afongen

Last night we went to a CD release concert for local jazz vocalist Debbie Duncan. She is arguably among the top 10 reasons to live in Minnesota. Phenomenal talent. Sadly, her CDs have been really hard to get. Hopefully that will be different with this new one, Travelin’ at the Speed of Love.

Dr. Dobb’s Technetcast has MP3s of keynotes and other interesting things from the O’Reilly’s recent Emerging Technology Conference. One of these days I have to find a way to make it to one of these things.

It’s exciting to see the conference being blogged by a whole slew of attendees. The “official” coverage is interesting enough, but I will be interested to see how O’Reilly integrates blogging in its future conferences. I’ve been wondering, too, if it would be worthwhile trying to do something like that at the next MnSCU IT conference. Donno who’d read it, though.

Update: Dave Winer writes about blogging conferences, and points to a weblog devoted to it.

I’ve talked about Jabber enough that I feel that I should give a brief overview for those who aren’t inclined to dig too far beyond the simple links that I’ve provided.

Jabber (jabber.org, jabbercentral.com) was originally set up as an instant messaging service that allows people on different IM networks (AIM, ICQ, MSN Messenger, etc.) to communicate. Otherwise, for example, AIM users can’t chat with ICQ users. Jabber is an open source, standards-based, XML-based IM framework — all messages, routing, etc. is handled with XML. There are Jabber clients for most platforms that people use in real life, and all the sorts of things you’d hope to find in an IM system: basic IM, chat, group chat, even whiteboard. Pretty slick, really.

Ah, but wait. That’s not all. Because Jabber is in essence a system for routing XML messages, there’s nothing that says that those messages need to be restricted to IM and chat. Jabber users don’t even have to be people. Any system that uses XML to exchange data can do so using Jabber — with all the built-in benefits of presence management, security framework, etc. Quick example: an app that tracks stock prices or network traffic, then notifies you when you come online of anything interesting — or sends you a text message, or communicates with a web service via XML-RPC, or whatever.

That’s why it’s cool for users and developers. Another advantage is that it’s free, open source, and extensible. An organization can set up its own Jabber server. Messages can also be encrypted with SSL and/or PGP. Instead of relying on an external service like AIM (perhaps a problem for security or reliability reasons), an organization could have its own self-contained IM system. Most Jabber development to date has been on Unix, but there are Windows and Java versions available, as well. For those who aren’t comfortable with free software, there is a commercial version and support available (jabber.com). And hey, get over it.

On the IM side, AOL has historically been antagonistic to Jabber, periodically changing the AIM protocols and necessitating a frantic couple days of reverse engineering (something that I’m no longer sure is legal under the DMCA, at least in the US). AOL has even blocked access from the jabber.org server, so if you want to communicate with AIM users you need to use another server. Perhaps set up your own.

That’s it in a nutshell. Peter Saint-André (whose name you’ll start to recognize) has written a very good user guide, which you should read if I’ve piqued your interest. Then install a Jabber client and send me a message. I don’t really feel like publishing my Jabber ID on the Web, so send me email first (sam@afongen.com). Ah what the hell. It’s afongen@myjabber.net afongen@jabber.org. I look forward to hearing from you.

I was chatting with someone today (she was using AIM, I was using Jabber) when it struck me that it’d be interesting to see how all chat slang’s changed since I was a heavy IRC user back in the day. brb, gtg, l8r, LOL, etc. What’s new, what’s old? I have a sneaking suspicion that the evolution is driven by teenage AIM users, which is why I’m unlikely to do any serious research. I’m sure some grad student somewhere’s already doing this.

The Open Web Application Security Project. Looks very worthwhile. Too many people are working in the dark when it comes to developing secure web apps. More than just sharing knowledge, though, the OWASP are building tools for testing and implementing security.

This reminds me. I’ve been reading Ross Anderson’s Security Engineering. Wonderful. My thanks to Alex Russell for recommending it.

I don’t think that I ever mentioned these must-read papers at cgisecurity.com. In particular I’d like to call your attention to “Fingerprinting Port 80 Attacks” and “Fingerprinting Port 80 Attacks, Part Two“. People complain that I worry too much about security. Yeah. Well, attacks like these are hitting our servers every hour of every day. It’s important to know what’s being tried so we can prevent successful attacks.

Apple’s posted a UNIX Porting Guide. It’s written to “guide developers in bringing applications written for UNIX-based operating systems to Mac OS X,” but even for the rest of us Unix geeks it’s interesting and useful.

In frames, unfortunately. At least they make a non-frames version available.

Star Wars rocked. I’m sure that there are gonna be some complaints from among the scarier fans about certain things, and sure there were things that annoyed me, but big deal. Who’s gonna like every second of a 2+ hour movie? On the whole, Episode II is great. Good action sequences, kinda dragging love story, really cool to see how the groundwork for the original 3 is being laid, not as bad a plot as many critics have been saying… I loved it. Definitely worth seeing. Not that there’s much choice for Star Wars fans, I suppose.

I’d write more but don’t want to spoil it for those who weren’t at the theater at midnight.

One thing was disappointing: I don’t think it sold out! The line for ticket holders stayed pretty constant at around 50 people up until 10pm, at which point people started getting in line. They were still selling tickets at 11:30, though. Sheesh. When Episode IV was rereleased, it was a madhouse. This was pitiful.

Even if you don’t plan to use mod_perl, this is all stuff that every Perl programmer should know: The Perl You Need to Know – Part one, part two, and part three.

Netscape 6.2.3 has been released. This is just a security fix, patching the XMLHttpRequest vulnerability. It’s still based on Mozilla 0.9.4. Glad though I am that Netscape released a more secure browser, I am waiting very anxiously for a new major version built on a more recent Mozilla. I mean, Mozilla’s in 1.0rc2!

I suppose (just a guess) that they’re waiting for a final release of Mozilla 1.0. If that’s the case, then OK. I can wait.

Why I care about Netscape 6: my job. A lot of offices — my own included — are waiting for the next major release of Netscape before upgrading from version 4. I also care because 6.2.3 still feels kinda klunky and is missing a lot of the good stuff from recent Mozilla builds, stuff that I expect to make it a favorite for a lot of people.

What’s that? Am I going to see Star Wars tonight? C’mon, do you really need to ask? You bet I am! 12:01 a.m., I’ll be there.