Latest Blog Posts
24 July 2008 JavaScript: The Missing Manual (featuring jQuery)
I know what you’re thinking. “Three posts in one week Ruscoe? You neglect your blog for all this time, managing to squeeze out a maximum of one post per month and now all of a sudden you’ve got blogorrhea? What gives!?!”
Well – to answer your question – “what gives” is that I'm not as busy as I have been so far this year. I’ve pretty much finished going to the gigs (actually, there are a couple more coming up this year), I’ve partied like it’s 1985, I’ve moved house, and I’ve reviewed two books for O’Reilly’s Missing Manual series, which is what this post is about...
Google Apps: The Missing Manual was finally released on 27th May 2008. It’s a book aimed at people who want to get the most out of Google’s online applications, such as Google Docs, Gmail, Google Talk, Calendar, iGoogle, Page Creator, Google Apps and Google Sites.
Reviewing a book like this, which covers Google’s ever-changing online services, meant that I had to keep right up-to-speed with all the features as they were being released. Even after finishing each chapter, I kept emailing the editor with updates when Google changed the Google Docs toolbar and Google Speadsheets kept adding new features! Of course, as soon as the book was released it was inevitable that some parts of it would already be out-dated. That obviously doesn’t mean the book was immediately worthless though. Only a few parts now contain minor errors, and it’s mainly omissions as new features have been added rather than outright inaccuracies. Regardless, I thoroughly enjoyed reviewing this book and am pleased that all my (what many people probably see as being useless) knowledge about Google could finally be put to good use!
You can read a bit more about it on Google Blogoscoped. And while you’re there, check out Philipp’s book, Google Apps Hacks.
JavaScript: The Missing Manual was released yesterday and I just got my copy today. After reviewing the Google Apps book, I was approached to do this one. I figured that I would probably know everything the book had to offer but how wrong I was! Not only does it cover standard old-fashioned JavaScript techniques, it also covers the jQuery JavaScript library in quite a lot of detail.
For anyone who’s only ever used raw JavaScript, jQuery is like a programming language from the web of the future. It’s everything that JavaScript should have been. It really does make pretty much everything so much easier to implement. Whether you want to create a simple image rollover (which is one of the first pieces of JavaScript I wrote or, more accurately, copied and pasted!) or a highly dynamic AJAX website, this book helps to explain how you can go about achieving it quickly and easily using JavaScript and jQuery.
So if you think you’re a JavaScript guru but you’ve never bothered looking into jQuery, this book is a great place to start and will help to completely change how you think about developing dynamic websites!
Well – to answer your question – “what gives” is that I'm not as busy as I have been so far this year. I’ve pretty much finished going to the gigs (actually, there are a couple more coming up this year), I’ve partied like it’s 1985, I’ve moved house, and I’ve reviewed two books for O’Reilly’s Missing Manual series, which is what this post is about...
Google Apps: The Missing Manual was finally released on 27th May 2008. It’s a book aimed at people who want to get the most out of Google’s online applications, such as Google Docs, Gmail, Google Talk, Calendar, iGoogle, Page Creator, Google Apps and Google Sites.Reviewing a book like this, which covers Google’s ever-changing online services, meant that I had to keep right up-to-speed with all the features as they were being released. Even after finishing each chapter, I kept emailing the editor with updates when Google changed the Google Docs toolbar and Google Speadsheets kept adding new features! Of course, as soon as the book was released it was inevitable that some parts of it would already be out-dated. That obviously doesn’t mean the book was immediately worthless though. Only a few parts now contain minor errors, and it’s mainly omissions as new features have been added rather than outright inaccuracies. Regardless, I thoroughly enjoyed reviewing this book and am pleased that all my (what many people probably see as being useless) knowledge about Google could finally be put to good use!
You can read a bit more about it on Google Blogoscoped. And while you’re there, check out Philipp’s book, Google Apps Hacks.
JavaScript: The Missing Manual was released yesterday and I just got my copy today. After reviewing the Google Apps book, I was approached to do this one. I figured that I would probably know everything the book had to offer but how wrong I was! Not only does it cover standard old-fashioned JavaScript techniques, it also covers the jQuery JavaScript library in quite a lot of detail.For anyone who’s only ever used raw JavaScript, jQuery is like a programming language from the web of the future. It’s everything that JavaScript should have been. It really does make pretty much everything so much easier to implement. Whether you want to create a simple image rollover (which is one of the first pieces of JavaScript I wrote or, more accurately, copied and pasted!) or a highly dynamic AJAX website, this book helps to explain how you can go about achieving it quickly and easily using JavaScript and jQuery.
So if you think you’re a JavaScript guru but you’ve never bothered looking into jQuery, this book is a great place to start and will help to completely change how you think about developing dynamic websites!
Labels: books, development, google, javascript, personal
12 November 2006 Browser Wars: Internet Explorer 7
I finally took the plunge and installed Windows Internet Explorer 7 this evening. (Why they changed the name from Microsoft Internet Explorer to Windows Internet Explorer, I have no idea. Nor do I care really; it was just an observation...)
Despite how other people reported that they needed to reboot as many as three times (or more) following installation, I only had to reboot once. In fact, the installation was quite painless really. My biggest issue was the time it took to download the update and finally install it. It was probably going on for 20 or 30 minutes. By comparison, Firefox 2 took seconds to download and another few seconds to install. I guess that’s the price Microsoft has to pay when it integrates the web browser with the operating system so tightly. Whatever the reason, it’s one point to Firefox.
I’ve only tried using it for a couple of hours now and there are some quite things that are already annoying me. The first and most obvious change that’s causing a problem is the interface. I’ve read numerous other reports about how bad everyone thinks this is too – so how the heck did it ever get passed usability testing? Microsoft, please don’t make me think. And if you absolutely must include some snazzy new navigation, please provide me with a “classic” option to change it back to what I know. Firefox didn’t change their interface between versions, so they get another point.
One of the first things I did was activate the Menu Bar (File, Edit, View, etc.) only to find that it sticks it under the Address Bar! Fortunately, I’d already read this post on Anthony’s blog so I knew how to stop it doing that. That makes things a little bit better but it’s still getting on my nerves. Why they decided to stop users from moving their toolbars around like they’ve always been able to, I’ll never know. As far as I’m concerned, an essential feature has been removed. Another point to Firefox.
It seems Internet Explorer now has tabbed browser, eh? Personally, I can take or leave tabbed browsing. I still don’t fully understand the difference between using tabs in a browser and using buttons in your task bar. But thousands of people rant and rave about how good they are, so I guess they must be right. What really confuses me is why there’s no option to “Open in New Tab” when you right-click a link. (And that “Open” option has always been pointless; why would anyone not just left-click?) Of course, Firefox already has that option. Yet another point to Firefox.
After trying out a few of my websites in it, I realised that there were a couple of small changes I needed to make. When I followed my shortcut to the FTP site, it opened in IE7 rather than Windows Explorer. I then had to find the “Open FTP site in Windows Explorer” option, as the page suggested. (Why couldn’t they just give me a link to click that would do that instead of making me go hunting around for it?) So that was pretty annoying... and it was even more annoying when I realised that it does this every time! Minus one point to Internet Explorer.
One thing I do quite like though is the ClearType feature. I do find it strange how they make text appear clearer by actually making it more blurred though. Either way, it seems to work. But at least you can switch it off if you don’t like it. At last – one point to Internet Explorer!
And at the end of that round, Firefox has 4 points but Internet Explorer has zero!
Ever since around 1999, my default browser has always been Internet Explorer. And before that, I think it was Netscape 4. I guess I just never got around to switching to Firefox. I didn’t really have a good reason to do so either. However, with IE7 being so different to IE6, I’m now being forced to make a change.
Should I switch to Windows Internet Explorer 7 or Mozilla Firefox 2...?
Despite how other people reported that they needed to reboot as many as three times (or more) following installation, I only had to reboot once. In fact, the installation was quite painless really. My biggest issue was the time it took to download the update and finally install it. It was probably going on for 20 or 30 minutes. By comparison, Firefox 2 took seconds to download and another few seconds to install. I guess that’s the price Microsoft has to pay when it integrates the web browser with the operating system so tightly. Whatever the reason, it’s one point to Firefox.
I’ve only tried using it for a couple of hours now and there are some quite things that are already annoying me. The first and most obvious change that’s causing a problem is the interface. I’ve read numerous other reports about how bad everyone thinks this is too – so how the heck did it ever get passed usability testing? Microsoft, please don’t make me think. And if you absolutely must include some snazzy new navigation, please provide me with a “classic” option to change it back to what I know. Firefox didn’t change their interface between versions, so they get another point.
One of the first things I did was activate the Menu Bar (File, Edit, View, etc.) only to find that it sticks it under the Address Bar! Fortunately, I’d already read this post on Anthony’s blog so I knew how to stop it doing that. That makes things a little bit better but it’s still getting on my nerves. Why they decided to stop users from moving their toolbars around like they’ve always been able to, I’ll never know. As far as I’m concerned, an essential feature has been removed. Another point to Firefox.
It seems Internet Explorer now has tabbed browser, eh? Personally, I can take or leave tabbed browsing. I still don’t fully understand the difference between using tabs in a browser and using buttons in your task bar. But thousands of people rant and rave about how good they are, so I guess they must be right. What really confuses me is why there’s no option to “Open in New Tab” when you right-click a link. (And that “Open” option has always been pointless; why would anyone not just left-click?) Of course, Firefox already has that option. Yet another point to Firefox.
After trying out a few of my websites in it, I realised that there were a couple of small changes I needed to make. When I followed my shortcut to the FTP site, it opened in IE7 rather than Windows Explorer. I then had to find the “Open FTP site in Windows Explorer” option, as the page suggested. (Why couldn’t they just give me a link to click that would do that instead of making me go hunting around for it?) So that was pretty annoying... and it was even more annoying when I realised that it does this every time! Minus one point to Internet Explorer.
One thing I do quite like though is the ClearType feature. I do find it strange how they make text appear clearer by actually making it more blurred though. Either way, it seems to work. But at least you can switch it off if you don’t like it. At last – one point to Internet Explorer!
And at the end of that round, Firefox has 4 points but Internet Explorer has zero!
Ever since around 1999, my default browser has always been Internet Explorer. And before that, I think it was Netscape 4. I guess I just never got around to switching to Firefox. I didn’t really have a good reason to do so either. However, with IE7 being so different to IE6, I’m now being forced to make a change.
Should I switch to Windows Internet Explorer 7 or Mozilla Firefox 2...?
Update: 14 November 2006 (21:58)
After switching between the two quite a bit tonight, I’ve just made a decision and changed my default browser to Firefox 2. I’ve also deleted any shortcuts to Internet Explorer as I know that my mouse would automatically go for the little blue “e” icon without even thinking about it...
If Firefox 2 annoys me too much in the next week, I may even try Opera 9 and see how I cope with that – IE7 was irritating me too much though after just two days!
(And I’ve already benefited from the spell check feature of Firefox 2 just whilst typing this – and yet I’ve not seen one single benefit of using IE7 in two days!)
Labels: development, firefox, microsoft, personal, rant
30 May 2006 Google Sitemaps: A Useful SEO Tool?
This Friday, Google Sitemaps will be celebrating its first birthday.
You can read my full post at Google Blogoscoped. Please post any comments you might have to the forum.One year since its launch, the interface has changed two or three times and new features have gradually appeared. For any webmasters who ditched Google Sitemaps early on, here’s a quick summary of why there’s possibly more to Google Sitemaps than just getting your site indexed.
Labels: development, google
17 May 2006 Why is "click here" in link text so bad?
Following a brief conversation with Chris the other day, I thought I'd make a short post about what could possibly be the most misinterpreted rule for webmasters... evar!
I think that for any website that could be used by complete novices to the Internet, my preference would be to use the third example above. And I think it's fair to say that it probably wouldn't offend the more savvy users either. (Sure, not everyone will be clicking, but not everyone will be walking across the road when those American crossing signs say “WALK” or “DONT WALK” – yet those people have learnt to know what it means...)
In conclusion, if you know what you're doing and why you're doing it, using ‘click here’ in your link text is fine by me.
P.S. It's also fine to start a sentence with ‘Because’, ‘And’ or ‘But’ regardless of what your English teacher may have told you!
Don't use "click here" as link text
– Quality Web Tips, W3C, 2001
47. Don't use "Click here" as link text
– The Big Website "Don't!" List, Philipp Lenssen, 4th March 2004
The W3C website also suggests that it's not strictly correct to use ‘click here’ because “not everyone will be clicking” and continues to give the following advice:Don't use "click here" or other non-descriptive link text.
– Top Ten Web Design Mistakes of 2005, Jakob Nielsen, 3rd October 2005
In an ideal world, that would be excellent advice. However, when webmasters are faced with the prospect of – let's say – “challenged” visitors using their websites, things need to be much more obvious. Take the following examples:When calling the user to action, use brief but meaningful link text that:
- provides some information when read out of context
- explains what the link offers
- doesn't talk about mechanics
- is not a verb phrase
The first two examples are obviously the worst of the bunch because they don't even link the main call to action (i.e. ‘read my blog’). According to the advice from the sites referenced above, only the last example would be acceptable. My problem with that link is that I've seen users respond with something similar to: “I want to read your blog, but how do I do that?” For a complete beginner, it's not always obvious that the underlined text is a link and that they can perform the action by clicking it. (This isn't helped by websites that don't have underlined links or have underlined text that isn't linked!)
- Click here to read my blog.
- Click here to read my blog.
- Click here to read my blog.
- Read my blog.
I think that for any website that could be used by complete novices to the Internet, my preference would be to use the third example above. And I think it's fair to say that it probably wouldn't offend the more savvy users either. (Sure, not everyone will be clicking, but not everyone will be walking across the road when those American crossing signs say “WALK” or “DONT WALK” – yet those people have learnt to know what it means...)
In conclusion, if you know what you're doing and why you're doing it, using ‘click here’ in your link text is fine by me.
P.S. It's also fine to start a sentence with ‘Because’, ‘And’ or ‘But’ regardless of what your English teacher may have told you!
Labels: development, personal, rant
08 May 2006 Webmasters: Secure your code!
I've been developing websites for several years now. In the early days, I was just playing with static HTML (see my early efforts if you fancy a laugh) but around six years ago I read a copy of Active Server Pages for Dummies, learnt how to develop dynamic, e-commerce websites and never looked back.
Writing websites powered by clever code is great, but something you should never do is compromise the security of your website or server. I can understand why Google occasionally has problems with security because their websites can be incredibly complex, but other companies should be aware of the risks involved with hiring developers who write sloppy code that could put the privacy of their customer details at risk.
A few years ago, I ordered some wine from a well known wine merchant's website. After ordering, I noticed that my receipt simply contained my order number in the query string at the end of the URL, something like this:
I notified the website in question – which incidentally claimed to be “totally committed to protecting your privacy” – and received my first response over one week later. “The fault was created by our old web design agency and unfortunately no one picked up on it,” explained their Online Marketing Manager, “our new agency have promised to have a secure fix in place by Friday night and it is our number one priority.” During this time, customers' details were freely available to anyone with a bit of simple web programming knowledge and they didn't even send me a free bottle of wine for notifying them directly instead of running to Watchdog!
Today I stumbled across another e-commerce site with several serious security flaws. I'd usually email the company whose website it was to give them some friendly advice, but I shan't be doing that in this case because the website belongs to a competitor who ripped off the layout, graphics, content and code from one of my websites and has kindly ignored our ‘Cease and Desist’ letters!
Instead, just to ease my conscience a little bit, here are just a few tips for making sure that your website is safer than theirs.
So, my final question is this: Would it be wrong of me to switch off client-side scripting in my browser, upload an ASP file to their webspace that, when executed, lists every file and folder in the root of the website, then proceed to download a copy of their files, including their customer database and confidential PDFs regarding their budgets?
(Surely that's not wrong, is it? Not when you consider what I could have done...)
Anyway, here endeth the lesson. Any questions (or answers)?
Writing websites powered by clever code is great, but something you should never do is compromise the security of your website or server. I can understand why Google occasionally has problems with security because their websites can be incredibly complex, but other companies should be aware of the risks involved with hiring developers who write sloppy code that could put the privacy of their customer details at risk.
A few years ago, I ordered some wine from a well known wine merchant's website. After ordering, I noticed that my receipt simply contained my order number in the query string at the end of the URL, something like this:
As an experiment, I simply changed thehttps://www.example.com/checkout/printreceipt.asp?OrderNo=100000000845572
OrderNo parameter and discovered that I could view the details for every order in their database – which included the personal details of all their customers. Not only that, but I could also use the same technique to change the delivery address for any order in their system without even being logged in!I notified the website in question – which incidentally claimed to be “totally committed to protecting your privacy” – and received my first response over one week later. “The fault was created by our old web design agency and unfortunately no one picked up on it,” explained their Online Marketing Manager, “our new agency have promised to have a secure fix in place by Friday night and it is our number one priority.” During this time, customers' details were freely available to anyone with a bit of simple web programming knowledge and they didn't even send me a free bottle of wine for notifying them directly instead of running to Watchdog!
Today I stumbled across another e-commerce site with several serious security flaws. I'd usually email the company whose website it was to give them some friendly advice, but I shan't be doing that in this case because the website belongs to a competitor who ripped off the layout, graphics, content and code from one of my websites and has kindly ignored our ‘Cease and Desist’ letters!
Instead, just to ease my conscience a little bit, here are just a few tips for making sure that your website is safer than theirs.
- Don't rely on client-side validation – most browsers allow you to switch off client-side scripting, so make sure your website handles this gracefully.
- Don't save any uploaded files to your webspace – not even if they're saved to folders with randomly generated names, and especially not if your users can upload scripts which can be executed – i.e. ASP, PHP, CGI, etc.
- Don't store your customer database on your webspace – but if you absolutely have to do this, I'd suggest password protection and a random filename.
- Validate user input server-side – especially if you're using parameters passed in via the query string or form fields to create SQL queries on the fly, otherwise your visitors could use SQL Injection to update or delete the entire contents of your database.
- Secure any admin areas properly – make sure they're password protected so that only authorized people can access them, don't just assume that people will never guess the URL!
So, my final question is this: Would it be wrong of me to switch off client-side scripting in my browser, upload an ASP file to their webspace that, when executed, lists every file and folder in the root of the website, then proceed to download a copy of their files, including their customer database and confidential PDFs regarding their budgets?
(Surely that's not wrong, is it? Not when you consider what I could have done...)
Anyway, here endeth the lesson. Any questions (or answers)?
Labels: development, personal, rant
14 November 2005 Google Analytics
If you run a website, you'll no doubt appreciate how interesting it is to view your visitor statistics and see how many people have found your website by searching for [google subdomains] or [who is tony ruscoe?]. (If you're running an e-commerce site, you'll probably pretend that you're more interested in conversion goals and revenue. Whatever...)
Well, Google have taken aim at yet another battleship and blown it out of the water. This time they've rebranded the Urchin software that they acquired earlier this year and released it as Google Analytics. So, how much does it cost? A few thousand dollars a month perhaps? Nope. A couple of hundred then? Nope. In true Google style, they've gone and done it for free.
Personally, I use the statistical analysis software that my web host provides for me. It does what I need it to do, but then I'm not interested in complex tracking, fancy graphs or increasing my conversion rates. (I've still added the Google Analytics code to my website though just so that I can see what it does.) However, for the small to medium companies who want instant reports on how they're site is doing, this appears to be the answer – and it's going to be a serious blow to companies like WebTrends and Omniture whose software costs hundreds and thousands of dollars (depending on the size of your site or the number of hits you get).
Of course, all the usual folk will be screaming and shouting about how Google is invading their privacy because they'll now know about every website they've been visiting (or at least, the ones that are using Google Analytics). I can only see this as a good thing though. To Google, the information being tracked by Google Analytics is obviously priceless, which is why they can afford to offer the service for free. Imagine if they use the data to enhance their search results and page rankings... that would certainly shake things up a bit!
On the surface, it looks like Google are about to put the entire web statistics and analysis industry out of business, but whether this is true depends entirely on how the industry responds to this release and how Google continues to develop this service.
[Via Matt Cutts]
Well, Google have taken aim at yet another battleship and blown it out of the water. This time they've rebranded the Urchin software that they acquired earlier this year and released it as Google Analytics. So, how much does it cost? A few thousand dollars a month perhaps? Nope. A couple of hundred then? Nope. In true Google style, they've gone and done it for free.
Personally, I use the statistical analysis software that my web host provides for me. It does what I need it to do, but then I'm not interested in complex tracking, fancy graphs or increasing my conversion rates. (I've still added the Google Analytics code to my website though just so that I can see what it does.) However, for the small to medium companies who want instant reports on how they're site is doing, this appears to be the answer – and it's going to be a serious blow to companies like WebTrends and Omniture whose software costs hundreds and thousands of dollars (depending on the size of your site or the number of hits you get).
Of course, all the usual folk will be screaming and shouting about how Google is invading their privacy because they'll now know about every website they've been visiting (or at least, the ones that are using Google Analytics). I can only see this as a good thing though. To Google, the information being tracked by Google Analytics is obviously priceless, which is why they can afford to offer the service for free. Imagine if they use the data to enhance their search results and page rankings... that would certainly shake things up a bit!
On the surface, it looks like Google are about to put the entire web statistics and analysis industry out of business, but whether this is true depends entirely on how the industry responds to this release and how Google continues to develop this service.
[Via Matt Cutts]
Labels: development, google