Month: April 2007

Alaska

Seward trip

We just got back from a few days in Seward, and it felt great to get out of town and spend some time on the beach. Our cabin was right on the beach (I highly recommend Angel’s Rest cabins) and we were able to watch sea otters, sea lions, whales and countless sea birds right out the front windows.

We took a short 1/2 day whale watching cruise, (the whole day cruises don’t start up until tourist season actually begins) and even though we saw more wildlife from the cabin than we did on the boat, it felt good just to be out on the water.

Cabin-from-the-water.jpg View-from-cabin-window-2.jpg View-from-cabin-window-1.jpg

Community

WHATWG Pitches HTML5 to W3C

The Web Hypertext Application Technology Working Group (WHATWG) has sent a Proposal to Adopt HTML5 to the HTML Working Group of the WorldWide Web Consortium (W3C).

HTML5, currently in working draft status is comprised of the Web Apps 1.0 and Web Forms 2.0 specifications. While the W3C XHTML2 Working Group has just been chartered in March 2007, with a goal date for completion of December 2009, the work of WHATWG on the HTML5 recommendation has been ongoing since 2004 and has support from Apple, Opera and Mozilla. In explaining the relationship between XHTML2 and HTML5 the Web Apps 1.0 draft has this to say:

1.3.4. Relationship to XHTML2

This section is non-normative.

XHTML2 [XHTML2] defines a new HTML vocabulary with better features for hyperlinks, multimedia content, annotating document edits, rich metadata, declarative interactive forms, and describing the semantics of human literary works such as poems and scientific papers.

However, it lacks elements to express the semantics of many of the non-document types of content often seen on the Web. For instance, forum sites, auction sites, search engines, online shops, and the like, do not fit the document metaphor well, and are not covered by XHTML2.

This specification aims to extend HTML so that it is also suitable in these contexts.

XHTML2 and this specification use different namespaces and therefore can both be implemented in the same XML processor.

It will be interesting to see if the WHATWG proposal is taken as the HTML Working Group, like the XHTML2 Working Group, was only chartered in March of 2007, and as such, failure to adopt the proposed HTML5 draft would mean the need to reinvent the wheel.

Technorati Tags: , , ,

OS X

Boot Camp + Parallels + XP = Validation Nightmare

I have been running XP (WinXP Pro, SP2, retail version) under Parallels for a bit, and decided I wanted to give the Boot Camp with Parallels option a try. After finding some rather lengthy and questionable instructions on moving a Parallels image to a Boot Camp partition I decided to go the clean install route.

I deleted my Parallels XP image (and subsequently ended up wishing I hadn’t) and used the Boot Camp assistant to set up my hard drive and install XP. I got XP set up and running, but had to call Microsoft to get it ‘activated’ since it saw it as a new install. Once that was taken care of I installed Office, and got the same kind of headache there – where the key wouldn’t work, because it said it had been installed on too many machines. I decided to leave that be for the time until I felt like waiting on the MS phone queue again.

I rebooted into OS X and loaded my now ‘active’ and ‘valid’ Windows XP under Parallels. As soon as it booted it gave me the message that I had 3 days to activate it as the hardware had changed significantly and it was no longer valid. I ddn’t feel like fighting it so I closed down Parallels and rebooted into XP where, surprise, I got the 3 day warning again!

So not only does loading the same image in a VM result in XP thinking it isn’t a valid copy, but it changes something in the registry somewhere, so that booting back into natively results in the same thing. I thought the concept of hardware profiles would help with this sort of thing, but apparently not. This is something that MS needs to address sooner rather than later as multicore machines make virtualization more common and loading a native image in a VM becomes a more common way of doing that.

An interesting side note: I got fed up with the whole validation issue and removed the XP partition and re-installed XP under Parallels the same way I did originally. I expected the phone calls for the XP key and the Office key etc, etc – but, it just accepted the keys and validated no questions asked.

Technorati Tags: , , ,

Apache

Getting the latest and greatest

I love (almost) everything about my new Mac. From a hardware standpoint I am ecstatic. The operating system is very nice (although I wish I could have waited until 10.5 so I could have multiple desktops like every other *nix variant.) The bundled tools are, for the most part, useful and usable – with one exception: the versions of Apache and PHP included.

Sure, there are plenty of people out there hosting on Apache 1.3.x and still plenty more using PHP 4.x – but I’m not one of them. At the very least I need to have a working Apache 2.0.x and PHP 5.x so I can test before deploying on my production server. There are plenty of guides online to add Apache 2.x and/or PHP5, but nothing on replacing the defaults. While I am all ok with testing on multiple versions, the multiple versions I would rather test on would be 2.0.x as default and 2.2.x as the upgradeability testbed.

I’m sure there is a way to do this, I just have to find it …

Technorati Tags: , ,

Parallels

Working in Coherence

I just have to add a quick note here – I love the way Coherence in Parallels works! The fastest way I’ve found to test pages in multiple browsers. You’ll notice I’m testing a page in OS X in Firefox, Safari and Opera, while also testing in Win XP in Firefox, Opera and IE 7. It helps having the Windows apps show up in the dock, too.

snap-1-halfsize.jpg dock-1.jpg

JavaScript

Web 2.0 Attack – AJAX Vulnerable to JavaScript Hijacking

A white paper from Fortify Software outlines a major Web 2.0 Vulnerability. According to the white paper, all current frameworks that use JSON for data communications are vulnerable. They have released the information to all the major framework developers so that this can be addressed within the AJAX frameworks. They noted, however, that one quarter of the participants in an AJAX survey hosted by Fortify did not use any framework at all. Fortify recommend a two-pronged mitigation approach:

  • Include a hard-to-guess identifier, such as the session identifier, as part of each request that will return JavaScript. This defeats cross-site request forgery attacks by allowing theserver to validate the origin of the request.
  • Include characters in the response that prevent it from being successfully handed off to a JavaScript interpreter without modification. This prevents an attacker from using a <script> tag to witness the execution of the JavaScript.

Computer Business Review has a more extensive write-up available.

Technorati Tags: , ,