|XML and software
XML, web and software in general, with notes on Radio Userland resources
Ken Novak's Weblog
Monday, August 30, 2004
Interesting new tool for making offline demos and traning versions of web apps. I wonder if it could be used for creating test suites and exercising web apps. Based on proxy emulation
. From Dan Grigsby
. 4:48:51 PM
Axis Network Camera HTTP Authentication Bypass Vulnerability: Amazing securty hole: Axis makes widely used networked surveillance cameras. They have an onboard website for administration -- and that website is easily compromised. Furthermore, it's reported that many of these cameras are open on the public internet and can be found with google (not even a robots.txt file to prevent indexing). Incredible that a security products company would release such a buggy product. And it's also reported that the company didn't respond to hacker reports (normally companies issue info and an update before the hacker goes public.) "A vulnerability has been identified in several Axis Network Cameras, which can be exploited by a malicious person to bypass user authentication. Normally a user is required to input a username and password before access is granted to "http://[victim]/admin/admin.shtml". However, by sending a HTTP request with an extra "/" before the "admin" folder, it is possible to bypass the authentication completely." 10:10:56 AM
Sunday, August 29, 2004
"GmailFS provides a mountable Linux filesystem which uses your Gmail account as its storage medium. " Pretty neat - apparently similar hacks are available for yahoo or hotmail systems. One more step to "the web as platform". 9:32:41 PM
Saturday, August 28, 2004
RSS white paper:
Clear introduction to RSS with comparison of aggregators. 9:45:17 AM
Thursday, August 26, 2004
Horizontal innovation networks - by and for users:
2002 MIT paper on what I've been calling open production, related to the book Enabling Innovation. Several examples, both techie and nontechie (like mountain bikes). "Innovation development, production, distribution and consumption networks can be built up horizontally – with actors consisting only of innovation users (more precisely, “user/self-manufacturers”). “Free” and “open source” software projects are examples of such networks, and examples can be found in the case of physical products as well. User innovation networks can function entirely independently of manufacturers when (1) at least some users have sufficient incentive to innovate, (2) at least some users have an incentive to voluntarily reveal their innovations, and (3) diffusion of innovations by users is low cost and can compete with commercial production and distribution. When only the first two conditions hold, a pattern of user innovation and trial and improvement will occur within user networks, followed by commercial manufacture and distribution of innovations that prove to be of general interest. In this paper we explore the empirical evidence related to each of these matters and conclude that conditions favorable to user innovation networks are often present in the economy." Related: a Jonathan Schwartz blog entry on how users are making IT decisions
; personal uses of IT come to the office now, it's not just work going home. 6:50:41 PM
Wednesday, August 25, 2004
Sunday, August 22, 2004
"is an easy-to-use program designed for an automatic backup of your critical data virtually to any type of storage media including CD-RW devices and remote FTP servers. You can use Handy Backup to make a reserve copy of any valuable data on your system. Special addons are provided to facilitate the backup of MS Outlook, system registry and ICQ files. Restoring is as easy as clicking a button, but you can also use a number of advanced options. The program can be also used to synchronize files between two computers on a network." $30 one-time purchase. 11:36:38 PM
Thursday, August 19, 2004
Wednesday, August 18, 2004
Crypto researchers discover flaws: "MD5's flaws that have been identified in the past few days mean that an attacker can generate one hash collision in a few hours on a standard PC. To write a specific back door and cloak it with the same hash collision may be much more time intensive. Still, Hughes said that programmers should start moving away from MD5. "Right now the algorithm has been shown to be weak," he said. "Before useful (attacks) can be done, it's time to migrate away from it." " SHA-1 still looks good, but there are new approaches suggested toward cracking it.
Technology Review: Fingerprinting Your Files has a c lear and simple explanation of MD5 and SHA-1 hash functions, and how they can be used in applications, system security, and compression. 10:01:10 PM
: "an Open Source (GPL) application that lets you record streaming mp3 to your hard drive." It divides the mp3 webcast into separate files for each song. Instructions online
. 6:59:57 AM
Tuesday, August 17, 2004
Groove and other P2P hassles with XP SP2:
Service pack 2 limits bandwidth for users with multiple simutaneous outbound connections. When running a P2P package like Groove, all network applicaitons slow way down. No resolution is posted yet. 3:59:36 PM
: "m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format." 3:52:28 PM
What ist fli4l?
: "Fli4l is a single floppy Linux-based ISDN, DSL and Ethernet-Router. You can build it from an old 486 based pc with 16 megabyte memory, which is more than adequate for this purpose. The necessary boot-disk can be built under Unix, Linux or Windows." 3:49:54 PM
Sunday, August 15, 2004
Social networking sites: a postmortem
: One articulate users' decision to abandon social network sites, as "officially useless to me.. [Their] messaging functionality offers nothing but an extra spam channel .. What this indicates to me, incidentally, is something wonderful: that people are so manifold and multiple that the mere fact of friendship with someone is a remarkably poor predictor of affinity for that person's own friends. At least the people I seem to know. Walt Whitman would be delighted" 10:15:35 PM
3D Holograms Detect Fake Signatures
: Scanning handwritten text with lasers can measure the 3D structure of the writing. From that it's possible to infer the pressure and direction of the writing. With those attributes, identification of the author is much better than 2D analysis, approaching 100%. Ancient manuscripts could be easier to identify; and maybe there's new life in the signature as a biometric ID? [Thanks again Roland
! I'm catching up on a whole summer's worth of your excellent work!] 10:08:12 PM
Intesting interactive Java-based data modelling tool for capturing ontologies. Good online demo of a newspaper. 2:14:12 PM
Microsoft OS for third world: "Microsoft is set to roll-out a 'no-frills', low-cost version of its Windows XP operating system for third world markets. The new OS, Windows XP Starter Edition, offers lower-resolution graphics and restricts the ability to connect computers via a network. Also, the OS can only run three programmes at any one time. The stripped-down edition of the operating system is an attempt to undercut the spread of Linux in developing countries."
Malaysia, Thailand, Indonesia and 2 other countries are in the rollout. "As part of the program, certain schools in 67 developing nations can qualify for free upgrades to the regular Windows software and for copies of Microsoft Office that cost $2.50. "
Gartner released a report on it, approving the concept, but criticizing certain limitations and the lack of an upgrade path to the full XP editions. "Microsoft would continue to gather feedback from consumers over the next 12 months." 2:02:26 PM
Saturday, August 14, 2004
"TimeTrax is an application for the XM Satellite Radio XM PCR
PC-based radio. This radio, available for under $50, plugs into a USB port on your PC and lets you tune into over 120 digital audio satellite channels, featuring music, talk, comedy and news. Using TimeTrax, you can now record directly from your XM PCR radio onto your PC's hard drive in WAV or MP3 format." Software automatically breaks songs into separate MP3 files and collects metadata (artist, title, etc). Can be scheduled to retain all songs by an artist, for example. Software free (registered for $20), hardware $50, service $7/mo. 8:31:09 AM
Nice summary of the idea in his book, We the Media: "There are various ways to "make the news," but they're starting to blend. In the traditional sense it works this way: You can make news by doing something extraordinary (or ordinary, if you're a celebrity or politician), or by doing something evil or especially good. PR and marketing people help. We in the journalism business make the news every day, every hour, by reporting what we learn; newspapers are, in part, a manufacturing business. And "consumers" of news can make their own news reports by sifting through the growing variety of information now available to them.
Now, all of those news constituencies are starting to bleed into each other. The former audience is joining the journalism process, as is the Newsmaker who talks over our heads to the audience more directly via blogs and other new tools. The journalist has to pay much closer attention to it all, and must listen as much as lecture." 8:01:19 AM
Friday, August 13, 2004
Transparency Begets Trust in the Ever-Expanding Blogosphere: Why are blogs good reading? "A survey of 10,000 blog readers earlier this year conducted by Blogads found that 61 percent of respondents found blogs to be "more honest" than other media outlets. .. [Technorati exec] Hodder gives four reasons for trusting bloggers over general-assignment reporters:
- Niche expertise. Newspapers try to cover the whole world, while bloggers can be experts with a deep knowledge about a topic like open-source software or micro-biology.
- Transparency in motives. Bloggers are upfront about their biases and subjective approach.. . Most journalists are constrained by an institutional objectivity. "I often read a reporter's story and wonder, what's their experience? Where are they coming from? What's the context? What do they really think?" Hodder says.
- Transparency in process. Bloggers link to documents, sources and supporting evidence to buttress their own authority.
- Forthrightness about mistakes. When bloggers err, the credible ones publish a mea culpa and take responsibility, with the corrected information alongside their original posting. Not so with newspapers, whose front-page mistakes are corrected in an inside page, or broadcast news, where mistakes are almost never acknowledged.
Hodder posted a chart of the most-frequently-referenced news sources and blogs, about 2/3 mainstream (NYT, Guardian) and 1/3 bloggers. 7:57:58 PM
Thursday, August 12, 2004
Tuesday, August 10, 2004
: Nokia's got the concept that's been around since the 80s Media Lab, of recording your life online -- using their all-singing all-dancing Nokia 7610
, of course (has 1 mpixel camera, video, real and mp3 player, voice recorder, triband, bluetooth, smtp and pop3, games, java, etc.) 10:23:30 PM
: 344 years ago in London, a public servant named Samuel Pepys wrote a daily diary, lasting about ten years, with a day to day view of what life was like then. it's now being replayed as a blog, with annotations, and even an RSS feed
. Should make an interesting contrast to today's bloggers. 9:49:01 PM
Scott Lemon has a note with sample code of using MRTG as a data collection and graphing tool for non-SNMP data sources (like scraped web pages and SQL queries). 9:03:54 AM
Monday, August 09, 2004
Friday, August 06, 2004
Amazon's Web Services and XSLT: "Amazon Web Services (AWS) provide two ways to get XML versions of the information that Amazon's customers ordinarily get from HTML web pages: a SOAP interface and a REST interface." 80% of use is the simpler REST interface, where a carefully-composed URL yields XML. What's more, you can specify a URL to an XSLT file and Amazon will filter the XML before returning it - very clever.
The links in the article connect to Jon Udell's LibraryLookup : "bookmarklets for searching libraries. Apparently, quite a few libraries have ISBN lookup capabilities. Jon developed a piece of code that attaches itself to your browser menu bar. Then, when you are on, say, Amazon looking for a book, you can click on the bookmarklet and it will find out if your local library has it." The bookmarklet Java script regex's to find the ISBN and constructs the URL to the library system of choice. Cleverly, Jon added a link on his page so that users (mostly librarians) could hack up their own bookmarklets for their favorite libraries and submit them to his page. His readers thus built a library of solutions they all share. Great way to leverage a community to build shared value. 11:44:18 PM
Wednesday, August 04, 2004
Microsoft to implement SPF checking:
"The company is strongly urging e-mail providers and Internet service providers to publish, by mid-September, Sender Policy Framework records that identify their e-mail servers in the domain name system. Microsoft will begin matching the source of inbound e-mail to the Internet Protocol addresses of e-mail servers listed in that sending domain’s SPF record by October 1. Messages that fail the check will not be rejected but will be further scrutinized and filtered, says Craig Spiezle, director of Microsoft’s Safety Technology and Strategy Group." However, a comment says that MS has not yet published SPF records themselves for any of their domains. 12:00:38 PM
Tuesday, August 03, 2004
: A visual rendering of google news, with cool options for filtering categories or countries and reaching back in time. 11:04:21 PM
Monday, August 02, 2004
SDSU MiTAP Home Page
: "The MiTAP system is a research prototype for monitoring infectious disease outbreaks and other global threats. MiTAP focuses on providing timely global information access to analysts, medical experts and individuals involved in humanitarian assistance and relief work. Multiple information soures are automatically captured, filtered, summarized, and categorized into searchable newsgroups based on disease, region, information sources, person, and organization. .. The system currently processes thousands of articles daily, delivering up-to-date information to hundreds of users. Because MiTAP uses an intuitive news browser interface, users are able to use the system with little or no training." 11:46:04 PM