FlexWiki posted to SourceForge.net

This is a good thing for me: squishyWARE's squishySyntaxHighlighter.

US-CERT advisory TA04-260A was just released this morning. Apparently this is the "pending critical vulnerability from Microsoft" that SANS has been warning us about this past week. Cory Altheide, the SANS Internet Storm Center (ISC) Handler-on-Duty yesterday, had a great little commentary on the vulnerability posted here. The text of the technical alert can be found here: http://www.us-cert.gov/cas/techalerts/TA04-260A.html And for the non-believers, here's the light reading version: http://www.us-cert.gov/cas/alerts/SA04-258A.html

An acquaintance of mine is starting a "small open source software company" called MindOwl. His goal appears to be to foster the development of new open source search technologies for web searching, desktop searching, etc... The thing that seems to distinguish his projects from others like Nutch and Lucene is that the projects are attempting to aggregate search functionality accross the web, local desktops and local network resources. This is a great goal to have, and even if it doesn't end up being a profitable business. The real potential for these projects will be to offer an alternative (and potential competitor) to the aggregated search services expected from Microsoft and Google. Another item of interest that I see at the MindOwl site are the stated Production Requirements. While the last item is obviously self serving on the part of the new company (and why shouldn't it be?), the first four requirements are something all developers should consider before declaring that their software is at a production status or is ready to ship. They're pretty straight forward: completed specifications; a test suite that can produce repeatable results; completed documentation; and a defined and automated build (or distrubution) process.

OK, this is totally unrelated to anything listed in my blog's description, but there's gotta be something said for robbing a bank with a pitchfork. CNN has an AP story on its site with just that story: CNN.com - Man robs bank with rusty pitchfork - Sep 8, 2004 As I said in the title, this is certainly a new way to look at Grant Wood's "American Gothic".

If you manage any web servers that use a Verisign SSL certificate, then you had a fairly good chance of experiencing the Verisign Intermediate CA Replacement Problem. Yes, I know that the problem has a simple solution, but having recently missed this step when deploying a new web server, I'm still a little peeved about the SSL certificate distribution and CA trust model. While I don't claim to know how to fix the model, there are a couple of things that I think are worth considering. First, I understand that a distributed trust hierarchy is required to make x.509 certificates work as a broad standard. But since there are really a limited number of root CA's trusted by the majority of web browsers, there should be more opportunity to automate the root CA and intermediate CA certificate management processes. This idea applies to both server certificate chains (as in the case mentioned above) and to client Trusted CA lists. There are a few standards (or functional sections of standards) that could be used to implement this functionality. The only problem I see is a broad acceptance of any distribution model with both the CA's and the client software. Either way, this is something that I am going to think more about in the coming weeks.

One of the biggest challenges that developers face these days is keeping track of the good documentation that they find on the internet. That's why I love when I find a good documentation library site. You get more doc for the bookmark. My co-worker Manjul pointed out this site recently. It is courtesy of the folks at Universidad de Zaragoza, and is fantastic. And if your worried, although it's a Spanish university the documentation is all in English.

Mayor John Street announced on August 25th, that he is appointing a committee to study the feasibility of a city-wide 802.11 wireless network. Here is the press release. This may be the only good thing to come out of the Street administration.