SANS Institute (SysAdmin, Audit, Network, Security) published a "set of network security vulnerabilities that are most commonly used by hackers to break into systems" for the first time in 2001, in collaboration with the FBI.
In this year's edition they report the top 10 vulnerablities to Windows systems and the top 10 vulnerabilities to Unix systems. Every vurnerabilitie is clearly explained and solutions are offered.
System administrators are, of course, recommended to fix these vulnerabilities.
2003-10-09
Mozilla Firebird Installer almost there
Henrik Gemal saw this checkin to Mozilla/Browser/Installer source tree in CVS. It says: "Firebird Installer Component XPI Install Scripts, default installer wizard ini files, and installer configuration script.". This installer uses the XPI Install Engine, just like the Mozilla Installer.
In the meantime, there's still an unofficial Firebird Installer available that uses NSIS.
In the meantime, there's still an unofficial Firebird Installer available that uses NSIS.
2003-10-08
PHP Hub
PHP-Hub announces the re-launch of the PHP Hub site.
PHP Hub announces: "PHP Hub - the PHP community central, has re-launched with a brand new design and many new features including tutorials and article index. Since the initial beta launch (about 4 weeks ago), the site has had hundreds of thousands of hits and it's growing by the hour."
Check it out now: http://www.phphub.com
PHP Hub announces: "PHP Hub - the PHP community central, has re-launched with a brand new design and many new features including tutorials and article index. Since the initial beta launch (about 4 weeks ago), the site has had hundreds of thousands of hits and it's growing by the hour."
Check it out now: http://www.phphub.com
Sitepoint.com about CSS Positioning
I almost missed this one, but Sitepoint.com has published an article about CSS 2 positioning: CSS Positioning Properties At-A-Glance Guide.
By Nigel Peck: "This article is aimed at experienced CSS developers who need a reference for the properties related to positioning in CSS 2. Each section of this article includes a link to the relevant section of the CSS 2 Specification."
A nice article that summerises what can be found in the W3C Cascading Style Sheets, level 2
CSS2 Specification concerning CSS Positioning.
By Nigel Peck: "This article is aimed at experienced CSS developers who need a reference for the properties related to positioning in CSS 2. Each section of this article includes a link to the relevant section of the CSS 2 Specification."
A nice article that summerises what can be found in the W3C Cascading Style Sheets, level 2
CSS2 Specification concerning CSS Positioning.
Microsoft about to change Internet Explorer
In response to the ruling in the patent case from Eolas Technologies against Microsoft Corporation, Microsoft has published information for web developers who use ActiveX controls and Java Applets in their website and developers who host the Web Browser OC or MSHTML. As I don't use Web Browser OC or MSHTML technology, I will only discuss the changes for ActiveX Objects and Java Applets here.
The ruling affects every page that uses ActiveX controls or Java Applets, unless they are dynamically created or don't reference remote data.
In that case the new or updated Internet Explorer will show a pop-up asking the user if he wants to continue loading the page. Also an extra option in the Advanced section of Internet Options will allow users to select if they want to disable these controls by default.
This leaves the web developer of affected sites with 2 options:
1. Do nothing and loose site visitors as they run away from pop-ups and unrendered content.
2. Create pages that are not affected, meaning either replacing the ActiveX objects and Java applets with alternative content, or having them meeting 1 of the 2 exceptions.
Of course, you should go for number 2:
This might be a good occasion on refreshing your site and removing all the 'fancy' and 'flashy' stuff with real content that doesn't scare the users. This might in a lot of cases be a good thing, as sites need updates from time to time and you should try to avoid animations and Flash effects if they don't add any real value to the user experience.
Now, howto?
Again, Microsoft leaves us 2 options:
1. Provide data inline.
2. Create controls in script.
The first one is, technically spoken, the safest, but could again affect the user experience. Internet Explorer determines if an object uses external data. For OBJECT tags with no PARAM this is always the case. But this means that the required object has to be available on the user's system, either provided by the operating system or installed with software. If the OBJECT tag uses PARAM, you can add an extra attribute to the OBJECT tag, NOEXTERNALDATA, and set its value to "true" resulting in the browser not loading any external data. As an alternative to this, you can provide the data inline, which is no alternative to remote loaded dynamic data. This option is only valuable in controlled user bases, like intranet environments.
The second option is the easiest one: Just place your HTML tags in document.write() JavaScript code and you're safe. This gives you the extra possibility to provide alternative content if scripting is disabled (what you should always do if you use JavaScript).
I think most developers that use affected objects in their pages will go for this solution as it's the easiest one, without major changes to their pages. Even more, it won't take long until anybody writes a script or small program that replaces the OBJECT tags inside JavaScript document.write()'s. So the transition will take just a few mouse clicks (and some testing of course).
The last solution really surprised me as in essence both are the same: OBJECT tags in HTML code or so called 'dynamic' OBJECT tags in JavaScript document.write() code, resulting in the same HTML source code.
I also think that this might convince the few users that have JavaScript disabled in their browsers to enable it and not only give them the full user experience of 'fixed' pages, but also a lot of other features that are provided by JavaScript. But that are usability issues I don't want to discuss now.
The documentation:
Information for Developers about Changes to Internet Explorer
Changes to the Default Handling of ActiveX Controls by Internet Explorer
Handling ActiveX Controls in WebOC and MSHTML Hosting Applications
Test the Pre-Release bits: IE 6 Update v.01
Other companies have also published information and guidelines on how to implement the changes:
- Apple Computer Inc for QuickTime:
Apple recommends the JavaScript solution as well, and also an improved JavaScript solution for multiple occurrences of embedded content. You can download ready made JavaScript files. They also mention that if users have JavaScript turned off, they won't see anything at all, but they add that (mainly Internet Explorer) users who have JavaScript turned off, most of the time also have ActiveX disabled. So they aren't affected by the changes at all.
Creating the Best User Experience for Active Web Content
Preparing Websites with Active Content for Upcoming Changes to Internet Explorer for Windows
Authoring Websites for Compatibility with Internet Explorer for Windows FAQ
- Macromedia for Flash:
Macromedia also recommends the easy JavaScript solution for a small amount of embedded objects. For a larger amount of embedded objects, they also provide you with a small JavaScript library that you can download. Macromedia have the same remarks of the 'JavaScript Turned Off' problem but they add their concerns for people who have disabled JavaScript, but have ActiveX enabled, who will see nothing.
And, as I suggested above, Macromedia is working on a set of tools that will do the transition for you, including command line tools, GUI tools and web server plug-ins. They are developing these tools under Open Source license, so you can change and extend them as you want.
Active Content Developer Center
Preparing Websites with Active Content for Browser Changes
Summary of Solutions to Update Websites with Active Content
Information for Hosting Providers
Active Content FAQ
- RealNetworks: RealAudio and RealVideo:
And surprise, surprise RealNetworks recommends the same solutions as Microsoft, Macromedia and Apple and also provide a small JavaScript library and example files.
RealNetworks also promises to provide additional suggestions for handling cases where JavaScript is not available.
Internet Explorer Changes
The first user/web developer comments:
Comments vary depending on the mailing list or group you're reading. But some laugh you in the face when you experience troubles using ActiveX or Java Applets. Wake up "Martin van Dijken", not only Microsoft lost the patent ruling case, but all web developers are taken the freedom to choose which technology to use in their web pages to and the freedom to choose how to interact with their users. Some people are able to develop advanced applications that only need a web browser to run in and take the user experience far beyond static web pages only text and hyperlinks.
My opinion, and some others, is that we will see a lot of 'OK' boxes pop-up in the near future and that those home-made websites with nifty-nafty effects will loose their visitors in no time, unless they fix their pages (if they can to) or throw away the effects and show us what it's all about: content.
Quote: "Microsoft expects that new computers and retail purchases of Microsoft Windows XP will have this behavior sometime early next calendar year. Microsoft also expects that new service packs of Windows XP and Internet Explorer will have this behavior starting sometime after that."
Be prepared!
[UPDATE: Wed Oct 08, 12:54:17 AM]
Peter-Paul Koch has written a test page to test the proposed solutions and the proposed update to Internet Explorer. He also added some of his own comments too.
The ruling affects every page that uses ActiveX controls or Java Applets, unless they are dynamically created or don't reference remote data.
In that case the new or updated Internet Explorer will show a pop-up asking the user if he wants to continue loading the page. Also an extra option in the Advanced section of Internet Options will allow users to select if they want to disable these controls by default.
This leaves the web developer of affected sites with 2 options:
1. Do nothing and loose site visitors as they run away from pop-ups and unrendered content.
2. Create pages that are not affected, meaning either replacing the ActiveX objects and Java applets with alternative content, or having them meeting 1 of the 2 exceptions.
Of course, you should go for number 2:
This might be a good occasion on refreshing your site and removing all the 'fancy' and 'flashy' stuff with real content that doesn't scare the users. This might in a lot of cases be a good thing, as sites need updates from time to time and you should try to avoid animations and Flash effects if they don't add any real value to the user experience.
Now, howto?
Again, Microsoft leaves us 2 options:
1. Provide data inline.
2. Create controls in script.
The first one is, technically spoken, the safest, but could again affect the user experience. Internet Explorer determines if an object uses external data. For OBJECT tags with no PARAM this is always the case. But this means that the required object has to be available on the user's system, either provided by the operating system or installed with software. If the OBJECT tag uses PARAM, you can add an extra attribute to the OBJECT tag, NOEXTERNALDATA, and set its value to "true" resulting in the browser not loading any external data. As an alternative to this, you can provide the data inline, which is no alternative to remote loaded dynamic data. This option is only valuable in controlled user bases, like intranet environments.
The second option is the easiest one: Just place your HTML tags in document.write() JavaScript code and you're safe. This gives you the extra possibility to provide alternative content if scripting is disabled (what you should always do if you use JavaScript).
I think most developers that use affected objects in their pages will go for this solution as it's the easiest one, without major changes to their pages. Even more, it won't take long until anybody writes a script or small program that replaces the OBJECT tags inside JavaScript document.write()'s. So the transition will take just a few mouse clicks (and some testing of course).
The last solution really surprised me as in essence both are the same: OBJECT tags in HTML code or so called 'dynamic' OBJECT tags in JavaScript document.write() code, resulting in the same HTML source code.
I also think that this might convince the few users that have JavaScript disabled in their browsers to enable it and not only give them the full user experience of 'fixed' pages, but also a lot of other features that are provided by JavaScript. But that are usability issues I don't want to discuss now.
The documentation:
Information for Developers about Changes to Internet Explorer
Changes to the Default Handling of ActiveX Controls by Internet Explorer
Handling ActiveX Controls in WebOC and MSHTML Hosting Applications
Test the Pre-Release bits: IE 6 Update v.01
Other companies have also published information and guidelines on how to implement the changes:
- Apple Computer Inc for QuickTime:
Apple recommends the JavaScript solution as well, and also an improved JavaScript solution for multiple occurrences of embedded content. You can download ready made JavaScript files. They also mention that if users have JavaScript turned off, they won't see anything at all, but they add that (mainly Internet Explorer) users who have JavaScript turned off, most of the time also have ActiveX disabled. So they aren't affected by the changes at all.
Creating the Best User Experience for Active Web Content
Preparing Websites with Active Content for Upcoming Changes to Internet Explorer for Windows
Authoring Websites for Compatibility with Internet Explorer for Windows FAQ
- Macromedia for Flash:
Macromedia also recommends the easy JavaScript solution for a small amount of embedded objects. For a larger amount of embedded objects, they also provide you with a small JavaScript library that you can download. Macromedia have the same remarks of the 'JavaScript Turned Off' problem but they add their concerns for people who have disabled JavaScript, but have ActiveX enabled, who will see nothing.
And, as I suggested above, Macromedia is working on a set of tools that will do the transition for you, including command line tools, GUI tools and web server plug-ins. They are developing these tools under Open Source license, so you can change and extend them as you want.
Active Content Developer Center
Preparing Websites with Active Content for Browser Changes
Summary of Solutions to Update Websites with Active Content
Information for Hosting Providers
Active Content FAQ
- RealNetworks: RealAudio and RealVideo:
And surprise, surprise RealNetworks recommends the same solutions as Microsoft, Macromedia and Apple and also provide a small JavaScript library and example files.
RealNetworks also promises to provide additional suggestions for handling cases where JavaScript is not available.
Internet Explorer Changes
The first user/web developer comments:
Comments vary depending on the mailing list or group you're reading. But some laugh you in the face when you experience troubles using ActiveX or Java Applets. Wake up "Martin van Dijken"
My opinion, and some others, is that we will see a lot of 'OK' boxes pop-up in the near future and that those home-made websites with nifty-nafty effects will loose their visitors in no time, unless they fix their pages (if they can to) or throw away the effects and show us what it's all about: content.
Quote: "Microsoft expects that new computers and retail purchases of Microsoft Windows XP will have this behavior sometime early next calendar year. Microsoft also expects that new service packs of Windows XP and Internet Explorer will have this behavior starting sometime after that."
Be prepared!
[UPDATE: Wed Oct 08, 12:54:17 AM]
Peter-Paul Koch has written a test page to test the proposed solutions and the proposed update to Internet Explorer. He also added some of his own comments too.
Neowin.net about Mozilla Plugins, AKA Mozilla Extensions
Neowin.net sums up the essential extensions, they call them plugins, to Mozilla Firebird in this article. Now that Mozilla is moving closer to the Mozilla Firebird 0.7 release, it gives a nice idea about how the lightweight browser can be extended with about as any functionlity you want. And the nice thing is: if there isn't an extension available between the tens and hundreds that have already been written, that suits your needs, you can write it yourself!
To the list that they give I would like to add my favorites:
- Tabbrowser Extensions: Adds about every functionlity you can imagin to tabs and the tabbar: auto-reload, drag-and-drop, tabgroups, reload on double-click, and many, many more... A great, no I call it an essential, extension by Shimoda Hiroshi
- Google Bar: does what http://toolbar.google.com does for IE, for Mozilla. I don't think further explanation is needed, by GoogleBar Team.
- StyleSelector: Nice extension for web developers who want to sea how their site looks with different stylesheets, or with no stylesheet at all. Multiple stylesheets are only supported by Mozilla based browsers. By Stephen Clavering.
Try them and you can't live (read: browse the web) without them.
To the list that they give I would like to add my favorites:
- Tabbrowser Extensions: Adds about every functionlity you can imagin to tabs and the tabbar: auto-reload, drag-and-drop, tabgroups, reload on double-click, and many, many more... A great, no I call it an essential, extension by Shimoda Hiroshi
- Google Bar: does what http://toolbar.google.com does for IE, for Mozilla. I don't think further explanation is needed, by GoogleBar Team.
- StyleSelector: Nice extension for web developers who want to sea how their site looks with different stylesheets, or with no stylesheet at all. Multiple stylesheets are only supported by Mozilla based browsers. By Stephen Clavering.
Try them and you can't live (read: browse the web) without them.
2003-10-06
Back In Town
After 2 weeks of (well-deserved) holiday, I'm back in business.
I've used these 2 weeks to relaod my batteries and think about some things I was doing professionally. Sounds heavy, but I had to do something since I can't just drop myself on the beach and lay there for a whole day, so...
I've studied something about the MVC Pattern and other PHP development related stuff. I got a lot of good study material from ::PHP Patterns() and php | architect.
I really needed that because I had the idea that I was loosing the control over the framework written in PHP, and that I was loosing the intentional requirements: small, fast, flexible, reusable and easy to maintain.
After some good thinking, I decided that some parts of the framework needed to be rewritten and that is what I will be doing the next couple of days, weeks, months, ...
I will also go through my mailbox and read about what happened the last 2 weeks and share the most interesting things and thoughts with you here.
Stay tuned...
I've used these 2 weeks to relaod my batteries and think about some things I was doing professionally. Sounds heavy, but I had to do something since I can't just drop myself on the beach and lay there for a whole day, so...
I've studied something about the MVC Pattern and other PHP development related stuff. I got a lot of good study material from ::PHP Patterns() and php | architect.
I really needed that because I had the idea that I was loosing the control over the framework written in PHP, and that I was loosing the intentional requirements: small, fast, flexible, reusable and easy to maintain.
After some good thinking, I decided that some parts of the framework needed to be rewritten and that is what I will be doing the next couple of days, weeks, months, ...
I will also go through my mailbox and read about what happened the last 2 weeks and share the most interesting things and thoughts with you here.
Stay tuned...
Subscribe to:
Posts (Atom)