W3C publishes HTTP Implementation and User Agent Problems Notes

W3C has released Common HTTP Implementation Problems and Common User Agent Problems as a W3C Note. According to W3C, The guidelines will improve implementations of HTTP and related standards and also offer suggestions for good user agent behaviours. From the HTTP Implementation Problems note, here are few guidelines which I have seen being reiterated by many many people in the last few months.

1. Use short URIs as much as possible
2. Choose a case policy, Avoid URIs in Mixed case , As a case policy choose either "all lowercase" or "first letter uppercase".
3. Provide mechanisms for File System to URI mapping
4. Allow the use of standard redirects
5. When you change URIs, use standard redirects...

Security Fears for Web services

This news article on The Inquirer screams, Large firms hold off Web services because of security fears. This is exactly what will happen with the delay in Web Services security standards.

Web Services: Change Everything? Change Nothing?

The Rational Edge E-zine has a good article on Web Services titled Web Services: The Same, Only Different. Essentially what this article discusses is that whether Web Services change everything or that web services are just another piece of software and normal software development practices and tools apply to these. The article comes up with few notes at the end all of which I find very relevant.

• For the most part, developing Web services applications is the same as
  developing any other type of software application.
  
• There are, however, two important differences:
  
  
  
  • Service-oriented architectures are loosely coupled.
    
  • Web services development relies on HTTP and TCP/IP networking.
    
  
  
• These differences enhance the importance of:
  
  
  
  • Designing Web services that fit into an overall service architecture.
    
  • Optimizing component and application design specifically for Web
    services technologies -- especially to compensate for the slow and
    unreliable nature of HTTP and TCP/IP networks.
    
  • Utilizing lifecycle software management tools and best practices that
    enforce architectural control.
    
  • Continuous regression testing for service producers and consumers,
    both of whom risk serious consequences if a Web service fails.
    

ieHTTPHeaders [via Serdar Kilic]

This is a really really cool tool. Off late We've been doing stuff which always required looking at the HTTP headers and we employed a number of ways to do that. ieHTTPHeaders leave everybody behind.

ieHTTPHeaders is an explorer bar for Internet Explorer that will show you the HTTP Headers IE are sending and receiving.

Best part is that it is employed as an explorer bar in IE and second it color codes request and response headers. While there do check out the other tools. All very useful especially COMTrace.

NetRun no-touch deployment utility

Here's a great utility for no-touch deployment by Rocky Lhotka.

This program can be installed on a client workstation, along with the .NET runtime, and can then be used to launch .NET programs from a URL. The .NET program will be automatically downloaded into a cache on the client machine and will run from there. Any dependant DLLs will also be automatically downloaded to the client machine. The program and DLLs will also automatically update when new versions are placed on the server.

The source for this information, Rocky himself. He was the speaker yesterday for the monthly .Net Developers group meeting at Columbus. He spoke on architecture choices and best practices for putting the .Net Framework to work. It was a nice talk and we actually understood Remoting and Web Services concepts and when to use which. Cool.

Bill Gates on Security

In his latest executive e-mail, Bill Gates talks of the continuously evolving Security challenges and outlines the steps Microsoft has taken over the last year to address these challenges.

In the past year we have created new product-design methodologies, coding practices, test procedures, security-incident handling and product-support processes that meet the objectives of this security framework: Secure by Design...Secure by Default...Secure in Deployment...Communications

And he needs some help from the customers on three things,

1) stay up to date on patches, 2) use anti-virus software and keep it up to date with the latest signatures, and 3) use firewalls.

News That Comes to You

JD Lasica writes about RSS Feeds and News aggregators in this OJR column. Another cool thing he did is that he has published the complete transcripts of the interviews he had to collect views and opinions of people using RSS and aggregators. Your's truly was one of them. Read my interview on this page and others here. Writes Dave Winer about this:

JD does something extremely cool, on his weblog he provides full transcripts of the interviews he did for the piece. Much more interesting. Very nice. Someday all reporters will do this. Hey maybe they'll skip writing the polished piece, esp when the article isn't appearing in print.

I agree. This is the way online journalism will shape in the near feature.

Name Your Price for Airline Tickets, Hotel Rooms and ummm, well Software..:)

Informationweek has a story of a company called NetDive which allows you to download software a la Priceline.com and then allows you to determine the software's value before making an offer.

The Priceline.com approach has come to business software. NetDive Inc., which makes software for messaging, collaboration, and real-time customer service, has launched a name-the-price feature on its Web site. Customers can download test versions to determine the software's value before making an offer. A desperate move for hard times? The strategy acknowledges that a piece of software may provide different value at different companies, so pricing flexibility is key to attracting cost-conscious customers, CEO Dean Ansari says. Plus, it caters to human nature. Says Ansari, "If people could haggle about everything, they would."

Always On, The Insider's Network

A new website, Always On by Tony Perkins, editor-in-chief of Red Herring Magazine.

AlwaysOn (AO) is a media company dedicated to serving the global community of executives, entrepreneurs, investors, academics, and government officials who are helping to create and shape the Always On world. The AO founding premise is that most of the innovation associated with the global digital network developing on the Internet is still largely ahead of us.

Just checked the Founding Partners and saw a company by the name of Devi Yoga. What's that doing here?

Fly UI [via ChaosZone!]

Blue Fly in a urinal. A very clever UI design !!!

But this innocuous little fly just invites being peed upon, if such a thing makes any sense, but in a non-insistent, gentle, and entirely effective way. If you're the user interface specialist Donald Norman, I suppose you'd say the fly affords being peed on.

"The Glass Wall" : BBCi Design Process Document

Matt Jones has provided a PDF document titled The Glass Wall which details the design process and thoughts behind the BBC home page. It's a very interesting document. I encourage you to read it even if you are half a web designer/architect.

Mouth Wide Shut

New essay by Joel Spolsky:

When Apple releases a new product, they tend to surprise the heck out of people, even the devoted Apple-watchers who have spent the last few months riffling through garbage dumpsters at One Infinite Loop.

Microsoft, on the other hand, can't stop talking about products that are mere glimmers in someone's eye. Testers outside the company were using .NET for years before it finally shipped.

So, which is right? Should you talk endlessly about your products under development, in hopes of building buzz, or should you hold off until you've got something ready to go?

Some thoughts about SMBmeta Initiative

Some days back Dave Winer blogged about SMBBeta initiative. SMBmeta Initiative, which stands for small and medium-sized business metadata, is an open, distributed way for small and medium-sized businesses (with a web presence) to communicate information such as the physical location of the business and the area it serves, as well at the type of business, the working hours etc to search engines and other services. SMBmeta works using an XML file named smbmeta.xml:

The smbmeta.xml file is an XML file stored at the top level of a domain that contains machine readable information about the business the web site is connected to. It is an open, distributed way for small and medium businesses to communicate information such as the physical location of the business and the area it serves, as well at the type of business, to search engines and other services. Hopefully, it will open up innovation that will result in a wide variety of new services that will benefit the SMBs and their customers.

In my opinion, This is very much like meta tags that you place in the head section of your html file. So what's the big deal. Meta tags (for e.g. keywords meta tag) are used to make your site favourite of search engines and this lead to a widespread abuse of meta tags. As far as I know Google no longer gives importance to meta tags because of this abuse. So how will we make sure that people are not abusing this XML file by entering all kinds of keywords. Any thoughts? I had thought that it was limited to just US SMB's but apparently it's not.

Top Vulnerabilities in Web Applications

The Open Web Application Security Project (OWASP), an Open Source community project has released the top ten vulnerabilities in web applications. The top ten vulnerabilities that makes the cut are:

Unvalidated Parameters
Broken Access Control
Broken Account and Session Management\
Cross-Site Scripting (XSS) Flaws
Buffer Overflows
Command Injection Flaws
Error Handling Problems
Insecure Use of Cryptography
Remote Administration Flaws
Web and Application Server Misconfiguration

You can read the complete report in this PDF document. I don't think this is the complete list but yes even if we follow this, we can make our applications much much secure.

Eric Weisstein's World of Science

I just stumbled upon this great site containing encyclopedias of astronomy, scientific biography, chemistry, and physics. Especially check the Mathworld. Cool.

SPOT ON or OFF

At 2003 International Consumer Electronics Show (CES), Microsoft released SPOT based wrist watches. From the Microsoft SPOT website:

Smart Personal Objects Technology devices are built on a brand new computing platform incubated in Microsoft Research (MSR). Microsoft worked with National Semiconductor to develop a chipset, which consists of an application chip and a tiny radio frequency receiver. The platform has been optimized for low power draw, miniaturization and low cost. To provide connectivity to SPOT devices, Microsoft created DirectBand, a set of radio technologies that enables the transmission of Web-based information to smart objects. DirectBand includes the custom radio receiver chip, a nationwide wide-area network based on FM subcarrier technology and new radio protocols created specifically to meet the unique communication requirements of smart objects.

Content such as news, weather and sports information is broadcast to smart devices as wireless "channels." Subscribers can customize the channels and the information within each channel so they see only the information that is important and relevant to them. They establish their preferences by interacting with a simple SPOT device Web site from their PC. A personalized Web site makes the care and nurturing of multiple smart devices easy and convenient.

But will these devices work outside of US. From what I've read so far, only Japan features as another country where these devices will work. I am really eager to know whether these will work in India, since the chips that goes in these devices were designed at the National's design centre in Bangalore.

Hotmail: A Spammer's Paradise?

Wired.com has a piece today on Hotmail being vulnerable to Spammers attacks and that they are not doing anything to avert this. I disagree. Over the last couple of months there has been a drastic reduction in the number of spam mails on Hotmail. Infact I get more spam in my yahoo email than hotmail today.

Clay Shirky on ZapMail and Telecommunications Industry

Clay Shirky compares the offering by Telephone companies to ZapMail, a fax service offered by FedEx in 1984(Two years and billion dollars later this service vanished). FedEx failed to understand that Fax was a product and not a service and that it's competition were it's own customers and not DHL/UPS.

FedEx misunderstood who its competition was. Seeing itself in the delivery business, it thought it had only UPS and DHL to worry about. What FedEx didn't see was that its customers were its competition. ZapMail offered two hour delivery for slightly reduced prices, charged each time a message was sent. A business with a fax machine, on the other hand, could send and receive an unlimited number of messages almost instantaneously and at little cost, for a one-time hardware fee of a few hundred dollars.

Telephone companies are making the same mistake with Wifi and VoIP. He writes:

If the economics of internet connectivity lets the user rather than the network operator capture the residual value of the network, the economics likewise suggest that the user should be the builder and owner of the network infrastructure.

Outlook News Aggregator

So many applications being built around RSS. Greg Reinacker has come up with Outlook News Aggregator. This requires Outlook 2002 (Outlook XP) and uses parts of Aggie (open source). This is cool. Eventually it will take away one more application from my desktop (Currently I have NewzCrawler running for most part of the day). Scripting News points to few more aggregators based on .Net.

The 100 Best companies to work for

Here's the Fortune Magazine's list of 100 best companies to work for(in US??). There are so many fairly unknown companies which make up this list. Edward Jones tops the list, one of the reasons being that 25% employees have stake in the company. Now I wonder How many non-stakeholder employees were sent the Questionairres...:)

ASP.NET Forms Authentication

This question comes up on almost every ASP.NET list every now and then. This article shows one of the several ways of authentication, Forms based Authentication. 15 Seconds has another good Forms based authentication article.

An evening of Comebacks

Pitsburgh Steelers spoiled what would have been a perfect weekend for us sitting in front of the TV. They rallied from a 17 point deficit to defeat Cleveland Browns 36-33. Three touchdown passes in the last 19 minutes, awesome. We kept believing final 54 secs of the game will bring some of the last minute Browns magic back again but no, not this time. In another game, San Fransisco 49ers came back from a 24 point deficit to beat NY Giants 39-38. What a game that was? One word, Intense. Weekend got a great start with Ohio State Buckeyes getting a win over Miami Hurricanes 31-34 to win the Fiesta Bowl. What a season for Buckeyes. The party that begun friday night in Tempe, Arizona will continue for a long time in Columbus. Cheers !!

Update: The NFL issued a press release on Monday stating that officials should have flagged a 49ers defender for pass interference on the final play of the game, allowing the Giants a second chance at a game-tying field goal. Does that take anything away from Garcia and his men, I don't think so.

Where the heck are we? [via Perceive Designs]

GeoURL may provide the answer.

GeoURL is a location-to-URL reverse directory. This will allow you to find URLs by their proximity to a given location. Find your neighbor's blog, perhaps, or the web page of the restaurants near you.

After adding some meta tags to your blog/website and then adding yourself in their database, You can find blogs/websites close to you.

Finding System Uptime of Windows XP Professional machine

Today I wanted to find out the total Uptime of my Windows XP Pro machine. Found out that there is a systeminfo command line tool that among other things give you the System Up Time info. Here's a batch file script that you can put down quickly to just extract the System Up Time using the systeminfo command line tool.

@systeminfo | @find "System Up Time:"

@pause

Better still, just download this Uptime.exe and run it on your XP Pro machine. Don't worry about what the System Requirements section says, it runs just fine on XP Pro. Here's the output:

D:\>uptime
\\DM has been up for: 0 day(s), 5 hour(s), 29 minute(s), 54 second(s)

Try the uptime /s switch for some really cool stats.

Generating revenues off Blogs

Paid Content has an article on business potential of weblogs and how some of the niche weblogs can be acquired by the more traditional media companies. The article has a list of some probable M&A marriages. For e.g. Corante Blog being taken over by Wall Street Journal Online, Gawker by New York Observer etc. It also talks of few blogs that were bought by semi-academic institutions in 2002.

...Romenesko's MediaNews and E-Media Tidbits, bought out by the Poynter Institute; Cyberjournalist.net, by the American Press Institute; and Arts and Letters Daily, bought out by The Chronicle of Higher Education (Wasn't TVSpy a weblog before it was bought by Vault.com?)

The article makes clear what they mean by being bought, which is quite important.

...And let me explain the term "bought" here: this may not necessarily mean exchange of money, but could be a package where the blogger gets a salaried position, or a certain cut out of the ad/subscription revenues and other such combinations. As Mark Glaser recently wrote on OJR: "Best-Case Scenario [in 2003]: Smart bloggers get their due, become famous, and can get paid for what they do. Media companies get it, and start assigning blogs as real jobs and not just extra-curricular activities." Amen!

Now, This is a stretch

According to this Reuters story, Web Monitoring Gives Clues to Broad Economic Trends. And I thought predicting Economy and Economic trends takes a lot of time (years) and statistical data (years) but apparently I am wrong.

So far, comScore has signed up 20 trading clients, including multibillion-dollar hedge fund investors and several of the major investment banks. Costs for macroeconomic and industry sector data start at $50,000 to $100,000 per year and go up from there. The biggest clients pay upward of a million dollars per year, but prefer to keep their uses secret, comScore officials say.

Happy Birthday, Dear Internet

20 years ago, ARPANET officially switched from the NCP protocol to TCP/IP. Thus was born, Internet in its present form.

Happy New Year

Wishing one and all a Very Happy, Fulfilling, Prosperous, Joyous and Fun-filled New Year 2003 !!

Monica and Deepak