Fri, 28 Oct 2005 15:18 UTC
By now, you’ve probably heard of the latest browser craze known as Flock. I call it a craze, and really it is just that; the hype for this browser came when it was announced and long before there was any code or builds to view. It seems that this kind of hype occurs all too often these days, and I even find myself wrapped up in it occasionally. And why not? It feels good to know that the industry wheels are churning again, that there’s money in the air—or, at least, the hint of it, anyway.
But is there anything to this hype? Is there anything to Flock, to Web 2.0, to AJAX, to blogging, podcasting, tagging? Truthfully, I think the jury’s still out on this. Indeed, beyond the nifty buzzword, I see what Web 2.0 promises. It represents a mounting paradigm shift in the way we view and treat information . . . but I think it’s way ahead of its time.
Web 2.0, as I understand it, not only embodies the Web as a platform, but it philosophically seems to represent an opening up of information and the free share and exchange of ideas. This almost smacks of Gene Roddenberry’s futuristic vision of Star Trek: The Next Generation. I’m not sure that we’re culturally ready for such an open (some might say “Socialistic”) approach to information.
The governments of our world are undergoing tremendous growing pains at this point in history with regard to information and intellectual property. On the one hand, we see the traditionalists and the corporations who wish to maintain a firm grasp on IP, copyright, and patents. Why shouldn’t they? These modes of protection have brought them to where they are and have made them very profitable. On the other hand are the neo-copyrightists who philosophically advocate for open information and free exchange of ideas. In the middle is a government trying to appease both sides, but, more often than not, the traditionalists have the money and, thus, the power of influence.
Can the ideals of Web 2.0 survive in this environment? I think the technology is definitely there. We can create extremely usable Web sites for the masses, and more and more, people are buying computers primarily for the business of being online—and not because of software. Indeed, the software is now online for many things, and the computer is a client to reach it. Yet, therein lies the problem: information is everywhere. Technology is forcing us to rethink our traditional approaches to information and IP. Traditionally, he who holds the information wields the most power and control. With Web 2.0, everyone collectively holds the information.
So, I followed along that lengthy tangent to come back to this: is Web 2.0 just early 21st century marketing hype, and is Flock simply riding the craze? Or could Web 2.0 represent a growing shift in cultural values—on a global scale?
There’s no doubt that Flock, at this point, is merely riding the Web 2.0 wave. After all, it’s really just Firefox with some added features that don’t particularly impress me. We’ll just have to wait and see what comes of it as it moves beyond the “Developer Preview” stages into alpha and beta versions.
As for Web 2.0—only time will tell whether it represents real social change or just good marketing.
For more on Flock, read Jim Rapoza’s “Flock Can’t Fly Yet” blog post.
3 Comments »
Permalink
Tags: browsers, flock, open-information, web-2.0
Thu, 27 Oct 2005 15:36 UTC
I’ve just finished reading Chris Shiflett’s Essential PHP Security, and I have to say that it’s a great book. It’s very small—weighing in at only 109 pages (including the appendices and index)—but I think Chris feels this is its main draw. Indeed, it’s a quick and easy read, but that doesn’t mean it’s lacking in thoughtful and careful attention to detail—on the contrary. Rather, Chris has created a very concise and easy-to-read guide to Web application security. The language is clear, as are the examples.
For anyone who’s ever attended one of Chris’s talks on PHP security, this is the ultimate companion. For those who haven’t had the privilege of sitting in on his talks, this book is everything that you’re missing.
It’s available on Amazon for $19.77.
Now, for some fun, I used the Rednoize MD5 database mentioned in Chapter 3 of Essential PHP Security to create a little AJAX application to create MD5 hashes of strings, as well as check for the existence of a hash in the MD5 database. According to the Rednoize blog, there are over 2 million MD5 hashes stored with their counterparts in the database. In addition, I’m using Paul Johnston’s JavaScript MD5 library to handle the string-to-MD5 conversion on the client side (rather than sending an extra request to the server).
Now, on the Rednoize MD5 site, when you enter a string (as opposed to an MD5 hash) that does not exist in the database, it automatically creates a hash of that string and adds it to the database. Thus, you should beware if you enter your own passwords, for then, your passwords and their corresponding MD5 hashes will be in the database. My implementation does not do this, however. If the string entered is not exactly 32 alpha-numeric characters, then it will not try to retrieve a value for it from the MD5 database.
If you want, give my little MD5 reversal application a try.
UPDATE: The MD5 database does not appear to store string values longer than 32 characters; it appears to truncate strings at 32 characters and save the MD5 hash of the truncated string. So, be sure all your passwords are > 32 characters. 
UPDATE (6 Nov ‘05): I’ve moved my MD5 hash lookup application to http://md5.benramsey.com/, where it will live on a permanent basis.
8 Comments »
Permalink
Tags: ajax, books, md5, php, security
Fri, 21 Oct 2005 19:57 UTC
I began this year with the optimistic outlook that it would be the “year of PHP.” Indeed, little did I know that this hopeful view would come true. With astounding and visionary statements from such prominent figures as Marc Andreessen, who recently joined the board of Zend Technologies, Inc.—“when it comes to the Web and Web applications, Java is not the right language1” and “PHP is to 2005 what Java was to 19951”—the forecast for PHP looks bright and sunny.
Yet, for whatever reason, not everyone in the PHP community is excited about this show of support, and with Zend’s announcement of the PHP Collaboration Project this week at the Zend/PHP Conference and Expo, this sentiment has been voiced on more than one blog. While, I did not have the privilage of attending the conference, news has spread fast, and I’d like to share why I feel that what’s good for Zend is good for PHP overall.
But before I go into much more detail, let me explain my relationship—or lack thereof—to Zend: I have no vested interest or stake in Zend. I am not an investor. I am not employed by them. In fact, I am not close friends with anyone who works at Zend. So, nothing I say here is influenced by a relationship I have with Zend. Yet, nevertheless, I have an interest in the survival of Zend Technologies, Inc. because I have an investment in the PHP language.
What? How does Zend’s survival have anything to do with the language itself? Let me tell you how. The success of PHP in the marketplace directly correlates to the success of Zend. If Zend fails, then PHP fails.
This does not mean that PHP will cease to exist if Zend fails, but it means that there will no longer be an advocate for PHP to the Enterprise. Why do you think Java has been so successful in the Enterprise? Is it because of its superiority as a programming language? Not in the least. It’s because Sun has been there from day one advocating its adoption. Zend is here now to do the same for PHP. And where Zend is successful in convincing the Enterprise of PHP’s scalability and power there will be jobs for PHP developers.
So, now we come to the question of the PHP Collaboration Project, which many are describing as the “Zend PHP Framework.” Since June, I have known that this framework was something that the folks at Zend were cooking up, but, at the time, they were still unclear on how they wanted to approach it. There seemed to be two sides to the coin, as I understood it: 1) the framework would be developed by Zend and used in Enterprise projects, or 2) the framework would be developed, at first, by Zend for Enterprise-grade applications and then released to the community as an open-source project. In either scenario, Zend would be the major driving force in the development of the framework.
Yet, agree with me or not, Zend is committed to the PHP community and the PHP Group, while, at the same time, their corporate goal is to encourage and drive PHP adoption in the Enterprise. To fuse these two ideals, it appears they have created the PHP Collaboration Project not to create a “Zend PHP Framework,” but to foster the development of a community-driven, Enterprise-grade framework. Herein lies the core of what Zend is about: Zend wants to remain true to the community, and by connecting the community to the Enterprise with this collaborative project, they solidify the relationship between the community and the Enterprise and ensure a future job market for PHP developers.
I laud Zend’s commitment to the community, and I commend them on their successes in advocating PHP to the Enterprise. Both the community and Enterprise adoption are important to me, and they should be important to you. Far too often do I see a staunch commitment to the PHP community with an increasingly negative attitude towards the Enterprise. This arises from people’s varying philosophical beliefs and values, but it is detrimental to the job market. I, for one, cannot live without a job, and if the Enterprise takes hold of PHP and starts using it with the same fervor they embraced Java, then I can rest assured knowing that PHP will be around for many years, and I will be able to easily find PHP jobs.
Still, what does this mean for the core of the language? How much influence will these large companies have on the community, and how much push-and-pull will they be able to inject into the language development process? I think this is a worry that is on many people’s minds, and I think it’s a legitimate concern. What pandora’s box has Zend opened by involving the Enterprise with the community? I think these concerns can be assuaged with one word (or acronym, rather): PECL.
More and more, core developers have been working to remove “bloat” from the PHP core and relegate it to PECL, where it can live a satisfying life, free from the controversies of the internals mailing list. Anyone can create a PHP extension and be a part of the PECL community without having to go through the extensive—and often controversial—process of having code accepted into the core. Thus, companies—or developers of the PHP Collaboration Project’s framework—requiring add-ons to the PHP core can easily develop an extension and distribute it via PECL. IBM is already doing this with their SDO contribution, and the Midgard framework uses a custom PHP extension to improve performance. Why is PECL not a not logical and obvious choice for the Enterprise to use? Why must we first assume that companies will request changes to the PHP core and pressure the PHP Group through Zend to make these changes?
Finally, frameworks abound in the PHP community, but after ten years of growth and development, not one framework has stepped out above the rest as a leader. With all the hype surrounding Ruby on Rails, it is obvious that the PHP community is lacking a good, solid framework. It is also clear that the Enterprise is looking for exactly this. If providing an Enterprise-grade framework will spur the adoption of PHP in the marketplace, thus providing more jobs to PHP developers, then I think Zend has stepped foward to show both their commitment to the Enterprise and the community. This is a show of faith to the community; Zend could have easily developed the framework on their own, but, instead, they have invited everyone to share input: community and Enterprise alike.
To Zend, I say, thank you for this opportunity. To the Enterprise, I say, here’s looking forward to a bright future. And to the community, I say, good luck in making this partnership work—it’s all up to you.
1 qtd. in Bank, David. “PHP Language Wins Supporters As Tool for Making Web Software.” The Wall Street Journal Online 29 Sept. 2005. .
3 Comments »
Permalink
Tags: community, enterprise, framework, php, zend
