Skip to main content


Showing posts from 2001
Stealing MS Passport's Wallet -- "In a demonstration of the exploit earlier this week, Slemko sent Wired News a specially crafted but innocent-looking e-mail. Moments after the e-mail was viewed using Microsoft's Hotmail Web-based e-mail service, Slemko rattled off, over the phone, the credit card number and contact information from the user's Passport wallet."

Another reason why the market needs choices for Internet credential management; assuming a market of more than 1, some service providers are likely to take steps to offer more secure services in order to attract customers more concerned with security. Additionally, these services need to be based on interoperable and open standards to prevent a single provider from controlling the entire marketplace.
Yahoo - Novell Identity Management Software to Be Bundled With the TIBCO ActivePortal Platform -- It's taken awhile, but Novell's efforts at transforming itself into a strategic Internet infrastructure technology may finally be paying off. This announcement, along with a more recent one involving BEA (see "Novell's Secure Partner Portal Solution..."), offer evidence of Novell's growing success with other leading infrastructure players. The question in my mind remains "Will Novell survive long enough to see the fruition of its strategic efforts?"
Planet PDF - PDF Collaboration In Action - WebDAV -- Adobe is leading the collaboration charge on WebDAV in much the same way that Userland/Dave Winer are doing so for SOAP and XML-RPC.

I've been struggling to define an architectural view that clarifies the complementary nature of WebDAV and SOAP/XML-RPC; both are promising collaboration platforms, each takes a different approach to collaboration.

There's no question that people and systems will continue to use and manage digital files in the traditional (e.g., file system-based) way that WebDAV supports, but these two technologies certainly begin to blur the lines, as both virtualize file location & movement in ways that previous network protocols & implementations have not.

We may ultimately find that WebDAV just provides the industry with a stepping stone to a more flexible "file-sharing" environment based on SOAP, but once adopted WebDAV may be difficult to unseat. I guess we just have to wait and see ho…
Interesting observations on OSXvnc -- Trying to remote-control an iMac from a PC, I was unable to map a WebDAV drive using the "Go To Server" dialog in OS X 10.1 'cuz I couldn't figure out which key on the PC keyboard mapped to the tilde (~) (naming and aliasing conventions for personal directories assert the ~ as the leading character in the user's home directory URL).
Retailers: Apple iPod demand iffy -- "The fact that it only works with the Mac OS could also limit its potential, analysts said. Jobs said that Apple will look into making the iPod compatible with Windows, but for now is focusing on the Mac OS."

Sometimes I think Steve Jobs is unable to learn from the past. While he's brilliant within the Mac market, he seems myopic with respect to the rest of the world. The iPod is a great idea and likely to be a great Mac product. However, Mac-only accessories like iPod tend to quickly produce "copy-cat" products for the rest of the marketplace (Windows PCs) that quickly dilute the importance (and marketshare) of the original. Apple had an opportunity here to deliver something as powerful in the marketplace as QuickTime (a cross-platform technology) and instead chose to create a (mostly artificial) barrier between its product and the mass market.

Of course, Jobs' ability to turn lemons into lemonade may trump what I b… -- Java and XML Tips and Tricks -- "SOAP or RPC?: For most inter- and intra-application communication, SOAP is overkill. Very rarely will you actually need the complex envelope handling, data mapping, and error processing in everyday Java-to-Java applications. Don't get me wrong--SOAP is great for communicating with non-Java components, UDDI registries, and through firewalls. It's just not the magic bullet that some are saying it is, and is a costly protocol in terms of overhead compared to simpler solutions like XML-RPC."

Gosh, I love O'Reilly! I've been struggling to differentiate SOAP & XML-RPC for corporate development teams and Brett McLaughlin's got just the piece I need!
Readers: Windows XP isn't worth the trouble - Tech News - -- It'll be interesting to see shipment volume trends over the next few months...Windows OS releases often get off to a rocky start in the press, and then hit the million-unit mark within a couple of months of introduction. Of course, XP is a different animal from several perspectives and may produce a different adoption trend than past releases.
Craig Burton weblog :Novell's iFolder - "The iFolder server and clients work together to form what I call the iFolder “cloud.” Each person that has an iFolder account installs the iFolder client on each machine that is part of the iFolder cloud. This system of computers automatically shares the same files. The files are replicated on every machine that is part of the cloud through redirection."

I read Novell's technical description of how iFolder manages replication to what Craig calls "the iFolder cloud," and it reminded me of the technical architecture on which Marimba built its Castanet product line. I recalled that Marimba had filed patents on this stuff (though some of it was published to W3 as a technical note and considered across other http-related working groups), and seeing Novell's product made me wonder whether Marimba might take legal action...
OTN -- Looks like Oracle's 9iAS app server uses Orion for its J2EE foundation:

"For example, to map the Employee entity bean to an existing employee relational database table, the following information is supplied in the orion-ejb-jar.xml file...."

(See also Orion Server).
J2EE vs. .NET -- Great discussion on this subject...I found this comment particularly interesting:

"One thing I feel positive about: J2EE is much more successful in promoting code re-use. When I say code re-use I'm not referring to (in Microsoft parlance) component aggregation and extension. I'm talking about old fashion OO fundamentals. Microsoft is always touting binary (component) re-use and this is obviously good practice. I have read a myriad of articles and books where Microsoftonians say that traditional OO code re-use just never worked out that well; they obviously haven't implemented to many projects or architectures using a quality OO language such as SmallTalk or Java! I have found that J2EE projects almost always have a healthy share of both component reuse AND general OO reuse. Not every piece of code you write is going to end up as a component/EJB. My current project has a wonderful framework of Java classes that is constantly being extended through norm…
Handspring: Treo 180 -- Handspring looks to have nailed the most-desired features in a "convergence" device -- great mobile phone capabilities (including a speakerphone), a keyboard styled on RIM's successful Blackberry, full support for Palm OS applications, always-on messaging. Based on other product rumors announcements, though, I see this product space getting crowded very soon.
First Take: StarOffice 6.0 Beta - Software Reviews - -- While Sun may succeed in delivering a compelling alternative to MS Office, I'd guess the only companies to adopt it will be those operating on a shoestring budget. Medium and large corporations lack the courage to adopt a desktop product of such operational importance from a company they've traditionally purchased primarily server products.
Supreme Court rejects Microsoft appeal -- "Microsoft had hoped it could avoid facing a definitive remedy judgment as the case enters its final phase in the U.S. District Court of Appeals. Interactive Week reported that the Supreme Court made no comment in rejecting the appeal, which hinged on unprofessional conduct by Judge Thomas Penfield Jackson, who was the original trial judge."

I'd like to believe that any court-imposed remedy would result in true behaviour changes within Microsoft, but I have as much faith in that as I do in the tooth fairy.

Microsoft has been here before (remember 1995?) and exhibits a strong tendency to exploit every possible loophole or interpretation of court orders, generally disregarding the spirit of such orders (of course, anything open to such broad interpretation is perhaps poorly crafted language deserving of such exploitation).
Larry Ellison on digital IDs & terrorism"Do we need one national ID card? No. But the IDs that the government issues -- such as Social Security cards -- should use modern credit card technology. Do we need more databases? No, just the opposite. The biggest problem today is that we have too many. The single thing we could do to make life tougher for terrorists would be to ensure that all the information in myriad government databases was integrated into a single national file."

I'm struggling with whether to applaud Larry or beat him with a clue-bat. Today's "security by obscurity" (which results from exactly the chaos Larry advocates eliminating) is a double-edged sword. Its complexity makes identity theft slightly more difficult than if everything were in a "single national file" which, if successfully hacked, would reveal all necessary information to enable such theft.

It's quite similar to the "single sign-on" debate raging …
Network Computing | Column | Security Watch | Growing Up with a Little Help from the Worm | Full Article | October 1, 2001 "Here's my question (actually, it's a few questions): When will enough be enough? When will the market stop accepting apologies? When will the market demand vendors increase their QA efforts? When will third-party validation efforts become the norm rather than the exception? When will consumers and decision-makers start caring enough about security to factor it into decision-making processes?"

Shipley clearly understands the root of the problem. Until we change our buying habits and consider security as a fundamental requirement that trumps bells and whistles, we'll continue to struggle through bouts of increasingly aggressive and insidious technology attacks.

I'm not advocating that we abandon functionality or compatibility requirements, only that we hold vendors accountable for the security profile (or lack thereof) of their products.
"You appear to have a termcap file: /usr/share/misc/termcap
This should be edited manually to replace the xterm entries
with those in /usr/X11R6/lib/X11/etc/xterm.termcap

Note: the new xterm entries are required to take full advantage
of new features, but they may cause problems when used with
older versions of xterm. A terminal type 'xterm-r6' is included
for compatibility with the standard X11R6 version of xterm."

XFree86's "" script exited leaving this message. Hmm...wonder if I need to do something about it?

Installation complete.
eLearning choices for content developers -- Docent, Inc. looks like a good choice for enterprise-level courseware development & curriculum management, while Qarbon provides a more open, ad-hoc tool/service (quick-and-dirty tutorials).

I expect many companies can justify using both tools, assuming teams can effectively match content to delivery technology. However, content providers are likely to take the "path of least resistance" in creating and publishing their goodies, which means Qarbon is likely to see higher numbers of content creators/publishers in a given period.

As an example, I introduced a project manager to the Qarbon tool and 3 hours later he'd built two tutorials for his project constituents. In that time he'd downloaded and learned the "builder", then created and published the actual training content.
"It is actually quite simple to use BlogScript. All you have to do is copy a
block of text from any application. Then, select BlogScript from the Script
Menu, and your text will be automatically posted to your weblog."

Success!! I copied the above quote from the "Readme" & ran the script from the script menu - voila! blog from anywhere in Aqua! Too cool!!
Web Entourage: Mac OS Scripting Solutions "This script uses the built in XML-RPC and AppleScript functions of Mac OS X.1 to post to Blogger powered sites (see You must be a registered user of Blogger and have the "save password" preference enabled in your Blogger preferences on the site to publish your weblog instantly."

Gotta try this!
Upgraded the iMac G3/500 to OS X 10.1 yesterday, and am approaching the point where I could almost abandon my Windows PC. OS X is pretty snappy for most operations & even WebDAV works fast (although it doesn't seem to support SSL-based WebDAV servers...perhaps an oversight Apple will correct with 10.1.1?).
Sun reveals partners for online effort - Tech News - -- Tim Arnoult, Bank of America's head of technology and operations -- "From Bank of America's point of view, the absence of an open, federated standard for identity authentication is a significant impediment to business in our world today," he said in the conference call.


This comment sums up the most likely risk perspective of many business entities.
Liberty Alliance -- Here's the coalition Sun has put together to offer an alternative credential management solution to Microsoft's "Passport." The alliance includes some heavy hitters in financial, communications, industrial, travel, consumer products, and technology sectors. If it holds together, this effort actually has a chance at creating real choice in the market. Cool!
Sun To Offer Alternative Online Digital Identity -- Finally, someone besides Microsoft steps up to the plate in recognizing that all electronic transactions revolve around accurately identifying the parties to the transaction. All the noise about directory services (LDAP) still comes down to a common way to accurately identify the "who" component of electronic business and commerce. The Internet community ought to have more than just 2 choices (Microsoft's Passport and the new Sun offering) for credential management service providers. Any other takers out there?
The Jakarta Collection for OSX -- Mac OS X is rapidly catching up to the "rest of the world" in Apache software availability. It'll be interesting to see whether Apple will ultimately be able to translate its newfound "openness" into marketshare in both consumer and business markets.
George Gilder's GTR this month mentions Scale Eight as a key "Storewidth" technology/service provider. Their strategy is based on "JBODS" (just a bunch of disks), and they already support NFS and CIFS services to LANs. Wonder when they'll support WebDAV?
D-Link's DI-714 Wireless Gateway/Ethernet Switch -- D-Link Systems Inc. Broadband -- DI-714 (MSRP ~$279)...the specs on this one compare favorably to the Linksys and SMC Barricade products. Still on the fence though, cuz I need to verify that what I put in at home works correctly for Seagate's VPN (CheckPoint SecureClient) and provides access to my "home services" widgets (right now just my WebDAV server).