Today is a good day to code

Microsoft IE Developer Toolbar

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

Microsoft IE Developer Toolbar

Picture of Irv Owens Web DeveloperI didn't even know about this and it has been out for about a month. Microsoft has heard the cries from web developers used to using Firefox's developer toolbar extension. While it is often pretty easy to validate your pages using Firefox, see how your block level elements are behaving, and look at the DOM of your page using the Firefox extension, it has been almost impossible with the awful lack of tools for Internet Explorer. They have finally addressed this.

The new IE Developer Toolbar has almost everything that its Firefox adversary has, except for the strong javascript debugger. This is very upsetting especially considering the lame debugging that is built into IE today, but with the relative dearth of tools for internet explorer, anything is welcome.

I have found the toolbar to be extremely useful. The DOM inspector is wonderful in that it highlights the selected item if visible to indicate for which item you are viewing properties. If you have to build applications or websites using Internet Explorer at work, I hope you are designing for Firefox at home, no… I guess you always have to design for Internet Explorer, then you will love the new toolbar. I'd suggest that you download it and install it right away.

IE Developer Toolbar


Preventing Comment Spam With Spamhaus in ColdFusion and Java

Posted: December 31st, 1969 | Author: | Filed under: ColdFusion, Programming | Tags: , , , , | 3 Comments »

Preventing Comment Spam With Spamhaus in ColdFusion and Java

Recently I turned comments on again for my blog, but I started getting hammered with spam comments so I looked into trying to figure out how to stop spammers.

Most people rely on some type of image based spam prevention. This is probably performance wise the best solution, the problem is when people with poor eyesight come in, or actual people come to spam your site. This solution doesn’t prevent that scenario.

A client of mine got me to look into SPF for protecting everyone else from someone masquerading as us. That somehow led me to spamhaus again. I had always thought of using them for spam filtering, but what I didn’t know is that you can use them for web submission protection. On the site, I learned that implementing their blacklist filtering is really easy to implement. Basically the way they work is that you supply part of your visitor, whether they are sending an email on port 25 or whether they are visiting on port 80, since Spamhaus includes their web site on their black list, if someone is sending spam mail, they will return for an http request.

Basically you have to send a request over to Spamhaus’ zen DNS server. If it returns a value, then they are a spammer, or at least they are listed at Spamhaus as a spammer. The method you use is you reverse the bytes of the IP address, for example if the IP address is 2.3.4.5 then you would send a DNS request over to Spamhaus like 5.4.3.2.zen.spamhaus.org. For Java and ColdFusion, I use InetAddress, but there are methods in every language to perform these tasks.

To do this in ColdFusion you could use code that looks like this:


<cfset address = CGI.REMOTE_ADDR />

<cfset addressArr = listToArray(address,".") />

<cfset newArray = ArrayNew(1) />

<cfset newArray[1] = addressArr[4] />

<cfset newArray[2] = addressArr[3] />

<cfset newArray[3] = addressArr[2] />

<cfset newArray[4] = addressArr[1] />

<cftry>

<cfset inet = CreateObject("java", "java.net.InetAddress") />

<cfset inet = inet.getByName(arrayToList(newArray,".") & ".zen.spamhaus.org") />

<cset hostName = inet.getHostName() />

<cfif hostName NEQ "">

<cfreturn />

</cfif>

<cfcatch type="any">

<!-- do nothing -->

</cfcatch>

</cftry>

To explain, in the first line you are starting a cftry / cfcatch block. The reason for this is if the visitor’s server is clean, it will throw an error because it won’t be able to get a response. However, if it doesn’t throw an error, it will be able to complete.

So the way this code works is that it takes the visitor’s IP address, splits it into an array, copies it into a new array, and then reconstitutes it into the IP address string but backwards.

It then creates an instance of InetAddress and calls the getByName method passing in the created address and waits for a response. If it doesn’t get one, it does nothing. If it does get one, and the result is something that isn’t an empty string, such as 127.0.0.2, it will return and not allow whatever it is protecting to be executed.

If you are using Java the code could look like this:

try{

InetAddress inet = new InetAddress();

inet = inet.getByName(backwardsip.zen.spamhaus.org);

// this should return an IP, but it really doesn’t matter what it

// returns

String hostName = inet.getHostName();

// this is just to catch a possible error

if(hostName.length() > 0){

System.out.println(‘Visitor is dirty’);

return;

}

}catch(Exception e){

System.out.println(‘Visitor is clean’);

}

So far this is proving to be a good way to check for bad commentors. The problem is that if you are a high-traffic site, Spamhaus will want to charge you for the use of their static list. If you are a high-traffic site, you would want it anyway for performance reasons. I think the cost may be worth it though in hassle.


Adobe ColdFusion MX?

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

Adobe ColdFusion MX?

Picture of Irv Owens Web DeveloperNow, I am almost never one to stand in the way of business progress, however this doesn't seem to be a good day for application developers. There are those who believe that with more capital, everything gets better, but this developer is not one of those people. Does Adobe have better marketing than Macromedia? Arguably, no they don't. Has Macromedia done a great job of marketing ColdFusion? No, they haven't. Will a combined Macromedia and Adobe do a better job than an unacquired Macromedia? Probably not. I don't think that Adobe will put the resources that are needed behind future ColdFusion development. It is just too far away from their core business competency. So just where will ColdFusion go?

It makes sense for Adobe to sell off ColdFusion and Flex, kill Freehand, GoLive, and ImageReady, and roll Dreamweaver and Fireworks into their Creative Suite in their place. It also makes sense for them to continue Breeze development as that is well within their abilities. Flash will probably thrive under the combined company as should RoboHelp, etc…

I think that if Microsoft is paying attention, and I believe they are, it makes sense for them to acquire ColdFusion from Adobe and combine it, Flex, and XAML into one ubiquitous language. It wouldn't be too hard to map ColdFusion to XAML and vice-versa. The benefit to Microsoft is that they could phase out ASP altogether and embrace the tag-based ColdFusion as their web development language of choice. After all it is in line with their corporate vision which is apparently to let web developers make desktop applications as easily as they currently build web applications.

While I don't particularly relish the idea of Microsoft owning my current development lanugage of choice, they do know a thing or two about marketing code, and it wouldn't be difficult to have it run on top of the .net framework and Java so that it could be portable. It would of course be a little faster on the .net framework. Besides, Microsoft ColdFusion just sounds better than Adobe ColdFusion. Having used the VisualStudio beta for C#. I really like it. I could get used to this being my development environment for ColdFusion. It would also be nice for Microsoft to release a VisualWebStudio for Mac and PC centering around ColdFusion. While we are speculating, it would also be nice to have a .net framework for Mac and Linux, but this could take a while.

So, lets assume that Adobe has a clue of what they have in ColdFusion. They could begin to use it to develop their own desktop application language around Flex and the standalone Flash player. This is why Redmond's ears will be perked up today, and for the next couple of years. Adobe has interest in delivering 3D over the web, and Flash makes a good vehicle for this. It would be possible to either expand the Flash player into a Flash runtime and use ColdFusion as the language to create all sorts of juicy applications that spanned the web and the desktop. They would then be in a position to deliver a rapid development environment for desktop applications and would compete squarely with Java and Microsoft in this space, albeit with a much better interface aestetic.

I hope the latter is what will happen. I belive that competition in all aspects of technology are good for consumers and the overall business. Still, either way ColdFusion has either a very bright future, or a very convoluted future. I find it interesting that none of the analysts looking at this acquisition are looking at ColdFusion. I guess that is because it isn't the primary business driver for Macromedia, and Adobe is all about graphics, which is my primary concern.

There is a third option, and one which looks really good to me. It is possible that Adobe will simply allow ColdFusion to languish and eventually the product in that form will atrophy and die. This would be bad, but there is an open source movement for an OSS version of ColdFusion. It would be sweet to see this because it would become more robust, more object oriented, and a lot faster. It would also be more secure because of all the eyes on the code. ColdFusion could become an underground hit, much the way that PHP has been getting a lot of attention recently.

Enter Apple. Has anyone been paying attention to the Apple Widgets in the new Tiger? Does anyone get how important this is? Web developers can create really sexy looking desktop applications as widgets using JavaScript and CSS. This has massive implications as there is already a significant installed base of JavaScript developers, and many of them happen to be pretty good at CSS. JavaScript has been seeing a revival of late and I expect that it will continue. Soon delivering cool applications over the web to Mac users will be easier than it is to learn C# and do it for Microsoft users. Enterprises will feel good about building enterprise applications that use these widgets to communicate with Java applications on the back end. Many people are switching to the Macintosh because they feel more secure running Linux than they do Windows, and this is another reason for businesses to embrace the Mac, although many of them don't realize it yet.

All of this will marginalize the need for PC users to upgrade to Longhorn. Microsoft already is going to have a tough sell to businesses based on the stagnation of hardware sales and the poor business case for upgrading. Most large organizations are still running Windows 2000, and they are going to tell them that they have to upgrade every system company wide in order to run this? If they can get away with it, I'd expect most organizations to upgrade to Macintoshes because of their lighter IT demands and more granular controls over user access.

Microsoft has to get XAML right, and it makes sense for them to buy their only real competition which is ColdFusion, especially now that it is owned by an ally who is almost incapable of understanding it, or its fanatical developer base (of which I am proud to be a part). They would probably let Microsoft have it for a song, and ultimately ColdFusion would be a more robust language with wider appeal. This would be a good thing. But Microsoft really needs to get their act together today if they hope to sell even one copy of Longhorn Server. If CF were bundled in the IIS package with this, I would most certainly upgrade to it. I think that most developers who don't have an irrational hatred of Microsoft would too, if it were a serious effort to make both CF and IIS better. My major gripe with Microsoft is that they make consistently boneheaded business decisions, missing the boat entirely in some places, and jumping out with an idea that is ten years ahead of its time in others. I don't hate them for obscure philosophical reasons, in fact I don't hate them at all, I just think they aren't getting the best out of their products or their developer community, and aren't offering their customers what they want.


Dirty Tricks in Web Advertising

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

Dirty Tricks in Web Advertising

Picture of Irv Owens Web DeveloperContrary to what most people believe, web advertising is in its infancy. Many companies are still trying to figure out what works, and what doesn't. Their experiments are understandable, they are trying to figure out an audience that spans all known geographic, ethnic, social, economic, racial, religious, ideological, and moral boundaries, phew! That was a mouthful. There are still even newer marketing demographics and sub-demographics being created while they are trying to figure out how to target the old ones. How on Earth is a marketing / web development studio supposed to get a grip on all of it. The answer is elusive, but first I will say what won't get the job done, then we'll explore some ways to get it done.

The way advertisers won't get a grip on web niches is by utilizing dirty tricks in advertising. This includes, but is not limited to, pop-ups, pop-unders, javascript pop-ups, unwanted javascript redirections, flash pop-ups, spam email, and tacky, poorly designed banner ads. Let's look at these one at a time. There has never been a time in the history of the internet where unsolicited pop-up advertisements have been a good thing. As indicated above, this was forgivable because the internet was new, and this was a new way to reach people. Once, however, people began to hate this method of advertising, and demonstrate it by installing software to prevent pop-ups it should have stopped, right. Wrong, instead web marketers began to circuimvent users' defences and use pop-under ads, or advertisements that would come up and hide behind your top browser window, waiting until you closed your browser. Great idea right?!!? Wrong, that is like letting that one advertising exec with the awful ideas in the office get a shot at a limted run of ads. For example, he comes up with A new cola bottle with an overweight child pouring a bag of sugar with the cola label into his mouth, with a moniker reading cola making a big America even bigger. This runs in limited fashion despite the passionate pleas of every focus group it is exposed to. Cola sees a radical drop in its sales numbers, but instead promotes this guy to creative director, thereby putting the ads on billboard all over the country. Eventually Cola goes out of business, a smouldering ruin of its former greatness.

That should never happen in real life. That is the absurdity of trying to irritate users into adopting your product, it just doesn't make sense, and will end up making a company bankrupt. But it didn't stop there, the anti-pop up software got smarter, and was better able to block pop-under, and javascript pop-up windows. Now, there are always going to be an element of shadyness associated with some companies. That is as true in reality as it is on the web, hence unwanted redirections. But there were and are legitimate companies that have used, and are still using these tactics. Surely by now these companies have gotten the message that users don't want a bunch of pop-ups littering their desktops; and they have. The problem now is that in an effort to be less invasive, they have adopted CSS and Flash pop-ups. Talk about dense! People don't want to wait to get to their content. These are barriers, just like splash pages. People will click away.

Spam email is probably the most reviled thing the internet has ever produced, however companies continue to do it, and they put their (click here to remove yourelf from our list) in like 6pt. font at the bottom of their email surrounded by disclaimer information. Most users at this point aren't even looking at the garbage that comes across in their email. They either delete it immediately, or they look at the ad, remember the vendor so that they can never ever buy anything from them again.

Tacky banner ads are the least of the evils described in this article, but they can be just as distracting as pop-ups. Flashing, excessively moving or audible banner ads are no-nos. If you want people to be able to view your website at work without their bosses going nuts, you should make it look professional so that it blends in with the rest of their applications. Not draw attention to it so that they get a repromand for spending too much time on the net.

So, now that we have explored how not to advertise on the net, let's see how to advertise. When I go to Froogle


Safari and Standards Complicance

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

Safari and Standards Compliance

Picture of Irv Owens Web DeveloperApple with Safari 2.0 has taken a major step toward standards compliance and largely are taking a leadership role in this area with its outstanding support for the Java runtime. I have heard some griping about Apple using KHTML, the default rendering technology behind the Konqueror browser for KDE, for a base, then running away with the open source once they have figured it out and not giving it back to the OSS community.

While I am extremely happy that Apple has made their browser Acid2 compliant, and they may have one of the fastest CSS rendering engines around built into the AppleWebCore. It is pretty upsetting that they would not share these advances with the developers working on KHTML so that it could also pass the Acid2 test. I can understand that some things you want to keep close to your vest for security reasons, but I can hardly believe that changes you have made to the way pages render in a browser could compromise your system integrity. This appears to be a situation in which Apple wants to be the most standards compliant platform on the market. This would be fantastic from a business standpoint since many in the scientific and mathematics communities would probably prefer to use technology that adhered to standards so as to better communicate information between offices, regions, and countries. I can understand that Apple wants to distinguish its platform from others, and I love the fact they are using standards compliance to do this, however I feel that it is to break the spirit of open source / corporate collaboration not to give something back to the KHTML community.

Speaking of Safari, I noticed a bug recently while writing some javascript for it. I have a javascript that sets the tabindex for a number of input fields, and it works properly, however in Safari it persists in scrolling the real browser scrollbar instead of the div, overflow:auto, element's scrollbar. I had noticed this way back in Safari 1.2 where if you put a flash item within a scrollable div, it would take the flash element and while scrolling lay it on top of all your other content, even if it was above or below the div. All other browsers, even IE 6, handle this properly, scrolling the div with the tabbing. This is a pretty big bug if they want to promote standards compliant web development and accessability. I'd like to see this fixed in Mac OS X 10.4.1, but after browsing the message boards elsewhere, I'd say they already have their hands full, so I am not supremely hopeful.

Microsoft is promising that its IE7 browser will be standards compliant, but just how standards compliant is really the question. I think that Microsoft has learned the error of its proprietary ways. Sure it will continue to bundle its software with everything anyone buys from them, but I don't think they will continue to cripple other products to make theirs look better. They seem to have given up on their own version of DHTML and are happy with XHTML. I noticed that their primary page even validates now. I think that it makes sense for Microsoft to go the standards route also, and with no shortage of developer feedback, they have almost no excuse not to.


Internet Explorer 7 Won’t Make the Grade on Acid

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

Internet Explorer 7 Won't Make the Grade on Acid

Picture of Irv Owens Web DeveloperAs the market leader and pace-setter as far as which technologies make the cut for the web Microsoft has a responsiblity to create the most standards compliant browser possible, even at the risk of breaking legacy sites built specifically for IE. Microsoft has always wanted developers to use it's unusual flavor of IE. Whether it is by building extra padding into block level elements regardless of how the css padding attribute is used, or allowing oddities like allowing the use of the color attribute on TR table elements, developers have always had to consider the quirks of IE when building anything for deployment over the web.

I'm sure that IE 7 will be much improved over IE 6 as far as standards compliance is concerned, and some of those oddities I truly enjoy, like being able to give a TR an ID attribute and specifying a header style for my tables in a stylesheet, but at the same time, if we don't have web standards we'll devolve into fragmented development languages like it was 1995 all over again. IE 6 actually had excellent standards compliance when it came out, but times have changed and there are some advanced features like page-break-after that I'd love to use more widely. Part of the reason I love to build intranet applications for Mac only shops is that I know they will be using Safari 2.0 which is an excellent browser based on the open source Konqueror browser bundled with many Linux distros. It supports most if not all CSS 2 tags, and should pass the Acid2 test with ease. Also, by developing to XHTML 1.0 Strict I know that my site will degrade gracefully on everything from mobile devices to old 3.0 browsers. Using ECMAScript also keeps most backward compatability and allows developers to create reliable JavaScripts that will work across all compliant browsers in the same fashion.

I agree with Hakon Lie that Microsoft should really take more time and make sure they nail this one, not just for right now, but for the future since we all know they won't release another web browser perhaps forever since they are convinced that Avalon will change the face of web applications and render the web browser superfluous. We've heard that one before, remember Active X? I hope that everyone calls on Microsoft to work to get IE 7 to pass the Acid2 test, not just so that it will support some bizarre standard that is going to make all our lives harder, but so that developers can be sure that applications they develop today will still look and work the same five years from now. C'mon Microsoft please?

Next Explorer to fail Acid Test – CNET


Configuring ColdFusion MX 7 and Apache

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

Configuring ColdFusion MX 7 and Apache

Picture of Irv Owens Web DeveloperAnother issue I kept coming across during my configuration of the XServe G5's Apache and JRun4 was that the virtual hosts didn't seem to be resolving. The same site appeared to collect all the hits. After several hours last night troubleshooting, I finally found the culprit.

When the JRun / Apache bridge is configured, a small module is built and plugged into Apache that allows it to process ColdFusion templates from within its default web root. This functionality is great, it allows a user to serve up .jsp, .php, and .cfm files from the same folder. A single modification is needed to JRun to allow web users to get to your files without having to add /cfusion to the end of their URL request. In JRun there is a setting under the “Application Server” > “Summary,” you will see a section titled Web Applications. Under this header there will be two apps if you have JRun and ColdFusion set up correctly. They will read “CFMX RDS Application” which we are not going to do anything to, and “Macromedia Coldfusion MX,” which we are going to change. If you click on the name of the application “Macromedia Coldfusion MX,” you will see a simple screen that will show you the current context path for the application, which should be “/cfusion” or something similar. If you change it to “/” then your templates will run from the root domain.

With this process, however there are a couple of caveats. You may have to copy all of the coldfusion JavaScript files to a cfusion subdirectory in your applications folder, if you are using ColdFusion forms validation. Also, the images for the administrator will nont appear when you work with the administrator. Accessing the administrator is not quite as straightforward as you might expect, also. A minor change is needed, it obviously no longer needs the “/cfusion/CFIDE/Administrator/index.cfm,” instead it now will use “/cfide/Administrator/index.cfm.” Make sure to make the “cfide” lowercase or it will not work.

Once you have this working, if you already have applications loaded into the “JRun4/servers/cfusion” directory, and they happen to have the same folder name as the ones in your Apache web root folder, then when you call your templates, the server will not know which ones to pick which will have the effect of causing long nights of hair pulling to figure out why your file changes have no effect on the operation of the server. The resolution is simple, do not use the servers directory of JRun to execute your web applications, instead use the Apache web root. You will have to delete any common files between the appliation in your folder within the JRun servers folder, and the Apache web root. Basically just delete your web application from the JRun application folder, and have it only located in Apache's web root, if you haven't already gotten that.

My issue was that both files had the same index.cfm file, and what was happening was that the virtual root was resolving properly, but a cflocation tag that I had in the index.cfm contained within my JRun servers directory was being chosen over the same file in my Apache web root. Once I deleted the version of the application in the JRun folder, the issue disappeared, the server was behaving correctly.

The moral of the story, don't leave superfluous files around your server, they will always come back to haunt you in the end.


What is this Y!Q stuff?

Posted: December 31st, 1969 | Author: | Filed under: JavaScript, Programming, Uncategorized | Tags: , , | No Comments »

What is this Y!Q stuff?

Picture of Irv Owens Web DeveloperYou may have noticed all of the Y!Q links everywhere on my site. It is a new beta product from Yahoo! that allows people to perform web searches constrained by selected content from the page they are searching from. The content that goes to Yahoo! is selected by the publisher and targeted to return even more relevant results than would be possible going directly to the search engine.

When a user visits a search engine, the system has no background about the person to constrain their results so it makes it difficult to perform a search, for example if I knew someone were from Washington State, and they typed in the word apple, then I could assume they might be looking for apple wholesalers, or apple growers, or apple trees. If someone from California searched for the word apple, I might return the company. This is possible if you know something about the person who is searching, which is why personalized search has been receiving more focus of late.

I prefer the context based approach, because then I don't have to provide any personal information for the search engine to give me what I want. It would know just by the content of the web page that I am searching from.

I'll be honing the coldfusion parsing scripts to give the best possible content to Yahoo! I'll be removing words that are less than four characters in length from the article, to get rid of parts of words and words that carry little meaning like 'the.' I hope to have the best, most relevant results, because Yahoo! is offering $5,000 in their contest. Of course there had to be some motive for me to use this beta program!

I suppose that in its final iteration, Yahoo! will create some type of advertising revenue sharing model similar to Google's adwords. They seem to be hoping that it will generate more clicks because of its usefulness to the user. It is still kind of buggy, for example in all browsers other than Safari 2.0 a semi-transparent overlay pops up when the Y!Q link is pressed, on Safari, it takes you to Yahoo's relevant results page. Hopefully they will fix this soon, I'm pretty sure it has something to do with the changes Apple made to Safari's javascript processing engine. Also, since I am trying to automate this, sometimes a character gets into the string, and causes the Y!Q to return something not valid. I hope this will help with your searching.


JoostBook – Joost to Facebook Interface Widget

Posted: December 31st, 1969 | Author: | Filed under: java, JavaScript, Programming, Uncategorized | Tags: , , , | No Comments »

JoostBook – Joost to Facebook Interface Widget

Picture of IrvinSince I'm in love with Joost, I have been thinking about good applications that I could write for the platform. Before I get into talking about the widget / plugin, let me just say that the experience I have had with communicating with the Joost engineers, through their joost-dev google group, as well as them allowing early access to their SDK, has been outstanding. I have rarely come across a more open and generous group. Typically, the SDK guardians are very selfish about discussing future features, and are usually quite arrogant about the possibility of a developer finding an undiscovered bug. None of this has been the case with the Joost SDK staff.

If you don't want to read the details about how I built it, and you just want to use it, you can get it here: JoostBook: Joost / Facebook Interface. You will need Joost, and a facebook account to get started.

Now, about the widget. Firstly, the installation is a little wierd because of the level of control facebook insists on. In order to use the SDK, you have to authenticate, if an unauthenticated request is made, the response is with the facebook login page. This makes for some unique error catching conditions.

Secondly, we web developers often take for granted that the DOM will have a listener attached to it, and will automatically refresh if anything in the DOM changes. Well, I know that the Joost engineers are working on it, but it doesn't refresh, and therefore, while you can create new XHTML elements, as well as modify the ones that are there with JavaScript. You are best off currently just hardcoding all of your objects up-front, and changing their contents. Also, injecting XHTML using innerHTML doesn't really work so well currently either. I'd suspect that much of this is because there is a bridge between the 2D world of XULRunner / Mozilla, and the 3D world of the Joost interface. I'm sure there is a lot of complexity between the two.

So basically, once you have downloaded Joost, and installed the plugin, the first thing I had to do was check for if you are logged in, if you aren't logged in, it has to show you the facebook login page in an iframe so that the XULRunner browser can be cookied. After that, the widget should work like one would expect. You may have to log in alot, and if you aren't logged in, obviously the application can't update the JoostBook facebook application.

Writing the Joost plugin was the easy part, getting the facebook stuff to work was the hard part. Most of it was because the error handling is terrible. Since facebook doesn't allow you to see the 500 errors that your server is throwing, and it doesn't log it, you have to find other ways to check to see if your server is behaving properly. I spent a lot of time in my logs checking for errors.

The install process is a little wierd too, for example, in Firefox 2.0.0.8 on Windows XP, when I clicked on the Joda file linked in the page, it tried to open it as if it were some kind of markup file, obviously the joda looked like garbage, I had to right click and save. Perhaps if I had used a joost:// link it would have worked OK, but I think more research is in order. I didn't really try it in IE because most of the readers of this blog use Firefox, but it should work the same way.

Then having to install the application in facebook can be a little difficult as well. Well, the installation isn't difficult, its the concept that you have to install two applications that work together that is hard. At least there is no particular order in which you need to install them, worst case whenever you run the JoostBook plugin in Joost, it'll show you the facebook login page all the time.

At any rate, it was a fun experience, and I still think the guys at Joost are on to something. I'm slightly less psyched about the facebook platform, but I'm still excited about it.


New Internet Explorer 7 to Allow More Customization

Posted: December 31st, 1969 | Author: | Filed under: Google, JavaScript, Microsoft, Programming, Uncategorized | Tags: , , , , | No Comments »

New Internet Explorer 7 to Allow More Customization

Picture of Irv Owens Web DeveloperI love the ability I have to add more functionality to Firefox. Right now I have the web developer tools so that I can check out a page's stylesheets, javascript, block level elements, etc… I have the IP tool installed so that I can see the IP address of the site that I am currently visiting. I have the Gmail notifier and the PageRank tool all incorporated in my browser, most of which modifies the status bar at the bottom of the browser and is completely innocuous. Internet Explorer has always supported plug-ins, but they were limited in their ability to change the user's browsing experience, relegating them to toolbars and the like. That is about to change.

Similar to the new Google dashboard Internet Explorer will allow small web applications to be installed in the browser, it will allow a user to modify the webpages they are viewing, create a new download manager using the .net languages, really the implications seem to be pretty huge. There is just one problem. Security.

One of my biggest fears with a heavily extensible Internet Explorer is that people will be able to use it to compromise the security of the operating system. We have heard time and time again that in Longhorn, ahem, Vista, users will be able to run Internet Explorer 7 in a sandbox of sorts, or a least privileged user account, preventing would be hackers from compromising the system. That is great for Vista, but what about on Windows XP Service Pack 2? Don't get me wrong, I think Microsoft has done as much as can be expected of anyone when patching a completely insecure OS, and they did it in record time too. Still, there have been plenty of bulletins regarding more compromises and exploits in Windows XP SP2, some regarding Internet Explorer. If you give individuals the ability to distribute code that a user can install, it is possible, by definition to compromise that user's system. I'm sure that Microsoft would be quick to point out that then it isn't their fault that someone installed software that allowed hackers to have their way with all their files, but at the same time it is very easy to misrepresent a piece of software to a computer novice who is using Windows. Just look at how far Gator / Claria has gotten sneaking software onto systems. I think that while having the ability to customize one's web browser is cool, Microsoft should consider passing on this potential nightmare. It is sort of reminiscent of Microsoft's touting of Active X and how it was going to obliterate the line between desktop software and internet applications and change the way we all use our computers. Well, it changed the way we all use our computers, we all need anti-virus / spyware / malware filters that sniff out those Active X controls and disable them. Most of us, those in the know, if we have to use windows, turn the Active X controls off altogether.

I think that Microsoft should really not include this feature, and I mean even for toolbars unless they are reviewed by Microsoft and signed by Microsoft. That is the only way to be sure users aren't getting malware. If the plug-in isn't signed by Microsoft then the OS should refuse to install it. It should be that simple. Of course it makes developing for IE that much more difficult, but Microsoft could release a developer's version of IE that was open source so that the plug-in verification could be disabled to allow all plug-ins to be installed. Everyone in the software business knows that features move boxes, but Microsoft should keep their eyes on the prize of security. They really need to get their reputation back, and integrating more sketchy features in not the best way to do this.

IE Extensibility – From the IE blog