Stefan Tilkov points to an XSL transform that generates a WSDL from XML schema. You define your XML schema and this script creates the corresponding WSDL for you. Good stuff, contract first design and such.

Very good post from Norm Walsh on URIs, URLs, and naming in general. This topic, apparently, is very confusing, and this piece does a lot to clear up the confusing and offer a pragmatic path.

Elliotte Rusty Harold makes some excellent points regarding microformats, offers a macroformats alternative, and even finds time to advocate invalid XML. Some choice quotes:

The only reason I can imagine you might choose a microformat over a macroformat is because macroformats are invalid XHTML, but so what? XML doesn’t have to be valid! That’s a deliberate design decision in XML. Some say invalidity is the real revolution in XML. It’s what XML brings to the table that SGML never had.

Microformats bring exactly nothing to the table. All they do is complexify the markup and make it far harder to address with XPath and other XML tools.

The strict valid-XML-with-a-schema folks remind of the strict strong-typing folks. In my experience, in general neither idea is worth the trouble it brings.

For some reason I’m getting interested in the idea of adding methods to existing classes at runtime as opposed to inheriting from and extending classes. I can’t put my finger on why, but inheritence is slowly losing its luster for me.

From the little bit of poking around in Ruby I’ve done, I know this is possible. In fact, you can do all kinds of funky things like add a method to a single instance of a class.

These days, however, I’m in Python land, and I’m just getting productive enough not want to jump ship.

So, my questions are:

• Is there a way to do Ruby-style injection-of-methods-into-existing-classes in Python?
• Is there a name for this style?
• Why am I losing faith in inheritence? This is disturbing me; I used to teach a class on OOP and point to inheritence as a valuable and nice thing.
• Is this idea of adding methods to existing classes/instances actually a bad idea? I’ve run into several posts claiming so, but I haven’t seen evidence or examples.
• Is injection of methods into a class equivalent to inheriting from it and extending it?

Poking around a bit I come across a Python cookbook recipe for doing this, but that doesn’t look very clean.

I’d really like to try this out and see if it is a bad idea. Am I going to have to learn Ruby to do it?

UPDATE: From the comments, a Nice example of how to do this from Harry Feucks (turns out it’s pretty simple) and a more sophisticated example and decorator from Ian Bicking. Also, interesting discussion on this topic from the Ruby heads over on RedHanded, where we seemed to have coined guerillapatching as the name of this technique.

1:34am and I’m finally done with a couple of work things. I wander over to Chris “Long Tail” Anderson’s The Rise and Fall of the Hit (via Fred), a look at the days before the blockbuster and a claim that we are now in the era of the niche:

The mass market is yielding to a million minimarkets. Hits will always be with us, but they have lost their monopoly. Blockbusters must now compete with an infinite number of niche offerings, which can be distributed just as easily. Justin Timberlake still makes albums, but today he has thousands of bands on MySpace as rivals.

Meanwhile, I’m flipping channels on the TV, trying to find something to occupy the mind. It settles on boxing while I head to Sir Ken Robinson’s Talk at TED on education (also via Fred). Very interesting talk. It seems rambling and casual at first, but then you realize he’s saying some very profound things in some very simple ways.

And this is when it comes together: I have a couple of hundred channels of digital TV in front of me, including all HBO and Showtime channels, as well as on-demand allowing me to watch just about everything offered by the broadcasters, but I’m electing to watch, recommend, and write about a very niche thing, a talk at a conference of 1000 people.

Long tail indeed.

Got yet another phishing email scam, this time quite well done. I decided to follow through and see how it works out.

The initial email is nicely put together, doesn’t contain spelling or grammatical errors, and includes Paypal images and logos for improved credibility. This email is good enough quality to fool a high percentage of recepients.

The supposed Paypal login page goes to the phishing site:

https://www.ppp-info-update.com/ssl/secure/128bit/manage/account/webscr/

The phishing site uses an SSL certificate that does not match its domain. Firefox does complain about this, but the wording of the popup is interesting:

“It is possible, though unlikely, that someone may be trying to intercept your communication with this site.”

Or, someone is trying to fool you into thinking the site you’re going to is a different site. In order to get a certificate from an issuing authority you need to provide valid contact information, so the crooks steal the cert instead of getting their own.

The domain that owns the cert is s.p8.hostingprod.com, a domain that’s registered to Yahoo! . I’ll followup with Yahoo as to how the phishers ended up with the cert; I’m guessing they’re using some hosting package.

The actual phising domain is registed to a US PO Box: http://whois.domaintools.com/ppp-info-update.com

The phishing site is almost a perfect copy of the Paypal site. Nice attention to detail here.

I entered the site with a made up ID and password. The log-in process is also nicely done, even including the intermediate “Processing Login” page.

Once logged in, you see a page asking for quite a bit of information, including your credit card information, your ATM pin, your address, social security, and even driver’s license.

There’s fair bit of intelligence built into the form, warning you, for example, if you enter an invalid pin or credit card number.

I fed it fake but valid looking information and ended up at the success page.

Clicking thru on any of the links on this page sends you to the real Paypal site. You could go thru this whole thing, turn all of your information over, and never know you’d been taken.

These are getting more sophisticated all the time. It would be very easy for someone without a lot of internet experience to get taken.

Update: The site has been shut down thanks to the nice folks at Yahoo!