In studying and/or promoting web-technology, the phrase Web 2.0 can refer to a trend in web design and development — a perceived second generation of web-based communities and hosted services (such as social-networking sites, wikis, blogs, and folksonomies) which aim to facilitate creativity, collaboration, and sharing between users.

This sounds nice but what is it really all about?
Web 2.0 means openness that can mainly be explained due the fact that open-source in itself describes openness. Complex and expensive in production products are more and more deployed as open source software solution.

Open interfaces make it easy to share data and interact between different systems. For example Flickr, a currently well-known Web 2.0 product, makes it possible to access its data structure via an API (Application Programming Interface) from outside.
That’s why new services can be developed which use Flickr data. Finally that brings new users to Flickr.

Flickr is just a single example in a big “cloud” of platforms. I think Web 2.0 mostly is about connecting data from different platforms.
For example having blog with an plugin from amazon to publish your wishlist and additionally showing photos to your friends which are hosted by Flickr.

Another important aspect of Web 2.0 is the compliance of regulations concerning web-standarts like XHTML and CSS. This is significant ’cause the movement of the desktop application into the internet is straigt on forward. Nowadays websites are not just shown on our home-computers also on cellphones and palms. Also fancy frameworks like AJAX, for nice effects and better user-friendlyness, take place in Web 2.0.

But why not just calling it “Nice looking - interacting, independent platforms” - or something similar.
Let’s do a bit of time travel:

Web 0.5
Time before WWW: from 1988 to 1995, near the point the Internet became really popular and easy to use for everyone. The usage was restricted to the share of simple data and email communication.

Web 1.0
It was born in 1996: static html pages, one-way communication, classic websites.

Web 1.5
Web 1.5 came up in the time of the so-called dot.com-boom between 1996 and 2001.That as also the time when websites became dynamic. The major things were hits & eyeballs (pageviews) und visual eye-catchers. Interactive websites were for the most part shops, boards and other community places in the web. Their disadvantage was that they were always stand-alone solutions because the battle for users had began. The used technogies were huge and expensive (CMS, Community Software, E-Commerce) but users were strictly bounded to them.

Web 2.0 brings a broad variety of different applications all based on modern Internet technologies. But is everything new? I don’t think so. According to my opinion Web 2.0 is just a upgrade of 1.5 that is a bit more free than closed software platforms some time ago.

Is this the end of development on the web? Besides the fact that in computering there’ll be never an end, I think concerning the engineering progress Web 3.0 will not need a long time coming. But more about Web 3.0 soon…

When using MFC I often wondered about the difference between ‘BOOL’ and ‘bool’.
Especially warnings like that confused me:

warning C4800: 'BOOL' : forcing value to bool 'true' or 'false' (performance warning)

Some time ago I detected that the size of ‘BOOL’ is 4, that’s why I found out the following:

‘bool’ is a built-in C++ type while ‘BOOL’ is a Microsoft specific type that is defined as an ‘int’. You can find it in ‘windef.h’:

typedef int                 BOOL;

#ifndef FALSE
#define FALSE               0
#endif

#ifndef TRUE
#define TRUE                1
#endif

The only possible values for a ‘bool’ are ‘true’ and ‘false’, whereas for ‘BOOL’ you can use any ‘int’ value, though ‘TRUE’ and ‘FALSE’ macros are defined in ‘windef.h’ header.

If you use the ’sizeof’ operator, it will yield 1 for ‘bool’, though according to the standard the size of’ bool’ is implementation defined, and 4 for ‘BOOL’, on 32-bits platform, where ’sizeof(int)’ is 4 bytes. If the size of ‘int’ changes to 8 bytes on 64-bits platforms, ’sizeof(BOOL)’ will yield 8 instead.

‘BOOL’ was used by Microsoft long before ‘bool’ was actually added to the C++ language, but it has nothing to do with MFC. Many Windows API returns a ‘BOOL’ to indicate success or failure.

With 50,000 copies downloaded daily, MySQL has nothing to prove and is probably one of the most popular open source applications. In the acronym LAMP or WAMP, the M is MySQL (L=Linux, W=Windows, A=Apache and P=PHP). LAMP is the most popular web development system as it’s included in every Linux distro (apart from the smallest).

MySQL powers millions of websites from small to very large as well as network servers on many platforms. Following announcements from January 16^th (yesterday) MySQL has been acquired by Sun MicroSystems for the sum of $1 billion. 800 million in cash and 200 million in equility options.

Who says Open Source doesn’t make money? Of course MySQL was always dual licensed and had been selling commercial licenses and support for years. It’s how they grew to 400 employees.

I’ve been using MySQL in websites that I’ve developed mainly and also in desktop applications. Of course it’s not the only database in town; PostgreSQL and SQLite are amongst the better known open source alternatives. For me things are vague what will happen to MySQL in the future…

Sun promises to all users of MySQL that things won’t change that much - they’d even will become better (would you tell your customers anything else?). Anyway, Sun says that the same people, the same community will keep on managing MySQL. Finally Sun refers to its experience concerning Open Source products.

Today I found a nice tool published by Sun© that can be used for converting almost everything into a vmware readable format.
You simply can convert Microsoft Virtual PC or Microsoft Virtual Server.

According to my opinion the best thing about it is that you can create vmware readable file (e.g. for vmware server, player) out of a backup of a physical computer (as far as I know only Windows is supported).

On one hand the Vmware Converter is available as a starter version and on the other hand as a business solution. Former can be downloaded for free here.

Everybody knows well about the issue of SQL injections.
True, but why is SQL injection still occurring? Isn’t everyone validating all user input these days?

For example say you have a logon form that accepts a user name and password. Once authenticated against the database, the application then sets a session value, or some other token for allowing the user to access the protected data.

Take a logon form for example, here you have two basic form elements, a textbox for accepting a user name, and a password box for the password.

<form action="admin.aspx"> 
<input name="username" type="textbox" /> 
<input name="password" type="password" />
<input type="submit" />

The code behind might be something like

String sQuery = "SELECT COUNT(*) FROM Users WHERE UserName = '"+username.Text+"' AND Password = '"+password.Text+"'";

SQLCommand cmd = new SQLCommand(sQuery, Connection);

int n = cmd.ExecuteScalar();

When entering “‘ or 0=0 –” into the username field the query looks like that:

SELECT COUNT(*) FROM Users WHERE UserName = '""' OR 0=0 --

which always would return the number of users.

As you can it’s just minor effort to see data of a database you are not supposed to see.

But also more bad things can happen to your database for example the following can kill lots of data.

'; drop table users --

Also the report of errorcodes can be very helpful for attackers. There’s a whole bunch of lists on the net what error code is related to which area in the server/database structure.

sQuery = "SELECT COUNT(*) FROM Users WHERE UserName = '@username' AND Password = '@password'";

SQLCommand cmd = new SqlCommand(sQuery, Connection);

cmd .Parameters.Add ("@username", SqlDbType.VarChar).Value = username.Text;

cmd .Parameters.Add ("@password", SqlDbType.VarChar).Value = password.Text;

cmd .Parameters.Add ("@return", SqlDbType.Int).Direction = ParameterDirection.ReturnValue;

int n = cmd.ExecuteScalar();

This is only one way the secure your web apps - by passing parameters you avoid many types of SQL injection attacks.
Finally, ensure you provide very little information to a potential attacker when an error occurs.

Last night I accidentally came across something really funny. Did you know that there’s a /bin/true that just does nothing, successfully?

This is a really amazing mapage:

NAME
true - do nothing, successfully

SYNOPSIS
true [ignored command line arguments]
true OPTION
 
DESCRIPTION
Exit with a status code indicating success.
 
These option names may not be abbreviated.
 
--help display this help and exit
 
--version
output version information and exit
 
AUTHOR
Written by Jim Meyering.

I think you can do things like that with “true”:

while /bin/true; do sleep 5; kill ...; done

At least the most bizzare thing about it is that the version is 5.96.