afongen

The Open Web Application Security Project. Looks very worthwhile. Too many people are working in the dark when it comes to developing secure web apps. More than just sharing knowledge, though, the OWASP are building tools for testing and implementing security.

This reminds me. I’ve been reading Ross Anderson’s Security Engineering. Wonderful. My thanks to Alex Russell for recommending it.

I don’t think that I ever mentioned these must-read papers at cgisecurity.com. In particular I’d like to call your attention to “Fingerprinting Port 80 Attacks” and “Fingerprinting Port 80 Attacks, Part Two“. People complain that I worry too much about security. Yeah. Well, attacks like these are hitting our servers every hour of every day. It’s important to know what’s being tried so we can prevent successful attacks.

Apple’s posted a UNIX Porting Guide. It’s written to “guide developers in bringing applications written for UNIX-based operating systems to Mac OS X,” but even for the rest of us Unix geeks it’s interesting and useful.

In frames, unfortunately. At least they make a non-frames version available.

Star Wars rocked. I’m sure that there are gonna be some complaints from among the scarier fans about certain things, and sure there were things that annoyed me, but big deal. Who’s gonna like every second of a 2+ hour movie? On the whole, Episode II is great. Good action sequences, kinda dragging love story, really cool to see how the groundwork for the original 3 is being laid, not as bad a plot as many critics have been saying… I loved it. Definitely worth seeing. Not that there’s much choice for Star Wars fans, I suppose.

I’d write more but don’t want to spoil it for those who weren’t at the theater at midnight.

One thing was disappointing: I don’t think it sold out! The line for ticket holders stayed pretty constant at around 50 people up until 10pm, at which point people started getting in line. They were still selling tickets at 11:30, though. Sheesh. When Episode IV was rereleased, it was a madhouse. This was pitiful.

Even if you don’t plan to use mod_perl, this is all stuff that every Perl programmer should know: The Perl You Need to Know – Part one, part two, and part three.

Netscape 6.2.3 has been released. This is just a security fix, patching the XMLHttpRequest vulnerability. It’s still based on Mozilla 0.9.4. Glad though I am that Netscape released a more secure browser, I am waiting very anxiously for a new major version built on a more recent Mozilla. I mean, Mozilla’s in 1.0rc2!

I suppose (just a guess) that they’re waiting for a final release of Mozilla 1.0. If that’s the case, then OK. I can wait.

Why I care about Netscape 6: my job. A lot of offices — my own included — are waiting for the next major release of Netscape before upgrading from version 4. I also care because 6.2.3 still feels kinda klunky and is missing a lot of the good stuff from recent Mozilla builds, stuff that I expect to make it a favorite for a lot of people.

What’s that? Am I going to see Star Wars tonight? C’mon, do you really need to ask? You bet I am! 12:01 a.m., I’ll be there.

It appears that RSS is not dead. There’s a new article on WebReference, “The Evolution of RSS“, and an upcoming O’Reilly Book: Content Syndication with XML and RSS.

Good. I remember getting caught up in the flurry of RSS activity a couple years ago, activity that seemed to suddenly stop. Sure, developers have been incorporating RSS into their sites by either creating a feed, using a feed, or both, but development of RSS itself stopped dead. Bummer.

You may point out that RSS is dead simple, so what more development did it need? Added complexity would only make it unusable. True. One of the things that makes XML-RPC nice to work with (as compared to, say, SOAP) is that development of the protocol stopped a few years ago, so it’s stable. What was disheartening to me is that I didn’t see a lot of interest in building cool new things with RSS. Maybe that’s changing.

Hoping to buy an extraterrestrial property but not sure where to start? Well, look no further!

A week or so ago a local newspaper published a couple stories about how a too-large number of public school students in Minnesota are being suspended (sent home from school as a disciplinary action). The articles express a justifiable concern that suspension is an unnecessarily harsh punishment for the sorts of behavior for which it’s being used.

I agree. Students are suspended far more often than they should be. Something that has escaped the public debate, though, is that out-of-school suspension is often the only disciplinary option available — because schools do not have the staff to supervise students who are removed from the classroom. Schools have often had to cut those positions because they don’t have money to pay for them. When faced with deciding whether to pay for a study hall / in-school suspension supervisor or a teacher, the districts and schools are correctly choosing to keep their teachers. One school in my local district ran out of money for paper a few months ago. Paper. Should they lay off a teacher, or go without basic school supplies? Schools shouldn’t be faced with this choice, but in a climate where state and local government are more concerned with funding a sports stadium than they are funding education, what do you expect?

What happens when a student needs to be removed from the classroom to cool down for a bit? No one can supervise them, so they’re sent home. What happens when a kid really doesn’t want to be in school but in-school suspension isn’t available? They quickly figure out how they can act out to get sent home.

I think that everyone agrees that suspension is being meted out too often, and that it does no one any good. I don’t understand, however, how the funding issue hasn’t been considered as a part of the problem. There’s a clear causal relationship. Don’t bellyache about how public schools are failing so don’t deserve to be funded: when they fail it’s because we don’t provide the means to succeed.

I’m holding off on working with Flash for a while, ’til I get some other things finished first and until I can buy a copy. I’ve worked with an evaluation copy enough to know that it will be fun and worthwhile to work with, so I do plan on buying it, but first I need to find a way to take advantage of some educational discounts that are available to me. I’ve also worked enough with Dreamweaver MX to know that it, too, is worth owning.

Why am I interested in developing with Flash? A few reasons:

1. See what its new accessibility features really do, find out what it takes to use those features as a developer and as an end user. I’ve been doing a lot of work with accessibility lately, training college & university webmasters in how to improve the accessibility of their web sites. Flash is becoming increasingly interesting and important to them (and to me!), so I very much want to explore its possibilities.
2. Explore ways in which content being delivered through Flash can be made available to those without the plugin. It’s possible for Flash to read XML documents as data sources, so if the plugin’s not available, how can I detect that and make the XML source doc available? I’m thinking of accessibility here, too, not only for the disabled but also for you Unix and anti-Flash users. I would like to come to a point where Flash is just one more means for delivering content. Take some data, generate output formatted as PNG, SVG, XHTML, PDF, RTF, and Flash. Why not?
3. Embed video. This is job-related. A coworker’s been doing a lot with RealVideo and SMIL, synchronizing video, a text transcript, and a series of GIFs (as a slide show). It’s beena royal pain in the ass. I want to see how much easier it would be to work with Flash, and whether we’d get better results.
4. Just play. As I believe that I wrote earlier, I’ve been entranced by the idea of writing a Jabber client in Flash. Just because I can. I know it’s already been done, but this’d be a great way to dig into ActionScript and see what it can do.

All of this will wait a couple months, though, ’til I buy a copy. The evaluation copy has been just enough to whet my appetite. Too, I’ve promised myself that I’m going to take advantage of the summer weather this year, actually get outside and be active. I don’t want to spend all my time in front of a computer. That’s far too easy.