Kevin Smith (AKA Smitty) has been recently promoted to Director of Design Services for ConsultWebs.

Congrats, Smitty!

I was trying to flush my DNS’s cache and kept typing:

lookupd -flushcache

That is the old way.  This command has changed in Leopard. Use the following command:

dscacheutil -flushcache

For PC:

ipconfig /flushdns

When you’re logging onto an account, on the Web, you’re used to seeing bullets replace the characters as you type your password.  This has long been thought to help with security, however, Jakob Nielsen, a world recognized authority in Web usability just published an article called Stop Password Masking.

Nielsen states that this is a usability problem, that it does not help security, and that it actually increases business cost due to the amount it takes to address login failures.

Summary:
Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn’t even increase security, but it does cost you business due to login failures.

I recently voted in a poll on CSS-Tricks and was happy to see that I was not alone in my Web browser preferences.  Firefox is my long-time favorite browser and took the lead by storm.  Go Firefox!

Download Firefox.

I was wondering when this would finally happen…

It will interesting to watch the statistics across all of my Web sites tosee if there is any decrease in the use of Internet Explorer.   Here is an article I pulled from BBC:

Microsoft has issued a security patch to fix a critical vulnerability in its Internet Explorer browser which it said has attacked over 2m Windows users.

The flaw is believed to have already infected as many as 10,000 websites.

The “zero day” exploit let criminals take over victims’ computers by steering them to infected websites.

Microsoft’s Christopher Budd said the software giant “encourages all IE customers to test and deploy this update as soon as possible”.

He also said the threat led Microsoft to mobilise security engineering teams worldwide to deliver a software cure “in the unprecedented time of eight days”.

The company’s security response team said the patch consists of more than 300 distinct updates for more than half-a-dozen versions of IE in around 50 languages.

“Even with that, the release Emergency Response process isn’t over,” said Security Response Alliance director Mike Reavey.

“There is additional support to customers and additional refinement of our product development efforts.”

Microsoft stressed that the flaw was proven to exist only in IE 7 on all applicable versions of Windows, but that IE 6 and the “beta” release of IE 8 were “potentially vulnerable”.

Users who have automatic updates turned on will receive the patch over the next 24 hours while others can access it via a download.

‘Wildfire’

The AZN Trojan has been making the rounds since the beginning of December but became public knowledge in the last week . Unlike other exploits, users only have to visit a malicious site with Trojans or other malware in order to become contaminated.

Once an infected web page is opened, malicious downloaders are installed on the computer designed to record keystrokes and steal passwords, credit card details and other financial information.

The sites affected are mostly Chinese and have been serving up programmes to steal passwords for computer games which can then be sold for cash on the black market.

Internet Explorer is the world’s most widely used web browser with nearly three quarters of the market share.

Microsoft estimated that one in every 500 Windows users had been exposed to sites that tried to exploit the flaw and the number of victims was increasing at a rate of 50% daily.

Researchers at the software security firm Trend Micro said attacks were spreading “like wildfire”.

“This vulnerability is being actively exploited by cyber-criminals and getting worse every day,” said the company’s advanced threat researcher Paul Ferguson.

Microsoft labelled the bug as “critical,” the most serious threat ranking in its four-step scoring programme.

Firefox update

The update is something of an unusual move for Microsoft and underscores the seriousness of the zero day flaw.

The company rarely issues security fixes for its software outside of its regular monthly patch updates.

Meanwhile Mozilla has released a scheduled update for its open source Firefox web browsers for at least 10 different vulnerabilities.

The bugs in the browser could have been “used to run attacker code and install software, requiring no user interaction beyond normal browsing,” said Mozilla.

It is also reissuing calls for users to upgrade from Firefox 2.0 to Firefox 3.0 as soon as possible and said it is “not planning any further security and stability updates for Firefox 2″.

This means Mozilla will no longer support the Firefox 2 browser against future online scams and attacks.

Story from BBC NEWS:

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7788687.stm

Published: 2008/12/18 01:11:52 GMT

© BBC MMVIII

WordPress 2.7 is out!

Time to go out and update my WordPress sites!  Here is more info about Coltrane:

The first thing you’ll notice about 2.7 is its new interface. From the top down, we’ve listened to your feedback and thought deeply about the design and the result is a WordPress that’s just plain faster. Nearly every task you do on your blog will take fewer clicks and be faster in 2.7 than it did in a previous version. (Download it now, or read on for more.)

Next you’ll begin to notice the new features subtly sprinkled through the new interface: the new dashboard that you can arrange with drag and drop to put the things most important to you on top, QuickPress, comment threading, paging, and the ability to reply to comments from your dashboard, the ability to install any plugin directly from WordPress.org with a single click, and sticky posts.

Digging in further you might notice that every screen is customizable. Let’s say you never care about author on your post listings — just click “Screen Options” and uncheck it and it’s instantly gone from the page. The same for any module on the dashboard or write screen. If your screen is narrow and the menu is taking up too much horizontal room, click the arrow to minimize it to be icon-only, and then go to the write page and drag and drop everything from the right column into the main one, so your posting area is full-screen. (For example I like hiding everything except categories, tags, and publish. I put categories and tags on the right, and publish under the post box.)

For a visual introduction to what 2.7 is, check out this video (available in HD, and full screen):

It’s all about you. It’s the next generation of WordPress, which is why we’ve bestowed it with the honor of being named for John Coltrane. And you can download it today.

Last, but certainly not least, this may be the last time you ever have to manually upgrade WordPress again. We heard how tired you were of doing upgrades for yourself and your friends, so now WordPress includes a built-in upgrade that will automatically notify you of new releases, and when you’re ready it will download them, install them, and upgrade your blog with a single click.

(As with any interface change it may take a little bit of time to acclimate yourself but soon you’ll find yourself whizzing through the screens. Even people who have hated it at first tell us after a few days they wonder how they got by before.)

The Story Behind 2.7

The real reason Coltrane is such a huge leap forward is because the community was so involved with every step of the process. Over 150 people contributed code directly to the release, our highest ever, with many tens of thousands more participating in the polls, surveys, tests, mailing lists, and other feedback mechanisms the WordPress dev team used in putting this release together.

For some of the back story in the development of 2.7, check out these blog posts (thanks to WeblogToolsCollection for the list):

• Usability Testing Report: 2.5 and CrazyHorse
• The New 2.7 Dashboard
• The Visual Design of 2.7
• WordPress 2.7 wireframes
• Comprehensive Codex Article on WordPress 2.7
• WordPress Development Updates from Jane Wells
• WordPress Usability Testing in New York
• WordPress 2.7 UI Configurability from Ryan Boren
• Customizable Post Editing Screen from Mark Jaquith
• WordPress 2.7 Navigation Survey from Jane Wells
• Shortcuts/Favorites Menu from Jane Wells
• CrazyHorse Presentation at WordCamp SF
• WordPress 2.7 Walkthrough by Matt
• WordPress 2.7 and beyond from Matt at WordCamp Utah

This was interesting to us, a blogging software release we actually blogged about, but the process was hugely informative. Prior to its release today Crazyhorse and 2.7 had been tested by tens of thousands of people on their blogs, hundreds of thousands of you count .com. The volume of feedback was so high that we decided to push back the release date a month to take time to incorporate it all and do more revisions based on what you guys said.

For those of you wondering why we didn’t call this release 3.0, it’s because we abhor version number inflation. 3.0 will just be the next release after 2.9. The major features in new point releases approach also works well for products like OS X, with huge changes between a 10.3 and 10.4.

The Future

Those of you following along at home might have noticed this was our second major redesign of WordPress this year. Whoa nelly! While that wasn’t ideal, and I especially sympathize with those of you creating books or tutorials around WordPress, there’s good news. The changes to WordPress in 2.5 and 2.7 were necessary for us to break free of much of the legacy cruft and interface bloat that had built up over the years (gradually) and more importantly provide us with a UI framework and interface language we can use at the foundation to build tomorrow’s WordPress on, to express ideas we haven’t been able to before. So at the end of 2009 I expect, interface-wise, WordPress to look largely the same as it does now.

That said, we couldn’t be more excited about the future with regards to features. Now that we’ve cleared out more basic things, we are looking forward in the coming year to really tackling media handling including audio and video, better tools for plugin and theme developers, widgets, theme updates, more integrated and contextual help, and easier integration with projects like BuddyPress and bbPress.

Source: http://wordpress.org/development/2008/12/coltrane/

Just wanted to share this little gem with the rest of you who, like me, appreciate good code. I’m using this gallery on the homepage of ProjectDragonfly.org.  I’m about to use it for something slightly differnt on EarthExeditions.org. What I really like about this is that it is is designed from the ground up to be standard compliant: You can feed it from any document, using custom css selectors.

I just started using Subversion on all my static sites which create a .svn folder in each directory.  Pretty annoying!  Good news is that I found a handy Dreamweaver extension that hides all SCM directories.

Installation is straight foreword.  Download the extension (link below), install using Dreamweaver Extension Manager, go to command menu and click ‘Cloak SCM directories’.  All .svn folders on the selected site will magically become cloaked, thus those files stay on your local copy instead of getting deployed to the production server.  Yay!

Enjoy!

http://www.adobe.com/cfusion/exchange/

So I finally downloaded Firefox 3 after I was sure that all my favorite Web design plugins were updated.  Only thing is that there was something missing….the back button!

I actually thought for a minute that this was “the new thing” and did my best to have an open mind about it.  My reserve of good will lasted about all of five minutes and I was off asking the Google gods what had happened.  Turns out that it was just a glitch.  Still not sure which was worse; the the missing back button… or that I was going to go along with it!

I’ve created a very short video what shows how to get the back button back.  enjoy!