What's That Noise?! [Ian Kallen's Weblog]

All | LAMP | Music | Java | Ruby | The Agilist | Musings | Commute | Ball
« Previous page | Main | Next page »

20040522 Saturday May 22, 2004

Secure Blog Pings The spammers are onto us. They realize that they can inject their undesired noise into the stream.

If you want to have the appearance of having lots of attention on the net, the barrier to entry is not terribly high. Install some blog software, setup a five or six blogs that link to your site about lonely, sexy milfs in your area, octane booster for your libido and deals-of-the-century for mortgages and [badda-bing!] make a thousand DNS entries for each of these blogs. Then, whenever you update your handful of blogs with your wonderful content, programmatically ping all of the wonderful recipients of update notifications and.... [drum roll]

Ta-da!

You've spammed the blogosphere.

It's my considered opinion that this problem is going to continue to swell as more spammers catch on. As anyone who's had a friend descend into a Mister-Hyde's-gone-AWOL-on-a-heroin binge dirtball can attest, low life scumbags are often quite resourceful. We've already seen that demonstrated contending with comment spam. The underlying problem is that the event capture engines promiscuously accept anything into the stream. It's as bad as having an open relay in the SMTP universe... millions of mail servers in Asia and Eastern Europe can't be wrong!

Blog posts can be fingerprinted and checked for duplication but next thing you know, we're going to require bayesian filters -- I can easily imagine how to defeat the duplication checks; to catch a criminal, you have to have the capacity to think like one, I suppose. Weblogs.com already makes sure it doesn't take a ping for the same blog too frequently within a duration of time, but that doesn't address any issues concerning authenticity.

Anyway, the underlying problem with SMTP is that you can pretty much claim to be anyone and send mail to everyone when the SMTP server is an open relay. By extension, the ping stream suffers from the exact same problem.

I propose that the ping services become a network of trust. Pings should be identified with secure tokens; one way cryptographic hashes with regularly expiring keys would keep just about everyone except the NSA from anonymous pinging. Those found abusing the ping stream could have their ids revoked. That way, the only events making it into the ping stream would be known and identified entities. I believe that the earlier this is put in place, the sooner the blogosphere can wall itself off from purveyors of canned pork by-product products. ( May 22 2004, 05:32:34 PM PDT ) Permalink


UFO tribute a la Pearl Jam Some of my favorite noise is old UFO, and apparently I'm not alone.

Last week (May 14, 2004), according to a report from The Umlaut, Mike McCready from Pearl Jam gigged at The Showbox (Seattle, Washington) in a tribute set that included classic Aerosmith and UFO:

  1. Doctor Doctor
  2. Lights Out
  3. Too Hot To Handle
  4. Shoot Shoot
  5. Loser
  6. Rock Bottom w/Spinal tap tease
  7. Sick As A Dog (Aerosmith)
  8. Nobody's Fault (Aerosmith)

Sounds like an old time style Headbangin Hoe-Down! ( May 22 2004, 09:47:02 AM PDT ) Permalink


20040521 Friday May 21, 2004

Bill Gates' Clue Inkling (But Only An Inkling) I suppose sooner or later it was inevitable that the swarm of motion in the blogosphere might cause a wobble in The Borg's orbit.

Bill Gates stood before a crowd of top CEO's and waxed on about where he see things going. Now, if you'd read any of his drivel (like The Road Ahead) where he positions himself as a technocaster, you know that at least half the time, he's full-o-crap. But that doesn't matter when you're the richest schmuck on this rock, does it?

"Another new phenomenon that connects into this is one that started outside of the business space, more in the corporate or technical enthusiast space, a thing called blogging. And a standard around that that notifies you that something has changed called RSS."
Bill, RSS and notifications are orthogonal. Don't you have a technical editor review your speeches before you get to the podium? RSS is a confined set of metadata. Period.

What would Bill blog? Posts about how great SCO is? How much he hates Mac OS X cause it's so much better than anything he'd come up with? ( May 21 2004, 02:21:27 PM PDT ) Permalink


20040520 Thursday May 20, 2004

Neifi Perez Hits A Home Run What's the world coming to when the Giants' sluggers are slumping and mister shallow blooper hits a two run home run?

Neifi Perez has only hit five home runs since 2001. I mean, he's a great infielder but perhaps the threat of having Pedro Feliz become the everyday SS was enough to awaken his inner-slugger. This was their game to lose and for a while there, it looked like that might be the it was gonna go. But here ya go:

  Runs Hits Errors
San Francisco Giants 5 10 1
Chicago Cubs 3 8 0
( May 20 2004, 02:43:50 PM PDT ) Permalink


Identifying Blog Index Spam If there's a burst of new links to a URL, it could mean either something very interesting is happening there or perhaps it's blog index spam.

Does the blogosphere need a "report this url as spam" service where any blogs that link to it are immedately suspect? Perhaps a points system... if a blog has legit URLs than the links to spam that have managed to get inserted into the content will should score as strongly. Perhaps this is case for Vote Links as my colleague Kevin Marks will assert. ( May 20 2004, 11:50:08 AM PDT ) Permalink


Blog Index Spammers Must Die! What will they think of next? I wrote a little application to keep an eye on what's under discussion in the blogosphere on a particular topic and next thing ya know, some bozo has posted hundreds of clone blogs to stuff the search index.

Last night at the Technorati Developer's Salon I showed off something I wrote that uses Technorati's API, Who's Talking About The San Francisco Giants, Powered By Technorati. It uses Technorati's search and bloginfo APIs and orders the most recent results by the blog's rank. Lo and behold this morning, there's some bastard who owns the mooseblogs.com domain who has hundreds of aliases pointed to the same blog postings for buying/selling tickets. Among the events mentioned are tickets for the San Francisco Giants, thus killing the usefulness of the search index. The whois specifics for this bastard looks like this:

Registrant:
   WAI
   10105 W. 126th Terr
   Overland Park, Kansas 66213
   United States

   Registered through: GoDaddy.com
   Domain Name: MOOSEBLOGS.COM
      Created on: 02-Apr-04
      Expires on: 02-Apr-05
      Last Updated on: 04-Apr-04

   Administrative Contact:
      Walls, Tom  twalls@kc.rr.com
      WAI
      10105 W. 126th Terr
      Overland Park, Kansas 66213
      United States
      9134848289      Fax -- 
   Technical Contact:
      Walls, Tom  twalls@kc.rr.com
      WAI
      10105 W. 126th Terr
      Overland Park, Kansas 66213
      United States
      9134848289      Fax -- 

   Domain servers in listed order:
      NS1.ABAC.COM
      NS2.ABAC.COM
So if any kind readers in Overland Park, Kansas would like to pay a visit to 10105 W. 126th Terr and kick the perpetrator's ass, the world would probably be a better place for it. I'll loan you a Barry Bonds bat to help get the job done. ( May 20 2004, 10:58:26 AM PDT ) Permalink


20040519 Wednesday May 19, 2004

Thermonuclear Pitching Randy Johnson throws a perfect game in Atlanta and Jason Schmidt pitches 9 innings of one-hit baseball. Are the planets in an unusual alignment?

It's about time the Giants show some life in their play. Sad that it was still only a one-run game, the offensive anemia long ago crossed the threshold into patheticness. Thank goodness the Dodgers have dropped five in a row; the Giants are only seven games behind them in the standings! Someone tell Alou to get a clue: ditch Dustin Mohr or Deivi Cruz and bring Brian Dallimore back in the line-up! ( May 19 2004, 09:36:40 AM PDT ) Permalink


20040518 Tuesday May 18, 2004

Speaking of outing, Bill Gates uses Mac OS X Well, they do develop applications for the Mac platform.

But it's still funny to see it captured in a snapshot. Wondering what he's thinking about, "Maybe if virii were written with a portability layer, these suckers would get infected too... hrm" ( May 18 2004, 03:36:35 PM PDT ) Permalink


Keep It Real, JBoss The blogosphere is abuzz with the apparent exposure of the JBoss groups' shadowy marketing tactics. Are they really skulking around pretending to be a fan base when in fact they were posting about themselves?

The signal to noise ratio on TheServerSide's Forum have never kept me glued to the conversations but they recently outed users who share locations, which hopefully, by reducing anonymity, will raise the signal level a bit. Though recently enriched with a $10M investment from Intel, the JBoss group may have to spend some of the funds earmarked for engineering on PR instead. There's certainly no shortage of bile being offered for one of the most ambitious open source J2EE code bases, is there? "Anonymous Fakers!" declares Mike Spille. Lots of downloads evidently doesn't translate into lots of love.

Is this a redux of the fraudulent reviews on Amazon thing?

I'm wondering now if the comment-throughput on all of these blogs hosted on jroller.com have crashed their server; those blogs were inaccessible for a while today. Ya know, JBoss can run embed Tomcat as its web container (the server identifier says "Apache-Coyote/1.1" which in all likelihood is Tomcat). Hah, maybe they're running on JBoss!

OK, probably not. But nothing is shocking, is it? ( May 18 2004, 03:20:33 PM PDT ) Permalink
Comments [1]

20040516 Sunday May 16, 2004

objects versus ad-hoc data structures in PHP I'm in the midst of changing how a complex data structure is defined. This data structure is returned from a user defined PHP function (i.e. not built-in to PHP or one of its extensions) and the semantics of how the data should be populated needs to change. The quick-n-dirty hacker in me appreciates how easily the data can be assembled and assigned values but my inner object oriented programmer bristles at the kind of mess that has ensued.

There are tons of books from all of the usual suspects (O'Reilly, Wiley, SAMS, etc) about how to program with PHP but leveraging its crude support for OOP and employing best practices around that is seems to be pretty thin in all of the literature I've reviewed. The discussion I've seen on the web about object oriented PHP have also seemed weak; the commenter's who snivel about how complex OOP with PHP is underscore how toyish the use of PHP seems to be in many projects.

Before sending mail or posting comments insulting me for not appreciating PHP's simplicity, make sure you tell your Perl programming friends as well. I've been an adherent to OO in Perl for a number of years (though admittedly fell out of practice while my work was J2EE based) -- my gripes about prevelant practices amongst Perl programmers would be similar the above critique of PHP. In Perl, if you have a big blob of data and you want to find out what the heck is in it, you pretty much have to rely on Data::Dumper or, in PHP, print_r and then pick-apart the output to suss the structure that was created. Perl's man pages have several entries about lists of lists and and a data structure cookbook and so forth but the value of defining objects that provide a structural representation of the data (and of course, semantics) are too often overlooked in real software projects. If the changes I'm currently working on implementing had been using an instance of a class, I'd be looking at the object interface and making changes to the method calls. Instead, I'm looking at a big tangle of opaque data structures.

I could go on and on about how must PHP literature closely binds business logic and UI logic and the hideous morass that that creates, but I guess I already griped about that sufficiently in my high level rant about J2EE versus PHP. <sigh>

The code base I'm currently working on has a long way to go before the business data is captured in clear class definitions and there's a greater level of transparency into the relationships of the things within the application, but we'll get there. ( May 16 2004, 09:46:10 AM PDT ) Permalink


20040430 Friday April 30, 2004

Randomizing a list Needing to to randomize the contents of a Perl array, I was just about to write the code myself but decided to snoop around CPAN first. Lo and behold, I found that there was something in the Perl distribution already that did what I need.

As of Perl 5.8, there's a module in the standard library with a boat load of things you need to with a list from time to time. It was nice to stumble upon the List::Util class; it's got a method called shuffle that does the trick. Here's an example of getting a randomized list using shuffle: 


use List::Util 'shuffle';

my @list = ('a'..'z');
my @shuffled = shuffle(@list); 
# @shuffled is randomized, @list is unchanged
print "@shuffled\n";
There are more useful methods like min, max and sum that should make dealing with aggregations of values much easier. ( Apr 30 2004, 11:45:45 PM PDT ) Permalink


20040426 Monday April 26, 2004

Giants Beat The Braves! It's been a rough couple of weeks but having the Giant's hold back the Braves tonight is a good lift. Schmidt's obviously not at his best but even so, they did it.

We'll take these one-run games if that's all we'll get -- after some of the recent beat-downs from the SoCal division rivals, it's fine to just squeak by for the time being. What I'd like to see is Woody restore his good name, get a strikeout or two and maybe give the G's a little momentum with a win tomorrow. But for tonight, hat's off to V-rod and Herges for keeping them at bay in the end

Let's go Giants!

( Apr 26 2004, 10:17:00 PM PDT ) Permalink


It's not just far out, it's Groovy Does the programming world need another scripting language? There's already a ton of them and they all have their pros and cons and their adherents and detractors. Well, kick down your cobblestone and look for some fun: now there's Groovy.

I've always enjoyed the expressiveness and rapid development qualities of Perl, Python and Ruby. However, the proliferation of Perl's obscure idioms and linear of scripting tendencies of many of its users is enough to make you shudder. The absence of semi-colon statement delimiters is enough to always make me feel like I've forgotten something with the latter two. Then there's function-crazed languages like PHP and Tcl. Maybe the world does need a clean break from it all? Well, Groovy is definitely a departure of sorts. It looks a little like Ruby and a little Java with a dash of JSTL but not entirely like any one of them. And it compiles down to ye olde JVM's bytecode.

The Groovy website is loaded with examples for using SQL and writing servlets (um, make that "Groovelets") using the Groovy syntax. Support for regexp and xpath matching is in there. Reading through it, I'm impressed with the familiarity and yet the newness of the syntax. But I can't help wondering if I'd really use it to build any substantial software. In many respects, it took Java so long to mature as far as lots of those little things that matter to me like regexp support, cached prepared statements in the JDBC API and the various jax-foo API's -- all good stuff but a long time coming. So why start using Groovy?

Well, I thought of one place where I'd imagine using Groovy. When collaborating with GUI implementers on the web tier of an application, I have in the past found myself working hard to keep the communications loop tight between those dealing with the markup and the tags and on the other end those dealing with Action classes, servlets and filters. "The MonkeyBean has a Collection of Bananas... you can iterate over each of them to access their Peels..." Wouldn't it be nice if the folks working with the markup and tags could write their own beans and actions without having to know all of that Hard Java Stuff? Well, maybe. I mean if they're implementing a lot of the display logic with JSTL, why not give them an easy entry into the data-centric modules that the JSTL accesses?

Well, I don't know but I'm willing to be open minded about it and I guess the powers that be in JCPville are as well; Groovy has it's own JSR. There are a lot of important check-off items already in place:

The latter two are really important when your practicing continuous integration. Other stuff like XML-RPC support and embeddability, that's all nice too.

I can see the why Groovy might be more attractive that Jython or something like that that uses the JVM but isn't native to it. On the other hand, if I didn't know better were I hiring an engineer (and I'm not, please, no phone calls) and a candidate had "Groovy" listed on their resume, I might pass them by as a goofball. Although, knowing what I do now about what Groovy may potentially be good for, I might put that resume on top of the file.

I think I feel a song coming on:

Slow down, you move too fast
You got to make the morning last
Just kicking down the cobblestones
Looking for fun and feeling groovy
Ba da da da da da da, feeling groovy

Hello lamppost, what'cha knowing
I've come to watch your flowers growin'
Ain't cha got no rhymes for me?
Doo-it in doo doo, feeling groovy
Ba da da da da da da, feeling groovy

I got no deeds to do
No promises to keep
I'm dappled and drowsy and ready to sleep
Let the morning time drop all its petals on me
Life I love you, all is groovy

  59th Street Bridge Song

Sorry, I got carried away there. I couldn't help myself. ( Apr 26 2004, 09:25:52 PM PDT ) Permalink


20040425 Sunday April 25, 2004

New Toys: Treo 600 I recently received a brand spanking new Treo 600 PDA/phone and it's da bomb!

Due to some recent changes in my circumstance, I need to be available for SMS messaging across different carriers as well as by phone. The Treo 600 is chock full o' goodness: PalmOS means that it can run Top Gun SSH, it unites my palm address book with my phone (it's all in there) and the color display is excellent. The built-in web browser, Blazer, is good enough (but um, I'm not posting this blog entry from it); there's no built-in GPS but if you know where you are, you can always pull up a map to get you the rest of the way. The built in camera is, um, adequate. I mean, I wouldn't take the kodak-moment family photos with it, you're keepers warrant a real camera but hey, just to get a quick n' dirty photo, it'll work.

One word of caution I've received is that the wrong combination of 3rd party PalmOS apps can break it pretty badly. The recommendation I have is to get an sd/mmc flash card and a backup utility that will backup a full image of the OS and apps. Sounds reasonable; it'd really suck to crash your phone into a state where you'd lose everything. The other thing that is kinduva a let down is the lack of bluetooth. I'd heard that the Treo 610 with bluetooth would be out by April but obviously it's the 25th; we're still waiting. I would really like to synch this puppy up without a USB dongle but life's just unfair sometimes. Anyway, SprintPCS seems committed to not carrying phones with bluetooth capabilities (bastards), so I'm not gonna hold my breath.

I haven't been this excited by a PDA since I used OmniSky on a Palm V a few years back. In retrospect, that was pretty sucky but the high geek factor made it a lot of fun. I think this Treo gonna be fun and useful on a much more enduring basis. ( Apr 25 2004, 08:11:16 PM PDT ) Permalink


20040421 Wednesday April 21, 2004

Container? I don't need no stinkin' container! There's no denying it. A Boston Tea Party is swelling against Sun, the JCP and the way Java API's have been handed down from that Cathedral. Look at all of the bitchin' publications that've cropped up in the last few weeks and are expected in the coming weeks and months

Object-relation mapping without the container
A quick rundown of Hibernate, Spring Framework based transaction management plus a side order of DbUnit; more fun than you can shake a stick at.
Hibernate: A Developer's Notebook
O'Reilly has posted a sample chapter with a simple Hibernate example.
Hibernate In Action
The publish date on this is now listed as August 2004; I thought this was coming sooner but nonetheless seeing as how it's from the horses mouth, it should be a good read.
Java theory and practice: Coaxing J2EE out of the container
Projects like Somnifugi JMS blur the boundary between J2EE and J2SE
Discusses using JMS, JNDI and JMX for J2EE outside of the EJB container.
Expert One-on-One: J2EE Development without EJB
From the Spring Framework creator, Rod Johnson follows up on his fine 2002 publication "Expert One-on-One: J2EE Design and Development"
That's just the activity that's bubbled up through The Establishment. The J2EE blogosphere and TheServerSide is effervescing with stuff about Velocity, Tapestry, Jython, Java Groups, Pico, Hivemind, iBATIS and so on week in and week out. Struts and Ant are probably the prime examples of de-facto standards arising from outside of Sun but Hibernate has certainly opened everyone's eyes to the notion that the blueprints and the pet store aren't ominpotent and in fact, the whole "work inside our container API's and let the magic get handled for you" concept is pretty limited.

The bottom line for me is: I want to be able to easily test stuff outside of the containers and the mandatory interface implementations. Traditional J2EE, the practices promoted around it and the tools provided haven't accounted for that requirement. So the grassroots have.

Sun, consider yourself put on notice!

Due to space constraints, I couldn't get into it in my article about AOP (Aspect Oriented Programming: An Introduction) earlier this month but as I was looking around the landscape of AOP implementations and the related technologies (i.e. Inversion of Control) it's become increasingly apparent that Hibernate, Spring and an array of other projects that've gained momentum from the grassroots level are really the important story this year in J2EE, not Java Server Faces or EJB 2.1 or EJB 3.0 -- the J2EE developers in the trenches are tired of Sun groping around trying to get it right and they're pressing ahead with real-world solutions without Sun's official blessing. If useful standards can arise out of the open source ecosystem, then Sun's JCP, the insular and opaque JSR working groups and the Decisions From On High about what's important at JavaOne are likely to see their relevance ebb.

Hasta La Vista, Baby

( Apr 21 2004, 11:31:18 PM PDT ) Permalink
Comments [2]