Meme Catcher

I just got finished writing a new version of the del.cio.us whuffie bookmarklet. It’s a bookmarklet that adds via: tags to your bookmarks for attribution purposes, so you can have a little extra meta-data about where your links are coming from.

This idea was first expressed in 2007 by Ric Hayman, who also wrote a very nice post about the original via: tag bookmarklet. And a year later, Nicola D’Agostino picked up the meme and sparked another interesting conversation about attribution meta-data in Delicious.

I hope that 2 people will also use and enjoy the new the del.cio.us whuffie bookmarklet.

Lately I have been fielding a lot of questions at work about strategies for assuring that the markup is semantic, accessible and valid. There are a lot of pieces to the puzzle, but the first line of defense is certainly my Firefox extensions.

I recently compiled a short list of Firefox extensions for the Front-End team. Everyone had always been aware of the HTML Validator Extension but hadn’t made a practice of cross-referencing those messages with an accessibility report from the Firefox Accessibility Extension. Putting those two together apparently gives developers a really granular sense of what’s going awry in the code under development. It’s a mini unit test suite right in the tool bar

I’ve also been surprised lately at how many people who use Firebug as a DOM inspector, don’t know about Firebug’s awesome JavaScript debugging capabilities. So overall, making and publishing this list was a surprisingly rewarding bit of evangelism.

Firefox Extensions for Front-End Web Developers

1. Web Developer Toolbar
2. Firebug
3. Firefox Accessibility Extension
4. HTML Validator Extension
5. Operator, for debugging Microformats
6. View Rendered Source Chart - the free version is not yet compatible with ff3 as of 8/14/08
7. Live HTTP Headers supplements the Firebug Net tab for debugging HTTP and HTTPS transactions.
8. Screengrab! is a versatile screen capture tool, essential for submitting bug reports.

You are what you wear
And you wear the scars.
There are no mirrors
In your house of cards.
Your world is decaying
But you don’t understand…
—The Dark

The critical point to remember about Software Systems as Big Balls
of Mud, is that it is not an anti-pattern. The statement that applying top-down practices to software results in a Big Ball of Mud is an affirmation that

1. We always have a working system
2. We are mostly able to satisfy most requirements
3. We are almost always able to satisfy critical requirements

In addition, the points stated above are our benchmark for adopting any new process and its inherent risks. We can (and will)
ask in all seriousness, is this solution more robust than a big ball of mud? Successful advocacy always seems to require
answering this question.

Slides

Here is a presentation of some of the ideas in BBM. It is basically a bunch of quotations from the papers mentioned here and a few others. I had intended to write a paper around the ideas presented here, but later realized running Selenium regressions required me to write down the same ideas, albeit in a more pragmatic language

See also

The Selfish Class, also by Foot & Yoder

Ajax vulnerabilities, originally uploaded by Noah Sussman.

This slide is from Danny Alan’s talk on XSS. I’ve read about the various JavaScript remoting attacks, but it was impressive to actually watch him paste a simple script tag into an insecure form, then later (from a remote host) play back the compromised browser’s session, including cookies, keys pressed (including passwords), all the HTML retrieved by the browser, and details about the browser’s history.

Another disturbing thought: JavaScript can talk to the Java VM via an applet. The Java VM knows the NAT address of the host machine on the internal network. If the router password and IP are known (most users leave these set to factory defaults) then JavaScript can fill out and submit any of the Web forms that control the router. So it’s theoretically possibly to compromise a router with JavaScript.

The demo of Ajax XSS attacks and exploits, had the best quote of the day, as well: "Oops! I accidentally hit the Back button and canceled my attack!"

Vats: Communicating Computational Containment, originally uploaded by Noah Sussman.

Overall the emphasis was on XSS attacks and (the problem of) JavaScript security, proposing a “safe subset” of JavaScript; supported by the “adsafe” option in JSLint. A policy of “cooperation under mutual suspicion.” Other memes included “advertising is a mashup.”

The title of this slide was Vats: Communicating Computational Containment. Crockford said that “vats” are the solution to what he calls “the turducken problem.” That is, there is no way to reliably detect the various perfectly permissible variations of JavaScript-inside-HTML-encodeded-as-a-URL.

Hybrid cab, originally uploaded by Noah Sussman.

This is the first hybrid cab I have seen in the city. I think it was a Nissan but I’m bad with make-and-models.

Today I brought my Macbook to my mom’s house for the first time. Like me, she has a Linksys wireless router, but unlike me she is connected to the internet via Verizon DSL. Now, her Windows PC and laptop connect to the network through the router automatically (there’s no wi-fi password since this is northern Vermont and the next house is a mile away).

The Macbook likewise connected instantly to the wi-fi network, but couldn’t see the internet. When I’d try to ping a Web address, I just got “no route to host.” Very sad.
Read the rest of this entry »

The problem I have with defining “front end development” is that there is no such thing.

Historically there was software called a “home page” or “web site” that was composed entirely of static HTML pages and binary files, connected by hyperlinks. It was then possible to draw a distinction between “real” programmers, who wrote in application languages like C++ and Java, and “web designers” who only wrote HTML.

This distinction was nice, because application languages are compiled, where as HTML is interpreted by the browser. So it was likewise possible to say that “real” programmers wrote in compiled languages, while “web designers” wrote only code that was meant to be interpreted by a browser.

However, since at least 2000, most pages on the Web have been generated in whole or in part by application software. Entire languages have been developed just to generate Web UI. These include Ruby, PHP and many dialects of Java (also called Java frameworks). So it is now perfectly possible to use one of those languages to generate all of the HTML for a Web application, without actually writing any HTML.
Read the rest of this entry »

Today I wanted to know how to get the functionality of the HTML validator Firefox extension. The extension has two modes: Tidy and SGML parser. Each of these modes reports differently on the HTML under test. Both reports can be useful (I’m not going to get into the differences here).

Specifically, I wanted to be able to generate either a Tidy or an SGML parser report from the command line. And I wanted to be able to run my report for any public Web page.

Read the rest of this entry »

Today I set up Synergy, which is quite bad-ass
I set it up for my 2 macs and PC at work.
Read the rest of this entry »