Colin Charles Agenda

Came across ask a SQL guru today. Service is run by the Microsoft DB MVP’s. You call them (via Skype), and they answer your query, via a video cast. Its quite new, hasn’t proven itself (I mean, why not just ask a forum?), and also offers itself as a video podcast. I’m thinking it can be useful for newer folk, especially if you like step-by-step instructions.

Going by how useful the Guru Bar at the MySQL Expo 2007 was, and how easy it is to make screencasts these days, I wonder if this would be something some guilds members would consider in addition to the wonderful podcast by Sheeri?

Technorati Tags: ask a sql guru, sql, sql guru

Vertical advertising. I just stumbled upon The Problogger Job Board. They advertise it as such: post a job ad, for 30 days, at only $50.

People that visit the Problogger website, or job board, are definitely bloggers. Visiting the latter, means they’ve bought the hype that they can be a professional blogger, and make a living out of it. So what better way to hire journalists. Professional bloggers are no different to writers in a newspaper, magazine, and so forth. Turnaround times are quicker, the idea of formatting is probably a plus, but generally you’re a writer.

The FAQ lists the 37signals Job Board - $300 for 30 days. They’re a company that came to popularity thanks to a good blog, and Ruby on Rails. People that read the 37signals blog are probably programmers and developers that have an interest in cutting edge technology, are ready to improve, and possibly the cream of the crop. Or at least thats what they want you to believe. 37signals also does the ultimate geek thing: their job board has an RSS feed. And an amazing live search. And if you’re a contract killer just up for a contract, there’s always the Gig Board.

All this made me want to check out Joel on Software’s Jobs page. After all, thats another popular blog, and when you read the RSS feed, you get thrown ads about job offers. Joel’s demands are greater - USD$350 for 21 days. There’s even a rationale as to why 21 days, and he makes The Fog Creek Promise - unsatisfied with applicants, get a refund. The Jobs page also has an RSS feed. And they require the company name - talent have a right to know whom they’re going to work for.

So if its not been obvious, here’s the pattern - write amazing content for your readership, get them hooked, and tell advertisers only the best read your writing. Then, sell advertising (in the form of job ads). Joel/Fog Creek are bold - they even offer a refund.

MySQL have had a jobs forum for ages. It is advertised as a “forum for companies looking to hire MySQL talent”. It contains a hodgepodge of people looking for work, and people offering work. Nothing ever expires, there is no barrier to entry (its completely free to make a posting), there is an RSS feed, and the job ad itself, has “no format”. Do you think the MySQL Jobs forum should change? Should there be a barrier to entry - a simple charge, but a guarantee of better applicants? Requirements can be made clearer, there could be better search, and it probably should not be a forum, per se. Would you pay, to have an ad for 21-30 days, to hire top MySQL talent?

Technorati Tags: jobs, job boards, gig board, mysql jobs forum, online job boards

I don’t claim to be a security expert, but I’d like opinions from people in the field, as well as database experts that view security highly. Here are some opinions from a discussion with Chad and Lenz a while ago. What do you consider a security hole, that warrants immediate action or a release of a server within a sensible timeframe?

• Remotely exploiting MySQL without login credentials
• Remotely crashing MySQL without login credentials

The above two are definite problems. What about:

• denial of service attacks
• data loss
• data changes
• data insertion

Chad tells us, “security is policy enforcement.” And the policy should state: “the service should always be available to authorized people, never to unauthrized people”.

Opinions, please. Tell me what are on the “definite list” that should be fixed within 24-hours, whats on the possibly annoying list, that should be released within 72-hours, and whats on the its an annoying bug, but its not a “high”/”large” security violation (like, Chad finds “a function SUBSTR that always returns one too few characters” a problem in his definition) which can be fixed during the next release cycle.

Also, if anyone has pointers to how other OSS projects or major release software deals with security. Say, like Mark Cox’s security information (he’s Mr. Security at Red Hat, and they’ve got some amazing turnaround times).

Technorati Tags: mysql, security

As more and more people get on the Twitter and Facebook bandwagon, advertisers are bound to crop up. I bring you, a rather devious ad company, Twitcash. Everytime you place an ad on your “stream”, you get paid per follower, per post on Twitter, and per friend, per feed item.

Granted, its not easy to get followers (on Twitter) or friends (on Facebook) unless you actually have interesting content or really, real friends.

Will Twitcash take off? Are you willing to risk your friends being annoyed by your adverts? Somehow, I doubt someone “un-friending” you on Facebook for an ad or two (similarly with Twitter). On Twitter, you can just “leave” the person, yet be a friend. On Facebook, there’s a good chance you’ll miss the ad, amongst all the folk adding (or removing) applications :)

I think this is just a start of the market, for advertising firms to look into the next generation of advertising. For instance, no one paid me to get blown away by the Heinz ad on tv last night. But I Twittered it, and blogged it. And therein lies what an advertising company should be looking at if they were to start a marketing campaign.

On another tangent, I for one think Friendster is nearing the end of its life, with Facebook being the clear winner. However, reading today’s newspaper, it seems that it still gets 22.5 million visitors monthly. ” It is also the top site in the Philippines and the No 2 site in Malaysia, Singapore and Indonesia. It has a strong presence in Australia, New Zealand, Hong Kong and Macau.”

Technorati Tags: ad, advertising, twitcash, twitter, facebook, social networking, friendster

I don’t normally get excited by seeing an ad on television. In fact, I don’t normally watch “live” television that has ads in it, to begin with. But on this cold day in Melbourne, I was blown away by the Heinz soup ad.

I found that in 2002 Slate had an article about this exact ad. Leo Burnett/London created it, and I’m wondering if they’re reusing it or its just reached Aussie shores. A must read, Ad Report Card: hot soup, cold comfort.

Technorati Tags: heinz, soup, ad, instant gratification, 2 minutes, hot soup, cold comfort

Like many out there, I’ve got an itch to check out what OpenSolaris has to offer. With DTrace (something I’ve played with extensively in OS X Leopard betas), ZFS (something that might show up in OS X for file system storage), Zones, and a whole bunch of other features, I’d be a luddite not to check it out.

But I must admit, Sun has got a way of confusing you. Going to the Downloads page tells you that their main intent is to confuse users. How am I supposed to choose between Solaris Express Community or Developer edition? The former is updated every other Friday, does that necessarily turn me on? Then there’s NexentaOS and the like.

Who distributes operating systems in segments? Sun do!

An OpenSolaris newbie like me, ended up picking the Community edition as well as NexentaOS. I think I’ll get them to dual-boot on my soon-to-be-dedicated Solaris box. Now, once you’re done getting their Community edition (the Sun download system doesn’t allow you to get all 3 segments at once as well, mind you - you’re limited), all 3 1GB zip files, you get the pleasure of unzipping each and every one of them, and then (get this, its really funny), use cat to make them into one large DVD ISO.

Apparently I’m not the only one who thinks this sucks. Ian Murdock has adressed this (or well, is open to comments on how to address this). Glynn Foster has also spoken about building the community mojo - Ubuntu’s ShipIt program was a great success, maybe Sun should consider this for OpenSolaris? Time-based releases are better than “builds every other Friday”. Take a cue from Ubuntu’s download page. Redmonk’s Stephen O’Grady has his traditional Q&A on Project Indiana - a must read.

Technorati Tags: opensolaris, sun, download, community, silly download mechanism

Reading Dave Hall’s experience with 3, I can attest to their horrendous service. I never looked at Virgin offering cheap rates, but from their website, it seems that on a post-paid account, I can get 300MB of data for $10/month. I’m currently paying 3 $29 for 200MB of data (and yes, they’re cheaper than what Optus can offer).

Which certainly has me interested in becoming a Virgin post-paid customer. From their website, it seems that if I just want a SIM, I’ll be a pay as you go customer. Which works out well for me, as all I really want is data + any excess (at 1.5c/KB).

However, what Express Card can I buy outright or via eBay, that will work with Linux (and preferably, OS X)? The Novatel Merlin U530 that Dave has is a PCMCIA card, not something that most newer laptops have. What are my ExpressCard options? And does Virgin charge for roaming rates? 3 charges you extra if you’re not within their 3 Broadband Zone and are Roaming [via Telstra]. 3’s advertised MobileBroadband card now apparently offers an Express Card option.

Technorati Tags: data, 3g, virgin, 3, expresscard

When it came to an OpenOffice.org related presentation, my slide deck always contained a mention about security. However, as it gains in popularity, and a more bloated (read: MS Office-compatible) feature set, security alone is not going to be a selling point. In fact, when it comes to OSS advocacy, the word “free” (or the idea of zero/minimal cost) is also not a large selling point, neither is the “you can view the source code” (erm, yeah, so what do I do with it?). But I’ll save that rant for another day.

It seems there’s an OpenOffice.org worm in the wild, that affects Windows, Linux and Mac OS X systems. BadBunny as it has affectionately become known, comes to you as an OpenOffice.org Draw file, which displays a man in a bunny rabbit suit engaging in sexual intercourse. While you see this, its launching mIRC or XChat (on OS X and Linux) and forwarding it to other IRC users. Assuming you don’t have IRC installed, this shouldn’t do anything, right?

Apparently, not only does BadBunny come with some StarBasic, it also has got some other evil components that use JavaScript on Windows, Ruby on OS X and Perl for Linux. I wonder, why they just didn’t use JavaScript across the board? Why Ruby on OS X (Perl would’ve sufficed). Seems very odd, the choice of multiple languages.

This is largely a proof of concept, but it just goes to show that no matter what you’re running, its a good idea to practice safe computing practices. What peeved me though was a quote from Sophos in heise Security:

If the BadBunny developers had any financial intentions, they would have selected a more popular software structure and not included bizarre images, Sophos adds.

Is OpenOffice.org a non-popular software structure? I highly doubt it. Writing virii is like a coming of age present for some, and while OpenOffice.org was ignored as a suitable platform, its being recognised now. Mohandas Gandhi said: “First they ignore you, then they laugh at you, then they fight you, then you win.” I think OpenOffice.org is at stage 3 (not just because of the virus writers, but also because of the plight towards ODF).

Technorati Tags: openoffice, openoffice.org, badbunny, worm, macro, starbasic, cross-platform, windows, linux, macosx