I’ve got a bunch of users that constantly double click html links. Also, I’ve had a few users probing my apps trying to expose holes. Those probes have generally included either clicking links multiple times, or automatically submitting URLs via some automated process.
When I added messages to guide users that were re-submitting the same URLs, the double click users showed up as potential offenders. I needed a way to keep the double click users off of my intrusion detection report, but still be alerted to the more nefarious users. The solution to this problem is preventing browser based double clicks
I think my solution is elegant. I didn’t find this solution on the Internet, so I decided to post it here.
Simply make the onclick handler for the <a> tag reset it’s onclick handler to return false:
<a href="#" onclick="this.onclick=function () {return false;};return true;">Click Here</a>
I’ve tested this in Chrome/FF/IE8/IE6 and they all seem to work just fine. Comments and feedback welcomed.
I just got a G1 from T-Mobile, and I’m also attending Microsofts PDC, so I wanted to import my schedule from the PDC into my Google Calendar. It took a few tries, but I finally figured out how to do it.
- Get the .ics file
-
- Find the link on the screen
Find the link to the .ics information on the page
- Right click – copy link
- Use wget to save it
You will have to change the URL type from webcal to https
wget https://sessions.microsoftpdc.com/feeds/ics.ashx/ai..snip..1a
- I renamed the file to sessions.ics for easy identification
- Open the file and remove the ; from the lines like:
-
END:VEVENT;
changed to:
END:VEVENT
I’m not sure who (Google or Microsoft) is at fault with the semicolon here, but Google won’t import the file unless the semicolon is gone.
- Create a new Calendar
-
Go to your Google Calendar and create a new calendar
-
Import the calendar (Add -> Import Calendar)
-
Import your ICS file into the new calendar
Be sure and select the correct calendar to place the entries in.
Enjoy! I realize these instructions are pretty terse, but the critical piece is to remove the semicolons from the .ics file. Leave a comment if you’re having trouble.
When you’re successful, your Google Calendar will sync with your G1, and you’ll have all of your PDC sessions on your G1, for reference during the conference. You can look really cool checking your G1, rather than fumbling for a scrap of paper.
As I’m sitting in the WordCamp Birmingham meeting today, I’m looking around the room wondering “what does everyone have in common *except* that they’re interested in WordPress?”.
The mix of people here varies from WordPress gurus to people that don’t know what WordPress is exactly. We’ve got
- local developers
- graphic designers
- copywriters
- television news professionals
- and local bloggers
The parallel common theme is that the attendees are all interested in continuing their education. In this case, it’s new media. Last week, I attended an event in ATL (Atlanta Linux Fest), where a similar parallel common theme existed.
Traditional continuing education can’t keep up with “Internet speed”. As soon as a class can be developed, the concepts have changed. In a local event, the content changes right up to the beginning of the conference. The questions raised
can even add more content.
Attending these events can help to increase the connection between members of the local community. Non-local guests can help to cross-pollinate ideas. Mostly, the ideas and and experience from attending and presenting at these events help to establish the attendees as willing to do whatever it takes to stay current.
In a recent post ( There’s no shame in looking good) DHH says
“it’s at the core about people feeling good about that which is pretty. That doesn’t make us shallow, that just makes us human.”.
I think, though, we’ve got our own perception of pretty. My idea of pretty is the Thinkpad that he mentioned in the article (up next to the MacBook Air). I agree that the MacBook Air has some aesthetics, but the beauty that I see in the Thinkpad is durability and support for my favorite OS (Linux). There’s a line there – I wouldn’t accept a brick for a laptop, but my perfect design is significantly different than DHH’s.
Embrace what looks good to you. Is it the aesthetics of a clean, svelte design? Or, like me, do you appreciate the durable and extensible? Where do you draw the line? What’s your perfect design?
My resume is on the web. Most of the time, however, I’ve asked the ‘bots to leave it out of the index. Recently, though, I’ve allowed the ‘bots to index my resume, and it’s generated a bit of harvesting action. Here’s the snippet from the weblog Actual Link Here:
210.245.110.78 – - [17/Sep/2007:02:56:34 -0400]
“GET /MyResume.html HTTP/1.1″ 200 4592 “http://www.google.com.vn/search?q=inurl:cv+%7C+
inurl:resume+%7C+inurl:vitae+%7C+intitle:cv+%7C+
intitle:resume+%7C+intitle:vitae)
+(%22Java+developer%22+%7C+%22C%2B%2B+developer%22)+
(C%2B%2B+%7C+Java+%7C+J2EE)+
(Linux+%7C+Unix)+-usa+-india+-C%23+-.Net+-PhD+-Ph.D+-CA+
-NY&hl=vi&start=80&sa=N”
“Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)”
Which translated means:
210.245.110.78- This is the IP Address of the requestor. DNSStuff.com reports that this IP address is from Ho Chi Minh City, Ho Chi Minh (Vietnam). This is consistent with the Google site used for the search (www.google.com.vn)
[17/Sep/2007:02:56:34 -0400]- The date of the search
200- The webserver response. 200 is success
4592- This is the size of the document – my resume is only 4592 bytes. There’s an associated stylesheet, and that’s fetched right after the resume.
- referrer field
-
The remaining information is the referrer field. This is how you tell what document the user was on when they clicked a link.
http://www.google.com.vn- This is the Google site in Vietnam. Looks like our visitor was from Vietnam.
/search- This is the search url – nothing special here
inurl:cv- Specifies a search where the URL fetched has “cv” in it.
+%7C+- the “+” symbol represents a space in URL encoding and the %7C is a “|” (bar) symbol. This construct means the previous search term is “or’d” with the next search term.
inurl:resume | - Specifies a search where the URL fetched has “resume” in it.
inurl:vitae | - Specifies a search where the URL fetched has “resume” in it.
intitle:cv | - Specifies a search where the title of the document fetched has “cv” in it.
intitle:resume | - Specifies a search where the title of the document fetched has “resume” in it.
intitle:vitae- Specifies a search where the title of the document fetched has “vitae” in it.
("Java developer" | "C++ developer")- Document text contains “Java Developer” or “C++ developer”
(C++ | Java | J2EE)- Document text contains “C++” or “Java” or “J2EE”
(Linux | Unix)- Document text contains “Linux” or “Unix”
-usa -india -C# -.Net -PhD -Ph.D -CA -NY- Documents without the words usa, india, C#, .NET, PHD, Ph.D, CA and NY
So, as you can see, the headhunters (at least the Vietnamese ones), are very proficient in Google searches. If you want to type in the text to the Google search box, here’s the text you’ll need:
inurl:cv | inurl:resume | inurl:vitae | intitle:cv | intitle:resume | intitle:vitae) (“Java developer” | “C++ developer”) (C++ | Java | J2EE) (Linux | Unix) -usa -india -C# -.Net -PhD -Ph.D -CA -NY
Enjoy, and now you’ll recognize the resume harvesters when they drive by your site.
I’m a member of a local Linux users group. Most of the members have Linux installed at home, and are happily learning how to use it, develop for it, or deploy it in a corporate environment. The reality of today’s computing environment is that there are still many Unix (AIX/HPUX/Solaris, etc) machines installed or scheduled to be installed, that require administration. Unix big iron pays the bills in may enterprise shops, and while Linux may get you in the door, Unix will keep the paychecks coming.
The barrier to entry for large Unix environments has the potential to be very high. Contemporary hardware is expensive, and the operating system and software are equally expensive. New System Administrators need access to the Unix OS to at least gain some knowledge about it’s quirks and capabilities. HPUX admins need to know SAM, AIX admins need to know SMIT. Everyone needs to know how to partition logical and physical volumes on their Unix systems.
Luckily, most of the large Unix vendors have test drive programs that allow access to many of their products over the internet, or even in the comfort of your own home. These are usually just a registration form away, and can provide access to OS, compilers, configuration, web servers and a host of other software. Below find links and capabilities of the programs offered by the large Unix vendors.
Continue Reading…
From the article: “Today I’m launching ajaxWindows – a complete virtual PC you can experience using only a browser from any web connected computer. If you would like to see it in action, check out the online demo or the video. Remember that everything you see is happening within a web browser.”
Will ajaxWindows.com herald a new era? Internet access is mostly ubiquitous now, and has enabled such technologies as web-based E-Mail, project management, social networking and IM. When using VMWare sessions, I *really* like the fact that session state is saved perfectly when I stop the virtual machine, and ajaxWindows promises similar functionality.
The logistics of the service are more easily implemented, since they’re leveraging existing online services, such as gmail and MP3tunes, which should reduce the space requirements for the ajaxWindows.com site.
The adoption of this as the computer, rather than simply yet another service, will depend on two things:
Security
Will there be a significant breach of security, compromising credentials for the services configured in ajaxWindows? I personally am uncomfortable storing my credentials in a centralized place without significant safeguards in place. While my MP3tunes information is not confidential, my G-Mail account has lots of information that I want to keep private. I’m sure the script-kiddies and botnets are amassing forces right now to attempt the compromise of confidential user information.
Developer API
The Facebook phenomenon has proved that a great developer API will speed platform adoption. I’d be delighted to be able to provide an application platform to users using the ajaxWindows OS. If (see above) security is acceptable, users could be encouraged to use ajaxWindows to access personal banking, retirement information, healthcare information etc, without installation of fat applications on multiple platforms.
As soon as the site comes back up, I’ll log in and give it a test drive. I’ll be particularly interested in the security and API, since I think that’s what will drive large scale adoption.
Update: If you go to ajaxWindows.com, you see:
Thank you for
visiting ajaxwindows.com
We are currently experiencing massive amounts of user registrations
and traffic.
Please check back with us in an hour.
Thanks for your interest, The Ajax13 Team
Looks like there’s a ton of interest in an “Internet OS”. I played around with the site a bit before it went down, and noticed a few things:
- Many of the applications open in your own browser
- Java is used for the synchronization process – make sure your JVM is up to date
- You’ll be strongly encouraged to give them your gmail credentials (yuck!)
- There is a full set of office application – interestingly there’s a PowerPoint-style application
- There are lots of applications that I just didn’t have a chance to play with – maybe in a day or so when the traffic dies down
Good luck – I hope you get in and get an account.
read more | digg story
