Learn From The Webgoat

If web security is at all of interest to you then get yourself over to the webgoat project at the Open Web Applications Security Project. Installers are available for Linux, OSX and windows.

WebGoat is a full J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.

Netvibes Rocks!

I stumbled across netvibes this morning. This is very cool. Though Netvibes is currently in early beta, you can create your own web page that aggregates RSS feeds, local weather, gmail, and the ability to add notes to your site (sort of like web stickies. You can drag and drop to arrange things as you like. There is definitely a huge amount of potential here to make this a very compelling tool.

Alas, no Safari support (yet). Firefox for OS X works fine, though.

Looking around a bit more, this seems to be very similar to start.com functionality wise. Start suffers from being a MS sponsored project as well as not having as clean an interface as netvibes.

I also discovered meebo , which is apparently trying to be a web-based IM aggregator (much like I wished that google talk was web-based).

Overall, it looks like commercial grade AJAX apps are starting to take off. And, no, Microsoft, we don’t need your bloated, ill-conceived, proprietary ‘rich client’ software. Thank you very much.

Shameless — Disaster Profiteering Act

In light of all of the other questionable activities post-Katrina, this is absolutely reprehensible (emphasis below added):

Project on Government Oversight – Big federal contractors have scored a major victory with yesterday’s news that House Government Reform Chairman Tom Davis (R-VA) and Representative Kenny Marchant (R-TX) introduced legislation that will waive meaningful taxpayer protections and competition in contracting whenever Congress or the President declares a national emergency or there is a disaster. It is rumored that the legislation will be included in a manager’s amendment to the next Katrina relief bill. Project On Government Oversight (POGO) has donned the legislation (H.R. 3766) the “Disaster Profiteering Act.”

The Davis legislation would allow agency heads across the federal government to treat all purchases related to national emergencies as “commercial items,” meaning that contracts can be made under a no-bid process and that the government would not have the authority to audit purchases after they have been made. A second, unrelated provision deals with Katrina volunteers.

via Agonist

The only hope is that this ‘proposed’ legislation won’t actually pass.

What the Flock is Flock?

According to Wired:

Flock advertises itself as a “social browser,” meaning that the application plays nicely with popular web services like Flickr, Technorati and del.icio.us. Flock also features widely compliant WYSIWYG, drag-and-drop blogging tools. The browser even promises to detect and authenticate all those user accounts automatically. It’s a clear attempt to be the browser of choice for the Web 2.0 user.

Interesting that they are attempting to aggregate all of that stuff in the browser — that was one of the reasons that I created this site was to have one place that I could link in all of my ‘social software’ (del.icio.us, flickr, last.fm, etc). Maybe Flock is a tool that we help me do what I am already doing better (or maybe I just don’t have a clue).

In addition to linking in some other functionality on the web, I have also been toying around with adding some information to the site using FOAF and some of the microformats that I have been reading about.

I signed up to be notified of when invites were going out. Maybe I’ll be one of the lucky early testers.

WiredReach Content Sharing Platform

WiredReach looks like an interesting idea for sharing content without using shared servers:

The WiredReach Platform allows users to selectively share content with others in a completely decentralized and secure manner. That means your content does not have to be uploaded to any central servers but rather can be shared right from your desktop or device. We use the term “content” very loosely to include things like presence, blogs, bookmarks, documents, calendars, music, photos… virtually any type of social media.

From following the download link, there is a wiredreach.com which provides the development support for the opensource project.

It appears that it is all based on opensource using Java JXTA for some of the underlying network capabilities. There are a number of plugin projects going on to add blogging and various other content type sharing to the core project.

Downloading the Mac OSX version now. More when I have a chance to work with it a bit.


Updated 14 September 2005: Granted I didn’t dig too far, but there is really not much to see from what they have available at this point. It looks like many of the plugins and other functionality is not quite there yet. The ability to add a few links to a page and have some rudimentary ‘forum’ functionality is not terribly compelling beyond what you get ‘out of the box’ with a Wiki. The claim in their blurb above about supporting ‘any type of social media’ appears to be a forward-looking statement at this point.

Without setting it up on several machines and emailing notifications to myself, there didn’t seem to be much meat. It would have been nice if there were one or two ‘sample’ sites available that one could connect to get a better feel for the software.

I’ll check back on this in the future, but for now (for me) it doesn’t seem very compelling (and I had high hopes of an awesome JXTA-based application).

Using ‘War’ to Sell More Arms To The World

Apparently the US and Britain are taking some flack for staging a huge arms exhibition in London and using the Iraq war as a sales point:

The spokesman said the invasion and occupation of Iraq had been “good news” for the major arms companies.

“It has allowed them to label their arms as battle-tested and provided them with promotional material for their missiles, bombs, fighter aircraft, artillery, tanks and armoured vehicles.

“They will be marketing their weapons to countries with the full support of the UK Government and the perverse promotional assistance provided by Iraq.”

I suppose there is nothing to keep this sort of thing from happening, but it does have that sort of perverse quality to it as if Louisville Slugger said ‘look at how well our baseball bats cracked skulls at the last riot’.

Not surprisingly, these same activities went on during previous hostilities in the Middle East.

Nokia 6682, Finally

It looks like Cingular has finally (and quietly) released the long awaited Nokia 6682 with a sticker price of $299. I still think that this a better all around phone than the hyped up ‘iTunes Phone’ (aka Motorola ROKR E1).

Considering that I have only had my 6620 since early July (and have been completely happy with it aside from the low resolution of the camera), I think I will wait a bit and see if Cingular drops the price (as they always do). No need in paying the first mover penalty as many people did with the Motorola RAZR when it first came out. Besides, getting my 6620 through Amazon and cashing in on the rebates at the time, I basically earned $25 dollars in buying the phone.

I just checked on Amazon, and they have the 6682 listed at $174.99 with a $150 rebate. Unfortunately, it is also listed as ‘not currently available’. As the phone was just released today, that will likely change in the next few days.

New Book on Founding of Google

A new book by John Battelle titled The Search: How Google and Its Rivals Rewrote the Rules of Business and Transformed Our Culture should provide an interesting read and some insight into this ever growing company. The review on Wired.com sounds promising so I’ll probably add it to my wishlist.

The last book like this I read was supposed to have been on the startup of Netscape, called Competing on Internet Time. However, I found this book to be a real dissapointment as the dubious premise the author took was that everything that Netscape did was in reaction to Microsoft. I can’t count the number of times the author kept using the tired phrase ‘…locked in a life and death struggle with Microsoft’. The fact is, at the time Microsoft had no clue about the Internet and where happily flogging away on the virtues of video on demand over cable (remember the blinding success that turned out to be).

Startup: A Silicon Valley Adventure was a fascinating look at how real innovation (in this case in the early days of pen based computing) can be choked to death by ‘partnering’ with Microsoft.

I still think that my favorite book on technology companies was Tracy Kidder’s The Soul of a New Machine. This is a book that I picked up an read many years ago and continue to re-read it now and again.

Semantic MediaWiki Implementation

I was interested to learn that enhancements to Wiki are being formulated to allow for the inclusion of semantic annotation of articles.

Wiki has proven itself to be an effective means of collecting information (look no further than the wikipedia). Coupling something like wikipedia with a means of being able to make machine readable sense of the collected knowledge is a pretty potent combination.

Massachusetts Open Document Format

Not surprisingly, Massachusetts has long-standing concerns over Microsoft’s XML schema based document formats and is seeking an open format to preserve current and future documents from patent and other encumbrances by Microsoft. This is actually part of a larger effort to minimize the states dependence on proprietary technologies.

Perhaps one of the most ridiculous parts of this situation is Microsoft’s refusal to support the Open Document format. They already have over twenty different import and export filters in Word. The OD format is similar enough to their not-quite-XML format for it not to be a huge effort for them to create a filter to support OD.

It is pretty easy to see that MS is trying to use it’s market dominance to encumber others intellectual property via their closed, proprietary (and not terribly efficient) document formats.

More Katrina (Less Angry)

This article which appeared in National Geographic in October of 2004 raises some interesting questions for the ‘we couldn’t have known this was going to happen’ apologists that I pointed out in a previous posting. This quote from the article was particularly striking:

“The Federal Emergency Management Agency lists a hurricane strike on New Orleans as one of the most dire threats to the nation, up there with a large earthquake in California or a terrorist attack on New York City.”

I am glad that Colin Powell is out of office and can speak his mind about Katrina and it’s aftermath as well.

This is a pretty amazing slide show of the before, during and after of a photographer who was in New Orleans the entire time of the storm.

Katrina Aftermath Anger

After a week of listening to the coverage of Katrina (and the aftermath) there are some things that I just need to get off my chest:

As bad as it is, stop calling it ‘our tsunami’. There is a big difference between something that happen with little or no warning and something that happened with several days warning that some people either didn’t react to or couldn’t react to. Why does there have to be competition over whose natural disaster was worse? They are all horrible and provide an opportunity to see the best (and worst) in people.

In New Orleans, the situation rapidly turned into a Y2K-esque worst case scenario: no power, no water, no communications, armed mobs looting and pillaging with the government unable to respond. Except in this real life scenario, this was not the result of some errant computer software. This was a fatal combination of natural disaster and the worst side of humankind.

Before Katrina hit, it seems that there were those who couldn’t move because they didn’t have cars or some other means of getting around or out of the city because they are poor. This might have something to do with the fact that the poverty rate in the US has grown to 12.5% under the current administration. Apparently the poor are good enough to fight wars, but not worth rescuing or looking out for properly — sickening.

Another point that I am struggling with regarding the slow federal response is ‘because it is a very complicated situation that no one could have foreseen’. Then how do we account for the Hurricane Pam simulations that showed almost exactly what was going to happen? You might ask yourself how can the international press get camera crews, helicopters, ground transport, etc to freely go in to areas to broadcast (some might say, exploit) those impacted by this disaster, but the government doesn’t seem to be as resourceful. Nor does it seem that the press has enough integrity to try to bring in whatever aid they can while covering the events.

The National Guard, who typically play a crucial role in providing swift and effective assistance during natural disasters are hobbled by the fact that 40% of Mississippi’s and 35% of Louisiana’s National Guard are in Iraq.

This event seems to me to be an example of the current administrations domestic policy writ large: if you have money, you’re ok, you can evacuate (you can basically do whatever you want); if you don’t, then they really don’t give a damn about what happens to you. So you have a situation were the administration cut funding for levee enhancements/maintenance because of ‘the war’, but then turned around and provided a 31 billion USD handout to oil companies that are already making multi-billion dollar profits quarterly. Then you have gun toating idiots wrecking havoc, because we need more guns in this country, right NRA? I can already hear their twisted response, ‘well, if everyone had a gun, they could defend themselves against the bandits’ Right, we all know that the solution to cleaning up an oil slick is to pour more oil on it…

Thankfully, the situation seems to be improving. I just hope that this country learns a lesson from this disaster and is able to grow in a more positive direction.

One final note: it seems ironic to me that the Administration has been on TV and radio telling those who have Labor Day plans (which in the US is ‘a yearly national tribute to the contributions workers have made to the strength, prosperity, and well-being of our country.’) to stay home, and not have any inessential travel.

The Price of Petrol

Isn’t it so amazing that three weeks ago, AAA predicted that gas would be over three dollars a gallon by the end of the month. And, surprise! on August 31st my local is selling gas for $3.09 a gallon.

Oh, joy.

Mac: MenuMeters

In my estimation, MenuMeters has got to be one of the sweetest utilities for keeping track of what is going on on your Mac (running OS X).

The app doesn’t take up a huge amount of space in the menubar, but gives a load of information. It also cleverly links in to some of the Apple apps for more information. For example, if you click on the CPU display, you have the option of running Activity Monitor or Console.

Smells Like Dot-Bomb Pixie Dust

I sure hope that this new service works better than their bloated, pointless flash interface. The fact that they are using flash makes one question just how tuned in they really are.

Even the Wired write up on the company reminds me of what would get VC cash in the 90s: “we’re going to make this awesome product that does, er, something, um, everything and people are going to love it…”

I am curious to see what actually materializes “in the fall”.