Web Design – A Look Back At Big Tech Stories OF 2012

Looking at web industry from a business angle, Ars Technica muses upon six big stories that stood out last year. Of those six, we’ll peg BitCoins as the story we’re most likely to look back on in a decade and wonder “what were they thinking?” Like Microsoft Bob, Pets.com, and the CueCat, BitCoins still have that cachet of “naive pre-web-bubble idea”. The article goes into several ways where BitCoin has had trouble already, which we predict is the shape of its doom, arrising like a Grim Reaper in the West.

Looking For An Offbeat Image Source? Look No Further

Web Designer Depot has a post up about the gems you can find in creative commons images on Flickr. “Creative Commons” basically means “free to use” – sometimes technically for non-profit purposes, but really, does the 0.0005 of a penny you get from ad clicks count as “profit” anyway? While we’re at it, here’s a bunch more royalty-free image sources every web designer should have bookmarked:

Why People Don't Join Your Site

Web Design – This Is Why People Don’t Join Your Site

Possibly the most excellent post we’ve read this year: 8 Reasons Users Don’t Fill Out Sign Up Forms. Every website owner or maintainer ought to be required to read it and pass a comprehension test afterwards.

Newsletter-iconBriefly, the point is that users avoid signing up to become a member of a site unless they absolutely have to. Call it, if you will, “social media fatigue“. Ten years ago, the web was yours just like your TV set, and the only time you had to sign up for anything was if you were buying something. Now you can’t click a mouse button without logging in with a nick and password. Who can remember them all? Why does it feel like getting married every time you just want to leave a quick note somewhere?

Social Networks Haven't Changed Since The Pleistocene Era

Web Design – Guess What? Social Networks Haven’t Changed Since The Pleistocene Era

Oh, you think you’re pretty savvy and sophisticated, with your Twitter and Facebook and Blogger? You think we’ve gone places and done things that could never have been done before? That we’re living in the future, plugged into a worldwide hivemind that our predecessors could only dream of?

holding_big_smart_phone_icons_1600_clr_9132Nah, actually, Wired assures us that we’re not any different than prehistoric cavemen when it comes to social networks. Researchers studied a primitive tribe of hunter-gatherers and discovered that they had the same behavior patterns in socializing that our electronic socializing does. They found matches in mutual popularity, closer friends versus more remote ones, and similarity breeding friendship, among other factors. (more…)

A Good Tutorial on XSS Attacks

Web Design – A Good Tutorial on XSS Attacks – They’re Easier Than You Think!

Just in case there’s a few designers out there who still haven’t gotten the word, here’s a great, simple explanation of how web page code injection works. It’s astonishingly simple. Read through this example, then try it on your own website if you have a PHP page that takes variables as part of its URL (who doesn’t these days?). In a nutshell, code injection works when your URL ends with something like “?search=something” and then your script does not check for valid input in the variable “search” before using it.

HackerXSS vulnerabilities are also easy to discover. For instance, imagine a cURL script that runs through your bookmark file and looks for the characters ‘?’ or ‘=’ in a link. It then tries to fetch a page for each of those links with something like ‘

‘ and then checks the returned page for the text ‘EXPLOIT ME’ somewhere in the body. If it finds that, it adds the link to its list of pages with exploit potential.

You could just Google random dictionary words and find dozens of sites per day with a system like that! So don’t assume that a potential vulnerability will never be found – they get discovered and used every day. (more…)

Why Adobe Doesn’t Understand Web Designers

Maybe Web Designers Are Just Hard For Everybody To Understand?

We were amused by Why Adobe Doesn’t Understand Web Designers, a post ruminating on the failings of Adobe to woo the web design crowd crowd, provoked by its latest controversial ‘Muse’ product.

web-design-bannerYou’ll notice that the latest “easy enough for a caveman!” web design product always draws the same discussion online: First somebody moans how this is really a toy, no good for professionals. Then somebody always counters (in a snide tone) “Well this isn’t for you elitist professionals, this is so mom and dad can design web pages for their cookie business!” Yeah… but we’ve been hearing this since 1998 with Microsoft’s FrontPage Express. You know how it goes: The easiest-to-learn tool (which always has the least features) soon becomes an industry standard, at which point its user base demands more features. Then it isn’t easy to use anymore, and somebody makes another alternative… the cycle repeats.

The money quote from the article: “WYSIWYG’s shouldn’t be a way to avoid learning code, they should be a way to teach it.” Yeah, but that only makes sense on non-Earth planets. If it were as simple as “learn to code”, we wouldn’t have invented any of these tools. Humans and code appear to be mostly incompatible.

 

Web Security

Which Hack Will Break Your Website? The One You Didn’t Think Of!

You might have heard that, amid the recent rash of cyber-attacks on high-profile institutions, that Citicorp got hacked. Details of some 200,000 bank accounts got compromised. But the news gets weirder when you consider how it was done, in the most blazingly obvious way.

misc_hackBriefly, credit card customers noticed that their credit card account number showed up in the URL of any given page when they were on the Citigroup website. Well, what happens when we substitute another credit card number? Oops, that shows you the page for that card! Great, let’s write a script to have wget or lynx or something run through all the 16-digit combinations and save whatever pages it finds for later phishing.

Yeah, it was that simple.

The lesson we can all take away: Think of everything! While it may seem blindingly obvious now that not hashing the account number in the user’s visible URL was a bad idea, would you have thought of a similar hole that large on your own site? One expert is quoted in that article that he: “…wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser.”

It just goes to show, anybody can be caught off-guard.

Laneway Music Festival Website

Web Design Case Study: Laneway Music Festival Website

Melbourne, Australia hosts the annual Laneway Music Festival, and they’ve got a website that’s been attracting attention in web-design circles. For those not in the know, Laneway is the premiere event for the Indie music scene, hosting such headline acts as The Hold Steady, Echo & The Bunnymen, Midnight Juggernauts, and too many more famous acts to list here.

designers-instrumentary_512The site attracts attention for its unusually clean design. One really odd quirk that we don’t like, though, is that it has to build a different page for each major city, forcing you to a landing page that makes you select a city – why? The content looks identical regardless which city you selected. You can also change the city from the drop-down menu after you get to the main page anyway, so that’s pointless all over again! Here, the festivals’ in Melbourne, we gave you the Melbourne link.

(more…)

Internet Explorer's Test Drive Site

Internet Explorer’s Test Drive Site

Wow! For all the derision and loathing we pour on Microsoft and its village-idiot web browser, every now and then you see some engineering project from a back room on the Redmond campus that makes you think that somewhere in the steamrolling bureaucracy, somehow, there are fun, creative minds just trying to claw their way out.

Witness the IE Test Drive Site. It’s a place to test out demos relating to HTML5 and other web technologies, which Microsoft is trying to keep on track for preview editions of Internet Explorer. But there’s lots of fun, fun stuff here, including a pinball game, a Sudoku generator, an asteroid field simulator, and tons more stuff. Just be advised that it’s meant to be cutting-edge, so if you’re not updated to full-modern standards, you won’t be able to run this stuff.

We have just one question: Why aren’t the people behind this demo site running the whole dang company? It’s this thrilling attitude towards playing with technology and making it do gee-whiz stuff that Microsoft had in spades in its early days and so grimly lacks now.

Open source software

Can Web Software Be Successful Without Being Open Source?

We were reminded of this factor when we saw Tech Drive-In’s list of 11 Biggest Open Source Success Stories That Are Changing The World As We Know It. And all of them are tied to web and Internet business in one way or another.

fxosWe have Linux in general and Red Hat Enterprise Linux in particular (Linux is dominating the web server market and Red Hat is one of the chief vendors), Ubuntu (the most successful user-level Linux distro, distributed mostly over the web), WordPress and Drupal (there’s your whole CMS management system for websites), MySQL and Apache (the web server that ties it all together), Firefox and Google Chrome (two of the most popular web browsers), and of course Android (bringing mobile phones into the market). That leaves Open Office as the only desktop-related, non-web technology… although it’s a standard fixture on Linux.

(more…)