Given enough time, you will end up becoming responsible for supporting and maintaining the very system you’re the most desperate to avoid.
Installing Internet Explorer on Mac
Edit (2014-07-11): Fixed URLs
When you need to develop/design a solution for the majority of corporate users, you will need to test it on Internet Explorer. If you have a Mac, setting this up on your machine is easy.
The original source for this information was OSXDaily. I cleaned it up and added additional information.
Intended Audience
If you’re unfamiliar with using the terminal, these instructions will not help you. The point is to allow you to install Internet Explorer on Mac for the purposes of testing and developing web applications and sites. Ideally, you are one of the following:
- Web Developer
- Web Designer
- QA Tester
If you plan on running Internet Explorer for other purposes (such as working with an IE-only site), then this is probably not the best solution for your needs.
Required software
- Oracle VirtualBox
- curl (from Mac Ports or other)
Procedure
Be aware, this process can take HOURS to do, may crash in the middle and cause you to start over, take up inordinate amounts of disk space, etc.
Install IE7 Only
curl -s https://raw.githubusercontent.com/xdissent/ievms/master/ievms.sh | env IEVMS_VERSIONS="7" bash
Install IE8 Only
curl -s https://raw.githubusercontent.com/xdissent/ievms/master/ievms.sh | env IEVMS_VERSIONS="8" bash
Install IE9 Only
curl -s https://raw.githubusercontent.com/xdissent/ievms/master/ievms.sh | env IEVMS_VERSIONS="9" bash
Install IE7, 8 and 9
curl -s https://raw.githubusercontent.com/xdissent/ievms/master/ievms.sh | bash
Notes
Once you have the virtual machines installed, fire them up, set up the Windows instance (install drivers, etc.), then take a snapshot. This is the one you will always use.
When you get a ‘you must activate’ notice, open a Windows cmd line and run
slmgr –rearm
You can rearm two times before it won’t work anymore. At that point, roll back to your snapshot and you can rearm again when you get the message. Obviously, when you roll back to your snapshot all changes will be discarded (that’s the point), so make sure you save any data on your host’s drive.
FAQ
Q. Where is the command line on my Mac?
A. It is not recommended that you use these instructions; instead try another solution such as Apple Boot Camp.
Q. How do I install/uninstall Oracle Virtual Box?
A. You can try looking for information on the Oracle Virtual Box website or contact the Genius Bar at your local Apple Store for assistance.
Q. Where are the windows snapshots stored?
A. In ~/.ievms/
Q. The download stalls or crashes.
A. If it stalls, check your internet connection; you may have to restart the install. In the event of a crash, examine the error message to determine the cause of the problem.
Q. Can you just install it for me?
A. Sorry, no.
Don’t hate your users
If you want to enable your users to do something, such as create an account on your system, DO NOT MAKE IT IMPOSSIBLY HARD.
If algebra is too hard, just refresh and you’ll see something else.
Woah, better refresh.
You know what this does? It not only keeps out any bots, but turns a normal human into something else:
With a zillion other websites out there, are you sure yours is compelling enough or contains such rare information that people will jump the gorge to get to it?
https://www.youtube-nocookie.com/embed/P7vte1epVpE?rel=0
How to ask for help the wrong way
When submitting bug reports, it is a good idea to
- Realize that you’re asking for help from people who (usually) have day jobs, and
- Expend at least some amount of effort to show you’re not expecting someone else to do all the work.
With that in mind, let me introduce to you the Best Bug Report Comment, Ever†
First the bug report:
[snip]
I don’t have the exact errors to post because I deleted my compile log, but they are the same errors you get if you don’t have the bzip2 development libraries installed, which of course I do in /www
[snip]
Then someone helpful asks for more information.
Please recompile so that you can tell us te exact errors.
Derick
And then, GOLD:
The php developer who added/maintains bzip2 support will know what I am talking about. I am not going to compile when I know this! It would be a waste of my time.
Wow.
Now, not to worry; a few minutes later the submitter saw the error of his ways, compiled his code, posted the exact error message and got help.
Learning how to ask questions is a skill. Mastering this skill can only help, because everyone (even the Super-cool techno guru) has to ask for help at some point, so why not be as effective as possible?
† Until I find another one. That place is GOLD!
Decoupling presentation from content
I recently ran across the anti-pattern of what I see as a common problem amongst designers and developers: coupled presentation and content. I’ve found that decoupling the presentation from the content makes things much easier to write, maintain and expand.
Here’s a simple example:
HTML
<section> <div class="margin-top-10">Lorem Ipsum</div> </section>
CSS
.margin-top-10 { margin-top: 10px }; .margin-top-20 { margin-top: 20px }; (etc)
Take a look at what is going on here: we’re adding a 10px margin to the top of the div. DON’T DO THIS. You want your class names to be contextual, not descriptive of the style.
Rule of thumb
To change the layout, you should only have to edit the CSS, not the HTML.
Here’s where our anti-pattern falls down and will cause grief.
- You decide to adjust the positioning of the section. You can:
- Edit the CSS, changing the class’s margin value and breaking every other element that uses that class.
- Edit the HTML create a new class, then edit its CSS class definition. If you have to experiment with different margin values, you’ll need a LOT of classes. “Will 14px work or 15px? What about .25em? Argh!”
- You can’t have too many attributes in each class, because they will have unintended consequences for the other elements that are using them. Add a red border to one class because you need a border for a specific element, now you have red borders on ALL the elements that share that class. So, you’ll have to have many single- (or few-) attribute values, and include all of the necessary ones on the required HTML elements.
- The violent psychopath maintenance programmer (who knows where you live) will kill you in your sleep. You have made her job insanely hard by turning this:
<div class="margin5 blueborder mediumwidth floatingleft" ...
into this
<div style="margin:5px;border:3px blue outset;float:left;width:75%" ...
for no good reason.
The Cure
Think about the element in terms of content or a functional space. What is it and what does it do? In our example above, let’s assume it is the lede section of an article. Then we would do:
HTML
<section> <div class="lede">Lorem Ipsum</div> </section>
CSS
.lede { margin-top: 10px; border-bottom: 2px #9fe2f9 outset; float: right; position: relative; width: ... };
By decoupling the content (div) from the presentation (style-dependent class), we are free to adjust the style of that element by making whatever changes to the CSS and leaving the HTML alone.
“But,” you shriek, “I have common elements for everything! Rounded corners! Gradients! (except IE…) Et cetera!”
For this, we will turn to our trusty companions Less and/or Sass in a future post.
Related articles
- CSS-centric Development and Anti-Patterns (css.dzone.com)
- Separation, Abstraction, and Cascading in CSS (lispcast.com)
Iterations in Less
Part of the beauty of Less and other CSS ‘compilers’ is to enable the author to automate tedious functions that normally must be coded by hand.
Suppose you needed several classes that specified padding/margins:
.mRight50{margin-right:50px} .mLeft50{margin-left:50px} .pRight50{padding-right:50px} .pLeft50{padding-left:50px} .mRight25{margin-right:25px} .mLeft25{margin-left:25px} .pRight25{padding-right:25px} .pLeft25{padding-left:25px}
No big deal, right? It wouldn’t take that long to type in; just cut and paste a bit.
Well, what if you needed them from 0-100 by 5s? (Never mind WHY you’d want to do this; this is a simple example.)
.mRight100{margin-right:100px} .mLeft100{margin-left:100px} .pRight100{padding-right:100px} .pLeft100{padding-left:100px} .mRight95{margin-right:95px} .mLeft95{margin-left:95px} .pRight95{padding-right:95px} .pLeft95{padding-left:95px} .mRight90{margin-right:90px} .mLeft90{margin-left:90px} .pRight90{padding-right:90px} .pLeft90{padding-left:90px} .mRight85{margin-right:85px} .mLeft85{margin-left:85px} .pRight85{padding-right:85px} .pLeft85{padding-left:85px} .mRight80{margin-right:80px} .mLeft80{margin-left:80px} .pRight80{padding-right:80px} .pLeft80{padding-left:80px} .mRight75{margin-right:75px} .mLeft75{margin-left:75px} .pRight75{padding-right:75px} .pLeft75{padding-left:75px} .mRight70{margin-right:70px} .mLeft70{margin-left:70px} .pRight70{padding-right:70px} .pLeft70{padding-left:70px} .mRight65{margin-right:65px} .mLeft65{margin-left:65px} .pRight65{padding-right:65px} .pLeft65{padding-left:65px} .mRight60{margin-right:60px} .mLeft60{margin-left:60px} .pRight60{padding-right:60px} .pLeft60{padding-left:60px} .mRight55{margin-right:55px} .mLeft55{margin-left:55px} .pRight55{padding-right:55px} .pLeft55{padding-left:55px} ...
Ugh.
There’s a better way:
@steps: 100; // Main Loop .sidesX( @index ) when ( @index > 0 ) { (~".mRight@{index}") { .mRightX(@index); } (~".mLeft@{index}") { .mLeftX(@index); } (~".pRight@{index}") { .pRightX(@index); } (~".pLeft@{index}") { .pLeftX(@index); } .sidesX(@index - 5); } // End iteration at index zero .sidesX( 0 ) {}< // Individual class rendering .mRightX( @offsetsize ) { margin-right: (~"@{offsetsize}px"); } .mLeftX( @offsetsize ) { margin-left: (~"@{offsetsize}px"); } .pRightX( @offsetsize ) { padding-right: (~"@{offsetsize}px"); } .pLeftX( @offsetsize ) { padding-left: (~"@{offsetsize}px"); } // Generate the CSS .sidesX( @steps );
Flashback: Skip Intro for flash introductions
Remember when flash introduction pages were all the rage? They were ‘cool’ from the web designer‘s standpoint, but utterly annoying and off-putting to the visitor. Fortunately, most people figured out that people visited their site for the content, not the snappy graphics (unless it was a gallery site), and certainly not for the mandatory intro pages.
Yet, some people still haven’t gotten the clue that the 80s called and they want their flash intros back.
For those who remember with revulsion, here’s the old SkipIntro parody. The site is long gone, but it would be a shame to let it fade away!
SkipIntro
(click the ‘play ball’ to start)
[kml_flashembed publishmethod=”static” fversion=”8.0.0″ movie=”https://www.neonrocket.com/wp-content/uploads/2012/10/skipintro98.swf” width=”600″ height=”500″ targetclass=”flashmovie”]
[/kml_flashembed]
If you haven’t clicked on it, do it now! Relive the pain of the never-ending flash intro to the sound of weird indian music and gunfire!
Related articles
- Site Loading? Skip Intro? You’re Kidding? I’m Outta Here. (duoconsulting.com)
- how to add a skip intro page to jooomla 2.5 web site (daniweb.com)
- Adobe Flash: I’m not dead yet! (zdnet.com)
Regular Expressions Roundup
Writing some Regular Expressions?
Some people, when confronted with a problem, think “I know, I’ll use regular expressions.” Now they have two problems.
—Jamie Zawinski
Well, not really. There are some cases where using a Regular Expression—RegEx— instead of a heap of convoluted if
statements just makes sense from both a lazy and practical standpoint.
When you’re knee-deep in writing your RegEx, you’ll need to test. My favorite RegEx ‘workbench’ is Oliver Steele’s “reWork.”
To get a jumpstart on writing complex RegEx, check out the Regular Expression Library, which contains a plethora of user-submitted RegEx recipes. Some of them are quite good (check each recipe’s rating).
Related articles
- New tutorial: Regular expressions (nofluffjuststuff.com)
- An SEO’s Guide to RegEx (seomoz.org)
- Regular Expressions Cookbook (O’Reilly) (i-programmer.info)
Find Something You Like and Dissect It
I’m always on the lookout for a new technique or Better Mousetrap. I admit I don’t know all that much, so I’m happy to learn.
I was playing around with Wikify @ appointment.net (a nifty tool that goes through a block of text and ‘wikifies’ it–that is, links all the words it can find to relavant Wikipedia articles) when I noticed the behavior seemed rather…odd. I could see it go through the word list as it created links, and every time it linked up a word, every duplicate word was linked.
Let’s take some example text (from the now-defunct Dilbert Mission Statement Generator) and run it through the site:
“We have committed to synergistically fashion high-quality products so that we may collaboratively provide access to inexpensive leadership skills in order to solve business problems“
Our mission is to continually leverage existing seven-habits-conforming catalysts for change as well as to competently leverage other’s error-free materials.
We globally leverage other’s professional meta-services as well as to conveniently integrate competitive solutions in order to solve business problems.
“It is our job to continually foster world-class infrastructures as well as to quickly create principle-centered sources to meet our customer‘s needs”
“Our challenge is to assertively network economically sound methods of empowerment so that we may continually negotiate performance based infrastructures“
For example, the additional instances of “leverage,” “problems,” and “business” were quickly linked, once the first one was completed. Poking around their code, I noticed all the action takes place in wikify.js
. There are a few gems in there. For example, the function call to reduce an array to only unique values:
function array_unique( array ) { // http://kevin.vanzonneveld.net // + original by: Carlos R. L. Rodrigues (http://www.jsfromhell.com) // + input by: duncan // + bugfixed by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + bugfixed by: Nate // + input by: Brett Zamir (http://brettz9.blogspot.com) // + bugfixed by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + improved by: Michael Grier // % note 1: the second argument, sort_flags is not implemented // * example 1: array_unique(['Kevin','Kevin','van','Zonneveld','Kevin']); // * returns 1: ['Kevin','van','Zonneveld'] // * example 2: array_unique({'a': 'green', 0: 'red', 'b': 'green', 1: 'blue', 2: 'red'}); // * returns 2: {'a': 'green', 0: 'red', 1: 'blue'} var key = '', tmp_arr1 = {}, tmp_arr2 = []; var val = ''; tmp_arr1 = array; var __array_search = function (needle, haystack) { var fkey = ''; for (fkey in haystack) { if ((haystack[fkey] + '') === (needle + '')) { return fkey; } } return false; }; for (key in tmp_arr1) { val = tmp_arr1[key]; if (false === __array_search(val, tmp_arr2)) { tmp_arr2[key] = val; } delete tmp_arr1[key]; } return tmp_arr2; }
Aha! See how that works?
Related articles
- Your Guide To Downloading Pages From Wikipedia (makeuseof.com)
- How to turn Wikipedia articles into e-books (teleread.com)
- Corruption in Wikipedia Confirmed (pochp.wordpress.com)
The Importance of Not “Designing” your own Security
Recently, at a client, I had the opportunity to review their security implementation on their website. I realized that it is very important to never try to design one’s own security, because of the Dunning Kruger effect. In a nutshell, folks who don’t know very much about security think they know “enough,” and folks who are very knowledgable (e.g., Bruce Schneier) realize they don’t know all that much.
So what does this mean? It means simply this:
If you design your own security system, you’re going to get it wrong.
Here are some examples of how to get things wrong.
- Storing passwords in plaintext so you can send the person the password if they forget.
- When (not if) someone breaks into your database, they instantly own every single account. They can log in, view your user’s details and change them. Since most people reuse the same password for multiple systems, the attacker can try those passwords on other popular services, such as Facebook, GMail, LinkedIn, Twitter, etc.
- Relying on application-level security to protect your data.
- This is dangerous because it is hard to ensure 100% coverage. EVERY access point—of many—to your data must be secure. Failing to cover one point leaves the system wide open. A better solution is to apply security at the data-store level. Typically, this is done using triggers and stored procedures. Your RDBMS doesn’t support those (or weakly supports them)? Find another RDBMS.
- Using the same salt for every password in the system.
- You don’t understand what salts are for and how to use them properly.
- Requiring “complex” (a number, upper- and lower-case letters and symbols but not very long) passwords.
- Nope. Ineffective.
- Relying on Two-Factor Authentication.
- For now it is working, somewhat, but crackers are rapidly finding ways to circumvent this technique.
- Relying on a “security question” in case the person forgets his/her password.
- Oh, you’ll love this. You’re creating a weak password as a backup to a (hopefully) strong password. Fail.
- Assuming by keeping the details of your implementation secret, you will be secure.
- This is dangerous because you think you’re secure. In fact, you are less secure. Kerckhoffs’s Principle is always a good starting point for security implementation: if an attacker could see all of my code and had a copy of my database, could she/he break into my system?
Getting it right
The first step is admitting that you don’t know what you’re doing.
Now go find someone who does: there are plenty of security libraries out there for every language. Find one that is mature and widely used and implement it. Keep up to date on the library’s mailing list so you will receive alerts, and update whenever there’s a new version.
Security is hard to do. It is extremely hard to do correctly. Don’t fall into the trap of thinking you can get it right without years and years of study and experience.
Related articles
- Blizzard hacked, warns users to change passwords (zdnet.com)
- Security tip: do not answer security questions correctly (ghacks.net)
- Security Questions: The Biggest Joke in Online Identity Verification (theatlantic.com)
- An even easier way to better passwords (rgbartlett.co.uk)