Comments and Code – Obfuscator 2

As part of my ongoing online response to some great questions, I offer the following request by Colin Kuskie, webmaster for the Sunset Presbyterian Church:

Hi Dean,

My name is Colin Kuskie, and I’m Sunset Presbyterian Church’s
volunteer webmaster/hostmaster. I’m planning on moving our website,
www.sunsetpres.org, to a CMS, and I’d like to help secure staff
and member email addresses against spam by using your obfuscator
as a macro, but I couldn’t find anywhere to download the code from
your site.

Is it publicly available, and if so, could you please give me a
pointer as to how to find it?

Thank you,
Colin

p.s. Thank you very much for your online minstry. It’s one of
the things that convinced me to go to a CMS, and then to teach
myself CSS in order to implement it. I pray that God will you
your website to enable other churches to reach out with God’s
message to the world.

How can I say no to a request like that? So I emailed Colin back with the response “… Colin, stop it, my ego is already ‘well maximized’ enough!” … Actually, that’s not what I said, but I thought it might be fun to share a little opera singer humor with you. Go ahead, ask your minister of music about their well-optimized ego … but I digress …

Actually, my first response to Colin was “Macro? For what system?.” This wasn’t out of any suspicion, but more out of curiosity, and more out of concern that my original obfuscator hack wouldn’t integrate all that well as it was built into an online form generated using CGI.PM. Colin responded that he intends to integrate the code behind the Mean Dean Anti-Spam E-Mail Obfuscator(MDA-SE-MO) into a macro for a Perl-based content manglement system (CMS) named WebGUI. A robust system I’ve played with once or twice before, but don’t let my ease-of-use fool you. This is one CMS that requires you know Perl, paths and your site map before you go shooting your foot off of with it … but I digress …

CMS sorties aside, Colin’s question reminded me of this sage advice she’d offer whenever I’d leave the house: “make sure you have on clean underwear.” Not that it would help if the last thing I ever saw was an oncoming cement truck … but I digress …

So, if I’m going to put my code ‘out there,’ I had better tidy it up a bit, and put it into a easy to deploy, use and maintain Perl module. This way, he could use it for WebGUI, and I could use it for an upcoming MovableType plug-in … unless one of you kind souls comes up with it first … but I digress …

I also figured if I as going to put it ‘out there,’ I might as well add an option that might really, truly drive spammer’s nutzo … that is to render the hyperlink as inline javascript. Yes, I know 12% of all browsers have Javascript disabled, but then again, how many people using wGet or Curl are actually interested in sending me email? That said, it is for such reasons that I have in the past advocated including a form-based email solution on your church or charity website. All the more so if you’re going to use the inline javascript option on Obfuscator … but perhaps this tangent is better left as a topic for later discussion?

Anyway, below is the code for the new perl module behind the slightly improved online demonstration of the MDA-SE-MO:


Yes, this obfuscator isn’t nearly as dastardly as the very cool and very effective online offering from HiveWare (hat tip to Mark Pilgrim) … perhaps by putting the Obfuscator.pm code ‘out there’ … someone will come up with an elegant “<noscript>” solution. I’ve already got one person who’s keen on optimizing the regular expressions … Colin, thank you.

Posted in Uncategorized

Comments and Clarifications 1 of … many to come

I love the HYCW regulars … even those of you who lurk and are reluctant to leave a comment for fear of me returning the favor with a “thorough usability analysis” of your church’s website. First, let me reassure you, unless you are a slathering troll who abuses comments with ad hominem attacks on myself or others … or even worse … use my comments to spamvertise … then I’m not going to “publicly knit-pick” your site without you first asking me to … or without me first contacting you.

Moreover, you’ll notice, I have a category based upon Luke 6:42 … that is, being human, we do from time to time need to make sure I practice what I preach, and to correct those few times I get something not exactly right. So with that in mind, I’d like to respond to some recent comments:

In response to my post “So Many Free Web Hosts, so Little Time!Stephen Galliver writes:

I have been reading this blog for quite some time, and appreciate the time and effort that Dean takes to share his hard-earned experience with us. I am currently working on a redesign of our church’s website, which I inherited from our previous webservant [1]. I wish to offer my two cents regarding free webhosts:

1) I see little reason to sign up for a free webhost simply to create a development website. Assuming your current webhost supports what I am about to suggest (and that may be a big if, but a reseller account should do so), create a subdomain to house your development site. For example, if I manage the website at www.example.org, I would create beta.example.org, which would serve files from a directory separate from that which serves the production site. The development site can then take advantage of libraries and modules you have loaded for the production site.

2) free services are worth about what you pay for them. Don’t put mission-critical files on a free service, since it — and your files — could disappear without warning. I would be especially reluctant to put sensitive information, such as membership data you might store in a database, onto a free service, even in a back-up or mirrored capacity. And if any of your scripts contain passwords, for goodness sake, make sure the development passwords are different than the production passwords (a good practice even if you don’t use a free webhost).

That’s about it. I hope I haven’t overstepped my bounds in posting such a long comment.

— sdg

[1] The website was “state of the art” in 1998, but much has changed since then. Fortunately, my predecessor had the good taste not to include any “Jesus junk”. Still, it breaks many of today’s design rules, so it’s time for a remake.

I love this comment, and am grateful for it … and on a personal note to Stephen … no, you have NOT overstepped any boundary, in fact, it is comments like yours that make this techblog a joy for me, and informative for others. That said (sound of other shoe dropping)… I have the advantage of remembering pretty much everything I wrote … which includes an article posted September 22, 2002 entitled “Free Web Hosting Ain’t Cheap.” Which not only corroborates much of Stephen’s point #2, but offers a few more we may not have considered.

So I guess the question is, am I a hypocrite, or have I had a change in heart? No, I still insist that for your PRODUCTION web site, that you get real. After all, nothing distracts from the compelling content of your church web site like a pop-up ad for viagra.

This gets to Stephen’s point #1 … which I disagree with based on a tenant I’ve heard preached over my 20 years of programming experience … a rule which reads “If at all possible, don’t develop on a production machine.” This commandment is preached and practiced by programmers world-wide because it is just easy to destroy, cripple or impact the production site with pollution from the development. And this is what I was trying to get at in the context of my recent post about free sites. Why consume bandwidth, resources and potentially harm existing data because you’re curious about a new content manglement system or are playing with Python?

That and I’ve developed on too many “for pay” web hosts who’s backups aren’t what they should be. In other words, whether you develop on paid hosting or not, you need to take the appropriate steps to backup your data to a local machine/host to preempt disaster … or as I’ve preached in the past … those who fail to plan, plan to fail. In other words, yes, I agree, you get what you pay for … sometimes less … especially when it comes to inexpensive web hosts.

It is this very situation, that is the separation of development and production and the unreliability of both free and for-pay hosts, that I have in the past brought to your attention cool server or server-like tools such as Sokkit, Knoppix and other fun stuff such as the Home Web Server Project. That said, in those situations where such solutions are impossible or unfeasible, I think Stephen’s recommendation to create a subdomain makes for a very feasible and possible alternative. It is in fact how I’ve developed some test sites in the past.

Anyway, I wanted to bring Stephen’s comment to the forefront because I think he established the perfect model for a contrary opinion … one delivered with intelligently, respectfully and in Christian love. And while we may disagree, I hope I’ve returned his comments with the same respect and thoughtfullness. If not … you guys know what to do …

Posted in Uncategorized

Some useful usability Bookmarks

They’re replacing my machine at work (yeah) … and while I’m busy copiously backing-up everything, I still tought it might be useful to myself, and the faithful who visit this site, to offer some useful usability bookmarks. Not sure why usability is important to your church or charity website? Well, click-n-see:

As you can tell from the blank bullet-points … I’ll update the list from time-to-time today as I delete, reboot and burninate … over and over and over again until the hard drive is copyable.

Posted in Uncategorized

So Many Free Web Hosts, so Little Time!

I thought it might be useful to list some free web hosts. Personally, because I host several sites, I shell out a few bucks a month for what is known as a reseller plan. For those who don’t know, this means I rent a chunk of a server that I can divvy up as I see fit. It’s not that expensive and it makes sense for me, especially when it comes to having Perl modules or PHP libraries installed … that is, since all my eggs are in one basket, I need only load a module or library installed in one place. It’s a consistency / convenience thing.

That said, I can see several reasons for signing up for a free site. One I’m tempted to enlist with is BeigeTower, for 2 reasons. First, because I’ve been thinking of tooling about with Python … second … because it would be nice to have a place I could mirror the Redland site … using the free site for ‘development,’ then porting changes over to the ‘production’ site. I know, it sounds like a pain, but that’s how real programming works.

Zope … how I’d love to spend some time learning Zope … once I get Python under my belt. And what better place to learn and love Zope than FreeZope.org?

Speaking of real programmers. If BSD is your dialect, are comfortable around authors, teachers, students, researchers, hobbyists and
enthusiasts … and have a site that’s into public education, cultural enrichment, scientific research and recreation .. then Super Dimension Fortress is your haven. In other words, this might be a good place for an Apolgetics blog.

I’ve got this project I’m doing for Chuck Holton where we need to convert the huge PHPBB database to VBulletin. This means gobbling up huge amounts of database and associated memory, albiet on a temporary basis until the transfer is made. One way to get around this problem is with Unlimited-SQL, a service which is exactly what it says it is … “free remote mysql database hosting for users all around the world. There is no limit on number of databases you can register,no restrictions on what you install and no space or bandwith limit.” This too might also be a good place to keep a mirror of your precious data.

For those of you more comfortable with the Microsoft IIS solution … or perhaps just wanting to get a bit dirty with .NET, 24by7data.com might be the answer … and if nothing else, appears to have everything a small church web presence needs.

Similarly, if you’re just starting to figure our your church or charity’s web presence, and are thinking along the Linux lines, then perhaps 50 Free or the FreeGuy is more to your liking. Just make sure you read the fine print.

How about you? Got a free web host experience (no advertisements, but experiences)? Good, bad, not sure … leave a comment (not and advertisement).

Posted in Uncategorized

Evansville Museum of Art, History and Science

Late last week, pundit extraordinaire, Joshua Claybourn, mentioned that he was redesigning the website for the Evansville Museum of Art, History and Science. After a quick look at the original via the Internet Archive Wayback Machine, I’d say Josh has graciously provided a significant and much improved start, but there is still work that needs to be done for this worthy charity’s website.

So with Josh’s blessings, here is how I might apply some of Jakob Nielsen’s famous Ten Usability Heuristics to get the Evansville Museum of Art, History and Science website to be all things to all browsers, users and search engines.

First, while I like the simple and familiar banner across the top, menu along the left side, there are several nickel-and-dime issues here that can create a huge debt of confusion on the part of the user. For example, here’s a little tidbit I suspect Josh doesn’t know, that by using the file name “banner.gif” will create confusion for those visitors using conventional ad-blocking software, as ‘banner.gif, .jpg, .png’ are all blocked by default. And since he doesn’t use the ALT argument of the <IMG> tag to identify the image, the name of the site is not known to the visually impaired, those turning-off graphics, and search engines. Like I said, alot of little stuff that adds-up quick.

In fact, every image that is used for navigation should have textual information embedded in both the ALT argument of the <IMG> tag and the TITLE argument of the <A HREF=”…> tag. Doing this lets the user know what they’re looking out, and what is about to happen if they click.

Similarly, there is some confusion with some of the buttons along the left menu, and those placed in the center-left content. Take Exhibitions for example. Why are there two very different buttons to the very same URL? Do they load as two different pages? Two different sites?

Another “where am I” issue is raised by the link to the Evansville Courier and Press RiverCam … Yes, Josh does tell the user what is about to happen in the adjacent text, at least in Mozilla. But it isn’t clear to me what this has to do with the Museum. Is this a webcam sponsored by the museum or used by the museum? As a general rule, outslide links should not be given equal billing with on site highlights.

Speaking of the visibilty of status, I would suggest using the Girl Scout Program page as an example of how the rest of the sub-pages should look and feel. In other words, when I click on the button that says Girl Scout Program I go to a page who’s content is captioned with a bold title that is almost the exact same wording as the button clicked. In other words, make the button plural, or the page header text singular. Consistency goes a long way in helping a user know where they are and what they’re reading. For example, click on the “Migianella Rose” and there is no title on the resulting page. Instead, we must rely on the users recall, rather then giving them something that is quick and easy to recognize.

For all the header titles on all the pages, I would ditch the deprecated <center><b><font size=”+1″>Girl Scout Programs</font></b></center> in favor of something simpler, such as <h2 align=”center”>Girl Scout Programs</h2>. This would make quite a few search engines and browsers really happy.

Oh yes, I would also make sure that the <title> tags of each of the sub pages reads the same or at least similar to each page’s unique header title … again, this is not only reassuring to the reader, but is REALLY TRULY important in the world of search engines.

Once I took care of these important visibility, status and consistency issues, I think I would then do whatever it takes to reduce the load time of the pages. The homepage on a T1 line takes almost eight seconds … almost 50 if you’re dialing-up. On my beefy DSL line, I took about 16 seconds … which is about eight seconds too long if you want repeat visitors.

Perhaps the quickest way to do this is to eliminate any instance where graphics are used to display text. Starting with the scanned image of the schedule on the front page. This is a big no-no! Not only does this 51k monster gobble up valuable bandwidth and download time, this content is prone to change, so why not use an inner table to list this tabular data in fast-loading, easy to read, easy to change text that search engines love? In fact, here is an excellent time to use include files, so you need only edit/upload the small block of the schedule as it changes.

Then I would replace the menu buttons along the left side with text using CSS rollovers. Again, some nickels and dimes in terms of kilobytes, but they all add up to a slow-loading page that is also more difficult to maintain. Doing so would also eliminate the need to place obligatory text links along the bottom of the page … which, by-the-way, should be offered whenever you have graphical navigation for main menu sections.

I would also put some of the images on a diet. IrfanView comes to mind as a free tool that would help with bloated images, such as that for the Koch Planetarium … tough in the case of the Planetarium page, I would again, use <h2 align=”center”>Use a Text Header</h2> tag to let the user know where they are.

Finally, I might take a more blog like approach to the front page … perhaps use that instead of the scanned image of the schedule, not only to announce when, but give some compelling descriptions of what … sorta like what I’m doing on the frontpage for Redland Baptist

Like I said … the new site is head and shoulders better than the old site, but there are some serious usability and accessibility issues that need to be addressed. And though it sounds like alot of work, it really isn’t … but just in case you’re going to donate some time to Josh … here is how I personally would heal the site in 60 minutes:

  1. Replace left menu image rollovers with text/CSS rollovers — probably using an unordered list technique
  2. Make sure all sub-pages have headers atop the content
  3. Make sure all sub-page headers read the same text at the navigation button used to get there
  4. Make sure all title tags read the same as the sub-page headers
  5. Use text for the banner
  6. Replace the scanned image of the schedule with an embedded table
  7. Pick one or two exhibits and feature them with a paragraph each on the front page as the exhibit-of-the-month
  8. Color reduce all images
  9. Make sure all images are identified using the ALT argument
  10. Make sure all graphical hyperlinks are identified using the TITLE argument
  11. Hyperlink the logo in the upper left to return to Home Page
Posted in Uncategorized

Fixing Your(tm) Web Site Using Cheap/Free Tools

“I realize in today’s economy, there isn’t a lot of extra money floating around. Here are some cheap tools you can use to fix your web site.”Vincent Flanders, 14Oct03, WebPageThatSuck.com

As you all know, I owe much of what I know about web site usability to Vincent Flanders, of whom I had the joy of serving as a contributing on his last book, “Son of Web Pages that Suck.”

The other day, while the rest of us were distracted combatting comment spam, Vincent offered a killer list of killer applications preceeded with a simple list of 9 things you can do to keep your web site from winding up as an example on his. Most of these applications are free, or modestly priced … all are easy enough to use that they don’t require advanced degrees in computer science.

About the only tool I found missing from the list is OpenOffice … but it is quite large and does require you know how to install the latest JavaRuntime … so I can see why it didn’t make Father Flanders’ hit parade.

I guess, sometimes the best things in life are indeed free … thanks Vincent!

Posted in Uncategorized

Oh for the love of Strangers … PhiloxeniaWeb

Be not forgetful to entertain strangers: for thereby some have entertained angels unawares. Hebrew 13-2

For those of you who don’t speak pure Greek … philoxenia is the anglicized transliteration of the word filoceniða. A word the Thayer’s and Smith’s Bible Dictionary over at Crosswalk defines as “ love to strangers or hospitality.”

Why the Greek lesson? I was checking my referrer logs last night as I was trying to keep up on the MovableType Comment Spam situation (for which there is now a plug-in solution) when I saw this wonderful word for hospitality as part of a domain name. I followed it, and there they had this site listed as a resource for church web sites. I poked around a bit more, and found discovered that they are a reasonably priced web host that describes itself as:

Discount web hosting for individuals, churches, non-profit organizations and small businesses.

Now I haven’t used their services, but on the surface, their 20%-off the $75-per-year-plan for churches looks like it has just about everything a small to medium sized church needs to create a substantive web presence (that divides into $5 per month for those of you in Rio Linda). It also looks like a good place to set up a blog (e.g. Paratheke.net).

So if you’re looking for an inexpensive web host for your church or charity, I’d suggest giving PhilonexiaWeb a look see. And if you do go with them, make sure you come back to this post and leave a comment either way.

Posted in Uncategorized

A quick look inside my installation bag of tricks

When a plumber visits your house, they often bring with them a part canvas, part leather bag that weighs in and about 50lbs. I know this because my brother is a plumber, and I’ve had ample opportunity to look inside at all the unusual looking tools he carries with him. I also noticed recently that he’s somewhat particular in how he puts the tools back in … not one can neatly align them in such a bag, but he has three or four well-worn tools he puts in last. This is because these are often the tools he uses first.

So if you were to look into my virtual ‘what dean uses to install applications’ toolbag, what might you see along the top? Glad you asked: putty, wget,tar, pico, mysql … usually in that order.

Now I believe I’ve discussed each of these tools (as you can see from the above hyperlinks!-), but don’t think I’ve really ever put it all together to show you what I do to install an application directly onto my web server. Nor do I think I’ve completely explained why I prefer the direct approach.

On the latter, nothing is more frustrating than downloading a file locally, expanding/uncompressing it, editing various files, FTPing it to your web host, only to find that it doesn’t work due to a file or directory that was either uploaded binary when it should have been uploaded ASCII … or requires an additional step of changing the errant item’s file permissions.

Instead, I avoid this hassle by using putty to login to my web server, and from the shell, execute some variant of the following commands

cd $HOME
wget http://www.foo.org/downloads/foo.tar.gz
cd $HOME/tmp
tar -zxvf $HOME/foo.tar.gz
cd $HOME/www
mv $HOME/tmp/foo-version2.0.1 foo
cd foo
pico config.php
mysql -uUSERNAME -pPASSWORD mydbNAME < foo.sql

Now of course, each installation is going to be a little different, for example, you can see that I throw mkdir and chmod into the mix in a past article I wrote entitled “Moving MovableType.

That said (and finally to the ‘former’) the above boilerplate also provides some other unseen advantages. First, you don’t have to have to download the file locally. This is good because it also means you don’t kill bandwidth FTPing each file. This is good because you don’t have to worry about uploading the file in the wrong mode … and you install the files using the permissions defined by the developer.

As always, your mileage may vary … especially in those one or two cases where the individual making the .tar.gz file doesn’t put stuff into it’s own directory … which explains why I put everything in $HOME/tmp first …

Posted in Uncategorized

Jumpstart your site with Layout-o-Matic

Okay, for you weekend warriors coding-up a storm for your new church or charity website, here’s a cool tool that’ll help you get a jump on the layout … the InkNoise Layout-o-Matic.

It’s so easy … you select a layout type, width, and other options to the left, and then click … then you can either view or download the code.

From what I’ve seen, and what they claim on their site, the Layout-o-Matic will render a layout that is compatible across a variety of non 4.x browsers.

Of course, this also means you now have no excuse for not going tableless!-)

Posted in Uncategorized

Watchfire WebXACT

Ever wonder how valid, accessible and secure your church web site really is? Wonder no longer wit the Watchfire WebXACT … a free online service that lets you test single pages of web content for quality, accessibility, and privacy issues.

Just do me one favor. I realize I encourage yanking the plank outta my own eye, but trust me … I’ve already run my own pages/sites through this beast … please, respect my bandwidth and run them against YOURs.

How can you say to your brother, ‘Brother, let me take out the speck that is in your eye,’ when you yourself do not see the log that is in your own eye? You hypocrite, first take the log out of your own eye, and then you will see clearly to take out the speck that is in your brother’s eye. – Luke 6:42
Posted in Uncategorized