Tuesday, July 31, 2007

The Cotton Club Has Moved...

I am not blogging here anymore but will leave the blog here in order to keep my old posts online, but if you want to read any of my new posts, go to: http://www.cottonrohrscheib.com

Monday, January 29, 2007

Is Dial-Up Still Standard?

As web developers, we like to equip ourselves with the speediest computers, the fastest Internet connections, and the most standards-compliant browsers, but how is the rest of the world keeping up?

Albert Listy writes:

With all of the things you hear and see about Ajax these days I would think that dial-up should no longer be considered the standard. When you look at .NET you have post-backs and you take care of most of the page control on the server side and just serve up HTML (mostly) to the client. With Ajax you send more files and control substance to the client which take more bandwidth.

My web development question is should we still consider a “dial-up” connection the “standard” for our web design projects?First off, I should point out that some of the conclusions you’re drawing are a little off. The heavy use of post-backs in ASP.NET is actually a real source of pain for dial-up users, who are being forced to reload an entire page with almost every action they take. A well-designed AJAX application, meanwhile, can significantly reduce bandwidth usage by sending relatively small parcels of JavaScript code to the browser at page load, which then allow the browser to handle much of the user interaction without having to reload entire pages from the server.

At last check, more than a quarter of active Internet-connected users in the United States were still on dial-up, and predictions state that they won’t be making the move to the fat pipe anytime soon (due in part to the fact that local calls are free in North America).

Other countries seem to be having more success in fostering broadband adoption, so the answer to this question depends in part on your target audience.

Here at the Yank family cottage, where it’s dial-up or nothing, my sympathies lie with that stubborn minority. Unless your site can better fulfill its purpose by taking advantage of broadband (e.g. a video sharing site), I’d say you should still design with an eye to limiting bandwidth usage. Even your broadband users will thank you when your site loads in the blink of an eye.

Kevin Yank
Sitepoint Times…

Is Ajax the future of Desktop Software?

Since the emergence of Dynamic HTML circa 1997, pundits have predicted the death of desktop applications. Will AJAX prove to be the magic ingredient that makes these long-standing predictions come true?

From David McLeary of Cloud Ten Limited: “The use of AJAX has made it almost possible to replicate most operations of software that is available such as Microsoft Excel. Do you think the use of this is the future or are the limitations placed on it by, for example, browser security going to prevent it from reaching its full potential.”

Let’s stop for a moment to examine the benefits that AJAX-based web applications have to offer over their desktop counterparts:There is no software installation required, removing a barrier to entry for some users.

Users can access the application, along with their data and preferences, from any Internet-connected location with a modern desktop browser.The latter has had a significant impact on which AJAX applications have been successful in attracting users. AJAX has been successful in spaces like email, calendaring, mapping and photography, where mobile or multi-location access is clearly beneficial.

More office-oriented applications like spreadsheets will struggle to find a market for AJAX implementations, at least for now. Having ad hoc mobile access to these types of applications may become important to users somewhere down the line, but it isn’t yet. Consequently, users will tend to stick with traditional desktop software solutions, where the interface can be completely tailored to the needs of the application.

That said, I don’t mean to imply that traditional desktop software and AJAX-powered web applications are the only two options. There are many hybrid solutions that are attempting to blur the lines between the Web and the desktop, attempting to harness the benefits of each to capture the hearts and minds of mainstream users.

For example, Adobe Flex and OpenLaszlo add the requirement of an up-to-date Flash plug-in to the browser, but in return offer greater control over the user experience, and an escape from certain browser sandbox restrictions (such as local data storage).

Closer to the desktop, there is Java Web Start, that can download, install and launch a desktop application when the user clicks a link in a web page. Upcoming alternatives such as Adobe’s Apollo and Microsoft’s XAML will work in a similar fashion. It will be interesting to see if any of these platforms can achieve the ubiquity of the AJAX-capable web browser as a means of accessing applications away from the home/office desktop.

Simplicity Sells!

This is a good article I found on Sitepoint that was
written by Brendon Sinclair


I booked my wife some plane tickets online last week and it was a very frustrating experience. I would enter the date she wanted to travel, select a timeframe in which she wanted to fly, check the availability of a flight and, when the date I wanted was sold out, I’d have to hit the Back button and start all over again.

Each time, I had to input in every single bit of information again. I was so frustrated with the process after the fourth or fifth time that I was ready to leave the site and try the competition.
It was only then that I realized that I didn’t have to go back each time: my details were being saved below the fold, at the bottom of the page. But I didn’t see that the first few times I tried to use the booking service.


I’d love to know just how many people give up on that site because they become frustrated with the process, and don’t realize their details are being saved to the form. With an average air ticket sale being around $500, a 1% shift in conversion rates would add up to hundreds of thousands of dollars per month.

Testing every aspect of your business is essential. After all, you don’t want to spend thousands of dollars on ineffective advertisements, or waste the opportunities that each visitor to your site presents.

Test and measure. Test and measure. Just because huge companies don’t bother to do it doesn’t mean you shouldn’t!

Brendon Sinclairtribune @ sitepoint.com

Essential Programs For Your Virtual Toolbox

Essential Programs For Your Virtual Toolbox
By Kim Roach (c) 2006

As an online marketer and webmaster, there are a number of tools that you will want in your virtual toolbox. To get you started, I have scoured the net to find some of the best programs to help webmasters improve their sites, their rankings, and their productivity. Best of all, each one of these tools is free. We’ll start with one of my favorites.

Good Keywords

Good Keywords is a program that allows you to quickly and easily create an extensive list of targeted keywords for your website using Yahoo, Ask, and Overture. This frëe tool comes loaded with a link popularity meter, a keyword phrase builder, a misspelled word generator, and a web page explorer tool that will allow you to quickly see what keywords other sites are targeting. Once you have found your desired keywords, you can group them into keyword sets, which can then be copied into your clipboard. To find out more about this handy tool, go to http://www.goodkeywords.com.

BackLinks Master

It is a well-known fact that search engines use link popularity as one of their top ranking factors. However, quality is much more important than quantity when obtaining inbound links. In addition, many of the search engines place importance on the use of relevant anchor text. With a tool known as Backlinks Master, you can monitor your link popularity in Google, Yahoo, and MSN. This tool finds direct links, JavaScrípt links, and others. In addition, you will be shown the anchor text and link type that others have used to link to you. To start taking control of your link popularity, go to CleverStat.com.

SEOpen

SEOpen is a Firefox extension that provides numerous SEO tools at the clíck of a mouse. All of its features can be easily accessed by right-clicking on a web page.
Using this tool, you can examine your competitors:
Yahoo BacklinksPages in Yahoo IndexGoogle BacklinksGoogle CachePages in Google indexGoogle RelatedPageRank ReviewMSN BacklinksPages in MSN IndexAlexa OverviewAlexa TraffícAlexa RelatedAlexa Backlinks“Mass Chëck” multiple sources at onceConfirm DMOZ InclusionKeyword DensityPage Size CheckerHTML ValidatorServer Header ViewerWayback MachineReview robots.txt

Whois Info

To quickly and easily perform competitor analysis, visit http://seopen.com/firefox-extension/index.php.

Active Web Reader Customizer

RSS is becoming one of the best ways to increase your online exposure. With the upcoming release of Windows Vista and Internet Explorer 7, RSS usage is expected to rise significantly. However, RSS is also new enough that you can use this technology to create an effective viral marketing campaign.

You can do this by distributing your own RSS aggregator. If your RSS aggregator becomes popular, your brand could become very well known on the Internet. With the Active Web Reader Customizer, you can recommend and distribute an RSS reader that is preloaded with your feeds and web pages. By doing this, you are giving your visitor additional value and increasing your brand exposure at the same time. Start creating your very own customized RSS reader at http://www.deskshare.com/awrc.aspx.

RSS Wizard

We’ve talked about the wonderful benefits of promoting an RSS feed, but how do you actually create one. Fortunately, you don’t have to be a techie to create your very own RSS feed. All you need is a tool like RSS Wizard. This tool will automatically convert almost any web page into an RSS feed. With the RSS Wizard, you can create, edit and publish an unlimíted number of RSS channels. To start creating your own RSS feeds, go to http://www.extralabs.net/rss-wizard.htm.

FeedDigest

Not only can you create RSS feeds for your own website, but you can also incorporate other peoples’ RSS feeds into your site to increase your publishing power, deliver value to your readers, and ensure that your website is constantly up-to-date and changing. In fact, with a tool called FeedDigest, you can mix multiple feeds into a single feed to post on your website. By doing this, you will be able to deliver your visitors a unique mix of automatically updating content. You could also create a news dashboard to syndicate the latest news on any topic. The possibilities are unlimíted. You could create a feed that combined forum posts, news headlines, Ebay items, Digg posts, Flickr photos and even podcasts all rolled into one, constantly updating stream of related content. To start creating your own customized RSS feeds, go to http://www.feeddigest.com.

MailWasher

If you’re like most online marketers, you are probably receiving a flood of sp@m in your inbox. Fortunately, there is a frëe tool that will help remedy your sp@m problems. This software is known as MailWasher and it helps you eliminate your unwanted email, thus allowing you to have greater productivity. Best of all, this increased productivity ultimately leads to increased revenues. Start increasing your own productivity at http://oss.firetrust.com/home/.

Audacity

Audacity is an open source program that allows you to record live audio, edit audio files, cut, copy, slice and mix sounds together. Whether you are looking to record interviews, create your own podcasts, or edit your audio files, Audacity is a great solution. Look it over at http://audacity.sourceforge.net/.

CamStudio

CamStudio is a great piece of software for creating screen capture videos. This software records screen activity from the Windows desktop and then turns it into standard AVI movie files. In fact, CamStudio can then convert these AVI files into bandwidth-friendly Streaming Flash Videos (SWFs) with its built-in SWF Producer. These are great for creating info products, video tutorials, and software demonstrations. In terms of quality and price, there is simply no better solution for Screen Cam software. Try it out at http://www.camstudio.org.

About The Author

Kim Roach is a staff writer and editor for the SiteProNews and SEO-News newsletters. You can also find additional tips and news on webmaster and SEO topics by Kim at the SiteProNews blog. Kim’s email is: kim @ seo-news.com

Wednesday, November 29, 2006

Pleth's Default DNS Settings

In the past we have been asked what DNS settings are put in place for our clients domains when we add their sites to our servers, hopefully the information below will provide the answers for you. If not, please do not hesitate to contact our support department about any questions you might have prior to transferring your domain regarding your DNS zone files.

Occasionally our clients will have their own mail servers, such as Microsoft Exchange that they prefer to run in tandem with their websites in which we host for them. We can accommodate these needs for clients without any problems, in fact through the PLESK control panel, our clients have the ability to edit their own zone files, or we can handle it for them.

yourwebsite.com. NS ns.yourwebsite.com.
mail.yourwebsite.com. A 70.86.194.00
ns.yourwebsite.com. A 70.86.194.00
yourwebsite.com. A 70.86.194.00
webmail.yourwebsite.com. A 70.86.194.00
ftp.yourwebsite.com. CNAME yourwebsite.com.
www.yourwebsite.com. CNAME yourwebsite.com.
yourwebsite.com. MX (10) mail.yourwebsite.com.
70.86.194.00 / 24 PTR yourwebsite.com.

Friday, November 10, 2006

Avoiding SQL Injections

Since it first saw success as a powerful web development platform, PHP has suffered from the ease of use that bred that success. Inexperienced developers can all too easily build applications that are vulnerable to attack, and one of the most common vulnerabilities is the SQL injection.

From Kees Kodde of Qrios Web Design: “In most security related articles about web development, the threat of SQL injections is mentioned, and there seem to be a lot of ways to defend against this. What is, in your opinion, the most simple and effective way to filter possible SQL injections out of user input?”

The biggest challenge of defending against SQL injection attacks is understanding them, so let’s start with a simple example in PHP. This script fragment determines the price of a product given its ID as submitted by the browser:

$id = $_POST['id'];$sql = "SELECT price FROM
products WHERE id = $id";$result = mysqli_query($db, $sql);$row =
mysqli_fetch_row($result);$price = $row[0];


The problem here, as in most scripts vulnerable to SQL injection attacks, is that an assumption has been made about a value that is being received from the browser. The code assumes that the ‘id’ value sent by the browser will be a number, and can be placed into a string to form an SQL query like this:

SELECT price FROM products WHERE id = 123


But what if the ‘id’ value contains a maliciously-crafted string instead? When the value is placed into the string, it could instead form a query like this:

SELECT price FROM products WHERE id = 123 OR price
<>


That’s an SQL injection. In this example, it will fool the script into fetching a price less than 10 (assuming there is another product with such a price in the database) instead of the actual price. In other cases, SQL injections can be used to bypass password checks when logging into a site, and in some rare cases even modify the data stored in the database.

In general, the solution to SQL injection attacks is to enforce every assumption you make about any value that you insert into an SQL query. You can either do this manually, or use a pre-built library to do it for you. The above example could be modified to force the ‘id’ value to be interpreted as an integer:

$id = (int) $_POST['id'];


For numbers like this, you can force the language to convert values to numbers. For strings to be included in SQL queries, you need to use tools like PHP’s mysqli_escape_string function to convert special characters like quotes into a form that will not interfere with the query’s operation.But relying on yourself and your fellow developers to remember to enforce these rules for all browser-submitted data is problematic. Instead, you should use some library that will do it for you.

PHP5.1’s PHP Data Objects (PDO) API allows you to place values into SQL queries safely, specifying the expected data type.

$stmt = $db->prepare('SELECT price FROM products
WHERE id = :id');$stmt->bindValue(':id', $_POST['id'],
PDO::PARAM_INT);


So to answer your question, the simplest way to defend against SQL injection attacks is to avoid building your own SQL queries, and instead to use an API like PDO that will do it for you, safely. Indeed, PHP is one of the few languages where building SQL queries by combining strings is a common practice, and I’d say the prevalence of SQL injection attacks on PHP-based applications can be largely attributed to this.