Blog – Page 21 – Niall Kennedy

OS X Leopard Server

The next version of Apple’s server software, codenamed Leopard Server, includes a few new features for the early adopter web crowd and their organizations. Ruby on Rails, podcast production, wikis, blogs, and grid computing are just some of the features built-in to the new server OS.

The new features redefine what’s possible away from a Microsoft-centered world of Exchange and Sharepoint, opening new possibilities through a combination of open-source software, industry-standard protocols, and Apple’s friendly interface and design. Small workgroups using Macs or Windows should be able to rack an Xserve and be happy.

Web server

Leopard server has support for PHP, JSP, and Ruby on Rails accessible from a simple administrative interface. You can easily turn on Apache HTTP Server, Tomcat, JBoss, or Mongrel backed by MySQL 5.

iCal Server

Apple will release an open-source calendar server at its new codebase, opensource.apple.com. The new calendar server uses CalDAV for exchanging data with applications such as iCal 3, Mozilla Sunbird, Chandler, and Microsoft Outlook. The server includes scheduling, the #1 thing Outlook + Exchange enterprise users seem to miss when switching off a Microsoft intranet.

Podcast Production

Leopard server lets you record podcasts inside of a web browser and stored on your server. If your network supports Xgrid your podcast encoding will be distributed around to any nodes with free cycles. The server records audio and video from Firewire and USB peripherals as well as your computer’s built-in mic and iSight. The encoder outputs your recording into formats suited for a web page, iTunes desktop subscription, iPod, or even a cell phone. The server also has privilege levels built-in allowing you to specify who can create and upload podcasts to your server.

Team sharing

Teams can share information using a wiki, blog, calendar, and mailing list all integrated for easy collaboration. The wiki supports drag and drop editing, a WYSIWYG authoring interface, and feed subscriptions right in your product team dashboard.

IM Federation

iChat Server 2 allows your local users to chat with other XMPP systems such as Google Talk and vise versa. You can automatically generate buddy lists for your users as well.

Just a few of the features in OS X 10.5 “Leopard” Server due out next year. Your Xserve is now Web 2.0 compliant!

Google will power Fox Interactive search and advertising through 2010

Google will power search and advertising across Fox Interactive’s online properties for the next three years. The deal includes guaranteed minimum revenue share payments from Google of $900 million based on Fox Interactive Media meeting its traffic numbers and “other commitments.” Fox Interactive Media includes social network MySpace, news sites Fox News and Fox Sports, gaming network IGN as well as content distribution and advertising on local TV stations owned by Fox Broadcasting.

The agreement calls for Google to power web, vertical and site specific search for MySpace.com and the majority of Fox Interactive Media properties. Google will be the exclusive provider of text-based advertising and keyword targeted ads through its AdSense program, for inventory on Fox Interactive Media’s network. Google will also have a right of first refusal on display advertising sold through third parties on Fox Interactive Media’s network.

The deal covers generic web search as well as vertical search integration, allowing Google Blog Search to power a blog-specific search on MySpace or Google TV search to appear on the websites of Fox stations. Local content from TV stations could provide a good local search platform for Google as well.

Fox Interactive Media president Ross Levinsohn was formerly a VP at search company AltaVista, the leading search company in the time before Google.

Wall Street Journal launches personal homepage

The Wall Street Journal launched a new personalized homepage with Dow Jones content modules as well as customized content from any RSS feed. The new site uses Yahoo! UI Widgets extensively, the first time I have seen the libraries on a high-profile site.

My WSJ does not seem to currently support Atom 1.0 feeds.

Spliced feed networks with ads

Brad Feld blogged yesterday about a new FeedBurner effort to place ads on more feeds through the creation of aggregated feed networks. A single curator selects a few feed URLs to create a mega feed for a topic or musing. FeedBurner sells targeted ads inside of the aggregated feed and its various forms of syndication — HTML, RSS/Atom, JavaScript widget, etc. — on a CPM basis.

Who other than FeedBurner gets paid for these ad impressions? It seems like another attempt to mine the seemingly free gold laying on the riverbed named user-generated content. The idea isn’t much different than Squidoo, a company donating a percentage of profits to charity to make it seem a bit less like photocopying the work of other writers for profit.

In the literary world there are established means for paying writers for aggregation of work. A network such as FeedBurner could have all publishers opt-in to the possibility of network selection and provide such publishers an approval process for new published channels. Payments could be made on a per-use basis when a page using the content turns a profit. Authors with a Creative Commons By-Attribution license and a valid e-mail address in their feed could receive an opt-in e-mail for channel alerts.

Perhaps it’s best to use a network of venture capitalists as a test group, since they may not notice the pennies dropped in their hats from the crowd passing by, but the network seems like an under-thought ~~launch~~ announcement plan from FeedBurner and its VCs.

Speaking at SES San Jose next Wednesday

I’ll be at the Search Engines Strategy conference next week including speaking on a blogger panel on Wednesday from 11 a.m. – 12:15 p.m. Google CEO Eric Schmidt kindly agreed to be our opening act, warming up the crowd for 45 minutes as they recover from a night of drinking (but not much dancing) at the Googleplex.

If you’re at the conference or one of the evening parties say hello and let’s talk about search. I’m still hoping Yahoo! will rent out Great America on Thursday night so I can ride Top Gun over and over again.

WordPress.com adds paid upgrades

Free blog hosting site WordPress.com introduced its first paid feature this morning, allowing customers access to their CSS for $15 a year per blog. Free members can still access 40 built-in templates for free and customize their image header and sidebar widgets. Payments are processed through PayPal.

The site is currently testing custom domain mapping, a likely next upgrade. The combination of custom CSS and domain mapping a la carte upgrades puts Automattic’s WordPress.com in direct competition with Six Apart and its TypePad product currently charging $90 a year for a similar feature set.

Black Hat presentation exposes RSS and Atom risks in the wild

Robert Auger and Caleb Sima of security firm SPI Dymanics gave a 50-minute security briefing on RSS and Atom feed vulnerabilities at yesterday’s Black Hat conference in Las Vegas. Their talk, Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems, detailed how many blogging systems and feed aggregators do not block against malicious code insertion by third parties and often run at elevated permission levels on a user’s machine, exposing an entire operating system to a potential scripting attack. I wasn’t there, but News.com summarizes some of the topics covered in the talk.

Auger listed Bloglines, RSS Reader, RSS Owl, FeedDemon, and SharpReader as feed aggregators vulnerable to one or more of the attacks.

Malicious JavaScript code could be included in a feed item’s main content. It’s a good idea to strip out and sanitize this markup, or at least whitelist known and allowed sources of such code to prevent local code execution from alert boxes to much worse. Mark Pilgrim’s sample RSS 2.0 feed from Universal Feed Parser is one example.

An author might lose control of his or her blog, but some blogging systems such as WordPress generate comment feeds for every post. If the blogging system does not properly sanitize the third-party comment problems could pop up not only in the rendered web page but also in the corresponding feed rendered inside of an aggregator.

Sidenote: a trusted blog today could become someone else’s blog tomorrow. It’s a good idea for aggregators to listen for a 410 Gone response and unsubscribe from the feed since the domain or hosted account can be reused by someone else in three months or less.

The presentation also mentioned desktop aggregators binding to Internet Explorer and running at unnecessarily high security trust levels. This behavior gives downloaded JavaScript full access to your PC for extra nasties.

Update: A whitepaper on the exploits, including example feeds, is available from SPI Dynamics.

WordCamp kickoff party at Taylor’s Refresher tomorrow

WordCamp is this Saturday, bringing together bloggers and developers using the open-source PHP blogging product for a day of discussion and learning. We’re kicking things off on Friday night with dinner along San Francisco’s waterfront for anyone who is in town.

Join us for dinner at Taylor’s Automatic Refresher at the Ferry Building. We’ll be outside on the patio starting at 7 p.m. enjoying the sun and some good local food. The team from Automattic will be on hand to encourage increased use of BBQ sauce on everything. You can tryout one of San Francisco’s first municipal WiFi nodes and check out all the pedicabs shuttling people to Pier 39 while you enjoy a burger, corn dog, milkshake, seafood, or something healthy like a salad (menu).

Taylor’s Refresher is a small business from the Napa Valley mixing local food, beer, and wine with some crazy combinations. Each attendee will order and pay for their dinner individually at the counter, and you should be able to have a nice dinner for $10-$15. The restaurant is located at the far left of the Ferry Building (map) as you approach from the street. Metered parking spots open up at 7 p.m. so you should be able to park for free on Embarcadero if you choose to drive. BART and Muni rail stop a block away at Embarcadero station.

There may be an after-party across the street at Hotel Vitale starting at 9 p.m. if you’d like to skip straight to the hard liquor.

Caltrain WiMax tests a success!

Intel and Nomad Digital tested WiMAX on Caltrain yesterday, the first step towards rolling out high-speed Internet on the full rail line from Gilroy to San Francisco. The test was successful at 79 mph between Palo Alto and MIlbrae, allowing the network to go live within the next two months.

The system uses Sensoria mesh network receivers on the train to provide a WiFi bridge and wireless base stations placed every few miles along the track. Caltrain will offer the wireless service for free, and anyone living or working near the Caltrain line might have a nice fat Internet connection as well.

Google Reader observed namespace data

Mihai from the Google Reader team just posted some interesting data about observed namespaces across all feeds tracked in their system. The namespace data provides information not only about popular ways of expressing data, but also gives insight into blog software market share within a sample such as Google Reader subscriptions.

Dublin Core as the top namespace is not too surprising. What jumps out is the number of feeds using the default configuration on a variety of platforms, giving a glance into market share.

Blogger – 12%
FeedBurner – 4%
Windows Live Spaces – 4%
LiveJournal – 2.5%

Technorati and Google Calendar feeds appear to have equal subscription numbers among gReader users. Feedster and PubSub subscriptions each have about 1/4 of the popularity as Technorati.

Note: some sites such as MySpace declare the iTunes namespace even if their members never podcast.

Overall some pretty good data. Thanks for sharing Google!