I don't know that this quote from evan's LiveJournal ("Link Pool") formulates the matter real well, but I think he's approaching that and a subset of solutions as well:
"So the growing problem with personal news sites (aka "weblogs", but also including sites like slashdot or metafilter) is that there are so many of them you can't read them all. In fact, the growing phenomenon is that many people don't report the news at all, and instead select a subset of the news found elsewhere and link to it."
Very sad ... very, very sad. Once upon a time, long ago, I had a comm link stop. Sometimes silence is a terrible thing.
NASA Mission Events Summary: "De-orbit and Entry"
Weather radar image of debris path - "Anyone who believes they have found debris related to Columbia should call the Johnson Space Center Emergency Operations Center, (281)-483-3388. Be aware that hazardous chemicals may be present; do not disturb or move any debris."
STS-107 Flight: January 16-February 1, 2003
* Commander Rick D. Husband (2nd flight),
* Pilot William C. McCool (1st flight),
* Payload Specialist Michael P. Anderson (2nd flight),
* Mission Specialist Kalpana Chawla (2nd flight),
* Mission Specialist David M. Brown (1st flight),
* Mission Specialist Laurel B. Clark (1st flight),
* Payload Specialist Ilan Ramon, Israel (1st flight)
Sincerest regret and sympathy to crew's family.
The right sidebar on the AIFIA pages reads in part, "The emergence of Information Architecture (IA) as a formal discipline has gathered key areas of expertise together to provide a framework for the rational design of content-rich sites." to which I say ... uhhh ... yaa! There I found this neatly formulated list: 25 Theses
My peregrinations took me through an interesting thickening of cyberspace:
* InfoMuse.net, by PhD candidate Katrina (champignon) Spurgin, who quotes Wilson, "More to the point, it is a situation-specific product of the interaction between a user and a document". This moved me to write, in a note to her, "When I was in R&D tech_docs, I justified a lot of my time by pointing out that data was practically worthless if it was un-discoverable; that my making it accessible transformed it into information ... no manager I ever met could trump that! *grin*"
* memekitchen, with the motto "baking fresh think since 1967", quotes I M Pei, "It is not an individual act, architecture. You have to consider your client. Only out of that can you produce great architecture. You can't work in the abstract"
* "Information as Thing", a preprint of an article published in the Journal of the American Society of Information Science, begins, "Three meanings of "information" are distinguished: "Information-as-process"; "information-as-knowledge"; and "information-as-thing", the attributive use of "information" to denote things regarded as informative."
And all of this while downloading a nifty new icon editor ... ain't the web an amazing phenom, though?!
One more for the "it's not just me department". (A bit of setup: 1) Joel is no amateur, and no poseur, right? 2) our language is practically dead; the reaction I get to "I heard a nice song this afternoon" is much the same as what I'd get to "OMG I don't know how I missed it but the 9th cut on Kwaku Kwaakye Obeng's "awakening" can loop for hours without boring!!" ... same-o ... no connection, no contact! 3) I'm tiring of ranting about how things shouldn't go Code4 everytime a lighbulb burns out.)
Gawd ... how are we supposed to run a planet if we can not rely on our peripheral processes and ancillary devices?! "Mission critical" has become as much a buzzword as "new and improved". A society that doesn't relate to the actualities of economic activity can't learn from history, and so won't be able to distinguish between reasonable fear and mere paranoia. *slaps forehead*
You read this. I'm going to get a drink. Scotch. Old scotch. Neat. A double. At least one.
The M$ $erver $aga Continues: A nice little page of security-related links from showmyip.com
Yesterday I found a few good links (one is "Putting your web servers under lock and key" from business2.com) reading a couple of good overviews of the $QL $lammer on CNN Tech, ("Experts: Internet attack hunt difficult" and "As Net attack eases, blame game surges"). In the latter I came across this quote from Andrew Schulman, software litigation consultant and author:
"Part of the problem is that Microsoft has always been oriented toward growth rather than consolidation. Getting them to say 'Let's take what we do now and make better and more bug free' is a big challenge."Now that rang my bell, but for some reason I couldn't bring myself to post it ... maybe too much like kicking someone down ... maybe a limited capacity for appalling truthes. But it came to mind very strongly and I decided to blog it when I read Eric Meyer on a related thread:
"It would be great for someone to tell them, 'Go back and clean up the whole mess you made.' That would be terrific. But it's not going to happen."
"[T]he more I hear about the things that can happen to IE/Win users, the happier I am about being a Macintosh user who works for Netscape. The very idea that a Web browser can be taken over, and seriously mess up the operating system in the process, makes my eyes cross. I'm starting to wonder how any company with the slightest shred of concern over security could possibly justify running IE/Win."*sigh ... so it's not just me ... *sigh*
Out of the fire, into the frying pan! Uhhr no, or .. yes! Or no. *sigh* Slashdot | DTD vs. XML Schema
Wow ... what a night! First, news of US$6B for Project BioShield *!yikes that's a lotta spendolas!* and now I read at tantek's blog that "The W3C CSS working group has just published an updated CSS 2.1 working draft. Much (most) of the feedback on the previous draft has been incorporated. There are still a few unresolved issues (which is why this isn't a last call draft) mostly surrounding overflow and "shrink-wrapping". Gooooood night!
A looming meme ... I'm starting to encounter alternative thinking on the subject of FS ... yaa, the question of file systems. (How much of FS falls into the domain of "namespace"?) This clip ("Synacasaurus") from Disobey Nonsense Network -- Daily Cultural Enjoyment noodged me into starting a theme here (*sigh* which means I should dredge my bookmarks and notes). "Whilst I heartily disagree with the debate over how hierarchical filesystems are bad, I admit I'm one of those "programmers" who thinks it's a "really wonderful thing". I also collect far more than the average person when it comes to downloadable files (mp3s, movies, images, text files, etc.). I like organizing my files - I hate being told how to use my computer."
I guess the paper that's on my mind at the moment is "Name Spaces As Tools for Integrating the Operating System" from NameSys / ReiserFS (a DARPA sponsored project).
*Ooh boy ... a break in regular programming for Dubya's State of the Union address ... yessir, sometimes bifurcation comes down to homely truthes. What really bothers me is the idea that policy is being dictated by the notion of getting people to feel secure ... feelings are tricky things, very subject to manipulation, and not terribly rational at the best of times. Ahh, the Sargeant at Arms has made the announcement.*
Addendum to M$ $QL worm: from NYTimes Tech 28JAN03, Worm Hits Microsoft, Which Ignored Own Advice ... "The frantic message came from the corporation's information technology workers: "HELP NEEDED: If you have servers that are nonessential, please shut down."
"Microsoft has been blaming the users, saying they have to keep their patches up to date," said Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc., a company that manages security for customers. "On the other hand, their own actions demonstrate how unrealistic that position is." A spokesman for Microsoft, Rick Miller, confirmed that a number of the company's machines had gone unpatched, and that Microsoft Network services, like many others on the Internet, experienced a significant slowdown."
Wellll, it's far better than having some variation on "we wouldn't actually call it a bug ..."
7th inning stretch department: Metacrap. heh ... huh huh huh ... haaahahahaha!
Fresh off the press (27JAN03): from LinuxWorld, " Larry McVoy on BitKeeper, kernel development, Linux Torvalds [sic] & Bruce Perens". (This followup to "Meet the Perens" part 1 and part 2 was initiated by McVoy's request for corrections; from the intro: "[t]hinking that a story on BitKeeper — the controversial proprietary source management tool currently in use by Linus and others for Linux kernel development — that also carried McVoy's corrections would be more interesting to our readers ...")
Addenda to the M$ $QL 1434 attack:
* Distributed Intrusion Detection System presents a very informative homepage.
* netsys.com hosts "Full Disclosure", a security oriented list.
* CERT/CC and the Electronic Industries Alliance have joined to form the Internet Security Alliance.
* from SecurityFocus 7JAN03: "Closing the Floodgates: DDoS Mitigation Techniques". "To be on the receiving end of a distributed denial of service (DDoS) attack is a nightmare scenario [...] It begins instantly, without warning, and continues relentlessly [...] An effective, immediate response is often difficult and may depend on third parties, such as ISPs." (The "related articles" on this page includes such as "Characterizing and Tracing Packet Floods Using Cisco Routers" [PDF])
* by UW's David Dittrich (an armload of forensic links here), the mother of all DDoS pages: DDoS Attacks / Tools
* Bill Wall's list of computer hacker incidents (thanks to DaD for this)
* at itworld.com, the Unix Security Newsletter; "Unix is lauded for its flexibility and openness. However, vulnerabilities in standard configurations can make Unix systems susceptible to security threats." (This is the archives, stopping at SEP02 ... the list is defunct? Security Strategies is up to date.)
Tuck in your CVS Server! - Running CVS 1.11.4 or earlier? Well ... don't do that.
According to CERT Advisory CA-2003-02 - Double-Free Bug: "The CVS server component contains a "double-free" vulnerability[...] an error-checking routine may attempt to free() the same memory reference more than once. Deallocating the already freed memory leads to heap corruption, which an attacker could leverage to execute arbitrary code [...] The CVS server process is typically started by the Internet services daemon (inetd) [...] Arbitrary code inserted by an attacker would therefore run with root privileges." (Common Vulnerabilities and Exposures also issued a report.)
The exploit was
discovered first reported, apparently, *sigh* by Stefan Esser at e-matters. His report/advisory includes a timeline on the fix *!OpenSource rawks!* and ends with a suggestion: "You should also consider running your CVS server chrooted over SSH instead of using the :pserver: method." and points to a tutorial on this: Chrooted SSH CVS server how-to.