Goodies to Go ™
March 8, 2004–Newsletter #275
This newsletter is part of the internet.com network.
http://www.internet.com
Featured this week:
* Goodies Thoughts – Not The Weakest
Link
* Q & A Goodies
* News Goodies
* Goodies Peer Reviews
* Feedback Goodies
* Windows Tech Goodies
* And Remember This…
Goodies Announcement
The new Beyond HTML Goodies book
is now available!
Go beyond the basics
and learn how the pros add and use dynamic HTML features and advanced
JavaScript techniques. Beyond HTML Goodies demonstrates dozens of new and
different features readers can add to their existing Web pages using HTML and
JavaScript. The book starts with simple text and image tips, such as adding a
clock to a Web page or causing text to appear when the mouse moves over an
image. It gradually builds to more complex tricks, including manipulating forms
or working with cookies behind the scenes. Throughout the book, readers enjoy
Joe’s snappy style and “to the point” discussion of each “goody” in the book.
http://books.internet.com/books/0789727803
Goodies Thoughts – Not The Weakest Link
"Halt! Who goes there; friend or foe?"
"Friend!"
"Oh really? Then what’s the passcode?"
"Passcode?"
"Right. Continue, friend!"
And so the defenses are penetrated and the property that was being guarded is
all lost!
You would, perhaps, have thought that nobody would dream of using the word "passcode"
as a passcode but it happens more often than you imagine. I was working on some
software for a client recently, when it demanded that I provide the
administrator’s password. I asked the client what that would be. "Password," he
responded. "Yes, the password," I said, thinking that he was asking me to verify
my question. "No, no," he retorted, "the password is ‘password’."
He felt that, since that network was not connected to the Internet, it didn’t
need to have a strong password. I explained how fortunate he must feel, never
having any employee ever get upset with him, their coworkers or the company. The
bulb lit up!
People have been known to buy deadbolts for their front door, but install a
garage door opener without changing the code in it. Deadbolts, steel doors and
monitored alarm systems don’t do much if a would-be intruder can drive through
your neighborhood with a generic garage door opener and see your door open, snip
your phone line, throw your house circuit breaker, walk into the house and snip
the battery wire in your alarm system. Exactly the same concept applies to
computer systems!
Passwords are frequently the weakest link in a defensive system. Here’s another
story (and in this one I’ve changed the names of the not so innocent to protect
me!) John has a website on which he tells stories about his wife Mary and their
family. He maintains the site using FrontPage. A bad guy got in there and
planted some code that used the site to launch a virus attack. The first victims
were, of course, John, Mary, their family and their friends. "I had it password
protected, and besides, it was only a family website, not Fort Knox or
anything!" pleads John. Guess what his password was. Guess again! You probably
got it on the second guess. It wasn’t the word "password" ("how silly do you
think I am?") — it was his wife’s name ("that silly, John!") And of course,
being a family website, her name was all over the place.
A password should be easy to remember (it should NEVER be written) and difficult
to guess. It should contain letters and numbers, and even special characters,
and should not be anybody’s name, any pet’s name, any phone or house number or
anything else that can be easily identified with you.
So how do you make it easy to remember? One technique which seems to work quite
well is to come up with a sentence that’s easy to remember and use the initial
letters of the words, except words that sound like numbers, where you use the
number. For example: "Goodies To Go is the best place to get advice for
passwords" gives us "g2gitbp2ga4p". You could even include the quotes and final
period. It’ll take more than a couple of minutes for someone to guess that one
— they’d even have a hard time remembering it if they watched you type it in.
Just don’t say the sentence under your breath as you type it!
And the garage door opener of the computer world? It’s the wireless network.
People buy wireless networking equipment, take it home or to the office, turn it
on and, by gosh, it works! Then they proudly watch as their data flows around
from machine to machine, out the door, down the street, into a hacker’s car and
into his notebook PC! The first — that is, the VERY FIRST — thing to do with a
wireless network is to encrypt it! Check the docs that came with the equipment –
it’s usually pretty easy to do. And, by the way, turn off the SSID broadcast –
you don’t have to make life easier for the intruder and you will know your own
SSID (if you don’t know what an SSID is, check your wireless network docs.)
Also, what’s the Administrator password on your computer? Windows XP has an
administrator account called Administrator, the password for which is set at
installation time. It can be blank. If you didn’t install your XP yourself (like
most store bought PCs) it may still be blank. Any other password protection you
may be using isn’t going to help you too much if you still have an account with
administrator rights and no password available for any intruder to use. Check
the Control Panel / User Accounts.
Protect your passwords! Don’t transmit a password unencrypted over the Internet.
If you’re not sure whether or not a certain use is encrypted, find out before
you use it. If for some reason you have to send an unencrypted password, use a
special one that you don’t use for anything else — this is not a good
situation; it’s like having a feeble guard at the gate.
"Halt! Who goes there; friend or foe?"
"Foe — a fully trained and well armed Ninja."
"Right. Continue, friend!"
Thanks for Reading!
– Vince Barnes
Q & A Goodies
Questions are taken from submissions to our Community Mentors. You can ask a Mentor a question by going to
https://www.htmlgoodies.com/mentors.
Q. I would like to use a flash movie in my website, but if users do not
have flash plug-in installed in the browser, it should play gif animation
without asking users to install plug-in. In other word flash movie should play
if plug-in installed, if not then something else (alternative image).
A. Here is one way to detect the Flash plug-in according to Flaskit.com:
http://www.flashkit.com/tutorials/Utilities/Detectin-Arran_Sc-151/index.php
Q. I am attempting to create a web page and have run into a problem. I
link to pages created in MS Word (using tables, not html written). The contents
on these MS Word created pages are misaligned depending on the users’ browser. I
wish for the pages to maintain their format so that the user scrolls left/right
with the scroll bar in the right frame. (Code sample provided)
A. I believe the problem you are running into is that your table(s) uses
an absolute value. You should change the width to a percentage. Try using
width="100%" in the table tag instead of width="480". This will allow the table
to resize according to the user’s screen resolution. The other problem could be
the Microsoft Word code that is causing browsers to have trouble rendering the
page properly. There is a lot of extra code created by Word that should be taken
out.
Q. Is there a way of naming spans partly with a variable? I.e. instead of
doing this:
document.all.sp1.innerHTML=(‘<img src=pt1.gif>’);
document.all.sp2.innerHTML=(‘<img src=pt1.gif>’);
document.all.sp3.innerHTML=(‘<img src=pt1.gif>’);
document.all.sp4.innerHTML=(‘<img src=pt1.gif>’);
document.all.sp5.innerHTML=(‘<img src=pt1.gif>’);
document.all.sp6.innerHTML=(‘<img src=pt1.gif>’);
document.all.sp7.innerHTML=(‘<img src=pt1.gif>’);
document.all.sp8.innerHTML=(‘<img src=pt1.gif>’);
is there any way like:
for( var n = 1; n < 9; n++)
{
document.all.sp + n + .innerHTML=(‘<img src=pt1.gif>’);
}
A. You could try to use the eval() method like this:
eval("document.all.sp" + n + ".innerHTML=(‘<img src=pt1.gif>’)");
Q. I want to have a small window open when someone clicks a link on my
page. I don’t want a full size window, just a small one. Can JavaScript do this?
A. Since you will probably have more than one link on a page you should
set up a function in your head section of your document that will be used by
multiple links. You can pass the html page you want to load in the window to the
function when the link is clicked on. With window.open() you can set the
width, height, postion and other attributes. Here is an example:
<script language="javascript"> function OpenWin(linkid)
{ NewWin=window.open (linkid,"newwin",config="width=200,height=250,location=no,status=no,directories=
no,toolbar=no,scrollbars=no,menubar=no,resizable=no,top=30,left=30");
NewWin.focus()
}
</script>
The variable "linkid" contains the page you want to load. This was passed to the
function when the link was clicked on. Then in the body section of your document
your link could look like this:
<A HREF="javascript:OpenWin(‘somepage.html’)">Apples</A>
You would wrap the link around the word that you want to click on for more info.
The HTML Goodies site does have a tutorial on window.open()
(see https://www.htmlgoodies.com/primers/jsp/hgjsp_11.html and https://www.htmlgoodies.com/primers/jsp/hgjsp_12.html
— Ed.)
Q. I have been working on trying to come up with a better menu for my
index page. I used Sothink DHTMLMenu to generate one. I have it working, but it
takes quite a while for the menu to load. What is my problem?
A. I can’t see your menu, but I can make a couple guesses. You have a
bunch of images that need to load to make the menu work. The browser looks for
them when you do your mouseover, which means calling the server and asking for
the image, and repeating the process for each image. My first guess is you could
fix your problem with a preloader, so the images are already in the browser
cache. Here’s an example of a preloader:
// preload images
var an_image1 = new Image(151,37);
an_image1.src = "images/navigation/options_home_over.jpg";
var an_image2 = new Image(151,37);
an_image2.src="images/navigation/easement_over.jpg";
var an_image3 = new Image(151,37);
an_image3.src="images/navigation/mutual_over.jpg";
This is a JavaScript that declares a variable as an image and specifies the size
so the browser doesn’t have to figure it out, and then give the variable a value
consisting of a URL.
My second guess is that your images are large and taking a long time to
download. Keep them small, like 3k each, or even eliminate them if you can.
Get rid of the "best viewed at" message. No visitor will change their screen
setting just for your site, nor take the blame for he site not working at their
screen setting. You just have to make it work at different sizes.
News Goodies
Linux Privilege Escalation Hole Detected
[March 8, 2004] The flaw carries a ‘critical’ rating and
could be exploited to give an attacker full super-user
privileges.
Click
here to read the article
Microsoft Wins Patent for Scroll Mouse
[March 8, 2004] Horizontal movement is the new twist.
Click here to read the article
Sony ‘WORMs’ its way to Better Storage
[March 8, 2004] New tape drives are fortified with Write Once, Read Many
technology to help customers cope with government record keeping
regulations.
Click here to read the article
Adobe Adds New Dimension to Forms Software
[March 8, 2004] Barcodes address problems associated with manual data entry
in a market where Microsoft and Macromedia also play.
Click
here to read the article
Net2Phone Takes SIP of VoiceLine
[March 8, 2004] Net2Phone launches a private label VoIP service for
broadband providers as it battles against its privately held rival.
Click here to read the article
Microsoft Wins One in IE Battle
[March 5, 2004] The U.S. Patent Trademark Office’s
preliminary ruling favors Internet Explorer in the
Microsoft/Eolas infringement case.
Click here to read the article
Microsoft: Windows XP SP2 Will be Disruptive
[March 5, 2004] The software giant has created an online training course for
developers to explain the implications of the security-centric OS service
pack.
Click here to read the article
Anti-Offshoring Fever in Senate
[March 5, 2004] Partisan bickering delays legislation to end EU trade
penalty tariffs imposed this week on U.S. goods.
Click here to read the article
IP Upstarts: Get Microsoft
[March 5, 2004] Software vendors are both the victims and victimizers when
it comes to patenting technology already in widespread use around the world.
Click here to read the article
Is Leaked eMail a SCO-Microsoft Connection?
[March 5, 2004] UPDATE: Redmond was indirect backer of Linux lawsuit
strategy, open source guru alleges in leaked e-mail posted on his site.
Click here to read the article
Every week a site is selected for review. Each week,
reviews of the previous week’s selected site are chosen for
publication on the HTML Goodies website.
The current week’s selected site is published in Goodies To
Go and in the Peer Reviews section of the website.
Current contact email addresses for submitting your site and
for submitting reviews are published in Goodies To Go.
If you would like to have your site reviewed, sign up for
the Goodies To Go newsletter in the Navigation Bar on the
left side of this page.
For full details about this program, see
https://www.htmlgoodies.com/peerreviews
Did you ever wish your newsletter was an easy two way communications medium?
Ploof! It now is!
If you would like to comment on the newsletter or expand/improve on something
you have seen in here, you can now send your input to:
mailto:nlfeedback@htmlgoodies.com
We already receive a lot of email every day. This address will help us sort out
those relating specifically to this newsletter from all the rest. When you send
email to this address it may wind up being included in this section of the
newsletter, to be shared with your fellow readers.
Please don’t send your questions to this address.
They should be sent to our mentors: see
https://www.htmlgoodies.com/mentors/
For those who are missing Peer reviews: we are once again
revising the Peer review program in the hopes of creating a
workable solution. The current plan is to move the new Peer
Review pages into place in the new year. All those who have
been selected for reviews in the past will be featured in
the new pages. The new method will make it much easier for
your peers to provide feedback and much easier for us to
handle the publication side of things. "Watch this space!"
It’s coming soon!!
Thanks again for all your feedback!
Top
Windows Tech Goodie of the Week:
Sharing Session State between ASP and ASP.NET
http://www.asp101.com/articles/sidney/sharingsessionstate/default.asp
One of the biggest problems people have when migrating from ASP
to ASP.NET is that sharing session state between the two is not
easy. This article explains the situation and examines a few
different options.
*** And ***
Using PDF Technology To Secure E-mail
http://www.15seconds.com/issue/040224.htm
Encrypt e-mail using PDF security to overcome limitations in
Secure Multipurpose Internet Mail Extensions (S/MIME).
Top
And Remember This . . .
On this day in…
1985 IRS Reports Millionaire Count Doubled
The IRS issued a report that showed that the number of millionaires
in the US had doubled since 1980. 407,700 Americans were now
reporting earnings in seven figures or more. Economists cited the
economic policies of Ronald Reagan, dubbed "Reaganomics", as the
principal contributing factor to the boom. Depending on who you are,
the news is not necessarily good, however. From 1977 to 1990 the
wealthiest twenty percent of the population had their incomes
increase by a third, with the top one percent doubling. At the same
time, the bottom sixty percent saw a decrease, with the biggest
decline amongst those already below the poverty line. Economists
Blueston and Harrison described the increase in the disparity as a
"great U-turn", calling the rift "higher today than at any point in
the lifetimes of all but our most senior citizens, the veterans of
the Great Depression."
Today was also the day that in: 1862 the Confederate ironclad
warship "Merrimac" was launched; 1894 New York became the
first of the US states to pass a dog license law; 1896 the
"Volunteers of America" was formed in New York; 1908 the
Collingwood Elementary School in Cleveland Ohio burned down killing
two teachers and 173 children; 1913 the US Internal Revenue
Service began to levy & collect income taxes; 1917 the
Russian Revolution began; 1927 Pan American Airlines was
incorporated; 1930 Mahatma Ghandi began civil disobedience in
India; 1950 the USSR announced they had developed an atomic
bomb; 1959 The Marx Brothers made their final TV appearance
together; 1962 The Beatles (still with Pete Best) made their
TV debut on BBC-TV; 1965 the first US combat forces (3,500
Marines) arrived in Vietnam; 1971 Radio Hanoi broadcast Jimi
Hendrix’ "Star Spangled Banner"; 1973 Paul & Linda McCartney
were fined #100 for growing cannabis; 1976 the largest
observed meteorite (1,774 Kg) fell in Jilin China; 1990 New
York City’s Zodiac killer shot his 1st victim, Mario Orosco;
Born today were: in 1859 author Kenneth Grahame (The Wind in
the Willows); 1918 actor Alan Hale [MacKahan] Jr (Skipper
Jonas Grumby-Gilligan’s Island); 1921 actress Cyd Charisse [Tula
Ellice Finklea]; 1940 actress Susan Clark; 1943
actress Lynn Redgrave; 1944 singer Carole Bayer Sager; 1946
musician Randy Meisner; 1958 English singer Gary Numan (Gary
Webb); 1959 actor Aidan Quinn; 1963 actress/model
Kathy Ireland; 1964 singer Cheryl James; 1964 musician
Peter Gill; 1976 actor Freddie Prinze Jr.;
Thanks for reading Goodies to Go!