Recent Blog Posts
Blogs ยป Archive for July, 2005
Firefox - the secret is out
As you may have already noticed, SitePoint’s latest title has just hit the shelves — ‘Firefox Secrets’ by Cheah Chu Yeow. Chu Yeow, in case you don’t know, has run one of the most influential and informative Firefox blogs over the last few years and has been a long time, respected member of the Mozilla community.
Now, I have to admit it took me a while to get around to giving this book a good read. I mean, hey,… I’ve been using Firefox/FireBird/Phoenix since ‘pods’ were nothing more than containers for your peas. What can they tell me about Firefox?
Quite a bit as it turns out. In fact, watching the reactions from Kevin, Tom and others around the office, this book should have been titled ‘Oh, cool!, I didn’t know you could do that!’. It’s quite eye-opening to realize the really important stuff that you can completely miss.
So, to demonstrate the point, rather than pilfering a cool tip from Cheah’s book, I thought I’d throw in my own little Greasemonkey demo, and leave the value in the book.
Redecorating with Greasemonkey and Cskinner
While we’ve generally had a very positive response to the SitePoint redesign, there have some comments saying the …
"Serious security vulnerability" in Greasemonkey
The maker of Greasemonkey, a popular extension for power users of the Firefox browser, has posted a warning of a serious security vulnerability in the current release. This vulnerability can potentially give access to any and all files stored on a system running the Greasemonkey extension in Firefox.
The Greasemonkey extension provides the facility to install and run scripts either associated with particular sites, or with all sites on the Internet. These scripts use standard JavaScript features and syntax, but the extension also provides a set of extended functions that are available to user scripts. These functions are the source of the security hole.
Once a user script is associated with a site, those extended functions become available not just to the user script, but also to any script code within the site itself. A malicious site could wait until a user came along with a Greasemonkey script enabled for that site and then use the extended functions to access private files and data stored on the user’s system. Since many Greasemonkey scripts are designed to enhance all sites on the Web (and are therefore enabled for all sites), this is a very serious problem.
The extended function that is the …
Firefox Secrets interview on Computer America
Just before I hopped on a plane to Canada last week, I was interviewed on the Computer America radio show, which is broadcast all across the United States. For the second hour of Thursday’s show, I spoke about the Firefox browser, offering up a handful of tips taken from the pages of SitePoint’s new book, Firefox Secrets.
The tips I covered included:
- HTTP Pipelining, a disabled-by-default feature of Firefox that takes advantage of HTTP/1.1 functionality to speed up browsing.
- Delete unwanted items from the location bar pop-up history with Shift-Delete.
- Bookmark an entire set of tabs at once, then open them again using the Open in Tabs item on the Bookmarks menu.
- Provide a list of sites to be opened in tabs as your browser home page.
- Set up a custom search keyword to quickly look up a site’s history on the Internet Archive.
For the next week and a half, the archived audio of the programme is available for download from the online archives. Here’s the direct link (MP3, 18MB).
I had a lot of fun doing the interview, and I only wish it had been longer–I really barely scratched the surface of the stuff that’s in the book.
The sample …
The End of CAPTCHA?
Aside: It’s good to be back at the wheel after a short interlude — having gained a baby daughter but minus a little surplus sleep ;)
Most of us have used a ‘CAPTCHA’ at some point, even if we didn’t know that’s what it was called. According to WikiPedia, ‘CAPTCHA‘ is the acronym for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’ — ok, they’ve flouted the ‘rules of acronym’, but you have to admit it’s probably more catchy than the more technically-correct ‘CAPTTTTCAHA’ .
CAPTCHAs are used to filter ‘flesh and blood’ users from the various bots, crawlers and spiders designed to exploit web-based feedback channels. They’re particularly common in areas like email and comment spam filtering systems.
The idea is to set the sort of test that a human will pass easily, but bots will struggle with. Although there are alternatives, if you’re a web developer looking to implement a site with an unmoderated comments, ‘CAPTCHA’ are usually your first option — but for how much longer?
The reason I’m thinking about ‘CAPTCHA’ this morning is that last Friday I sent the Design View, which always means I spend the following morning responding to comments, …
Cross Site Scripting Could Make You Lose Your Cookies
Cross Site Scripting (XSS) is a form of security exploit that threatens any web application. Its severity is often underestimated. The problems go far beyond annoyances and practical jokes. By stealing your cookies, Cross Site Scripting attacks can allow attackers to gain administrative access to your CMS.
How does it come about? The problem forms when a web application (such as a PHP script) displays user-submitted content without filtering it. If a user submits a guestbook entry, a blog comment, or even a username and password, that content could contain all sorts of nasties that need to be filtered out if they are to be displayed in a Webpage. These may be either relatively harmless - for example, practical jokes - or malicious - code that is intended to gain private information in order to break into your system. Typically these ‘nasties’ are scripts - hence the name ‘Cross Site Scripting’.
Relatively harmless uses of Cross Site Scripting:
- HTML code intended to disrupt the layout or appearance of a Webpage.
- Scripts, applets or objects intended as a practical joke, displaying annoying messages or popups.
Some more harmful uses of Cross Site Scripting:
- Misleading hyperlinks which link to URLs that …
Why Permission Marketing doesn’t go far enough
In the last blog, Steven List posted a great reply referencing Seth Godin and his views on Permission Marketing (where people opt in or choose what information they receive). Take a look.
I believe however that even Seth Godin’s stuff is outdated at this point, not necessarily in theory but in the way most people are implementing it. Most people who use permission marketing:
- Capture prospect info thanks to some good articles on their website
- Send out information and offers via email
- Wait for prospects to become customers, while building value and trust
This is all good stuff, and important. However, it is already getting old. People are getting tired of giving out their email addresses. They know that as often as not they don’t really get value from newsletters, but rather too much spam.
So we professionals are in yet another pickle. We can go back to relying on good old fashioned referral-based marketing, which never fails. But how about if you want to dominate a national market?
I think that the solution is to take Permission Marketing up a notch. For instance, Sitepoint is an outstanding example of Permission Marketing at its best. It forms great community, gives out great content, and …
Refining the work
It looks like Ajax (or remote scripting, or whatever you want to call it) is turning a bit of a corner, because JavaScript is turning that same corner: refinement of possibility into best practice. Cameron Adams has written up an article on Usable Interactivity with Remote Scripting which is a good example of the trend; not just “ooh! ooh! remote scripting!” but how best to use the technique to deliver a better UI to your punters, which is after all the point of the exercise. There are a few initiatives just bubbling under right now which are looking to take the trend onto a more stable footing; documentation of what a best practice is, the things you need to remember, and other neat stuff you can do, which I’ll be mentioning as soon as they happen. (Sorry for the tease.)
As another example, see OpenID: they’ve put together a distributed system for website authentication, so you can have one identity on lots of sites but without having to sign up to a central service like Passport or TypeKey to do so. One of their priorities was to allow a JavaScript-based login form, so that a whole page refresh …
An idiotic way to market your business
It happens every Flag Day, Memorial Day and July 4 in the USA in my neighborhood: Some real estate agent plants a small flag in my lawn, and the lawn of every homeowner in my area, with a business card. To me, this kind of marketing is the ultimate intrusion, not to mention a misuse of an important symbol, and I can’t imagine it results in much business.
What’s this have to do with you?
Well, lots of IT professionals market in equally foolish ways, by hiding behind brochures, business cards, advertisements, and blatant sales pitches — all the equivalent of planting flags in a stranger’s lawn.
It is much more effective to get visible in your community, speak and write articles to become the go-to professional in your market, demonstrate your value without making a blatant sales pitch (e.g. with a powerful marketing message), and build relationships that result in referrals and new business.
This is a common theme in most writings about professional services, and so it still amazes me that some realtors rely on such a tacky marketing approach.
So, are you marketing by planting flags on strangers’ lawns, or are you building trust, credibility, and business relationships that last?
Open Source Projects Benefit from Book Sales
Packt Publishing has introduced an interesting twist into book publishing for today’s technology reader. The company has pledged to contribute portions of its royalties from publications on open source that it produces to the respective projects those books represent.
It has done so since April of this year and has already benefited popular projects such as phpmyadmin, openCMS and phpBB. The company publishes beyond the open source sphere of topics, but has stuck to its commitment and continues to develop new titles benefiting the community including releases on Plone and SpamAssassin.
Interesting concept of doing well financially while doing good and giving back to the community.
BBC Promotes Open Source to the Masses
A fascinating insight into how one organization (the BBC) is finding ways to blend open source with mass consumerism and even public service. (Thanks Stoyan!)
We talk so much about open source and applying it to our technology and business pursuits - and there is absolutely nothing wrong with that - but this is an excellent view of how one organization is taking it to the masses in a subtle way.
Rather than promoting open source directly to the public - the BBC is finding ways to incorporate it into its larger overall mission to transform itself amid rampant commercial ‘pay to play’ services in the mass media.
This is quite refreshing as it reminds me that I can explore and identify more subtle ways in which open source may benefit my customers and their clients without the fact that it is an open source solution being at the forefront. I.e. - perhaps by making it more economical to deliver statements or other content to a cosumer on the street is worth more to them than reducing software licensing costs. Thus, looking at a solution from varying perspectives can brighten the overall outlook.
I also find it plain interesting …
Sponsored Links
Download sample chapters of any of our popular books.
