afongen
Sam Buchanan's weblog.

Eureka. On firewalls and CPAN.

I had intended to complain about the CPAN module, how I never quite manage to get it to work properly. Much as I love the CPAN itself, the CPAN module (used to ease the installation of other modules) wasn't quite working right and it was driving me crazy. I tried CPANPLUS to no avail. In the end, this is no big deal, I don't mind installing Perl modules by hand. It's the principle of the thing. CPAN would try to grab a module and just hang there, unable to download the file. Most irksome.

Then I turned off my firewall, and everything worked fine.

Gah. So now I just need to tweak the firewall settings a bit, and problem solved.

Head First Java

How to Talk About Jini, J2EE, and Web Services at a Cocktail Party.

It's all so predictable. There you are at a dinner party, sipping a second martini, when the conversation turns, inevitably, to distributed programming.

The story of my life.

I've been reading Head First Java. It's refreshing, fun, and engaging in a way that I don't experience in any other programming books. And that's the point: to trick your brain into paying attention and learning something. This interview with the authors gives a good overview of their philosophy, and the cocktail party article above hints at the irreverent fun the book offers. You really need to read through a sample chapter to understand, though. I'm looking forward to their EJB book.

Building Perl

I'm updating Perl on my iBook today, with the hope of rebulding mod_perl and installing Metadot. Compiling Perl on Jaguar is such a breeze, far easier than I remember it being with earlier versions of OS X. Hopefully mod_perl will go so smoothly.

Open Source Electronic Portfolio

The Open Source Portfolio Initiative releases 1.0 .

Earlier this year, the university of Minnesota realised that its well regarded and mature e-portfolio system would have a much better chance of reaching its full potential by open sourcing it, and getting others involved. The first fruits of that decision are now available for demo and download. Next stop: OKI and IMS "compliance"…

Well, well, well. I'm gong to have to look at this. Minnesota offers a free electronic portfolio to all its residents and students, something that Minnesota State Colleges and Universities (my employer, the other public higher education system in the state) is heavily involved with. However, I'm disappointed by how difficult it can be to use, and must confess to being uneasy with relying on a single vendor and their closed system. So I'm intrigued by the University of Minnesota's portfolio and especially the Open Source Portfolio Initiative's work. Very exciting stuff.

Quick side note. The U has been getting involved in open source in more than one area. In the mid- to late nineties, they introduced a portal that they'd developed in-house (in Java). Now I see they're using Metadot, an open source mod_perl portal server. I wonder what prompted the move.

Tangential note to self: play with OpenCms.

PHP, Perl news

Quick links: eGovernment and open source.

Quick links:

BBC Archives Online

Stuart Langridge notes that the BBC will make their program archives available online. Follow Stuart's links to more thoughtful discussion than I could ever hope to post, especially given that I'm still a bit thunderstruck.

It does appear that the programs will be "available to anyone in the UK", so initially I won't directly benefit, but I don't care: the repercussions of a move like this will move quickly beyond the borders. It cannot remain contained for long. Beyond the merely technical impossibility of blocking non-UK users, which is a perfectly understandable goal (they paid for it, after all), there's the far more interesting question of what influence the BBC will have on its broadcasting counterparts worldwide. Danny O'Brien writes,

While the commercial companies fret over the dangers of P2P and zero-cost replication, the BBC has realised that this is its greatest opportunity. Not to beat commercial media concerns, but to finally stop mimicking them.

With apologies for the not entirely fair comparison of the two organizations, I'd love to see PBS do this. But I have little doubt that commercial interests will intervene.

What I'd really like to see is the commercial media concerns mimic the BBC.

Anyway. Right on.

PPI

Thinking about outsourcing to India? Don't make a move before you consider Primate Programming, Inc.

Humans and higher primates share approximately 97% of their DNA in common. Recent research in primate programming suggests computing is a task that most higher primates can easily perform. Visual Basic 6.0™ was the preferred IDE for the majority of experiment primate subjects.

As you might expect, "they were baffled by anything to do with modern Java IDEs such as SunONE®, Visual Age® and Jbuilder®. None of the animals understood the Java programming language."

Hat tip to Mark Beihoffer.

First Aid

A bee stung me in the ankle while I was going for a walk around Lake Como with Owen tonight. My first thought was, "Rats, I don't know what to do for a bee sting." Unbelievable. I have to brush up on my basic first aid.

My second thought was, "I hope I'm not deathly allergic to bee stings." It's been years since I was stung. Or had been until tonight. You never know.

Kiara just looked at my ankle said, "Looks like you're not allergic … yet." Smirk. Thanks.

Tinfoil Hat Linux

Tinfoil Hat Linux.

It started as a secure, single floppy, bootable Linux distribution for storing PGP keys and then encrypting, signing and wiping files. At some point it became an exercise in over-engineering.

PowerPoint

I forgot about this coincidence the other day: Edward Tufte published an article in Wired about how "PowerPoint is Evil" just as I finally got around to reading his essay on The Cognitive Style of PowerPoint.

I've written before about how much I hate PowerPoint. Even before I read Tufte, I'd realized that it's more than just the tool, it's that the tool contributes to so many bad presentations. Its all the excruciatingly dull or misused PowerPoints I've sat through that I really resent.

That and PowerPoint on the web. The slide shows themselves are bad enough, with their ugly markup and pages that are usable only in certain browsers (<cough>IE/Win</cough>). More troublesome, though, is the fact that PowerPoint presentations are going on the web in the first place. A well designed PowerPoint is meaningless outside the context of the presentation it is meant to accompany, yet (as Tufte bemoans) the slide shows are regularly disseminated via email and on web sites.

My biggest gripe is against the use of PowerPoint in lieu of written reports. Gartner does this. For a study they did for my employer last year, they supplied their report as a PowerPoint instead of bothering to actually write something. Two PowerPoints, really: an executive summary and the actual "report." Bah.

(In)accessibility is an obvious complaint, as well. Yes, there are tools to make PowerPoint-generated web pages more accessible, but thus far they have not impressed me. Moreover, they distract from the far more pertinent question of why a slide show is on the web in the first place.

When I get a call asking for help putting a PowerPoint on the web, my first response is to discourage the caller from doing so. Publishing a single summary page or an honest-to-god written report will server her readers far better. If I can scan a page that contains the same content as the PowerPoint, or even slightly expanded, I'll be much happier than if I have to click through fifty or sixty low-resolution and low-content pages. I'll be even happier to read something more carefully written that lays out information and arguments in a thoughtful and sensible progression (something that one should expect from a high-buck and respected organization like Gartner. Oops.).

Is it harder and more time-consuming to create these alternate versions? Depends. Creating a summary is certainly easier than futzing with the convoluted process of creating an accessible or even usable HTML version of the slide show. In most cases, writing a complete report is more difficult, but to my mind that is an advantage because it forces you to consider whether it is worth adding content to your web site. If you are unwilling to take the time to string together coherent sentences to make your message meaningful, then what you have to say will not usefully contribute to your web site's content.

Or you could go ahead and throw another PowerPoint on the midden heap that your site will become.

DVDs at the library

We've started checking out DVDs at the library. They have a surprisingly decent collection. There's usually a waiting list, but big deal: we can add ourselves to the list online, and be notified by email when it's our turn. It's like Netflix, but free! Well, that and the DVDs aren't mailed to us. Again, big deal: we're at the library on a regular basis anyway.

Wired coincidence

The latest issue of Wired arrived the other day with more than a few coincidences:

Using the Web to Help Teach Kids Writing Skills

New York Times: "A Young Writers' Round Table, via the Web." I would have loved publishing online as a kid.

Anil's Ghost.

A long commute on the bus gives me several hours guaranteed reading time every day. I love it. Sometimes I'm lucky enough to read something that so overwhelms me that I forget myself: I moan in extasy at a particular turn of phrase, laugh out loud, quietly read passages under my breath. Some time later I become aware of fellow passengers' sidelong glances, and it dawns on me that I'm the crazy guy on the bus.

Which isn't all bad. At least no one will sit next to me.

Storm Constantine used to have this effect (Burying the Shadow is wonderful) until she got all weird and sex-magic crazed. Right now, pride of place belongs to Michael Ondaatje's Anil's Ghost. An absolute gem. I've been reading bits of it aloud to Owen, who quietly lays against my chest, listening. Considering that his usual reaction to a book is to crawl frantically toward it, chew on the binding, then coo as he flips through the pages, his calm appreciation for Ondaatje's prose speaks for itself.

But I'm still the crazy guy on the bus.

One-Stop Business Registration

Utah has launched OneStop Online Business Registration. Instead of having to register independently with several state and federal agencies, you can now register a new business online, in one place, "in about an hour."

Now that's effective and useful eGovernment.

Goodbye, Cathy.

A coworker died this morning, after being hospitalized suddenly yesterday. It feels very strange to be working, everyone going about their business. I did not work closely with her so do not immediately feel her absence, but it's beginning to creep into my awareness.

IE vulnerabilities are so much fun.

We don't allow HTML mail at work. Our GroupWise email clients are configured to disable both display and creation of HTML messages. This causes some problem for those who receive HTML mail without a plain text equivalent, but someone decided that the benefits are strong enough that the inconvenience is worth it. Some may declare to our tech support, "You're preventing me from doing my job!" but they're wrong.

The problem is Internet Explorer. Many popular Windows email clients use IE for HTML rendering. Since IE is riddled with unpatched security holes, HTML mail is potentially unsafe. Opening an email message is enough to bring down your machine.

To help out our beleaguered tech support staff, I put together a little web-based app that demonstrates our two primary reasons for disabling HTML mail: security and spam. (Spammers sometimes use single-pixel images to track their mail and help identify valid addresses.) It's quite simple: supply an email address, and the system sends you an HTML-only message. The message contains an <img> whose src is a PHP script that associates your email address with an IP, user agent, what time the message was opened, etc. Most important to a spammer is that the email address is valid. A more malevolent attacker could use the user agent information to craft a more focused exploit.

The message also includes exploits for several IE vulnerabilities: one buffer overflow (now patched), an ActiveX exploit, and now something that launches NotePad (see this followup). Depending on the circumstances in which the message is opened, one or all of those is triggered.

The trouble was not coming up with exploits. IE security holes abound. The trick was coming up with something that a non-technical user can see is a problem. So many of the vulnerabilities are complex or hidden: "Oh no, a cookie has been read!"

The astute reader will point out that disabling image loading and scripting in the email client protects from most of the existing vulnerabilities. True enough, which is why I included a bogus link in the same message on a web server. If the user follows the link, IE crashes. Too, in my tests I was still able to launch NotePad without user intervention. Considering the rate at which IE security holes are discovered, some of which do not require scripting, I do not consider simply disabling functionality to be adequate protection.

I used to abhor HTML mail but no longer feel so strongly: I can understand why many people prefer to read styled text. That is, as long as a plain text version is sent as well. I just read that and refuse to read HTML-only mail. Know, however, that there are risks.

Simon Willison may be glad that he switched to Firebird. Switching your web browser may not be enough.

Now I'm going to get all sorts of mail complaining that I'm alarmist. Nah. I just think that my employer's tech support staff's concerns are valid, and if they don't want to enable HTML mail, I stand with them.

ELF is moving in.

"Firebrands of 'ecoterrorism' set sights on urban sprawl":

The latest attack came last weekend when a large condominium project under construction in an upscale San Diego neighborhood burned to the ground. A banner stretched across the charred site read: "If you build it - we will burn it. The E.L.F.s are mad." In e-mails to regional newspapers, the Earth Liberation Front (ELF) claimed responsibility for the conflagration that also damaged nearby homes.

Perl in Elvish?

Writing with Elvish fonts. This would be perfect for those who aren't satisfied with ordinary means of obfuscating Perl.

Heck, why stop with fonts? Surely if we can write Perl in Latin, we can write Perl in Elvish, too.

W3C Design Principles

Bert Bos: What is a good standard? An essay on W3C's design principles.

Why doesn't HTML include tags for style? Why can't you put text inside SMIL? Why doesn't CSS include commands to transform a document? Why, in short, does W3C modularize its specification and why in this particular way? This essay tries to make explicit what the developers in the various W3C working groups mean when they invoke words like efficiency, maintainability, accessibility, extensibility, learnability, simplicity, longevity, and other long words ending in -y.

The single-page printable version is one place where you might want to use Mozilla's DOM Inspector to adjust CSS on the fly: you can edit any h2's CSS style rules to bring the section headers down to something reasonable, and maybe add a border or something else to visually mark the headers.

You could, of course, just save as "Web Page, complete" and edit the CSS files manually. I think the DOM inspector is more fun and saves me the trouble of sifting through several files.

Anyway, this all misses the point: it's an interesting essay.

Weekend Plans

I went this morning with Kiara and a couple friends to Darien's Dash, a 5 & 10K walk/run in South Saint Paul. Kiara and her friend Kim decided earler this year to walk or run this charity race as a motivating goal to get them to exercise together over the summer. I believe, however, that today is the first day all year that they've managed to walk together. Heh. Oh well.

We've all had our share of walking this year. I've lost 25 pounds since Christmas doing nothing different than walking a whole lot. I don't really pay close attention to my weight, I was just nebulously aware that I was around 30 pounds overweight and out of shape. Hence the resolution to exercise. I might still be less in-shape than I'd like, but I'm a whole lot better off. Especially since I get to combine my walks with spending lots of time with my son.

I did not walk in Darien's Dash, though. Instead I spent time in the bad coffee shop across the street, reading Details magazine out of desperation because I'd forgotten to bring my book. Time well spent: I learned about the International High IQ Society, an organization I understand even less than Mensa.

(Funny story: our friend S was at a party being subjected to someone's swooning over how so-and-so had been accepted into Mensa. "Isn't it wonderful," the swooner gushed, "he is so brilliant." S said that she didn't really see the big deal. "Well! Have you ever tested genius?" the swooner shot back. S said yes. "Oh.")

On the way back we stopped at Homesteader restaurant in Golden Valley, a great little family-owned place that serves very reasonably priced basic fare. Not much for vegetarians, but worth a visit if you're the meat-and-potatoes type.

Now Kiara and Owen are off at the Uptown Art Fair (something I learned to hate when I lived in Uptown), and I'm settling down to watch an episode of All Creatures Great and Small, happily ignoring all the things that perhaps I should be doing instead. Ah, this is living.

Coleman does the Right Thing.

I don't have a lot of respect for our Senator Norm Coleman. He's pretty much pissed me off since he first became mayor of Saint Paul, and little that I've heard him doing in Congress has improved my impression of him. I am glad, therefore, to see him exercise a bit of common sense by questioning the RIAA's "extreme approach" to quashing illegal filesharing, expectiing that the punishment fit the crime. Good for you, Norm. (Listen to an interview with Coleman on Future Tense, a RealAudio stream.)