02.20.08
Posted in Web Dev, AJAX, JavaScript at 10:51 pm by Spencer
The Prototype JavaScript framework is a fine thing, and the Prototype API Documentation online reference is obviously indispensible. The only problem is that currently the Prototype site has no site search, except for the API Search Bookmarklet which will only retrieve for specific method names (which is certainly useful but somewhat limiting, since it assumes you already know what you’re looking for and is not a free-text search).
So, after one too many searches on Google using site:www.prototypejs.org/api/, I wrote a couple search bar add-ons that simply uses the same Google trick to perform full-text searches of the API docs on the Prototype site.
There are two different versions — one for Firefox and one for IE7 (which has a slightly crippled implementation of the OpenSearch protocol…go figure).
Install the Prototype API Documentation search bar add-on here. (Sorry: Firefox and IE7 only.)
Permalink
10.07.07
Posted in Whatever, Web Dev, Me at 12:52 pm by Spencer
One of the sites I helped build has won a 2007 WebAward from the Web Marketing Association.
The site for San Francisco’s Yerba Buena Center for the Arts won an Outstanding Website award, recognizing “work above and beyond the standard of excellence.” WebAwards were also won by six other sites created by POP.
Here is the team from POP that worked on the site:
Account Director: Jennifer Showe
Designer: Brad Holst
Information Architect: Minoru Uchida
Flash Designer: Dave Curry
Flash Designer: Aaron Hedquist
Web Developer: Spencer Sundell
Software Developer: Keith Richardson
My own work included interface integration with the online ticketing application, creation of page templates (XHTML, CSS, JavaScript, images) and related documentation used by YBCA’s internal web staff for migrating their content to the new site, a fair amount of content migration of our own, and related tasks. The site also uses a little sIFR dynamic font replacement.
It’s a beautiful design and I’m pretty proud to have worked on it, though I do wish I could have optimized a few things a little further (like the olde school legacy markup on the event calendar).
Congratulations to the team at POP, and to the folks at YBCA.
The other POP sites that won 2007 WebAwards are listed below — mad props to everyone who worked on those:
Permalink
06.04.07
Posted in Whatever, Web Dev, Cinema, Music, Nifty Links, What I'm Reading, Politics, Seattle Stuff, Chicago at 11:19 pm by Spencer
What’s this fascist Dick hiding, anyway?
An above-average Sun Ra discography
The mighty Ivor Cutler on the John Peel show (thanks, Hell’s Donut House)
Weekly experimental music concerts at The Chapel in Wallingford (Seattle)
Dope-ass Vermont
Swanky “file browse” stylings (and another)
14 Rules for Fast Web Pages (excellent: summarizing Steve Souders’ presentation at Web 2.0, with links to the PowerPoint [very recommended] and all the references)
More optimization: “Performance Research, Part 4: Maximizing Parallel Downloads in the Carpool Lane” (YUIblog — related to the above)
More optimization: Optimizing Page Load Time (see bottom for additional links)
Why brain-teaser interview questions are stoopid
Bitchen 16mm scanned telecine machine (3 CCD coming soon, they say)
Official Forrest J. Ackerman site
The Online 78rpm Dicographical Project
The one and only Travis (ex-Ono)
Impressive synth sharity
And did I mention Vincent Collins?
Permalink
02.05.07
Posted in Web Dev, News of the World, What I'm Reading, Browsers, Spooks, ELINT at 9:23 pm by Spencer
Although just about a month old now, this news item just crossed the ol’ Brainpain today…
For Windows Vista Security, Microsoft Called in Pros
By Alec Klein and Ellen Nakashima
Washington Post
Tuesday, January 9, 2007
When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency.
For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration’s effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft’s new operating system — the brains of a computer — to protect it from worms, Trojan horses and other insidious computer attackers.
“Our intention is to help everyone with security,” Tony W. Sager, the NSA’s chief of vulnerability analysis and operations group, said yesterday. [cough]
The NSA’s impact may be felt widely. Windows commands more than 90 percent of the worldwide market share in desktop operating systems, and Vista, which is set to be released to consumers Jan. 30, is expected to be used by more than 600 million computer users by 2010, according to Al Gillen, an analyst at market research firm International Data.
…”I kind of call it a Good Housekeeping seal” of approval, said Michael Cherry, a former Windows program manager who now analyzes the product for Directions on Microsoft, a firm that tracks the software maker. …
Yyyyeah. Duly noted.
Read the full article at the link above. Although…I would be remiss to not quote the following as well:
…Other software makers have turned to government agencies for security advice, including Apple, which makes the Mac OS X operating system. “We work with a number of U.S. government agencies on Mac OS X security and collaborated with the NSA on the Mac OS X security configuration guide,” said Apple spokesman Anuj Nayar in an e-mail.
Novell, which sells a Linux-based operating system, also works with government agencies on software security issues, spokesman Bruce Lowry said in an e-mail, “but we’re not in a position to go into specifics of the who, what, when types of questions.” …
Permalink
12.03.06
Posted in Web Dev, Browsers at 8:24 pm by Spencer
One of the banes of web developers’ existence is when a new version of Internet Explorer gets released. That’s because you can only run version of IE on your machine at a time, yet for some months after the release date the responsible web dev is obliged (sometime contractually) to build sites that work and look right proper in both the outgoing version and the new version. And those versions never, ever, ever work the same when it comes to client-side code.
In the past, one had to rely on kindly maniacs who managed to cobble together some sort of stand-alone approximation of the outgoing version that would run on a system running the current (new) version. There’s been a couple problems with that: there’s no real guarantee the fakey standalone really worked exactly like the IE version it was approximating (which is critical when coping with, say, CSS or DOM anomalies) and, perhaps more importantly, god only knows what the thing might do to your box. And nevermind worries about virii. Heavy sigh. Where I work, we’ve been leaning toward installing a local VMWare instance of Windows running IE6 just for this purpose. Less disaster-prone, perhaps, but no less a pain (not to say that VMWare doesn’t rock — it definitely does). And then there’s the OS licensing thing. MS is a little picky about that.
Well, after seven-ish years and 2 browsers versions of that nonsense, Microsoft has seen some kinda light and made available to the dev community an actual, gen-yoo-ine, sanctioned standalone of IE6. The catch? It’s still a Virtual PC image, but hey at least it’s sanctioned, right?
Anyway, get all the details from “IE6 and IE7 Running on a Single Machine” on the official IEBlog.
(Um…but is anyone else besides me slightly unnerved by an MS widget that “time-bombs” on April Fools Day? I’m just askin’.)
Thanks to B.F. for the refer.
Permalink
11.29.06
Posted in Web Dev, Browsers at 9:06 pm by Spencer
IE7 finally has support for PNG transparency without having to use clunky, pain-in-the-butt proprietary filters. Huzzah. However, it’s not entirely smooth sailing with PNGs in that browser.
The latest SitePoint Tech Times newsletter has a worthwhile read about PNG’s native gamma correction trip and how it causes problems in IE7.
“PNG images,” SitePoint explains, “can also contain a gamma correction value, which is meant to represent the relative brightness of the display on which the image was created. In theory, the browser can use this value to display the image at the exact same brightness on another display.”
In practice, tain’t really so. The problem can come when trying to match color(s) in the PNGs to CSS colors, which of course have no gamma correction. Result: total, hopeless mismatch and a gnashing of teeth.
I first ran into this some months back with an older version of Safari. Photoshop’s “Save for Web” doesn’t give you the option of not saving gamma info, and despite spending the better part of a day at the time researching the issue I was not able to find a workaround. (Though Henri Sivonen’s “The Sad Story of PNG Gamma ‘Correction’” was most informative about the background.)
Since then, things have changed a little. Current versions of Safari, Firefox, and Opera all natively ignore any gamma data in PNGs. However, the brand-new IE7 honors the PNG spec strictly and parses the image’s gamma as instructed. Ironic, isn’t it? Also a major drag for web devs, since IE7 will be the majority browser in no time.
Thankfully, SitePoint’s newsletter refers us to a handy utility called TweakPNG that is free and open-source…though Windows-only (sorry). As SitePoint explains, “Simply drag a PNG to the program window and delete the ‘gAMA’ chunk from the list before saving the file. While you’re at it, you might as well delete the ‘tEXt’ chunk as well, to save a few extra bytes of file size by removing Adobe’s stamp on the file.”
For Mac, one has to resort to installing ImageMagick (which can sometimes be a bear to compile depending on the trip with libraries familiar to all Linux nerds) and running commands via the terminal (see the article for details).
Even with all of that you’ll be out of luck with Safari 1.x “which arbitrarily corrects PNG images even when they contain no gamma information.”
Permalink
06.01.06
Posted in Web Dev, Reference, What I'm Reading, Accessibility at 9:49 pm by Spencer
Required Reading. In another new article from A List Apart, Joe Clark writes a thorough but blistering and dismaying review of the W3C’s long-awaited new iteration of Web Content Accessibility Guidelines, aptly entitled To Hell With WCAG 2. (The article includes links to all the primary documents.)
To quote some summarizing comments (with bold emphases added):
In an effort to be all things to all web content, the fundamentals of WCAG 2 are nearly impossible for a working standards-compliant developer to understand. WCAG 2 backtracks on basics of responsible web development that are well accepted by standardistas. WCAG 2 is not enough of an improvement and was not worth the wait.
…A lot of loose ends have been tidied up, and many low-priority guidelines are now pretty solid. The problem here is that standardistas already knew what to do to cover the same territory as those low-priority guidelines. Where WCAG 2 breaks down is in the big stuff. Curiously, though, and perhaps due to meticulous editing over the years, the big stuff is well camouflaged and, to an uninformed reader, WCAG 2 seems reasonable. It isn’t, and you as a working standards-compliant developer are going to find it next to impossible to implement WCAG 2.
…WCAG 2 will be unusable by real-world developers, especially standards-compliant developers. It is too vague and counterfactual to be a reliable basis for government regulation. It leaves too many loopholes for developers on the hunt for them. WCAG 2 is a failure, and not even a noble one at that.
While reading the article, I nearly wept. Over the last few months, in part because of a client highly sensitized to accessibility issues (which is good), I have spent a great deal of effort educating myself about accessibility issues and best practices. The touchstone for suches has been WCAG 1.0 — now seven years old. This standards document serves as a mutual enforcement device: my client can use it to remind me of what I need to do, and I can use it to remind my client of what is reasonable (and possible) to expect.
And that means WCAG 2.0 will be the new touchstone. Unfortunately, it’s difficult-at-best to understand, impossible to comply with, and — incredibly — does not even include the most rudimentary demands of valid HTML and (hello!) plain language.
And that means that WCAG 2.0 will not achieve its primary function: improving web accessibility by providing clear, practical (i.e. real-world), and achievable standards for creating web sites and content.
This is a huge issue that is not merely semantic because in many countries — such as Britain and, oh, the entire European Union — a site that is not accessible faces potentially devastating lawsuits or other legal action. This is not a hypothetical — just ask Target.com, subject of a huge legal judgement on precisely this point. And, again, a key standards touchstone are the standards put forth by the W3C — an international body that defines stuff like, oh, the HTTP protocol itself.
Stay tuned, and keep aware of emerging developments. This is a very big deal.
Permalink
Posted in Web Dev, AJAX, What I'm Reading, JavaScript at 9:10 pm by Spencer
What with the Ajax invasion and all, JavaScript is once again all over the damn place. The big difference now vs. the ’90s is JavaScript is doing a lot more heavy lifting and — more importantly — interacting with both host server and browser client (i.e. user’s machine) in ways heretofore (mostly) not seen. And that means along with all the cool stuff and wond’rous toys and tools comes a whole new avenue for mayhem by lowlifes, script kiddies, and really gnarly folks like the Russian mafia.
Server-side programmers — at least the good ones — are already atuned the potentially cataclysmic horrors that can be wrought via insertion attack methods, but in javaScript circles — even the upper aeries of guru-dom — awareness of such dangers is not as pronounced. This is bad.
Fortunately, A List Apart is doing its part for responsible web development (as usual) and has posted a good 2-part primer on writing secure JS code by Niklas Bivald:
Community Creators, Secure Your Code!
Community Creators, Secure Your Code! Part II
Let’s hope this is the start of a trend of articles and discussion along these lines.
Permalink
03.29.06
Posted in Whatever, News of the World, Browsers at 8:07 pm by Spencer
In case you haven’t heard, there is a grievous “Extremely Critical” security hole that affects IE 5, IE 6, and IE 7 betas prior to Beta 2 (just released concurrently with the MIX06 conference). This one is not something to be trifled with. If you are a regular IE user you are taking your life into your own hands and should immediately switch to Firefox for the time being, or at least consider one of the stop-gaps below. If you’re curious, here’s the relevant post at the Microsoft Security Response Center Blog.
The problem is with an IE-only JScript/JavaScript thing called createTextRange. The security hole permits evil bastards and their feckless henchmen to easily install keystroke capture programs and, oh, anything they want directly to your computer. No muss, no fuss — just living hell for you.
Since the bug was revealed late last week, hundreds of (obviously) disreputable sites are reported to have modified their code to take advantage of the security hole and install Evil Shit ™ to people’s computers. Microsoft says they are actively targetting such sites with legal action and what all to get them shut down or whatever, but no matter how dilligent they’re actually able to be it’s inevitably like bailing the Titanic with a teaspoon.
There are a couple 3rd-party (non official!!) fixes floating around out there, but latest word from Microsoft is they will likely not release a bug fix until April 11 — a full two weeks away. Be advised that using 3rd-party fixes may not quite plug the hole, can cause other unforeseen problems, and/or cause tomcat urine to magically appear all over your leg. Or they may totally do the trick. For their part, Microsoft warns “Some of these [3rd-party] solutions make modifications to Windows itself to bypass the attack vector of the vulnerability.” Anyway, caveat emptor, yo.
If you insist on using IE anyway, for godz sakes at least wade through IE’s Options and disable “Active Scripting” (aka JavaScript). That’s Tools > Internet Options > Security tab > Custom Level button > and scroll down almost to the bottom under Scripting and set Active Scripting to “Disable”. While you’re there, and just below that, set Allow Paste Operations Via Script to “Prompt” (if not “Disable”). You should prolly also scroll all the way to the top again and get paranoid with those ActiveX settings. OH, and definitely disable Java in IE for now. Once you’re done, click Apply, then click OK, and click OK again when you’re back to the Security tab. Whew! Oh yeah…then cross your fingers and wait two weeks for the fix.
Um…or just use Firefox in the meantime.
Oh yeah, and there’s a couple other major security holes in IE that were recently revealed, too. One of them involves how IE interacts with Java, and another involves what are called HTAs — MS-proprietary “HTML applications” that have full privileges on the box running them.
Man, coming hot on the heels of the Vista postponement and resulting shake-up of high-mucketies, this has been a bad couple weeks for Microsoft.
Permalink
02.19.06
Posted in Web Dev, JavaScript at 3:36 pm by Spencer
This is a variation on Jeremy Keith’s script in DOM Scripting (Friends of Ed / Apress, 2005), pp. 86-88. (The same chapter is available on the official book site.)
While Keith’s original was intended as an example of other concepts and not a be-all-end-all pop-up script, it has some noteworthy limitations.
- The dimensions of the pop-up are hard-set in the JavaScript, thus making all pop-ups the same size. Also, modifying the sizing requires delving into the script’s innards.
- You cannot concatenate CSS classes — you can only style based on the one class name (”popup” in the example) or globally for all A tags, thus limiting your ability to custom style any given link. Also, attempting to add additional class(es) breaks the pop-up functionality.
- The pop-up’s window name is also hard-set in the innards of the script — all secondary pop-ups can only target the original pop-up.
My variation addresses these limitations while retaining all of the original functionality and adding only 7 new lines of code, plus 4 global variables for easily setting key default values (class name to trigger on, width, height, and window name).
I also threw in a couple lines in the generic popper-upper script itself to center new pop-ups — a personal preference that can be removed or modified as is your want. (Fwiw, the same approach I use for applying custom sizing could also be applied for custom positioning.)
Caveat: At this writing, I’ve not just yet tested this in Safari or IE7 (or IE5/Win), but it’s working well in FF and IE6.
Update: Yep, works in everything — even (gasp!) IE5/Mac. Meanwhile, watch this space for an updated and more flexible version.
For full details and sample markup, visit the examples page. (Unfortunately TinyMCE — the otherwise excellent HTML editor used in WordPress — is either too stupid or too smart for its own good to allow me to post valid HTML samples here.)
Or — download script file with inline code notes, and/or download the optimized script file (with usage notes).
Permalink
« Previous entries ·
