Blackmoor Vituperative

I currently am owed about $4000 from two clients that haven’t paid. One paid half up front for a web site, and I have been trying for a month to turn the web site over to them and get the other half of my payment, and they keep putting me off. The other client, for whom I did some programming work, bounced a check for $2000 three weeks ago, has promised to pay that and the rest of what they owe, but hasn’t paid yet, and never answers their phone or email.

I am pretty close to shutting down the first client’s web site, and turning over the second client to a collection agency. I think I will wait until Monday and try to get somewhere with each of them one more time before I do that.

Why won’t people honor their agreements?

I got my start in computers by writing small applications in Basic, and then Visual Basic. In the late 1980s, I wrote a program that backed up selected directories by copying them, zipping them up, and writing them to floppy disks. In the early 1990s, I wrote macros to integrate PGP and Microsoft Word. I also wrote a reasonably popular dice-rolling program (I was one of the first few thousand people to do so). However, I got my start working in IT by doing web design. My friend Nathan told me about NCSA Mosaic in early 1993, and within two months of the release of Mosaic, I was creating web pages. (It still amazes me that the web took off like it did — I just thought it was a neat toy.)

I eventually migrated from what I call “front end” work (the part of a web site people can see), to “back end” work (the stuff behind the scenes that actually makes a web site work — setting up databases, writing scripts, managing servers, and so on). One reason for this is that I am not a graphic designer — I am simply not an artist. Another reason is that as more people learned how to do “web design”, I could maintain my value by doing something more difficult (difficult for other people; not necessarily difficult for me).

However, the number one reason I moved away from web design and toward back end work is because I had too many web clients who made my job difficult. Not all of them. Perhaps not even most of them. But a lot of them. What do I mean by “difficult”? I mean this.

I am wrapping up my current web project, Perfect Pets. It’s not the most complex or difficult project I have ever worked on, but I think it may be the prettiest. I like this kind of project: Perfect Pets is a small, family owned store, and in my own modest way, I am helping them stay relevant in an era of heartless corporate monoliths and brutal international competition. I wish I could work on projects like this one more often.

It’s 21:00. My cat is asleep on the couch, and my sweetheart is asleep in the bedroom. I would be in there, but I am working on a web project for a pet store. Still, there are much worse ways to spend a Sunday evening.

We saw the movie Kick-Ass today. It was not a perfect movie, but I enjoyed it. I prefer to think it takes place in a universe much closer to the one where Peter Parker lives than the one where I live. It would be a little too sad to think it takes place in my world. I mean, either Hit Girl is a sociopath or she’s been so mentally traumatized by her father that she may as well be. Think Dexter, but a whole lot more enthusiastically blood-thirsty (and acrobatic).

Kick-Ass reminded me of another semi-realistic superhero movie we saw recently. We didn’t see this one at a movie theatre: I bought it for two dollars at the thrift store. I’d never heard of it, and it piqued my interest. The movie is called Special. Check it out. Put it in your Netflix queue. It’s a low budget indie movie, but it’s worth watching. Be warned: the DVD cover slobber makes it sound like a comedy. The phrase “laugh out loud funny” is used prominently. This is not a comedy. There are no jokes. I would go so far as to say that not a single “laugh out loud funny” thing happens in the entire movie. It is not a comedy, and in my opinion, it was not intended to be.

I use MediaWiki for a few web sites (Warlords of NUM and WestGuard, for example). Unfortunately, some lowlife scum like to post spam about luxury watches or viagra or whatnot on these sites, so I need to lock them down to prevent this.

The simplest way to do this is to 1) disable anonymous editing, and 2) disable account creation by anyone other than a sysop (which is to say, me). The MediaWiki manual explains how to do this (and a great many other things), but I thought it might be help for folks if I posted just those specific instructions here, since I think this is a common request for those using MediaWiki.

Simply add the following lines to the end of LocalSettings.php with a text editor such as Notepad++ (do not use Windows Notepad — use a real text editor):

## Customized settings begin here

# Disable anonymous editing
$wgGroupPermissions['*']['edit'] = false;

# Hide user tools for anonymous (IP) visitors
$wgShowIPinHeader = false;

# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;

And that’s that. You will probably also want to add a custom “wiki.png” logo. If so, you should add the path to it, like so (you will, of course, need to upload it to your site first):

## Customized settings begin here

# Custom logo
$wgLogo = ‘http://www.mymediawikiwebsite.org/skins/mycustomskin/wiki.png’;

# Disable anonymous editing
$wgGroupPermissions['*']['edit'] = false;

# Hide user tools for anonymous (IP) visitors
$wgShowIPinHeader = false;

# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;

And there you go.

Adobe Systems has announced its plans to open-source its Flex Web development framework.

The San Jose, Calif., company is releasing its Adobe Flex source code to the open-source community to enable developers throughout the world to tap the capabilities of Flex and participate in the ongoing development of the technology.

Flex is a framework for building cross-operating system RIAs (rich Internet applications) for the Web and enabling new Adobe Apollo applications for the desktop, the company said.

“We’ll be open-sourcing Flex with the next release of the technology, which is code-named Moxie,” said Jeff Whatcott, vice president of product marketing in Adobe’s Enterprise and Developer Business Unit.

Whatcott said Adobe will introduce the first public pre-release version of “Moxie” in June, “and we’ll be providing public daily builds of the technology starting at that time. We’ll also be launching a public bug database, so it’ll look, act and feel like an open-source project” even then.

However, the technology will not be open-sourced until “Moxie” is released in the second half of 2007—most likely in the fall, Whatcott said.

Upon release, the open-source Flex software development kit (SDK) and documentation will be available under the MPL (Mozilla Public License), Whatcott said.

Using the MPL for open-sourcing Flex will allow full and free access to source code, and developers will be able to freely download, extend and contribute to the source code for the Flex compiler, components and application framework.

Adobe will also continue to make the Flex SDK and other Flex products available under their existing commercial licenses, allowing both new and existing partners and customers to choose the license terms that best suit their requirements.

Whatcott said the MPL “strikes a good balance” for developers, particularly those who want to take a staged approach to working with open-source technology.

“This is the culmination of a long path toward opening up Flex,” Whatcott said.

(from eWeek, Adobe Open-Source Move Sets Showdown with Microsoft)

I have it on good authority that Flex is going to be the Next Big Thing. If you like to stay abreast of web technology, this is the time to start gearing up with Flex.

Silverlight isn’t even an also-ran.

Adobe Systems has announced the first public alpha release of Apollo, its cross-operating system run-time for Web developers.

The technology is available on the Adobe Labs site.

So… is this good, or evil? I hate to say it, but it sounds to me that Adobe wants to do what Macromedia wanted to do and nearly succeeded in doing: subverting the Internet and turning it into their proprietary product. But I will have to do more research before I make up my mind.

As the number of Web applications grows so does the number of vulnerabilities introduced. Failure to follow proper coding guidelines can expose an organization, its employees, and its customers to malicious attacks.

This is the first in a series of articles in which I explore the Open Web Application Security Project (OWASP) Top Ten and how the OWASP recommendations for dealing with the identified vulnerabilities can be integrated into your Software Development Lifecycle.

(from TechRepublic.com, Lock it down: Use the OWASP Top Ten to secure your Web applications — Part 1)

This is good stuff. Check it out.

Apart from the actual security provided by digital certificates in a Web environment, in terms of encryption of data and authentication of participants, they are meant to be a confidence-boosting measure.

That little lock icon in the browser and the “https” in the address tell the user that the communications are secure. Users can also click through some dialog boxes linked from the icon to see specifics of the certificates for the site they are viewing and make a decision about the authenticity of that site. Of course, 99% of users never do any such thing, and probably very few even notice the relatively obscure lock icon.

Even the value of the lock icon has been diminished lately. There have been recent examples of scammers obtaining a certain kind of SSL certificate, called a domain-authenticated SSL certificate, that can be obtained with very little in the way of verification of the bona fides of the applicant. Even if the user takes care to look for the lock symbol, he or she can be fooled by such a certificate.

A new standard hopes to address this situation with a new class of certificate. Some reports indicate that the final official name for these certificates will be “Extended Validation,” but they are more widely known as “High Assurance” SSL certificates.

(from IIS Zone, High Assurance SSL)

You’ve heard the Ivory soap slogan, “99 44/100 percent pure“. Until today you could say much the same about the Google Web Toolkit (GWT). While most of GWT was open source, a few important pieces were binary-only. Today that all changed as Google made the entire GWT 1.3 Release Candidate available, with source, under the Apache 2.0 license.

GWT was introduced 7 months ago as a radical new way to develop Ajax applications using an old familiar language – Java. It enables developers to use all their great Java tools and expertise to create “no-compromise” web applications.

(from ZDNet, Google Web Toolkit goes 100% open source)