XML and software
XML, web and software in general, with notes on Radio Userland resources

Ken Novak's Weblog


daily link  Monday, August 30, 2004


Copernican Inversion: Interesting new tool for making offline demos and traning versions of web apps.  I wonder if it could be used for creating test suites and exercising web apps.  Based on proxy emulation.  From Dan Grigsby.  4:48:51 PM  permalink  

Axis Network Camera HTTP Authentication Bypass Vulnerability:  Amazing securty hole:  Axis makes widely used networked surveillance cameras.  They have an onboard website for administration -- and that website is easily compromised.  Furthermore, it's reported that many of these cameras are open on the public internet and can be found with google (not even a robots.txt file to prevent indexing).  Incredible that a security products company would release such a buggy product.  And it's also reported that the company didn't respond to hacker reports (normally companies issue info and an update before the hacker goes public.)   "A vulnerability has been identified in several Axis Network Cameras, which can be exploited by a malicious person to bypass user authentication. Normally a user is required to input a username and password before access is granted to "http://[victim]/admin/admin.shtml". However, by sending a HTTP request with an extra "/" before the "admin" folder, it is possible to bypass the authentication completely."

  10:10:56 AM  permalink  

Links to browser editing tools:

http://sourceforge.net/projects/itools-htmlarea/
http://dynarch.com/mishoo/htmlarea.epl
http://tinymce.moxiecode.com/
http://sourceforge.net/projects/spaw/

List-maker's comment: "HTML Area was real easy to configure and add to my blog software. It took maybe 30 minutes of fiddling."

  12:04:41 AM  permalink  


daily link  Sunday, August 29, 2004


Off-topic rant: Why are browsers such terrible writing instruments? Shirky's spot-on: "really, the browser has been around for a long time now; why should anyone even have to make an argument that autosave, undo, and re-sizing are good functions for an app to support?"  11:58:33 PM  permalink  

GmailFS: "GmailFS provides a mountable Linux filesystem which uses your Gmail account as its storage medium. "  Pretty neat - apparently similar hacks are available for yahoo or hotmail systems.  One more step to "the web as platform".  9:32:41 PM  permalink  


daily link  Saturday, August 28, 2004


RSS white paper: Clear introduction to RSS with comparison of aggregators.  9:45:17 AM  permalink  


daily link  Thursday, August 26, 2004


Horizontal innovation networks - by and for users:  2002 MIT paper on what I've been calling open production, related to the book Enabling Innovation.  Several examples, both techie and nontechie (like mountain bikes).  "Innovation development, production, distribution and consumption networks can be built up horizontally – with actors consisting only of innovation users (more precisely, “user/self-manufacturers”). “Free” and “open source” software projects are examples of such networks, and examples can be found in the case of physical products as well. User innovation networks can function entirely independently of manufacturers when (1) at least some users have sufficient incentive to innovate, (2) at least some users have an incentive to voluntarily reveal their innovations, and (3) diffusion of innovations by users is low cost and can compete with commercial production and distribution. When only the first two conditions hold, a pattern of user innovation and trial and improvement will occur within user networks, followed by commercial manufacture and distribution of innovations that prove to be of general interest. In this paper we explore the empirical evidence related to each of these matters and conclude that conditions favorable to user innovation networks are often present in the economy."  Related: a Jonathan Schwartz blog entry on how users are making IT decisions; personal uses of IT come to the office now, it's not just work going home.  6:50:41 PM  permalink  


daily link  Wednesday, August 25, 2004


GooFresh: Nifty little form for searching recent contents in Goggle.  Shows how use call from your own site's form.  I wish someone had javascript code so a browser could do the julian time conversion rather than relying on the script on ResearchBuzz's site.  4:35:03 PM  permalink  


daily link  Sunday, August 22, 2004


Handy Backup "is an easy-to-use program designed for an automatic backup of your critical data virtually to any type of storage media including CD-RW devices and remote FTP servers. You can use Handy Backup to make a reserve copy of any valuable data on your system. Special addons are provided to facilitate the backup of MS Outlook, system registry and ICQ files. Restoring is as easy as clicking a button, but you can also use a number of advanced options. The program can be also used to synchronize files between two computers on a network."  $30 one-time purchase.  11:36:38 PM  permalink  


daily link  Thursday, August 19, 2004


Visual Mining of E-Customer Behavior Using Pixel Bar Charts : Nifty visualization technique for seeing multidimensional relationships in large data sets.  (from Future Now)  10:47:14 PM  permalink  


daily link  Wednesday, August 18, 2004


Crypto researchers discover flaws: "MD5's flaws that have been identified in the past few days mean that an attacker can generate one hash collision in a few hours on a standard PC. To write a specific back door and cloak it with the same hash collision may be much more time intensive.   Still, Hughes said that programmers should start moving away from MD5. "Right now the algorithm has been shown to be weak," he said. "Before useful (attacks) can be done, it's time to migrate away from it." "  SHA-1 still looks good, but there are new approaches suggested toward cracking it. 

Technology Review: Fingerprinting Your Files has a c lear and simple explanation of MD5 and SHA-1 hash functions, and how they can be used in applications, system security, and compression.

  10:01:10 PM  permalink  

Streamripper: "an Open Source (GPL) application that lets you record streaming mp3 to your hard drive."  It divides the mp3 webcast into separate files for each song.  Instructions online.  6:59:57 AM  permalink  


daily link  Tuesday, August 17, 2004


Groove and other P2P hassles with XP SP2: Service pack 2 limits bandwidth for users with multiple simutaneous outbound connections.  When running a P2P package like Groove, all network applicaitons slow way down.  No resolution is posted yet.   3:59:36 PM  permalink  

m0n0wall: "m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format."  3:52:28 PM  permalink  

What ist fli4l?: "Fli4l is a single floppy Linux-based ISDN, DSL and Ethernet-Router. You can build it from an old 486 based pc with 16 megabyte memory, which is more than adequate for this purpose.  The necessary boot-disk can be built under Unix, Linux or Windows."  3:49:54 PM  permalink  

slayeroffice - web experiments gone horribly awry:  Neat collection of browser coding tricks, with how-to explanations.  Nice tool:  A suite of favelets.  11:39:22 AM  permalink  


daily link  Sunday, August 15, 2004


Social networking sites: a postmortem: One articulate users' decision to abandon social network sites, as "officially useless to me.. [Their] messaging functionality offers nothing but an extra spam channel .. What this indicates to me, incidentally, is something wonderful: that people are so manifold and multiple that the mere fact of friendship with someone is a remarkably poor predictor of affinity for that person's own friends. At least the people I seem to know. Walt Whitman would be delighted"  10:15:35 PM  permalink  

3D Holograms Detect Fake Signatures: Scanning handwritten text with lasers can measure the 3D structure of the writing.  From that it's possible to infer the pressure and direction of the writing.  With those attributes, identification of the author is much better than 2D analysis, approaching 100%.  Ancient manuscripts could be easier to identify; and maybe there's new life in the signature as a biometric ID?  [Thanks again Roland!  I'm catching up on a whole summer's worth of your excellent work!]  10:08:12 PM  permalink  

Protégé-2000: Intesting interactive Java-based data modelling tool for capturing ontologies.  Good online demo of a newspaper.  2:14:12 PM  permalink  

Microsoft OS for third world: "Microsoft is set to roll-out a 'no-frills', low-cost version of its Windows XP operating system for third world markets.   The new OS, Windows XP Starter Edition, offers lower-resolution graphics and restricts the ability to connect computers via a network. Also, the OS can only run three programmes at any one time.   The stripped-down edition of the operating system is an attempt to undercut the spread of Linux in developing countries.

Malaysia, Thailand, Indonesia and 2 other countries are in the rollout.  "As part of the program, certain schools in 67 developing nations can qualify for free upgrades to the regular Windows software and for copies of Microsoft Office that cost $2.50. " 

Gartner released a report on it, approving the concept, but criticizing certain limitations and the lack of an upgrade path to the full XP editions.  "Microsoft would continue to gather feedback from consumers over the next 12 months." 

  2:02:26 PM  permalink  


daily link  Saturday, August 14, 2004


NeroSoft TimeTrax: "TimeTrax is an application for the XM Satellite Radio XM PCR PC-based radio. This radio, available for under $50, plugs into a USB port on your PC and lets you tune into over 120 digital audio satellite channels, featuring music, talk, comedy and news.  Using TimeTrax, you can now record directly from your XM PCR radio onto your PC's hard drive in WAV or MP3 format." Software automatically breaks songs into separate MP3 files and collects metadata (artist, title, etc).  Can be scheduled to retain all songs by an artist, for example.  Software free (registered for $20), hardware $50, service $7/mo.  8:31:09 AM  permalink  

Dan Gillmor: Nice summary of the idea in his book, We the Media: "There are various ways to "make the news," but they're starting to blend. In the traditional sense it works this way: You can make news by doing something extraordinary (or ordinary, if you're a celebrity or politician), or by doing something evil or especially good. PR and marketing people help. We in the journalism business make the news every day, every hour, by reporting what we learn; newspapers are, in part, a manufacturing business. And "consumers" of news can make their own news reports by sifting through the growing variety of information now available to them.

Now, all of those news constituencies are starting to bleed into each other. The former audience is joining the journalism process, as is the Newsmaker who talks over our heads to the audience more directly via blogs and other new tools. The journalist has to pay much closer attention to it all, and must listen as much as lecture."

  8:01:19 AM  permalink  


daily link  Friday, August 13, 2004


Transparency Begets Trust in the Ever-Expanding Blogosphere:  Why are blogs good reading?  "A survey of 10,000 blog readers earlier this year conducted by Blogads found that 61 percent of respondents found blogs to be "more honest" than other media outlets. .. [Technorati exec] Hodder gives four reasons for trusting bloggers over general-assignment reporters:

  •  Niche expertise. Newspapers try to cover the whole world, while bloggers can be experts with a deep knowledge about a topic like open-source software or micro-biology.
  • Transparency in motives. Bloggers are upfront about their biases and subjective approach.. . Most journalists are constrained by an institutional objectivity. "I often read a reporter's story and wonder, what's their experience? Where are they coming from? What's the context? What do they really think?" Hodder says.
  • Transparency in process. Bloggers link to documents, sources and supporting evidence to buttress their own authority.
  • Forthrightness about mistakes. When bloggers err, the credible ones publish a mea culpa and take responsibility, with the corrected information alongside their original posting. Not so with newspapers, whose front-page mistakes are corrected in an inside page, or broadcast news, where mistakes are almost never acknowledged.

Hodder posted a chart of the most-frequently-referenced news sources and blogs, about 2/3 mainstream (NYT, Guardian) and 1/3 bloggers.

  7:57:58 PM  permalink  


daily link  Thursday, August 12, 2004


The Technology Behind Bloglines: Nice list, from their FAQ.  "Bloglines proudly uses and supports the following open source software:   8:41:16 PM  permalink  


daily link  Tuesday, August 10, 2004


Nokia Lifeblog: Nokia's got the concept that's been around since the 80s Media Lab, of recording your life online -- using their all-singing all-dancing Nokia 7610, of course (has 1 mpixel camera, video, real and mp3 player, voice recorder, triband, bluetooth, smtp and pop3, games, java, etc.)  10:23:30 PM  permalink  

Pepys' Diary: 344 years ago in London, a public servant named Samuel Pepys wrote a daily diary, lasting about ten years, with a day to day view of what life was like then.  it's now being replayed as a blog, with annotations, and even an RSS feed.  Should make an interesting contrast to today's bloggers.  9:49:01 PM  permalink  

Main Page - Wikipedia, the free encyclopedia: I hadn't visited Wikipedia in a long time, and it's looking much nicer than I remember.  The Random page link is a nice touch.  1:44:53 PM  permalink  

MRTG applications:  Scott Lemon has a note with sample code of using MRTG as a data collection and graphing tool for non-SNMP data sources (like scraped web pages and SQL queries).  9:03:54 AM  permalink  


daily link  Monday, August 09, 2004


I've started to use bloglines.com for reading RSS feeds. I still use Radio to write my blog, but Bloglines to read blogs, news, Google alerts and email newsletters.)  It's got a lot of great features. For example, to see what I'm reading lately, check out http://www.bloglines.com/public/KenNovak .

  2:47:39 PM  permalink  


daily link  Friday, August 06, 2004


Amazon's Web Services and XSLT: "Amazon Web Services (AWS) provide two ways to get XML versions of the information that Amazon's customers ordinarily get from HTML web pages: a SOAP interface and a REST interface."  80% of use is the simpler REST interface, where a carefully-composed URL yields XML.  What's more, you can specify a URL to an XSLT file and Amazon will filter the XML before returning it - very clever. 

The links in the article connect to Jon Udell's LibraryLookup : "bookmarklets for searching libraries. Apparently, quite a few libraries have ISBN lookup capabilities. Jon developed a piece of code that attaches itself to your browser menu bar. Then, when you are on, say, Amazon looking for a book, you can click on the bookmarklet and it will find out if your local library has it."  The bookmarklet Java script regex's to find the ISBN and constructs the URL to the library system of choice.  Cleverly, Jon added a link on his page so that users (mostly librarians) could hack up their own bookmarklets for their favorite libraries and submit them to his page.  His readers thus built a library of solutions they all share.  Great way to leverage a community to build shared value.

  11:44:18 PM  permalink  


daily link  Wednesday, August 04, 2004


Microsoft to implement SPF checking: "The company is strongly urging e-mail providers and Internet service providers to publish, by mid-September, Sender Policy Framework records that identify their e-mail servers in the domain name system. Microsoft will begin matching the source of inbound e-mail to the Internet Protocol addresses of e-mail servers listed in that sending domain’s SPF record by October 1.  Messages that fail the check will not be rejected but will be further scrutinized and filtered, says Craig Spiezle, director of Microsoft’s Safety Technology and Strategy Group."  However, a comment says that MS has not yet published SPF records themselves for any of their domains.  12:00:38 PM  permalink  

The Official Kwiki Web Site: "Kwiki is perhaps the simplest to install, most modular, and easiest to extend Wiki. A Wiki allows users to freely create and edit web pages in any web browser. Kwiki is Open Source Software written in Perl, and is available on CPAN. "  12:20:03 AM  permalink  


daily link  Tuesday, August 03, 2004


newsmap: A visual rendering of google news, with cool options for filtering categories or countries and reaching back in time.  11:04:21 PM  permalink  


daily link  Monday, August 02, 2004


SDSU MiTAP Home Page: "The MiTAP system is a research prototype for monitoring infectious disease outbreaks and other global threats. MiTAP focuses on providing timely global information access to analysts, medical experts and individuals involved in humanitarian assistance and relief work. Multiple information soures are automatically captured, filtered, summarized, and categorized into searchable newsgroups based on disease, region, information sources, person, and organization. .. The system currently processes thousands of articles daily, delivering up-to-date information to hundreds of users. Because MiTAP uses an intuitive news browser interface, users are able to use the system with little or no training."  11:46:04 PM  permalink  

Copyright 2005 © Ken Novak.
Last update: 11/25/2005; 12:04:59 AM.
0 page reads.