- Avoiding Vista?
- Ajax Web suite boosts customer interactions
- A security note about ftp and CushyCMS
- Wait-listed for Google App Engine
- Free Web-based content management for sites
- Cross-domain madness
- Writing Secure ActiveX Controls
- Three Useful Web Books
- Popfly Beta is Public
- Microsoft Popfly Released
May 15, 2008 | Comments: (0)
InfoWorld recently ran an article by Eric Lai of our sister publication ComputerWorld called Developers explain why they're avoiding Vista. I'm afraid that for me, and probably for most of you, this falls in the "D'oh" department.
The subhead of the article is "Fewer than 1 in 12 programmers is currently writing applications targeting Microsoft's Vista operating system." Again, "D'oh."
If I'm going to develop a product, I want someone to pay for it. That can be the company that wants it, or end users, or both. (OK, I've occasionally been suckered into developing for equity, but the equity never materializes, and I'd better stop here before I say something that would upset IDG's lawyers.)
Here's the current overall Windows market share picture, as tracked by PC Pitstop:
That's not yet a compelling case for writing software that requires Windows Vista: 80% of the total market wouldn't or couldn't run it. I would expect the situation to be worse for business, and it is:
So over 90% of the business market couldn't or wouldn't run a Vista application.
The new technology introduced with Windows Vista is seriously cool, and I'm learning about it all the time. But there has to be a market before I'll devote large chunks of my time to developing for it, unless the technology makes something possible that was previously impossible, or makes something easy that was previously prohibitively time-consuming.
What do you think? Are you developing with Vista technologies?
Posted by Martin Heller on May 15, 2008 11:07 AM
April 30, 2008 | Comments: (0)
Ajax Web suite boosts customer interactions
Last week at the Web 2.0 Expo, Ajax framework vendor Backbase introduced a new application suite called Customer Engagement 2.0. As far as I can tell, the 2.0 in the name has nothing to do with the version, as this is all new; it has everything to do with the suite being about Web 2.0, meaning Ajax and Web-based interactivity. The applications are built on top of Backbase Enterprise Ajax.
According to the company, Backbase’s Customer Engagement 2.0
"delivers a comprehensive Suite of Rich Applications that brings customer facing web applications to the next level. Customer Engagement 2.0 helps companies create, manage, and deliver online applications more effectively, so they can truly interact and connect with their customers. Customer Engagement 2.0 is about building a strong connection that drives purchase decisions and stimulates active participation. Engaged customers are one of the biggest assets a company or organization can have in today's competitive marketplace."
The suite has four components: a dashboard or portal presentation tier for mashup applications, including existing widgets and widgets built with the Backbase Enterprise Ajax framework; a forms presentation tier for user-friendly Web applications requiring data capture; a co-browse application; and a chat application.
The suite is still in beta, and the products will also be available separately. There is additional information on the company Web site, and the company would be happy to offer in-depth demos.
Posted by Martin Heller on April 30, 2008 08:18 AM
April 11, 2008 | Comments: (0)
A security note about ftp and CushyCMS
In my first look at CushyCMS on Monday, I mentioned that "personal site already had ftp access set up the way CushyCMS expected to see it." This raises an issue that I chose to skip in the interest of brevity. A reader with a Web-based financial application has questioned me about it in email, so it seems worthwhile to discuss it here.
As you probably know, ftp is an ancient protocol by Internet standards. Many Web hosts offer password-protected ftp as the primary way you can upload content to your Web site. Some other Web hosts don't allow it at all, on the grounds that it is insecure because it sends passwords over the wire in plain text. These hosts usually offer at least one of the following alternatives: ftp access only over a secure VPN; sftp (secure ftp) access; access via FrontPage extensions; and WebDAV access.
For a Web-based financial application, opening up password-protected ftp access to the whole site would be a really bad idea: it could potentially compromise the security of users' financial information. On the other hand, opening up password-protected ftp access to a subdirectory of the site that contains only publicly available material could be OK.
That's certainly what I would do if I had a Web-based financial application and wanted to give a content editor access to a news page via CushyCMS: I'd put the news page in a subdirectory that had no sensitive information, create a password-protected ftp instance that accessed only that subdirectory, and then establish a CushyCMS connection to that ftp instance.
How do you feel about secure editing of Web content? What's your preferred access method, and why do you prefer it?
Posted by Martin Heller on April 11, 2008 08:03 AM
April 09, 2008 | Comments: (0)
Wait-listed for Google App Engine
I made a teensy-weensy mistake when I started to look at Google App Engine: I downloaded and installed the SDK and read through the Getting Started Guide fairly thoroughly before signing up for an account. As a result, I've been wait-listed. I think that means that more than 10,000 others have already signed up for the free App Engine beta. Oh well, I can still develop locally until my invitation comes through.
As about a million other bloggers have already discussed, Google App Engine feels like a direct competitor to Amazon's three Web services (EC2, SimpleDB and S3) all rolled into one Python framework.
I think it would be really nice to be able to target the Google infrastructure "cloud" for a Web application at need, just as it's really nice to be able to target the Amazon infrastructure and the SalesForce.com infrastructure at need. I can see different uses for the various platforms as currently constituted; I can also see why the choice might confuse people.
I like the choice of Python as the first implementation language, unlike many other bloggers who seem to be whining about the lack of Ruby and PHP support. I also like the way Google has given us a local server for development, and given us access to most of Django (a Web-development framework), WebOb (which provides objects for HTTP requests and responses), and PyYAML (a parser) as well as most of the standard Python runtime libraries. I think I can learn GQL without a problem: it's basically a subset of SQL.
I'll pass over the way the HuddleChat demo ripped off the 37Signals Campfire real-time chat application, for two reasons. First, about half a million other bloggers have already complained about it; second, Google has already bowed to the pressure and pulled the app.
I wonder what the 10,000 others who have already signed up for the free App Engine beta are going to do with it. In fact, I wonder what I'll do with it when I eventually get access.
What's a potentially profitable Web server application that needs great scalability, doesn't need table joins, and hasn't already been done to death?
Posted by Martin Heller on April 9, 2008 12:02 PM
April 07, 2008 | Comments: (0)
Free Web-based content management for sites
Let's start with the press release:
On Tuesday, April 8, Stateless Systems will launch a private beta of CushyCMS, a fast, simple and free Content Management System that aims to make Web designers’ lives a lot more comfortable.
Unlike other CMSs, Web designers can implement Cushy in minutes, without any hosting requirements or software installation, and it is easy enough for non-technical content editors to use without any training or programming skills. Web designers can give content editors access to separate pages or parts of a page at a granular level (headings, images, sidebars, etc), enabling them to produce standards-compliant, search engine-friendly content all in the browser. With Cushy, Web designers spend less time managing content changes, freeing them to focus on more important development projects. And did we mention we're giving it away?
To see how Cushy can help you edit a site in under three minutes, please click here: http://www.statelesssystems.com/cushy/
My first question for Stateless Systems was "What's the business model?" Co-Founder Guy King said:
Business model is in the future to introduce paid monthly plans. Rather then restricting existing users we plan on allowing extra features to paying subscribers such as the ability for them to brand the interface and use a custom domain. Other features will be largely based on the user feedback we receive plus the time to develop.
In other words, what you see now will always be free; added value will cost some money.
I tried the system out briefly myself, and it worked very nicely. I can see this being useful for allowing a content editor to change specific parts of a site without allowing them to mess up the overall design. In many situations you might do this with blogging software, but this is a much lighter-weight solution.
I created a test page using my standard HTML template on my personal site, then went through the process of tying that page to CushyCMS. My personal site already had FTP access set up the way CushyCMS expected to see it.
Here is the CushyCMS Web control panel (click on the image to see a larger version):
I went through the drill of adding classes and titles to the two fields I wanted to make editable, and was able to edit the fields in CushyCMS:
After publishing my changes, the HTML looked like this:
And finally, the page displayed like this:
The fact is, I didn't use half of the capabilities of CushyCMS in this little test. It can also edit image tags, for example, and both client-side and server-side script. Of course, the more of the site you expose, the more dangerous changes made this way can be.
The first 150 people to visit www.cushycms.com and enter the code BETA on April 8 will be granted early access. Cushy will be launched to the public on April 15.
Posted by Martin Heller on April 7, 2008 10:00 PM
March 22, 2008 | Comments: (0)
One of the sites for which I consult recently licensed a Flash component from a third party. Of course, the vendor wanted to restrict the component licensing to avoid having the component re-used by others.
So far, so good. But this site, being large and old, has many domains and subdomains. It would be bad enough if it were just sampledomain.com and www.sampledomain.com, but then there's staging.sampledomain.com for testing and www1.sampledomain.com for bypassing the load-balancing switch and weblog.sampledomain.com for blogs, plus a bunch of variants to protect against cybersquatters.
Would the vendor license the Flash component to *.sampledomain.com? No, that isn't the way they do things. Why don't we create a new subdomain special.sampledomain.com and use it to host the Flash component in the fixed directory they'd license?
That was fine with everyone, except that it didn't work: JavaScript running on www.sampledomain.com couldn't load a Flash control from special.domain.com. The vendor came up with a fix: add a crossdomain.xml file to the special.sampledomain.com root authorizing *.sampledomain.com.
That didn't work either. The next piece of the fix was to place the configuration XML file in the same directory as the Web page loading the Flash component instead of the same directory as the Flash component itself. Finally, the Flash component loaded, only it wouldn't return any information to the JavaScript of the calling page.
What was its problem? Our theory was that Flash thought it was being used for a cross-domain scripting attack. Thanks a bunch, Adobe.
The vendor provided a new license key that allowed www.sampledomain.com as well as special.sampledomain.com, which potentially fixed the problem for 90% of our users. The other 10%, however, would have gotten a message that said that that the component was unlicensed, and that they should report the problem to the webmaster.
That was too ugly to accept. As a temporary fix, I wrote some server-side code to check the SERVER_NAME variable and redirect the page to www.sampledomain.com if it didn't match. That worked, and although I considered it a hack we promoted the new pages to the production site.
Meanwhile, the vendor researched the problem and determined that there was no technical fix. Finally, they did what we had initially asked for: they created a new Flash component licensed to *.sampledomain.com.
It came in Friday after I'd gone home. I'll install it Monday, and change the server-side code to only redirect URLs that aren't in *.sampledomain.com.
Happy ending? I sure hope so.
Posted by Martin Heller on March 22, 2008 05:16 PM
February 06, 2008 | Comments: (0)
Writing Secure ActiveX Controls
This recent news story touches on a long-standing problem:
The fact is, writing secure ActiveX controls is an art, not a science. To succeed, a software developer has to look beyond the intended purposes of the interfaces, to other purposes for which they might be used.
Say, for instance, that I wrote an interface to upload files to a site, intended to be run on a well-known safe site. If I had written it in a broad way so that it could be used to silently upload any file to any site, then a malicious site could detect the control and use it to upload Quicken files to steal peoples' financial information.
One safeguard is to be noisy about what you're doing. My ActiveX controls pop up simple OK/Cancel permission dialogs the first time they are invoked in a browser session; the dialogs say what they are going to do and what sites they were intended to work on. That's simple, and only mildly annoying. Of course, users tend to get jaded and accept such dialogs without thinking, but darkening the screen and sounding the klaxon horn of doom probably won't help in the long term.
Another safeguard is to actually check the site currently in use. That's a little harder, but it's possible. Internet Explorer supports a service called IWebBrowser2, which has an interface called get_LocationURL. This returns the URL of the calling page as a BSTR, and you can then use InternetCrackUrl from the wininet library to extract the domain and see if it's on your white list of safe or licensed domains.
A third safeguard is to restrict the functionality of the interface. Perhaps I want the control to upload images. If that's the case, I could restrict the file types it will upload to .GIF, .JPG, .PNG, and .TIFF. The control could also double check that the files were valid before uploading them: there's a reason that .TIFF files all have the number 42 in a specific place.
And yes, 42 is the answer to "life, the universe, and everything."
Do you write ActiveX controls? If so, how do you protect them from malicious use?
If you write Flash controls, how do you protect them?
Posted by Martin Heller on February 6, 2008 07:10 AM
October 30, 2007 | Comments: (0)
My old friend and Windows Magazine colleague John Ruley is in Guatemala for a month on a medical mission at San Lucas Toliman. Before he packed to leave, he asked me if I could recommend any books on Web design.
I came up with two at the time: Head First HTML and Designing Web Navigation, both from O'Reilly. I'd add a third one if he asked again today: High Performance Web Sites. Enjoy.
Posted by Martin Heller on October 30, 2007 12:48 PM
October 18, 2007 | Comments: (0)
I've been playing with Microsoft Popfly since early in its alpha test. It has gotten more and more stable and more and more capable as time went on; at this point it can sometimes produce reasonable mashups fairly quickly without crashing, although often what you get is not quite what you expected or hoped for. Popfly is based on Silverlight technology.
Popfly has progressed to beta test and is now open to all. This release about Popfly and Silverlight just came in from Microsoft's PR firm:
Good morning,
Today, Microsoft is pleased to announce the public beta release of Popfly. Popfly is a tool built on Microsoft Silverlight, which provides a fun and easy way for anyone to build and share mashups, gadgets, Web pages and applications. Popfly provides anyone, even if they have no programming experience, with a simple way to create mashups without code and share on social networks like Windows Live Spaces and Facebook.
Popfly enables users to:
· Add some pizzazz to your Facebook profile, blog, or personal Web page by adding games, slideshows, your Halo 3 stats, and your eBay auctions.
· Build a Web page for your club or organization like a soccer team that would include a schedule, photos and videos from past games, directions to upcoming matches, and more.
· Leverage blocks from Popfly partners, such as Twitter, Facebook and Dapper, to drive awareness of and traffic to your site.
Attendees at the O’Reilly Web 2.0 Summit on October 17-19 in San Francisco will be able to get a first-hand look at Popfly and its new features.
Changes to Popfly from the initial alpha release include:
· Facebook integration – users can publish Popfly applications directly to Facebook
· Gadgets - Popfly can create both Windows Vista Sidebar gadgets and Windows Live gadgets.
· Even simpler user interface - tweaking helps you modify someone else’s mashup even more easily.
For more information and to get started with Popfly today, please visit: www.popfly.com.
Only one month after the launch of Silverlight 1.0, the number of partners participating in the Microsoft Silverlight Partner Initiative has already grown to more than 50 organizations, and over 40 customers have delivered Silverlight applications worldwide. To help even more organizations take advantage of Silverlight, Microsoft is announcing that Silverlight 1.0 is now available in 10 languages.
To view the Microsoft press release from the Web 2.0 Summit, please visit: http://www.microsoft.com/presspass/press/2007/oct07/10-18Web2dot0PR.mspx
To see how O’Reilly is using Silverlight and Popfly at the Web 2.0 Summit, please visit www.popfly.ms/users/Team/web2summit.content.
Posted by Martin Heller on October 18, 2007 07:42 AM
May 18, 2007 | Comments: (0)
John Montgomery is an old friend who is currently at Microsoft. He has alluded to working on a project codenamed "Tuscany" in his blog, but has been quiet about what it actually is, until this morning.
Welcome to Popfly demonstrates the technology.
The Genesis of Popfly or What I've Been Doing for the Last Year explains what Popfly is and how it came about.
Why I Think Popfly is Cool gives John's top-ten list.
And, the Popfly Alpha is at http://www.popfly.ms/.
The short summary is that Popfly is an easy way to build and share mashups, gadgets, Web pages, and applications. It requires Microsoft SIlverlight 1.0 Beta, which is available to anyone, but Popfly itself is currently in private alpha. I have sent my request to join in through the normal mechanism (by trying to log in at the Popfly home page), but haven't yet gotten access.
I'll let you know more when I have gotten my hands on it.
Posted by Martin Heller on May 18, 2007 11:56 AM
May 04, 2007 | Comments: (0)
Getting Started with Silverlight
Shawn Wildermuth, who wrote the excellent book Pragmatic ADO.NET (Addison-Wesley, 2003, 357 pp, $44.99, ISBN 0-201-74568-2), has been working closely with the Silverlight team at Microsoft. Just in time for the release of Silverlight at MIX07, O'Reilly has released Shawn's "short cut" on Silverlight electronically on the Web.
Getting Started with Silverlight (O'Reilly, 2007, 62 pp, $9.99, ISBN 0-596-51068-3) "introduces you to Silverlight's key features and shows you how to tap into its functionality to spice up your HTML and ASP.NET pages." The book is written to the February Silverlight CTP, which was a preview of Silverlight 1.0, so it covers programming Silverlight with JavaScript, but not programming Silverlight with managed code or using extensible controls.
I'm a fan of Shawn's technical writing, and Getting Started with Silverlight confirms my high opinion. Shawn has a good feeling for what you need to know, and how to present it clearly.
Here's the table of contents:
Why Silverlight? ............................ 2
What Is Silverlight? ........................ 3
Working with Silverlight XAML........... 7
Comparing Silverlight and WPF......... 17
Development Model ..................... 19
Using Silverlight with ASP.NET ........ 42
Using Tools ................................ 54
Finding Examples in the World ........ 61
Summary ................................... 61
For Further Reading ..................... 62
Here's a very short excerpt:
Finding Examples in the World
Beyond the resources that are available from the Silverlight DevCenter (http://msdn.microsoft.com/silverlight), there are a number of very good examples of Silverlight working on the Web today. They include:
• Dr. Greenthumb (a Silverlight Game): http://labs.blitzagency.com/?p=50 (http://tinysells.com/82)
• Silverlight Scratchpad: http://notstatic.com/archives/65 (http://tinysells.com/83)
• Silverlight Egg Timer: http://blogs.interfacett.com/simon/2006/12/11/wpfe-egg-timer.html (http://tinysells.com/84)
Posted by Martin Heller on May 4, 2007 07:00 AM
May 03, 2007 | Comments: (0)
http://www.randomthirdparty.com/ is the sample site that Yaron Goland used in his demonstration of Windows Live Data, which I discussed Tuesday. He says that it's "public and available for anyone to play with at will. No password or anything."
There will also be sample code, but it hasn't yet been posted. You can learn a lot by viewing the source for the sample site that's already up, but much of the art happens on the server, to process the responses, and you can't see that easily. That's what the sample code will be for.
Posted by Martin Heller on May 3, 2007 11:14 AM
May 01, 2007 | Comments: (0)
At Microsoft's MIX07 conference, Yaron Goland gave a talk entitled Opening up Windows Live Data. The description was:
Data wants to be free! So come to this technical deep dive to learn how you can POST/GET/PUT/DELETE your way into Windows Live. We cover how you can ask users for permission to access and then interact with their Windows Live services (e.g. address book, Spaces, etc.).
Interestingly enough, this talk wasn't announced in advance, but was posted at the last minute. Microsoft normally only does that when they don't want to let the cat out of the bag prematurely about a new product or service.
"Data wants to be free!" is of course a takeoff on Stewart Brand's 1984 pronouncement "Information wants to be free" at the first Hacker's Conference. But that isn't really what Yaron was talking about. He was introducing the new Windows Live Data service, which is part of the Windows Live SDK. Microsoft describes this as:
Windows Live Data provides a mechanism by which developers can ask Windows Live users for permission to access the user's Windows Live services and data on the user's behalf. Currently Windows Live Data exposes Windows Live Contacts which is the central address book for all Windows Live services. Access to additional Windows Live services will be added for the upcoming Beta and other future releases.
To ask users for permission to access their data, as described in Requesting Permission to Access Users' Windows Live Data, you basically send the user to a Microsoft page, providing the return address on your site, for example:
<a href="https://ux.cumulus.services.live.com/pgux/default.aspx?rl=https://www.sample.com/permit.aspx&pl=https://www.sample.com/privacy.html&ps=LiveContacts.ReadOnly">
Grant Permission</a>
Then you grab the ResponseCode, DomainAuthenticationToken and OwnerHandle fields from the posted form you get back. If the ResponseCode is "RequestApproved", you can go ahead and use the DomainAuthenticationToken and OwnerHandle to request data.
The OwnerHandle is basically an email address at this point, and it becomes part of the URI for requesting the data. The DomainAuthenticationToken is supplied as a header to the HTTP request. So, for example, you could ask for an address book for user wlddemo@hotmail.com by sending a GET request to:
https://cumulus.services.live.com/wlddemo@hotmail.com/LiveContacts
with C# code like this:
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); request.Method = "GET"; request.Headers.Add("Authorization", "DomainAuthToken at=\"" + token + "\""); try { HttpWebResponse response = (HttpWebResponse)request.GetResponse(); //request succeeded, process response ... } catch (WebException ex) { //request failed, handle error ... }
What you'll get back from this request is an XML document, which you can then parse, or connect to a control.
Obviously, there's a lot more: Yaron did talk about POST/GET/PUT/DELETE, not just GET, and the documentation explains two other ways of authenticating. The Windows Live Data documentation goes into detail, and I expect that at some point there will be a sample site.
Posted by Martin Heller on May 1, 2007 02:48 PM
May 01, 2007 | Comments: (0)
At Microsoft's MIX07 conference, the keynote was mostly about Silverlight. What is Silverlight, and why should we care about it?
Officially, Silverlight "is a cross-browser, cross-platform plug-in for delivering the next generation of .NET based media experiences and rich interactive applications for the Web." In other words, it's a browser plug-in that enables a subset of the capabilities of the Windows Presentation Foundation over the Web. It was previously called WPF/E.
From the user's viewpoint, to enable Silverlight, you download and install a 1.4 MB plugin, and then you can view Silverlight content in IE, Firefox or Safari. From a developer's viewpoint, once you have the tools installed, you instantiate Silverlight by including some JavaScript helper files from your HTML, and then you can display and script XAML files in your Web pages.
Microsoft cites four key benefits of Silverlight:
1. Compelling cross-platform user experiences
2. Flexible Programming Model with Collaboration Tools
3. High-quality media, low-cost delivery
4. Connected to data, servers, and services
Two versions of Silverlight were announced Monday: the V1.0 beta, and the V1.1 Alpha. What's the difference? The diagram below summarizes what's in each release:
.png)
Again, why should we care? If you're a cynic, Silverlight just looks like Microsoft's answer to Flash. But if you like the idea of XAML-based display, or the idea of programming in managed code, then Silverlight offers a compelling model for programming the Web client.
Posted by Martin Heller on May 1, 2007 12:38 PM
April 30, 2007 | Comments: (0)
Giving Second Life a Second Chance
At the end of March, I wondered aloud whether companies like IBM were really serious about doing PR in Second Life (SL). That got me quite a few comments, mostly from people who, on even cursory examination, clearly have stakes in SL.
"illuminator" agreed that SL isn't work-safe, or home-safe with children in the house, but encouraged me to spend more time and explore the system, having found it fascinating himself. Traven Sachs explained some of what is going on with the deceptively porn-heavy "popular places" list in SL, and offered to show me around the system. Sachs runs Wolfhaven Productions, which is a vendor of SL artifacts.
QTLabs, an IT consultant specializing in 3D virtual worlds, likened porn in SL to streetwalkers in any large city, and offered the opinion that "Second Life and 3D virtual worlds are changing the way humans communicate and share information." 57 Miles, a blogger who writes about SL, said "For some it just grabs you. It did me. For others it takes some perseverance before you become fully immersed." 57 Miles also offered to help me out on SL.
Jane Janus, who runs seminars in SL, admitted that SL is buggy, and opined that "the search engine really is awful." But then she went on to claim that
Barack Obama is rolling out a second life campaign strategy because the demographics of users are 20 - 32, his target market.
Universities are putting their digital libraries on second life. Virtual classrooms are far superior than current online courses.
The opportunites are endless. And inevitable.
Ahem. That's probably going farther than I'm willing to accept, and verges on "resistance is futile." Borg, anyone?
Phoenix Psaltery invited me to check out the Metaverse Messenger (M2), a weekly newspaper that covers events in SL. Psaltery is a staff writer for M2. Alliez Mysterio, a real-estate developer in SL, offered to show me around SL, with the coment that "yes it can be addictive but I guarantee you it will be the best addiction you ever thought you had."
Jon Udell pointed me at a video he'd made last fall, http://weblog.infoworld.com/udell/2006/10/16.html. It was something he himself described as "snarky" at the time. I couldn't view it using IE at the time, but I was able to see it using FireFox when I tried again, and I can see it in IE now that I have installed a new version of QuickTime. Jon's point, which was finally clear when I could actually view the video, was that the use of 3D in SL at the IBM press event he "attended" was basically gratuitous: technically interesting, but offering little real advantage over the 2D Web.
Finally, Petey, who writes a blog that's mostly about how SL sucks, gave it all a different perspective:
Don't let the kool-aid drinkers fool you, Martin. Second Life is not the future of the Internet. It is no social revolution. It is, instead, an intrepidly marketed and somewhat interesting MMORPG that will, I think, be dead within the year.
Legal issues and eventually revealed hyperbole (like the fact that less than .002% of the registered residents have a positive monthly cash flow of *any* fraction of a cent despite claims of economic opportunity) will show people that while Second Life may be a fun place to build something cool, funny, or interesting, it is not by any means revolutionary in character.
I remember the 1978 Jonestown tragedy fairly clearly. "Kool-aid drinkers" isn't funny unless you don't know what it really meant. Other than that, Petey makes a lot of sense.
I have been back to SL once or twice since my last posting. The system was working a lot better than it had been, and I was able to go through a full orientation tour. It was a surprisingly pleasant experience: I discovered that there was sound I could turn on, and that I liked the music being played just then. It was evening in SL, the avatars were behaving themselves, and the island setting of the orientation was charming. I could almost feel the evening breeze.
I could get to like this. Now, if I only had time to explore...
Posted by Martin Heller on April 30, 2007 06:00 AM
April 27, 2007 | Comments: (0)
Two books live on my desk when I'm working on Web pages with client-side scripting: David Flanagan's JavaScript: The Definitive Guide, 5th Edition (O'Reilly, 2006, 994 pp., $49.99, ISBN 978-0-596-10199-2), and Danny Goodman's Dynamic HTML: The Definitive Reference, 3rd Edition (O'Reilly, 2007, 1307 pp., $59.99, ISBN 978-0-596-52740-2).
They're both huge books, and their content overlaps substantially, but they both keep earning their spots. I reach for Flanagan if the question in my mind is primarily about some aspect of JavaScript, and for Goodman if the question is primarily about some aspect of HTML, XHTML, CSS or the Document Object Model.
Flanagan has two tutorial sections. Part I explains core JavaScript, and Part II explains browser DOM scripting. I read them once: they were nice. I don't think I have looked at them again since the latest edition of the book arrived.
It's the reference sections of the two books that I 
return to over and over. Flanagan Part III is a complete reference to core JavaScript 1.5 and ECMAScript version 3. Flanagan Part IV is a reference for client-side JavaScript. It's notoriously difficult to write sophisticated cross-browser JavaScript: Flanagan helps you figure out what to do when, for example, an area is outside the DOM Level 2 standard and implemented differently in IE and Firefox.
Goodman Part I is a Dynamic HTML reference, with five subsections: HTML and XHTML, DOM, Events, Style Sheets, and core JavaScript. Part II has cross references to attributes, properties, methods and events. Part III has tables of color names, HTML character entities, keyboard event character values, editable content commands, HTML/XHTML DTD support, and a cross reference to Mozilla-based browser version numbers.
Posted by Martin Heller on April 27, 2007 06:00 AM
April 23, 2007 | Comments: (0)
Fiddler2: HTTP Debugging Proxy
Recently I had to capture some HTTP and HTTPS requests and responses for documentation I was writing. My first thought was to use the HTTP Inspector from ActiveState Komodo 4.0. Unfortunately, HTTP Inspector does not unencrypt HTTPS (encrypted) sessions.
I found another tool that does unencrypt HTTPS sessions, however: Fiddler2, written by Eric Lawrence of Microsoft, which can be downloaded from http://www.fiddler2.com/Fiddler2/. FAQs for Fiddler2 are here, and documentation and a quick start video for Fiddler v1.x are here. There are MSDN articles about using Fiddler here and here.
From the Fiddler site:
Fiddler is a HTTP Debugging Proxy which logs all HTTP traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP Traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler is designed to be much simpler than using NetMon or Achilles, and includes a simple but powerful JScript.NET event-based scripting subsystem.
Fiddler2 is different from Fiddler v1.x in three major ways: it supports viewing and tampering with HTTPS traffic; it has better support for saving to Visual Studio WebTest files; and it requires .NET Framework 2.0.
What's a debugging proxy? In effect, it's a benign man-in-the-middle attack. Fiddler works by registering itself as the system proxy for Microsoft Windows Internet Services (WinInet), the HTTP layer used by Internet Explorer, Microsoft Office, and many other products. If you look in the IE 7 Internet Options/Connections/LAN Settings dialog when Fiddler is running, you'll see that "Use a proxy server for your LAN" has been checked; if you look at the advanced proxy properties, you'll see that Fiddler2 is proxy for both the HTTP and Secure server types, and runs on port 8888 of the local host. If you look at the same place after stopping Fiddler2, you'll see that "Use a proxy server for your LAN" has been unchecked, meaning that Fiddler2 has unregistered itself as the system proxy.
Fiddler intercepts and logs all your HTTP and HTTPS traffic, and lets you view it and fiddle with it (hence the name) in various ways. All that logging will slow down your browsing noticeably, but if you pay attention to what it tells you, you can, among other things, use Fiddler to speed up your own Web sites.
Posted by Martin Heller on April 23, 2007 06:00 AM
March 21, 2007 | Comments: (0)
Freebase, the Semantic Web, and the Metaweb Query API
As
I discussed in my article on the Semantic Web for our Crackpot Tech feature on February 19th, the standard Web was originally designed for document distribution, and has yet to realize its full potential for distributing data. The Semantic Web is an effort to relate information by classifying it and linking the classifications.
Some of the efforts related to the Semantic Web concentrate on ontologies, or systems of classification. As useful as ontologies can be, they often seem dry and academic to me.
Once ontologies are turned into database schemas, they often make more sense, at least to me. And once the database is implemented and the application built, it all falls into place.
Imagine my delight, then, to find that the new Freebase site is something like a modifiable database already integrated with a Web application, or as the Freebase.com FAQ puts it:
Freebase.com is home to a global knowledge base: a structured, searchable, writeable and editable database built by a community of contributors, and open to everyone. It could be described as a data commons.
How is that different from Wikipedia? There's a FAQ for that, too:
It's an apple versus an orange: each is deliciously different. Wikipedia is an encyclopedia with information arranged in the form of articles. Freebase is more of an almanac, organized like a database, and readable by people or software. Wikipedia and Freebase both appeal to people who love to use and organize information. In fact, many of the founding contributors to Freebase are also active in the Wikipedia community. Whenever Freebase and Wikipedia cover the same topic, Freebase will link to the Wikipedia article to make it easy for users to access the best of both sites.
The Freebase type system is basically a flexible, editable ontology. For example, in the computer domain are types about computer hardware, software, computer science and theory, for example Programming Language. If you're browsing the Programming Language type, you can filter the 94 currently listed languages by the properties of the type: Name, Parent Language, Language Paradigms, Influenced By, Influenced, Dialects, Language Designers.
If I type "Gui" into the Language Designers filter entry, I get a drop-down completion of Guido van Rossum, along with a pop-up entry about Guido of type Programming Language Designer. If I filter by his name, I of course get an entry for Python (in this case, a description based on a Wikipedia article), which has the type Software as well as the type Programming Language.
Get it?
There's more. Freebase has an open API, the Metaweb Query API. Here's a sample read query, broken into two lines so that you can see it all:
http://www.freebase.com/api/service/mqlread?queries={"albums":{"query":{
"type":"/music/artist","name":"The Police","album":[]}}} If you have a Freebase account and have used it on the browser running the query, this will most likely return a JSON-format response giving a list of albums by The Police, which you can save as a text file and view with an editor. Otherwise, it will probably give you an Error 401. It will not give you back articles about police in law enforcement, because we have restricted the queried record type to musical artists and asked to be given a list of albums.
Now, getting back a text file is not exactly stimulating stuff, but this API can easily be turned into an application using some fairly simple code like the freely available JavaScript for parsing JSON format. It would not necessarily have to be an application that interrogates Freebase. And there, eventually, is how Metaweb, the company behind Freebase, expects to make its money: by licensing commercial applications using its technology.
Want to give it a try? It's currently still in Alpha test, and by invitation only. You can try entering your email address at Freebase.com; I don't know how quickly you'll get a response. On the other hand, if you know someone who has Freebase invitations to give out, you can probably get on in a matter of minutes.
At this point, I have five invitations to give out. They will go to people I actually know, so please don't ask me for one if we haven't already met.
Posted by Martin Heller on March 21, 2007 06:00 AM
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Monitor the core and troubleshoot the access layer
- Disaster Recovery in Minutes
- Protecting Microsoft(R) Applications
