Archive for July 2004

How’s this for irony? I watched The Shipping News a couple of days ago before reading this book. One of my favorite parts of the movie was the main character learning how to write strong headlines. Instead of the dull “Horizon Fills with Dark Clouds,” his co-worker suggested, “Imminent Storm Threatens Village.”

The main character, an honest man, asked, “But what if no storm comes?”

“Village Spared From Deadly Storm.”

Writing attention-getting releases isn’t about lying, but about putting a creative twist on the truth. Free Publicity is unique in that it’s written by a person who is typically on the receiving end of the releases instead of someone who has spent years writing and submitting them. I’m more interested in what the recipient wants than what the person who has written a ton of them thinks they want.

Crilley is a TV news reporter in Dallas who shares his experiences in book that takes about an hour to read because it’s fast-paced, grabs your attention and keeps it. That’s how good these stories are and why they got Crilley’s attention. Each chapter provides a few key points and those points are reiterated at the end of the chapter for easy referencing.

The author is on target when he suggests honesty even when things are bad. If Clinton had come clean from the start of it, the whole scandal involving him and “that woman” might not have been the big deal that it came to be. The media is going to keep nibbling until it gets what it wants or arrives at the truth.

Within moments of reading the book, ideas started floating in my head on how to bring more attention to a few things needing spotlight. This simple book has it all: it’s fast, easy, useful, and humorous.

VITAL STATISTICS:
TITLE: Free Publicity: A TV Reporter Shares the Secrets for Getting Covered on the News
AUTHORS: Jeff Crilley
PUBLISHER: Brown Books Publishing Company
PUBLICATION DATE: December 2002
ISBN: 0972647406
FORMAT: Paperback
PAGES: 128
PRICE: USD: 12.95
CDN: 13.65
UK: 6.34

If you try to go to WeightWatchers.com with FireFox 0.9x or Mozilla 1.7, you get a lovely message to upgrade your browser to not only IE 6.x or higher, but also Netscape 7.x or higher (For Macs: IE 5.x+ and Safari 1.1+). Netscape is based on the gecko engine, which is what Mozilla and FireFox are based on. The company needs to lose browser weight.

You can get a nice wrap up of the Emergence of Ideas: Day 1 in one post.

Day 2 – Robert Scoble discusses corporate blogging and how he uses blogging in his role at Microsoft. Also, a few corporate bloggers (Macromedia, Microsoft, and Dell represented) answer questions on corporate blogging.

Are ethics good business? is worth mentioning because it has a survey included. This is a nice way to add more interactivity to the week-long event.

Much more covered including non-profits, basics of blogging, starting a corporate blog, sales, etc.

Lois Carter Fay brought this week’s Global PR Blog Week to my attention. More details are also available in TheNewPRWiki.

I look forward to seeing what information is gleaned each day. Today’s topic is PR in the Age of Participatory Journalism with Trevor Cook, Don Crowther, Dan Forbush, and others.

I am interested in seeing how effective this event is especially since it is more accessible to me than a typical conference. As a person with profound hearing loss, I get exhausted trying to lipread the speakers and miss a lot of information. Plus, with the huge amount of blogs out there — how many people are going to find out about this one and take the time to visit it? I only find out about it because I happened to be in recent contact with Lois.

Accessibility Information Solution has released v1.0 of its Web Accessibility Toolbar, which only works with IE. In case you’re wondering why it is for IE only, first… there is already a great toolbar for mozilla/firefox by Chris Pederick.

Steven Faulkner of NILS was kind enough to explain the reasons for the toolbar’s compatibility with IE only:

1. There was a gap in “the market,” no tools comparable to those available for Mozilla were/are available for IE.

2. Our programming expertise is limited (if somebody wants to work with us on versions for other browsers/operating systems we’d be interested),

3. Our resources are very limited as this project is unfunded so we work on it between paid work and in our spare time [Meryl here, thank you for the work!].

4. While some people realise that there are better browsers than IE out
there, their uptake is still very small, and my original idea was to raise
awareness of accessibility issues and provide the tools to “the masses.” [Valid point]

5. For better or worse, many assistive technology users use IE for web
browsing, so I tend to use it for accessibility testing and browsing due to this circumstance [Ain't that the truth?].

6. What time I have had to work on developing the toolbar has so far been directed at improving the functionality and collaborating with others to create versions in other languages [Great reason!].

Porter Glendinning shed more light on the Mozilla vulnerability and gave me permission to share:

The “bug” (I’ll explain why I put that in quotes in a moment) was reported back in 2002 and was only fixed recently when an actual exploit was discovered.

The reason that this isn’t such a cut-and-dried case (in reference to my previous post) is because it’s not a bug in Moz that caused this security hole. Moz is set to handle certain protocols internally — http:, https:, ftp:, and so on. When it encounters a protocol it doesn’t handle it passes the request on to the OS. In this case, Windows executes the shell: protocol in the command shell — I know, I can’t believe it either.

If an exploit had been found in RealPlayer involving the victim clicking an rtsp: link in the browser that would cause the player to execute arbitrary commands we wouldn’t call that a bug in the browser; it’d be a bug in RealPlayer. The shell: exploit is no different (with the exception that the protocol itself has little valid reason to exist).

So the options that are open to the Moz developers for fixing the more general problem are either to block all unhandled protocols, which would break many third-party apps, or to formulate some sort of white-/blacklist for protocols that are known to be good/bad. There are problems with both in the general case, but in the case of shell: I can’t imagine that anyone will complain about its blacklisting.

Google doesn’t have an official manual, so Google: The Missing Manual steps in. The super search engine has a multitude of features many don’t know about. The authors do a first-rate job of describing its features and demonstrating how to use them.

When I start a search, Google is often the first place I go. Over time, I’ve learned of its new features and applyied tricks here and there. I have found the words to a song when I could only remember a handful of words. The song is no rock ‘n roll hit or anything played on the radio. It’s a geography song I learned in third year Spanish in high school. Using a few of Google’s tricks, the full lyrics appeared quickly.

Heck, save money with Google. A search engine that saves money? Indeed. Froogle is the word, nice play on frugal there. Enter the item and it provides results with prices. I use it for comparison shopping to ensure I get the best deal. Thanks to Froogle, I located a hard to find item for my niece’s birthday gift.

The book covers every trick I’ve learned and read about and taught me a few more. A call comes through, but the person doesn’t leave a message. The CallerID shows the phone number and a company name, but it doesn’t ring a bell. When I enter the phone number in Google, it provides three results (boy, talk about bad luck as a couple of companies who had the phone number went out of business) and it dawns on me it is the new family doctor, which is why the number is familiar. The company appearing in CallerID is the telecommunications company provides the services. In some cases, teleco names show up instead of the business or residents’ names.

The Google API (application program interface) is not covered although it is mentioned as a resource. The purpose of the book is to show how to use Google from a non-programming and non-techie perspective. The authors have accomplished the goal. They briefly cover using Google on Web sites as a search tool and for Ad Sense.

Those looking for hard-core Google tips using the API obviously won’t find it in this book. This is a book for all the non-programmers and non-Web designers. Scanning the book takes little time and it’s an excellent reference since it’s well organized in five parts: techniques, unknown Google, search tools, Google for Webmaster, and an appendix with resources. Also extra nice is the authors’ coverage of other browsers besides Internet Explorer when referencing browser-based tools that work with Google.

One of the reasons the company is popular is for its simplicity. Its home page has hardly anything other than its logo and a search box. The book continues the theme by keeping it simple.

VITAL STATISTICS:
TITLE: Google: The Missing Manual
AUTHORS: Sarah Milstein (Editor), Rael Dornfest
PUBLISHER: Pogue Press
PUBLICATION DATE: May 2004
ISBN: 0596006136
FORMAT: Paperback
PAGES: 311
PRICE: USD: 19.95, CAN: 28.95, UK: 13.95

Mozilla and FireFox has a security issue. But as soon as we heard about it, the fix was available and the steps to verify it has been implemented are simple. More than we can say for Internet Explorer. Though I’ve spoke highly of the mozilla.org products, it didn’t mean I thought of them as saints, or perfect.

Some of you may be questioning the switch away from IE. It is still the right thing to do. Read on for the why.

When the switch browser campaign was in full speed, a few people (me included) wondered what would happen to the security of Mozilla products if it should gain a big share of the browser market. Wouldn’t that open it up for hackers just like Microsoft’s products do? After all, it’s open source software meaning the hackers aren’t working blindly.

Chris Kaminsky answered my questions better than I could ask for from anyone.

To accept your assertion, one has to first accept three statements:

1. FF is fundamentally about as (in)secure as IE.

2. Access to source code is at least as significant a factor in ‘hackability’ as other factors such as the browser’s security model, the basic architecture of the application, what other software the browser interacts with and how, etc.

3. Hackers will have as much incentive to hack browser X if it has 40% of
the market as if it has 90% of the market.

Point 1 is difficult to quantify, but IE has been widely criticised for the way in which it is integrated with the OS. It isn’t just used as a ‘black box’ component; rather, it’s code is pretty well mixed into the OS code, and vice versa. Doing so is not particularly good software engineering practice, but it was desirable from MS’s perspective as it helped their position in the antitrust trial that IE was an integral part of the OS. Just by virtue of its integration with the OS, IE exploits have far more potential to do damage than do FF exploits. So FF starts off with lower hack potential out of the gate–and that’s without considering the swiss cheese that is ActiveX (not something that hackers have just discovered, BTW; ActiveX has been roundly criticised on security grounds since it was introduced), the flawed zones-based security model, etc.

Point 2 is demonstrably false: compare Apache to IIS, for example, and you’ll find that Apache generally has a better security record despite being both open source *and* the market leader. As well, whatever advantage is given to the black hats by being able to look over the source code is also given to the white hats; it’s a symmetrical advantage.

Point 3 is based on the assumption that the public won’t suddenly all dump IE and run to FF, but rather that some will move to FF, some to Mozilla proper and some to Opera (not to mention Safari, Konqueror, OmniWeb, etc. on non-Windows platforms) so even in a post-IE world no other browser would emerge with IE’s market share. Given that I use FF, Moz, and Safari regularly, I feel pretty comfortable saying that the three are almost interchangeable, making it highly unlikely that any one will gain the sort of dominance IE has had (or that Netscape once had, for that matter).

Whether hackers, given a lower total share for the dominant browser, would be as apt to focus on it as they do on IE now is left as an exercise for the reader.

All that said, FF is nowhere near perfect (someone’s going to come up with an XPI exploit; it’s only a matter of time) and in fact a hole was announced in the last 24 hours. It was also patched in the last 24 hours, unlike the IE holes which remain vulnerable.

Bottom line, FF isn’t anywhere near perfect from a security standpoint, but there’s some reason to believe it will be better and precious little reason to believe it will be any worse.

Content negotiation can make URLs shorter and more abstract. Save size and migration headaches by rewriting URLs without file extensions to the right resources. I asked the author, Andy King, a few questions about this method. He kindly responded:

Q: But wouldn’t it take up more space on the server if you have three versions of the image?

A: Yes, but storage is cheap, bandwidth isn’t. You don’t need three versions of an image. Also, you could just have one, say image.gif, but refer to <img src=”image” …> and either multiviews it, or explicitly say image.gif on the server. Apache is designed to do this type of content negotiation, and if port80software.com can do it, anybody can (see their home page, which is quite fast)

Q: How is it not slower… between parsing, searching for the file name instructions, and then sending it back to the browser?

A: It is infinitesimally slower, but worth it for the four bytes saved (at least) with each image/resource, and the hassle-free migration. Apache has been designed to do this from the start, but nobody uses it because of just the concerns you outline, but in practice the slowdown is not discernable (unless you are Yahoo, which i point out in the article). combined with compression say, it would be faster.

What about time to implement it? Isn’t it time consuming?

A: Not really, you just turn on multiviews, and remove extensions from your markup (which can also be automated) and it’ll work. You don’t need multiple representations of resources, that is just an expanded example.

These are problems and annoyances I ran into when first installing FireFox on several computers. Thanks to the forums, the problems quickly went away.

Master Password – whenever I signed on a site, FireFox asked if I wanted it to remember the password. When answering, “Yes,” it would asked for a Master Password. WHAT!?!? I never set up a Master Password. Three ways to solve it:
1. Enter chrome://pippki/content/pref-masterpass.xul into the location bar and click the Reset password button. However, this option did not work for me. Furthermore, it will delete all saved passwords.
2. Exit Firebird.
Go to your profile folder: http://texturizer.net/firefox/edit.html
Delete key3.db (your master password) and signons.txt (all your stored passwords, which are now useless, because Firefox can’t decrypt them). Note: signons.txt was not in my folder probably because it was deleted by the previous step. It worked.
3. Create a new profile. I didn’t like this option because all the bookmarks, settings, extensions that I worked hard to put in place before discovering this lovely password problem were gone and I didn’t have time to import them all again. I had no Profile Manager in my folder list (surprised), so I did the second option and put it in the folder list for easy access.

When I clicked on links from Thunderbird and a couple of other places, it would open something other than FireFox even though I confirmed FireFox as my default browser. The easiest way to fix it is to use a free tool called SetBrowser. The program may show FireFox as the default. Do the steps anyway.

Once fixed, I started getting this error when clicking a link: Firefox loads the URL and the following message appears, “Windows cannot find [add Web URL]. Make sure you typed the name correctly, and then try it again. To search for a file, click the Start button, and then click Search.” The solution.

One more problem. I thought it was just me because of the order I did things, but it happened to Paul, too. If you try clicking on a link in Outlook or something else, it’s possible FireFox AND IE or just IE open. If this is the case, here are the forum notes. The step that worked for me was going into file types and deleting “%1.” Also, check the second route.

I didn’t like the search bar size. Too small. The location bar could stand to be smaller while the search bar should be larger. This is a cool fix because you use an extension that makes life easier. Install ChromEdit. Exit and open FireFox. Open Tools > Edit User Files. Copy the following into the blank page on the first tab called userChrome.css:

/* fixt search bar width */
#search-container {
-moz-box-flex: 250 !important;
}

Adjust the number to your taste. It won’t take effect until you’ve exited and opened FireFox.

I use RoboForm for filling forms. It’s worth the investment. Since the program was installed before I installed FireFox, it wasn’t working in FireFox. Easy fix. Download and install the adapter.

I use MovableType to manage this blog and one of the features I immediately missed was the editor buttons B, I, U, and URL. Not anymore. They’re back! Thanks to the kurcula.com hack. However, where second part of the instructions says, “Place the code between <script> tags; put it after the lt;/script;gt; tag as shown in the example.

Another option is the FCKeditor. Bad name (author’s initials), but it is supposedly a great open source editor.

Update: FireFox froze on me today (Sunday, July 4) where I could not do anything. Easy fix thanks to Mozilla Backup. I used the last backup and everything worked again. Whew.