XmlHttpRequests (or “ajax“) is generally considered to be safe because it is restricted by the “same origin” policy, but that isn’t entirely correct. Consider the following: an ajax-call, like all http communication, consists of a request and a response. For read-operations the response is needed, for write-operations … that ain’t necessarily so! So how can a “hacker” send a request for such a write-operation and have it executed (which amounts to “cross site request forgery” actually)? There’s a number of possibilities:
Execute a GET-request by including it in the attack-site html as the src of a script, css or img tag, for all of which the same origin-policy does not apply.
Using JavaScript to create a form, populate it and POST it, the same-origin policy does not apply to forms being posted.
Just do a normal XHR-request, the same-origin policy applies, but some top-notch browsers will execute the request and just ignore the response (is that a bug or a feature?)
Little over a year ago I must have been smoking some weird shit when writing that Flash would become irrelevant in 2010. Because after all, this is 2011 and there’s still plenty of Flash for Adobe aficionados to make a living and the famous html5 video codec issue hasn’t been fully sorted out yet either. So I was wrong, was I? Well, … not really! Apple still stubbornly refuses Flash on the iPhone and more importantly the iPad, Microsoft’s Internet Explorer 9 joined the HTML5-crowd in full force and even Adobe is going HTML5 with support in Dreamweaver and in Illustrator and with a preview of Edge, “a tool for creating animation and transitions using the capabilities of HTML5”. But is was only in December 2010 that I knew I was dead on with my prediction, when I overheard this conversation at work between a business colleague and a web development partner:
Business Colleague: I would like a personalized dashboard with some nice-looking charts in my web application. Web Development Partner: No problem, we’ll do it in Flash! Business Colleague: No, we want this to work on the iPad too!
The year technology-agnostic decision-making business people started telling suppliers not to use Flash, that was the year Flash became irrelevant and “the open web technology stack” (somewhat incorrectly marketed as HTML5) took over.
De oudere jongeren van Underworld waren onlangs bij KCRW in de studio om daar wat muziek maken. Ze speelden onder andere “Two months off”, hieronder op YouTube. Best een fijn riedelke, meeslepend en zo, maar live in de radiostudio deed me dat toch niet veel. Tot er, 4 minuut 40 seconden ver in de trip, iets fout liep met een knoppeke of misschien wel met een hele sequencer. Karl Hyde gesticuleert dat de boel kapot is, Darren Price probeert Hyde met gebaren duidelijk te maken wat hij moet doen om de machinerie terug op gang te trekken, Rick Smith lijkt rustig “ik doe nog wel wat verder” te zeggen terwijl de roadie erbij wordt gehaald en Hyde ziet op 5 minuten 30 dat pakweg het volume gewoon op nul stond:
The javascript fetches the data using jQuery’s getJson, parses all departures in the template and adds the resulting HTML to an element in your DOM (in this case #liveboard’):
Off course the UNIX-timestamp in this.time isn’t really usable, but we can easily add some javascript to the template, just before outputting the time, to fix that;
That’s right, use “<%” instead of “<%=” and you can mingle javascript in the template. To only show trains that have not left and to show departures including delay, the template looks like this:
As was to be expected and confirmed in the Google Webfonts FAQ, even the fastest method (hosted Google Fonts) is 0,26s slower then the version without web fonts. Locally hosted fonts are marginally slower, but that’s because (for reasons I don’t fully understand) 2 font-files were loaded instead of only 1 in the Google Fonts-powered page. Cufon isn’t really worth mentioning here, it’s dead-slow and has become rather irrelevant I guess. I did not test a version with images instead of web fonts, but that would probably yield approximately the same result (5 image files, each somewhere between 4 and 8Kb?) and is sub-optimal form a SEO and accessibility point of view. So 0,3 seconds, that’s not too bad, no? Or is it? If you’re creating an online shop, Amazon’s experience might be of particular interest here; every 100ms delay costs them 1% in sales. So are you willing to lose 3% revenue just to have those nice fonts, which your visitors probably couldn’t care about less? My advice; don’t use web fonts if you value performance. And you should consider performance a top priority, not just for sales’ sake, but because raw website performance also impacts usability and search engine ranking. If your brand identity manager insists on using the right fonts, performance be damned, then try to at least follow these basic best practices:
have the CSS that defines your fonts (with font-face) as early in your HTML as possible and certainly before any script is loaded
use Google’s hosted font-solution if possible; it’s fast, the CSS is optimized for the browser that requests it and there’s a lot of free fonts at your disposal
if you have to host the fonts yourself, make sure to serve the WOFF format (the new standard) and SVG (for iPhone/iPad) next to the more traditional TTF (the “old” standard) and EOT (for MSIE)
if you’re hosting your own fonts, configure your webserver to on-the-fly compress ttf, svg & eot-files (woff-files are already compressed) and set expire-headers for all fonts in the far future to allow optimal caching (example for Apache):
Gisteren overleed Mick Karn in Londen aan kanker. Karn speelde fretless bas (en saxofoon en klarinet) bij Japan en werkte daarna, in de jaren ’80, samen onder andere Kate Bush, Joan Armatrading, Midge Ure en Gary Newman. Z’n latere solo-werk en albums met Steve Jansen, Richard Barbieri en David Torn waren funky, jazzy, maar vooral eigenzinnig. Muziek voor muzikanten, misschien wel. Karn had een heel persoonlijke, intense stijl, liet z’n bas steeds bevreemdend melodieus grollen. In het najaar van 2010, toen hij al gediagnosticeerd was met vergevorderde kanker, zat Mick Karn overigens opnieuw met Peter Murphy (ex-Bauhaus) in de studio om 25 jaar na datum een 2de Dali’s Car album op te nemen. In 1991 brachten David Sylvian, Steve Jansen, Richard Barbieri en Mick Karn samen een nieuw album uit, niet als Japan maar als Rain Tree Crow. “Pocket full of change” van die CD is misschien het meest toepasselijke nummer bij deze gelegenheid: “Life runs out, like a pocket full of change” …