Why, Blog, Why?

I spent the majority of this past week attending the Web 2.0 Expo and Conference in San Francisco. The sessions were amazing and I had a really good time. I have an entire notebook full of notes that I need to transcribe, but here are a few of the more memorable things.

Application Delivery Systems - The CTO of Citrix talked about so-called ADS hardware components that can do everything from rules-based data filtering, data compression, TCP multi-plexing, dynamic caching, DDoS protection, and plenty more (price dependent of course). Some usage examples and results were provided by one of the guys from Foldera.

RSSBus - turn just about any data source into an RSS feed, including activity in a file directory, Excel spreadsheet changes, database query, etc. Installable on a network or via localhost. Runs as a small server using .NET framework. RSS feeds can be secured using standard NTLM methods. Single-point administration (no user-defined reports if using in multiple user environment). Reports can also be coded using just about any programming language: PHP Python, etc. Project generally based on Python.

mod_ndb - Apache module that allows querying a MySQL Cluster using HTTP 1.1 methods (get, post, delete). Cuts out the middle man (MySQL Server). Realizes most benefit when combined with a scripting language (such as cURL through PHP). Configured through Apache httpd.conf (no mention of support for htaccess) directives. Delivered with several output formats (JSON, raw), future release will support user-defined output formats. No built-in security, but could use other Apache auth mods (like mod_auth_mysql). Note that MySQL Cluster has many limitations of it's own, and this is only relevant when using a multi-app-server/multi-Cluster setup. Interesting concept though. The slides will be online after next week's MySQL conference.

Wesebe.com - The two founders gave an interesting talk on securing web applications. They detailed the concept of a Privacy Wall, which as one of them outlines on their blog means "don’t have any direct links in your database between your users’ “public” data and their private data. Instead of linking tables directly via a foreign key, use a cryptographic hash that is based on at least one piece of data that only the user knows—such as their password. The user’s private data can be looked up when the user logs in, but otherwise it is completely anonymous." See blog link for an example. (Note also Wesebe's Data Bill of Rights, which states that a users' data is theirs to do as they please - including downloading or removing entirely)

Vulnerabilities 2.0 - Alex Stamos from iSec (white-hat security firm) gave a talk about the new vulnerabilities in web 2.0 applications (namely those using AJAX). Of special note, XSS attacks now include javascript-injection since many Ajax-enabled applications evaluate JS code directly. (Another session suggested using parse instead of eval, especially with JSON-like return structures) Also, no current Ajax-framework is secure out of box. Also, make sure to physically scan any code output from a client-side JS proxy interface (i.e. anything that transforms server-side code to client-side code) to be sure no administrative functions are being exposed. Don't allow Ajax calls that change state using the same parameters for every user (e.g. "makeAdmin()" with no user id or other parameter).

The author of The 4-Hour Work Week gave a very short and very interesting talk (video link) about focusing on the few critical tasks rather than the trivial many. He also talked about outsourcing your personal life or anything else that would cost 50% or less of what it would cost you to do on your own. For example, if laundry takes you 4 hours a week to do and your time is worth A (total income/10k/2), then finding someone who can do it for B (A*4/2) each week is worth while. He applied this not just to personal tasks like laundry, but to menial business tasks such as writing reports, updating spreadsheets, etc.

I have plenty more notes, including from a few usability, design and mobility ("placelessness") sessions. If you are interested in anything in particular, let me know. Otherwise I'll keep posting excerpts from my notes once I've had a chance to transcribe them.

Oh, and in case you were wondering, "Web 2.0" is still very much undefined. To illustrate that, conference attendees got t-shirts saying "Web 2.0 is _______" with a spot to write in your own definition. Mine's still blank. If it's possible to define it after-the-fact based on the overall conference theme, Web 2.0 is about harnessing collective intelligence and the switch from surfing -> services, pages -> rich interactions, sites -> content experiences, and web masters -> everyone.