Advice for online shoppers
If you do it correctly, shopping online is becoming more and more secure as serious credit card issuers now require that you use a pin code when you shop online. That means that if your credit card is stolen, your pin code also has to be stolen to be used for online shopping.
If your credit card number or other identity information was stolen, our first question is: Which web browser did you use?You may tell us that your computer was infected, your credit card number was stolen or your bank account hacked. If your credit card number or other identity information was stolen, our first question is: Which web browser did you use? For that reason we also recommend using the Norwegian Opera Web browser when you surf and browse. It is especially important to use that browser when you shop online for the following reasons:
- It has an extra security layer. You can set your own master password.
- It can warn you about old outdated SSL sertificatees where other browsers are silent. You shop on such a site on your own responsibility.
- Opera is fast to upgrade its browser to meet better standards. It is very easy to upgrade to a new version
- It is very easy to turn off JavaScript by hitting F12 and and uncheck the JavaScript box. Don't shop on a site that forces you to use JavaScript, even if it is on a secure server HTTPS. Here is an example for the tech freak: No love for the module pattern?
- Opera is a W3C DOM compliant browser. Test your browser here
- There are few third party plugins. You shall never use a browser with third party plugins and / or toolbars if you are concerned about security. You should at least not use it on a browser you use for your online shopping.
- Opera is not automatically installed on the computer you buy. For that reason the browser is less known and scam, malware and hacker targeted than other browsers.
- Read this WPW thread about the same subject.
Advice for the surfer
To repeat what we wrote in the introduction above:
Every day, so many new sites and pages are put on the world wide web, that you will not be able to browse and read this information to the rest of your life. Even if you are young today, and become 100 years old you will not be able to read the headlines. Think of that for a moment.That means that you have to be very focused in your web browsing and surfing. When linking out to an external page or site, we have tried to avoid sites with bad behavior (in professional language, bad redirects, bad pop ups, sites starting automatic downloads of software, pages with suspect messages that you are a winner, pages with ActiveX controls, scripts and other code that can infect and in the worst case destroy your computer).
You can dramatically improve your surfing / browsing experiences if you use Opera and some of the advices listed below. Our preferred browser for the surfer is the Opera webbrowser. If you use it, here are some hints to improve your surfing experience:
- Use a seamless home page.
- This page is good on large screens (tiling) and / or on multiple screens (cascading) .
- Install your own toolbar (View + Toolbars + Personal Bar). You simply drag the preferred URL's to your personal toolbar.
- Use "panels" (View + Toolbars + Panels). They can be (un)hidden by a mouse click.
- Use the "Wand" icon on the address bar / alternatively (CTRL + Enter) on the page - if the password is saved - to log into a site or a web application.
- Use "speed" dial to add favourite web pages.
- Choose your search engine in the upper right corner.
- Let us say that you use two browsers, Opera for online shopping because of security and the open source fast minimalistic Google chrome browser for surfing. When you have finished shopping using Opera, you can continue with Chrome by right clicking the page in Opera and select open with and then Google Chrome from the menu.
- Tiling pages on large screens and cascading them on multiple screens by dragging the page to the preferred screen(s).
- Note the icon to the right of the search field in the upper right corner.
- Click this icon that (de)activates an addtional toolbar with a page search field to the left and the author mode pane.
- Author mode has an accessibility layout for disabled people.
- Dev.Opera for webmasters. Note the forums tab.
- Join the Opera community.
- Try Opera Mobile on mobile devices.
- Opera Unite
- Opera Unite HowTo's
- For security reasons, don't rely on third party plugins or toolbars.
- Add an "Opera master password" for extra security when logging into your bank account.
- This is a short list. There are much more to learn like Opera Widgets and devices and
- writing opera:config in the browsers address field and hit enter.
Authentication using OpenID.
OpneID is a decentralized authentication system. It is a free and easy way to use a single digital identity across the internet. You will have only one username, and you will carry your identity with you across the web and your identity is secure. More precisely:
OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience. You get to choose the OpenID Provider that best meets your needs and most importantly that you trust. At the same time, your OpenID can stay with you, no matter which Provider you move to. And best of all, the OpenID technology is not proprietary and is completely free.
The OpenID Foundation (OIDF) was formed in June 2007 to help promote, protect and enable the OpenID technologies and community. February 7th, 2008 OIDF announced that Google, IBM, Microsoft, VeriSign and Yahoo have joined the board.
Today’s announcement marks a milestone in the maturity and impact that the OpenID community has had. While the OpenID Foundation serves a stewardship role around the community’s intellectual property, the Foundation’s board itself does not make any decisions about the specifications the community is collaboratively building.In the beginning of 2008 there are 250 million OpenIDs and over 10 000 websites to accept them. The First OpenIDDevCamp was a Success and a sponsor Vidoop has the following message on their website in early 2008:
Passwords are the weakest link in online security. They can be guessed or stolen with surprising ease, manipulated and abused by computer programs, and revealed by unwitting users. So let's get rid of them. And while we're at it, let's turn the login into a profit center.How do I get an OpenID? You may already have one. Vidoop implements Vidoop Securing using OpenID. There are a lot of great guides and resources to getting started with OpenID:
- plaxo
- A Recipe for OpenID-Enabling Your Site
- Intertwingly
- OpenID for non-SuperUsers
- Libraries
- for implementing an OpenID Identity Server and Consumer.
- phpMyID
- decentralized, free framework for user-centric digital identity, that acts as an "identity provider" so you can log in to OpenID enabled sites.
On Simon Willison's weblog you sign in with OpenID. That is a good blog with a lot of resources. He also wrote an important article at SitePoint, Closures and executing JavaScript on page load, that at is a natural continuation to the next story.
Advice for webmasters, especially those who want to set up a new site.
First, there are much more available to webmasters than browsers and search engines.
Become beta tester for the next version of Opera
Kevin Yank, describes three layers of the web, content (markup), presentation (styling) and behavior, JavaScript. These three layers shall be kept separate (example CSS and Js files). They come in addition to the security layer mentioned above, so all in all, we can say that there are four layers of the web, a content, presentation, behavior and security layer.Everything on the web is about semantics
- Semantic content
- Semantic markup / tagging
- Semantic linking. For that reason, avoid broken links on your site. Set up a 404 error page from the beginning. Turn broken links to an advantage.
Note that Web Science Research Initiative (WSRI) tries to create a science of the web. Also note that webstandards are set at The World Wide Web Consortium (W3C) and that there are canonical issues related to how search engines index your site that is very important for the visability of your site. Much traffic (e. g. for an ecommerce site, that means customers) can be lost by chaning the structure of your site. Broken links, give a bad impression. In short, that is about your ePropery, your brand and your business. Cool URIs don't change. Years of hard work can be lost in seconds by introducing a broken link. There is a solution, redirection. But that can also be done in a bad manner. In our view a broken link is better than a redirection to a site / page with different or unrelated content to the original site / page. You risk being reported as a spammer and in the worst case a scammer. It is of utmost importance that you give the surfer or online shopper a good experience and (s)he will bookmark, index and remember your site and return. It is also important that you make your site accessible. If you intend to cover the global market, also note that a lot of surfers use mobile devices and shop online by cellphones or other mobile devices. If you intend to cover this market, also make your site available for mobile devices from the very beginning. If you use CSS stylesheets, that can be solved by using a separate stylesheet. So you can use one stylesheet for:
- standardard,
- accessible and
- mobile
surfers.
Good and bad bots will visit your site. CAPTCHA is a type of challenge-response test used in computing to determine that the user is not run by a computer. There are tools to help you identify bots that crawl and visit your site. You can make spider traps and set up a crawl wall. Your complete website may be downloaded and copied in seconds. There are methods to prevent downloading your web site and you can track down a spammer. If you follow the advice below when you start your online web business, design a new site or redesign an old, you may save yourself days, weeks and (if the site grows enough) months of trouble.
- Order the domain name through a reliable hoster, preferably in your own country that you can drive and complain to if something is wrong. Handle the domain name services, DNS yourself by that hoster or "registrar". Check that it is a possible option with your hoster in case that is not your local registrar. That may save you time and irritation. Dealing with someone that has their DNS set to my IP. Is that possible and how do you know if a competitor is using Negative SEO against your site? Here is a good site to study if you have problems, namely Lori's web design and website evaluations.
- If the above hoster is relatively expensive (it may be expensive to buy cheap), find a reliable hoster where you want most traffic. That may be in another country. Check which tools and software he offers and how fast he upgrades to new versions of e.g. PHP and MySQL. Does he offer Linux hosting if that is what you want or Windows hosting if that is your preferred option? Is he able to set up an Oracle database server if you think you may need that in the future? How much will that cost?
- Be very careful when you embed code from a third party in your site. Use serious affiliate providers. When you embed digital service code into your site, you do not know what that code does. We talk from experience and have experienced that banners change format, text and colors. We have experienced that services delivered via JavaScript plugins stop working. That may imply that the content on your site is no longer meaningful or semantic. In the worst case malicious code may slow or make your site unavailable to the surfer. If you embed or cut and paste code, be sure that you understand that code.
- The security layer. Start by building a firewall around your site if you are on an Apache server using the configuration file .htaccess. By denying IP (regions)'s access to your site in .htaccess, you can set up an informal extranet (that is a network for your customers). Do that before you
start uploading content and code. You can also speed up sites with htaccess Caching. This ultimate htaccess article may be valuable reading. When you are working on a new site, you may want to restrict access to your own IP address, so no other can view your site. This is easily done by putting the
following lines in your .htaccess file:
order deny,allow
deny from all
allow from yourIP
Then it is easy to add friends to that list by allowing their IP's. There are some related resources that is valuable if you want to block IP regions:- DNSstuff
- Use CIDR/Netmask to look up Ip regions related to an Ip that can be allowed or blocked as above.
- Use IP Range Lookup to block a country
- Look up Ip regions related to one or more countries that can be blocked or allowed in the same way.
- MaxMind
- Geolocation technology etc.
- You can also use whitelisting. I use that technique on my forum. Whitelisting imply that you start with a
trusted IP list that you allow access.
- This has clear advantages for companies with limited resources.
- If your site gets bandwith problems, the same technique can be used to concentrate traffic from the most important IP-regions.
- It is fast and efficient to comment out a blocked region in .htaccess with the # operator.
- If problems return, you remove the # operator for the allowed region.
- In the last line, you can allow the whole world access. If you go on holiday, or you have more important tasks to do than look after your forum, you comment out that line. This way, you don't return from holiday with your forum full of spam posts.
- We can call this hiearchical security. Very efficient and fast.
- Cross-site scripting (XSS) can be avoided using the same origin policy. Also study the related topics under the heading related vulnerabilities in the first Wikipedia article. So if you want to start your own web business, much time and frustration can be avoided by getting a firm understanding on security. I got a lot of spam signup's on my own forum, ForumNorway. After I have used .htaccess to allow access, I have not had a single spammer signing up. My bad experience with that forum was. You give away free information to the world and what you get back is noise, an infected database, irritation and extra work to clean the database.
- Stay updated on security and visit sites like
- Make your site user friendly and
accessible. Separate content from
design and coding. In his book,
"The principles of beautiful web design", Jason
Beaird says it like this:
"Good design is about the relationship between the elements involved, and creating a balance between them."
Make it simple, as simple as possible but no simpler. Validate and test your site with tools that you find on the " Quality Contro l" page of MultiFinanceIT. Here are some important related links: - The JavaScript Ultimate Reference
- Web-developer's handbook
- UITest.com: Web Development Tools
- Webmaster Toolkit
- Web design references
- XHTML 2.0: MIME Types
- MSDN Library
- MSDN Library: HTML and DHTML Reference
- MSDN Library: DHTML Objects
- MSDN Library: DHTML attributes / Properties
- MSDN Library: HTML and CSS
- Sending XHTML as text/html Considered Harmful
- Elements and Attributes in HTML 5
- Wellstyled
- Reduce to "safe" colors (Embolus)
- Hexadecimal Color Codes for HTML
- HTML and CSS Tutorials
- Cascading Style Sheets And Accessibility
- CSS Destroyed My Rankings. Is that possible?
- Validator w3. Is validation important for SEO?
- Unraveled
- Optimizing Page Load Time
- Improving website conversion
- Web Helping Hand
- Favicon
- users that don't have JavaScript-enabled browsers
- users that browse without using a mouse
- users that browse using a screen reader."
Source: SitePoint Tech Times 09. feb, 2007: #158 - Avoiding Evil JavaScript. - Use site-wide stylesheets. That is, use CSS and separate design from content by putting the styles in separate files that you may share across your complete site. Remember, journalists and authors write content, designers design and programmers program. Different persons may have a comparative edge on these three skills. In addition, digital branding and web advertising may be the most important element in your overall web business. Today you can set up a simple site in less than an hour. Bringing traffic to your site may be the most difficult part and you may need to hire a specialist. It is a good SEO (see below) advice to separate content, styling and code
in different files. That makes the job easier for the SE bots, your site is easier to modify and refactor.
You may even do more specific
SEO with robots.txt, by directing the bots to specific parts of your pages.
In a minimalistic language, we can say the an HTML site pluss an HTML browser is a web 1.0 site. Often a static web 1.0 site is all you need for your business, so you can stop reading here.
If you want a dynamic database driven site and / or a web 2.0 (application) site, as a minimum defined as an XML powered site plus an XML browser, you should continue reading. You may even need a 3-D site like Second life. Three dimensional sites and grid search in 3D may be the start of Web 3.0. AVForums, UK's biggest and best home cinema discussion forums and audio visual home consumer electronics resource can be a good place to start if you want to build a 3D site or an online cinema or puppet theatre site. -
Think ahead. Do you need a static ad site for your company or do you need a larger dynamic database driven site?
PHP and MySQL are good enough even for many large company sites. The top of laziness is to do everything correct
from the very start. Read what Matt Zandstra writes in his book, "PHP Objects, Patterns and Practice" about being
too fast:
"The problem is that PHP is just too easy. It tempts you to try out your ideas, and flatters you with good results. You write much of your code straight into your Web pages, because PHP is designed to support that. You add the heavier code to functions in library files, and before you know it you have a working Web application. You are well on your way to ruin. You don't realize this, of course, because your site looks fantastic. It performs well, your clients are happy, and your users are spending money."
That means that if you think of efficiency and code reuse etc. you ought to learn design patterns and object oriented programming. - ASP (Active Server Pages) is a server language. ASP and .NET are an integrated development environment (IDE) supplied by Microsoft. PHP is a server scripting language that is now developing into a true object oriented language. JavaScript is the best know browser scripting language. The difference is that JavaScript is interpreted by the browser, while PHP is interpreted by the web server. That makes a browser script more dynamic than a server script like PHP, while PHP is more dynamic at run time than a compiled language like C#. AJAX ("Asynchronous JAvascript + Xml) is in a sense an extension of JavaScript. AJAX is minimalism and efficiency in practice. The AJAX engine that is driven by the XMLHttpRequest Object does some of the processing and minimalizes the communication with the web server. AJAX integrates nicely with PHP and ASP. The search engines may have problems indexing AJAX pages / sites, since they are not unique. "Which Server-Side Language Is Right For You?" may help you decide which server-side language to use on your site. There is also important information on the hidden part of ForumNorway in the "Web Services, Hosted Applications and AJAX sub forum". Because of spammers and spam Bots, you have to sign up as a member before you can read posts in that part of the forum. Please, read the forum rules before you post. We use the following overall principle. Put the job on forum members that can not read and follow the forum rules and minimize our own efforts. Unless we could end up editing posts and argument with forum members about things that could have been avoided by reading and following the rules.
- XML can be used to standardize data description, publishing, data storage and retrieval and distributed computing. An XML document must be well formed. The XML family have the following related technologies where some important sites are listed, too.
- Clean up your Web pages with HTML TIDY
- CSS
- DOM
- PHP XML Parser Functions
- PHP DOM XML Functions
- EXSLT a community initiative to provide extensions to XSLT
- Introduction to libiconv
- Regular-expressions
- Regular expressions in JavaScript
- Using Regular Expressions in PHP
- CXX. Regular Expression
- XInclude Processing in XSLT
- RELAX NG Specification
- Flux CMS Wiki
- Beware of XHTML
- XML.org
- XMLsoft.org
- DocBook
- RELAX NG
- STYLUS Studio
- If you need to change hoster, upload the code to a new hoster, that allows you to handle the DNS settings yourself, and change the DNS to that of the new hoster. When the site is up and running at the new hoster, delete the code at the old one.
- It is much easier to get a site up and running than getting it known and visited by the SE bots. Bringing traffic to a site is a never ending Marathon race where competition is fierce. There is a never ending intensive competition among webmasters to get the best position on the SERP's (Search Engine Result Pages). This competition is named SEO (Search Engine Optimization). There is an alternative, paid advertising named PPC (pay per click) where Google AdWords are the best known. That is an electronic auction where the highest bid for a key word or some key words, get the best position. If you are always at the top of Google ad words, you pay too much for your key words. You can also sign up by an affiliate provider like TradeDoubler, Commision Junction or LinkShare. There are many. SEM (Search Engine Marketing) is another element in web marketing. This is an art, science and profession. You find most of the tools you need starting in the upper right corner of DigitalPunkt.
- My favorite development tool is Borland C++ Builder and my favorite database platform is Oracle, that is in the front on grid computing and secure enterprise search. You do not need that to develop simple and even advanced web sites. But it sets a standard and as Web Services and hosted applications increase in number and popularity, you may need it in the future if you need real horse power. Nobody would compare a Porsche carrera gt to a Volkswagen. It has been said that C++ is the next generation assembler. I once wrote letters with Andrew Koenig, the project Editor of the C++ Standards committee. I think it was him that wrote in a letter that life is too short to program in assembler, and then he meant assembler and not C++. But today, C++ may be the de facto assembler, and life is not too short to learn and program in C++. That is also the first processor independent "assembler." I personally view C# and Java as simplified C++. May be BETA and distributed object computing are the next wave. It is generally too early to know the future.
Remember that Bad JavaScript is worse than no JavaScript at all, because it can prevent some users from accessing your site. Firebug is a tool that integrates with Firefox that puts a wealth of web development tools at your fingertips and help you understand and debug JavaScript code. There is also another tool, Chickenfoot. In an article, Simply JavaScript: The Three Layers of the Web, Kevin Yank, describes three layers of the web, content (markup), presentation (styling) and behavior, JavaScript. These three layers shall be kept separate (example CSS and Js files). They come in addition to the security layer mentioned above, so all in all, we can say that there are four layers of the web, a content, presentation, behavior and security layer. Sitepoints main DHTML Tutorials menu is especially important for those that want to stay updated on DOM building. Note that DOM is a platform and language neutral interface designed to work on XML documents. Since (X)HTML is an XML dialect, DOM is especially suited for XML driven sites. DOM describes a document as a set of objects and that means that JavaScript can see the DOM objects. There are W3C DOM compliant browsers and browsers that implement it in their own way. Scott Andrew LePera has written a good article, Crossbrowser DOM Scripting: Event Handlers that you can implement in your own site to overcome these inconsistencies. Christian Heilmann has written an article, From DHTML to DOM scripting that will update you on the new DOM model and DOM building. You find a lot of resources on his site that is well worth studying.
" There are at least three groups of people that you need to look out for when adding JavaScript to the mix, and I've listed them here in order of increasing difficulty:
Note: Sometimes it may be expensive to buy cheap. We use Adobe (former Macromedia) Dreamweaver as our preferred HTML editor. But Dreamweaver is much more than a HTML editor. It is an complete IDE (Integrated Development Environment) and it has its own inbuilt validators on the file menu like an XML validator. This checks for welformedness if the document has no
DTD, and for welformedness and validity if a DTD is specified.
- Accessibility
- Links
- Target Browser
- Validate Markup
- Validate as XML.