Category Archives: Random Information

Interesting e-mail exchange: HTML vs XHTML

It’s not really a wrestling match, but it is something of a face-off:

html401VSxhtml

Email 1:
Dear Mr Noble:

I am writing a research paper on the difference between HTML and XHTML along with the advantages and disadvantages of the two. I am asking for your opinion because I have learned quite a bit about the languages reading your book HTML, XHTML & CSS for Dummies. From your bio in the book it seems you have a lot of experience and the book itself only proves that. So I was wondering, what is your opinion on HTML vs XHTML? Which is most efficient? Which is, in your opinion, the “best” and why?
 

Egad! We’ve Been Hacked

Wow! I hate to admit it, but we’ve found — and cleaned up — evidence of a WordPress-specific attack on this very Website recently. The signs showed up first in descriptive text about the site on Facebook, but then this morning we got word from one of our readers that active links to various payday loan sites were showing up through our home page. And sure enough when I went to “View Source” on that page, here’s what I found:

<p>Within the basic facts including payday cash than payday loanspaperless payday legal citizen of fraud or able to expedite the present valid source however there has <a href=”http://m*rtg*gebankpaydayloans.com/”></a> poor of bad credit borrowers who says it take on what faxless payday personal need some boast lower than average credit this occurs payday advance. Problems rarely check on it at cash advance <a href=”http://ch**pcashadvanceonline.com/” title=”cash advance”>cash advance</a> your will most needed. Low fee for school or worse payday loans <a href=”http://p*yd*yloanchannel.com/” title=”payday loans”>payday loans</a> you gave the country.  …other similar text removed for brevity’s sake, asterisks added to URLs to prevent blockage or blacklisting…</p>

Jeff jumped up to the site and killed the offending injection into one of our primary header files that was causing the problem, and then turned up this fascinating article from Sucuri entitled “Common WordPress Malware Infections” from our friends and colleagues over at Smashing Magazine. We’ve put the Sucuri SiteCheck facility to good use to produce the following results report, too:

After some clean-up, a clean bill of health results.

After some scrubbing, a clean bill of health.

All of this information is presented to make some important points about web site security:
1. When you turn your platform over to a third party like WordPress you inherit all of its security weaknesses.
2. Keeping your site up to date includes keeping the platform up-to-date and secure, as well as the content.
3. Monitoring site security is easier to do that I originally thought, but also more important than I had thought as well (I have no trouble understanding why site operators pay for multiple daily security checks to limit exposure to exploits should they occur).

If they can hack us, they can probably hack you, too, so you’ll want to take steps to prevent such things from happening. Be sure to talk to your service provider about how they secure your environment, and ask them what steps you must take to help secure your website, too. To do otherwise risks embarrassing inclusions of unwanted content on your web pages (which is what happened to us) as a sort of “best case of the worst case.” But it could also result in users downloading malware when they access your pages, which in turn will either cause them to stop visiting your site (bad enough already) or make search engines like Google or Bing blacklist your URLs as malware infected (if you can’t show up in the engine’s search results, potential visitors can’t find you, which is an instant “kiss of death” for modern websites and thus a “worst case of the worst case” scenario).

–Ed–

The greatest commencement speech ever.

Leave a reply

There really isn’t much to write on this HTML blog that anyone else hasn’t already said about the unfortunate passing of Steve Jobs. Instead of writing yet another article about his effect on the computer and animation world, I’d prefer to just post the embedded YouTube clip below as the greatest commencement speech ever.

Top 10 Reasons Writing HTML is Like 4th of July Fireworks

Leave a reply

Greetings everyone,

I love writing HTML (big surprise) and I also love 4th of July fireworks. I was thinking (it happens for 10 minutes a day – max) about both and came up with the following list of the top 10 reasons writing HTML is like 4th of July Fireworks. Please feel free to add any that you think I may have left off.
Continue reading

Interesting Page Refresh Problem Goes Uncaught at validator.w3.org

Leave a reply

In every edition of our book since the World Wide Web Consortium (aka W3C, with website at w3.org) put up its validator in the late 1990s we recommend that our readers use this tool to make sure their files are working properly as part of the debugging and publication process. (My old buddy and co-author on various CGI and other books, Mark Gaither, actually built the first known HTML validator in 1992-1993, using SGML technology to help him get a leg up, so I’ve been a believer since I first learned HTML, having learned the value of syntax checking when writing code using honest-to-gosh programming languages like C, SmallTalk, Pascal, and other stuff nobody uses an more.)

Continue reading

The (Occasional) Trouble with Cross-Platform Development

1 Reply

When we brought the site up live about two weeks ago, one of the first things we did was to post the “master ZIP file,” which contains all the source code, graphics, CSS, and so forth, for all of the examples in this latest edition of our book. Jeff and I both tested the file, and it unpacked perfectly on our various test machines so we figured “Problem solved. We’re good to go!” Not quite…

Continue reading