• Home Page
• Computer Blog
• Chess Blog
• Exercise & Diet Blog
• Theology Blog
• Islamic Terrorism Blog
• Contact Us

Cleaner code is better than faster code

I can’t tell you how many times that my programming experience (in Java, PHP etc) has guided me in my web design work … and strangely, even in other aspects of my life not at all related to topics ‘nerd’.

… Ah, nerd wisdom prevails in all aspects of life.

Anyway, here yet again, is another example where programming guides me: this time, it’s all about web design and code.

-

Over the last few years, the consensus in the web design community has been to streamline code. In real terms, that comes down to:

• collapsing html
• collapsing css
• … and consolidating css code into one file, to minimize the number of server hits.

… The idea is to speed up web page load times and to reduce web server loads.

This is an important goal and something all web designers should be concerned about. The problem is that if you are concentrating on optimizing your CSS or HTML to speed things up, you are concentrating on the wrong parts of your websites.

The fact is, that most of the optimization opportunities is actually found in your images, Flash movies and other multimedia content - not the code.

(more…)

Radio on the TV

I was in the illustrious surroundings of Rissington last week to deliver a DOM Scripting workshop. My good friend Ann was in attendance. During the latter part of the workshop — which was deliberately more loosely structured than the rest of the day — she pointed me to a really lovely bit of JavaScript form enhancement.

Take a look at the UK and Ireland TV and radio listings on Yahoo. See that search form in the upper right corner? It’s using the standard design pattern of allowing you to specify exactly where you’re searching. But unlike most implementations, this one is built on a rock-solid foundation of semantic markup.

Steve Marshall has the lowdown. Under the hood the form is using radio buttons for choosing where to search. Then, using a combination of JavaScript and CSS, this default representation is augmented to look and behave as desired. Switch off JavaScript and you can still use the search form perfectly well.

What impresses me about this isn’t so much the code (although I’m sure it’s top-notch), it’s the thinking behind the implementation: start with solid semantic markup with good ol’ fashioned form elements for interaction; then think about how it can be enhanced. Nice one, Steve.

The last book you will ever read

John McCool chosen as Jayshree Ullal’s replacement to lead Cisco’s Data Center Switching and Services Group (DSSG)

John McCool was chosen to succeed Jayshree Ullal as the leader of the DSSG yesterday. John comes with a rich development background on both the 4500 and 6500 series platforms, as well participating in internet standards bodies.

Please join me in welcoming John McCool to his new position as the leader of (in my opinion) Cisco’s most strategic business units.

Post from: Colin McNamara - CCIE 18233 , RHCE, CCVP, GIAC-GCIH, GEEK

John McCool chosen as Jayshree Ullal’s replacement to lead Cisco’s Data Center Switching and Services Group (DSSG)

Office 2007 SP1 To Go On Automatic Updates June 16

Should Twitter replace Q&A?

More twitter talk... Jimmy Ray and I were brainstorming how we might be able to use Twitter when a show is streaming live to get a more animated (and transparent) conversation going about the topics on a given show. For every live show, we feature a Q&A with experts that is chat based via the on24 interface. We capture that Q&A and make it available to access if you are watching the replay. Why should some of that conversation stop? Could we not make it more valuable and long lasting if we moved it to Twitter? Couple of angles to consider with this:

1. Not everyone has twitter. (This once again highlights the viral networking nature of an app like this...’please join so we can add value to each other...’)
2. Twitters are limited to 140 characters. (pro and con - be concise with your question - we will have to be concise with our replies.
3. On the pro side - the conversation is viewable by all. More than just a designated group can get in on the conversation. Expands the value I believe.

I don’t quite have it straight in my head on how to do this - I think we will just start trying it over the next few shows. You can follow both me and Jimmy Ray on twitter. We have also created a TechWiseTV twitter account to follow for use during the shows.

I wonder hashtags might give us more creative options? Still a very emerging capability... so I don’t place this high on the urgent list... more about hashtag’s here:

From the about page on the Twitter Fan Wiki:

Hashtags are a community-driven convention for adding additional context and metadata to your tweets. They're like tags on Flickr, only added inline to your post. You create a hashtag simply by prefixing a word with a hash symbol: #hashtag.

Hashtags were developed as a means to create "groupings" on Twitter, without having to change the basic service. The hash symbol is a convention borrowed primarily from IRC channels, and later from Jaiku's channels.

To Catch a (Hacking) Intruder

Don’t miss another great article by Jimmy Ray posted on bMighty.com: To Catch a (Hacking) Intruder. This one covers some great technical (but easy to understand) detail on 4 things you need to do if you think or know you have been hacked.

1. (If you know you have been hacked) - Preserve the crime scene! How to do it without disturbing evidence and when to contact law enforcement.
2. Using Netstat to understand all the outside connections your machine is making.
3. Using the Registry to see what programs are starting up each time you start your machine. (Your start up menu is not your friend here... fun to see what matches up and what doesn’t.
4. Understanding the use of ADS or Alternate Data Streams (we covered this on Episode 27: Invisible Attackers). This would be the only tip JR gives that involves the use of some third party tools. He suggests a few to try.

This is a great article and is entertaining as well as informative. Another nod to the greatness that is Jimmy Ray and of course proof once again I get to work with the smartest people at Cisco. I only have two complaints:
1. I wish JR’s articles on bMighty did a better job of linking back to our official video site at Cisco so people could find more content with and by Jimmy Ray (www.cisco.com/go/interact)
2. This was a very windows centric article. No mention of how to do this with a Mac. Now Jimmy Ray is as comfortable with his Mac as he is with anything else... but he is playing to the larger crowd it looks like. Perhaps he will follow up with a blog entry here on advice for Mac users to do some of the same things he referenced in this article!?

Great Stuff Once Again my Redneck Friend!

Robb

Thanks and farewell to Jayshree Ullal

Jayshree Ullal anounced today that she will be leaving her post as Senior Vice President in charge of Data Center, Switching, and Security groups. Jayshree has earned a reputation inside and outside of Cisco as a person who could take charge and get things done. First coming to Cisco as an engineer with the crescendo acquisition, she has directed some of Cisco’s most successful units culminating with the realization of the DC 3.0 vision.

Please join me in thanking Jayshree for all the positive contributions she has given to Cisco and the industry, and wishing her the best in her future endeavors.

Post from: Colin McNamara - CCIE 18233 , RHCE, CCVP, GIAC-GCIH, GEEK

Thanks and farewell to Jayshree Ullal

Link Checker Tools & Broken Link Checking Software Mega List

Protecting against blog comment spam.

Hi,

First things first: thank you for Akismet!

… I just wanted to offer my sincere appreciation for the Wordpress anti-spam plugin: ‘Askimet’.

This nifty plugin has saved me countless hours (and possibly days) of work by filtering out hundreds of spam post each and every day!

I can easily say that for me, Askimet has proven to be the most important plugin for Wordpress.

… Just in the time it took me to write this post, Askimet has caught 7 spam comments!

If you see a spammer, smack him!

It is clear that blog spammers are among the worst of Web citizens. They are the hyena’s of the Web, trying to steal traffic they don’t deserve.

Blog spam protection tips

Being a high value spam target (the juicier the traffic …), I can offer the following advice:

(more…)

Free Firewall Aces PC Mag’s Tests

Model-Glue 3 - Example of Custom Event Types

There is only one Spry…

Amazon.com Loves My SQL In 10 Minutes Book

Fun with the Fortune 500

While Cisco is one of the big kahunas of networking and continues to roll as seen in its Q3 financial results released this week , it's easy to forget that Cisco isn't quite so big when you compare it to other companies of all types.

Read more

Design patterns for accessible, crawlable and indexable content

Daddy’s Rules for Dating

Jimmy Ray has a daughter that is dating age.... I have one that I am trying to keep from getting even close thinking about dating... Sorry this post has nothing to do with show or with networking but I found every bit of advice within these posts to be right on the mark!

Daddy’s Rules for Dating

Rule One:
If you pull into my driveway and honk you'd better be delivering a package, because you're sure not picking anything up.

Rule Two:
You do not touch my daughter in front of me. You may glance at her, so long as you do not peer at anything below her neck. If you cannot keep your eyes or hands off of my daughter's body, I will remove them.

Rule Three:
I am aware that it is considered fashionable for boys of your age to wear their trousers so loosely that they appear to be falling off their hips. Please don't take this as an insult, but you and all of your friends are complete idiots. Still, I want to be fair and open minded about this issue, so I propose this compromise: You may come to the door with your underwear showing and your pants ten sizes too big, and I will not object. However, in order to ensure that your clothes do no, in fact come off during the course of your date with my daughter, I will take my electric nail gun and fasten your trousers securely in place to your waist.

Rule Four:
I'm sure you've been told that in today's world, sex without utilizing a "Barrier method" of some kind can kill you. Let me elaborate, when it comes to sex, I am the barrier, and I will kill you.

Rule Five:
It is usually understood that in order for us to get to know each other, we should talk about sports, politics, and other issues of the day. Please do not do this. The only information I require from you is an indication of when you expect to have my daughter safely back at my house, and the only word I need from you on this subject is: "early."

Rule Six:
I have no doubt you are a popular fellow, with many opportunities to date other girls. This is fine with me as long as it is okay with my daughter. Otherwise, once you have gone out with my little girl, you will continue to date no one but her until she is finished with you. If you make her cry, I will make you cry.

Rule Seven:
As you stand in my front hallway, waiting for my daughter to appear, and more than an hour goes by, do not sigh and fidget. If you want to be on time for the movie, you should not be dating. My daughter is putting on her makeup, a process than can take longer than painting the Golden Gate Bridge. Instead of just standing there, why don't you do something useful, like changing the oil in my car?

Rule Eight:
The following places are not appropriate for a date with my daughter: Places where there are beds, sofas, or anything softer than a wooden stool. Places where there is darkness. Places where there is dancing, holding hands, or happiness. Places where the ambient temperature is warm enough to induce my daughter to wear shorts, tank tops, midriff T-shirts, or anything other than overalls, a sweater, and a goose down parka - zipped up to her throat. Movies with a strong romantic or sexual theme are to be avoided; movies which features chain saws are okay. Hockey games are okay. Old folks homes are better.

Rule Nine:
Do not lie to me. I may appear to be a potbellied, balding, middle-aged, dimwitted has-been. But on issues relating to my daughter, I am the all-knowing, merciless god of your universe. If I ask you where you are going and with whom, you have one chance to tell me the truth, the whole truth and nothing but the truth. I have a shotgun, a shovel, and five acres behind the house. Do not trifle with me.

Rule Ten:
Be afraid. Be very afraid. It takes very little for me to mistake the sound of your car in the driveway for a chopper coming in over a rice paddy near Hanoi. When my Agent Orange starts acting up, the voices in my head frequently tell me to clean the guns as I wait for you to bring my daughter home. As soon as you pull into the driveway you should exit the car with both hands in plain sight. Speak the perimeter password, announce in a clear voice that you have brought my daughter home safely and early, then return to your car - there is no need for you to come inside. The camouflaged face at the window is mine.

If you get this far - don’t forget to fill out the application:
Application for Permission to Date My Daughter

Proposals for ColdFusion 9 - From the Enemy’s Camp

How to Create and Use Cookies in PHP

25 Things I Hate About Your Network

I just love this title. I think it grabs you...
25 Things I Hate About Your Network

Microsoft To Release 3 Critical, 1 Moderate Update Next Week

Stump the Geek

Our target audience is networking geeks.  The daunting thing for me is that this is generally a group of really smart people. So as I think about this - what might be the value or interest in creating a game? (read: application) that would allow our target audience to compete with each other for escalating recognition and/or prizes?  I have fond memories of ‘stump the geek’ challenges within a live audience whenever a geeky customer felt the need to challenge my engineer. Jimmy Ray in fact welcomed that and made ‘Stump Jimmy Ray’ a regular part of his presentations.  So could we not bring that to our audience building efforts for TechWiseTV?  Couple of articles got me thinking about this: 1. “2 Big Reasons Why Apps Monetize Better Than Social Networks” a blog entry by Justin who covers the blog ‘Inside Facebook’ as well as an interview he did for a company called ‘Context Optional.’  These guys apparently help build Facebook apps.   So my first confession should be obvious at this point - this is a Facebook oriented set of questions here.  Why could we not replicate the spirit of ‘Stump the Geek’ in an online application designed to build up our ‘community’of interactive fans?  (an active community of interactive fans is actually my biggest dream for this show). 

As I think this out. Here are a few things that I think are needed to work this out:

1. The Basics:  Escalating complexity on questions around Cisco Network Trivia is an obvious first step. 
2. Competition among Peers:  To create a ‘viral loop’ type effect I think we need to make this a ranking type of thing. “Who is the uber geek?” “Challenge your friends...”  Seems like it would only help us if network geeks were encouraging their peers to join facebook, become fans of our app and challenge each other to the ultimate geek supremacy. 
3. Tie it to TechWise Shows: I would think that this needs to be done with some amount of balance... but I love the idea of people perhaps opting in to answering trivia questions about what we covered on a certain show.  Escalating prizes and stack rankings once again could drive a more interactive audience.
4. Keep it Fresh.  Whatever we do it needs to change often.  This is a smart group of people and we all get whipped by the same ol same ol too often...

What do you think?   Do these ideas suck or do you think they have legs?

Robb

Pump and dump or slow economy?

Mitchell Ashley weighs in on Brad Reese's stunning blog post about Cisco's 3Q financials. Ashley says that Cisco's razor thin margins may be the culprit. Very interesting! Ashley writes:

Read more

Be careful with your image!

This is a non-doctored picture taken from
an Avaya Services brief.  I don't know the real story here so I don't want to guess... I just find it funny that Avaya has a Cisco phone in their image here and they obviously reversed the image but did not pay attention to what they did to our phone...unless maybe this is a new version I have not seen? 

CFLOG and Permissions

ColdFusion ISP List Update And Maintenance

Perfect pagination style using CSS

Override Inline Styles from the Stylesheet

Getting Creative With Transparency

Acrobat Attacks Stepping Up

McAfee Reports Widespread Fake Media File Attack

Alexa Rankings - how accurate are they?

One of the Web’s most popular places to get an idea of a web site’s traffic is Alexa.com.

There is one major problem though: Alexa is not accurate at all.

Alexa gets a lot of it’s traffic data from its’ Alexa toolbar and other nebulous source they don’t identify. So that leads me to think that they still get most of their data from the toolbar.

Sounds OK, except for one glaring problem - who uses the Alexa toolbar?

(more…)

Vietnamese Firefox Distribution Carried Malware

Ask a Jedi: Getting the current directory

Flex Renderers Can’t Rely On creationComplete

Home Improvement

It's time for some home improvements. Season 3 is just around the corner and FY’09 planning is in full swing right now.  Although we do this all the time there are many tweaks and improvements being considered for the show.  For the most part, I think we consider the ‘content’ of the show to be ‘on the mark.’  Two things we are working on now is 1. Structuring the team for growth (how do we produce more content with the same budget and team) and 2. How do we continue to grow our audience. 

I will address audience tactics in a later post so let me comment on it briefly here first.  Relatively speaking, we have been very successful so far when compared with Cisco programs of the past.   That is great and we are enjoying the accolades but if you compare our audience numbers with that of ‘total addressable audience, (all the IT people in the US?)  independent of previous Cisco results’ then we have a LONG way to go. Which is really pretty exciting.  More on this later.

There three areas in my mind that can give us immediate results in the area of ‘doing more with less’ as we move into Season 3.
1. Integrate with more Cisco product launches
2. Become more of a service.
3. Formalize our partnering strategy.

1.  Integrate with more Cisco Product Launches. I have often felt that one of the tough things about getting the word out when it comes to cool Cisco technologies or happenings we tend to get ‘lost in our own noise.’  Bottom line - we (Cisco) have a lot going on.  As a company this is why we get choosy about what gets the most funding and resources when it comes to product launches.  Video is not new at Cisco.  Cisco already produces a ton of videos, we have been doing corporate video long before it was ‘cool.’  Quantity in this sense however does not equal quality however and many of Cisco videos (internal generally) can be very informative but a little dull.  This is where TechWiseTV comes in.  We have a developed a brand, a loyal and growing audience and an experienced team that can take a product message, integrate it with the smartest technical minds from a given team and get noticed through the noise.   This also means that Jimmy Ray and I get to play with and talk about the coolest new tech stuff.

2. Become more of a service.  We need to do more shows that are joint funded by the teams whose products we are discussing.  One benefit:  Better access to the right people and the right equipment when it comes to preparing the right message.  When we drive 100% of our own show ideas, we have to spend a lot of time tracking down the right resources and convince them to give us some time.  When that same team is investing in us everything changes to the win/win angles we most enjoy.  ‘Here is our best TME’s for this subject.... we have already sent gear to Jimmy Ray in the code cave so he can break it down... here are some confidential documents to help build the story...’  That is what makes for a great show!   There is of course a drawback to this - and it comes up when we work on product launches:  Launches are very stressful events for all involved and by definition they represent new technologies that are not always ready at day 1.  Jimmy Ray is a true engineer and he won’t talk about something he can’t actually prove out through his own hands-on experience... this can be tricky to pull off when everyone is stressing to hit a launch date.  It is a fun time though and worth the trouble in our minds.

3. Formalize our Partnering Strategy.  The idea here is to do a better job of tapping into the fans of a non-Cisco technology featured on the show. It is amazing how many people follow a SolarWinds for example. We have played with this since episode 1 kicked off with great demos that included RSA and Trend Micro. We have since tried to always find good technology partners to help us round out a message on a given show.  This is in line with our sincere belief that our audience already knows we are going to talk about Cisco... we are not an independent voice... but we can certainly be responsible with a message and highlight the complimentary things that our technology partners are doing to provide more complete solutions.  Recent work by our Executive Producer Brad Murphy is starting to show a lot of promise in this area.  He has done the grunt work to get permission from Cisco to do joint sharing of the marketing info we generate that would be of value to our partner for a given show and help set up the proper quid pro quo that ensures we both get something out of working together.  This should continue to expand our audience.

There is more we are potentially looking at of course.  These are just the three I am most focused on right now.  We are in a great position right now with the popularity of the show and the internal accolades we are getting.  This is the best time to push forward however and redefine the category we have created.  The only way to do more shows without increasing headcount is to be smarter about how we use the resources that become temporarily part of our team each time we work on a new show. We are getting better and better at this and I look forward to what we will accomplish together.

Robb

Screen Capture Software - Mega List of Free & Commercial Screen Capture Software & Screenshot Tools

Congrats to April giveaway contest winners!

Congrats to April giveaway contest winners!

Congratulations to Jim Segal, network specialist at Networking Technologies! He won the Skyline-ATS free training. Jim says he's about to embark on his CCNP and is planning on taking a training course that will help him with that certification. His answer to the trivia question was correct. Answer: Cisco CEO John Chambers is making his first appearance in Barron's 30 "World's best CEOs"

You, too, can win a free training course -- but first you have to enter. Check out all of our giveaways for May!

Read more

Check Out ColdBricks, A ColdFusion Based Open Source CMS

IE8 Security Part II: ActiveX Improvements

Hi, I’m Matt Crowley, Program Manager for Extensibility with Internet Explorer. The team was very excited to be at the RSA security conference last month discussing the security features of Internet Explorer 8 Beta 1. In this, the second part of the IE8 Security blog series, I describe the ActiveX improvements in IE8 and summarize the existing ActiveX-related security features carried over from earlier browser versions.

Per-User (Non-Admin) ActiveX

Running IE8 in Windows Vista, a standard user may install ActiveX controls in their own user profile without requiring administrative privileges. This improvement makes it easier for an organization to realize the full benefit of User Account Control by enabling standard users to install ActiveX controls used in their day-to-day browsing.

If a user happens to install a malicious ActiveX control, the overall system will be unaffected, as the control was installed only under the user’s account. Since installations can be restricted to a user profile, the risk and cost of compromise (and, in turn, the total cost of administering users on a machine) will be lowered significantly.

Per-User ActiveX was designed with compatibility in mind—most existing ActiveX controls will not have to be rewritten to benefit from this feature; the only change will be repackaging. As in Internet Explorer 7, when a webpage attempts to install a control, an Information Bar is displayed to the user.

By clicking on the information bar, users can choose to either install the control machine-wide, or install it only for their own user account. The options in this menu will vary depending on the packaging of the control and the rights of the user.

The available options depend on Group Policy settings for per-user ActiveX installations and whether or not the control has been packaged to allow per-user installation.

While this feature offers the possibility of lowering total cost of ownership, IT Administrators running managed environments may elect to disable this feature via Group Policy. For more information regarding Per-User ActiveX, please refer to the Non-Admin ActiveX Controls article in MSDN’s IE8 Beta 1 Whitepapers.

ActiveX Opt-In

Recognizing that any binary extensibility mechanism increases attack surface, ActiveX Opt-In was introduced with Internet Explorer 7.

By default, ActiveX Opt-In disables most controls on a user's machine. When the user encounters a Web page with a disabled ActiveX control, they will see an Information bar with the following text: "This website wants to run the following add-on "ABC Control" from "XYZ Publisher". If you trust the website and the add-on and want to allow it to run, click here …" The user can then choose to enable the ActiveX control from this Information bar.

ActiveX Opt-In allows some controls to run by default:

• A small list of common controls intended for use in the browser.
• Controls which were used in IE on a user’s machine before upgrading to IE8.
• Controls which are installed through IE.

For more information on ActiveX Opt-In, please refer to the MSDN Article Best Practices for ActiveX.

Per-Site ActiveX

When a user navigates to a Web site containing an ActiveX control, IE8 performs a number of checks, including a determination of where a control is permitted to run. This check is referred to as Per-Site ActiveX, a defense mechanism to help prevent malicious repurposing of controls. If a control is installed, but is not permitted to run on a specific website, an Information Bar appears asking the user whether or not the control should be permitted to run on the current website.

Users can use the Information bar to allow the control for a specific Web site or allow the control for all Web sites.

IT Professionals administering a system of computers running Internet Explorer 8 may choose to preset allowed controls and their associated domains. Such settings can be configured using Group Policy.

For more information regarding Per-Site ActiveX, please refer to the Per-Site ActiveX article in MSDN’s IE8 Beta 1 Whitepapers.

Enforcing Per-Site with ATL SiteLock Technology

If your ActiveX control is designed for use only on your web site, then locking it to the domain of that Web site will make it harder for other sites to repurpose the control in a malicious manner. See Developing Safer ActiveX Controls Using the Sitelock Template for more information.

Reducing Exploit Risk with DEP/NX, “Killbits,” and Servicing

Working with your processor and Windows, IE8 helps reduce the exploitation of vulnerable controls through Data Execution Prevention. See the previous post in this series, IE8 Security Part I: DEP/NX Memory Protection, for more information on how to ensure that your ActiveX controls are DEP/NX compatible, as well as information on how to opt-in to other available protections.

If a vulnerable control has been exploited, IE has included a poison-pill option—the “killbit”— to block usage of specific controls within the browser. Vendors who are aware of a vulnerability in their control should contact Microsoft to setup a killbit for a future software update package. For more information, please refer to Knowledge Base article 240797, How to stop an ActiveX control from running in Internet Explorer.

As with standard desktop software, it is important to keep controls up-to-date to ensure compatibility with newer systems and lower the risk of compromise through evolving security threats. For more information on updating ActiveX controls, please refer to the IE Blog entry Good Practices for ActiveX Updates.

Working with Users through Manage Add-Ons

While most end users aren’t aware of the inner-workings of ActiveX controls or their enterprise policy on them (if applicable), users are able to find out information about the controls installed for use in Internet Explorer through Manage Add-Ons. It is important for developers to ensure that their controls are not only performant and secure, but also open in the information they provide.

Controls are identified by Name, Publisher, Version, and Class ID within the Manage Add-Ons interface. Given this, control developers are encouraged to include this metadata in release builds of their controls.

For more information on making sure that your ActiveX control properly conveys information about itself to users, please refer to Christopher Vaughan’s post Add-on Management Improvements in Internet Explorer 8 as well as the MSDN Article Best Practices for ActiveX.

Thanks for your help in ensuring your ActiveX controls are secure!

Matthew David Crowley
Program Manager
Internet Explorer Extensibility