I attended the first BayPay meeting at Stanford yesterday. The meeting room was full and presentations were, surprisingly, not boring. There were enough people from all sides although I think more merchants needs to join so we can hear their perspectives.
Anyhoo, I can't talk about what I heard at the meeting but I came away with the feeling that I could hang with this group for a while.
Some folks keep pointing to section 9.1 of RFC 2616, the HTTP 1.1 spec, as the reason why they think Google is right and unsafe-GET websites are wrong.
From the mentioned section:
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe".
In my view, SHOULD NOT is not MUST NOT. Being a web developer is also not a binding promise to obey and defend RFC 2616. As developer, however, we need to protect ourselves from attacks and misdoings. Clearly, both sides failed to do that.
Note that the same section also states:
Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature.
The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.
So even the HTTP 1.1 spec states that it is not possible to ensure that all HTTP GET requests are safe. Yet GWA seems to assume otherwise. Are programs like GWA accountable? While others may feel otherwise, I think they are because it is GWA itself initiating the request blindly, not the user. Is the user giving GWA permission to make false assumptions on behalf of the user by installing the software? Even offered as-is, I think not.
I don't know about the size of his head but John Cowan is great with tagsoup. Howdy John!
It's nice to see another XML-DEVers blogging. It's also sad to see XML-DEV traffic dwindle and its whispers becoming increasingly arcane or irrelevant as time goes by.
Kids shouldn't be playing in the streets yet they do despite what we tell them. When a car runs over a kid playing in the street, what should the parents do? Spank the kid and let the driver go because kids shouldn't be playing in the street? IMHO, this is what happened with Google Web Accelerator (GWA) and Signal37's web applications.
So what should we do? Throw the driver in the slammer, warn the kids again, put up roadsigns and speedbumps. Alternatives are break every kids' legs so they can't play in the streets or turn roads into playgrounds.
Update:
I've been thinking more about ways to fix BzzAgent. Well, it's not really fixing because I have not taken into consideration how much I could bend it without breaking it. I've just taken the core idea and tried applying it different ways. For now, I am going to talk about just one of the ways.
BzzContest
The idea here is to turn BzzCampaign into BzzContest among BzzGamers who compete for BzzPrizes. Control elements are divided into game rules and hints. BzzGamers win by gathering enough BzzPoints to be the top N players. Pro-bono campaigns are launched by having individuals and corporations donate prizes.
As to the exact form of the contests, it's could be a signup contest, variations of scavenger hunt, funniest video contest of people singing product jingles, or some new wild games like flashmob (i.e. get people to show up at Best Buy at a specific time). Just add a suggestion box and I doubt there will be a shortage of contest ideas that just happens to promote whatever.
As long as the contests are fun, rewarding, and not creepy, it will create buzz and attract marketers.
I've heard about the idea behind BzzAgent a while back and thought their idea was a pretty interesting one. But it wasn't until the recent controversy over BzzAgent helping Creative Commons that I've looked closer. Just visiting their website was enough.
I don't know what they were thinking but their website seems to me as if they intentionally designed it to creep out visitors who are not marketers or mindless freebie seekers. Simply unbelievable. The only possible explanation is that they let their Bzz get to their head which made them blind to their mistakes.
Unless they review and overhaul their overall strategy, I am afraid whatever gain they make will be at the expense of their reputation and the status of BzzAgents not much higher than door-to-door salesmen.
What are you, a BzzAgent? BzzOff!
According to Jesús Rodríguez, the Apache group finally released version 1.2 of Axis, still the most popular SOAP toolkit for Java despite being complex and slow, while I was celebrating my birthday with a particularly horrible cringe. Good. Now I can replace the RC version I've been using. It should show up here soon, but you can download it here until then.
Update:
Drools 2.0 RC1 was also released. I've been using a beta version in an ongoing project so I am glad to see a release candidate version. FYI, Drools is the fastest open source Rete-based rules engine that I know of. It supports JSR-94 (Java Rules Engine API) and domain-specific rule declaration languages. Definitely recommended.
Updates to two key third party components in a single day!
Wow. Gamespot reviewed Guild Wars, a new MMORPG from ArenaNet, and gave it a 9.2 out of 10 points. World of Warcraft got 9.5 but WoW charges monthly network fee ($14 if I remember correctly) where Guild Wars don't. And it looks great. I am gonna have to avoid driving near Fry's for a while because I just don't have the time to swing virtual swords regardless of how shapely the lass ahead of me looks.
BTW, ArenaNet is a division of NCsoft, a Korean game company, where Richard Garriot the Lord British also works. NCsoft is obviously not just playing around.
My complimentary copy of Beginning RSS and Atom Programming by Daynny Ayers and Andrew Watt arrived today. When Danny asked me where he should send the book to, I thought the title was Beginning RSS, a modestly sized high-level technical tour of the RSS technology that one can read over a couple of nights. What I received instead was a huge book of over 700 pages and 32 chapters, full of technical details and advices along with screenshots and code examples in Python. Excellent stuff.
Don't let the word 'beginning' in the title mislead you into thinking that it's another fluff book because there is enough knowledge in it to let you do what Matt Mullenweg did with WordPress. Of course, you'll also need a big bucket of talents and an even bigger bucket of sweat but that's to be expected. The book should also be useful as a boat anchor after your fortunes are made with your RSS-enabled product or service.
Note that the book's cover features a scene from the famous Surprised Rabbit and the Grim Hunter story. Just kidding. I have no idea why Wrox uses consistently mediocre covers on books whose authors invested so much time and energy into.
I've been missing the World of Warcraft, so I took a trial dip into EverQuest II. EQII is a stinker when compared to WoW. I didn't particularly mind the long time it took to update the trial client but the first real gripe was that the view into the 'world' was not full screen like WoW was (visual suffocation). And the overall graphics as well as the UI sucked. Was it my imagination or did EQ2 felt more like a 3D version of Sierra Online's King's Quest games? Phew! With EQ2, Sony flushed their previous dominance in the MMORPG business down the toilet. They just don't get it and I doubt they ever will.
On the other hand, Blizzard needs to work hard to keep the players they have. For people like me, they should allow players to deep freeze characters, meaning I should be able to suspend my account for months without abandoning characters. While playing WoW, I raised enough characters to be tired of doing it again. I tried most of the quests appropriate for level 50 or less players and tried no less than ten race/class combos so I am not going to feel good returning to WoW if I had to start all over again. Besides, how much storage would it take to deep freeze a character?
Blizzard seems to be responding to user feedback though because I've heard that they are now allowing players to move characters between servers. I would have been happy if they allowed that only for level 60 characters. They should also introduce 'rides', meaning events characters can pay money to participate in. They should be highly controlled (dungeon masters!) and as fun as rollercoasters yet each one as unique and unpredictable as life on the edge can be. I think they don't even need to pay those dungeon masters. Let the dungeon masters pay to grind strangers into the ground. But then I don't think they are that smart. They are smart enough to beat the pants off Sony but not enough to make players scream with joy while spilling gold, minute by minute.
Don Park's Weekly Habit 