web design

Via GigaOM:

Back in November, we looked at WordPress themes being distributed by third parties who’d embedded hidden code to allow the insertion of arbitrary content. Now a rash of sites are reporting that their blogs have been subverted....

...There are lots of reasons a hacker may want to inject code into a page:

• To infect visitors by exploiting a browser vulnerability
• To place ads they can then get revenue from
• To embed links to blogs they own, improving their page rank
• To entice people to click on links that lead them elsewhere

The clever thing about the WordPress hack was that it would check for code to insert into a page each time it was loaded, but if none was available, it would just sit there quietly.

It's all too easy to compromise a website's security via the theming layer. Malice is just one possibility. There are also hacks and vulnerable code gimmicks pursued amateur theme developers who just don't know better. It's not just a Wordpress thing -- it's all websites, whether built on open source or proprietary platforms (though not static html sites, which presumably are as safe as their servers).

In this context, the question for the website owner is whether you want to buy a theme (or download a free one) from an un-vetted vendor. Sure, if you are an adept coder, and/or know the proper API calls to protect your site from things like XSS, you can just clean that up and enjoy the design that attracted you in the first place. But if you don't know those vulnerabilities, you could be opening your site up to ill-will or novice mistakes. Caveat emptor. Don't end up like Deep Jive. Ouch.

Today I downloaded and installed Firefox 3 Beta 4. I could not do it before, but now that the Web Developer tools are updated and Firebug has a 1.1 beta that works in FF3, that's enough for me.

I don't know about you, but on both Macs I use regularly, Firefox 2 was crashing all the time. Last night, while writing a blog post for BlogHer, my browser crashed at least a dozen times. On my Mac Pro, Firefox completely melted down -- twice -- requiring complete rebuild from the start, manually adding one plug-in at a time. But I had to stick it out because I need those developer tools. I cannot imagine working without Firebug.

The new UI is clean, and seems to take up a bit less space. And so far FF3 is fast. Me likes.

So we learn from Secret Notes:

Apple's stylish stores and computers, all of which feature unrestricted Internet access, have become such the hang-out and gathering place for MySpace junkies that the powers that be have elected to block the popular social networking site from its systems.

By the close of business Thursday, most Apple retail stores will have implemented the block, designed to reduce the level of loitering at the stores.

More likely Apple's design aesthetic just cannot brook dreadful MySpace page designs appearing within their bricks and mortar.

The horror! The horror!

I've posted a request for input from those attending the OSCMS Summit regarding the theming session. If you're attending, please respond there. Or here, if it's convenient. We want the session to address your concerns and interests, and your help is requested.

The design of the pingVision site was driving me crazy.

It really wasn't supposed to be the actual site design, but rather a temp theme to be cleaned up and spiffed up a bit. 18 or 20 months later (I actually don't know exactly how much later) I finally got around to replacing it.

It's certainly different. Cleaner. Simpler. Too simple?

I'd started on this new design several months ago, but left the theme half-done in order to focus on client work. Finally I just had to spend a weekend tinkering with it to get it live on the site.

This really was more of a starting over from scratch on the whole template, rather than just a CSS reboot. There might be some bugs in it -- I have yet to see it in IE7, and IE6 worked yesterday, but I made some changes since -- but there it is, in an unofficial live beta. Still to do (aside from debugging): update it and the site to Drupal 5, and update some of our main pages.

So what do you think?

It doesn't really seem right to add our own website design to our own portfolio so this is probably the only place I'll post this.

And Internet Explorer just loves to knock it over. And that's enough said on that.

[Update: I removed the direct link to the ftp site because, as small as rare pattern is, every little bit counts, and I don't want to hurt Mozilla.]

As I write this, it's still not "officially" released yet, but I've just installed Firefox 2.0 after downloading it from the Mozilla FTP site (Mac versions here), and I'm loving it. I've not yet explored the preferences and all that, but so far nearly all of my extensions still work, including the web developer tools, Performancing and weather.

And so far no websites are breaking. Aren't web standards wonderful? I'm good to go. I can keep working (or writing this blog post), and not have to fret about mysterious problems.

Too bad the same cannot be said for users of Internet Explorer 7, which, with its new Microsoft-only quirks, is creating all sorts of new headaches for website owners and challenges for web developers. Some websites won't work at all in IE7.

Why Microsoft has such issues with worldwide web standards, I don't know. At least we have Firefox. Maybe, with these simultaneous releases of new browsers, more people will get fed up with IE and try Firefox. After all, if a browser is breaking websites, why use it?

So far, all the buzz is pretty much about IE7's "new" features like the tabbed browsing that other browsers have had for years now, with some mention of the upcoming Firefox 2 release.

But just wait until websites start breaking. Internet Explorer has always required non-web-standard hacks. The net effect of this has been my thumbnail estimate of 30-40% of loss of productivity in the web design field while developers work around Microsoft's "we don't need no stinkin' standards" attitude and break out the duct tape and chewing gum to make sites that work in every other browser work in IE.

IE7 honors some more web standards, but still has its own quirks -- some new ones, apparently.

Let the kvetching begin!

Over the past few days, while doing some free-association doodling to clear my head between design work for clients, I came up with this crazy little theme. There's no Reboot occasion. Just needing a change here. I suppose I should add a screenshot to the portfolio, along with others in an overdue update.

Anyway, it seems to work in Firefox, Safari and IE (Win). If it's crazy breaking somewhere, please let me know.

[image: "Technorati's new look", posted by scattered sunshine]

This will take some getting used to....

...but I think I like Technorati's new look. More colorful, less of that ugly green, and a little gel-effect to the graphics. Nice!

As for usability, it's much more personalized, less general, on the home page. But I think that's a good thing.