Monthly Archives: November 2006

How to Configure an $80 File Server in 45 Minutes

How to Configure an $80 File Server in 45 Minutes.

I use a modded Xbox and Xbox
Media Center
for playing media files across the network on
my television and sound system. I also download large files,
such as Linux ISOs, via BitTorrent. However, leaving my
primary computer on all the time seemed
like a waste of energy. I wanted a cheap, small
headless machine that I could
use as a Samba server and BitTorrent client so I could leave
my workstation off when I wasn't using it. . . .

Overall, the installation and configuration took me
about 45 minutes to go from zero to a fully functional system.
The Xbox can see the share, and I've got a new playground for
web development. I would suggest cleaning up and securing
that home page a bit; research
.htaccess files to lock it down.

I put my file server in my media
center underneath my router, and it takes up about
the same space
as a VCR. For $80, I feel that I've made an excellent
investment.  [dissension]

Know your rules of engagement

Know your rules of engagement. by Bob Walsh

One of my favorite sites,, just put up a post I’d recommend every micro-ISV read: Tara Hunt on The Rules of Engagement. Tara sets out to answer:

What is that magic ingredient that turns people from
‘consumers’ of your software into active and enthusiastic evangelists?
The truth is that there is no single magic ingredient, but there are
some underlying principles to delighting your current customers that
may just lay the groundwork to creating an evangelist or two.

And does a fantastic job. If you’re wondering why and how micro-ISVs are now in the community-building business, read this post and Tara’s previous post, Why 50% isn’t Good Enough.  [MyMicroISV]

Why Widgets mean money for micro-ISVs

Why Widgets mean money for micro-ISVs. by Bob Walsh

Two recent posts have turned my mind back toward the subject of
widgets and micro-ISVs. A widget is basically a mini application that
runs in any number of ways — on your desktop, and Google sidebar, and
Windows live, in any number of third-party applications and in both
Vista and an Mac OS.

When Steve Rubel at notes something, it’s worth you noting it to. Have a look at this post by Steve, “Major Marketers Cozy Up to Widgets“. And when Richard MacManus at Read/WriteWeb picks up on the same trend, it’s definitely worth spending some time thinking about how this emerging trend relates to your micro-ISV.

Have a look at, or
widgets are growing up fast, and by their very nature don’t attract the
giant software companies. No one needs or wants Adobe PhotoShop as a
widget. But (see below) I could see a widget for this. . . .   [MyMicroISV]

Alex Hudson: Hula Status

Alex Hudson: Hula Status.

So, Peter has confirmed the news some of us assumed, but didn't want to talk about – that Novell is no longer commercially going to develop Hula.

This is sad for so many reasons; for me, primarily because they don't seem to see the demand for this that I do. So many people love what Hula can do, even now when it's pre-alpha and pretty ropey. But, this is now water under the bridge: Novell have bequeathed us a project with a lot of bits of code, and it's now we've got to figure out what to do with it.

I wrote this “Future of Hula” thing last week, based on what I thought was going on, which seems to be more or less right. I guess it's more a call-to-action than anything else: hopefully some of the people who were working on Hula at Novell can still contribute, but if the project is to succeed, it also needs other people to get more involved.

As a free software project, we're lucky in that we can take the code and run. Being developed out in the open, as a project not primarily sponsored by a company with commercial needs, may turn out to be the best thing for Hula in the long term. My belief is that for Hula to succeed, we need to set out a realistic and achievable roadmap, work in an open fashion so that many people can be involved, and work single-mindedly toward the goals we've set.

Hula is still kick-ass in so many ways, and offers something so totally different to all the other run-of-the-mill mail systems out there, that I hope this is just a new beginning.  [Planet Hula]

Sal Taylor Kydd

Sal Taylor Kydd, the head of product for Yahoo TV thanks you for your feedback on the new site. In the meantime I switched to TV Guide, which compares favorably to the old Yahoo TV site. There's a lesson here, one that I learned in 1984, when I shipped a new product with less functionality than the one it replaced. Make sure that the new version is better than the old one, users do notice. [Scripting News]

Fresh ideas for micro-iSVs

Fresh ideas for micro-iSVs. By Bob Walsh

One of the things you hear over and over in this business is how hard it is to find an idea to build a micro-ISV on. True! The great thing about ideas is that lots of people have them, and some do a really good job of explaining them, like Pamela Slim at Escape from Cubicle Nation. Pamela has a great post up today –Plastics, young man! How to use market trends in your quest for the perfect business – that is a gem sitting on the pavement of life for any developer still casting about for a focus.

Pamela has a great quote by Guy Kawasaki that’s worth the click and your attention in and by itself, but her coverage of Entrepreneur Magazine’s what’s hot for 2007 is great reading, as is that MSM’s predictions.   [MyMicroISV]

Attacking Bank-Card PINs

Attacking Bank-Card PINs.

Research paper by Omer Berkman and Odelia Moshe Ostrovsky: “The Unbearable Lightness of PIN Cracking“:

Abstract. We describe new attacks on the financial PIN processing API. The attacks apply to switches as well as to verification facilities. The attacks are extremely severe allowing an attacker to expose customer PINs by executing only one or two API calls per exposed PIN. One of the attacks uses only the translate function which is a required function in every switch. The other attacks abuse functions that are used to allow customers to select their PINs online. Some of the attacks can be applied on a switch even though the attacked functions require issuer’s keys which do not exist on a switch. This is particularly disturbing as it was widely believed that functions requiring issuer’s keys cannot do any harm if the respective keys are unavailable.

Basically, the paper describes an inherent flaw with the way ATM PINs are encrypted and transmitted on the international financial networks, making them vulnerable to attack from malicious insiders in a bank.

One of the most disturbing aspects of the attack is that you're only as secure as the most untrusted bank on the network. Instead of just having to trust your own issuer bank that they have good security against insider fraud, you have to trust every other financial institution on the network as well. An insider at another bank can crack your ATM PIN if you withdraw money from any of the other bank's ATMs.

The authors tell me that they've contacted the major credit card companies and banks with this information, and haven't received much of a response. They believe it is now time to alert the public.  [Schneier on Security]

How to make money on cars with less

How to make money on cars with less.

With Ford and GM losing billions and millions respectively, one might think competition is turning the car game into one of slim pickings for profits. Not so, says Porsche, and posts profits of 2.7 billion dollars.

What’s their secret? One overarching design that’s been stable for 40 years and just three current lines: Cayenne, 911, Boxster/Cayman. That simple recipe has made Porsche the most profitable (per unit) car maker in the world.

They’re doing so well in fact, that this “little” sports-car maker has just increased its stake in the German giant VW to 30%. Not too shabby from a niche company that sold just ~2,500 cars in October for North America/Canada.   [Signal vs. Noise]