Perl Python and PHP are all Open Source programming languages and there is a ton of free software written in all of those languages available online. Enterprises have until recently stuck with Java, C++, C or C# when it came to application development, but this is a trend that is apparently starting to change. InternetNews has a story about how Enterprise is starting to notice the benefits of using the “P languages” when it comes to fast application development. As a Perl/PHP coder myself, I can’t believe it took them this long to work that out. One interesting statistic that the article lists, is that PHP has proven considerably less secure then Perl or Python when based on the number of exploits found in programs written in each. I suspect that has more to do with newbie’s preferring to learn PHP than anything else, but the PHP developers would do well to introduce something like Perl’s Taint mode.

For web developers, new Internet capable devices are usually a headache as you never know how your site will display or function on a non PC device. To the rescue comes a free Firefox extension that when used will display any site in the layout a smart phone user would see. SSR (Small Screen Rendering) was written by the same guys behind the NVU WYSIWYG HTML editor and is an invaluable tool for web developers looking to extend their audience.

Mobile and smart phone usage is sky-rocketing and will continue to do so as technologies like 3G and WiMax roll out and at some stage in the near future all mobile phones are likely to contain a web browser of some sort. You can get the SSR extension at: disruptive-innovations.com (down the bottom of the page).

(Note, when you click install, a popup warning bar will appear at the top of the browser window, you have to click on the options button and click “allow”, go get the install going).

WindowsBeta.net recently reviewed the new Linspire 5.0 Desktop Linux release and give it a nine out of ten.
The final few lines of the review sum it up nicely.

In general, I would recommend Linspire to users who are interested in testing Linux for the first time.
Linspire has managed to make the best looking, and user friendly Linux distro I have seen so far.

Rating: 9/10

Read the full review yourself and check out the screen shots.

A new release of Firefox is available now. Firefox 1.0.2 contains several security fixes over the 1.0 version, most recently a potential GIF parsing flaw that hasn’t been exploited yet, but potentially could be. Being Open Source means that the code is viewed by many developers and errors tend to be found before they are exploited. Mozilla also runs a $500 bug bounty where they offer money to people that find flaws in the code. These tactics are to ensure that any flaws in the code are found and fixed before anyone has a chance to exploit them. In some ways, Mozilla and OSS code is in a unique position here. By asking people to find flaws, rather then punishing people that look for them (as has happened in a couple of cases with commercial software lately, the latest being Sybase) you get the opportunity to find and fix bugs as quickly as is possible. By punishing security firms for finding flaws, you ensure that the only people looking for flaws in your software will be those that wish to exploit them (called Black hats). And they don’t tell the company that owns the software of the flaws, the owner generally finds out by examining exploit code after it is released. Hardly a good model for security. This quote by David Litchfield of NGSS best explains the point I’m making.

“Let’s face it, the details are there to anyone with a disassembler, anyway. This kind of legal threat achieves nothing other than to make legit researchers fearful about being sued if they find and publish security issues—even if they do so in a responsible manner,” Litchfield wrote. “In such a climate, security research will be driven underground—which is where the ‘good guys’ really don’t want to be.”

First things first, yet another Microsoft commissioned and funded report has reached the amazing conclusion that Windows is more secure then Linux. I ask you folks, to cast your mind back over the years and see if you can remember any Microsoft funded reports that ever found that the Microsoft product being compared was found wanting compared to the competitor in one of these MS funded reports? That alone should give you some idea how much creditability I give this new report. Reports by business and government who are using or trialling OSS products like Linux are generally much more useful for comparison as the parties making those reports generally have no vested interest in either side.

Microsoft is having more troubles with the EC of late as well, their quest to have the powers of the trustee of their EC compliance limited has been thrown out as unacceptable. There is now also speculation that Microsoft have crippled some aspects of what they wanted to call “Windows reduced media edition” by changing or removing registry entries so that (for example) video embedded in Office documents would not play correctly or at all.

A patent (USP 6101499) that Microsoft was granted is also being questioned because Microsoft failed to mention that the technology they patented was already being worked on by the Internet Engineering Task Force and is very close to IPV6 which is the technology destined to replace the 20 year old IPV4 system that is behind the Internet now. This should give you the impression that when Microsoft tout their desire for interoperability, what they mean is that they want to own the protocols and will be interoperable with anyone that gives them enough money. That’s the impression I’ve gotten from all this anyway. Imagine if the guys that Invented the Web, TCP/IP and other such technologies had the same aspirations as Microsoft, if they had, it’s doubtful that Microsoft would be anywhere near as big as they are now.

Mike Davidson posts today about this project called Our Media that boasts it will forever host your digital works for free without bandwidth or other costs. Sounds great? Is it truly sustainable? For something that says it is soon to leave beta status and will shortly hope to become a 501(c)(3) charitable organization – a designation that means United States donors may deduct the donation from income subject to tax – those are pretty big promises. Someone has to pay the bandwidth bill and pay for the software to find and store the media. And indeed, how long before the thing is bogged down with junk (you know the creative content that may not deserve to see the light of day? – just kidding art is all good – even spam and advertising content …), or at least different versions of the same thing? The concept is good, but the promises sound Utopian to me.

Until this is funded by a major endowment it is just big talk. If it works off of an advertising model, then it isn’t really free, because your work may be carried under an advertisement for something that you dislike immensely. So while it is without monetary cost, you are supporting something you don’t care for – arguably a cost. That doesn’t mean it shouldn’t be attempted, but rather that it is likely to fail as those currently giving of time and talent are likely to shift focus, lose interest, and some will even die. The commenters over there (that I didn’t read until I was almost done with this post) seem equally rosy as I am. Maybe if enough of us tell them how silly they are, that will be just the ticket to get them motivated to get over the hump.

It will be interesting to see how usable the indexing is. To archive without reasonable retrieval is of no real value.

ScanIT, a web consultancy company, is showing statistics reflecting that Internet Explorer was unsafe for 98% of 2004, verses 15% for Mozilla based browsers like Firefox. This puts to rest arguments that Internet Explorer is a security problem only because it is more popular at the moment. The Inq article is well worth reading as it explains some of the reasons why, and the implications of, the IE security problem.

Run the browser security checker yourself at http://bcheck.scanit.be/bcheck/ to find out if your protected, I just ran the test myself using Firefox and it found zero known vunerabilities. Good to know.