Google's interactive 2004 Zeitgeist

View Google's interactive 2004 timeline.

Internet Explorer Developer Center

 Microsoft folks relaunched the Internet Explorer Developer Center. Too much noise about Firefox made it.

You can find this at the relatively easy to remember URL http://msdn.microsoft.com/ie and is a portal for developers using Internet Explorer technologies.

MSDN2 and JScript 8.0

There is a Visual Studio 2005 Beta Documentation online. There they come… and JScript 8.0 is out there: check how this scripting language fits in the .NET platform.

 

Struts 2.0 on top of JSF

It seems that Struts 2.0 (code-name Shale) is going to be based on JSF. Here you can read a detailed proposal. It’s not surprising as Craig McClanahan created Struts and is a co-spec leader of JSR-127 (JSF). And he has spoken out about the pros of using both technologies together.

Some useful W3C documents

HTTP GET/POST

When I interview somebody for a web-related technical position, I use to ask what the differences between GET and POST are. I have heard almost all creative (but wrong) answers about that, but very few guys have answered it quiet well.

Besides the HTTP specification where it is stated that the capital difference between those methods (GET is semantically idempotent, POST isn’t) and a lot of consequences, fortunately today I found an article (a finding they call) from the Technical Architecture Group (TAG) that will help to understand those consequences about the intrinsic difference by exposing well documented examples as to reinforce the specification points regards this topic. The whole TAG findings list is also available.

Architecture of the World Wide Web as a W3C Proposed Recommendation

These guys stated that the Architecture of the World Wide Web was a Proposed Recommendation. This is a very well documented reference for those who want to get the benefits of a number of recommendations from the W3C on their web sites or applications. This is also a TAG work.

XML Binary Characterization Use Cases

A lot have been said about the overhead XML impose to the communication layer in a number of architectures. Well, W3C is working on an initiative that goals in provide an alternative serialization method in order to alleviate this issue. Currently they are grouping all the different XML use cases, and ask the community to provide some cases they are missing. Personally, I found that they miss EDI/XML and ASN.1 XML use cases. I already emailed this observation.

XML Schema Second Edition Is a W3C Recommendation

 We should promote its use among our peers…

The World Wide Web Consortium today released XML Schema Second Edition as a W3C Recommendation in three parts: Part 0: Primer, Part 1: Structures and Part 2: Datatypes. The second edition is not a new version; it corrects errors found in the XML Schema first edition. A modular approach well-suited to distributed applications, XML schemas define shared markup vocabularies and the structure of XML documents using those vocabularies. Visit the XML home page.

DDR2 Memory

Double data rate (DDR) memory is coming. DDR2 is the name given to the latest memory technology used in IBM NetVista desktop PCs and IBM eServer xSeries servers.

The primary benefit is the potential for faster throughput. Currently DDR2 operates at data transfer rates starting at 400 MHz (the upper limit for DDR) and 533 MHz. Support for 667 MHz and 800 MHz transfer rate is expected in 2005. In addition, the DDR2 improves the power consumption of the DIMM because it works on a lower voltage. DDR operates at a range of 2.5 to 2.8 V, whereas DDR2 only requires 1.8 V.

More about this is the original article.

PopGavaMail 0.1.3 Released

 From SourceForge rmanocha let us know the following:

PopGavaMail is a POP3 proxy server for the famous Gmail webmail service. It opens up a port on your localhost which can then be connected to read your mail from your favorite mail client. It uses the g4j library to talk with Gmail. Release 0.1.3 bring major feature enhancements to PopGavaMail. Primary among them is the option to specify a port to start the server on. Other options have been added too. Read the Release notice at: https://sourceforge.net/project/shownotes.php?group_id=120786&release_id=278083 You can download the Package from: https://sourceforge.net/project/showfiles.php?group_id=120786 On a side note, I have started writing the IMAP server. Some very initial code has been written. If you are interested, you can check it out at: http://cvs.sourceforge.net/viewcvs.py/gavamail/imapGmail/ If you think you can help me, please contact me(rmanocha@users.sf.net). Best rmanocha

 

 

Gracias DJ

Te genera muchísima alegría cuando un amigo tiene un detalle contigo, sobretodo si este nace 100% de manera espontánea. Simplemente un amigo pensó en ti, pensó en alguna necesidad que tenías y que por alguna u otra razón no satisfacías, y decide él mismo satisfacerla. Así, de la nada, del puro gusto de dar y compartir, de hacer vida. Justamente por esto es hermoso dar, porque uno se siente pleno, satisfecho, vivo.

Pero también recibir -a menos que uno tenga o bien, un serio problema de soberbia o una autoestima increíblemente baja- es súper agradable. Claramente también te sientes muy contento, muy pleno? sobretodo porque te sientes muy rico. No tanto por el detalle o el regalo, sino porque sabes que cuentas con un amigo. El detalle puede ser desde una sonrisa o una amabilidad que te desagobie de alguna faena cansada y aburrida. También puede ser un regalo más concreto y físico. Cualquier cosa dada y recibida así, sin más protocolo que el gusto de compartir y ver a tu amigo contento es motivo de celebración. La amistad existe, y yo lo considero un tipo de amor. Y por ello y sin duda, es algo que hay que celebrar como lo más intenso y positivo que uno puede encontrarse por su paso por esta vida.

Ayer Javier -djleon- , así como lo describimos, me regaló un celular activado y con crédito (incluso con la batería ya cargada todo un día). Yo había dejado este asunto del celular a un lado durante mucho tiempo. Pero claro que me hacía falta, con una esposa y una hija de las que soy responsable, seguro que necesito estar 100% comunicado a toda hora. No sólo eso, sino también a nivel profesional cada vez era mucho más indispensable un instrumento de comunicación como ese.

Muchas gracias, Javier. Pero sobretodo gracias por ser un amigo y saber serlo de la mejor manera.

Mozilla/Firefox/Thunderbird Downloaded File Content Disclosure Vulnerability

There are vulnerabilities on both, the dark and the bright sides (Who are on the bright side?). It’s software. The difference resides on how long does a company or an open source group have taken security for real.

Martin has reported a vulnerability in Mozilla, Firefox, and Thunderbird, which can be exploited by malicious, local users to gain knowledge of sensitive information.

Read the original Secunia - Latest Secunia Security Advisories post.

Doom Movie in Production For Aug 2005 Release

 Well, I think Doom is the one and only computer game I played, and played too much. I can’t wait for the premiere.

Lord Prox writes "Doom: The motion picture is now in production from Universal Pictures for a release date of August 5, 2005. According to IMDB the cast includes The Rock, Rosamund Pike, Razaaq Adoti, Ben Daniels, and Karl Urban. The plot and setting is right from the game."

Read the original Slashdot post.

US Washington Post backs Kerry

US presidential candidate John Kerry has received the official backing of the influential Washington Post.

Podcasting

Today (although I’m sure it isn’t a very new concept) I discovered what is known for podcasting. Here you can find a very illustrative guide to podcast.

The simple idea behind it is to post MP3 as a RSS 2.0 enclosure. A very cool thing about postcasting is that it allows individuals to publish (podcast) radioshows, that interested listeners can subscribe to. Before podcasting you could of course record a radio show and put it on your website, but now people can automatically receive new shows, without having to go to a specific site and download it from there. Or instead of remembering a conversation you can podcast it.

RFID Passports

As almost any bad idea about security, this one also comes from the Bush Administration: Promoting RFID Passports. A RFID passport would broadcast your ID. It will be readable by any RFID reader. Read more about it on this post of the Bruce Schneier blog.

Thanks Arcadi for the typo observation.

IE 6.0 + XP SP2 Vulnerability

This has been published by The SANS Institute.

A new Critical Vulnerability has been detected over IE 6.0 + XP SP2. One of Microsoft's patches from last week already has been worked around by hackers, at least on some platforms.

 

HIGH: Internet Explorer Drag and Drop Vulnerability

Affected:

Internet Explorer 6.0 on fully patched XP SP2

 

Description: A variation of the "drag and drop" vulnerability has been reported that may be exploited to compromise a Windows client via a malicious web page or an HTML email. The exploitation proceeds as follows:

(a) A specially crafted HTML "style" sheet is used to access a local folder on a Windows client.

(b) An IMG element with its "src" set to a filename (without any extension) is dragged and dropped to the local folder opened in step (a). IE's cumulative patch MS04-038 released last week prevents an IMG element with its src set to an executable file from being dragged.

However, the patch does not prevent the "drag and drop" of an image with the src attribute set to other file formats such as pdf, xml etc.

Further, if no extension is used for the IMG element's src file, IE automatically creates a file with the file type extension after the drag and drop operation. Thus, an attacker can create a malicious file with a ".htm" extension on the client's local file system.

(c) The malicious HTML file is invoked via the HTML Help ActiveX control (hhctrl.ocx). This leads to execution of arbitrary code on the client system.

A proof-of-concept exploit has been publicly posted. The PoC exploit demonstrates how to use "ADODB.recordset" object to write arbitrary files on the client's local system. Although this exploit requires user interaction, it may be possible to rewrite the exploit such that no user interaction is required. Note that the Akak Trojan exploited the earlier variation of this vulnerability in the wild.

 

Status: Microsoft has not confirmed. An unofficial fix has been posted that sets the kill bit for the "Shell.Explorer" ActiveX control. This control is responsible for displaying the folders in IE. Setting the kill bit prevents displaying any folders, and prevents exploitation via the published attack vector. The fix can be downloaded from: http://www.pivx.com/research/freefixes/neutershellexplorer.reg

 

References:

Posting by http-equiv

http://archives.neohapsis.com/archives/ntbugtraq/2004-q4/0078.html

Posting by Thor Larholm

http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0754.html

SecurityFocus BID

http://www.securityfocus.com/bid/11466  

Great cartoons and a worthy post from Electoral Vote

Regarding the presidential election I’ve found this collection of cartoons from Electoral Vote. I think you will enjoy them as I did. BTW, I read Electoral Vote on a daily basis (through its RSS feed), and like it a lot. On Friday, at the bottom of their daily post-article they published a very simple, but informative, sensibility analysis about the undecided voters and their impact on the election result. In the same article they talk about the Supreme Court and the age of its members and the high probability of the vacancies within the next four years. They comment about the appointments that the next president will make to the SC. Just think about the appointments Bush have make to the appellate courts…

100 facts, 1 opinion

Some of these 100 facts feed my opposition to Bush reelection. I support 100% the opinion stated at the bottom of the article.

IE Exploit Lets Attackers Plant Programs on SP2

Well, I thought I will never blog about XP SP2. Whether it has slowed down (dramatically) my PC or not, I think is a matter of coincidence of configuration plus software installed on my PC, I need more data in order to blog something worthy to read. But, this is a fact and a guess (I don’t think it’s a very clever one, all software have bugs [both from design and implementation]) I did some moths ago: SP2 won’t alleviate all the problems MS claims to. On Wednesday, eWeek published an article letting us to know some flaws in it.

Microsoft: 106 Million SP2 Copies Distributed

There is a huge discussion about XP SP2, so I won’t enlarge it anymore. But we should know that according to Microsoft, there have been 106 million copies of Windows XP Service Pack 2 (SP2) distributed since August 6.

Google doubles profit year-over-year

I really like this company.

In first report as public company, search giant posts third-quarter profit of $52 million, thanks to booming online-ad revenue.

Read the original article at CNET News.com