Meme Catcher

I just got finished writing a new version of the del.cio.us whuffie bookmarklet. It’s a bookmarklet that adds via: tags to your bookmarks for attribution purposes, so you can have a little extra meta-data about where your links are coming from.

This idea was first expressed in 2007 by Ric Hayman, who also wrote a very nice post about the original via: tag bookmarklet. And a year later, Nicola D’Agostino picked up the meme and sparked another interesting conversation about attribution meta-data in Delicious.

I hope that 2 people will also use and enjoy the new the del.cio.us whuffie bookmarklet.

Lately I have been fielding a lot of questions at work about strategies for assuring that the markup is semantic, accessible and valid. There are a lot of pieces to the puzzle, but the first line of defense is certainly my Firefox extensions.

I recently compiled a short list of Firefox extensions for the Front-End team. Everyone had always been aware of the HTML Validator Extension but hadn’t made a practice of cross-referencing those messages with an accessibility report from the Firefox Accessibility Extension. Putting those two together apparently gives developers a really granular sense of what’s going awry in the code under development. It’s a mini unit test suite right in the tool bar

I’ve also been surprised lately at how many people who use Firebug as a DOM inspector, don’t know about Firebug’s awesome JavaScript debugging capabilities. So overall, making and publishing this list was a surprisingly rewarding bit of evangelism.

Firefox Extensions for Front-End Web Developers

1. Web Developer Toolbar
2. Firebug
3. Firefox Accessibility Extension
4. HTML Validator Extension
5. Operator, for debugging Microformats
6. View Rendered Source Chart - the free version is not yet compatible with ff3 as of 8/14/08
7. Live HTTP Headers supplements the Firebug Net tab for debugging HTTP and HTTPS transactions.
8. Screengrab! is a versatile screen capture tool, essential for submitting bug reports.

Ajax vulnerabilities, originally uploaded by Noah Sussman.

This slide is from Danny Alan’s talk on XSS. I’ve read about the various JavaScript remoting attacks, but it was impressive to actually watch him paste a simple script tag into an insecure form, then later (from a remote host) play back the compromised browser’s session, including cookies, keys pressed (including passwords), all the HTML retrieved by the browser, and details about the browser’s history.

Another disturbing thought: JavaScript can talk to the Java VM via an applet. The Java VM knows the NAT address of the host machine on the internal network. If the router password and IP are known (most users leave these set to factory defaults) then JavaScript can fill out and submit any of the Web forms that control the router. So it’s theoretically possibly to compromise a router with JavaScript.

The demo of Ajax XSS attacks and exploits, had the best quote of the day, as well: "Oops! I accidentally hit the Back button and canceled my attack!"

Vats: Communicating Computational Containment, originally uploaded by Noah Sussman.

Overall the emphasis was on XSS attacks and (the problem of) JavaScript security, proposing a “safe subset” of JavaScript; supported by the “adsafe” option in JSLint. A policy of “cooperation under mutual suspicion.” Other memes included “advertising is a mashup.”

The title of this slide was Vats: Communicating Computational Containment. Crockford said that “vats” are the solution to what he calls “the turducken problem.” That is, there is no way to reliably detect the various perfectly permissible variations of JavaScript-inside-HTML-encodeded-as-a-URL.

Today I brought my Macbook to my mom’s house for the first time. Like me, she has a Linksys wireless router, but unlike me she is connected to the internet via Verizon DSL. Now, her Windows PC and laptop connect to the network through the router automatically (there’s no wi-fi password since this is northern Vermont and the next house is a mile away).

The Macbook likewise connected instantly to the wi-fi network, but couldn’t see the internet. When I’d try to ping a Web address, I just got “no route to host.” Very sad.
(more…)

Today I wanted to know how to get the functionality of the HTML validator Firefox extension. The extension has two modes: Tidy and SGML parser. Each of these modes reports differently on the HTML under test. Both reports can be useful (I’m not going to get into the differences here).

Specifically, I wanted to be able to generate either a Tidy or an SGML parser report from the command line. And I wanted to be able to run my report for any public Web page.

(more…)

Today I set up Synergy, which is quite bad-ass
I set it up for my 2 macs and PC at work.
(more…)

Here is the classic Nielsen article on headlines.

The best practice as he outlines it is to place the most specific information about the page /first/ in the title.
Consider Macys.com. The following is a (hypothetical) nice, useful section title that could potentially be used:

“Fine China - DINING - Dining & Entertaining - Macy*s”

The most specific information comes first, then the name of the subsection, the section, and finally the name of the web site.
This is exactly the opposite of the common approach to titles

(more…)

This bookmarklet no longer works. Please use the new whuffie bookmarklet instead. This version of the via: tag bookmarklet broke when Delicious launched their new UI in mid-2008. Congratulations to the Del team on the improved UI, and I hope everyone will enjoy the updated bookmarklets.

Delicious Whuffie is a bookmarklet that, when clicked, adds via:username to the tags field when saving a URL from another user.

This bookmarklet is intended to be used on the “save this” page at del.icio.us. I have also created (and prefer) a version of the bookmarklet that adds the user’s tags along with via:username; as I seem to always do that as well when tagging with via:

(more…)

Closures are a powerful feature of JavaScript. However it’s often hard to explain in a few words, just what is useful about closures. Well, here on page 131 of the Rhino book, is the recipe for a unique ID generator that doesn’t require a global counter.

One thing that I personally enjoy about the Flanagan book is that he says things like “don’t pollute the global namespace.” This technique does not pollute the global namespace.

var uid = (
function(){
var id=0;
return function(){
return id++ ;
};
}
)();
//then just say:
alert(uid());

Generate a unique ID!.