afongen

I know that I haven’t been posting a lot recently, for which I earnestly apologize. I’ve had much to say but little time. You may recall that we moved a week or two ago, and much of my time has been spent dealing with that: unpacking, sorting, sleeping.

We’re house- and dog-sitting for my mother-in-law. Introducing her yellow lab to our two cats has been a lot of fun. The dog is quite excited about these new playmates. Our 16.5-pound Maine Coon runs and hides, but our little 8.5 pound tabby is very interested in meeting this rambunctious creature. He walks right up to the dog, sniffs her, and thwacks her nose when she gets too close. Guess we know who’s boss.

I’ve also started to get really busy again working on a couple XML presentations that a colleague and I are doing at a conference in two weeks. It’s pretty cool, the presentation slides themselves are XML files that we’re converting to PDF using AxPoint. XHTML versions will also be made available, probably generated with XSLT. Much as I try to confine that activity to work, it does spill out occasionally. It happens when what I do for work and for fun are pretty much the same thing. AxPoint is marvelous. And now it supports SVG! Wow.

This is especially useful because I refuse to learn how to use PowerPoint. I like to learn about most things, but there are two areas of knowledge in which I would like to go through life remaining blissfully ignorant: how to score bowling and how to use PowerPoint.

Oh yes, through all this I’ve been trying to read a lot. Been wanting to highlight Steven Johnson’s Emergence: The Connected Lives of Ants, Brains, Cities, and Software. Wonderful book, I cannot recommend it strongly enough. Someday soon I’ll say more about it. For now, let me just say that I enjoyed the book so much that I will send a copy to the first person who asks for one. Seriously. Anywhere in the world, as long as it can be shipped there. Drop me a line.

Update:The book has been claimed. Thank you for playing.

Break out your broadband connection and your Flash plugin. The San Francisco Symphony Kids web site makes it all worthwhile.

I clearly haven’t been paying enough attention to web sites built for kids. Until now, the only one I ever looked at was Webmonkey for Kids. Sites like SFS Kids and the BBC‘s CBeebies are just great fun! A whole world that I haven’t explored. I wonder if Google will come up with a kids version, like Yahoo! did with Yahooligans!

I like to read stories like this. Sun donated some hardware to search.cpan.org. A big thank you to Sun!

On a similar token, Pair, the hosting service that I use for this very site, donated hosting to The Perl Review. One of the reasons that I like to use Pair.

An interesting thread on the NANOG list: 1024-bit RSA keys in danger of compromise (the message that kicked it off was first posted in Bugtraq). This may be a good time to point to a little something I wrote a year or so ago, a “Brief Introduction to Digital Signatures.” Just cuz you may find it a useful introduction. I keep finding people who look at me funny when I ask if they use PGP.

Great. Just frelling great. IE‘s digest authentication mechanism is incompatible with Apache’s. By the same token, IIS’s is incompatible with any browser but IE. I am not normally one for Microsoft conspiracy theories, but considering Microsoft’s lukewarm response (“the nature of this particular issue does not put customer data at risk or pose a known security threat, so the fix will be prioritized accordingly”), I have to wonder whether this is a mistake or a strategy. I’m sorry, but passing passwords in the clear does indeed “put customer data at risk”!!

A while back I spent an evening digging through the Apache source code to figure out how they implement digest authentication. I’ve read the RFC. It is not so hard that it should confound the crack programmers at Microsoft.

Since Mozilla finally supports digest authentication (since 0.9.7, which you may recall surprised me since I had assumed Mozilla already did support something this basic), I was all set to start using it as a matter of course. I already do use it in certain circumstances, with Apache and Mozilla. But now…what? How many more years do we have to wait before we can expect even this rudimentary security?

OK, this time I mean it. I’m moving this weekend, no weblogging for me for a few days. Enjoy the weekend, folks.

I’m always amused by the search requests that turn up in my referrer logs. Today’s odd one, “What do you do if dog scratches all the time,” although neither disturbing nor a bad question to ask, somehow reminded me of Disturbing Search Requests, which I hadn’t visited in a while. Pity that so many of those have to do with sex. How dull. I really like this one:

“A person decides to shake hands with six different people on a certain day. The next day, each of the six people will shake hands with six different people . The process continues until every person in the United States has shaken someone’s hand. How many days will it take until everyone in the United States has shaken hands once? Assume that once a person shakes hands with six different people, he or she does not shake hands again%2”

<motd>Don’t think you’re special just because you’re the only one left out.</motd>

Tim O’Reilly weighs in again: Disingenuous Comments from Michael Eisner.

“These entertainment and publishing industry executives are either being disingenuous or are ignorant of both technology and history. The software industry faces exactly the same conditions that the entertainment industry fears will destroy its markets. Software is digital, easily and perfectly copyable, and pirated copies are in fact available through a variety of illicit channels, but that hasn’t kept companies like Microsoft from going on to become among the largest and most successful in the world. What’s more, copy protection was widely explored by software companies in the 1980’s, and what they learned was that consumers avoided copy-protected products.”

If all my dire warnings the other day didn’t scare you off, and after careful consideration you’ve found yourself with a compelling enough reason to open a new window — compelling enough that your users will expect a window to open, which I think is quite a rare situation — please don’t use the old HTML target="_blank" attribute. Use JavaScript.

For one thing, the target attribute is not available in XHTML (you are using XHTML, right?) because it is not structural: it is behavioral. Page behavior should be controlled (or influenced, at least) with means other than markup, e.g. JavaScript or CSS. The one exception is framesets, where target does have a structural meaning and so is included in the XHTML 1.0 Frameset DTD. But you’re not using frames, are you?

If you find yourself in a position where you have no choice but to open a new window, please don’t do this:

<a href="javascript:openWindow('new.html')">DO NOT DO THIS</a>

do this instead:

<a href="new.html" onclick="openWindow(this.href); return false;">new window</a>

(This assumes that you’ve defined an openWindow() function.)

The second way, even those user agents with JavaScript disabled or unavailable can still access the page to which you’re sending them. Too, those of us who follow links by dragging them to another window or using contextual menus to open new windows or tabs can follow the link using our preferred method.

Thank you. You’ve just made the Web a better place.

You’d make it an even better place if you never opened new windows in the first place.

Update: Paul Sowden wrote to point out although Mozilla allows the blocking of target="_blank", it’s harder to block links using the JavaScript technique that I suggest. Using JavaScript, he argues, reduces the user’s control. Perhaps, but this is an issue that needs to be resolved by Mozilla’s developers.

Remember, in XHTML, JavaScript is the only way to open a new window. I agree wholeheartedly that opening new windows is something that you should studiously avoid, but sometimes you just can’t help it. Perhaps your boss or your kidnapper is staring over your shoulder until you comply with her demands. In that case, I humbly request that you write your JavaScript code in a way that allows for the greatest amount of freedom and control for the end user.

I’ve thrown together a quick demonstration of how it works. Disable JavaScript, play with your browser preferences, see how it all comes together. If you have improvements, please share.

It’s possible to disable all window-opening behavior in Mozilla, by the way. Add this line to your user preferences file:

user_pref("capability.policy.default.Window.open","noAccess");

You’ll still be able to open windows if you want to, but it won’t happen without your permission.

This and other goodies are documented on or near the end-user documentation on the Mozilla site (Customizing Mozilla, Hidden Mozilla Prefs).

I hope that before long, disabling “Open a link in a new window” in the Mozilla GUI-defined preferences also applies to JavaScript-opened windows.