afongen

Tim Bray writes about transition from Mac OS X and Linux to Solaris. This will be useful. We use Solaris on our servers at work and I daily encounter lots of little differences that add up very quickly. A month or two ago I spent a very frustrating day compiling Subversion on Solaris, something that takes practically no thought at all on OS X or Linux, but doing so as an unprivileged user on Solaris took me far, far to long to figure out. All sorts of GNU tools that I’ve come to rely upon just aren’t there by default (say, autoconf). Despite the jubilant dancing that marked my success, I still think I would rather have run my head through several panes of plate glass. Repeatedly.

Otherwise, Solaris is just fine.

This is just insane. Several newspapers, including the Chicago Tribune and apparently (though I have not confirmed) our own Minneapolis StarTribune, chose not to run today’s Boondoggle because it “presents inaccurate information as fact.”

“Bush got recorded admitting that he smoked weed.” one character says in the comic’s single panel. “Maybe he smoked it to take the edge off the coke,” comes the reply.

Admit it. Funny. And more to the point, a comic strip! I do hope that the editors of these papers hold their news reporters to a higher standard than the comics artists and take care when printing inaccurate statements from the Bush administration.

We’ve been using Netflix to watch Farscape from beginning to end. We’re in the middle of the fourth season, which did not much impress me when it was aired, mostly because they went off the deep end with that old woman character (whose name I never catch and have no intention of looking for). It’s much, much better the second time through.

I’m anxious to see “The Peacekeeper Wars,” a four-hour Farscape miniseries produced after the series was cancelled prematurely (if you ever saw the series finale, you know what I mean). It was aired a couple weeks after we moved to Saint Paul and decided not to get cable, so I have absolutely no idea what happens.

The MnSCU IT Conference takes place in a couple months, and I’m gearing up for my presentation. This is a conference for IT staff on our colleges and universities throughout the state, and in recent years has been the one time when we can get most of the campus web folk in one place. It’s also one of the few chances I get to make public presentations, so I jump at it: I’m arrogant enough to think that I have something worth saying. Still, every year when the call for proposals is announced, I wrestle with ideas for what talk about. In the past I’ve covered web accessibility, XML, regular expressions, and web application security. This year I considered doing what I did last year (two sessions, one on regex and one on web app security), but decided it was best if I just stick to one presentation and take the time to make it top-notch. Still, in case the opportunity arises, here are topics I considered proposing:

• Regular expressions. Probably two sessions: an introductory overview and an advanced session covering optimization, debugging, that sort of thing. Evangelizing regular expressions is a sort of mission of mine. I don’t understand why more people don’t know about them.
• Introduction to web standards. Some of our college webmasters are on top of recent developments, but take a look at the conference site and you’ll see why I still think we need to cover this at a very basic level.
• Overview of the OWASP Top Ten Most Critical Web Application Vulnerabilities.
• An hour on any one of the OWASP Top Ten. Each of them deserves at least that.
• Web application security testing. Not just penetration testing, but also working security into the software development process: design and code reviews, threat modeling, and so on. To my mind, that’s all part of the testing process.
• Introduction to version control.
• HTTP. I am regularly surprised by how long you can work as a web developer without understanding even the basics of HTTP. Boggles the mind.
• Unit testing & test-driven development. It’ll change your life.
• mod_rewrite.
• Ajax web applications. Using XMLHttpRequest.
• Unicode and character encoding.
• Unobtrusive JavaScript (all part of the standards evangelism).
• Threat modeling
• Cleaning up your (X)HTML. Using Tidy, regular expressions, that sort of thing. More standards propaganda.

In the end I went with web application security testing, because I really think we need to pay more attention to security and I want people to walk away with concrete skills. Testing seemed appropriate. We shall see.

I’ve noted before that Oracle has been getting into PHP, even including PHP in their application server. PHP’s a reference implementation in JSR 223 (“Scripting for the Java Platform”). And now it seems that IBM is backing PHP. Rockin’. The more I work with Java for the web front ends, the less I like it. I would be more than happy to use PHP to rapidly develop web software that talks to back-end services written in Java.

So we’ve got Zend working with Sun, Oracle, and IBM on enterprise support for PHP in one fashion or another. Hell, even Bruce Eckel is starting to use PHP and doesn’t hate it. :) Hm. Tell me again how it isn’t ready for the enterprise?

Mind you, I still have absolutely no use for PHP on the command line. It nicely fits a web niche for me, and that’s that. It’s enough.

Firefox 1.0.1 has been released, and you should upgrade now. This release addresses a few security holes and bugs, including the dreadfully irritating IDN homograph vulnerability. So if you aren’t already using a nightly build, go get FireFox.

I was in Dunn Bros. (the Grand Ave. store) last night buying some beans. As the barista was ringing me up, a guy in line asked how long my coffee would be good. “About a month,” the barista replied. I must have looked stunned, because she eyed me curiously: “I take it you disagree.”

Do I ever. There is a marked decline in coffee’s flavor over the course of a week after roasting. If memory serves me correctly, something like 70% of the compounds responsible for coffee’s flavor are gone in that time, transformed into something far less pleasant. The difference between a week and a month is obvious. Try it yourself. Granted, I’m a connoisseur snob about these things, but I don’t ever keep coffee more than two weeks, and by that time I’ve stopped drinking it because I can’t stand to — and because I forgot it was in the cupboard. Call me crazy, but I like my coffee to actually taste good.

At this point, she countered, “but my grandparents keep coffee for a month and they like it!” Good for them, glad they’re happy. You’ll note that they don’t work for one of the premier coffee roasters in the Midwest and that it’s not their job to know things like this.

Here’s my rule of thumb: buy only what you can drink in a week or so from a local roaster. I realize that in many corners of the world this isn’t possible, but if you can, do. (If you can’t, consider home roasting.) Store the whole beans in an airtight container at room temperature. Use them as soon as you can.

Enjoy.

When I was working at the Roastery, we had a report tucked away behind the counter, someone’s master’s thesis studying the chemical process of how coffee goes stale. They used beans that we roasted, which is why we had the thesis. I wonder if I could dig that up…

On Saturday we went to see folk singer/songwriter Carrie Newcomer, who was in town as artist-in-residence at Macalester, doing workshops at local colleges and playing a couple concerts. Saturday’s concert, a benefit for Open Arms, was her last appearance in town and drew a considerably larger audience than expected. It’s no wonder: she’s great! Seeing her live makes all the difference.

She introduced a few of her songs by talking about the characters in them, giving us back story and little glimpses into who they are: an elderly couple visiting a diner, the ritual banter between the old man and the waitress (“There are only three kinds of pie I like: cold, warm, and hot”), the fact that that man thinks he’s a big tipper because he leaves three quarters — and that his wife sneaks in another quarter and maybe a dime when he’s no looking. None of this comes up explicitly in the song, but it becomes clear that her thinking about these stories and aspects of character help fill out her sense of who she’s singing about. I see Kiara doing this with her writing, generating many more pages of material than she’ll ever use, developing the world she’s writing. What ends up making the cut in her final work end up being written with greater authority and clarity. It’s gratifying to hear a songwriter do the same.

The trailer for the Hitchhiker’s Guide to the Galaxy movie is up on Amazon.com home page. Tiny, but soon it will be elsewhere, so that’s okay. I think it safe to say that I’m adequately excited about this movie.

Update: Unbelievably, this is now the first result in a Google search for “Hitchhikers Trailer.” So if, like me, you forgot the apostrophe, you’re here and disappointed in a dead end. But wait! You’re in luck! The trailer is now on the official movie site, so you can go there to see it.

A few months ago, collisions in MD5. And now, SHA-1 has been broken. Bruce Schneier: “Not a reduced-round version. Not a simplified version. The real thing.”

Hm. Looking forward to details.

This is what my life has become. I’m actually looking forward to details about hashing algorithms. :) Maybe I oughta get some sleep.