Sam Buchanan's weblog.

DOER does it again.

The State of Minnesota will soon stop printing and mailing paper copies of our paystubs (for those of us who do direct deposit) and is making paycheck information available on the Web. Great! I'm glad to see this, and especially glad that the site isn't blocking browsers other than Internet Explorer on Windows. They've been known to do that. There are some minor issues with how it interacts with Mozilla, but nothing that prevents my access to the content.

Well, there is one thing: the site is receiving more traffic than they anticipated and it's unresponsive. Connections are sometimes just outright refused. They say that they didn't expect the traffic. Excuse me?! They didn't anticipate heavy traffic? Why in the world would they not think that some 15,000 50,000 State employees would be hitting this thing on the day that it's announced? Or on payday?


I'm trying to be polite because these people are my colleagues. But I'm sure you can imagine what I'm thinking.

Optimizing PHP

Optimizing PHP, in which

we explain why optimizing PHP involves many factors which are not code related, and why tuning PHP requires an understanding of how PHP performs in relation to all the other subsystems on your server, and then identifying bottlenecks caused by these subsystems and fixing them. We also cover how to tune and optimize your PHP scripts so they run even faster.

This includes tips for PHP on IIS and Windows, as well as (of course) Apache and Unix.

Not to say that there's nothing about writing code, either. I learned, for example, that references don't provide performance benefits for non-object variables. In fact, they may hurt performance. Whaddya know.

conference blogging

Minnesota weblogs.

I was chatting with a coworker yesterday and mentioned my weblog. He wrote, "I hadn't even heard of blogs before last months wired mag ... now I'm bein' referred to a colleague's." Well, here are a few more.

Weblogs have been so much in the news lately that I forget that not everyone knows what they are, much less follows several (or several dozen). It does make me question whether the Powers That Be will be interested in the idea of blogging the MnSCU IT conference, since they may not even know what weblogs are in the first place. I suspect that if there's enough interest in it from a few people like our college webmasters, we'll just have to do it to show 1) that it can be done, and 2) whether it's worthwhile. There's a strong chance that I'm the only one who'd be interested.

Debbie Duncan

Last night we went to a CD release concert for local jazz vocalist Debbie Duncan. She is arguably among the top 10 reasons to live in Minnesota. Phenomenal talent. Sadly, her CDs have been really hard to get. Hopefully that will be different with this new one, Travelin' at the Speed of Love.

O'Reilly Emerging Technology Conference: audio, blogs

Dr. Dobb's Technetcast has MP3s of keynotes and other interesting things from the O'Reilly's recent Emerging Technology Conference. One of these days I have to find a way to make it to one of these things.

It's exciting to see the conference being blogged by a whole slew of attendees. The "official" coverage is interesting enough, but I will be interested to see how O'Reilly integrates blogging in its future conferences. I've been wondering, too, if it would be worthwhile trying to do something like that at the next MnSCU IT conference. Donno who'd read it, though.

Update: Dave Winer writes about blogging conferences, and points to a weblog devoted to it.

What is Jabber

I've talked about Jabber enough that I feel that I should give a brief overview for those who aren't inclined to dig too far beyond the simple links that I've provided.

Jabber (, was originally set up as an instant messaging service that allows people on different IM networks (AIM, ICQ, MSN Messenger, etc.) to communicate. Otherwise, for example, AIM users can't chat with ICQ users. Jabber is an open source, standards-based, XML-based IM framework — all messages, routing, etc. is handled with XML. There are Jabber clients for most platforms that people use in real life, and all the sorts of things you'd hope to find in an IM system: basic IM, chat, group chat, even whiteboard. Pretty slick, really.

Ah, but wait. That's not all. Because Jabber is in essence a system for routing XML messages, there's nothing that says that those messages need to be restricted to IM and chat. Jabber users don't even have to be people. Any system that uses XML to exchange data can do so using Jabber — with all the built-in benefits of presence management, security framework, etc. Quick example: an app that tracks stock prices or network traffic, then notifies you when you come online of anything interesting — or sends you a text message, or communicates with a web service via XML-RPC, or whatever.

That's why it's cool for users and developers. Another advantage is that it's free, open source, and extensible. An organization can set up its own Jabber server. Messages can also be encrypted with SSL and/or PGP. Instead of relying on an external service like AIM (perhaps a problem for security or reliability reasons), an organization could have its own self-contained IM system. Most Jabber development to date has been on Unix, but there are Windows and Java versions available, as well. For those who aren't comfortable with free software, there is a commercial version and support available ( And hey, get over it.

On the IM side, AOL has historically been antagonistic to Jabber, periodically changing the AIM protocols and necessitating a frantic couple days of reverse engineering (something that I'm no longer sure is legal under the DMCA, at least in the US). AOL has even blocked access from the server, so if you want to communicate with AIM users you need to use another server. Perhaps set up your own.

That's it in a nutshell. Peter Saint-André (whose name you'll start to recognize) has written a very good user guide, which you should read if I've piqued your interest. Then install a Jabber client and send me a message. I don't really feel like publishing my Jabber ID on the Web, so send me email first ( Ah what the hell. It's I look forward to hearing from you.

IM slang

I was chatting with someone today (she was using AIM, I was using Jabber) when it struck me that it'd be interesting to see how all chat slang's changed since I was a heavy IRC user back in the day. brb, gtg, l8r, LOL, etc. What's new, what's old? I have a sneaking suspicion that the evolution is driven by teenage AIM users, which is why I'm unlikely to do any serious research. I'm sure some grad student somewhere's already doing this.

Web application security

The Open Web Application Security Project. Looks very worthwhile. Too many people are working in the dark when it comes to developing secure web apps. More than just sharing knowledge, though, the OWASP are building tools for testing and implementing security.

This reminds me. I've been reading Ross Anderson's Security Engineering. Wonderful. My thanks to Alex Russell for recommending it.

I don't think that I ever mentioned these must-read papers at In particular I'd like to call your attention to "Fingerprinting Port 80 Attacks" and "Fingerprinting Port 80 Attacks, Part Two". People complain that I worry too much about security. Yeah. Well, attacks like these are hitting our servers every hour of every day. It's important to know what's being tried so we can prevent successful attacks.

OS X: UNIX Porting Guide

Apple's posted a UNIX Porting Guide. It's written to "guide developers in bringing applications written for UNIX-based operating systems to Mac OS X," but even for the rest of us Unix geeks it's interesting and useful.

In frames, unfortunately. At least they make a non-frames version available.

Star Wars rocks.

Star Wars rocked. I'm sure that there are gonna be some complaints from among the scarier fans about certain things, and sure there were things that annoyed me, but big deal. Who's gonna like every second of a 2+ hour movie? On the whole, Episode II is great. Good action sequences, kinda dragging love story, really cool to see how the groundwork for the original 3 is being laid, not as bad a plot as many critics have been saying... I loved it. Definitely worth seeing. Not that there's much choice for Star Wars fans, I suppose.

I'd write more but don't want to spoil it for those who weren't at the theater at midnight.

One thing was disappointing: I don't think it sold out! The line for ticket holders stayed pretty constant at around 50 people up until 10pm, at which point people started getting in line. They were still selling tickets at 11:30, though. Sheesh. When Episode IV was rereleased, it was a madhouse. This was pitiful.

The Perl You Need to Know

Even if you don't plan to use mod_perl, this is all stuff that every Perl programmer should know: The Perl You Need to Know - Part one, part two, and part three.

Netscape 6.2.3 released.

Netscape 6.2.3 has been released. This is just a security fix, patching the XMLHttpRequest vulnerability. It's still based on Mozilla 0.9.4. Glad though I am that Netscape released a more secure browser, I am waiting very anxiously for a new major version built on a more recent Mozilla. I mean, Mozilla's in 1.0rc2!

I suppose (just a guess) that they're waiting for a final release of Mozilla 1.0. If that's the case, then OK. I can wait.

Why I care about Netscape 6: my job. A lot of offices — my own included — are waiting for the next major release of Netscape before upgrading from version 4. I also care because 6.2.3 still feels kinda klunky and is missing a lot of the good stuff from recent Mozilla builds, stuff that I expect to make it a favorite for a lot of people.

Star Wars premiere

What's that? Am I going to see Star Wars tonight? C'mon, do you really need to ask? You bet I am! 12:01 a.m., I'll be there.

RSS is still kickin'

It appears that RSS is not dead. There's a new article on WebReference, "The Evolution of RSS", and an upcoming O'Reilly Book: Content Syndication with XML and RSS.

Good. I remember getting caught up in the flurry of RSS activity a couple years ago, activity that seemed to suddenly stop. Sure, developers have been incorporating RSS into their sites by either creating a feed, using a feed, or both, but development of RSS itself stopped dead. Bummer.

You may point out that RSS is dead simple, so what more development did it need? Added complexity would only make it unusable. True. One of the things that makes XML-RPC nice to work with (as compared to, say, SOAP) is that development of the protocol stopped a few years ago, so it's stable. What was disheartening to me is that I didn't see a lot of interest in building cool new things with RSS. Maybe that's changing.

Lunar Embassy

Hoping to buy an extraterrestrial property but not sure where to start? Well, look no further!


A week or so ago a local newspaper published a couple stories about how a too-large number of public school students in Minnesota are being suspended (sent home from school as a disciplinary action). The articles express a justifiable concern that suspension is an unnecessarily harsh punishment for the sorts of behavior for which it's being used.

I agree. Students are suspended far more often than they should be. Something that has escaped the public debate, though, is that out-of-school suspension is often the only disciplinary option available — because schools do not have the staff to supervise students who are removed from the classroom. Schools have often had to cut those positions because they don't have money to pay for them. When faced with deciding whether to pay for a study hall / in-school suspension supervisor or a teacher, the districts and schools are correctly choosing to keep their teachers. One school in my local district ran out of money for paper a few months ago. Paper. Should they lay off a teacher, or go without basic school supplies? Schools shouldn't be faced with this choice, but in a climate where state and local government are more concerned with funding a sports stadium than they are funding education, what do you expect?

What happens when a student needs to be removed from the classroom to cool down for a bit? No one can supervise them, so they're sent home. What happens when a kid really doesn't want to be in school but in-school suspension isn't available? They quickly figure out how they can act out to get sent home.

I think that everyone agrees that suspension is being meted out too often, and that it does no one any good. I don't understand, however, how the funding issue hasn't been considered as a part of the problem. There's a clear causal relationship. Don't bellyache about how public schools are failing so don't deserve to be funded: when they fail it's because we don't provide the means to succeed.

Flash update

I'm holding off on working with Flash for a while, 'til I get some other things finished first and until I can buy a copy. I've worked with an evaluation copy enough to know that it will be fun and worthwhile to work with, so I do plan on buying it, but first I need to find a way to take advantage of some educational discounts that are available to me. I've also worked enough with Dreamweaver MX to know that it, too, is worth owning.

Why am I interested in developing with Flash? A few reasons:

  1. See what its new accessibility features really do, find out what it takes to use those features as a developer and as an end user. I've been doing a lot of work with accessibility lately, training college & university webmasters in how to improve the accessibility of their web sites. Flash is becoming increasingly interesting and important to them (and to me!), so I very much want to explore its possibilities.
  2. Explore ways in which content being delivered through Flash can be made available to those without the plugin. It's possible for Flash to read XML documents as data sources, so if the plugin's not available, how can I detect that and make the XML source doc available? I'm thinking of accessibility here, too, not only for the disabled but also for you Unix and anti-Flash users. I would like to come to a point where Flash is just one more means for delivering content. Take some data, generate output formatted as PNG, SVG, XHTML, PDF, RTF, and Flash. Why not?
  3. Embed video. This is job-related. A coworker's been doing a lot with RealVideo and SMIL, synchronizing video, a text transcript, and a series of GIFs (as a slide show). It's beena royal pain in the ass. I want to see how much easier it would be to work with Flash, and whether we'd get better results.
  4. Just play. As I believe that I wrote earlier, I've been entranced by the idea of writing a Jabber client in Flash. Just because I can. I know it's already been done, but this'd be a great way to dig into ActionScript and see what it can do.

All of this will wait a couple months, though, 'til I buy a copy. The evaluation copy has been just enough to whet my appetite. Too, I've promised myself that I'm going to take advantage of the summer weather this year, actually get outside and be active. I don't want to spend all my time in front of a computer. That's far too easy.

Tidy's Open Source

Hey, HTML Tidy's a Source Forge project. When did that happen and how did I miss it? Cool. Tidy has long been open source, neh, but now has a wider group of developers. I'll be interested to see what comes out of this.

I wasn't thinking.

Regarding my post the other day: I decided that $400 does not constitute a super-cheap Linux box. I could spend that money at a local shop and get something just as good, if not better.

This led me to my second decision/realization: I would never buy something from Wal-Mart. Shame on me for even considering it. I wouldn't buy anything from their brick-and-mortar stores, why would I even contemplate doing so online?

Cheap Linux boxes getting better

A few days ago, NewsForge ran an article on installing Linux on a Wal-Mart OS-less PC. Very favorable review, except one problem: the modem didn't work. Easy enough to pick up a new modem, but still.

A few days later, the manufacturer of those machines announced that in response to the article and the reaction from the open source community (well, mostly Slashdotters), "Effective 5-7-02, all units will ship with the new hardware modem." Excellent.

Now I'm really torn: iBook or super-cheap Linux box?

Mozilla miscellany

A flaw in Mozilla exposes hard drives. You're safe if you're using Release Candidate 1 of 1.0, but only because XMLHTTP — where the flaw lies — is broken. This is a bummer, but at least it'll be fixed soon, I'm sure. (update: yep, a fix has been checked in.) Here's a more detailed summary of the problem.

And note, too, a pretty cool little interview about Mozilla-the-technology. Very informative, especially for those unfamiliar with the project.