afongen
Sam Buchanan's weblog.

New CPAN upload: Jabber::RPC, a

New CPAN upload: Jabber::RPC, a Perl implementation of Jabber-RPC. See also DJ Adams's Jabber-RPC page.

Strike.

MAPE's called a strike.

"'This is a respect issue, not a money issue,' said MAPE Executive Director Jim Monroe."

Bullshit.

Copyright Endurance and Change. From

Copyright Endurance and Change. From yet another smart little issue of the Journal of Electronic Publishing.

An interesting set of ideas

An interesting set of ideas about why it's safe to use IIS. Not entirely persuasive, but some good points. I'd say more if I weren't so drawn to Star Trek. :-)

I'm still waiting to hear from a colleague who uses IIS. I really do want to know where the advantage is over something like Apache.

Crypto and Perl.

Asymmetric Cryptography in Perl.

By all rights, of course, I should be watching the premiere of the new Star Trek series.

Been looking into XUL, Mozilla's

Been looking into XUL, Mozilla's XML-based user interface language. Be sure to see this tutorial.

Security flaw in PHP implementation of XML-RPC.

Edd Dumbill: "All releases up to and including version 1.0 of XML-RPC for PHP have a serious security vulnerability, allowing hostile remote clients or servers to execute arbitrary code on your machine." Update now.

I've been getting back into

I've been getting back into coffee, after a couple-year lapse. It probably started when I began my new job and a new ritual of walking to Dunn Bros. (on Grand) to grab a cup on the way to work. Too, a new shop's opened up, another one that does its own roasting. Not bad so far.

What I really miss, though, is roasting and cupping. To some degree I've been able to enjoy some of that experience thanks to Michael, who's had me over to try some of his espresso blends. Michael's one of the very few people I know who understand espresso and enjoy it at the same level I do. He introduced me to Sweet Maria's, and boy am I itching to start roasting again soon. They've got some truly excellent green coffee.

Meerkats

Wonderful weekend. We managed to do a bunch of vacation-like stuff this weekend, instead of just hanging around at home. It made for a very relaxing, heartening time.

This morning we went to the zoo to see the Meerkat exhibit. For some reason I have a soft spot for Meerkats. Cute little things. Cool exhibit, if smaller than I expected. There's this tunnel that kids can use to climb into a clear plastic bubble right in the middle of the exhibit. Great fun.

I'm surprised that I haven't

I'm surprised that I haven't said anything here about the SSSCA. Here:

The Register: Copy-control Senator sleeps while fair-use rights burn.

Wired: New Copyright Bill Heading to DC.

I don't make a very

I don't make a very good patriot. I've never much liked the "Star Spangled Banner" either. It's alright as a poem and all, but it's too hard to sing to be a decent national anthem and has never really had any emotional impact on me. At sporting events and graduations and such, I sit, unmoved, impassively ignoring the glares of those around me as they sing.

Tonight, though, something was different. Tonight I sat and listened as our national anthem was sung before a ball game. I watched the players' faces on TV, I watched those around me, but most of all I listened. To the music and to the words.

And I cried.

Check out the HTML4.01 and

Check out the HTML4.01 and CSS2 sidebars (for Mozilla/Netscape) on DevEdge. I'll probably be using these all the time.

Feeding the rumor mill.

It's looking like Apple may release OS X 10.1 next week. Much will be improved. If you're a Mac user I recommend OS X . . . but not yet.

Mainly because the apps aren't there. Microsoft plans to release its Office suite for OS X this November, for about $500 (!). That may more more than I'm willing to spend, but problem is there really is nothing better for the Mac. I really do like MS Word, and AppleWorks outright sucks. I might be able to work with StarOffice / OpenOffice once they're ported to OS X, but I'm not sure about Kiara. We'll see, I guess. There are other priorities. In the meantime, Office2001 is more than fine.

What I really want, of course, is one of these babies.

Quiet night. For the first

Quiet night. For the first time in a long time, I'm just kicking back. Listening to Sade, occasionally reading a Terry Goodkind book that my brother gave me but mostly just relaxing. It feels good. Maybe I'll tackle some of the problems on this site tomorrow...

...but probably not.

Nimda

CERT Advisory on Nimda.

And Nimda info from SANS.

I'm serious about this question: why run IIS? I'm not wondering why Windows, just IIS. What functionality does it bring to the table that makes the security risks worthwhile? If you have thoughts, please let me know.

Yep, a new worm. More

Yep, a new worm. More info is available. It affects IIS web servers, of course.

Update: Microsoft's posted a fix for IIS. Well, not so much a fix as a preventative tool: it filters requests based on the URL, according to a policy set by the administrator. Pretty useful-looking, that.

And still watch out for readme.eml when browsing the web, especially if you're using Internet Explorer.

So tell me again why people run IIS?

new worm?

Our servers are getting pounded with what looks like a new worm. Watch out for a file called readme.eml. I don't know if that file's necessarily connected with what's hitting our servers looking for cmd.exe, but I suspect so. We'll see.

Among the neat new features

Among the neat new features in Mozilla 0.9.4 is the ability to disable the JavaScript window.open() function on load or unload events. This has the effect of eliminating almost all pop-up or pop-under ads. Yay!

Also, at long last, the Macintosh version lets you change the display font size. Until now you had to do it by setting general font preferences, which is a lot of work just to change the font size on a given page. This function has been available on other platforms for some time, but not on the Mac. At least in the Mac binaries; I've never compiled it...although I was beginning to think that I should.

Preserve Your RIghts Online

Interesting. Slashdot: Preserve Your Rights Online. "Saturday a small group of people, including U.S. Representative Lynn Rivers, from Michigan's 13th Congressional District, met in the University of Maryland Baltimore County [UMBC ] library to discuss ways to maintain Americans' civil liberties despite major pressure to curtail them in the name of 'fighting terrorism.' The government does listen, you know, if you speak to the right people in the right way. So here's a guide, a HOWTO, if you will, that will teach you how to lobby effectively for your Constitutional rights."

Greymatter woes

Hmm, I've been bumping into some problems with Greymatter, the software that I use to update this site. On the one hand it's really handy that Greymatter produces the HTML for paragraphs whenever I type two carriage returns. On the other hand, I occasionally want to set a CSS class on a paragraph, or use blockquote, and I don't like the workarounds that I've found. Take a look at the HTML for yesterday's entry and you'll see what I mean. Looks like I'll have to do some tweaking.

more on crypto

To clarify what I was saying yesterday: do I want law enforcement agencies to be able to track terrorists' communications, decrypting encrypted messages? Absolutely. Do I think that weakening crypto products will help? An emphatic no. Terrorists will find a way to communicate secretly; they won't care whether it's legal or not.

History teaches that grave threats

History teaches that grave threats to liberty often come in times of urgency, when constitutional rights seem too extravagant to endure.

Justice Thurgood Marshall (1989)

I complained the other day that Congress was looking to mandate that back doors be built into encryption systems, allegedly to help law enforcement agencies combat terrorism. Those in government who are renewing the effort to restrict public crypto are exploiting fear and outrage at the recent tragedy to impose restrictions that endanger personal freedom.

This'll be far too quick an overview; I just want to get some ideas down.

The basic argument being made is that terrorists and other criminals use encryption to communicate, and Congress wants to put a stop to it. Law enforcement agencies understandably want to be able to intercept and decrypt these communications, so have long asked that "back doors" be built into encryption systems that would allow them to do so. They maintain that this would only be done with court orders and so on. I don't buy it.

For one thing, the Senate just voted to allow the FBI to monitor net traffic without a warrant. Yep. I'm not an anti-government raving lunatic, but neither am I entirely comfortable with the US government's track record in respecting the privacy of its citizens. There have been far too many cases of abuse. The increased use of Carnivore, a system for monitoring electronic communications, should be cause enough for worry. And that's apparently legal.

There is, I understand, a balance to be struck between the freedom gained by living in a society like ours and the implied restrictions on personal freedom. Rousseau gets dull after a while. What distresses me is the necessary outcome of weakening strong crypto and restrictions on government surveillance. I am dreadfully concerned that the recent terrorist attacks are being used as an excuse to abridge basic Constitutional freedoms.

Americans must rethink how to safeguard the country without bartering away the rights and privileges of the free society that we are defending. The temptation will be great in the days ahead to write draconian new laws that give law enforcement agencies - or even military forces - a right to undermine the civil liberties that shape the character of the United States. President Bush and Congress must carefully balance the need for heightened security with the need to protect the constitutional rights of Americans."

The New York Times (September 12, 2001)

For the moment, though, I will accept the government's stated good intentions, because they're almost irrelevant to the issue at hand.

If only the US government is given access to the back doors, what foreign government or company will accept the idea that the US government can decrypt their messages? The same question was raised for decades while the US outlawed export of strong cryptography (a restriction that was removed a couple years ago). Software companies like had a hard time explaining why the encryption available in foreign countries (or in foreign offices of US businesses!) was considerably weaker than what was available in the US. I'm uncomfortable making an economic argument, but consider this: to cripple strong crypto will damage the US's ability to compete in global markets.

What if back doors are also made available to foreign governments (presumably non-hostile ones)? How can we assume that those governments will remain non-hostile, or will use the back doors with the same protections that the US government promises its citizens? Make easy decryption available like that, and you might as well not have crypto. Again, I don't think that the business community will like that, much less people like me who want to protect their personal communications. I may not have anything to hide, but that doesn't mean that I don't enjoy my privacy.

Really, though, adding back doors and crippling encryption products will not prevent terrorists' or other criminals' ability to use strong crypto: they'll just use what they have now, get it somewhere else, or write their own using freely available algorithms. As has often been quipped, if crypto is outlawed, only outlaws will have crypto.

I plan to watch this very carefully. Email me if you have questions or flames. And use my PGP key.

Mozilla 0.9.4 has been released.

Mozilla 0.9.4 has been released. Go get it.

W3C validator code

Have I been missing something? Has the W3C's validator code always been out there?

I can see that I'm gonna have to offer an explanation of my comments yesterday about the revitalized anti-crypto efforts in Congress. Later.

Wired: Congress Mulls Stiff Crypto

Wired: Congress Mulls Stiff Crypto Laws. That is, Congress is seizing the opportunity to start yammering about crippling strong crypto to protect us against terrorists and child pornographers.

Safari improves

O'Reilly's online book service, Safari, just got better. O'Reilly's partnered with several other publishers to offer their books online as well. I highly recommend this service.

User Friendly.

User Friendly.

It seems trite to write

It seems trite to write anything about this, but I can't just ignore it. I'm still not sure how to react to the terrorist attack that destroyed the World Trade Center towers and -- according to the last guess I heard -- at least 10,000 lives. I heard about it today at a coffee shop on my way to work, that a plane had crashed into the first tower. Once at work, I found that I could do little else but watch, listen, and read about what was going on.

The major (American) news sites on the Web were dog slow, but still I managed to find information, largely thanks to a few webloggers -- most notably Dave Winer on his scripting.com. Sites that typically focus on technical news, like Slashdot, picked up the slack and disseminated what information they could. CNN.com was unreachable for some time, but Google made a cached version of its news coverage available. And I have to congratulate whoever at CNN.com had the bright idea of minimizing its page design to reduce server load and make it possible to get to the site.

Kiara, when she heard that the World Trade Center had collapsed, was terrified, thinking that it was the WTC in Saint Paul. I don't work there now, but I'm still there every now and then.

Still, none of it felt real until I read about counselors waiting at bus stops to deal with children whose parents are never coming home.

W3C slidemaker

This is pretty much just to remind me where it is: the W3C's slide making tool.

I've looked at a number

I've looked at a number of web log analysis tools. Lots of people seem to like WebTrends. It's nice for those who have a budget. My web hosting service likes analog. Me, I favor the Webalizer. It's comprehensive, it's free. The only real problem with the Webalizer is a twisted and possibly frustrating series of dependencies necessary to build it. This is not insurmountable by any means, however, and now PHPBuilder's recently published an article on building and using Webalizer.

NASA's Astronomy Picture of the

NASA's Astronomy Picture of the Day has been pretty cool recently. Yesterday, a composite photo of the moon and stars (you can see galaxies!), and today the moon and sun.

I'm not sure how I feel about composite photographs, but what the heck.

And for you folks at work, Ganymede.

New TPJ!

A new issue of The Perl Journal is out, at long last.

Hey, you can send Jabber

Hey, you can send Jabber messages from a web page, thanks to a new little tool called the Jabber Web Pager. I'll probably add this to afongen. Now, can I build a web-based chat system using Jabber?

I'm getting sick of this Windows-only world.

I got the Qwest yellow and white pages on CD-ROM today. Qwest is running a test, sending some 64,000 of these out to see how they go. When I first read this, I was pretty psyched. I almost never use a hard copy of the phone book--they're unwieldy, too-often out-of-date, and just a pain to keep around. On the other hand, I use qwestdex.com all the time. To have the directory available on CD, well that's just downright handy.

Except that I don't use Windows. It only runs on Windows. Way to go, Qwest.

Now, I understand to a point: if you're gonna pick an OS to support, it probably oughta be Windows. Or maybe a Java VM, except that Windows XP has pulled Java support, hasn't it? Still, this is damn annoying.

Anyone want a CD-ROM of the Minneapolis - Saint Paul phone directory? I've already offered it to a friend, but if he doesn't want it then it's up for grabs. Email me. And use my PGP key.

Update: The CD is spoken for.

Well, MAPE rejected the State's

Well, MAPE rejected the State's "final" offer, so it's looking more likely like they'll strike.

Sigh.

Made a couple changes to

Made a couple changes to the templates. Some minor CSS fixes to deal with problems I was finding with Netscape 4. Now it's at least legible in NS4, even if it's not perfect. I never expect perfection from NS4. Also, you might have noticed the little "open links in new window" box. Doesn't serve much of a purpose, but I thought it was kinda cute so brought it back.

Mozilla: Gecko DOM reference.

Mozilla: Gecko DOM reference.