Goodies to Go (tm)
March 8, 2004-- Newsletter #275

By Vince Barnes


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Goodies to Go (tm)
March 8, 2004--Newsletter #275

This newsletter is part of the internet.com network.

Featured this week:

* Goodies Thoughts - Not The Weakest Link
* Q & A Goodies
* News Goodies
* Goodies Peer Reviews
* Feedback Goodies  
* Windows Tech Goodies  
* And Remember This...



Goodies Announcement

The new Beyond HTML Goodies book is now available!


Go beyond the basics and learn how the pros add and use dynamic HTML features and advanced JavaScript techniques. Beyond HTML Goodies demonstrates dozens of new and different features readers can add to their existing Web pages using HTML and JavaScript. The book starts with simple text and image tips, such as adding a clock to a Web page or causing text to appear when the mouse moves over an image. It gradually builds to more complex tricks, including manipulating forms or working with cookies behind the scenes. Throughout the book, readers enjoy Joe's snappy style and "to the point" discussion of each "goody" in the book.





Goodies Thoughts - Not The Weakest Link

"Halt! Who goes there; friend or foe?"
"Oh really? Then what's the passcode?"
"Right. Continue, friend!"

And so the defenses are penetrated and the property that was being guarded is all lost!

You would, perhaps, have thought that nobody would dream of using the word "passcode" as a passcode but it happens more often than you imagine. I was working on some software for a client recently, when it demanded that I provide the administrator's password. I asked the client what that would be. "Password," he responded. "Yes, the password," I said, thinking that he was asking me to verify my question. "No, no," he retorted, "the password is 'password'."

He felt that, since that network was not connected to the Internet, it didn't need to have a strong password. I explained how fortunate he must feel, never having any employee ever get upset with him, their coworkers or the company. The bulb lit up!

People have been known to buy deadbolts for their front door, but install a garage door opener without changing the code in it. Deadbolts, steel doors and monitored alarm systems don't do much if a would-be intruder can drive through your neighborhood with a generic garage door opener and see your door open, snip your phone line, throw your house circuit breaker, walk into the house and snip the battery wire in your alarm system. Exactly the same concept applies to computer systems!

Passwords are frequently the weakest link in a defensive system. Here's another story (and in this one I've changed the names of the not so innocent to protect me!) John has a website on which he tells stories about his wife Mary and their family. He maintains the site using FrontPage. A bad guy got in there and planted some code that used the site to launch a virus attack. The first victims were, of course, John, Mary, their family and their friends. "I had it password protected, and besides, it was only a family website, not Fort Knox or anything!" pleads John. Guess what his password was. Guess again! You probably got it on the second guess. It wasn't the word "password" ("how silly do you think I am?") -- it was his wife's name ("that silly, John!") And of course, being a family website, her name was all over the place.

A password should be easy to remember (it should NEVER be written) and difficult to guess. It should contain letters and numbers, and even special characters, and should not be anybody's name, any pet's name, any phone or house number or anything else that can be easily identified with you.

So how do you make it easy to remember? One technique which seems to work quite well is to come up with a sentence that's easy to remember and use the initial letters of the words, except words that sound like numbers, where you use the number. For example: "Goodies To Go is the best place to get advice for passwords" gives us "g2gitbp2ga4p". You could even include the quotes and final period. It'll take more than a couple of minutes for someone to guess that one -- they'd even have a hard time remembering it if they watched you type it in. Just don't say the sentence under your breath as you type it!

And the garage door opener of the computer world? It's the wireless network. People buy wireless networking equipment, take it home or to the office, turn it on and, by gosh, it works! Then they proudly watch as their data flows around from machine to machine, out the door, down the street, into a hacker's car and into his notebook PC! The first -- that is, the VERY FIRST -- thing to do with a wireless network is to encrypt it! Check the docs that came with the equipment - it's usually pretty easy to do. And, by the way, turn off the SSID broadcast - you don't have to make life easier for the intruder and you will know your own SSID (if you don't know what an SSID is, check your wireless network docs.)

Also, what's the Administrator password on your computer? Windows XP has an administrator account called Administrator, the password for which is set at installation time. It can be blank. If you didn't install your XP yourself (like most store bought PCs) it may still be blank. Any other password protection you may be using isn't going to help you too much if you still have an account with administrator rights and no password available for any intruder to use. Check the Control Panel / User Accounts.

Protect your passwords! Don't transmit a password unencrypted over the Internet. If you're not sure whether or not a certain use is encrypted, find out before you use it. If for some reason you have to send an unencrypted password, use a special one that you don't use for anything else -- this is not a good situation; it's like having a feeble guard at the gate.

"Halt! Who goes there; friend or foe?"
"Foe -- a fully trained and well armed Ninja."
"Right. Continue, friend!"

Thanks for Reading!

- Vince Barnes



Q & A Goodies

Questions are taken from submissions to our Community Mentors. You can ask a Mentor a question by going to http://www.htmlgoodies.com/mentors.

Q. I would like to use a flash movie in my website, but if users do not have flash plug-in installed in the browser, it should play gif animation without asking users to install plug-in. In other word flash movie should play if plug-in installed, if not then something else (alternative image).

A. Here is one way to detect the Flash plug-in according to Flaskit.com:

Q. I am attempting to create a web page and have run into a problem. I link to pages created in MS Word (using tables, not html written). The contents on these MS Word created pages are misaligned depending on the users' browser. I wish for the pages to maintain their format so that the user scrolls left/right with the scroll bar in the right frame. (Code sample provided)

A. I believe the problem you are running into is that your table(s) uses an absolute value. You should change the width to a percentage. Try using width="100%" in the table tag instead of width="480". This will allow the table to resize according to the user's screen resolution. The other problem could be the Microsoft Word code that is causing browsers to have trouble rendering the page properly. There is a lot of extra code created by Word that should be taken out.

Q. Is there a way of naming spans partly with a variable? I.e. instead of doing this:
document.all.sp1.innerHTML=('<img src=pt1.gif>');
document.all.sp2.innerHTML=('<img src=pt1.gif>');
document.all.sp3.innerHTML=('<img src=pt1.gif>');
document.all.sp4.innerHTML=('<img src=pt1.gif>');
document.all.sp5.innerHTML=('<img src=pt1.gif>');
document.all.sp6.innerHTML=('<img src=pt1.gif>');
document.all.sp7.innerHTML=('<img src=pt1.gif>');
document.all.sp8.innerHTML=('<img src=pt1.gif>');
is there any way like:
for( var n = 1; n < 9; n++)
document.all.sp + n + .innerHTML=('<img src=pt1.gif>');

A. You could try to use the eval() method like this:
eval("document.all.sp" + n + ".innerHTML=('<img src=pt1.gif>')");

Q. I want to have a small window open when someone clicks a link on my page. I don't want a full size window, just a small one. Can JavaScript do this?

A. Since you will probably have more than one link on a page you should set up a function in your head section of your document that will be used by multiple links. You can pass the html page you want to load in the window to the function when the link is clicked on. With window.open() you can set the
width, height, postion and other attributes. Here is an example:
<script language="javascript"> function OpenWin(linkid)
{ NewWin=window.open (linkid,"newwin",config="width=200,height=250,location=no,status=no,directories=
The variable "linkid" contains the page you want to load. This was passed to the function when the link was clicked on. Then in the body section of your document your link could look like this:
<A HREF="javascript:OpenWin('somepage.html')">Apples</A>
You would wrap the link around the word that you want to click on for more info. The HTML Goodies site does have a tutorial on window.open()
(see http://www.htmlgoodies.com/primers/jsp/hgjsp_11.html and http://www.htmlgoodies.com/primers/jsp/hgjsp_12.html -- Ed.)

Q. I have been working on trying to come up with a better menu for my index page. I used Sothink DHTMLMenu to generate one. I have it working, but it takes quite a while for the menu to load. What is my problem?

A. I can't see your menu, but I can make a couple guesses. You have a bunch of images that need to load to make the menu work. The browser looks for them when you do your mouseover, which means calling the server and asking for the image, and repeating the process for each image. My first guess is you could fix your problem with a preloader, so the images are already in the browser cache. Here's an example of a preloader:
// preload images
var an_image1 = new Image(151,37);
an_image1.src = "images/navigation/options_home_over.jpg";
var an_image2 = new Image(151,37);
var an_image3 = new Image(151,37);
This is a JavaScript that declares a variable as an image and specifies the size so the browser doesn't have to figure it out, and then give the variable a value consisting of a URL.
My second guess is that your images are large and taking a long time to download. Keep them small, like 3k each, or even eliminate them if you can.
Get rid of the "best viewed at" message. No visitor will change their screen setting just for your site, nor take the blame for he site not working at their screen setting. You just have to make it work at different sizes.







News Goodies

Linux Privilege Escalation Hole Detected
[March 8, 2004] The flaw carries a 'critical' rating and could be exploited to give an attacker full super-user privileges.

Click here to read the article



Microsoft Wins Patent for Scroll Mouse
[March 8, 2004] Horizontal movement is the new twist.

Click here to read the article



Sony 'WORMs' its way to Better Storage
[March 8, 2004] New tape drives are fortified with Write Once, Read Many technology to help customers cope with government record keeping regulations.

Click here to read the article


Adobe Adds New Dimension to Forms Software
[March 8, 2004] Barcodes address problems associated with manual data entry in a market where Microsoft and Macromedia also play.

Click here to read the article



Net2Phone Takes SIP of VoiceLine
[March 8, 2004] Net2Phone launches a private label VoIP service for broadband providers as it battles against its privately held rival.

Click here to read the article




Microsoft Wins One in IE Battle
[March 5, 2004] The U.S. Patent Trademark Office's preliminary ruling favors Internet Explorer in the Microsoft/Eolas infringement case.

Click here to read the article



Microsoft: Windows XP SP2 Will be Disruptive
[March 5, 2004] The software giant has created an online training course for developers to explain the implications of the security-centric OS service pack.

Click here to read the article



Anti-Offshoring Fever in Senate
[March 5, 2004] Partisan bickering delays legislation to end EU trade penalty tariffs imposed this week on U.S. goods.

Click here to read the article



IP Upstarts: Get Microsoft
[March 5, 2004] Software vendors are both the victims and victimizers when it comes to patenting technology already in widespread use around the world.

Click here to read the article



Is Leaked eMail a SCO-Microsoft Connection?
[March 5, 2004] UPDATE: Redmond was indirect backer of Linux lawsuit strategy, open source guru alleges in leaked e-mail posted on his site.

Click here to read the article






Goodies Peer Reviews


Every week a site is selected for review. Each week, reviews of the previous week's selected site are chosen for publication on the HTML Goodies website.


The current week's selected site is published in Goodies To Go and in the Peer Reviews section of the website.  Current contact email addresses for submitting your site and for submitting reviews are published in Goodies To Go.

If you would like to have your site reviewed, sign up for the Goodies To Go newsletter in the Navigation Bar on the left side of this page. 

For full details about this program, see http://www.htmlgoodies.com/peerreviews




Feedback Goodies

Did you ever wish your newsletter was an easy two way communications medium? Ploof! It now is!
If you would like to comment on the newsletter or expand/improve on something you have seen in here, you can now send your input to:


We already receive a lot of email every day. This address will help us sort out those relating specifically to this newsletter from all the rest. When you send email to this address it may wind up being included in this section of the newsletter, to be shared with your fellow readers. Please don't send your questions to this address. They should be sent to our mentors: see http://www.htmlgoodies.com/mentors/

For those who are missing Peer reviews: we are once again revising the Peer review program in the hopes of creating a workable solution. The current plan is to move the new Peer Review pages into place in the new year. All those who have been selected for reviews in the past will be featured in the new pages. The new method will make it much easier for your peers to provide feedback and much easier for us to handle the publication side of things. "Watch this space!" It's coming soon!!


Thanks again for all your feedback!



Windows Tech Goodie of the Week:


Sharing Session State between ASP and ASP.NET


One of the biggest problems people have when migrating from ASP to ASP.NET is that sharing session state between the two is not easy. This article explains the situation and examines a few different options.


*** And ***

Using PDF Technology To Secure E-mail


Encrypt e-mail using PDF security to overcome limitations in Secure Multipurpose Internet Mail Extensions (S/MIME).




And Remember This . . .

On this day in...

1985 IRS Reports Millionaire Count Doubled

The IRS issued a report that showed that the number of millionaires in the US had doubled since 1980. 407,700 Americans were now reporting earnings in seven figures or more. Economists cited the economic policies of Ronald Reagan, dubbed "Reaganomics", as the principal contributing factor to the boom. Depending on who you are, the news is not necessarily good, however. From 1977 to 1990 the wealthiest twenty percent of the population had their incomes increase by a third, with the top one percent doubling. At the same time, the bottom sixty percent saw a decrease, with the biggest decline amongst those already below the poverty line. Economists Blueston and Harrison described the increase in the disparity as a "great U-turn", calling the rift "higher today than at any point in the lifetimes of all but our most senior citizens, the veterans of the Great Depression."

Today was also the day that in: 1862 the Confederate ironclad warship "Merrimac" was launched; 1894 New York became the first of the US states to pass a dog license law; 1896 the "Volunteers of America" was formed in New York; 1908 the Collingwood Elementary School in Cleveland Ohio burned down killing two teachers and 173 children; 1913 the US Internal Revenue Service began to levy & collect income taxes; 1917 the Russian Revolution began; 1927 Pan American Airlines was incorporated; 1930 Mahatma Ghandi began civil disobedience in India; 1950 the USSR announced they had developed an atomic bomb; 1959 The Marx Brothers made their final TV appearance together; 1962 The Beatles (still with Pete Best) made their TV debut on BBC-TV; 1965 the first US combat forces (3,500 Marines) arrived in Vietnam; 1971 Radio Hanoi broadcast Jimi Hendrix' "Star Spangled Banner"; 1973 Paul & Linda McCartney were fined #100 for growing cannabis; 1976 the largest observed meteorite (1,774 Kg) fell in Jilin China; 1990 New York City's Zodiac killer shot his 1st victim, Mario Orosco;

Born today were: in 1859 author Kenneth Grahame (The Wind in the Willows); 1918 actor Alan Hale [MacKahan] Jr (Skipper Jonas Grumby-Gilligan's Island); 1921 actress Cyd Charisse [Tula Ellice Finklea]; 1940 actress Susan Clark; 1943 actress Lynn Redgrave; 1944 singer Carole Bayer Sager; 1946 musician Randy Meisner; 1958 English singer Gary Numan (Gary Webb); 1959 actor Aidan Quinn; 1963 actress/model Kathy Ireland; 1964 singer Cheryl James; 1964 musician Peter Gill; 1976 actor Freddie Prinze Jr.;

Thanks for reading Goodies to Go!


Archive Home Page.

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.
Thanks for your registration, follow us on our social networks to keep up-to-date