Web Content Accessibility Guidelines

Web Design & Development Guide

Web Content Accessibility Guidelines

Home | Up

Web Content Accessibility Guidelines (WCAG) are part of a series of Web accessibility guidelines published by the W3C's Web Accessibility Initiative. They consist of a set of guidelines on making content accessible, primarily for disabled users, but also for all user agents, including highly limited devices, such as mobile phones.

Priority levels

The guidelines have three priority levels:

WCAG 1.0

The WCAG 1.0 were published and became a W3C recommendation on May 5, 1999.

WCAG 2.0

The first working draft of what will become the WCAG 2.0 W3C Recommendation was published on January 25, 2001, the latest version on May 17, 2007. The five year process encouraged participation in editing (and responding to the hundreds of comments) by the Working Group, with diversity assured by inclusion of accessibility experts and members of the disability community.

There has been some criticism[1] depicting WCAG 2.0 as obscure, vague, and perhaps even a backwards step for Web accessibility, as well as criticism of the criticism.[2]

References

  1. ^ "To Hell with WCAG 2", A List Apart, May 23, 2006. 
  2. ^ "To Hell with Joe Clark", Learning the World, August 31, 2006. 

External links

Home | Up

Web Design & Development Guide, made by MultiMedia | Websites for sale

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

CoolWebSearch

Online Advertising

CoolWebSearch

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next

CoolWebSearch (also known as CWS) first appeared in May 2003 and is well known as a malicious keylogging[1] program which installs itself on Windows based computers.

Effects

CoolWebSearch has numerous effects when it is successfully installed on a users computer. The program can change an infected computer's web browser homepage to coolwebsearch.com, and although originally thought to only work on Internet Explorer, recent variants affect Firefox as well as others. It can also create pop-up ads that redirect to other websites including pornography sites, collect private information about users and slow the speed of infected computers. Coolwebsearch uses innovative techniques to evade detection and removal, and as such many common spyware removal programs fail to properly remove the software.

All versions of CoolWebSearch are installed by 'driveby', in which a computer browsing a webpage automatically installs CWS. CWS itself attempts to evade others by not labelling its ads, not providing an EULA, not providing any data about itself and not having a website. Certain variants insert links on random text, leading to advertiser websites. The webmasters haven't any control over this. Other attempts to travel to websites are redirected to false search engines used to install more malware and carrying ads. CWS also adds bookmarks to pornography and gambling sites on the desktop and in the Bookmarks folder. Certain versions attempt to edit users' trusted sites and twist security settings as well as battle back against removal programs. The CWS.Look2Me variant also hooks into the Windows XP logon system and tracks visited websites as well as downloading further malware. Other variants are named for the effects they have, such as msconfig, Msoffice, Mupdate, Msinfo and Svchost32.

Creators

The website coolwebsearch.com claims that they are not responsible for the browser hijacking. [2] They run an affiliate program which pays affiliates to direct others to their site which has paid advertising links. Interestingly coolwebsearch.com's terms of service use the laws of Quebec, whilst their DNS registration lists an address in the British Virgin Islands, whilst their web server appears to be run by HyperCommunications in Massachusetts. CoolWebSearch is also linked to CoolWebSearch.org and appears to be related to webcoolsearch.com.

In August 5, 2005 Sunbelt Software reported to the FBI that similar keylogging software forms part of a massive spyware ring that collects "chat sessions, user names, passwords, bank information, etc...eBay accounts...highly personal information". [3] [4])

"About:blank" is the generic name for different variants (CWS.Hiddendll, se.dll, CWS.Homesearch) which hijacks the browser, causes pop ups and reduces computer speed. This is one of the most common but hardest variants to remove. [5]

Removal

There are programs such as CWShredder and McAfee's Beta Command-Line Scanner which can be used to remove the vast majority of CoolWebSearch variants from infected computers. The Windows' System Restore can reportedly remove some, but possibly not all, variants of CoolWebSearch.

Some variants will create a randomly named .dll file into winlogon.exe, which cannot be unloaded and has to be deleted upon reboot. The same variants will also inject a file named "guard.tmp" into rundll32.exe which can be removed. Rundll32.exe will also run a CoolWebSearch .dll upon boot with these variants.

CoolWebSearch has been reported to download other spywares such as Apropos Media, DyFuCa, Look2Me and TargetSavers.

Variants

  1. CWS.Aboutblank
  2. CWS.Addclass
  3. CWS.Alfasearch
  4. CWS.Bootconf
  5. CWS.Cassandra
  6. CWS.Control
  7. CWS.Ctfmon32
  8. CWS.Datanotary
  9. CWS.Dnsrelay
  10. CWS.Dreplace
  11. CWS.Gonnasearch
  12. CWS.Googlems
  13. CWS.Hiddendll
  14. CWS.Homesearch
  15. CWS.Loadbat
  16. CWS.Msconfd
  17. CWS.Msconfig
  18. CWS.Msinfo
  19. CWS.Msoffice
  20. CWS.Msspi
  21. CWS.Mupdate
  22. CWS.Oemsyspnp
  23. CWS.Olehelp
  24. CWS.Oslogo
  25. CWS.Qttasks
  26. CWS.Q-url3
  27. CWS.Realyellowpage
  28. CWS.Searchx
  29. CWS.Smartfinder
  30. CWS.Smartsearch
  31. CWS.Sounddrv
  32. CWS.Svchost32
  33. CWS.Svcinit
  34. CWS.Systeminit
  35. CWS.Systime
  36. CWS.Tapicfg
  37. CWS.Therealsearch
  38. CWS.Vrape
  39. CWS.Xmlmimefilter
  40. CWS.Xplugin
  41. CWS.Xxxvideo
  42. CWS.Yexe
  43. CWS.Winproc32
  44. CWS.Winres
  45. CWS.Xmlmimefilter
  46. CWS.Aboutblank
  47. CWS.Systeminit
  48. CWS.Sounddrv
  49. CWS.Searchx
  50. CWS.Realyellowpage
  51. CWS.SysTime
  52. CWS.HomeSearch
  53. CWS.Look2Me
  54. CWS.MSFind
  55. CWS.Cassandra

Affiliate variants

  1. CWS.Aff.iedll
  2. CWS.Aff.Madfinder
  3. CWS.Aff.Tooncomics
  4. CWS.Aff.Winshow

External links and References

  1.   Alex Eckelberry (2005). Identity Theft? What to do?. SunBeltBLOG. Mountain View: Google. URL accessed on October 16, 2005.
  2.   The term about:blank when presented as a web address (URI) is interpreted by most modern web browsers as a command to render a blank HTML page.
  3. theinternetpatrol.com
  4. trendmicro.com
  5. cwsshredder.net

Home | Up | Keystroke logging | AntiVirus Gold | Bonzi Buddy | C2.LOP | CoolWebSearch | HuntBar | Internet Optimizer | PSGuard | SpyAxe | SpyTrooper | WorldAntiSpy | XXXDial | Zango Messenger | Phone Home | Claria Corporation | Cydoor | New.net

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Advertising network

Online Advertising

Advertising network

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next

An advertising network (also called an online advertising network or ad network) is a collection of (often unrelated) online advertising inventory.

Online advertising inventory comes in many different forms. This inventory can be found on websites, in instant messaging applications, in adware, in e-mails, and on other sources. Some examples of advertising inventory include: banner ads, rich media, text links, and e-mails. (This is not an exhaustive list.)

Large publishers often sell only their remnant inventory through ad networks. While not commonly known, even among many large publishers remnant inventory can exceed 50% of total inventory, although this is not always the case. Typical numbers range from 10% to 60% of total inventory being remnant and sold through advertising networks.

Smaller publishers often sell all of their inventory through ad networks. One type of ad network, know as the blind network, is such that advertisers place ads, but do not know the exact places where their ads are being placed.

In most cases, ad networks deliver their content through the use of a central ad server.

Large ad networks

Large ad networks include a mixture of search engines, media companies, and technology vendors. Some of the larger networks include:

Google
Yahoo
Miva
247RealMedia
Blue Lithium
Advertising.com
Burst Media
Tremor Networks

See also

External links

Home | Up | Online advertising | Advertising agency | Ad filtering | Ad serving | Advertising network | Classified ad | Direct navigation | Pixel script | Pop-up ad | Web banner | Flyposting

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Ajax

Web Design & Development Guide

Ajax

Home | JavaScript library | Smart client | Reverse Ajax | Document Update Markup Language | Comparison between AJAX and Flex

Ajax, or AJAX, is a web development technique used for creating interactive web applications. The intent is to make web pages feel more responsive by exchanging small amounts of data with the server behind the scenes, so that the entire web page does not have to be reloaded each time the user requests a change. This is intended to increase the web page's interactivity, speed, functionality, and usability.

The name is shorthand for Asynchronous JavaScript and XML. Ajax is asynchronous in that loading does not interfere with normal page loading. JavaScript is the programming language in which Ajax function calls are made. Data retrieved using the technique is commonly formatted using XML, as reflected in the naming of the XMLHttpRequest object from which Ajax is derived.

Ajax is a cross-platform technique usable on many different operating systems, computer architectures, and Web browsers as it is based on open standards such as JavaScript and XML, together with open source implementations of other required technologies.

Constituent technologies

Ajax uses a combination of:

  • XHTML (or HTML) and CSS, for marking up and styling information.
  • The DOM accessed with a client-side scripting language, especially ECMAScript implementations such as JavaScript and JScript, to dynamically display and interact with the information presented.
  • The XMLHttpRequest object is used to exchange data asynchronously with the web server. In some Ajax frameworks and in certain situations, an IFrame object is used instead of the XMLHttpRequest object to exchange data with the web server, and in other implementations, dynamically added <script> tags may be used.
  • XML is sometimes used as the format for transferring data between the server and client, although any format will work, including preformatted HTML, plain text and JSON. These files may be created dynamically by some form of server-side scripting.

Like DHTML, LAMP, and SPA, Ajax is not a technology in itself, but a term that refers to the use of a group of technologies.

The "core" and defining element of Ajax is the XMLHttpRequest object, which gives browsers the ability to make dynamic and asynchronous data requests without having to unload and reload a page. Given XMLHttpRequest can eliminate the need for page refreshes, other technologies have become more prominently used and highlighted with this development approach.

Besides XMLHttpRequest, the use of DOM, CSS, and JavaScript provides a more-enhanced "single-page" experience.

History

The first use of the term in public was by Jesse James Garrett in February 2005.[1] Garrett thought of the term when he realized the need for a shorthand term to represent the suite of technologies he was proposing to a client.

Although the term Ajax was coined in 2005, most of the technologies that enable Ajax started a decade earlier with Microsoft's initiatives in developing Remote Scripting. Referring to the idea as Inner-Browsing, Netscape Evangelism published an article in 2003 which presented ideas for implementing models in which "all navigation occurs within a single page, as in a typical application interface."[2] Techniques for the asynchronous loading of content on an existing Web page without requiring a full reload date back as far as the IFRAME element type (introduced in Internet Explorer 3 in 1996) and the LAYER element type (introduced in Netscape 4 in 1997, abandoned during early development of Mozilla). Both element types had a src attribute that could take any external URL, and by loading a page containing JavaScript that manipulated the parent page, Ajax-like effects could be attained. This set of client-side technologies was usually grouped together under the generic term of DHTML. Macromedia's Flash could also, from version 4, load XML and CSV files from a remote server without requiring a browser to be refreshed.

Microsoft's Remote Scripting (MSRS), introduced in 1998, acted as a more elegant replacement for these techniques, with data being pulled in by a Java applet with which the client side could communicate using JavaScript. This technique worked on both Internet Explorer version 4 and Netscape Navigator version 4 onwards. Microsoft then created the XMLHttpRequest object in Internet Explorer version 5 and first took advantage of these techniques using XMLHttpRequest in Outlook Web Access supplied with the Microsoft Exchange Server 2000 release.

The Web development community, first collaborating via the microsoft.public.scripting.remote newsgroup and later through blog aggregation, subsequently developed a range of techniques for remote scripting to enable consistent results across different browsers. In 2002, a user-community modification[3] to Microsoft Remote Scripting was made to replace the Java applet with XMLHttpRequest.

Remote Scripting Frameworks such as ARSCIF[4] surfaced in 2003 not long before Microsoft introduced Callbacks in ASP.NET.[5]

In addition, the World Wide Web Consortium has several Recommendations that also allow for dynamic communication between a server and user agent, though few of them are well supported. These would include:

  • The object element defined in HTML 4 for embedding arbitrary content types into documents, (replaces inline frames under XHTML 1.1)
  • The Document Object Model (DOM) Level 3 Load and Save Specification [1]

Justification

The core justification for Ajax style programming is to overcome the page loading requirements of HTML/HTTP-mediated web pages. Ajax creates the necessary initial conditions for the evolution of complex, intuitive, dynamic, data-centric user interfaces in web pages

Central ad server

Online Advertising

Central ad server

AdWords | MSN AdCenter | Yahoo! Search Marketing

From Wikipedia the free encyclopedia, by MultiMedia

Home | Up | Next

A central ad server is a computer server that stores advertisements and delivers them to web site visitors. These servers centrally store the ads so that advertisers and publishers can track from one source the distribution of their online advertisements, and have one location for controlling the rotation and distribution of their advertisements across the web.

The central ad server was first developed and introduced by FocaLink Media Services in 1995 for controlling online advertising or banner ads. The company was founded by Dave Zinman and Jason Strober, and based in Palo Alto, CA. In 1998, the company changed its name to AdKnowledge, and was eventually purchased by CMGI in 1999.

Ad Server Functionality

The typical common functionality of ad servers includes:

  • Uploading creative, including display advertisements and rich media
  • Trafficking ads according to differing business rules
  • Targeting ads to different users, or content
  • Optimizing creative based on results
  • Reporting impressions, clicks, post-click activities, and interaction metrics

Advanced functionality may include:

  • Frequency capping creative so users only see messages a limited amount of time
  • Sequencing creative so users see messages in a specific order (sometimes known as surround sessions
  • Excluding competitive creative so users do not see competitors' ads directly next to one another
  • Displaying creatives so an advertiser can own 100% of the inventory on a page (sometimes known as roadblocks
  • Targeting creatives to users based on their previous behavior (Behavioral marketing)

List of Ad Servers

BlueLithium's AdRevolver
Right Media's Yield Manager
DoubleClick's DART
Falk AG
Advertising.com's ACE serve
Fastclick.com's AdServer
247RealMedia's Open AdStream
Accipiter's AdManager
Renegade Internet's AdvertPRO
e-planning's ad server

External links

Home | Up | Central ad server | Contextual advertising

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Classified ad

Online Advertising

Classified ad

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next

Classified advertising is a form of advertising which is particularly common in newspapers and other periodicals. Classified advertising is usually textually based and can consist of as little as the type of item being sold, (i.e., "Clothing") and a telephone number to call for more information ("call 555-7777"). It can also have much more detail, such as name to contact, address to contact or visit, a detailed description of the product or products ("pants and sweaters, size 10" as opposed to "clothing", "red 1996 Pontiac Grand Prix" as opposed to "automobile"). There are generally no pictures or other graphics within the advertisement, although sometimes a logo may be used. Classified advertising is called such because it is generally grouped within the publication under headings classifying the product or service being offered (headings such as Accounting, Automobiles, Clothing, Farm Produce, For Sale, For Rent, etc.) and is grouped entirely in a distinct section of the periodical, which makes it distinct from display advertising, which often contains graphics or other art work and which is more typically distributed throughout a publication adjacent to editorial content. A hybrid of the two forms

Click-through rate

Online Advertising

Click-through rate

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next

Click-through rate or CTR is a way of measuring the success of an online advertising campaign. A CTR is obtained by dividing the number of users who clicked on an ad on a web page by the number of times the ad was delivered (impressions). For example, if your banner ad was delivered 100 times (impressions delivered) and 1 person clicked on it (clicks recorded), then the resulting CTR would be 1%.

Banner ad click-through rates have fallen over time, often measuring significantly less than 1%. By selecting an appropriate advertising site with high affinity (e.g. a movie magazine for a movie advertisement), the same banner can achieve a substantially higher click-through rate. Personalized ads, unusual formats, and more obtrusive ads typically have higher click-through rates than standard banner ads.

References:

Sherman, Lee and John Deighton, (2001), "Banner advertising: Measuring effectiveness and optimizing placement," Journal of Interactive Marketing, Spring, Vol. 15, Iss. 2.

See also

Home | Up | Pay per click | Click-through rate | AdSense | Googletestad | Click fraud

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Cost Per Action

Online Advertising

Cost Per Action

Effective Cost Per Action

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next

Cost Per Action or CPA (as it is often initialized to) is a phrase often used in online advertising and online marketing circles.

CPA is considered the optimal form of buying online advertising from the advertiser's point of view. An advertiser only pays for the ad when an action has occurred. An action can be a product being purchased, a form being filled, etc. (The desired action to be preformed is determined by the advertiser.)

A related term, eCPA or effective Cost Per Action, is used to measure the effectiveness of advertising inventory purchased (by the advertiser) via a CPC, CPM, or CPT basis.

The CPA can be determined by different factors, depending where the online advertising inventory is being purchased.

Other common forms, of charging for advertising, include:

See also

External links

Home | Up | Affiliate | Cost Per Action | Cost Per Click | Cost Per Impression | Cost Per Thousand

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Cost Per Thousand

Online Advertising

Cost Per Thousand

Effective Cost Per Mille

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up

Cost per Thousand (known as CPM) is used in marketing as a benchmark to calculate the relative cost of an advertising campaign or an ad message in a given medium. Rather than an absolute cost, CPM estimates the cost per 1000 views of the ad.

It is calculated by:

total cost * 1000 / total audience

For example, while the Super Bowl has the highest per-spot ad cost in the United States, it also has the most television viewers annually. Consequently, its CPM may be comparable to a less expensive spot aired during standard programming.

The "M" in CPM derives from the Latin mille for "thousand."

In the United Kingdom, Cost Per Thousand is expressed as CPT rather than CPM.

Home | Up | Affiliate | Cost Per Action | Cost Per Click | Cost Per Impression | Cost Per Thousand

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Distributed Checksum Clearinghouse

Online Advertising

Distributed Checksum Clearinghouse

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next

Distributed Checksum Clearinghouse (also referred to as DCC), is a hash sharing method of spam email detection. The basic logic in DCC is that most spam mails have several copies floating around. So If one server finds a mail to be spam then it does a checksum of the mail and posts the hash to a central, colloborative, repository. The next server receiving this mail would get the DCC results and can more easily identify the spam.

When you get that message a little later on in the morning, your mail system asks that online database, "Has anyone reported this as spam?". The online database can report back "yes", allowing your mail system to raise the spam score for that message. DCC works over the UDP protocol and hence is not very bandwidth intensive.

DCC is resistant to hashbusters because "the main DCC checksums are fuzzy and ignore aspects of messages. The fuzzy checksums are changed as spam evolves".

External links

Home | Up | Anti-spam appliances | Content filtering | Context filtering | Distributed Checksum Clearinghouse | DomainKeys | Greylisting | GTUBE | Hashbusters | MULE email | Tarpit

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Document management system

Web Design & Development Guide

Document management system

Home | Up

A document management system (DMS) is a computer system (or set of computer programs) used to track and store electronic documents and/or images of paper documents. The term has some overlap with the concepts of Content Management Systems and is often viewed as a component of Enterprise Content Management Systems and related to Digital Asset Management, Document imaging, Workflow systems and Records Management systems.

Overview

A document management system will typically address some or all of the following areas:

Location and Time
Retrieval Typically via a built in search engine. Some also allow documents to be retrieved using metadata (date, time, tags, document type, etc)
Filing Organization? Strategy?
Security Protection against loss, tampering or destruction of documents? How to deal with sensitive information?
Archival Readability? How can we protect our documents against fires, floods or natural disasters?
Retention What to retain? Length of retention? Removal?
Distribution People? Cost of distribution?
Workflow If documents need to pass from one person to another, what are the rules for how their work should flow?
Creation Number of people and logistics of collaboration?
Authentication/Approval How do we provide needed requirements for legal submission to government and private industry that the documents are original and meet their standards for authentication?

History

Beginning in the 1980s, a number of vendors began developing systems to manage paper-based documents. Initially designed to offer mainly document imaging-level capture, storage, indexing and retrieval capabilities, the applications grew to encompass electronic documents, collaboration tools, security, and auditing capabilities...

Document Management and Communication

Electronic document management is in particular worked out by Carzaniga and Wolf (2001) in their paper

e-Mail spammers

Online Advertising

e-Mail spammers

From Wikipedia the free encyclopedia, by MultiMedia

Home | Up | Next

E-mail spammers are people who send unsolicited electronic messages in bulk. They could be sending e-mails for their own or their clients' business. Most of them do not reveal their true identities. Here is a partial list of known or alleged e-mail spammers.

Notorious spammers

Serdar Argic Didn't send any e-mails. He posted messages on Usenet.
Laura Betterly, dubbed the "Spam Queen" after being interviewed by the Wall Street Journal
Howard Carmack, sentenced to seven years in prison.
Jason Cazes, of Kirkland, Washington, U.S., sued by Microsoft in December 2003.
Richard Colbert
Golddisk.net, sued by Yahoo! in March 2004.
Cris Fellegi, sued by Travis Hand
Brian Haberstroh, owner of Atriks and other companies, who created a network (VirtualMDA) where people are supposedly paid for the use of their computer to send spam
Davis Wolfgang Hawke, sued by AOL in March 2004.
Dan Ivans of Chardon, Ohio, U.S., sued by Microsoft in June 2003.
Jeremy Jaynes, alias "Gaven Stubberfield", sentenced to nine years in prison in February 2005 [1] but the judge postponed the sentence while the case is appealed.
Leila Kaplan (not to be confused with the Leila Kaplan of Manhattan's Upper West Side)
Vardan Kushnir, Russian spammer killed in July 2005.
Wayne Mansfield, Australian spammer.
JDO Media, sued by Microsoft in March 2004.
Robby Todino, the Time Travel spammer.
Alan Ralsky, sued by Verizon in March 2001. Raided by the FBI in October 2005.
Scott Richter, sued by Microsoft and the New York Attorney General
Richard Scoville, FreeSpeechStore spammer.
Bernard Shifman
Robert Soloway, founder of ostensibly anti-spam company SPAMIS.
Christopher "Rizler" William Smith, drugs spammer, arrested, awaiting trial
Vanessa J. Smith
Sanford Wallace
Billy Williams, of Hawaii, sued by the Texas Attorney General in December 2005 [2]

External links

Home | Up | e-Mail spammers | Spam bait | Word salad | Spamvertising | DNSBL | The Abusive Hosts Blocking List | e-Mail authentication | Sender Policy Framework | Open mail relay | Boulder Pledge

Online Advertising, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

e107

Web Design & Development Guide

e107

Home | Up

e107
Developer: e107 Development Team
Latest release: 0.7.8 / February 17, 2007
OS: PHP-compatible -- Linux preferred
Genre: Content management systems
License: GNU General Public License
Website: e107.org

e107 is an open source content management system (CMS) that allows for the quick creation and management of websites or community portals. Built using PHP and database support via MySQL, it can be used for websites or for local intranet pages, it currently has support for several languages available as additional downloads.

Its name is derived from the fact it was the 7th main project the creator had worked on.

e107 is released under the terms of the GNU General Public License.

History

e107 takes its origin from code originally used on the LiteStep websites. Jalist who was responsible for the development of those websites, wanted to re-use some of the code from litestep.net and ls2k.org and built a more modular system. This system could then be used as a codebase for other people to create their own community driven websites.

The codebase was maintained solely by jalist until version 0.612 when a development team was formed. The development team now develops, maintains and builds releases for the e107 system.

In 2006, e107 was nominated by the public as one of the five finalists in The Packt Open Source Content Management System Award, the results can be found here packtpub

Features

  • High performance file-based caching
  • Integrated News system and RSS Feed handling
  • Simple to use and create template system
  • Valid XHTML 1.1 Output
  • Powerful Forums system integrated
  • Easy to use Admin system

The minimum requirements for e107 are:

  • MySQL (MySQL 3.22 or newer)
  • PHP (version 4.3.0 or above)

PHP must have been compiled with support for MySQL in order to successfully run e107. Apache is recommended for running e107, but any server technology that is compatible with PHP and MySQL should work. Works with Windows based servers, IIS, MySQL and PHP.

Release history

  • February 17, 2007: e107 Release 0.7.8 (Almost exclusively a bug fix release)
    December 7, 2006: e107 Release 0.7.7 (Bug Fixes)
    November 22, 2006: e107 Release 0.7.6 (Enhancements, bug fixes and improvements)
    May 23, 2006: e107 Release 0.7.5
    May 4, 2006: e107 Release 0.7.4 (Minor omissions in 0.7.3 corrected)
    May 3, 2006: e107 Release 0.7.3 (Security fixes)
    February 10, 2006: e107 Release 0.7.2 (Security fixes)
    January 18, 2006: e107 Release 0.7.1 (Bug Fixes)
    January 16, 2006: e107 Release 0.7.0 (First official release of e107 version 0.7)

Note about versions

The releases were numbered in a standard fashion until 5.4 when it was decided to alter the version numbering, the next major version was released as version 0.6, versioning has continued in this fashion for all subsequent releases.

See also

References

  • Boomer, Tad (February 2007). Building Websites with e107. Packt Publishing. ISBN 1904811310. 

External links

Home | Up | b2evolution | Drupal | e107 | eZ Publish | Joomla! | LifeType | Mambo | PHP-Nuke | PostNuke | TYPO3 | WordPress | XOOPS | Xaraya | Zope

Web Design & Development Guide, made by MultiMedia | Websites for sale

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

EditPlus

Web Design & Development Guide

EditPlus

Home | Up

EditPlus
Screenshot of EditPlus
 
Developer: ES-Computing
Latest release: 2.31 / 6 April 2007
OS: Microsoft Windows
License: Shareware
Website: EditPlus

EditPlus is 32-bit text editor for the Microsoft Windows operating system, developed by Sangil Kim of ES-Computing. The editor contains tools for programmers, including syntax highlighting (and support for custom syntax files), file type conversions, line ending conversion (between Linux, Windows and Mac styles), regular expressions for search-and-replace, keystroke recording, spell check, full support for Unicode editing, customizable keyboard shortcuts, auto-completion and more. Files can be browsed and edited in tabs, and an internal file browser is implemented in the software.

The first version of EditPlus was released on 20 March 1998; as of July 2007, the latest version of EditPlus is v2.31.[1]

A typical installation takes about 3 MB of disk space. EditPlus is released with a shareware license, and the current price is 30 USD.

Reviews

EditPlus has been given high ranks and has won Best Software awards on several web sites related to sharewares ([1], [2], [3], [4], [5]). In a review, Steve Jones has described the advantages of EditPlus, and the areas in which it should get enhanced.

References

  1. ^ What's new. EditPlus.

External Links

Home | Up | List of HTML editors | Adobe Dreamweaver | EditPlus | Microsoft FrontPage

Web Design & Development Guide, made by MultiMedia | Websites for sale

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Hashcash

Online Advertising

Hashcash

From Wikipedia the free encyclopedia, by MultiMedia

Home | Up

Hashcash is a proof-of-work system designed to limit email spam and denial of service attacks. It was proposed in March 1997 by Adam Back [1].

How it works

A sender of non-spam email attaches a header line to his email which proves that he has invested a modest amount of computer time into solving a small puzzle involving the recipient's email address. The receiver can, at negligible computational cost, verify that a sender had solved the puzzle. This can be regarded as a form of numerical stamp, where the 'cash' part is the effort invested by the sender.

The theory is that spammers, whose business model relies on their ability to send large numbers of emails with very little cost per message, cannot afford this investment into each individual piece of spam they send. Receivers can verify whether a sender made such an investment and use the results to help filter email.

Technical details

The header line looks something like [2]

   X-Hashcash: 0:030626:adam@cypherspace.org:6470e06d773e05a8

Technically the system is implemented as follows:

  • The recipient's computer calculates the 160 bit SHA-1 hash of the entire string "0:030626:adam@cypherspace.org:6470e06d773e05a8". This takes about two microseconds on a 1 GHz machine -- far shorter than the time it took for the rest of the e-mail to be received. If the first 19 bits are all zero, then it is valid (later versions may require more bits to be zero).
  • The recipient's computer checks the date in that header "030626" (2003-06-26). If it's within 2 days of today, it's valid (to compensate for clock skew and routing time).
  • The recipient's computer checks to see if the e-mail address in that header is (any of) the valid e-mail address(es) of the recipient (or any mailing lists to which the recipient is subscribed).
  • If all the other checks are valid, the recipient's computer puts that string in a database. If that string was *not* already in the database, it is valid.

All these tests take far less time and disk space than receiving the rest of the e-mail.

The sender "merely" needs to generate a header line that will pass all the tests. The sender's computer first generates an initial Hashcash string (the date, the e-mail address, and a random number at the end). The sender's computer then repeatedly increments that random number and runs SHA-1, over and over again, until SHA-1 gives enough zeros. Getting the first 19 bits to be zero requires about 2^19 iterations, or about 1 second on a 1 GHz machine. A normal person wouldn't even notice the computer taking a second to generate the Hashcash string. Currently, spammers would prefer to spend that one second sending out hundreds of pieces of spam, rather than calculating Hashcash for a single piece of spam.

The time needed to compute such a hash collision is exponential with the number of zero bits. So one can keep adding zero bits (doubling the amount of time needed to send with each zero bit) until it is too expensive for spammers to generate valid header lines. (Confirming the header is valid always takes the same amount of time, no matter how many zero bits one adds.)

Advantages and disadvantages

The Hashcash system has the advantage over micropayment proposals applying to legitimate email that no real money is involved. Neither the sender nor recipient need pay, thus the administrative issues involved with all micropayment systems are entirely avoided.

On the other hand, as Hashcash requires significant computational resources to be expended on each e-mail being sent, it is impractical to use with low-end or battery-powered hardware without the help of an external server.

Hashcash is also fairly simple to implement in mail user agents and spam filters. No central server is needed. Hashcash can be incrementally deployed -- the extra Hashcash header is ignored when it is received by mail clients that do not understand it.

One vital problem of hash cash is that it is not clear whether there exist effective parameters at all, i.e. parameters that allow the good people to get on with their business while prohibiting bad people from getting on with theirs. Some plausible estimates [3] come to the conclusion that you can only have one of these: Either good e-mail will get stuck due to lack of processing power of the sender, or bad e-mail is bound to still get through. The reasons for this are botnets or cluster farms with which spammers can increase their processing power enormously, or centralized e-mail-topologies like mailing lists, in which some server is to send an enormous amount of legitimate e-mails.

Most of these issues may be addressed. E.g., botnets may expire faster because users notice the high CPU load and take counter-measures, and mailing list servers can be registered in white lists on the subscribers' hosts and thus be relieved from the hashcash challenges. But they represent serious obstacles to hashcash deployment that need to be adressed somehow.

Another problem is that computers continue to get faster according to Moore's law. So the difficulty of the calculations required must be increased continuously over time. In other words, the number of bits of the 160 bit hash compared to zero must be increased over time. If current trends continue, those 160 bits will run out in about 200 or so years.

References

  • Adam Back, "Hashcash - A Denial of Service Counter-Measure", technical report, August 2002 (PDF).
  • Ben Laurie and Richard Clayton, "'Proof-of-Work' Proves Not to Work", WEAS 04. (PDF).

External links

HTML editors

Web Design & Development Guide

HTML editors

Home | Up | List of HTML editors | Adobe Dreamweaver | EditPlus | Microsoft FrontPage

An HTML editor is a software application for creating web pages. Although the HTML markup of a web page can be written with any text editor, specialized HTML editors can offer convenience and added functionality. For example, many HTML editors work not only with HTML, but also with related technologies such as CSS, XML and JavaScript or ECMAScript. In some cases they also manage communication with remote web servers via FTP and WebDAV, and version management systems such as CVS or Subversion. The first full featured text HTML editor available for download on the Internet was the CoffeeCup HTML Editor begun in 1994 by Nicholas Longo and Kevin Jurica of CoffeeCup Software.

Types

There are various forms of HTML editors: text, object and WYSIWYG (What You See Is What You Get) editors.

Text editors

Macromedia HomeSite HTML editor
Macromedia HomeSite HTML editor

Text (source) editors intended for use with HTML usually provide syntax highlighting. Templates, toolbars and keyboard shortcuts may quickly insert common HTML elements and structures. Wizards, tooltip prompts and auto-completion may help with common tasks.

Text HTML editors commonly include either built-in functions or integration with external tools for such tasks as source and version control, link-checking, code checking and validation, code cleanup and formatting, spell-checking, uploading by FTP or WebDAV, and structuring as a project.

Text editors require user understanding of HTML and any other web technologies the designer wishes to use like CSS, JavaScript and server-side scripting languages.

Object editors

Some editors allow alternate editing of the source text of objects in more visually organized modes than simple color highlighting, but in modes not considered WYSIWYG. Some WYSIWYG editors include the option of using palette windows that enable editing the text-based parameters of selected objects. These palettes allow either editing parameters in fields for each individual parameter, or text windows to edit the full group of source text for the selected object. They may include widgets to present and select options when editing parameters. Adobe GoLive provides an outline editor to expand and collapse HTML objects and properties, edit parameters, and view graphics attached to the expanded objects.

WYSIWYG HTML editors

Amaya HTML editor
Amaya HTML editor

WYSIWYG HTML editors provide an editing interface which resembles how the page will be displayed in a web browser. Some editors, such as ones in the form of browser extensions allow editing within a web browser. Because using a WYSIWYG editor does not require any HTML knowledge, they are easier for an average computer user to get started with.

The WYSIWYG view is achieved by embedding a layout engine based upon that used in a web browser. The layout engine will have been considerably enhanced by the editor's developers to allow for typing, pasting, deleting and moving the content. The goal is that, at all times during editing, the rendered result should represent what will be seen later in a typical web browser.

While WYSIWYG editors make web design faster and easier; many professionals still use text editors, despite the fact that most WYSIWYG editors have a mode to edit HTML code by hand. The web was not originally designed to be a visual medium, and attempts to give authors more layout control, such as css, have been poorly supported by major web browsers. Because of this, code automatically generated by WYSIWYG editors frequently sacrifice file size and compatibility with fringe browsers, to create a design that looks the same for widely used desktop web browsers. This automatically generated code may be edited and corrected by hand. For more on subject, see Difficulties in achieving WYSIWYG below.[1][2][3]

WYSIWYM editors

What You See Is What You Mean (WYSIWYM) is an alternative paradigm to the WYSIWYG editors above. Instead of focusing on the format or presentation of the document, it preserves the intended meaning of each element. For example, page headers, sections, paragraphs, etc. are labeled as such in the editing program, and displayed appropriately in the browser.

Valid HTML code

HTML is a structured markup language. There are certain rules on how HTML must be written if it is to conform to W3C standards for the World Wide Web. Following these rules means that web sites are accessible on all types and makes of computer, to able-bodied and people with disabilities, and also on wireless devices like mobile phones and PDAs, with their limited bandwidths and screen sizes.

Unfortunately most HTML documents on the web are not valid according to W3C standards. According to one study only about 1 out of 141 is valid. Even those syntactically correct documents may be inefficient due to an unnecessary use of repetition, or based upon rules that have been deprecated for some years. Current W3C recommendations on the use of CSS with HTML were first formalised by W3C in 1996[4] and have been revised and refined since then. See CSS, XHTML, W3C's current CSS recommendation and W3C's current HTML recommendation.

These guidelines emphasise the separation of content (HTML or XHTML) from style (CSS). This has the benefit of delivering the style information once for a whole site, not repeated in each page, let alone in each HTML element. WYSIWYG editor designers have been struggling ever since with how best to present these concepts to their users without confusing them by exposing the underlying reality. Modern WYSIWYG editors all succeed in this to some extent, but none of them has succeeded entirely.

People who use text editors can generally fix such problems immediately, once they become aware of them. People find it frustrating when such errors come from WYSIWYG editors.

However a web page was created or edited, WYSIWYG or by hand, in order to be successful among the greatest possible number of readers and viewers, as well as to maintain the 'worldwide' value of the Web itself it can be argued that, first and foremost, it should consist of valid markup and code. Some would argue that it should not be delivered by a designer to his or her customer, and not be considered ready for the World Wide Web, until its HTML and CSS syntax has been successfully validated using either the free W3C validator services (W3C HTML Validator and W3C CSS Validator) or some other trustworthy alternatives.

Others would argue[5] that publishing useful information, as soon as possible, should be first and foremost.

Whatever software tools are used to design, create and maintain web pages, there is little doubt that the quality of the underlying HTML is dependent on the skill of the person who works on the page. Some knowledge of HTML, CSS and other scripting languages as well as a familiarity with the current W3C recommendations in these areas will help any designer produce better web pages, with a WYSIWYG HTML editor and without[6].

Difficulties in achieving WYSIWYG

A given HTML document will have an inconsistent appearance on various platforms and computers for several reasons:

Different browsers and applications will render the same markup differently.
The same page may display slightly differently in Internet Explorer and Firefox on a high-resolution screen, but it will look very different in the perfectly valid text-only Lynx browser. It needs to be rendered differently again on a PDA, an internet-enabled television and on a mobile phone. Usability in a speech or braille browser, or via a screen-reader working with a conventional browser, will place demands on entirely different aspects of the underlying HTML. Printing the page, via different browsers and different printers onto various paper sizes, around the world, places other demands. With the correct use of modern HTML and CSS there is no longer any need to provide 'Printable page' links and then have to maintain two versions of the whole site. Nor is there any excuse for pages not fitting the user's preferred paper size and orientation, or wasting ink printing solid background colours unnecessarily, or wasting paper reproducing navigation panels that will be entirely useless once printed out[7].
Browsers and computer graphics systems have a range of user settings.
Resolution, font size, colour, contrast etc can all be adjusted at the user's discretion, and many modern browsers allow even more user control over page appearance[8]. All an author can do is suggest an appearance.
Web browsers, like all computer software, have bugs
They may not conform to current standards. It is hopeless to try to design Web pages around all of the common browsers current bugs: each time a new version of each browser comes out, a significant proportion of the World Wide Web would need re-coding to suit the new bugs and the new fixes. It is generally considered much wiser to design to standards, staying away from 'bleeding edge' features until they settle down, and then wait for the browser developers to catch up to your pages, rather than the other way round[9]. In this regard, no one can argue that CSS/XHTML is still 'cutting edge' as there is now widespread support available in common browsers for all the major features[10], even if many WYSIWYG and other editors have not yet entirely caught up[11].

What you see may be what most visitors get, but it is not guaranteed to be what everyone gets.

Comparison of HTML editors

The following tables compare general and technical information for a number of (purportedly) WYSIWYG HTML editors. Please see the individual products' articles for further information, and Comparison of text editors for information on text editors, many of which have features to assist with writing HTML. This article is not all-inclusive or necessarily up-to-date.

General information

Basic general information about the software: creator/company, license/price etc.

Editor   Version   Creator   Cost (USD)   Software license   Website  
Amaya 9.54 W3C, INRIA Free W3C [12]
Aptana Milestone 8 Aptana Free EPL [13]
Blaze Composer 3.0 Nikhil Baliga Free Closed source [14]
CoffeeCup HTML Editor 2007 CoffeeCup Software US $49 Closed source [15]
Contribute 4 Adobe Systems (formerly Macromedia) US $149 Closed source [16]
Dreamweaver CS3 (9.0) Adobe Systems (formerly Macromedia) US $399 Closed source [17]
Evrsoft First Page 2006 Evrsoft US $59.95 Closed source [18]
FrontPage (Discontinued) 2003 Microsoft US $199 Closed source [19]
GoLive 9.0 Adobe Systems (formerly GoLive Systems) US $399 Closed source [20]
HomeSite 5.5 Adobe Systems (formerly Macromedia) USD $99 EUR

IDN homograph attack

Web Design & Development Guide

IDN homograph attack

Home | Up

The internationalized domain name (IDN) homograph attack is a means by which a malicious party may seek to deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters may have nearly (or wholly) indistinguishable glyphs.

Homographs

In multilingual computer systems, different logical characters may have identical or very similar appearances. For example, Unicode character U+0430, Cyrillic small letter a ("а"), can look identical to Unicode character U+0061, Latin small letter a, ("a") which is the lowercase "a" used in English. Technically, characters that look alike in this way are known as homoglyphs (a subgroup of homographs). Spoofing attacks based on these similarities are known as homograph spoofing attacks.

The problem arises from the different treatment of the characters in the users mind and the computer's programming. From the viewpoint of the user, a Cyrillic "а" within a Latin string is a Latin "a"; there is no difference in the glyphs for these characters in most fonts. However, the computer treats them differently when processing the character string as an identifier. Thus, the user's assumption of a one-to-one correspondence between the visual appearance of a name, and the named entity, breaks down.

In a typical example of a hypothetical attack, someone could register a domain name that appears identical to an existing domain but goes somewhere else. For example, the spoofed domain "pаypal.com" contains a Cyrillic a, not a Latin a. In many ways, this is not a new thing. For example, even staying within the old character set of A-Z, 0-9 and hyphen, G00GLE.COM looks much like GOOGLE.COM in some fonts; or, using a mix of uppercase and lowercase characters, googIe.com (capital I, not small ell) looks much like google.com in some fonts. PayPal itself was a target of a phishing scam exploiting this, using the domain PayPaI.com Or, displaying characters in lowercase alone, rnozilla.org ("RNOZILLA.ORG") looks very much like mozilla.org in many fonts. What is new was that the expansion by the internationalized domain name system of the character repertoire from a few dozen characters in a single alphabet to many thousands of characters in many scripts greatly increased the scope for homograph attacks.

Homographs in internationalized domain names

The limitation of domain names to ASCII characters may not last forever, and is coming under pressure from organizations based in regions that do not use Latin characters. Internationalized domain names provides a backward-compatible way for domain names to use the full Unicode character set, and this standard is already widely supported.

For example, the Russian newspaper website gazeta.ru may wish to use the URL газета.ру, reflecting the newspaper's name spelled in Cyrillic. The disadvantage in this example is that the Cyrillic letters 'а', 'е', 'р', 'у' are indistinguishable in writing from their Latin counterparts. Some of the letters (such as a) are close etymologically, while others look similar by coincidence. For instance, the Cyrillic letter 'р' represents a phoneme similar to the English 'r', but the glyph is identical to the Latin letter 'p'.

This opens a rich vein of opportunities for phishing and other varieties of fraud. An attacker could register a domain name that looks just like that of a legitimate website, but in which some of the letters have been replaced by homographs in another alphabet. The attacker could then send e-mail messages purporting to come from the original site, but directing people to the bogus site. The spoof site could then record information such as passwords or account details, while passing traffic through to the real site. The victims may never notice the difference, until suspicious or criminal activity occurs with their accounts.

Defending against the attack

The simplest defense is for web browsers not to support IDNA or other similar mechanisms, or for users to turn off whatever support their browsers have. That could mean blocking access to IDNA sites, but generally browsers permit access and just display IDNs in Punycode. Either way, this amounts to abandoning non-ASCII domain names.

Firefox and Opera display punycode for IDNs unless the top-level domain (TLD, for example, .ac or .museum) prevents homograph attacks by restricting which characters can be used in domain names.[1] They both also allow users to manually add TLDs to the allowed list.[2][3]

Internet Explorer 7 allows IDNs except for labels that mix scripts for different languages. Labels that mix scripts are displayed in punycode. There are exceptions to locales where ASCII characters are commonly mixed with localized scripts.[4]

As an additional defense, Internet Explorer 7, Firefox 2.0 and Opera 9.10 include phishing filters to alert users when they visit malicious websites.[5][6][7]

Another possible defense would be for web browsers to display non-ASCII characters in URLs distinctively, perhaps by changing their color or that of their background. This wouldn't provide protection against spoofing by changing one non-ASCII character to another similar-looking one (for example, replacing a Greek ο with a Cyrillic о or vice versa). (A solution to this problem would be using a different color for all character groups, but no software implements it that way.) This approach was adopted, as of July 9, 2005, by the plug-in Quero Toolbar for Internet Explorer. Besides IDN highlighting Quero has implemented several other techniques to mitigate IDN spoofing attacks like mixed-script/missing glyph detection, IDN/digit indication and "core domain" highlighting.

There is not yet (as of March 2005) a clear consensus as to the best way to balance the needs of the international community with protection against domain-name spoofing.

References

  1. ^ Advisory: Internationalized domain names (IDN) can be used for spoofing.. Opera (2005-02-25).
  2. ^ IDN-enabled TLDs. Mozilla (2006-08-07).
  3. ^ Opera's Settings File Explained: IDNA White List. Opera Software (2006-12-18).
  4. ^ Sharif, Tariq (2006-07-31). Changes to IDN in IE7 to now allow mixing of scripts. IEBlog. Microsoft.
  5. ^ Sharif, Tariq (2005-09-09). Phishing Filter in IE7. IEBlog. Microsoft.
  6. ^ Firefox 2 Phishing Protection. Mozilla (2006).
  7. ^ Opera Fraud Protection. Opera Software (2006-12-18).

External links

Home | Up | Browser exploit | Cross-site cooking | Cross-site request forgery | Cross-site scripting |