If I have the focused Firefox window on my secondary monitor, I can’t open a new window. I also can’t do anything that would normally result in a new window, such as “View Source” or see “HTTP Live Headers” or open Firebug in a new window.
I have to drag the window over to my primary monitor, get the new window launched, then drag the other window back over to the second monitor.
Firefox, I love ya, but you gotta do windows better!
I received a well-written, but completely absurd, spam e-mail yesterday. It started out by saying:
“I was looking at websites under the keyword face lift cape coral and came across your site tropicalwebworks.com. I see that you’re ranked #1 on page 18 in google.
I am not sure if you are aware of why you’re ranked this low but more importantly how easily correctable this is.”
WordPress version 2.6 just came out. I installed it from scratch on a new blog. The installation went beautifully, and I liked the new Admin interface. [Read more…]
Apparently I’m part of a small minority of web developers who believe that the developer has a level of professional responsibility toward the client, regardless of whether the client knows, understands, or requests same. [Read more…]
I recently had 2 diametrically opposite experiences with phishing. In the world of the Internet, “phishing” is when some entity (a scammer) — typically, a website or e-mail sender — pretends to be some organization that a user has a relationship with, and attempts to entice the user into providing personal and confidential information (such as passwords, bank account numbers, PIN numbers, etc.) to the scammer. eBay, PayPal, banks, and other similar sites are popular phishing targets.
PayPal Impersonators
Anyway, a client sent me a copy of an e-mail they had received, allegedly from PayPal, which contained “confirmation” of a purchase by the client using their PayPal account. The e-mail included a prominent link to “Dispute Transaction,” and the surrounding text instructed the recipient, “If you haven’t authorized this charge, click the link below to cancel the payment and get a full refund.”
Now, I understand that PayPal is good about chargebacks for fraudulant transactions, but I’ve never heard of them so openly inviting people to dispute a transaction. So that should have been a clue. Fortunately, when the client clicked the link to dispute the transaction, their antivirus program popped up with a warning message about it being a scam. The client then promptly contacted me to ask what they should do.
Undoubtedly, the link would have taken the client to a site that looked exactly like the PayPal site. There would have been instructions to log in to dispute the transaction. The client would have entered his PayPal account name and password, with the intention of disputing a fraudulent charge. Bingo! The scammer would have just got hold of the client’s PayPal login information — and there’s no telling what havoc would have been wreaked. Disaster averted — thank heaven the client had a security program installed and running on his computer.
Microsoft’s False Positive Phishing Warnings
And then there’s Microsoft. Internet Explorer 7, to be precise. With it’s much-vaunted “anti-phishing filter.” Bah, I say!
I recently started using an RSS feed from eBay to display live listings from eBay on an informational site. When I was testing the site in IE7, IE was giving me security warnings that this was a “suspicious site” and might be a “phishing site.” I know darn well it’s not — the site is clearly not eBay, it doesn’t pretend to be eBay, it’s clearly a separate site that doesn’t look anything like eBay — it merely displayed auction listings from eBay, with affiliate links to those listings on eBay.
IE7 offered me the option to submit a report to Microsoft, stating that I was the site’s owner and could verify that it wasn’t a phishing site. I did this, and the next day I got an e-mail from Microsoft that they had inspected the submitted URL, verified that it was not “phishing,” and removed the warning.
Then I discovered they had only removed the warning from one page of the site. In order to remove the warning from every page that used these listings, I would have to report every page individually.
This was first of all, much too time consuming, and second, far too annoying. I would have to submit that report for every single page on every single site where I wanted to use the eBay feed. So I set about looking for what the code might contain that caused IE to pop up the phishing warning.
Here’s what I learned:
Hmmm ….. I didn’t want to remove the links from the images. People are naturally inclined to click on the images. After some trial and error, I discovered that if I sent those links through a redirection script, it stopped the phishing warnings cold.
Yay me!
Poor hosting companies waste time and cost money.
I needed to set up a MySQL database for a client recently. The client hosts their website with a large and well-known hosting company, which advertises MySQL available with all hosting packages. It should have taken just a few minutes to create the database and assign the db username and password, and then I could get on with the backend programming for the site. Several days and several billable hours later, I was just getting started.
First, I logged into the client’s hosting control panel and looked for the “MySQL” or “Database” option. No problem, that was easy enough to find. There was a link to “Activate MySQL” for the account. I thought that a little odd — most of the time, hosting accounts that have MySQL available simply have it available, no “activation” required. But okay…. I clicked the “Activate MySQL” link, then received a message that MySQL wasn’t available and the account would have to be upgraded to a package that included MySQL. I e-mail my client, explain the situation, and tell them they need to upgrade their hosting account. When the client calls the hosting company to upgrade, it turns out that this host’s current packages all include MySQL, but older legacy accounts never had MySQL added to the available options.
Some days later, the client has upgraded their account to one of the newer hosting packages, which does include MySQL. I log back in to the control panel, activate MySQL, make note of the host, username, and password to use for database connections, then look for a link to phpMyAdmin to access the database. No phpMyAdmin anywhere, but the knowledgebase included instructions for downloading and installing phpMyAdmin. Wow, even the low-end $4/month hosting accounts at GoDaddy include phpMyAdmin already installed and ready to use.
I wouldn’t have to waste time installing phpMyAdmin if I could access the MySQL server through a secure shell, so I checked the account’s features for connecting via telnet or ssh. I didn’t find any information on that, so I tried a few random-but-likely ssh connections, but no go. Apparently the account has no telnet or ssh ability. So off I go to download phpMyAdmin.
I downloaded phpMyAdmin, uploaded it to the server, configured the connection settings, and tried to load up phpMyAdmin. I got a variety of “access denied” messages, all pretty worthless.
I’ve only installed phpMyAdmin myself a couple of times, and I wasn’t positive I had it configured correctly, so I decided to just use the connection string and try a database connection in a test page on the client’s site. I still got “access denied” errors, but this time the error message was more useful: The hostname for the database in the error messages was not the hostname specified in my db connection string. I double-checked and triple-checked the hostname specified in the hosting control panel and made sure I had it correct in the connection string, but I kept getting this same error. So I finally decided I needed to contact the host for technical support.
I hate calling tech support on the phone, because it invariably involves being put on hold for anywhere from 30 minutes to 2 hours, so I looked for a tech support contact form or e-mail link. No e-mail link, but I did find a form. Unfortunately, the form required that I enter the last 4 digits of the credit card number associated with the account. This is a client’s account, not my own, and I don’t happen to have the client’s credit card number, so I couldn’t use the form — even though I’m logged into the account’s control panel using the username and password associated with the account.
Looks like I have to resort to the telephone after all. I dial the tech support number and I get put on hold for about 45 minutes. I put my phone on speaker and tried to get some other work done while waiting, but every couple of minutes a robotic voice would issue from the speaker telling me how important my call was — repeatedly interrupting my concentration and making it virtually impossible to get any work done while waiting on hold. This is exactly why I hate calling tech support.
Finally, after 45 minutes of this, I get a live person who takes down the necessary information, puts me on hold while he checks into the situation, and then tells me that the database was activated on the wrong server and he would fix that but it would take 6 hours for the correction to “take.” I don’t get this at all — if he fixed it, why is there a six-hour delay? Nevermind, I was glad that the problem was identified, so I thanked him and hung up.
By now it’s well past my normal working hours, and the database is supposed to take 6 hours to be fixed, so I closed up shop for the day. The next morning, my connection script is working, and phpMyAdmin is working, and I’m finally able to start work on the client’s database.
Fortunately for me, I charge this client on an hourly basis, and you better believe they were billed for every minute I spent attempting to get their database set up and working, including the 45 minutes I spent on hold listening to that irritating robotic voice telling me how important my call was. If they had been with a better hosting company, they would have saved about 4 billable hours on their last invoice.
The amount of misinformation out there on the web is almost enough to make a person crazy. I ran across a few statements today that were so baldly wrong that I have to correct them here.
The infamous Google spam czar Matt Cutts has fired another round at honest webmasters just trying to go about their daily work. In a recent blog post, He invited readers to report web sites buying or selling links that are not using the ridiculous nofollow tag on those links. Read: Google wants us to snitch on our colleagues. Turn them in. Rat them out. Become WWW stool pigeons for Google.
There is a host of issues surrounding this edict from Google’s pet spam fighter, all of them ugly.
Microsoft is the master, but many, many programmers and software development companies are guilty. I can’t count the number of times I’ve had the most meaningless error messages pop up on my computer screen.
What set me off this morning? A client sent me a Word file. A simple, one-page Word file. I double-clicked it.
When the file opened, it opened with an error message: The dimensions after resizing are too small or too large.
I just edited the files in my wordpress template to remove all traces of the rel=”nofollow” attribute from links in this blog. All links, including those in comments and signatures, are now your basic bog-standard “follow” links.