 Release 3 on Mac OS X Tiger, and Xcode Tools 2.2?

Thursday, November 17, 2005

Cross Site Scripting and You

In this era buzzing of "web 2.0", "ajax" and social networks, more Internet users no-longer passively "surf" or "browse" the web, they increasingly contribute to it in online forums, portals, aggregators and blogs.

The concept of cross-site-scripting (XSS) has been around for quite a while, fun was had, holes were plugged. Yet, once a while, as i troll around some open social network, i still see a few vulnerabilities crop up here and there.

Putting XSS back on our collective radar can't hurt.

In not-too-nerdy terms, some of the sites most vulnerable to XSS are sites which allow users to contribute richly-formatted content. The concept of a "user" is also key, because a user account's integrity could get compromised by an XSS vulnerability.

For more info, the Wikipedia article has the meat. See also their related vulnerabilities at the bottom. I wonder whether the whole HTTP TRACE vulnerability was ever plugged in IE/Mozilla?

On a nerdier note, are there free/open-source libraries in various application platforms such as Java, PHP, Python, Ruby that handle various forms of HTML content parsing and harmful markup/scripting filtering? The tried-and-true Tidy by Raggett sure helps as a foundation.

Here are a few of the things I would try to look out for, when allowing any foreign markup to make its way onto my site.:

1) filter out all <script...> ... </script>
2) filter out all event handler html attributes from all html tags. Such attribute always starts with the word "on". "onmouseover". "onload". "onclick".
3) filter out all instances of the word "javascript:" in all HTML attribute values. It's otherwise possible to get funky with "javascript:" URIs.
4) i would also filter out <link .../> and <style /> tags. I've heard of a "javascript:" URI used as the value of a "background" url directive, that's just nasty. If you really want to allow CSS styling, let them do it inline with a good old "style" attribute. If they use get funky with javascript:, 3) ought to catch it.
5) to be on the safer side, and to avoid annoyances, i'd also remove all basic html document constructs such as "html" "body" "head" "title", and all complex object embedding constructs such as "object" and "embed".
6) and ensure the resulting html snippet remains clean, valid html.

... what am i leaving out?

Wednesday, November 09, 2005

Hermosa Beach Elections Results

The election results are in.

Keegan stays! Yay!
J.R. Reviczky stays! Yay!
Art Toon yields his seat to Howard Fishman.

Measure E did not pass, yay! I liked its stated goals, but a sample ballot is no place to amend a poorly drafted measure, no matter how much its proponents want to believe it is. Let's try again by specifically designating the areas the measure is supposed to protect.

Thursday, November 03, 2005

Thursday, October 27, 2005

Flickr Does Printing! Finally!

Flickr Does Printing!

This is likely already old news, but i just noticed a message on my Flickr account indicating U.S. customers can now order prints of pictures, with more countries coming soon.

This really should help them further monetize their service.

Tuesday, October 25, 2005

Protecting Documents from Google Accelerator

In light of the heated controversy surrounding Google Web Accelerator I'm toying around with a way to produce "links" that would be immune to those technologies.

The main issue is that most user-agent implementations tie a user interface paradigm, an "anchor", to an HTTP method, "GET".

Through scripting, there are quite a few ways to make an anchor tag more immune to accelerators, and automated crawlers. javascript: url as href attribute value, "#" as href attribute value, and onclick attribute submitting a form, etc.

In an attempt to explore alternatives to scripting, I've started toying around with the "button" HTML element. So far, I've found that Mac MS IE 5 doesn't appear to support it. Everything else is looking reasonably happy.

Here's what i'm looking at so-far.

It seems to work in: Opera, Gecko, Safari, Treo650/Blazer, Windows IE
It does not seem to work in: Mac MSIE5, SideKick (thanks Kevin).

Issues/Thoughts:
- Can anyone try more handheld devices?
- One might add a wee scripting to set window.status.
- Removing various CSS directives from that example gets you closer to the original "button" construct, as rendered by default by the user agent. Good to play with.
- You no-longer benefit from a browser's "default way of rendering a link".
- I need to test this with images. - done: it works :)
- Notice what the browser does when your mouse is "down": it lowers the text. Not sure how to override the initial "position" with CSS.

See also:

JAH, by Kevin Marks.

Rocket Boom is 1 Year Old

Congrats! - Celebratory Madness :).

Tuesday, October 18, 2005

On TV Tonight - KABC-TV News Channel 7 @5pm

update: 5pm: I just found the story online

Back in August, KABC-TV, channel 7 of Southern California stopped-by the house to do a brief bit on blogging.

They called me this morning, telling me they're finally airing it *TODAY 10/18/2005*. Chances are i might show-up for a whole 5 seconds :)

They're saying it should air on News that come-on at ... around ... or after 5pm. I'm never home during that time, so i really don't have a way to tape it, watch it, or see how much of a fool i made of myself, which i guess, is a good thing. heh, heh.

If you're able to TiVo or VCR it, that'd be cool.

Thursday, October 13, 2005

Call an Apple an Apple: By Ian Hickson

I recently stumbled upon this causticly insightful short piece by Ian Hickson.

I share many of his frustrations, while i've come to reluctantly embrace yet another onslaught of acronyms.

These days, the surest way to call attention to your work is to file it under "Ajax" and "Web 2.0".

While a very useful tool in our shed, the almighty XmlHttpRequest object isn't a panacea for building compelling applications. It's just a newer tool, which happens to have polarized certain developers' creativity, who in turn felt compelled to create a new buzzword that would give it a more central position.

Most buzzwords to-date have either focused on the wrong technology, or put too much emphasis on a particular technology.

Just to mess with the minds of the three people who read this blog, and see whether i can either start a trend or get flamed into oblivion, I'm hereby coining one ugly acronym:

SBIIC: Standards-Based Interactive Interface Components

"sbeeek". oh yeah baby. stop the presses on those Ajax books, we've got something hot here.

Wednesday, September 28, 2005

Damaka: Another SIP Player?

Damaka. No OS X Client! Pshah! In any case, the more players in the SIP field, the merrier!

Friday, September 23, 2005

.Mac Upgrade

I just received this from Apple:
Dear .Mac Member,.Mac membership now comes with 1 GB of combined .Mac Mail and iDisk storage. Because you purchased additional storage for this membership year, we've increased your total storage to 2 GB (and increased your monthly data transfer limit to 25 GB) for the duration of your current membership. This update has already taken place. You can use your Account Settings to take advantage of .Mac's storage flexibility and reallocate storage to best fit the way you use the service.In addition, .Mac is now available in French and German as well as in English and Japanese. You'll also find that .Mac now includes new Backup 3 software and the ability to create .Mac Groups.We value your membership and hope you enjoy these enhancements to your .Mac service.


\o/ :D

Monday, September 19, 2005

Why Phone and Cable Companies are Evil

As Philly is getting close to finally ink a deal with private businesses to develop a city-wide WiFi network to help bridge the digital divide, the phone and cable companies lobby and scare machines are in full-force. Once again, "studies" are "emerging" advising against the project:
His firm's analysis, which was funded by cable and phone companies that stand to lose customers to the Wi-Fi initiative, shows that providing Internet access wirelessly over 100 square miles would cost $31 million over five years. [ Read the Article from mcall.com ]
Of course phone companies are just a little bit scared. I can't say they didn't have it coming. Once residents start realizing that they can pay $10-$20/month for Internet connectivity and perhaps another $20-$25/month to a company such as Vonage, Lingo.com ( my favorite so-far ), or even EarthLink for Internet-powered phone service, allowing them to make unlimited calls to anybody in the U.S., while preserving their current normal phone number, suddenly, paying phone companies $20/month just to have a phone line (no voicemail, call waiting, call forwarding, or any of the stuff you get for free from VoIP providers), an extra $10-$20/month in metered long-distance charges, and $50/month for basic broadband will no-longer make that much sense.

See also: Video Prodcasting, Broadband, and You

Sunday, September 11, 2005

Place du Tertre


Place du Tertre
Originally uploaded by chrisholland.

Om Malik is Mr. 5000

Mad congrats to Om Malik for finally reaching the 5000th posts mark. He manages to juggle a very busy day job contributing insightful columns to Business 2.0 Magazine, while bringing the tech community a constant flurry of scoops and ever thoughtful commentaries.

Speaking of Business 2.0 Magazine. I recently subscribed, received my first issue, and was very impressed by the quality of its content. Subscription right now is only $10 for the whole year. With that cheap a price, I was expecting the magazine to just be a collection of ads. But it isn't!

I've also recently subscribed to the quarterly Make magazine
I've heard good things about it, and their online journal posts are always interesting. And free! I haven't yet received my first issue, but will try to report back when I do get it.

(???)Millan_Familly.getNewKid()

It's a ... MILLAN!

Ernest and Josie are so cool. :D

Friday, September 09, 2005

Vote for Om Malik!

Om Malik says:
Okay vanity takes over - Business Week is having best of the web poll and I am against some heavy hitters in the tech-sites @ Work Category. I mean up against News.com, Slashdot, Digg, and O’Reilly Radar. Not even have a prayer, but hopefully all of you can at least help me put up a decent showing. Here is the link to cast your vote.

Verizon Fiber is Here


Verizon Fiber is Here
Originally uploaded by chrisholland.

Daryll, who lives right up the street from me, is among the lucky first in my area to be eligible for Verizon FIOS. He had me plug his phone number on the VZ site, and this image shows you what they're offering.

Here's an interesting disclaimer from the fine print: "The Verizon Online version of MSN® Premium is not Macintosh® compatible".

This is pretty consistent with MSN's overall message to Mac Users: "Eat Sh*t and Die". That's because they don't know how to build applications.

Whatever. Who uses MSN anyway?

If you care about online services such as 8 email addresses, free online calling, web space, spam blocking, scam blocking, spyware blocking, ubiquitous address book synchronization all nicely packaged, on Mac and PC, 10 hours of free dial-up with dial-up accelerator (convenient when you're traveling), just buy the "EarthLink Experience" for $10/month. You'll get everything other members get. It's not advertised, but if you call'em up and ask for it, they'll know. I just switched my DSL account to it.

With the above VZ $35/month package, you're still only out $45/month.

I've seen the Verizon trucks install fiber on poles around my neighborhood, so I would expect we're not far behind.

Hotel de Ville


Hotel de Ville
Originally uploaded by chrisholland.

Place de l'Hotel de Ville. Christmas. Paris, France.

Wednesday, September 07, 2005

AWLA 2005: Team Lesser Weevils is Recruiting

My good friend Oakley is recruiting members for her Aids Walk L.A. 2005 Team:

Team Lesser Weevils

I've known Oakley for about a decade. She was one of the first life-forms i got acquainted with when i first moved here. She's a fun chick who packs 10 times more energy by herself than an entire Trojan Cheerleading Squad. Taz meets Pinky, if you will.

Here's to pain!



hermosa beach sunset


hermosa beach sunset
Originally uploaded by chrisholland.

Sunday, September 04, 2005

Coordinating Katrina Survivor Information

We've joined a team of developers and an army of volunteers to help organize and consolidate information related to hurricane survivors. David Geilhufe sent out this very useful e-mail outlining the various efforts in progress, asking to pass-on the information. So I'm doing just that. Feel free to copy/paste what's below and e-mail it to as many people as you can. update 9/12: duh, i just realized i had messed-up the links. sorry about that. fixed.

PLEASE FORWARD. Thank you.

Refugees can search 20 web sites for lost relatives and still miss their entry on the 21st web site. There is a need to combine all the refugee data from big databases like Red Cross, large posting forums like Craigslist and many other sources on the web. The Katrina PeopleFinder Project seeks to create a single repository combining as many sources of refugee data as possible from all over the web without interrupting existing momentum.

We need help for both regular people and software engineers. Everybody is critical to building a central repository of ALL the refugee records we can find on the web. The Social Source Foundation, CivicSpace Labs and Salesforce.com Foundation are coordinating hundreds of people and organizations, including Craigslist and Earthlink.

Please consider giving us just an hour of you your time to do volunteer data entry. The PeopleFinder Project is seeking volunteers in four primary areas:

(1) Creating a technology specification for easily exchanging refugee information. A volunteer effort is working to assist online databases in implementing the specification.
Volunteer here (techies): http://www.omidyar.net/group/katrinarefugee/news/1/

(2) Coordinating volunteers that are writing software that takes information from online databases and putting it into a central database provided by Salesforce.com Foundation.
Volunteer here (software engineers): http://www.omidyar.net/group/katrinarefugee/news/2/

(3) Organizing a massively parallel volunteer data entry project to enter refugee data posted to online bullitin boards into a central database by hand.
Volunteer here (regular people): http://www.omidyar.net/group/katrinarefugee/news/0/

(4) Market the Katrina PeopleFinder Project and recruit volunteers.
Volunteer here (marketing folks): http://www.omidyar.net/group/katrinarefugee/news/3/
Josh and Scott updated katrina.earthlink.net today with key building blocks for interoperability with the other sites, testing is still underway.

Additionally, I'm trying to get my hands on a Google Search Appliance, which I want to point at some or all of the Survivor Search Sites and Forums listed here. But those are typically hard to come-by.

There's a lot of very valuable unstructured information in many ad-hoc forums put-up by industrious developers. Volunteers are already working around the clock to get the information in a structured database (see above). Having a search appliance should add a very effective fall-back/catch-up layer: One "free-form" search box, with access to both structured and unstructured data.



Friday, September 02, 2005

New Orleans Mayor Interview

And right now, they don't have anything to take the edge off. And they've probably found guns. So what you're seeing is drug-starving crazy addicts, drug addicts, that are wrecking havoc. And we don't have the manpower to adequately deal with it. We can only target certain sections of the city and form a perimeter around them and hope to God that we're not overrun. [Read]
Another Interview Transcript of Mayor Nagin.

Hurricane Survivor Search Site

A few engineers here at EarthLink have gathered into a task force to quickly deploy a website, enabling disaster survivors to inform the world of their whereabouts and for their friends and relatives to find them in our database. We're also actively seeking and linking to other sites undertaking a similar effort to maximize chances for people to find one-another. The website can be found here: http://hurricane.earthlink.net/




Thursday, September 01, 2005

Katrina: Survivor and Relatives Search Sites

I'm gathering this list for a project at work. update: 09/02/2005 0:05:00 AM: it's live:

Katrina Survivor Search Site

Craigslist
NOLA.com
SurvivorRegistry.com
Patrick Connors
KatrinaHelp.info Missing/Found (via BoingBoing)
CNN Safe List

More sites listed at:
Katrina Covered at Wikipedia

If you know of more sites, or run a site of your own, by all means, list it in comments.



After the Deluge / by Rick Wilking/Reuters


After the deluge
Originally uploaded by Newsblogpicture.

Photograph by Rick Wilking/Reuters. Some amazing Katrina Hurricane Pictures are showing-up on Flickr. It must be horrible :(

Announcing Google Purge

"Book burning is just the beginning," said Google co-founder Larry Page. "This fall, we'll unveil Google Sound, which will record and index all the noise on Earth. [Read the Scoop]
I knew it!@!. Those Google Guys. So hot right now.

Wednesday, August 31, 2005

Information Overload

Dan's got a great piece outlining the information overload he faces, and what steps he takes to partly overcome it. Pearls of wisdom. This 16 year-old is more articulate than many TV anchors and professional online journalists I've seen. Watch out World. A few months back, Om Malik did a related piece on Internet Anxiety Disorder.

I fear to open my news reader. I've taken a few step backs in the past few months, and have only been sporadically checking one or two sites, such as Om Malik's or TheAppleBlog (to which I also contribute). I rely on Dan to IM me anything important I may be missing out on.

Work's been keeping my mind busy 24/7, while Brandy and I try to stay away from the computers on weekends to catch-up on our sunburns at the beach. The water was fantastic last Sunday. I had a good time boogie-boarding while Brandy was snuggled-away in the shadow of her umbrella.

my southpark character


my southpark character
Originally uploaded by chrisholland.

Meet "frenchy".

More on Steve Jobs vs Music Industry

Gareth Potter wrote a fantastic analysis of the current challenges facing both Apple and the Music Industry as those contracts for the iTunes Music Store are coming-up for renewal. Some interesting comments from readers are also rolling-in.

Microsoft Unleashes EarthLink ScamBlocker Copycat, Claims First

Microsoft Unleashes EarthLink ScamBlocker Copycat, Claims First

I covered ScamBlocker last year. It's quite cool. It's no replacement for constant vigilance, but it most certainly helps.

Tuesday, August 30, 2005

Jump!


Jump!
Originally uploaded by chrisholland.

Merry sea lions.

Commoditizing Voice Communications

Om Malik is portraying the steadily increasing reach of Voice Communications through Instant Messaging Clients, as one of many ominous signs further spelling out significant upcoming challenges for many traditional voice revenue models:
Over a longer term, what this trend of constant commoditization of voice, will manifest itself in a whole new meaning of “voice.
Many surmise this trend will globalize itself far beyond the desktop PC once friendlier handheld IP-enabled devices hit U.S. consumer markets, as they already have in many countries such as South Korea. Could we see a major comeback of "thin clients" in the U.S., much to the dismay of Microsoft's thick desktop-bound cash-cows? Could the computing powerhouse PC of today simply be a very temporary, albeit powerful and convenient testbed for IP communications and messaging? Malik and Microsoft Geek Robert Scoble duked it out.

Thursday, August 25, 2005

'Gul Whisperer


'Gul Whisperer
Originally uploaded by chrisholland.

i was eating a sandwich on this mound of sand by the pier, with a strong wind coming from the ocean. 'Gulls had been eyeing the food for quite some time. This mofo was gliding right next to me, so i slowly turned over, raised my right hand with the camera, and snapped the pic in its face.

Tuesday, August 23, 2005

Skimmer Kid, Hermosa Beach, CA

Wednesday, August 17, 2005

2GB of Powerbook RAM for $252 ?!

James was looking for RAM chips for his Powerbook, and stumbled upon this deal from Omni for a 1GB Powerbook RAM chip for $125.99 (same RAM chip for most PC Notebooks too) via dealram.com. That's the price i'm seeing as of this writing. They don't appear to be charging tax, and they're offering free standard USPS shipping.

Tuesday, August 16, 2005

Microsoft: "Mobilizing Our Two War Rooms"

The director of Microsoft's security response center, Debbie Fry Wilson, said the computer giant was in an "emergency response" mode. "Right now, we're mobilizing our two war rooms," she told CNN.
Read more of this riveting tale.

Here's the dirt on this latest virus, named Zotob. Wikipedia has also initiated coverage of the Zotob worm.

It apparently does a buffer overflow exploit on Windows 2000 machines running the LSASS on TCP port 445, just like the Sasser worm did before it. Why this service is running on a default installation of Windows 2000 is beyond me.

I've said it many times before and i'll say it many times again. Operating system vendors need to distinguish between "Client" and "Server" distributions of their operating system. The vast majority of end-users, even advanced users, do not need, on a default installation, to be running any service listening on any port.

Apple has grokked this very simple philosophy a long time ago. This is why you have Mac OS X Server for people in the business of running servers. And Mac OS X Client, for the rest of us. Both are equally advanced versions of the same operating system, they're simply configured differently for different purposes.

Thursday, August 11, 2005

P2P Legitimized: BitTorrent Ready for VC Love

Once tainted by some of the more nefarious P2P stigmas, it would appear PHBs out there are slowly coming to the realization that BitTorrent, while it enables end-users on disparate networks to poll their bandwidth to facilitate transfer of files, isn't at all designed to be an illegal file sharing system. Big players of various industries are starting to embrace it as a significant cost-saving platform, and many are starting to court the little startup with funding. Om Malik shares interesting insights into this evolution from an interview of Ashwin Navin, an early investor in BitTorrent.

Don Berryman Talks about Muni WiFi

an interesting bit, covers more than just WiFi.

Tuesday, August 09, 2005

DTV: Internet TV!

DTV launches on the Mac, Windows coming soon:
DTV is a new, free and open-source platform for internet television and video. An intuitive interface lets users subscribe to channels, watch video, and build a video library. Our publishing software lets you broadcast full-screen video to thousands of people at virtually no cost. The project is non-profit, free and open source, and built on open standards. A Windows version of DTV and a full website are well underway and will arrive in the next several weeks.

Wednesday, August 03, 2005

Rick Romero from KABC-TV Stopped-By

Rick Romero from KABC-TV, our local Channel 7, came to the house to do an interview on blogging. We created an example blog for KABC-TV. No word on an air date just yet. Could be tonight, tomorrow, in a year, or never. They said they'd give me a heads-up. If you have some TiVo space to spare, you might consider adding their various news time slots and keep'em for only a day or two. Or not :D

AVP Weekend Fun

AVP Girls
AVP Girls,
originally uploaded by chrisholland.
The July 23rd weekend was quite fun. Tom and Laura came down to visit us with their friend from England. Brandy took them to the beach while I stalked most of the AVP games.

Hermosa Beach was crawling with people.

Both the Men's Final on Saturday and the Women's Final on Sunday were broadcast on NBC. The stands were packed and long lines were formed to get in, as the event was free.

On Saturday, after waiting in line, I managed to get in for the Men's final just at the right time to enjoy most of the 3 games. It was a close call I did not want to repeat for the Women's final on Sunday. So i bought a "Beach Club" pass, which gave me access to the sand, right below the stage. I'll be saving-up to do the same next year.

It was very impressive to watch the Women wield such grace and power in their play. Their serves were very powerful, more powerful than most Men's games I saw, where the ball was mostly lobed over the net.

I managed to videotape the Women's final on Sunday, I've yet to import it and put it up on Google Video. I got sunburned on the face pretty badly in the process. During the lunch break, the AVP Girls were kind enough to pose for this picture. They had some very impressive choreographed bits.

On Sunday Tom and I took our Tmaxxes out for a spin at the park. We had to change our glow plugs. I busted the front bumper last weekend. Poor car. I'll be buying more parts soon.

Blog Systems Overview

I personally believe that the best way to introduce someone to blogging is to point them to blogger.com. Nothing out there tops their very welcoming 3-step approach to setting-up a blog. It is the first blog system I signed-up with and the one I continue to find the most appealing.

Derek has a very-nice breakdown of the various blogging systems out there.

Beyond blogging, there's also Social Networking. A few sites such as Friendster and Orkut have entered this field a couple of years ago. LiveJournal, primarily a blog system, also has a notion of "friends" and social networking which blogger.com lacks. Now Yahoo and MSN are looking to blend these concepts and more with burgeoning all-inclusive content sharing portals: Yahoo 360 and MSN Spaces. Those systems make it easier to establish connections around common interests and develop new interests around social connections. For technical and security reasons, those social networks will never allow you to customize look, feel, functionality of your online journal content, to the extent that pure blogging systems do. Which is partly why I still favor blogger.com over most alternatives out there.

The king of Picture Sharing remains Flickr.com, which integrates very nicely with many of the blog systems out there.

Tuesday, August 02, 2005

Address Book.app, SIP and vCard

Here's a sample vCard:
BEGIN:VCARD
VERSION:3.0
ENCODING:UTF-8
PROFILE:VCARD
ORG:Some Organization
FN:Chris Holland
N:Holland;Chris;;;;
GEO:33864309;-118395511
X-SIP:hollandct@earthlink.net
URL:sip\:hollandct@earthlink.net
EMAIL;INTERNET:hollandct@earthlink.net
URL:http\://chrisholland.blogspot.com/
ADR:;;123 Some St.;Hermosa Beach;CA;90260;
TEL;type=WORK:123 456 7890
END:VCARD
The vCard RFC doesn't define a field for a SIP address.

However, most developers are agreeing on a URL representation of a SIP address, using the "sip:" protocol, the same way an e-mail address might be represented as a URL using the "mailto:" protocol.

I'm currently looking to specify a SIP address in a vCard payload using two fields:

1) a custom X-SIP field.
2) a URL field whose value contains a SIP URL.

The problem I'm running into is that in Mac OS X, Address Book.app appears to treat all URLs as HTTP URLs. Even though the field might display sip:hollandct@earthlink.net, clicking on the blue link will trigger the browser to open: http://hollandct@earthlink.net.

Gizmo Project.app registers in Mac OS X as a handler for the sip: protocol.

I was wondering whether somebody out there might point me to better ways to represent a SIP address in a vCard entry and/or ways to get around these limitations in Mac OS X.

Wednesday, July 27, 2005

The Law Firm Premiere: Watch Kelly

My friend Christa just sent this in:
Hi Friends!

Just wanted to invite you all to watch the premiere of
a new reality TV show called The Law Firm.

Why you might ask? Well, my friend Kelly is one of
the lawyers on the show. Here is a link to the
website:

http://www.nbc.com/The_Law_Firm/bios/kelly/

The first show is tomorrow nite, Thurs 7/28 at 9 PM on
NBC.

Hope you can tune in!
Christa


*looks at Oakley* ... GO BRUINS !@!@ BAHAHAHA.

Sunday, July 24, 2005

What?!

What?!
What?!,
originally uploaded by chrisholland.

Saturday, July 23, 2005

AVP 2005 Hermosa Beach Open Pics

I'm slowly but surely adding more AVP 2005 Hermosa Beach Open pics ... The Flickr tags are acting weird so this link might not be showing everything. Just go to the the main photostream to see more. I just bought one of the last 3 "beach club" tickets for tomorrow's Women events: They'll start at 10am, the final game for Women will be at 1:30pm. I attended the Men's final today and took some pics. I'm hoping to capture the Women's final on Video.

Thursday, July 21, 2005

SoCal Energy Alerts

This just in:

ISO declared Southern CA Region STAGE 2 Electrical Emergency for
07/21/2005 14:32 through 07/21/2005 23:59

The information in this email distributed by the Governor's Office of Emergency Services from the California Independent System Operator. Although every effort is made to ensure the accuracy of this email, mistakes can occur. The State of California neither warrants the accuracy of the information, nor the timeliness of delivery. If the information you need is sensitive or urgent, please check the web site or other sources directly.

If you no longer want to receive notifications from My California, please update your profile at www.ca.gov. Please do not reply to this message.

Lame.

AVP in Hermosa Beach

In case you didn't already know, the AVP will be passing through Hermosa Beach this Thursday through Sunday.

I'll try and snap some good pictures with the old Sony DSC-P50 and videos with the PV-GS120. Pictures will likely go to Flickr. Videos will likely go to google video.

My goal is to eventually park my car street-side and not go anywhere all week-end.

Rumors are ... TriZilla and CheyZilla will be joining the festivities!

Wednesday, July 20, 2005

DBT-120 Bluetooth Firmware Updater

If you just bought a D-Link DBT-120 Bluetooth USB adapter for your Mac, intending to pair it with a bluetooth headset, you might have run into an unpleasant surprise when launching the "Setup a Bluetooth Device ..." Utility in the form of the following message:
Headsets are not supported on your bluetooth hardware dbt 120
Fear not! Just apply the Mac OS X Bluetooth Firmware updater 1.2. Then relaunch the bluetooth setup assistant. You'll notice that "headset" is now an option. It wasn't prior to the update.

I'm on my merry way to test out Brandy's new hs810

Saturday, July 16, 2005

Meet PhoneGnome

This is frickin' beautiful. The ultimate traditional long-distance-carrier killer? (Sprint, AT&T, etc.)

As always, Om Malik gets the scoop: EarthLink co-founder David Beckemeyer has just released his very own masterpiece: PhoneGnome.

You might remember my lamenting on the lack of competition among long-distance phone service providers ($2 per month PLUS 7 cents per minute??? F-THAT), where this service is the one tied to your phone line. There is a myriad of "calling card services" that offer very competitive national and international rates, but those, until now, required calling a 1 800 number, punching-in an account ID, and PIN. If you're lucky to have a smart mobile phone you could program that in. But cell phone reception is often spotty in many homes.

Jump forward to the advent of the SIP protocol, and calling card companies who offer SIP interfaces to their services, such as iconnecthere.com, which i covered in this article. The key was to make it easy to "call long-distance from home". The article was outlining steps to use your computer with free software to do that. I do again wish to emphasize the cool-factor of using a hands-free headset to converse.

Forget about owning a computer and running software. How about an all-in-one device that does it all for you, into which you can plug your existing phone. Though I do not yet own one, i believe this is what PhoneGnome aims to achieve: As a U.S. residential phone customer, it is already granted that you can make unlimited phone calls to "local numbers" as part of your monthly phone fee. Many people (i'm one of them) are uncomfortable disabling phone service altogether as phone service will always still work during power outages, and 911 is still more effective and reliable. PhoneGnome will pass all local calls through to your normal phone line. You'll also keep receiving calls to your normal phone number, the same way you use to.

Now, when you dial a long-distance number, PhoneGnome will send the call through your broadband connectivity to one of a myriad of potential long distance service providers you may have configured, at rates that are truly competitive, i'm talking 5 cents a minute to talk to my GrandMa in Paris, 2 cents a minute to talk to Brandy's parents in Texas, with no monthly fees. I'm willing to bet, i'd be able to configure my iconnecthere.com account into PhoneGnome, the same way i configured it into my SIP client.

It's kind-of a bummer i'm only reading about PhoneGnome tonight, after I've already ordered an extra hs810 for Brandy's iBook. Then again, it will still give her the hands-free freedom to make calls. She can take her laptop anywhere about the house, upstairs or downstairs. The PhoneGnome kinda needs to be tied to one phone jack, and one LAN port. But it'd be much nicer to allow house guests to make long distance calls, rather than handing them a computer and a headset.

Uhm. I'd say the days of traditional long-distance carriers are numbered. And more specifically, the days of recurring monthly fees to make long-distance calls are numbered.

Friday, July 15, 2005

Using SIP: A Few Reasons

Below is a recap of a few journal entries outlining a few reasons why i believe one might be compelled to make use of SIP:

1) A layman's introduction to SIP
2) Interoperability
3) Gizmo is cool
4) Phone 2.0

The fourth one "Phone 2.0" shows how I'm able to use the same account to place calling card calls over a traditional 1 800 number programmed into my cell phone, on-top of using my computer to make calls through the exact same account, over SIP this time. In neither case, do i ever have to type-in my calling-card information: On the cell phone, it's programmed-in, it sends the tones for me. On the computer, it's baked-in the SIP authentication credentials.

Here's a little bit of Math:

- my Sprint "Simple 7" long distance service costs me $2/month and calls cost me 7 cents per minute anytime. I still can't call France using this long distance service, without paying out my ears.

- iconnecthere.com lets me make calls for 3 cents a minute anywhere in the U.S., anytime, with no recurring fees. Calling France is about 6 cents a minute.

- Gizmo Project lets me make calls for under 2 cents a minute anywhere in the U.S., anytime, with no recurring fees. Calling France is about 5 cents a minute.

The only reason why I stuck with long distance service until now was because of the past inconvenience of using cheaper services. Now that i call through the computer for cheaper and more conveniently, Sprint is about to go bye-bye, as soon as the dbt-120 and the hs810 arrive here for Brandy's iBook.

So recap, to reach cheap communications Nirvana, i'm looking for:

1) a good global traditional calling card account, that lets me use worldwide toll-free numbers to make calls, through traditional phone.
2) the same account needs to be tied to a SIP interface, so i can leverage it to make calls from any SIP-enabled computer, or device. Such "device" might for example be a hybrid SIP/GSM/3G phone, an ATA, an asterisk box.
3) the same account would ideally also provide me with an easy-to-remember/use SIP address: username@someprovider.com so people may call me for free.
4) the same account would allow me to purchase a phone number in the area code I want, which i might advertise as my "mobile" or "global" phone number. This number would be tied to the incoming SIP interface defined in 3).

that'd all be a pretty good start. What i have so far is pretty good. In all cases you've gotta distinguish services that have recurring costs associated with them, such as Vonage, and services that let you "pay as you go" by putting money into an account, where "per minute rates" make more sense to me, as they really reflect what I'm paying.

Thursday, July 14, 2005

Last Few Weeks Fun

Beyond doing and writing about my typical share of nerdy stuff, i've actually been up to some not-too-nerdy-things in the last few weeks:

- I planted nails in wood! Watched Brandy paint wood. Brandy redid the backyard very nicely!

- Brandy's Brother's came over with his Fiancee and his 2 boys! We grilled meat!

- I hosted a Bachelor Party. Ate meat.

- Got sunburned. tanned. ran 5 miles.

- Ate more meat. I rode a bull. Did silly drunk things. Climbed on my roof to watch invisible fireworks (sober! that was another day). Played with TMaxx. Broke TMaxx. Repaired TMaxx.

- had birthday fun at Lindy Groove.

- tanned some more. ran 5 miles.

How Flickr Was Built

They like PHP. mostly. cool.

Happy Bastille Day!

About 215 years ago today, it kinda sucked to be a French King.

Allons enfants de la patrieeeeeeuuuhh
le jour de gloire est arrive' ....
contre nous de la tyrannie ....
l'etandard sanglant est leve' (bis) ...

... and all that ...

Heh. I remember 1989 and the crazy sh1t Jean-Paul Goude had put together.

Mad shouts to Oakz :D

Wednesday, July 13, 2005

Firefox 1.0.5 Released - Important Security Fixes

Firefox 1.0.5 is out for all platforms.

Release notes for version 1.0.5 indicate stability improvements and important security fixes.

If you wish to promote Firefox in a somewhat creative, rebellious way, you might consider this.

Ma Bell's Internet

David Beckemeyer, in answer to Jeff Pulver's Call to Arms to protect the Internet's openness and interoperability, recalls the dark ages of AT&T-owned phone system and devices, and draws interesting analogies to plans seemingly developed by telco and cable companies.

Monday, July 11, 2005

Out with the WICK

... in with something people will actually look forward to work with.

i had the sneaking feeling it was a matter of time before the real skill would come out of the woodwork to throw me in the deepest pits of irrelevance :)

Blingo Invite


Join Blingo Friends with Me

Blingo is a new search engine that gives away prizes every day
like Sony PlayStation Portables, Apple iPods, Visa gift cards,
a year of free movies at Blockbuster Online, and more.

By joining Blingo Friends you can invite your friends to use
Blingo, and when one of them wins a prize you win the same prize.
That means if one of your friends wins an iPod, you win one too.

Your Blingo Invite.

Thanks,
Chris Holland and Blingo

Thursday, July 07, 2005

Don't Click on the Blue E - Slashdot Book Review

Firefox is good for you. The Blue E is bad for you. As always, if you see it on slashdot, you know it's true.

... despite the fact that the team behind the blue E did invent XmlHttpRequest. Then again, nobody's arguing the Blue E is bad for "Ajax developers".

So my point is ... err ... i actually don't have a point. Sensical ranting is highly overrated anyway.

Crazy Idea for C and Java Gurus

update: An anonymous reader points me to Apache James and ApacheDS. Very cool!




I've been mulling this idea in my head for quite a few years now, and i'm pretty sure there are a bazillion people out there who've been mulling over the same idea for far longer, and likely have implemented it in many places, but since i'm too lazy/busy to google for it, i figured i'd just ask here, so people can educate me.

Many Unix daemons that run Internet services such as named/bind, smtpd/sendmail, etc, have for years been implemented and run in C. It makes sense, C is very fast, native to Unix and Linux. Many security issues over the years have been found and, thanks to the open-source process, plugged very fast. Some of those security issues have typically been "remote buffer overflow" exploits, allowing malicious attackers to gain access to those servers and compromise them at very low levels, often undetected.

Flash forward to Java and its virtual machine. Would it be conceivably decent to build Java implementations of most popular Unix daemons out there? I'm not looking to start a whole "Java is slower than C" flamewar here. I'm merely considering the fact that if a service runs from the Java Virtual Machine ... the worst that could be done against said service, might be crash the Virtual Machine it runs from, leaving the host machine un-compromised. There's a Java VM for just about anything that has a CPU out there, so deployment should be fairly trivial. Apache Tomcat is a successful example, used on many production systems to serve HTTP requests. So that covers your typical port 80. What about SMTP/25? POP/110? Hell, let's be crazy here, SMBD/135-139's been cracked *MANY* times.

While I understand such Java implementations would not be the kind of thing people would jump on to deploy on production systems, they might make for interesting "science projects"/case studies for industrious developers, and would help further test the limits of Java.

While the use of GCC on your platform of choice makes most daemons implemented in C pretty darned cross-platform, Java would obviously push this portability even further ... use the same .jar file ... maybe hack some cross-platform happiness into startup scripts (a-la tomcat.sh), bickity-bam you're done? Things might get hairy when a daemon needs to access OS-specific features, such as local User information/permissions, likely making it harder to implement simple "drop-in" replacements, and instead requiring some re-architecture of host systems such as moving to LDAP-based user management, etc ... which might be a serious deterrent Eeek.

I'll try and scour sourceforge for such projects. If I'm simply crazy/clueless, please do say so in comments >:D

Wikipedia: London Explosions

Wikipedia is doing a fine job of covering this most tragic event.

Joi Ito Coverage

Tuesday, July 05, 2005

Municipal Networks, the Great Equalizer

Joi Ito's post on Municipal WiFi Networks brings-up good points about benefits they can bring to many communities.

I totally believe Hermosa Beach is one such community. We've got no debt. We've got the money, the means, motivation from constituents. For reasons that are beyond me, two council members have kept this project at a deadlock since its original roll-out a year-ago. For an investment totalling under $200,000 since the project's inception, we could have had near-ubiquitous WiFi-powered broadband, with ongoing costs entirely subsidized by unobtrusive advertisement from local businesses, keeping usage free to end-users, with plenty of opportunities to further monetize the system by selling power-features to end-users such as routable static IP addresses. The plans we had in place were backing our Internet link by a fiber backbone, allowing the city to keep buying more DS3 circuits as usage would increase. The city has a roughly 2-mile radius, with about 10,000 Homes and 19,000 residents.

To put things in perspective, we're about to complete a very nice "Pier Renovation Project" that has cost the city upward of $6 Million.

Are we screwing the pooch? I believe we are. Eric Black, from LA Unplugged, had scored us a bid for roughly $100,000 worth of free WiFi equipment, we missed the offer window, now if look to do this again, the project will go from $146,000 to $246,000. Still a steal, all things considered.

Gizmo Project Wishlist

The Gizmo Project is actually quite cool

Friday, July 01, 2005

Gizmo Project: Free Calls with SIP

updates:
See also A Brief Introduction to SIP.
See also Gizmo Project Wish List.


Dan just pointed me to the Gizmo Project, yet another player in the SIP field of Voice Communications over the open SIP protocol I keep raving-on about.

Other major players have also been:

Pulver.com Free World Dial-Up: a long-time pioneer in the field.
SIPphone.com: actually powers the Gizmo Project, has been around for a while too.
EarthLink Free Online Calling (which i use): launched in late 2004, opened for free to everybody 2 months ago.

The Gizmo Project appears to be a re-branding of SIPphone.com's original offering, with possibly the most polished SIP Software for Mac OS X around.

While the Gizmo project ostensibly advertises that Gizmo users can chat for free with other Gizmo users to encourage people to sign-up for their service, since it's built on the SIP protocol, the first thing I did was to plug my EarthLink SIP address into the input field: sip:hollandct@earthlink.net. It worked! The key here is that with true SIP providers, any SIP user can talk to any other SIP user by simply using the person's full SIP address:

sip:some_username@some_provider.com.

After some digging around, I found out that any SIP user can call a Gizmo Project user as such:

sip:their_gizmo_username@proxy01.sipphone.com (in my case, sip:chrisholland@proxy01.sipphone.com)
or
sip:their_gizmo_number@proxy01.sipphone.com (in my case, sip:17476036164@proxy01.sipphone.com)

Conversely, any SIP user can all any EarthLink Free Online Calling user as such:

sip:their_earthlink_username@earthlink.net (in my case, sip:hollandct@earthlink.net)
or
sip:their_earthlink_sip_number@earthlink.net (in my case, sip:5247460@earthlink.net)

It's kinda wild: I've got SJPhone, a plain SIP software configured for EarthLink SIP and the Gizmo Project SIP software, running at the same time on Mac OS X. Both of them are configured to use my Motorola HS810 headset for sound input/output. And I'm able to ... call ... myself ... hah hah.

Aren't interoperability and open standards loads of fun? I'm having fun! Are YOU having fun?

29 years

here's to another year elapsed since reluctantly crawling out of the womb.

If anybody out there cares to make my day, they'll give me a ring at sip:hollandct@earthlink.net after 2pm pacific time and/or leave a message if i'm not picking-up, to say "happy birthday". If you don't already have SIP running on your computer, you could follow these instructions. If you wish to learn some mostly-non-nerdy basics about SIP, you might consider this article.

SIP is cool. It's open. It's free. It works. It's also now usable. If you have a computer with some kind of microphone, some headphones laying around to avoid feedback loops, broadband connectivity, you're good to go, right now, you can send and receive calls from anybody, to anybody.

Skype is fun, and likely the most user-friendly way to make free online calls, but it's a closed platform, a closed protocol. Skype is to real-time communications what Compuserve was to messaging in the early 90's: a closed ecosystem. Consumers need to get excited about SIP to encourage developers to build better SIP software and infrastructures.

I'm working on Mom and Dad right now.

Wednesday, June 29, 2005

Rico LiveGrid

Bill Scott is introducing us to the Rico project and its LiveGrid component. Leverages AJaX. Amazing stuff. ... ok so Safari support isn't quite there yet. Still cool concepts.

Oh and check this out. The right column.

BIG THANKS TO DARYLL FOR SHOWING ME THIS ;] !

Yahoo Introduces My Web 2.0

Beyond the flurry of news coverage surrounding Yahoo's newest toy, I'm finding Jeremy Zawodny's introduction to My Web 2.0 to be the most effective:
Well, everyone I know is an expert... in something. If I have questions about electronics or radios, I'd ask my Dad. He's always looking at that stuff on-line. Astronomy and Astrophotography? My Uncle. Construction and remodeling? My brother in law. Real estate? A couple of my old college friends. The list goes on.

The point is that for most topics I might want to know more about, I already know someone that's smarter than me on the subject. I have my very own community of experts (we all do). I just need a way to tap into their accumulated experience. Read More
Some readers are pointing out that My Web 2.0 possesses features similar to what del.icio.us has for years offered to the rest of us. But I'd say Yahoo pushes things further by adding a dimension of private networks, and enhancing your casual web searches by giving a higher priority to sites that may have already been noticed by people who belong to your private social network. I think it's fantastic.

Google has for many years lacked a key feature: the concept of a user. Until GMail came out and more recently, iGoogle, there was no such thing as a "Google User", part of a larger community of web surfers. Google's "Page Rank" algorithm doesn't currently have a way to take advantage of social networks. Yahoo introduced "My Rank".

There is a limited Beta registration period. To check it out, go here.

Tuesday, June 28, 2005

Atlas: Microsoft Goes After Ruby on Rails

So. On one hand, you can "wait" for Microsoft to release their "Atlas Product" whose roadmap appears to be what Ruby on Rails delivers today.

Or you can start right-away building richer web applications with free and open-source frameworks maintained by communities of developers such as Ruby on Rails and the Prototype JS library.

The article about Microsoft Atlas mentions they'll be offering a text completion widget. Not that I'm pretentious enough to even dream of Microsoft including my hard work into their framework, but I'm wondering whether I should move it from a BSD License to a GPL License. Right now, the code isn't even close to be as clean or elegant as it should be, but as I strive to meet standards put forth by the Prototype JS Library, so the framework becomes more maintainable and extendable, i wouldn't be surprised to see entities sell their own frameworks built on-top of WICK, without contributing anything back to the project.

What do you guys think?

The following quotes from the Atlas roadmap are worrying me:
With Atlas, we plan on providing programmable access to a local store/cache, so that applications can locally cache data easily, efficiently and securely.
As far as i know, and i may be wrong, this type of caching mechanism isn't yet available in any browser code base but Windows IE. I believe they're referring to the "Internet Explorer userData cache". I've used it back in 1999 in experimental projects, and it came-in handy at times, but use cases for this feature are limited. It worries me because I can see many developers who currently think of AJAX as this cool cross-platform way of doing things, seeing Atlas as an AJAX framework, and start abusing features such as this one for which there are no standards, and will bring us right back to the dark ages of a broken web.

my.earthlink.net: RSS View

Taking a minute to send props to a couple of my peers who've delivered a very cool feature that just went live about an hour ago. If you sign-in to my.earthlink.net (free registration) in Safari 2.0 (Tiger), Firefox, or any RSS-enabled user agent, you'll notice the presence of an RSS feed. In Safari, it's the blue RSS icon in the address bar. In Firefox, it's the little orange broadcast icon at the bottom-right-hand corner of your browser window.

It's a more efficient and elegant way to quickly access time-sensitive data throughout the day.

Yahoo, are you trembling, yet? :)

Best Movies Ever

Movies I've either watched or am planning to watch:

Alien Intruder [IMDB]
Howling II: Your Sister Is a Werewolf [IMDB]
Lair of the White Worm [IMDB]
'Manos' the Hands of Fate [IMDB]

Tuesday, June 21, 2005

Fun at eBay Developer Conference

update: Award Coverage at eBay's blog

EarthLink won one of the Star Developer Awards given to a handful of eBay developers under various categories. We were in the Affiliates Program category and James and I got to go up on stage to accept the award for our teams amidst very good company, such as Andale and Yahoo Small Business. We shook the hands of Paypal and eBay executives, including eBay CEO Meg Whitman.

If you're ever curious to see some of the things we do with eBay, consider heading over to My EarthLink, register for a free account if you don't already have one, and take a peek at the "My eBay" feature. This uses the eBay XML API. It's likely one of the sexiest insanely usable tiny auction tracking tools out there. I'm just sayin' :)

You might also take a look at our Google Search: the bottom of the page features "shopping results" for terms users search for, which are partly powered by eBay. This feature uses the eBay REST API, which eBay launched in late 2004.

For the first time in 10 years, the portal is open to everyone. By the same process, you get to reserve for free your very own username@earthlink.net EarthLink Identity, which instantly gives you a SIP address to send and receive online calls.

Shouts out to the mpire.com guys. We chatted with them a bit at the conference, they've built a comprehensive online tool for eBay sellers to manage all aspects of their eBay business. Their stuff sounded very cool.

uhmmmkay. enough plugging ... for the next couple of posts at least. really!

Saturday, June 18, 2005

Good High School Macs Going to Waste?

My friend Dan Lurie is helping out his high school with IT stuff over the summer and is informing us that per school district policy, they must trash 300 perfectly usable Macs scheduled to be replaced with newer hardware.

... is there really no one out there who could use these machines?

Tuesday, June 14, 2005

QUAKE IN CALI. CRAP

they're saying: "it can't hurt to get to high ground".

More info.

Updated: Warning Canceled: 04:09 UTC
TO - TSUNAMI WARNING SYSTEM PARTICIPANTS IN ALASKA/BRITISH COLUMBIA/WASHINGTON/OREGON/CALIFORNIA
FROM - WEST COAST AND ALASKA TSUNAMI WARNING CENTER/NOAA/NWS
SUBJECT - TSUNAMI WARNING BULLETIN - FINAL
BULLETIN NUMBER 2
ISSUED 06/15/2005 AT 0409 UTC

...THE TSUNAMI WARNING AND WATCH STATUS IS CANCELED FOR CALIFORNIA - OREGON - WASHINGTON - BRITISH COLUMBIA - AND ALASKA...

Monday, June 13, 2005

Drug Commercials are Icky

I guess it's that time of the night where drug companies throw their commercials at their target audience. I'm especially fond of prescription dug commercials:

After an upbeat introduction showing us how drug [X] will get rid of all that ails us, the obligatory disclaimers arrive:

"Ask your doctor about drug ... [X]"

And then "the voice" starts outlining in a most charming tone all its frightening side-effects. To further soften the blow, they'll show images of happy people going about their lives. Ugh. It's nasty stuff.

Google Video Has Mac Uploader. Linux Too.

OH THAT IS SO SWEET, I just went back to Google Video, and they now offer Linux and Mac OS X Uploaders.

Will report back on this if i get some time to try it out, which isn't likely in the foreseeable future. HEH :)

Nokia to use WebKit!

Nokia loves WebKit. WebKit loves Nokia.

Saturday, June 11, 2005

On Smart Cars

It's funny to see how many car makers have commercials touting the fact that a given model was hailed as "the best in its class", and go-on proclaiming: "So what did we do? we completely redid it and made it better! more [blah blah blah] ...". One accolade they love to throw in the mix is "Smarter".

Smarter? Last I checked, a car still goes where I tell it to go, let's keep it that way and not go crazy with "smart".

Imagine me driving to the theater, looking forward to a yet another fine Jerry Bruckheimer summer blockbuster and pigging out on hot dogs, when my Smart Car, upon sizing me up, suddenly intervenes to drag my lazy ass to the nearest Bally Total Fitness ... "No hot dogs for you!".

Keep cars dumb!

I wouldn't mind a flying car though.

WiFi Security

James McMurry is reminding us of many security issues at hand with WiFi while giving us an interesting overview of some research being done in this field.

While I can live with an open network infrastructure that doesn't require passwords or encryption, encouraging its users to use secure protocols and encryption at the application layer, such methods still don't address issues of open user-run WiFi access points, and the dangerous liability they may represent.

If I access a WiFi network that is owned and operated by the city I live in, or some other private entity, it then becomes clear that any mischief perpetrated by some other user of this infrastructure is not my responsibility, there is clearly no reason for feds to come knocking at my door, because hey, it's not my network. Feds will be knocking at somebody else's door.

Now, I have a DSL connection, all traffic that goes through it is clearly traceable directly back to me. For convenience, I decide to open a WiFi hotspot that's linked to my DSL connectivity. Because I'm lazy, I don't bother locking it down with WEP or WPA. An online thief drives by my house, picks-up my signal, uses my connectivity to "get online" and hack a bank. Since all criminal traffic was easily traced back to me, the next morning the Feds are knocking at my door, my computer equipment is seized, and I'm finding myself obligated to defend myself for a crime I didn't commit. Some will argue I have "plausible deniability". Hey, whatever, I'd much rather lock my sh*t down in the first place.

As much as I'd like to live in zeroconf utopia, I believe being wirelessly connected to a network presents additional accountability challenges most end-users aren't prepared to face, and shouldn't have to face. I entirely agree with James that makers of end-user home broadband routers have a responsibility to strongly encourage, facilitate, if not enforce some level of encryption/password protection. Here are a few possible steps I'm just throwing out there without that much thinking:

- A WiFi access point/router would by default allow unencrypted WiFi connectivity to facilitate initial set-up
- Until encryption and a password has been set-up, the router side of the device would hijack all HTTP traffic to present the user with a warning message: "YOUR DEVICE HAS NOT YET BEEN CONFIGURED. Please use the Wizard provided to you on the Welcome CD to set-it up. Or you may click here to set it up manually"
- Upon successfully configuring the router, the Wizard software would trigger the user's operating system's WiFi support to reconnect to the newly created SSID with the correct encryption scheme and pass phrase. On OS X, ensure that stuff gets stored in the keychain.

Of course none of this would really help me when I buy a hybrid WiFi/SIP/3G Phone from SK-EarthLink while hoping to roam around neighborhoods leeching open WiFi access points to make free phone calls. But these phones should come with the easy ability to create multiple WiFi profiles with support for any level of encryption.

Wednesday, June 08, 2005

Tiger Dashboard Widgets: Cookies

So today I learned at WWDC that a Dashboard widget sending an XmlHttpRequest to a host/path will send applicable cookies that may have been previously set in Safari-land. In essence, you're looking at one big cookie space. However, I was told there's a bug in Widget-land, whereby if a Set-Cookie HTTP header is sent in a response to an HTTP request made by a dashboard widget, it's currently ignored and not being added to the big cookie space. I'll be inquiring more about all this in more in-depth sessions coming-up.

I'd like to take a couple of minutes to remind us all that Dashboard Widgets are full-blown applications that have the ability to do as much damage to your privacy, home directory or system as any other application would. Be mindful of whom you download a Dashboard Widget from, make sure you can always trace a given widget back to a website owner or company. Just because it is listed on Apple's website does NOT mean it is safe for consumption. The barrier to entry for creating a widget is low, very very low, a lot can be done with little scripting knowledge, it's very easy to package and "ship" one.

Hung Phat

Hung Phat, San Francisco, somewhere between California and Market.

Monday, June 06, 2005

Hello From Holiday Inn SFO

I've arrived, safe and sound, they've got free WiFi here, that totally rocks.

Sunday, June 05, 2005

Off to San Francisco Tonight

I've just called the Holiday Inn, San Francisco to get an extra night with late check-in tonight at a reasonable price, so I don't have to leave home at 4am, but rather get to bed in SF around 1am or 2am.

I'm off to take Brandy out to a delicious El Torito dinner before taking to the road ... with the trusty night vision goggles, and valentine one.

Hello, I-5, i'm back, i've missed you :)

Live WWDC Keynote Coverage

Get Ready.

Reintroducing SIP: Free Calling for All

Get broadband. Make free calls

...

Profit ?

Introducing Meetro

Wendell sent me this e-mail:
Hey Chris,

I don't know if you are extremely open to shameless self-promotion on your blog or not, but I've developed a new type of IM that might strike your readers' collective fancy. It's pretty much exclusively for wifi networks (for now), and is completely proximity/radius-based. Check it out: www.meetro.com -- I'd deeply appreciate any feedback you might have.

Cheers,
-Wendell
I signed-up for their Q4 2005 beta release of a Mac OS X version of Meetro.

Shameless self-promotion is always a good thing, i'm sure the two persons who read my blog won't mind. And it does look interesting.

Meanwhile, if you've got Windows XP, I guess you're good to try out Meetro. Feel free leave your thoughts in comments.

Friday, June 03, 2005

Reintroducing EarthLink Search: Comparison Shopping, Cubed

If you're ever in the mood for comparison shopping, or trying out yet another search web site, you might consider taking search.earthlink.net for a spin:


(what i searched for when upgrading my powerbook's RAM to 2GB for $310)

(the best darned consumer DV camcorder on the market, only one with 3-CCDs)
While primarily your average Google-powered web-search interface with a customized EarthLink look and feel, you might notice a few nifty features:
  1. "Shopping Results" at the bottom of the page, with up to 3 tabs showing you previews of items from Shopping.com, Amazon.com and eBay, if anything relevant was found from each site.
  2. If you have a my.earthlink.net account, and are signed-in, you'll see a handy "Save Search" link by the search box, and an "add to favorites" link next to each search result. You can get a free my.earthlink.net account here and you'll also get to have fun with the rest of us making free SIP phone calls
  3. It's crazy fast. I've used it while dialed-up to my earthlink account from a GSM phone (the dsl comes with 20 hours of free dial-up/month, handy when traveling). Analog dial-up over a mobile phone pretty-much guarantees you speeds below 14.4Kbps, imagine pre-1995 web surfing.
A note on comparison shopping:

When I'm out to find the best deal on whichever doohickey i'm buying, there are a few resources I always check out while heavily leaning on tabbed browsing in Safari or Firefox:
  1. Advertisers on Google Sponsored Results. It's the one time I'll happily click on those!
  2. Shopping.com not only helps you narrow down your searches, but also compare specific item prices from multiple vendors, read vendor and product ratings powered by epinions.com. I like their stuff very much
  3. Amazon.com doesn't necessarily surface the absolute best deal, but has helpful suggestions, reviews, and gives me a good idea of "what things go for" beyond retail-land
  4. and of course eBay
  5. I sometimes head over to froogle
  6. If I'm shopping for computer components i'll always be sure to check out pricewatch.com. I just found out today about dealram.com which could have saved me $50 on those 2gigs i just bought from outpost.com which was already a good deal.
search.earthlink.net gives me quick access to 1, 2, 3 and 4. Searches and results I save are also available to me at favorites.earthlink.net.

If you like this search and wish to always keep it at your fingertips, you might consider adding this favelet to your browser's favorites toolbar:

EarthLink Web Search

Sunday, May 29, 2005

Rethinking ActiveX, Removing Spontaneous Alerts

As I was toying around a fairly recently patched Windows 2000 box in a testing lab a couple of months ago, I couldn't help noticing the ActiveX dialog alert boxes that kept popping at me, likely from ad banners served by the sites I was visiting. I almost clicked "Yes" on a couple of ones. And I know better. I've many times argued that ActiveX needs to die. I do however appreciate the need for making the whole process of software installation easier.

Here's the problem: Each time you come back to that site, the ActiveX alert shows-up again. "Well don't go back to that site, you big dummy!" you might tell me. Fair enough, but when the site we're talking about is being served by doubleclick.net from within an iframe embedded in a site I actually need to visit, I'm still in trouble, this alert is going to keep showing-up despite my repeatedly clicking "No, i do not want to install this piece of software!".

The fundamental problem, in my opinion lies in the spontaneous alerting mechanism: It needs to go away. It gets in the way of my browsing experience. The original idea for its implementation was to convey a clear message to users that some content might be missing from the page they're looking at because they're missing a software component. I may not care about this site, I may not even be looking at it (if it lives in an iframe), i may just be passing through on my way to somewhere else, yet my browsing is repeatedly interrupted as I'm forced to make a decision about installing a piece of software. Many end-users will notice that clicking "Yes" is the surest way to make "the annoying pop-up go away". This is bad. Most Internet Explorer users still don't grasp the potentially dire consequences of their browsing habits.

Microsoft needs to make the spontaneous pop-up go away. Once and for all. If a web page requires an additional software component to be installed on a user's machine for optimal viewing, then it should be up to the page's author to convey this message inside their web document while presenting the user with a "special link / UI widget" they could make the conscious choice to click to then offer the user the type of warning that's currently being thrown at them for simply visiting the site. The basic requirement I'm trying to define is to never interrupt the user's browsing, and make the process of installing a piece of software an opt-in step, a choice consciously made by the user. If the page's author doesn't do a good job of convincing the user to click on the "special software installation link/UI widget", it'll never get installed.

Until then, I'd love to see an industrious Windows developer come-up with an ActiveX control that downloads Firefox, installs it on the user's hard drive, imports all IE favorites, cookies and other applicable settings, sets Firefox as the default browser on the operating system, quits Internet Explorer, and reopens the web page the user was viewing into Firefox. I don't know for a fact that any of this is possible. But if it is, it would give Microsoft an added incentive to truly nail-down the end-user experience surrounding ActiveX. Until they did, their browser would keep losing market share. Checks and balances.

Update: I've more recently seen Windows XP (still not win2k though) show a pull-down notification drawer, which I think is a most definite improvement. I wonder what the behavior is with iframes? I really still wish the process of installing a piece of software on one's operating system was more the result of an opt-in process, rather than a byproduct of stumbling upon a web site. Note that I mentioned "operating system" vs "browser". Internet Explorer being an integral part of the operating system, ActiveX basically gives you access to the operating system, instead of confining developers to a browser's plug-in API.