[ Ø ] Harsh Prakash – GIS Blog

Quiet Musings On Applied Spatial (Health, Disaster, Technology, Planning et al.)

Archive for November, 2007

Follow Up [1]: Unshared Sacrifice

with one comment

Written by Harsh

November 25th, 2007 at 12:36 am

Posted in Planning,Social

Tagged with , , ,

Why Contribute

without comments

Paul Ramsey points to Danny de Vries‘s take on Free and Open Source Software for Geospatial [FOSS4G] 2007:

“What we saw was a young and passionate movement not-so-subtly showcasing their dedication for open-source as a tool by which to challenge corporate, or closed-source, IT monopolies in the geospatial domain.”

I want to underline the ‘showcasing’ part. It is important to not ignore why that is significant for contribution to opensource, which as some would like you to believe is often lacking direction and profit and not the best use of your time. And it can be summarized like so:

                        +—[IN]—> LEARN
CONTRIBUTE —|
                        +—[OUT]—> SHOWCASE —> GET WORK

–π

Related:
• My Pick of FOSS4G 2007 Presentation Submissions
• Contribute

Written by Harsh

November 22nd, 2007 at 12:07 am

Posted in OSGeo,Programming

Tagged with ,

Follow Up [1]: Never the Twain Shall Meet

without comments

Written by Harsh

November 21st, 2007 at 6:30 pm

Posted in Technology,Web

Tagged with ,

The OpenHandset Alliance and the Mozilla Foundation

without comments

As far as the OpenHandset Alliance SDK is concerned, in spite of how Jonathan Schwartz feels about it and the 10 million that Google is giving away in developer prizes, the SDK could become an albatross around Google neck, courtesy Java.

Google appears to also have successfully convinced the opensource Mozilla Foundation to promote its own services above and before other compelling interests. This may be akin to special interest groups’ manoeuvrings on Capitol Hill, and certainly begs the question – did Google push the Foundation to go slow on mobile? Certainly, Minimo with its XUL environment and many extensions could have made for a speedier development cycle.

PS:

* Back in 2005, realizing the potential of WAP, I tested XHTML/WML/WMLscript v HTML/Javascript on Nokia emulators, and wondered how best to balance the 2 different development requirements. After all, you want to get the many more people who own a mobile but not a computer, access your services.

* Symbian Python

Written by Harsh

November 14th, 2007 at 10:50 pm

Posted in LBS,Mobile,Technology

Tagged with , ,

Mobile Browsers

without comments

As the Google-backed Open Handset Alliance takes shape, I have been testing dominant WAP browsers on my 2-year old touchscreen PocketPC. This resulting post should narrow down the choices for those who follow:

• Deep Fish by Microsoft appears to be the most promising of the lot. Unfortunately, it is in a strict testing phase and no longer accepting registrations. Until then, you can always make do with Internet Explorer for Mobile.
• Opera, arguably the slimmest desktop browser out there, has a paid version- Opera Mobile for $24. But if you do not have a smartphone and/or do not wish to spend any money, try Opera Mini.
• The Mozilla Foundation has the amusingly named Minimo.

Opera Mobile offers tab-browsing like Minimo, and does a better job at handling pop-ups and javascripts than Internet Explorer. And like Minimo, it offers ‘grab and drag’ navigation thus eliminating scrollbars. Opera Mobile also offers subtle other improvements, like allowing you to change your User Agent- a must-have for those websites that recognize mobile browsers, but remain inexplicably unprepared for them. On the other hand, Minimo features XUL [try this in Firefox – chrome://browser/content/browser.xul] that has impressively found its way into Mozilla Amazon Browser etc, and is the most customizable.

Absent from all these is the Nokia Web Browser– the sometime favorite of opensource mobile development. After all, its early emulators are what helped a lot of programmers/developers gain a handle on mobile development long before Google.

–π

Related:
• Follow Up [1]: Wireless Application Protocol
• Wanted: Proactive Policies
• >> WAP
• News:: Spatial
• News:: Science & Technology
• Sample *.xul
• xda-developers Forum
• Picsel Browser
• Zumobi
• Proxy Server
• Mini-Me

Written by Harsh

November 13th, 2007 at 7:22 pm

Posted in LBS,Web

Tagged with , ,

A Tale of Two Languages

with 2 comments

Try this page to compare Ruby‘s and Python‘s language elegance side-by-side. Spoiler Warning: There is a winner!

To get you started:
Ruby – string.method [“String”.reverse or “String”.length]
Python – string[slice] or function(string) [“String”[::-1] or len(“String”)]

–π

Related:
• Python Interpreter
• ASP
• Cold Fusion
• JSP
• Perl [ActivePerl]
• [ActivePython]
• PHP
• Tcl [ActiveTcl]
• A Tale of Two Cities

Written by Harsh

November 11th, 2007 at 10:36 pm

Posted in Programming,Web

Tagged with ,

MapServer’s Claim to Fame?

with one comment

I was a little surprised to find MapServer listed on Nessus– the network vulnerability scanner website chugging along on Apache/PHP: Its mention points to greater usage than earlier anticipated. So if even AGG– its Google-esque 5.0 rendering backend is not enough, here‘s another reason for –4.10.3 users to upgrade:

Synopsis:
The remote web server contains CGI scripts that are prone to arbitrary remote command execution and cross-site scripting attacks.

Description:
The remote host is running MapServer, an opensource internet map server.

The installed version of MapServer is vulnerable to multiple cross-site scripting vulnerabilities and to a buffer overflow vulnerability. To exploit those flaws an attacker needs to send specially crafted requests to the mapserv CGI.

By exploiting the buffer overflow vulnerability an attacker would be able to execute code on the remote host with the privileges of the web server.

Solution:
Upgrade to MapServer 4.10.3.

Notice how their solutions are always short and sweet. Savvy programmers/developers would know of a couple of other ways to fail such automatic scanning.

On Nessus, MapServer shares the company of the spatial heavy-weight: Google Earth– ‘heap overflow in the KML engine [FreeBSD]‘. Given Nessus’s reputation in the enterprise class, ESRI’s ArcGIS Server and ArcIMS are both conspicuous by their absence- impossibly secure? less likely; less widespread and not sufficient to warrant a mention, atleast in the enterprise community? quite possible.

–π

Related:
US-CERT Vulnerability Notes Database

Written by Harsh

November 10th, 2007 at 10:46 pm

Posted in IMS,OSGeo

Tagged with , ,