And they cost money too.
The day before April Fool's Day seems a good time to mention this, and Scott Granneman of Security Focus has written an informative (and entertaining for some of us) explanation of exactly why these statements are true.
March 2003 Archives
I don't get it, but I probably will some day. The other morning my in box had news from RedHat, seems if I join their RedHat Network I can get the software one week earlier than if I don't. Anyway they claim on Monday they'll release the newest version, "9" code named Shrike one week before its public debut on April 7.
It is not lost on me that this week of intermediary status contains the 1st of April, Arpil Fools Day. I'm at a loss, because as I install on of the first 7.3 boxes for deployment in the coming months, I notice that the traditional ".0" is missing from the name, as was the traditional versions .1, and .2 and not so traditional .3 for the whole 8 thing.
And they never used to announce releases in advance, what's going on over there?
http://www.research.ibm.com/journal/sj/414/forum.pdf describes Scott Fahlman's vision to limit unwanted email and phone calls. It's an interesting system that deserves consideration. I find it a compelling suggestion because at the same time that it protects me from really junky spam, it protects the rights of a business to attempt to solicit me.
They just have to be willing to pay me enough.
Let me know what you think.
The other day my better half asked how I remember all the passwords I do, when she was prompted to change her network password. (Yup, even on the home network, I do as I say. ... Mostly anyway.) I was surprised I never told her this method:
Choose a line from a song or poem you like, or a make up a motivational phrase, and use the first letters of each word for characters in your password. It should be at least six to eight unique characters. Remember to include some capitol letters, numbers, and if you possibly can a "special" character.
For instance, "A vision of our tearless times discloses artificial men sniffing plastic roses." (Peter Meinke) becomes:
Avo02td@mspr or even just Avo02td@
"I will continue to keep my gardens without weeds."
becomes:
Iwc2kmg!w
(It helps to know that the exclamation point can also mean "not" in a number of computer languages.) Duplicate use of characters such as the "w" above should be avoided also, although in this case there are eight other unique characters its OK.
And so, because my LAN is connected to the Internet, (albeit behind a firewall) I change all my network passwords every 45 days. I'm not hakcer-proof, nothing is, but I'm determined to make it difficult.
And it's not that hard to do if you use this little trick.
(Note on 7/26/03: Below you will find a bad reference to Apendix A of the HTML 4.0 specification. This is incorrect. The reference is actually in Appendix A of the CSS 2.0 specification.)
A lot of artists fear a blank canvas. It's a almost sterotype that writers get blocked when faced with a blank page. I'm a little this way about style sheets. I use pretty plain HTML typically without class or id attributes if possible. How many different classes of h1 can we reasonably expect users to be able to apply?
I remembered that when I was learnings CSS I had found "the default" style sheet. At the end of the HTML4.0 specification, there is a typical style sheet, based on "extensive research into current UA practice." Which means that all the default CSS selectors are specified here in such a way that if we don't override the values with our own style declarations, this is what is rendered. (Sort of.)
See the sample and a more complete explanation of the file in Appendix A.
I was checking out the Hiveware site today, and they have an interesting solution to the problem of putting email links on web pages. In the early days of the web, this was one of the first ways in which we used to explain the inherent difference of the medium to prospective clients: It allowed for simple and direct feedback from user (potential clients from anywhere in the world) 24 hours a day, 365 days a year. GREAT!
Then someone wrote program to parse the email address out of any web pages, and set that spider loose on the net harvesting unsuspecting addresses off of the new entruprentuers' sites. SPAM is a real problem, but that feedback mechanism is critical to providing an additional channel for customer service.
Hiveware uses JavaScript in their free product "Enkoder" to scramble email adresses in order to confuse the address harvesters. It makes addresses hard for a script to harvest.
We came accross this while we were reading an article about how to use Apache's mod_rewrite to block access to the web servers. As Mark Pilgrim says on his site:
You will never stop all abusive behavior from all automated robots and rude programs, but you can minimize their effects and reduce the abuse to acceptable levels.
If you get over to his site, be sure to see "100" a work in progress consitsting of photopraphs and creative writing. I guess eventually there will be 100 items here?
I really hope to get some more articles about web development posted soon, but so much time is spent keeping up to date on systems and servers sometimes the articles get put on the back burner. Anyway, all systems administrators should be aware by now that as of yestrday morning their Sendmail based mail servers were vulnerable. This is a pretty serious exploit which would give total control over the server to the attacker. Sendmail is software that is bundled with almost all Unix and Linux operating systems. Some estimates place Sendmail on 72% of all Internet mail servers.
Internet Security Systems Inc. is the company who discovered the vunerability and has helped coordinating the response.
This information was released yesterday:
http://www.sans.org/webcasts/030303.php (A free archive of the webcast is available, sign up is required. It's pretty cool if you want to hear a the guys who discovered and developed fixes for these security issues. Bonus information about hardening your mail server is included.)
http://www.nipc.gov specifically http://www.nipc.gov/warnings/advisories/2003.htmSendmail has both an Open Source, free product and a commercial product.
What's up with that?
Interestingly enough, as of this posting the Department of Homeland Security has not recognized this as a threat. This is presumably more about getting the information posted than an actual shortcoming in thier threat assesment process. We searched the site for 'sendmail' and 'Sendmail'. All the Operating Systems vendor's we checked had updates or patches available on their web sites.
CSS2 is the current standard for allowing authors to specify style information in web documents. CSS Contains information about the size, placement, color and other visual aspects of HTML entities. The current CSS specifcation is CSS2 which is a superset of CSS1 and allows designers to specify style for various media, such as print.
One of the first things you will find about CSS styles is that they can be defined in a number of places. By specifing styles via an external file designers can use one or several sheets across a whole site. Minor sitewide design changes are then greatly simplified by making the changes in a single file, or stylesheet. The following are the two methods of "attaching" a stylesheet file named mystyle.css
or
I provide some more examples of multpile style sheets being imported, but before you flip over to that, I should give you the official links to HTML, XHTML and CSS because those are the standards I write about and (try to) design to. The official standards body for these languages is The W3 Consortium - w3c.org.
In either case, a link or import via style element, the attribute type specifies the language of the style sheet. It is always "text/css" although it could be some other language in the future without breaking the modular nature of web documents. (Of course CSS works for pure XML too, so its unlikely to be unseated.)
When using the "rel" attribuite in a link tag, and author can also specify an alternative style sheet by setting the value of that attribute to "alternate" should force a choice on users. I tested this for the article you're reading and IE6.0 does not seem to support this part of the standard. So, for cross browser compatibility we usually use the @import method to specify more than one style sheet. (I always wondered why we did it that way. )
The idea of defining styles in an external sheet could be further modularized by grouping certain kinds of styles, such as table formating, into individual files. Using the import method, this is accomplished as follows:
Whether you choose to write your pages utilizing multiple sheets or only a single style sheet, sites that are written to standards will survive the test of time bettter than those that are written to the "anything that looks right is OK" standard. Those sites seem to break almost every time the powers that be release a new browser. With the exception noted above, it's my recent experience that the browsers become more and more standards compliant with every successive release.