Subscribe via RSS

Blog


On February 23rd, 2008

Version Targeting

Breaking Web Standards Forever

I've been following the debate over Version Targeting on A List Apart for a little while now, and felt like I should throw in my two cents. I would suggest reading these Pro and Con articles on the subject to give you a decent idea of the arguments for and against.

Here's a brief description of what Version Targeting is - if you already know, go ahead and click 'Read More' and skip over this. There was a time when Internet Explorer 6 controlled more than 95% of the browser market – and of course everyone built their websites around IE6 - HTML/CSS standards were little more than ideals, if a developer had even heard of them at all. Then, in late 2006, Microsoft rolled out Internet Explorer 7, their first browser update in six years. This new browser still has quirks and errors, but it is far, far more standard-compliant than IE6 was. What happened next was referred to as the breaking of the web – suddenly all those websites built for IE6 didn't work, and many developers had no idea why. If you switched from IE6 to 7 shortly after it was released, you probably came across some websites that looked broken, didn't work quite right, or just flat out failed to render.

Since then Internet Explorer has lost 20% of its market share to Firefox, Safari, and Opera; even so, the vast majority of people who build websites (I reserve the term web developer for people who actually know what they're doing) continue to develop poor, invalid, insecure and browser-specific code. Microsoft is now preparing IE8, which will (hopefully) follow the standards for HTML and CSS, as well as removing JScript (Microsoft's proprietary version of JavaScript) in favor of standardized ECMAScript. Rather than risk, as they say, 'breaking the web' again with this new update to IE8, Microsoft is implementing what they are calling Version Targeting to give web developers the ability to code standard compliant websites, while not breaking everyone else's layouts and browser side code. This will be implemented by setting the default rendering option for IE8 (and all future versions of IE) to IE7, unless you specify otherwise.

Read More

Posted in: HTML/CSS, Opinion, Standards

On January 28th, 2008

Comments!

And with this, I declare the blog fully operational.

Alright! No doubt I'll keep making updates from time to time, but I think I have a nearly fully functional blog now, with the ability for users to submit comments! It's pretty straightforward, but I'm going to break down some of the work I did for the hell of it. In the meantime, I invite you all to leave your thoughts. Some basic notes, you're welcome to put a link to your website in the website form, but both it and the [url] BBCode will include rel="nofollow" tags to stop bots from following the links. Hopefully this will discourage anyone from posting just to improve their pagerank, and will help fight spam. Also, your email address will never be displayed to the general public, though I may use it to contact you if I feel you had a comment worthy of followup.

Read More

Posted in: Digital Gemstones, PHP, Scripts

On January 25th, 2008

On JavaScript

Going Back After Two Years

Two years ago, I would have called myself a fairly good HTML/CSS developer - nothing amazing, but I certainly had a strong grasp of how to do it, and do it right. This all stemmed from reading several books on the topic, most notably HTML & XHTML and Cascading Style Sheets. Of course, the obvious next step was to learn JavaScript, so I picked up Javascript for Web Developers", under the (foolish) impression that I could just jump right in and learn how to program. Admittedly, reading through it I comprehended enough to build my first script but it really didn't catch on until I read further books, including my favorite, PHP and MySQL Web Development. This is quickly turning into a plug for programming books, huh? Nevertheless, I was inspired to re-read the Javascript book because, as I said, I really didn't learn much, and have never really done much of anything with JavaScript.

Now, two years later, I'm going back and learning JavaScript all over again...

Read More

Posted in: Books, JavaScript, Languages, Programming

On January 1st, 2008

Stealing Cookies

No, Not Like The Cookie Monster

After reading an article about stealing cookies via using user-built webpages in subdirectories (not subdomains) of a website, I immediately thought of the personal webpages Willamette allows you to set up at willamette.edu/~username/ as a student. A website which didn't take such risks into consideration would allow any user of the system with a personal page to capture all the cookie data the real website is using, most notably PHP Sessions. Sadly Willamette uses HTTP authentication instead of cookie or Session based authentication so (at present) I can't capture anything of value. The only cookies I've so far seen willamette.edu set are cookies for Google Analytics. So at the moment Willamette seems to triumph over this particular hack, but there are countless schools out there which allow users to create their own webpage under the school's domain name with PHP, so I thought I'd let you all have a go at snagging the cookies of hapless visitors to your school's website.

Read More

Posted in: Blog, Cookies, Security, Willamette

On December 25th, 2007

Finding Code Online

Usable Code, That You Can Trust

The internet is a great repository of data, between google and wikipedia and countless other sources, if you look hard enough, you can find just about anything you can possibly imagine. But that's the problem, having to look, often very hard, and never really knowing if what you've found is really quality stuff.

Case and point, today I was looking for a data input sanitizer because I want to improve the functionality of the blog with comments and a couple of other tricks, but of course first you need to sanitize your input. I could (and at this rate probably will) write my own sanitizing script, and I'm pretty sure I could make it fairly secure, but why do all that, and run the risk of having a security hole, if you can find something that does it for you online? So I try some google searches: 'php input sanitizer', 'php form protection' 'free php form protection', etc. After a little digging I find a few promising looking sites and scripts, though not much. Even what I do find that looks promising, I have no way of knowing if it's trustworthy or not, do I?

Read More

Posted in: Scripts, Security, Usability

<<Prev - [1] [2]  [3]  [4] - Next >>