Messing with DNS
I’m working on getting rid of my old hosting stuff, so I’ve been monkeying with my DNS settings. If stuff stops working, that’s why, and I’ll most likely fix it relatively soon. Hopefully everything goes smoothly though…
Archive for June 2004
IE warning bar added
Another site update. I swiped some code from Ben Goodger an added a warning banner at the top for people using IE. It doesn’t interfere with the site’s operation, but it will show up.
Why? Because I’m sick of IE. It’s a simple fact that many of the cool features of CSS are going unused simply because IE has very limited and buggy support for even CSS1. Check out css/edge. His menu popups are pure HTML and CSS. Most of it is CSS1, with just a bit of CSS2 for the hover stuff (which IE does support). That menu CSS could probably replace half of the Java/Javscript/Flash on the internet. Less code with better fallback. In some cases CSS even looks better. Unfortunately, much of these features go unused right now, simply because IE doesn’t support them or handles them incorrectly.
If you continue to support a browser with a horrible security record, poor support for open standards, and poor implementation of many of the standards it does follow, that’s your choice. However, the fact that many users choose to use this poor browser means that websites I visit are developed using the “lowest common denominator”. I get to view pathetic websites because the authors need to support this product that so many people use. It does affect me. Therefore, you have to put up with this from me if you choose to use IE.
Site updates
Ok, I did some updating today. I was looking at my template, and noticed that it used tables for layout. Tables are designed for holding tabular data, not for layout. So I changed it to CSS. The only real difference is that the gray sidebar doesn’t extend all the way down to the bottom now, only enough to contain all the links in that box. After that, the main content area spreads wider, so it’ll make my page a little shorter (height-wise), and there will be less wasted space if you’re reading stuff toward the bottom of the page. I changed all my links that open in new windows too. I’ve decided that if people want to stay at my site, they will. External links are now using rel=”external”, the XHTML standard. I don’t know of any browsers that currently support this, but the more pages that use it, the faster browsers will have to add support for it. So if you want to open something in a new window, you’ll have to do so manually for now.
I also added a Firefox logo to the corner. By no means am I saying that you have to use Firefox to view my stuff. However, IE has utterly awful support of large chunks of even CSS1, despite claiming to fully support it. And that’s not even getting into IE’s security issues. Opera seems to be halfway between IE and Mozilla. It chooses IE’s non-standard route sometimes, in order to go with usability. It’s nice now, but it’s still providing a means for people not to use the standards, which are designed around usability. It’s also closed-source adware. If you have two programs that do the same thing, but one is free and one isn’t, which one would you pick? I just can’t justify spending $40 when there is equivalent (or better, depending on your preferences) software available for free.
I chose the Take back the web logo for a reason. I use Firefox and encourage standards-compliance because it leads to a nice uniform experience. Authors don’t have to code for 10 different browsers. It shows up properly everywhere, whether the user is on a PC or Mac or phone or PDA or some sort of handicapped-access device. A standards-compliant browser runs into some issues when proprietary (usually Win/IE-specific code) is encountered. Many people see it as a problem with Firefox when a site doesn’t work, since it does work in IE. However, if you looked at it with more than just two browsers, you’d most likely see that it works in IE, but nothing else. Often not even Mac/IE, just Win/IE. People say that Firefox should accomodate IE code to gain a userbase. However, supporting IE’s code gives MS (the sole ruler over their MSHTML “standard”) more power, and less incentive for authors to use standard code. Because of Microsoft’s standard methods, it is simply impossible for any outside party to mimic IE’s behavior exactly. No matter how much time was spent trying to copy IE, it would never work exactly the same. Also note that Microsoft is a contributing member of the W3C. They help create these rules that they (and many webmasters) ignore. If IE doesn’t support standard code, it’s due to bad programming by MS. That fact inspires even more confidence in using Microsoft’s “standard” for HTML, right? Depending on what your website does and where you’re located, using IE-only code may even be in violation of accessibility laws, if you need some good monetary incentive to update things.
If you’re interested in making your site standards-compliant, check out W3C’s Validator. It will look at your pages and tell you what’s wrong. The errors aren’t always the easiest to decipher, but it will tell you if it’s correct or not. MozillaZine’s Web Development / Evangelism Forum can also provide help on figuring out errors, or converting code. Note that these are just supporters of Mozilla’s goals who want to see a standardized web, so they may not have every answer or be able to help you instantly. But the collective knowledge there is pretty impressive.
And another IE security bug…
http://secunia.com/advisories/11830/
Similar to older bugs, this one involves a URL that begins with a trusted site name, then some funny characters, then the real site name. The real site is then handled under the trusted site’s permissions. It does require the real site’s DNS to accept wildcards and invalid “Host:” header values.
Solution:
Set the security level for all zones to “High” in Internet Explorer. This will impair functionality on many web sites.Don’t follow links from untrusted sources, but input URLs manually in the address bar.
Use another browser.
Don’t think I could say it much better myself. Either disable all the fancy stuff that people use IE for (leaving you with a browser that supports even fewer features than IE-alternatives), or switch to a different browser.
CSS + PHP Progress Bar
Ok, did it again. =) http://pctech.invisibill.net/testbar.php uses PHP server side includes to pull the percentage from a text file on the server. As you can see, http://pctech.invisibill.net/barprogress.txt simply contains “80″. The <? include(”barprogress.txt”) ?> tells PHP to open up the text file and insert its contents there. Instead of hard-coding the percentage in the progress bar code, I’m telling it to insert whatever number is in the text file.
This means that you can edit or upload a new barprogress.txt file to change the progress bar. You don’t even have to get into the code. It could be handled similarly to uploading a new image representing the current progress, or you could edit the text file on the server if you needed to. Even if you uploaded a new copy of the file for every change, the upload would still be smaller than sending a whole image every time.
CSS Progress Bar
A user on a board I frequent wanted to make a progress bar on their website. You know, to show how pregnant you are, or how close to the total donations are, stuff like that. My first thought was to use CSS boxes to make a box of fixed width box containing two other boxes. The first box would have a width of whatever percentage you have completed. The second box would expand to fit the rest of the space. Others suggested just making an image for each percentage that needed to be shown, and just copying each one to currentprogress.gif or something.
Mine was a decent idea, but I wasn’t really familiar with CSS enough to just spit out the code for it. Someone else used the same basic idea and did it with tables. The row had a background color of red, with a green first column and a blank second column. I’m all for standards and getting people away from using tables for layout stuff, so I looked up some CSS stuff and figured it out.
<div style="width:400px;"> <div style="text-align:center; float:left; width:90%; color:white; background:green;">90%</div> <div style="text-align:center; background:red;"> </div> </div>
Here’s what that looks like:
90%
It’s just a small bit of code, and you simply change the first “90%” to change the width of the “completed” bar, and the second “90%” to change the caption. If you don’t want a caption, just replace it with a non-breaking space like the second box has (the box needs to contain something, or it won’t be displayed). If you want, you can change the text alignment to right and the caption will show next to the green/red intersection. Here’s a page showing that. Also, I believe it should show up as just “90%” on browsers that don’t support CSS. It’s not automatic as if it were linked to a database, and it may or may not be more work than simply uploading a new copy of an image. Depending on your host, you may be able to edit the page from a shell and not have to bother with uploading anything. It may or may not be easier for you, but this is just one more thing to show off the abilites of CSS.
New IE security holes
http://www.computerworld.com.au/index.php?id=117316298&eid=-255
Two new vulnerabilities have been discovered in Internet Explorer which allow a complete bypass of security and provide system access to a computer, including the installation of files on someone’s hard disk without their knowledge, through a single click.
Worse, the holes have been discovered from analysis of an existing link on the Internet and a fully functional demonstration of the exploit have been produced and been shown to affect even fully patched versions of Explorer.
It has been rated “extremely critical” by security company Secunia, and the only advice is to disable Active Scripting support for all but trusted websites.
As I’ve been saying for a long time, IE simply has too many security issues to be trusted as an internet browser. Most of the issues are due to the Windows integration features. If you disable all that stuff, a lot of the fancy IE-only code on websites won’t work anyway. To make IE safe, you basically end up removing most of the proprietary stuff that other browsers like Mozilla and Opera don’t have. Might as well get a browser that has other features going for it, rather than a few tricks that have to be disabled for security issues.
I’ve heard that Opera 7.5 is pretty good, but it’s closed source adware. I personally prefer Mozilla’s open source approach, which brought about Firefox. FYI, Firefox used to be Firebird, which used to be Phoenix. Phoenix was started by someone else who took the source code to the Mozilla suite and shaved it down to just the browser stuff. It seemed to be such a good idea that the Mozilla team accepted it, and plans to move the Mozilla suite to a package of separate programs instead of one huge executable.
http://www.theregister.co.uk/2004/06/10/ms_inpatched_ie_flaw/ has more info on the vulnerability too. VirusScan did catch it as VBS/Psyme when I downloaded a copy of the exploit to examine. However, the harmless demo didn’t trigger any alerts, so I’m guessing that this specific exploit just happens to use an old payload - updating that script or using a different one would probably let it slip past virus scanners.
eBay rant
This rant isn’t about eBay itself, this rant is about people ranting about eBay. I’ve heard some other people complaining about eBay lately, and their issues with it really boil down to them not doing it right.
A big issue is the person getting sniped. At the last second, someone outbid them by $1. They would have paid another dollar to get the item, but they weren’t sitting at the PC or they couldn’t bid again in time before the auction ended. The core of the problem is that the person placed a lower bid than what they were really willing to pay. If you’re willing to pay $100, you’re probably willing to pay $102 to outbid the guy that said $101. But if he’s willing to pay $101, he’s probably willing to pay $103 to outbid you again. And it just keeps going back and forth, raising the price. If you’re willing to go up to $110 this way, then just put $110 in as your bid to begin with. If you put in an honest max bid, then there are only two possible outcomes - you either win the item for that price or lower, or you lose because someone else was willing to spend more than you.
I’m not sure why people put lower bids. I guess they’re just entering the amount they want to spend, rather than the highest they’re willing to spend. If you want to spend $80, but you’re willing to go up to $100 in a little bidwar, then just enter $100. You really have to be willing to spend $100 to get the item. As long as you really aren’t willing to spend more than that, there’s no stress involved. You either get the item or it’s too expensive. With a real auction, you have to raise your paddle every ten seconds to outbid the other guy. eBay’s proxy bidding system will automatically raise your paddle to beat the other guy (up to your max bid) who just outbid you. Nobody can see your max bid, so don’t worry about the other guy just bidding $1 more than that. He has no way to see what your max bid is, just like you have no idea how high he’s willing to go.
Somebody else posted a good suggestion for eBay bidding. If you’re really interested in an item, place a low bid early on. This is basically just for tracking, though you may end up getting it for next to nothing. During the auction, think about how much you’re really willing to spend to get the item. Don’t forget to include shipping costs. Nothing like winning something $10 cheaper than at the store, then noticing that shipping is $20. Toward the end of the auction (with 24 hours left or so), enter your max bid, even if you’re still the highest bidder. Sit back and see how it unfolds. Just as I stated above, the only two possible outcomes are that the price will jump up over the maximum you were willing to spend, or you’ll get the item at or below your max bid.
See? Nothing to it…