Goodies to Go ™
December 2, 2002–Newsletter #209
This newsletter is part of the internet.com network.
http://www.internet.com
Featured
this week:
* Goodies Thoughts
– Tighten Up and Fill Those Holes
* Q & A Goodies
* News Goodies
* Feedback Goodies
* And Remember This…
Goodies Announcement
Just in case you missed
it before, the new Beyond HTML Goodies book is now available!
Go beyond the basics
and learn how the pros add and use dynamic HTML features and advanced
JavaScript techniques. Beyond HTML Goodies demonstrates dozens of new and
different features readers can add to their existing Web pages using HTML and
JavaScript. The book starts with simple text and image tips, such as adding a
clock to a Web page or causing text to appear when the mouse moves over an
image. It gradually builds to more complex tricks, including manipulating forms
or working with cookies behind the scenes. Throughout the book, readers enjoy
Joe’s snappy style and “to the point” discussion of each “goody” in the book.
http://books.internet.com/books/0789727803
| Goodies Thoughts – |
Tighten Up and Fill Those Holes |
I talked a little bit last week
about an annoyance from which most of have suffered
at one time or another. This week I’ll be discussing
another plague. This plague, represented by two
variants, originates with miscreants who have
nothing (or not enough) constructive to do with
their lives. I am of course, talking about hacker
attacks and viruses.
When we think about hackers these days, we are
usually thinking of the folk who try to break into a
computer system. That’s not what the word
traditionally meant. I dug out my 1979 Webster’s
Dictionary to see what it had to say about hacking.
The book predates the common use of the Internet and
although it gives no less than thirty-six different
meaning for "hack", organized into nine categories,
not one of them mentions a computer or anything
related to it. How quickly things change! One
meaning struck me in particular: "to chop or cut in
a clumsy or unskillful way."
In the world of computers, hacking used to refer to
the manner in which programmers would sit for hours
on end at a console on a big old mainframe computer
and work and work, foregoing sleep and food (but
never foregoing coffee!) until a problem that had
reared its ugly head was solved and the machine was
humming along nicely once again. I was once just
such a programmer and I know from experience that if
anybody asked me how it was going, or what I was
doing to solve the problem, I would invariably
answer with something like "I don’t know. Now leave
me alone!" It wasn’t that I actually didn’t know, or
that I was being anti-social; it was simply that I
couldn’t afford to have my concentration broken.
Nevertheless, it created the impression of
"unskillful chopping" at the problem, groping for a
solution. If they eventually came to the conclusion
that I was a hero for averting the crisis, I
wouldn’t know — I was home sleeping!
These days, the impressions are just the opposite.
Hackers are seen as using skill, but to ruin
systems, not to solve problems. To my way of
thinking, skill is something used in a creative
process. When the objective is destruction, not
creation, there can be no "skill" involved. What
knowledge there may be involved in the task, loses
all value because of its objective, and consequently
loses its right to be called skill. I don’t consider
a burglar to be a "skilled home protection
engineer".
I apply the same thinking to the so-called skills of
the programmer who writes viruses (viri – !!) We
have used the medical or biological analogy because
of the manner in which the code can replicate
itself, but I take it further. A disease is a
disease. The programmer who writes a virus has
diseased "skills". The only thing to be done is to
correct the situation — remove or disable the
disease.
Corporations around the world spend huge amounts of
money to protect themselves from the plague of these
two diseases. When you connect to the Internet, you
also need protection. Do not fall into the trap of
thinking that since you turn off the computer most
of the time, never bring in diskettes or CDs that
were recorded on someone else’s computer and are
careful not to open email attachments, that you are
immune. It only takes a moment for something to find
its way through an open hole. You have got to close
them up. A hole, by the way, in this context is any
mechanism by which a feature of the software
(including the operating system) in a computer
system can be exploited for other than its
originally intended use.
Make no mistake — there is no complete block; no
sure fire protection. With the number of people
having destructive intent working on finding holes
and communicating with each other over the net,
there will be new holes discovered every hour of
every day. What you can do, is to harden your system
as much as possible; make it as difficult as
possible to exploit and provide the most up-to-date
virus protection you reasonably can.
Windows XP offers a much higher degree of protection
than earlier versions, incorporating file security
options and a built-in firewall. If you’re using XP,
check out "firewall" in help and make sure it’s
active in your system. For other systems I suggest
you get a commercial firewall program such as
Symantec’s Norton Internet Security/Norton Personal
Firewall (Windows/Mac) or McAfee’s Personal Firewall
Plus (Windows). There are also some pretty good
products from smaller vendors such as BlackIce
Defender (Windows). Symantec and McAfee are also
vendors of the most popular antivirus products.
Another is Panda Software. For both firewall
products and anti-virus products I think there is
value in using products from large vendors. They
have sophisticated, automated update mechanisms and
a lot of people involved in keeping the updates
up-to-date. Also, the larger the user base, the
quicker any problem in the product itself will be
discovered (and hopefully, fixed!) All of the above
mentioned vendors fit this category. Pay the
(relatively small and definitely worth it) license
fee and use the automatic update features to keep
your products in fighting fit form. I do not
recommend using any shareware products for security.
(!!)
Once you rid yourself of disease, all that is left
is ease!
Thanks for Reading!
– Vince Barnes
Q
& A Goodies
Questions are taken
from submissions to our Community Mentors. You can ask a Mentor a question by
going to https://www.htmlgoodies.com/mentors/.
Q. I have a page with thumbnails which
are linked to the full size images. I want the
full size images to open in a in-line frame on a
seperate html page. How do I get it to load a
new page and then have the image load in the
in-line frame of this new page?
A. The new page that loads needs to itself
be a frameset page. With an inline frame, that
means building a unique page for each image.
However, you can use server side includes for
code you reuse. This tutorial will explain that:
https://www.htmlgoodies.com/beyond/ssi.html
Q. I’m trying to format a page with tabs
or something similar and I can’t find anything
that works just right. I’ve tried using
JavaScript, <XML> tag, and the <PRE> tag. None
of these gave me just what I want. Any ideas????
A. There are a few ways to do that. One
way is the <blockquote> tag, which adds an
indent each time but indents both left and
right. The <ul> and <ol> tags indent to make a
list, but you can use them just to indent and
not get bullets or numbers unless you add <li>
tags. You can also use a stylesheet to specify
the amount of indentation: https://www.htmlgoodies.com/design/css-html-text-color/
Q. I need to learn how to pass a
variable(s) from web page to web page. Do I use
a cookie? Do I use a file and perl? Can it be
simply done with the hidden fields in a form?
A. There’s a tutorial on just that
subject: https://www.htmlgoodies.com/beyond/jspass.html
Q. I have a question regarding the "on
click" command, which I’ve used successfully in
the past with form buttons, but how can I use
the same command to work with a image in place
of the form button?
A. To use it with an image you would use
the onClick like this: <A HREF="#" onClick="some_function()"><img
src="mypic.gif"></A>
If you want to use an image to submit a form
then you can just specify the
type as image like this:
<INPUT TYPE="image" SRC="subpic.gif">
Also with the first example you can simulate the
onClick this way:
<A HREF="javascript:some_function()"><img src="mypic.gif"></A>
The above is preferable because of a bug in
IE5.0 version browsers with the
void "#" character in the HREF causing an error.
Q. I would really like to make a password
code that remembers once someone has logged on
and does not ask them for their password again,
via cookies. I attempted to construct one from
the Javascript tutorial on cookies, but as yet,
I am unable to. Ideally, it would reset the
cookie once the user returns to index, so that
after that, the user would again have to enter
the password for the specific section.
A. To keep your pages secure you should
use a Server Side script written in Perl, PHP or
some other Server Side language. With JavaScript
all they would have to do is look at the source
to get the password. There are no foolproof
password scripts written in JavaScript.
News Goodies
Get Ready, Get Set, Shop!
[December 2, 2002] Black Friday was a nice boost for
online sales as lots of consumers avoided mall
madness and simply shopped the Web; one estimate
shows a 61 percent spike in online sales.
Click
here to read the article
Adobe Jumps Gun on Microsoft’s Xdocs
[December 2, 2002] Adobe rolls out two server-side
products in a bid to get a headstart on Microsoft in
the market for XML-based network publishing.
Click
here to read the article
Jury Selection Begins in ElcomSoft Case
[December 2, 2002] U.S. prosecutors bring first
criminal case in four-year history of DMCA (Digital
Millenium Copyright Act) against Russian-based
software developer.
Click
here to read the article
Nokia Phones Cover Cingular’s GSM Strategy
[November 27, 2002] Hoping to advance its strategy
to support GSM/GPRS networks in the United States,
Nokia Tuesday took the wraps off of three new
handsets, two of which target business users.
Click
here to read the article
Spammed For The Holidays
[November 27, 2002] It’s the holidays, which
means no rest for weary retailers — or for
consumers deluged by spam. In fact, the holidays
could actually prompt an increase in unwanted
commercial e-mail, according to several anti-spam
operations.
Click
here to read the article
Did you ever wish your newsletter was an easy two way communications medium?
Ploof! It now is!
If you would like to comment on the newsletter or expand/improve on something
you have seen in here, you can now send your input to:
mailto:nlfeedback@htmlgoodies.com
We already receive a lot of email every day. This address will help us sort out
those relating specifically to this newsletter from all the rest. When you send
email to this address it may wind up being included in this section of the
newsletter, to be shared with your fellow readers.
Thanks for all the feedback about pop-ups. Clearly
this was a problem that many of you dislike. There
were a few suggestions for additional Pop-up ad
preventer software products, including notes that
some Norton and McAfee products offer protection of
this sort. I had mentioned that Panicware (
http://www.panicware.com ) was the only
company specializing is this kind of software that I
had found. Specializing is a key word here! Even if
you have NIS or McAfee, you might want to check out
Panicware anyway, because their products have some
very interesting additional features that I’m sure
you’ll see the value of when you look at them!!
You’ll see what I mean! Thanks also to Mayra Labrie
for pointing out
http://www.thiefware.com which is a site
dedicated to educating folk about "unethical"
software or "scumware".
Philippe Lhoste, a programmer in France, pointed out
that the Q&A example for linking to a specific
scripture within a web page was missing a closing
</A> tag. Absolutely correct, Phillipe. Merci! The
code should have read:
<A name="1st_th517"></A> is placed around the word.
Robert Mortimer also made an interesting point.
There was a Q&A question about concealing passwords
being typed on a web page. Robert points out that
"unless the user establishes a https connection the
password will go in clear text across the internet."
This is certainly something to bear in mind. The
solution provided protects against an "over the
shoulder" snoop, Robert’s suggestion provides
protection from an "on the wire" snoop.
Top
And
Remember This . . .
On this day in…
1954: Senate Condemns McCarthy
By a vote of 65 to 22 the US Senate condemned
Senator Joseph R. McCarthy (R. Wisconsin) for
conduct "unbecoming a Senator" and "contrary to
senatorial traditions" in his investigations of
"communists" in the USA. What started as a publicity
stunt in Wheeling, West Virginia, and grew to become
known as "McCarthyism", was at first a claim by
McCarthy that he had a list of 205 communists who
had "infiltrated the US State Department." A series
of allegations over the next three years fired up
the public until in 1953, when the Republican Party
gained control of Congress, McCarthy was appointed
chairman of the Committee on Government Operations
and its Subcommittee on Investigations. Hundreds of
officials, members of the public, famous
personalities had their careers and reputations
destroyed by the heavy handed and illegal badgering
of McCarthy’s committee. People being investigated
found no relief until they named friends and
acquaintances who were "members of the communist
party". President Eisenhower pushed for televised
hearings which led to the public realization that
McCarthy was reckless and tyrannical, and that he
never produced substantiation for his claims.
McCarthy attacked a member of the law firm which
also included Joseph Welch, the special attorney for
the army. On June 9th Welch faced McCarthy saying
"Until this moment, senator, I think I never really
gauged your cruelty or your recklessness. Let us not
assassinate this lad further, senator. You have done
enough. Have you no sense of decency, sir? At long
last, have you no sense of decency?" The crowd
applauded and Congress debated, often heatedly,
until the December 2nd condemnation.
Thanks for reading
Goodies to Go!
