Jay Hollingum - Works in IT

If you're a Google Website Optimiser user then you've probably already received and read the email below. If you've not, but do use Google Website Optimiser, then you may need to update your code to prevent an XSS attack. There's no mention of the fix or issue on  http://websiteoptimizer.blogspot.com/ , but in the interests of getting people up to speed as quickly as possible here is a copy of the email containing the fix needed, with thanks to Trevor Claiborne from Google. This applies to any scripts created before December 3rd, 2010. Dear Website Optimizer user, We are writing to inform you of a potential security issue with Website Optimizer. By exploiting a vulnerability in the Website Optimizer Control Script, an attacker might be able to execute malicious code on your site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack. While the immediate probability of

Finally I've updated my own little piece of internet real estate. It's only taken 7 years to get round to it. As fun a project as it was, developing my own ActionScript 1.0 3D engine all those years ago, the old site ( www.uk79.com ) is a little dated now to say the least, with an entrance page, recommendations for processors and screen resolution, total neglect for accessibility and search engines, so on and so forth. It was all so cutting edge in the early 21st century, at a time when Flash and animation was going to rule the www, but it was definitely time to revamp and update. jayhollingum.com still needs a bit of work and a few tweaks to it, but it's going to be a hell of a lot easier to maintain and develop further.

A bit of old school SQL Server 2000 stuff that I had to delve in to, to resuscitate a dying database using sp_who2. Running the command sp_who2 gives details of the current sessions, users and processes running in an instance of SQL Server. It's an undocumented version of the sp_who command ( http://msdn.microsoft.com/en-us/library/ms174313.aspx ) but sp_who2 gives a bit more info as to what certain processes are doing. From this, you can get a feel for what sessions and processes are hanging the database, or are being blocked, or just generally causing problems in the current running sessions of the instance of SQL Server. Once the SPID (Server Process ID) is known that is causing issues, this can be used to get the sql_handle from sysprocesses. The sql_handle is a binary key that references queries in the procedure cache. After getting the sql_handle, the function fn_get_sql can be used to reveal the SQL statement that seems to be causing issues. DECLARE @Handle varbinary

My better half forwarded on a link to me today, and now I have seen something that has made me question my future career on the web. I just don't think I can compete at this level and will have to retire to a life of solitude on a remote island devoid of all technology. http://superior-web-solutions.com/ Just one example from their portfolio:  http://industrialpainter.com/ Now I'm not saying I'm the best web developer/designer in the world but I'm glad to see companies are still out there keeping the web of the early 90s alive and kicking. It's important we hold on to these important technological cultural milestones, unless we've gone full circle and are now entering a whole new retro-flash movement? Think this is going viral by the stats on the bottom of the page (when it works properly): 3 views yesterday. Over 9800 today and still counting. In case anyone is interested, they do appear to be recruiting  http://superior-web-solutions.com/Broadba

Adding HTML 5 to the choice of target schemas in Visual Web Developer 2010 Express (VWD 2010 Express) is fairly straightforward, thanks to a download from Mikhail Arkhipov which can be found on the Visual Web Developer Team Blog at http://blogs.msdn.com/b/webdevtools/archive/2009/11/18/html-5-intellisense-and-validation-schema-for-visual-studio-2008-and-visual-web-developer.aspx . Download the html5.zip at the end of the above post. Unzip the file. Copy the html_5.xsd file to "C:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\schemas\html". This is the default installation set up location. If VWD 2010 Express has been installed in another location, the file needs to be placed in the "Microsoft Visual Studio 10.0\Common7\Packages\schemas\html" folder. This is where there is a slight variation in the instructions detailed in Mikhail Arkhipov 's post. To get VWD 2010 Express to recognise HTML 5 as an option for target validation, a change needs

The "semantic web" as a theory has been around for ages and I remember working with people, a decade ago, who were investigating how to build a semantic web. The semantic web, a term coined by Sir Tim Berners-lee, is a vision that would allow automated agents and software to access the Web intelligently, via machine-readable metadata embedded within content. There are a number of standards, tools, methodologies and technologies around that have been created to aid in the development of a semantic web, yet it is still unrealised and alludes the world. There are a number of reasons for this including the physical size of the web, the vastness of knowledge and how to categorise it all into suitable classes, and the completeness, consistency and standardisation of information, to name just a few issues to deal with. I imagine some even question whether it is truly possible due to the sheer scale and requirements involved. Probably the biggest impact of working towards a s

So the time has come to move to a more advanced blog engine for my blog. blogger.com , Google's blogging service, has served me well. It's incredibly easy to use and to get started with, along with having some great features such as inbuilt stats; however now I need a few more advanced features and greater control over the blog. There's a vast array of blog engines out there, some free, some paid for, some hosted, some self-hosted, and picking which one is best or the right choice could be a little bit tricky. This article from Mashable lists most of the main options and bigger players -  http://mashable.com/2007/08/06/free-blog-hosts/ . There are a few parameters that I've kind of decided on Ease of installation/compatibility and support with web hosts Simple to use. I don't want to spend ages clicking around just to add a post or format it. Feature rich and well supported. Most blog engines should have a fairly standard set of features now such RSS/ATOM fe

http://www.iia.ie/ As part of my work I ended up at the Irish Internet Association's conference "8 Ways to Sell More Stuff" at the Davenport Hotel in Dublin, last Thursday. http://www.iia.ie/news/item/1627/iias-upcoming-conference-8-ways-to-sell-more-stuff-is-a-load-of-pants/ As a developer I wasn't expecting to learn too much from a conference about selling and online business, but then it's always good to keep up to speed with all areas of your work, and understanding business in relation to IT systems and websites is probably as important as making sure an index is properly optimised on a database table or some other uber-geeky thing like that. An Post http://www.anpost.ie http://www.iloveshopping.ie/ The afternoon started off, after some tea and coffee and very nice short bread biscuits, with a talk from the Conference's sponsor, An Post. They were basically flogging their service for parcel delivery to internet businesses that need a delivery se

Bing, Microsoft's search engine , comes with a few tools for webmasters to track their websites' stats. These tools are in no way as advanced as Google Analytics , but do let you see how a site is being crawled and indexed by Bing, and also allows for better control of submitting sitemaps to Bing. Setting up Bing tracking and statistics for Blogger, Google's blog publishing service , is pretty straightforward, assuming you have a blog already set up on Blogger!! All that's needed is: Sign in to Bing's webmaster toolbox (you'll need a Windows Live ID). Enter URL and get verification code for your blog. Add the verification code to the blogger template and save. Return to Bing's Webmaster Toolbox and finally verify the blog. Sign in to Bing's Webmaster Toolbox Go to Bing's Webmaster Toolbox at http://www.bing.com/toolbox/webmasters/ and sign in. If you don't have a Windows Live ID, you'll need to sign up. Once signed in, click &q

There are hundreds of URL shorteners around these days such as bit.ly tinyurl.com moourl.com tiny.cc  and ow.ly with the bigger websites even creating their own URL shortening services. Now Google have stepped in to the ring with their own URL shortening service, goo.gl . Although goo.gl URLs have been appearing in Google products for some time, they have only just released a website for shortening any URL. The blog posting announcing the release can be found on their social web blog at http://googlesocialweb.blogspot.com/2010/09/google-url-shortener-gets-website.html . Given the resources behind Google, this will probably be one of the most stable and secure URL shorteners, and is unlikely to go the way of some such as tr.im .

Generated XHTML by the .NET environment can throw an error if creating strict XHTML 1.1 as defined by <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> The .NET environment adds the attribute "name" to the "Form" tag, which is not valid, strict XHTML 1.1 as shown in the screen shot below when validating against the W3C service. Screen shot of W3C Strict XHTML 1.1 validation error To remove this error, the .NET environment needs to be told to generate strict XHTML, as opposed to transitional XHTML or HTML or some other format. This can be done by adding "<xhtmlConformance mode="Strict"/>" to the web.config file within the system.web node e.g. <?xml version="1.0"?> <!--      Note: As an alternative to hand editing this file you can u

After publishing the initial default set-up of BlogEngine.NET ( http://www.dotnetblogengine.net/ ) to an IIS 7 web server (i.e. not running under debug mode from Visual Studio), the following security exception may appear, stating : System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. BlogEngine.NET Security Exception To get BlogEngine.NET running, the "User Profile" of the application pool that the application runs under in IIS needs to be updated. IIS 7 Application Pools The "Load User Profile", accessed through advanced settings of the application pool, needs to be set to true.  Application Pool Advanced Settings - Load User Profile That should be it to get a proper response from BlogEngine.NET on the server. Of course don't forget to add write permissions for the app_data folder. Thanks to  David Burke  a

IE8 is a vast improvement on IE6 in terms of rendering HTML and CSS; however now and again there still seem to be some oddities compared to other browsers. Having spent the best part of a day trying to debug the code which had been validated by  http://validator.w3.org/  (as XHTML 1.1 Strict  ) and  http://jigsaw.w3.org/css-validator/  (as CSS 2.1), IE8 was still having trouble rendering the page and was drawing a div twice. Ultimately it boiled down to an anchor tag being closed in short form. i.e. <a id="someAnchor" />. After changing this to <a id="someAnchor"></a>, everything worked fine and was bang on again in IE8. Lesson learnt that if IE8 appears to be rendering incorrectly, check which tags are being closed in which way. Not saying this is the answer to every rendering issue in IE8 but it's something to look out for if HTML and CSS code is perfectly valid, rendering correctly in all other browsers (Chrome, Firefox, Safari, etc.),

If you're short on time or lack a certain flair for design, then this may be worth a quick punt at getting a decent layout and design set up for a site quickly. http://www.blueprintcss.org/

Here's a little tutorial about sorting out the colour bleed in Internet Explorer with CSS when using fieldsets and legends. http://www.communitymx.com/content/article.cfm?page=1&cid=DD9F3

Having recently posted about new operating systems for mobile phones and the multitude of platforms that developers would have to develop for it, seems that a whole group of organisations, from network operators to handset makers, are clubbing together to create a common standard that developers can work with. It could be a while before any real progress is made and this tree begins to bear fruit, bearing in mind the hundreds of platforms, software, and hardware that exists already. The original article is from the Guardian and can be found here , where I first read about this being announced at the Mobile World Congress. The press release can be found on Marketwatch . This new consortium's website is at  http://www.wholesaleappcommunity.com .

When Google's web browser, Chrome , first came out, as quick and simple as it was, it seemed to lack a few of the extensions and features that were useful in Mozilla FireFox , especially for developers. Recently though, after having trouble with massive memory leaks in FireFox ( http://kb.mozillazine.org/Memory_Leak ), Chrome got another try out ( Internet Explorer still seems to take forever to load up and feels like its dominating the browsing experience). No surprises in Chrome's simplicity, speed and efficiency, and the way it neatly lets you get on with browsing the web. It also come with nifty little developer tools, showing download speeds, CSS/HTML structure, access to scripts, all of which can be found from the page button link as shown in the video below, using the Page button > Developer > Developer tools link (or key combination CTRL + SHIFT + I). As always it boils down to personal preference and it's good that there is this choice (nevermind the be

Reading through some reviews and articles of the Mobile World Congress 2010  and seeing Samsung's new Wave phone using their new platform Bada , reminded me of this post about MeeGo , that I made a while ago. The fact is that it is yet another system to develop on and then support, or if the angle of the phone companies is to have a selling point for their phones, whether the average consumer on the street even cares about what operating system their phone uses, unless buying in to a brand like Apple, Google or Microsoft. Developer documentation for Bada can be found at this site - http://developer.bada.com/apis/index.do .

Finally dragged myself in to the Twitter  era with a Twitter account. I'm still unsure as to its usefulness, objectives and what can be achieved with it, and I certainly won't be posting things like "filling kettle with water", "waiting for water to boil", "OMG! Still waiting for kettle to boil water", "Made cup of tea", so on and so forth. At the moment I'll probably just "tweet" new blog entries through it, which i'll mention in my next post and which seems like a pretty good first use as Twitter appears to ultimately be a tiny rapid fire blogging engine. This isn't to say it's totally useless or meaningless and i'm sure after reading  http://business.twitter.com/twitter101 , ideas on how to best use and take advantage of the site will become clear. Anyways, "follow me" on Twitter at  http://twitter.com/jayhollingum .

Sometimes javaScript files need to be sourced in the head of an HTML document; however the >net framework does not appear to update tIf you add a link element into the head of the .Net master page, e.g to use a style sheet, then the .Net framework takes care of sorting out the relative URI resource, so that the correct path for the style sheet is always used. e.g. linking to a style sheet in the head of a master page <link href="StyleSheetFile.css" rel="stylesheet" type="text/css" /> would be automatically converted, if you went in to a sub directory, to <link href="../StyleSheetFile.css" rel="stylesheet" type="text/css" /> However a source used to load a JavaScript file does not behave in the same way and the path remains as defined in the master page. e.g. linking to a javascript file in the head of a master page, no matter how deep in to the directory structure you go, will stay as <script sr

It looks like yet another operating system is going to be developed for smartphones and mobiles and released to the world. Doing the rounds on the news sites and blogs is that story that Nokia and Intel have joined forces to work on a new OS. The spin is that this Linux based OS will not just be aimed at one hardware platform but can be scaled to be used on smartphones , TVs and in-vehicle infotainment systems, or netbooks and anything in between. MeeGo is a merging of Intel's Moblin and Nokia's Maemo projects. With the successful uptake of Android in the mobile world and the related Chrome OS to be released, Windows 7 Mobile doing something to restore Microsoft's credibility, Palm entering the fray with their WebOS, the iPhone OS being so successful with the iPhone, and Symbian to mention but a few, how much more room in the market is there for OSs or is this two global corporations trying to emulate Google's success in their release of Android. Unless, of course