October 30, 2003

Finally Got Newsmonster Running on a Linux Laptop

Dave Aiello wrote, "Regular readers of will remember my attempt to get Newsmonster running on a Linux laptop during this past April. I gave up in frustration because Newsmonster insisted that my laptop did not have Java 1.4.1 on it."

"My laptop sure as heck had Java 1.4.1 on it. I installed the Java 2 Platform, Standard Edition myself. Over six months later, I finally realized that because the Newsmonster code runs entirely within Mozilla, it was looking for the correct version of the Mozilla Java Plugin, not the J2SE environment."

"Realizing this was a critical breakthrough, but it didn't result in an immediate solution to my problem. Read on for the complete details of what it took to get Newsmonster to run...."

Continue reading "Finally Got Newsmonster Running on a Linux Laptop" »

August 15, 2003

The Problems We Experience Because We are Running Obsolete Server Software

Dave Aiello wrote, "For the past 24 hours, I have been struggling with the short-comings and idiosyncracies of Netscape Enterprise Server version 3.63 on Windows NT Server 4.0. Netscape Enterprise Server is an obsolete web server that we are running on one of our production servers connected to the Internet."

"We are still running Netscape Enterprise Server on one of our servers because its performance has never been a significant enough issue to justify the substantial effort to migrate the web sites that are still running on it."

"The key factor in getting us to begin the migration is that we want to change weblogging platforms. This would be easy were it not for the fact that few weblogging platforms support the database present on this server and, more importantly, the weblog tools generate different URLs for archival content."

"I began the migration by attempting to write a custom error response handler that would redirect visitors from the URLs generated by our old weblog software to the URLs generated by the new software. As I said in my latest article about URL naming, writing this CGI program was more challenging that I expected."

"There are significant holes in the documentation available for obsolete versions of Netscape Enterprise Server. Although AOL Messaging Solutions is still maintaining documentation for Netscape Enterprise Solutions, that documentation is for AOL's fork of the Netscape commercial code base. It doesn't have the same features as the version with which I am working."

"I finally figured out how to solve the problem with writing a custom error response handler. But, it I was only able to accomplish this by trial and error."

"These difficulties brought home to me the urgency of getting this last server on to a machine where all of the services are currently patched and well documented. For us, this means a LAMP-based server."

"For CTDATA, the greatest cost so far has been opportunity cost. We should be out selling instead of migrating services as I am today. If your company is running legacy servers for part of its Internet presence, please take my advice: upgrade before it costs you money."

May 29, 2003

Choosing Open Source or Commercial Software Based on Practical Usage

Dave Aiello wrote, "Dave Winer pointed out an interesting personal journal entry written by Mark Leighton Fisher on Use Perl. He says that he is agnostic in the Open Source versus commercial software debate as long as the reliability of the commercial software is high enough that he doesn't feel that he needs to have access to the source code to fix the problems that he encounters."

"This is a reasonable approach to a choice between software with no up front license cost and software that must be purchased. The big problem with this analysis is that it can only be made on software that is already in use."

"The examples he uses, Perl for an Open Source software product and eXceed for a commercial software product, are about as different in terms of intended uses as you can get. But, software developers and project managers ought to be able to relate to his examples, and come to their own conclusions about software that they are currently using."

"However, I'd argue that this approach doesn't 'scale well', to the CIO level, for many enterprise-level software choices. For instance, the only way you could choose between MySQL and Sybase using this method would be to allow both to be used in applications of similar value to a company. I can't think of any companies where such an approach would be permitted."

"On the other hand, if a company were willing to engage consultants who had experience with the implementation of both databases, the consultants could render an opinion based on the nature of the custom applications to be built in the future. That's unlikely to happen much in the current economy, although it could result in a good final product choice."

TCO of Software is Not Generally Reflected in License Cost

In an opinion piece published today in Computerworld, Alan McCormack suggests that total cost of ownership of software is less dependent on the cost of licenses than most people think. He writes:

{It} appears that the price of software itself -- whether it's free or not -- is so low relative to the TCO that it may have little impact on the outcome of IT investment decisions for many purchasers. In most cases, the price of software proved to be less than 10% of the total cost of ownership. Where costs do become significant for all types of software is in the level of staffing needed. By staffing, I mean the training, maintenance, support, administration and other personnel costs necessary to run the software package efficiently. These costs can add up to as much as 50% to 70% of a software system's TCO over its useful life.

This piece is short, but worth reading for its valuable summary of the costs of software operation. It makes no effort to estimate the value of any piece of software to an enterprise, which seems an even more difficult thing to establish after reading this article.

Too often, people assume that all software provides the same benefits to users. But specific products and features that are essential to some users will obviously increase a particular software package's value relative to those of other packages. Furthermore, a software platform that provides more applications and choices for users also brings with it a certain, often unmeasured, value. A CIO must therefore examine differences in both cost and value to make an effective investment decision for a software package.

McCormack appears to be a skeptic on the merits of Open Source software, but goes on to admit that the
value of any piece of software can only be determined through application-specific analysis. This is a reasonable conclusion, but a frustrating one because it does not deliver the sweeping conclusion that advocates of Open Source or commercial software often seek.

May 22, 2003

The Joys of Remote Computer Access Using VNC

Newsforge carried an article by Russell Pavlicek earlier this week that discussed the features of VNC and the benefits of using it for remote computer access. VNC is an Open Source application that was developed at AT&T Laboratories in Cambridge, England that provides stateless access to the user interfaces on remote computers. In that regard, it is similar to products like pcAnywhere and CarbonCopy.

However, the most interesting aspect of VNC is its support for non-Windows operating systems, including Linux, a number of variants of BSD and the MacOS, as well as legacy operating systems like OS/2 and VMS. VNC is a client/server technology, meaning that supported operating systems can be accessed remotely, or used to control machines running any supported operating system.

This article sums up VNC well. It gives an overview of the technology, mentions a number of variations of the original OpenSource project, and explains the techniques that can be used to make it more secure so that it can be used to access computers via the Internet.

April 27, 2003

AP: Buggy Software Increasingly a Problem with Consumer-Oriented Goods

Dave Aiello wrote, "Earlier today Slashdot pointed out an article that CNN published from The Associated Press called Spread of Buggy Software Raises New Questions. This is a very timely article that calls attention to a lot of little problems that people experience on a day-to-day basis, frustrate them beyond belief, but are never fully addressed due to the lack of focus on total quality in software. The article begins:"

When his dishwasher acts up and won't stop beeping, Jeff Seigle turns it off and then on, just as he does when his computer crashes. Same with the exercise machines at his gym and his CD player....

Dave Aiello continued, "Where can I start with my personal experiences that reinforce the anecdotes in this story? How about the annoying little bugs in the firmware for the Handspring Treo 180? A great example is the SMS application. I have had a Treo for more than a year, but I have never been able to hit the reply button to simply send a reply to an SMS message sent through the T-Mobile SMS-Internet email gateway."

"The reason is that the Treo thinks the message came from the SMS gateway and not from the original sender's email address. I've seen this problem thousands of times, I know how to fix it, I've told Handspring, yet the problem has never been fixed. The result is a small productivity loss every time I receive an SMS message to which I want to respond."

"I guess in the continuum of bugs that software developers have to deal with, this is low on the global triage list. Without a doubt, no one has died as a result of it. But, it's annoying if you communicate with your family the way I do. My wife is a pediatric resident, and pager-to-pager communication is our main mode of communication during the business day. So for us, this bug would be a fairly high priority. But, how many other Treo users are like us?"

"This is one personal example of a bug that wastes a little of my time every day. More examples from your own life may come to mind if you read this excellent article from the Associated Press."

March 6, 2003

Washington Post Reviews News Aggregators

Leslie Walker reviews a number of desktop news aggregators in today's Washington Post. A lot of this article explains to people who are not amid the blogosphere what a "news aggregator" is. This is not a bad idea, considering the fact that she is writing for a mainstream media outlet:

These are more like a souped-up table of contents to all your favorite Web sites, with long lists of headlines that are automatically updated at regular intervals. You scan the headlines and click for more information on those that interest you.

Walker discusses NewzCrawler in some detail but also mentions Amphetadesk, FeedReader, Headline Viewer and Radio UserLand.

March 5, 2003

Automatic Conversion of Netscape Profiles to Mozilla on Windows Only Works Under Perfect Conditions

Dave Aiello wrote, "I recently replaced the hard drive on my wife's PC because the old one was beginning to fail. Once I got her irreplaceable data off of the old hard drive, I decided that I didn't want to do a disater recovery restoration. Instead, I replaced Windows NT 4 with Windows 2000, Office 97 with Office 2000, and Netscape 4.7x with Mozilla 1.2.1."

"I had done a Netscape to Mozilla migration before for my own computer. But in that case it was a few Mozilla revisions ago, and it took place on Linux, not Windows."

"When I got ready to migrate a user profile, I was surprised to find that Mozilla did not appear to provide an automated tool to do this in one step. Yes, there were Import options on the Tools menu when the Mail & Newsgroups window was open. But, these did not work with the ease that I expected, considering how similar the Netscape and Mozilla profile data was."

"After several hours of trial and error, I figured out what the problems were. The Mozilla profile migration tool only works if your profile files in exactly the right place. Read on for more details on how I solved the problem...."

Continue reading "Automatic Conversion of Netscape Profiles to Mozilla on Windows Only Works Under Perfect Conditions" »

February 16, 2003

Why I Didn't Buy TurboTax This Year

Dave Aiello wrote, "As the United States approaches tax season, I want to go on the record, saying that this year I did not buy a copy of TurboTax, for the first time in seven or eight years. I refused to buy the product because I am not willing to accept the permanent installation of digital rights management software on my computer, just so my wife and I can file our taxes."

"I decided to buy TaxCut from Block Finacial Software. This product has improved a lot in the past few years. It's the scrappy underdog. And, the company that makes it is treating its customers with respect."

"I am not alone in this movement. Martin O'Donnell, our friend in Seattle, sent me an email two weeks ago, saying:"

Although I have been using Intuit tax software for 10 years, I just returned my copy of TurboTax 2002 to Costco for a full refund, I'll be taking Walt Mossberg's advice and switching to TaxCut.

Walter Mossberg's review of TurboTax and TaxCut in the Wall Street Journal was quite explicit about the problem that he had with TurboTax:

...Intuit, in an effort to curb piracy, now is forcing folks who buy TurboTax to jump through hoops to use it. Users must contact Intuit to "activate" the software, a process that limits full use of TurboTax to a single PC. To enforce this system, Intuit secretly installs third-party monitoring software on users' PCs....

So, this year I emphatically recommend H&R Block's TaxCut over Intuit's TurboTax. They both do the job of preparing any straightforward tax return. But Intuit has decided to treat all its TurboTax customers like potential criminals, and to limit the ways that even honest people can use the product. Why subject yourself to that?

To which Dave Aiello said, "Amen, Walter."

December 17, 2002

Russian Software Company Found Not Guilty in Landmark DMCA Case

CNET reported that a jury in San Jose has found Elcomsoft not guilty of four counts of violating the Digital Millenium Copyright Act. The company was charged with "desiging and marketing software that could be used to crack {Adobe} eBook copyright protections, plus an additional charge {of conspiracy}...." According to the article:

ElcomSoft attorney Joseph Burton said Tuesday's win is important as one of the first setbacks for publishers seeking to assert the law against programmers. But he cautioned that the acquittal did not mean software developers should consider themselves immune from future criminal prosecutions under the law.

The "not guilty" verdict in the case may have been inevitable in light of the jury instructions. Reportedly, "the judge told jurors that in order to find the company guilty, they must agree that company representatives knew their actions were illegal and intended to violate the law. Merely offering a product that could violate copyrights was not enough to warrant a conviction...."

On the basis of these instructions to the jury, we wonder if the legal actions taken by the RIAA and the MPAA against casual users of p2p file sharing depend for possible legal success on an overly-expansive view of their the trade groups' rights as publishers' representatives.

December 13, 2002

Stop the Madness, Switch Web Browsers Now

There's continued evidence that running Microsoft Internet Explorer is a security risk. According to ZDNet, Microsoft has issued cumulative security patches aimed at solving problems, but the patches don't provide as much protection as they appear to at first glance. This is just the latest half measure Microsoft has taken to close security gaps in this important piece of software.

Anything you can do to deviate from the standard configuration of Windows, Outlook (or Outlook Express), and Internet Explorer limits the risk that your machine will be exploited successfully. CTDATA recommends switching browsers and email clients where possible.

A nice alternative for both web and email is Mozilla, the Open Source web browser that evolved from the Netscape Communicator product line. News Factor Network reports that "Mozilla is overtaking Internet Explorer in terms of features, if not yet market share". According to the article, Mozilla incorporates ad blocking features and W3C standards that Internet Explorer does not.

Mozilla has the added advantage of being Open Source. This is particularly important when security risk assessment must be done. When a security issue is suspected with Mozilla, independent researchers can refer to the source code to determine the scope of the impact. With IE, these independent researchers must do all of their investigation through inference or reverse engineering. This increases the time associated with finding and reporting problems with the software product.

December 4, 2002

Nobody Ever Said Installing Open Source Applications Was Easy

Dave Aiello wrote, "Earlier today, Martin O'Donnell and I had a relatively long talk about installing Interchange, the Open Source E-commerce Platform. I have been struggling with this, on behalf of a client, for several weeks-- interrupted by a vacation, a major U.S. holiday, and two family birthday celebrations."

"In the course of the conversation, I suggested that there comes a time in the initial implementation of any major Open Source application where the implementor asks whether the software is ever really going to work?"

"My past experience tells me that the answer to that question is yes."

"I cannot think of a situation where I stayed the course and was disappointed. The only times I have been frustrated with Linux for an extended period of time were situations when I had not made the implementation my top priority, or when I had rationalized the decision to cut my losses."

Read on for more about perseverance on Open Source application installation....

Continue reading "Nobody Ever Said Installing Open Source Applications Was Easy" »

September 26, 2002

American Industry In Danger of Creating an Intellectual Property Double Standard

An interesting dichotomy is developing inside large American corporations. Some companies, including the content producers within the Entertainment industry, are hellbent on rolling back the rights that consumers have to enjoy television, movies, and music wherever and whenever they want. Meanwhile, software companies seem to be reducing their anti-piracy efforts, but only in developing countries where there was no understanding of intellectual property law in the first place.

In a piece on CNET, Gary Shapiro, the CEO of the Consumer Electronics Association, says that the content community has gone on a scorched earth campaign to destroy each successive new recording and distribution technology because the technologies may undermine established means of entertainment distribution. But, rather than working with the software and hardware industries to make marginal changes to digital technology that would reduce the most egregious abuses, the entertainment industry is trying to convince lawmakers that some aspects of Fair Use ought to be criminal offenses.

Meanwhile, Sam Williams writes in Salon that companies such as Microsoft have taken a lassiez faire approach to piracy in countries like China because it expects to profit more from the network effects of having millions of undocumented users of its software than it otherwise would if Linux got a big foothold in the market. Nevertheless, prices for the same software are increasing for customers in America and Western Europe.

It's impossible to reconcile these two approaches, and it's hard to imagine how Congress could aid companies pursuing both approaches simultaneously. Neither one of the strategies seems fair to Americans who are attempting to play by the current intellectual property rules.

September 14, 2002

GAIM: A Cross-Platform, Multi-Protocol Instant Messaging Client

Dave Aiello wrote, "Earlier this week, I decided I had enough of the AOL Instant Messenger Client for Linux because it seems to have developed font problems since I upgraded my laptop to Red Hat Linux 7.2. So, I started looking around at other instant messaging clients that could allow me to stay on AIM, and perhaps also provide support for other instant messaging protocols as well."

"I decided to look first at GAIM, an application written for the Gnome desktop on Linux that supports 'AIM, ICQ, Yahoo, MSN, IRC, Jabber, Napster, Zephyr, and Gadu-Gadu, all at once.' This program is truly excellent, and its IRC (Internet Relay Chat) support is an added bonus for those of us who work with OpenSource software. (A lot of OpenSource projects have on-going IRC discussions during the day for technical support.)"

"I was so satisfied with GAIM that I honestly never bothered to look at the other Linux IM clients."

"In an interesting coincidence, Slashdot is reporting that GAIM has just been released for Windows. (Note: It's an alpha release.) This is a great opportunity to get off the ad-driven IM clients of the Windows platform, and get on a stable OpenSource alternative that's bound to be well-supported."

September 12, 2002

OpenOffice Can Help You Get Along If You Don't Have Microsoft Office

Dave Aiello wrote, "I'm one of the Linux fans who must deal with Windows, and particularly Microsoft Office documents, on a daily basis. This has been a serious drain on my personal productivity because I have had to stop working and transfer any MS Office file that I receive to another machine in my office, whenever anyone decided to send me such a document."

"I've gotten around this problem by installing OpenOffice. This is an Open Source version of StarOffice, a software product that was acquired by Sun Microsystems in 1999."

"OpenOffice runs on a number of platforms: Linux, Windows, and Solaris, with MacOS apparently on the way. It looks like a great product if your primary goal is to display and print a reasonable facsimile of the MS Office documents sent to you by friends who live inside that software suite."

"I will probably get an opportunity to use OpenOffice more extensively, now that I have downloaded and installed it. But, I wanted to report right away on the initial successes I have had."

August 30, 2002

What is a Software Platform?

Dave Aiello wrote, "In the latest Joel on Software article, Joel Spolsky writes about software platforms. Software platforms are generally products that are used by Independent Software Vendors to product value-added products and services. Many of the software platforms have freely distributed runtime versions that allow users who have not purchased the deluxe version to enjoy some of the benefits of it, and more importantly, to interact with documents created by users of the full version. Examples include Adobe Acrobat and its Reader, and Java and the Java runtime." Spolsky says:

If you want a platform to be successful, you need massive adoption, and that means you need developers to develop for it. The best way to kill a platform is to make it hard for developers to build on it. Most of the time, this happens because platform companies either don't know that they have a platform (they think it's an application) or they get greedy (they want all the revenue for themselves.)

"Joel doesn't really get into this in his article, but, the whole idea of web services is to make data available from companies via their websites into software platforms."

"Some questions I have been mulling over have to do with whether businesses that have released web service interfaces to their websites are really going to allow third parties to treat these interfaces as platforms for moneymaking ventures. For instance, will I be able to do something with Google's web service interface that they didn't envision when they published the interface? Will I be allowed to make money from using their web services without being cannibalized by them down the road?"

Apple Will Open Source Its Rendezvous Network Service

CNET reports that Apple Computer will "open source" its Rendezvous network device discovery technology. This software allows Macintosh computers to find each other on a local area network without the owners fiddling with network-related control panels.

This is definitely an enabling technology that must be seen to be appreciated. But, the real interesting aspect of the announcement is the attitude of the Apple spokesman quoted in the article. He is reported to have said, "If you don't have it proliferate, it's the sound of one hand clapping." When companies do this, they are thinking that their technology is a platform for additional services, and not just a discrete software product.

July 27, 2002

Utah CIO on Why OpenSource is a Tough Sell to Governments

Phil Windley, the Chief Information Officer of the State of Utah, writes a weblog called Windley's Enterprise Computing Weblog. Earlier this week, he posted an article called Barriers to OpenSource in Government that cites three categories of obstacles to the adoption of OpenSource software by government. They are:

  • technical issues,
  • perception issues, and
  • cultural issues.

The article itself gets down to more specific issues than that. It's very interesting because these are not just his perspectives, but the consensus perspectives of a panel of government IT people at the OSCON Conference in San Diego.

July 26, 2002

CNET Suggests Possible Apple/Sun Alliance for StarOffice

CNET is reporting that Sun Microsystems and Apple Computer are collaborating on a version of StarOffice for OS X. Such a product would provide competition for Microsoft Office v.X.

The article touches briefly on the dispute between Microsoft and Apple over a legal agreement they struck several years ago when Steve Jobs returned to Apple as CEO. This agreement resulted in the development of Microsoft Office v.X, a product with a number of innovative features that has never sold as well as Microsoft and Apple originally expected.

Microsoft has publicly criticized Apple for its tepid marketing of Microsoft Office v.X. Meanwhile, Apple has succeeded in selling an increasing number of Macintosh computers to people who use them for multimedia creation and videography, rather than as general-purpose office computers.

Sun has a unique perspective on this. A senior Sun executive is quoted in the article as saying, "I don't want to sell StarOffice for OS X.... I want Apple to bundle it. I'll give them the code. I'd love it if I could get the team at Apple to do joint development and they distribute it at no cost--that it's their product. Nobody makes a product more beautiful on Apple than Apple."

June 19, 2002

Spolsky Applies Microeconomics to OpenSource Software

On his Joel on Software web site, Joel Spolsky, a former Microsoft manager discusses the economics of OpenSource software in his recent Strategy Letter V. In this article, he tries to explain the motivation of participants in the OpenSource software market in terms of substitutes and compliments, as defined in classic microeconomics. He suggests that OpenSource enterprise software can be considered a complement to computer hardware (in some cases), or consulting services (in more cases). This is one reason why IBM is investing so heavily in OpenSource projects like Linux.

The article also spells out in very simple terms what a Total Cost of Ownership calculation ought to include for OpenSource software. For example, if a new Linux kernel obsoletes a large class of hardware device drivers, that would add dramatically to the TCO. Too often, OpenSource advocates claim that such incompatibilities have no cost to the end user.

June 18, 2002

Disney Shifting Film Animation to Linux

Martin O'Donnell pointed out that today's New York Times is reporting that Disney's film animation division is migrating its workstations to Linux. This is not a surprise because many film production businesses in Hollywood have made the switch to Linux in the last two years. What is interesting, however, is the fact that the Times chose to initially refer to the operating system as "GNU Linux". We wonder if the writers and editors fully appreciate the political connotations of doing that.

May 23, 2002

Microsoft at War with Open Source at Pentagon

The Washington Post reports that Microsoft is lobbying the Defense Department to reduce its use of Open Source software. According to the article, "...the effort may have backfired. A May 10 report prepared for the Defense Department concluded that open source often results in more secure, less expensive applications and that, if anything, its use should be expanded."

May 20, 2002

Apple's Embrace of UNIX Winning Converts

Doc Searls has been noticing a lengthening list of technically-oriented webloggers who are using Apple Macintosh computers running OS X. He says that OS X, a BSD UNIX-based operating system with a good (and steadily improving) user interface is winning converts. Searls says: "Apple is doing a lot of things right (or close enough), and their circle of the development Venn diagram is overlapping hugely with the UNIX community, including committed open source folks, commercial 'solutions' developers and all those science types for whom UNIX is simply a universal environment...."

From our perspective, the biggest problem with the Macintosh as a general-purpose computing platform right now is that it is not Intel-based. Therefore, it doesn't run VMware. This is still important to us, and will continue to be important until our consulting customers no longer run any server-based apps on Windows that don't run on any other OS.

May 16, 2002

Mossberg: "StarOffice 6.0 has a long way to go"

In this week's Personal Technology column in the Wall Street Journal, Walter Mossberg reviews the latest version of StarOffice-- the office suite that Sun Microsystems sells to compete with Microsoft Office. He is a stickler for ease-of-use, which means that his reviews are often an important reality check when a new version of a software product or a new electronic gadget is shipped. Therefore, no one should be surprised that Mossberg doesn't like StarOffice 6.0 very much.

Mossberg says that although StarOffice is much improved over previous versions, it costs 80 percent less than Microsoft Office, and its registration processes are less intrusive, it doesn't do so well with Microsoft Office compatibity. He says, "StarOffice 6.0 is fair. It's usable, but it's definitely inferior to Microsoft Office. It's harder to use, less intuitive and sometimes unable to render properly certain documents in Microsoft's formats."

This is a tough review, but not as bad as some reviews that Mossberg has given to long-awaited technology products in the past. Considering the substantial changes that Sun has made to StarOffice since it acquired it, we suggest that people keep an eye on the product to see if it continues to improve at its current pace.

It's hard to know whether StarOffice will ever achieve total Microsoft Office file compatibility, unless the judge presiding over the Microsoft anti-trust case orders the company to document its file formats. Yet, many of the issues Mossberg has with StarOffice have to do with idiosyncracies of its user interface, and these are fixable. On the other hand, we would be lying if we didn't admit that we're praying every day for a viable competitor to Microsoft Office. So, perhaps we are a little guilty of wishful thinking.

April 16, 2002

eWeek Says "Apache 2.0 Beats IIS at its Own Game"

Jim Raposa of eWeek compared Apache 2.0 for Windows to Microsoft Internet Information Server 5.0 and found IIS wanting. The review says, in part:

eWEEK Labs compared the performance of Apache 2.0 and Microsoft Corp.'s Internet Information Services 5.0, both running on Windows 2000 Advanced Server. Apache kept pace with IIS during the entire test, which means that sites that move from IIS to Apache 2.0 on Windows won't have to worry about taking a performance hit.

When it comes to security, IIS doesn't come close to Apache. Apache's security track record is excellent, while IIS has taken hit after security hit. Just last week, Microsoft announced that 10 new security holes (several of which were serious buffer overruns) had been discovered in IIS.

January 29, 2002

Cookie Management Vulnerability Affects Many Versions of Netscape 6 and Mozilla 0.9

InfoWorld reports that a cookie management vulnerability has been found in Netscape Navigator Version 6.0 to 6.2 and Mozilla prior to version 0.97. This vulnerability has been acknowledged by Netscape and The Mozilla Project, and updates are available.

January 25, 2002

O'Reilly Network Loves iPhoto

Derrick Story wrote a review of iPhoto from a professional photographer's perspective for The O'Reilly Network. This is the second review of iPhoto we've written about this week, and both were extremely favorable. (See also our article about Walt Mossberg's review in The Wall Street Journal.)

What makes Story's review interesting is the fact that he is willing to use a bundled software package for professional purposes. This is a major endorsement, which will give Apple a lot of credibility in the technical professional community.

January 24, 2002

Mossberg: iPhoto is a Strong Argument for Getting a Mac

Dave Aiello wrote, "For a few weeks now, I've been quietly wispering the word iMac to friends. The reasons are: applications and operating system."

"Apple is in the process of redefining the choice between PC and non-PC computing devices. I now look at the iMac not so much as a computer that does not run Windows applications, but as a device that makes things I want to do easier."

"It appears that Walt Mossberg agrees with me. In his latest Personal Technology Column that appeared in The Wall Street Journal today, Mossberg called iPhoto 'a strong argument for getting a Mac' if 'digital photos are your passion'. He also says:"

Every Mac comes with a suite of free, elegant digital media programs, which are in most cases simpler and more capable than their Windows counterparts. There's iMovie, the easiest and best video editor I've seen. There's iTunes, a very nice MP3 music jukebox that can also burn audio CDs. There's iDVD, the best and simplest program I've tested for creating home-made DVDs. And now, Apple has rounded out the quartet with iPhoto, a program for organizing, managing and sharing digital photos.

Dave Aiello continued, "Criticism of the notion of a computer as a digital home hub not withstanding, we need to start evaluating computing devices on what they let us do now, not what they will theoretically support if we spend a year researching the issue. Run the servers on Linux, keep a PC around for office productivity work. But, we should have a different standard for the family virtual photo album. I want to create my own DVDs today, and Apple has a compelling bundle that I can buy on the way home."

January 9, 2002

Felten Interviewed by Business Week

BusinessWeek published an interview with Princeton Computer Science Professor Edward Felten that took place at the Future of Music Policy Summit. Dr. Felten is best known for challenging the anti-circumvention portions of the Digital Millenium Copyright Act through his lawsuit against the Recording Industry Association of America.

In the article, Felten says:

No one knows how to give customers [in the digital world] what they want without the copyright holders being stolen blind. The solution to the problem of illegal copying of music is mostly not a technology problem. I think there will be a movement toward offering different kinds of services. Interactive applications that help you find music you like, help you index and search, give you additional information about the artist you're listening to.

January 8, 2002

Four Year Old Security Issue Reportedly Reappears in IE 5.5 and 6.0

Newsbytes reports that security experts have discovered that Microsoft Internet Explorer fails to implement a security standard created in 1997. The standard, referred to as the "same-origin policy" requires that JavaScript code executing in the context of one Web site should not be able to access the properties of another. When this policy is not implemented "... a grab-bag of techniques {are available to attackers} for stealing other users' browser cookies, reading some files on their hard disks, and 'spoofing' the content of legitimate sites".

According to a SecurityFocus report on the flaw, "This violation of the 'same-origin policy' is a severe security vulnerability. There are many ways that an attacker could exploit this vulnerability."

December 17, 2001

Microsoft Released Patch for Dangerous IE Bug

On Friday CNET reported that Microsoft released a patch for Internet Explorer 5.5 and 6.0 that is meant to close a dangerous hole in the browser. CTDATA originally reported on this flaw last Wednesday. The patch apparently fixes several problems that, if left unpatched, may not become apparent at the same time.

The flaw that is present in IE 6.0 appears particularly dangerous, in that an attacker can "alter HTML information in a way as to trick IE to open a damaging executable file without asking the {user} for confirmation."

December 12, 2001

Microsoft Has Let "Devastating Browser Download Hole" Exist Since November 19

Yesterday, Newsbytes reported that Microsoft will patch a flaw in Internet Explorer that allows malicious code to be silently downloaded and executed. The vulnerability definitely affects IE for Windows 5, 5.5, and 6, and may affect some versions of Outlook, Outlook Express, and Eudora. Microsoft was made aware of this problem three weeks ago.

If the vulnerability is a "devastating browser download hole" as the Newsbytes article says, Microsoft's response was not nearly fast enough. Also, the security by obscurity approach taken by the organization that discovered the problem is preventing people who are at risk from making a proper assessment of potential security threats.

June 11, 2001

Lotus is Selling Knowledge Management into a Storm

Tomalak's Realm (which still appears to be operating), pointed out an interesting article on, a Web Site produced by The Boston Globe. Scott Kirsner writes about Lotus's latest product, a knowledge management tool called the Knowledge Discovery System.

Kirsner points to a major problem in Lotus faces in marketing this new software product at this stage in the economic cycle: the discretionary nature of the purchase decision. He says that Knowledge Management is "... just not a problem that companies feel must be get solved right now, not when they’re focused on cutting costs by any means necessary. That makes it an inauspicious moment for the debut of Lotus’ $395-per-user Knowledge Discovery System."

May 17, 2001

More Motion Picture Production to be Done on Linux

The Wall Street Journal has another article documenting the increasing use of Linux as the underlying operating system for motion picture production applications. This article, which is syndicated through ZDNet, points out that momentum has built around Linux since its successful use by Digital Domain in the special effects sequences in the movie "Titanic".

The article does not really make clear the extent to which Linux adds value to the production process, apart from decreased cost and source code availability. How much do Pixar and Industrial Light and Magic need to modify the kernel in order to get the performance they want out of Linux? How much of the studios' efforts to convert from IRIX or Solaris to Linux is simply taking the time to port the application in the traditional manner?

March 25, 2001

Managing DHCP Addresses in VMware Client Operating Systems

Dave Aiello wrote, "I'm not sure anyone else will consider this a revelation, but, I figured out how to acquire a new IP address via DHCP when I cable up to a new network. This is important for me because I often run Windows NT and 2000 as client operating systems under VMware for Linux. Rather than shut these client operating systems down, I often suspend them (explained here in the VMware for Linux Quick Start Guide)."

"Many times, I will suspend my Windows in one place and restore it in another. When both places have TCP/IP networks and DHCP, the IP machine is restored with an incorrect IP address and Windows doesn't seem to notice right away. So, read on if you are interested in the solution."

Continue reading "Managing DHCP Addresses in VMware Client Operating Systems" »

February 6, 2001

Users Thwarted in Attempt to Report HTML Mail Security Flaws

Wired News is reporting that a programmer in British Columbia found security flaws in the way email containing HTML was handled by Netscape Communicator and Microsoft Outlook. Although this discovery took place in 1998, Microsoft and third parties that tracked bugs in their software, deemed this problem "a privacy issue, not {a Microsoft Windows} problem".

The Wired News article is a pretty damning assessment of NTBugTraq, if the alleged response from the moderator of that mailing list is indicative of situations that they are willing to ignore. A lot of people within the Linux community are thought to be obsessive about security concerns. But, another interpretation is that they are "the canaries in the coal mine".

February 5, 2001

Slashcode Installation May be Greatly Aided by Apache Toolbox

Dave Aiello wrote, "One of the best ideas I got last week at LinuxWorld Expo came from Brian Aker of the Slashcode Project. He recommended that I use Apache Toolbox to cleanly install Apache and all of the other components of the suite required to run Bender or Slash 1.x."

"Today, Dave Winer mentioned Apache Toolbox on Scripting News. This was a good reminder to me to post an article about it on our Web Site."

"I am going to try to use Apache Toolbox on my first Bender installation, which I hope to perform sometime this week. I will post the results of this installation once I do it."

January 5, 2001

UI Improvements that VMware Needs to Get Closer to Perfection

Dave Aiello wrote, "Many of you know that CTDATA is now running Linux wherever possible. I personally use a laptop that runs VA Linux's 6.23 distribution (a slightly modified version of RedHat 6.2). To do my pure PC work, I run virtual Microsoft Windows sessions on VMware."

"I decided I wanted two different configurations, a 'state-of-the-art' Windows 2000 workstation, and a Windows NT 4 instance to emulate our last Windows NT production server."

"Building and operating two different virtual machines under VMware gave me some ideas of how to make some slight improvements in VMware's performance. Read on for my ideas and let me know if you agree or disagree."

Continue reading "UI Improvements that VMware Needs to Get Closer to Perfection" »

November 20, 2000

VMware for Linux 2.x: A Credible Alternative to Dual Booting

Dave Aiello wrote, "In an attempt to fully embrace Linux as a server operating system, I decided that the I needed to force myself to use that operating system as much as possible. So, I bought myself the latest and greatest Dell Inspiron laptop, loaded it with as much memory as I could get, and left the comfort of Windows behind."

"But, there were problems with this strategy. What Linux software makes it easy to manage a small payroll? What Linux software helps you to control co-located NT Servers? After all, one cannot deploy Linux in a co-lo environment until you are comfortable using the operating system in day-to-day situations."

"The solution turned out to be VMware 2.x from the company of the same name. This is the kind of product that I dreamed of having when I was a Macintosh user, years ago. VMware lets you carve out a virtual machine from your Linux box and place in it any flavor of Windows you choose. Compatibility has been, in a word, extraordinary. It's hard to argue with a system like this when it runs such demanding applications as RealPlayer 8 Plus and PCanywhere in the client operating system."

Continue reading "VMware for Linux 2.x: A Credible Alternative to Dual Booting" »

October 29, 2000

AOL to Its Customers: Home Page? What Home Page?

According to CNET, America On-Line has permanently fixed the home page on the browser portion of its new AOL 6.0 client software to its own Web Site.

What surprises us is that no one has picked up on this statement-- perhaps one of the dumbest statements made by an Internet executive in recent history:

"What we did was we looked at the
toolbar as a whole, and in that
redesign, in that streamlining, we moved some things around," said Jeff
Kimball, executive director at AOL. "And yes, {the home page button is} not there."

October 6, 2000

GuruNet Recommended for Research Tasks

Julie Aiello pointed out that Walter Mossberg reviewed GuruNet in his latest Personal Technology Column in the Wall Street Journal. Julie is a professional researcher at Gund Investment Corporation, and said of GuruNet, "so far it's been a terrific research tool - much quicker than logging into
Yahoo or some other search engine to look something up when I'm trying to find
information quickly."

Continue reading "GuruNet Recommended for Research Tasks" »

August 30, 2000

Camellia Batch Job Server Recommended for "cron-type" Functions on NT/2000

CTDATA has tested Batch Job Server from Camellia Software as a solution for controlling unattended server-based tasks on Windows NT and Windows 2000 servers. We consider it a reliable tool that provides more functionality than the UNIX cron system. In fact, we believe that BJS is a sophisticated job control system that mimics many of the mini-computer and mainframe batch control environments.

Read on if you want to know why we think so highly of it. We will also attempt to outline use strategy for this product.

Continue reading "Camellia Batch Job Server Recommended for "cron-type" Functions on NT/2000" »

August 22, 2000

Alternatives to Netscape 6 Preview Announced

A number of people we know are hoping that Netscape releases a new browser that is competitive with Microsoft Internet Explorer. Generally, these people have been disappointed by the preview releases of Netscape Version 6. However, today Slashdot mentioned two new browsers that are based on the Gekko Project-- the OpenSource project upon which Netscape Version 6 is based.

Kmeleon is a Windows browser based on Gekko. It is compared by its developer to Galeon, a Gekko-based browser for the GNOME environment on Linux.

These browsers may represent usable alternatives to Netscape 6 Preview 2, although they probably won't fully replace Netscape Communicator 4.7 for people who use it to read their mail.

August 18, 2000

mySQL Developers Adding Transaction Support

A short article posted to states that a version of MySQL with transaction support is under development. Confusingly, they refer to this version as MaxSQL.

The article describes MaxSQL as "a MySQL distribution compiled with Sleepycat Software's BerkeleyDB support for transactions." Perhaps we do not use MySQL enough, but we do not understand the relationship between MySQL and the BerkeleyDB. Is MySQL implemented on top of BerkeleyDB, or is BerkeleyDB integrated as a datastore primarily to support the transaction management process?

July 27, 2000

Blast from the Past: Clay Shirky on Napster in Feed

We join the chorus of people thanking Lawrence Lee and his Tomalak's Realm for being the Web's group memory. He pointed out that Clay Shirky wrote a great piece on Napster that was published by Feed way back in April.
Likening the debate between Napster and the RIAA to the futile attempt by state and Federal governments to enforce the 55 mile per hour speed limit, Shirky wrote:

"As with the speed limit, Napster
shows us a case where millions of people
are willing to see the law, understand the
law, and violate it anyway on a daily basis.
The bad news for the RIAA is not that the
law isn't on their side. It plainly is. The bad
news for the RIAA is that in a democracy,
when the will of the people and the law
diverge too strongly for too long, it is the law
that changes."

Salon: Victory in Napster Case Dooms Recording Industry as We Know It

Dave Aiello wrote, "I have never used Napster, so I have to admit that I have some catching up to do with the people who have used it and understand the implications more fully. Scott Rosenberg wrote an excellent piece in Salon that points out a number of issues that will quickly come to the forefront now that it looks like the RIAA will succeed in shutting most of Napster down." Among other things, it says:

  • Napster might be preferable to anarchy because the RIAA could have cut a deal with the Napster company instead of demonizing it.
  • The centralized directory of mp3 files that Napster represents will likely give way to a massive web of peer-to-peer file sharing systems that will make intellectual property rights that much harder to enforce.
  • The Wall Street Journal got it wrong in their Napster article earlier in the week because they chose to focus on the Napster company's arguably hypocritical stance on its own intellectual property.

Continue reading "Salon: Victory in Napster Case Dooms Recording Industry as We Know It" »