The new look for 2006

I update the look of the Technology Corner website each January. My goal, each year, is to make the site a little more usable and a little less garish. Sometimes I succeed. In selecting colors this year, I decided to go with a bit softer look that uses analogous colors and includes the complement of the primary color. If you want to know what that means in plain English, you'll need to talk with my designer daughter. For advice this year, I used the Well Styled website, which has lots of recommendations for colors that work together.

Back in December, I talked about creating websites that are at least generally compliant with the XHTML Transitional specification, so I told Macromedia Dreamweaver 8, the latest version, to abide by the standards and the first thing I discovered was that I'd created a "background" option for some table cells and that XHTML doesn't allow this. Fortunately the background was used in only 3 cells and it was easy to change the "background" to a "bgcolor". That eliminated all errors in the template.

You'll see these colors in the website. The upper left square shows the background and the key colors used in the site. The headline and subhead colors are shown in the upper right and lower left squares. Accent colors are in the lower right.

Another significant change this year is the cat rating scale. I decided that a 1-to-10 scale was too complicated, so I've reduced the scale to 1-to-5 with an option for 0 cats if the product is particularly malodorous.

The "back" button will always work.

This year I've spent some time looking at website usability and accessibility information. Previously, when I've linked to vendors' websites, those links have opened a new browser window. That's not a good idea in general because it means that the user must close the new browser instance to get back to the original page. This is an inconvenience for sighted visitors, but it's a serious problem for blind or vision-limited visitors. Because all current browsers have keystrokes that allow the user to specify that a new page should open in a new tab or a new window, I'll code all links so that they open in the current window. This change applies only to pages created after January 1, 2006, so you'll still find the old styles in use for pages created previously.

See the new menu at the top of the page.

I used Xara's Menu Maker to create the menu that appears at the top of this page. Because the menu uses Javascript and because some users turn off Javascript, I created a duplicate menu at the bottom of the page.

My initial thought in developing the menu was to create something that looked like Apple's file tabs at www.apple.com, but I decided not to steal the entire concept.

Anyone who's been to Apple's website will recognize the inspiration for the menu, but the look and feel is specific to this site. (And any other site that has used the Menu Maker program from Xara.)

Dreamweaver helps maintain the standards.

Dreamweaver has been my tool of choice for website development since version 2 of the application. Macromedia's goal has been to create clean, standards-compliant HTML and the company has generally met its goal. Now that Macromedia is part of the Adobe community, I suspect that the applications will continue to be the ones by which others are judged.

The interface has become increasingly complicated, but so has the HTML specification.

In the simplest possible terms: There is no better way to create clean, accurate HTML that complies with W3C standards than to use Dreamweaver 8.

Comments?

Let me know what you think of the new look. Do the colors work for you? What about the decision to open all links in the same page? To send a comment, click here.

Dreamweaver is the website development application that's used by most website development professionals. I use it, too. You can't argue with this kind of success.

Twenty four hours of spam

Shortly before the end of 2005, I thought I'd take a close look at spam. I wanted to see how many spams came my way, how much duplication there was, how many were actually delivered to my e-mail program, and whether any of the spams eluded my anti-spam system. Although spammers throw a lot of crud at my wall, little or none of it sticks.

My test started at 9:30 on Wednesday, 28 December, and ended at 9:30 the following morning. The test included several e-mail accounts at blinn.com and my 610tech.net account. Messages to approximately 50 virtual accounts forward to two addresses at blinn.com. The two collector accounts are filtered on the server by SpamAssassin and then pass through through a filter at GoodByeSpam.com before coming to my computer, where they're examined by K9 and AVG Antivirus.

• SpamAssassin uses my whitelists and blacklists as well as its own analysis that gives each incoming message a certain number of points. The more points the message gets, the more likely it's spam.
• GoodByeSpam.com uses by whitelists and blacklists for addresses, domains, and specific words and phrases. Messages to my 610tech.net account skip this step, so more of them are tagged by K9 and filtered by my e-mail program.
• Messages that are approved by SpamAssassin and GoodByeSpam come to my computer and are examined by K9, which uses a Bayesian analysis to evaluate the header and content of incoming e-mail.
• And finally, all messages are scanned by AVG Antivirus, which operates as a plug-in for The Bat. Occasionally, infected messages get through all the spam filters, but are killed by AVG. Any infected messages are terminated with extreme prejudice and I never see them.
• I use The Bat's filters to mark any suspected spam messages that get this far as "read" and toss them into a special folder that I examine occasionally.

In a 24-hour period ...

• Spams marked as spam by SpamAssassin: 161.
• Additional spams quarantined by GoodByeSpam: 11.
• Spams that got through to my e-mail program: 6. Most are to the 610tech.net address
• Spams that reached by in-box: 0.
• False positives (real messages identified as spams by any process): 0.
• Infected messages discarded by AVG: Unknown.

Spam used to be a major annoyance

As recently as a couple of years ago, spam was a significant problem for me, but technology is beginning to win the battle. Two or three times a day I examine "Trash" at GoodByeSpam. Because these messages are already assumed to be spam, it takes me less than a second per message on average to decide whether it's something I should look at. About as often, I examine K9's log and The Bat's spam folder. Instead of spending an hour or more per day dealing with spam, I now spend less than 10 minutes.

I still resent having to take the time to examine the trash, but at least it's manageable.

As for what spammers sent me in 24 hours at the end of December, here's what I found:

A little analysis.

What are the spammer creeps sending me? I'll start by sorting these messages to eliminate the duplicates, then I'll take a look at the individual messages to see if the goal is to sell me something I don't want, to convince me to provide information that should be confidential, or to click a link that will install an application that will turn my computer into a zombie. Here is a closer look ...

The WMF disaster

During the holidays, I sent a special warning about a critical security issue: It's a security that affects all Windows computers, whether security patches are in place or not and it involves Windows meta file (WMF) documents.

Windows meta file (WMF) is a format used for some graphics. I've never quite understood why anyone uses the format because other formats exist with similar or better functionality, but if Microsoft builds it, people will use it. Now there's a flaw that allows WMF files to be a vector for viruses.

Sunbelt Software says that any application that automatically displays a WMF image will transmit the virus. This includes older versions of Firefox, current versions of Opera, Outlook, and all current versions of Internet Explorer on all Windows versions.

It's being called a "zero-day exploit" -- the kind of attack that can go from zero to widespread instantly. Simply put: You can get infected by simply viewing an infected WMF image.

Google's Desktop application tries to index image files and, in the process, executes the virus code. According to F-Secure, other desktop search engines probably have the same flaw. Security experts are recommending that automatic indexing on media files be disabled or that users remove Google Desktop from their computers.

The attack is simple enough. It tricks people into opening malicious files in the Windows Picture and Fax Viewer, but it also works if a user visits a rogue site with Internet Explorer or any other browser with the flaw. No user action is required, except to visit the rogue site in the first place.

Until somebody develops security measures to address this problem, you are the only defense. Never follow a link in a spam. Be cautious about following links from or to websites you're not familiar with.

Panda Labs has identified these sites as some of the locations from which the infected files are being spread. This is certainly not a complete list:

toolbarbiz.biz
toolbarsite.biz
toolbartraff.biz
toolbarurl.biz
buytoolbar.biz
buytraff.biz
iframebiz.biz
iframecash.biz
iframesite.biz
iframetraff.biz
iframeurl.biz

Panda Software claims to detect and block exploits that try to take advantage of this vulnerability and offers its free, online anti-malware solution, Panda ActiveScan: http://www.pandasoftware.com/home/default.asp. (If you have any question about the validity of the link, type it yourself instead of clicking!)

Be safe and keep your computer healthy.

Many users found an automatic update ready to install Friday morning: "A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer."

If you haven't yet installed this security update, now is the time to do so.

Nerdly News

Top 10 spam lines according to AOL

1) Donald Trump Wants You - Please Respond
2) Double Standards New Product - Penis Patch
3) Body Wrap: Lose 6-20 inches in one hour
4) Get an Apple iPod Nano, PS3 or Xbox 360 for Free
5) It's Lisa, I must have sent you to the wrong site
6) Breaking Stock News** Small Cap Issue Poised to Triple
7) Thank you for your business. Shipment notification [77FD87]
8) [IMPORTANT] Your Mortgage Application is Ready
9) Thank you: Your $199 Rolex Special Included
10) Online Prescriptions Made Easy

And I add an 11th: RU Stoopid R Whut?

If you believe that Donald Trump wants you, that you can lose 6 to 20 inches (where? of what?) in an hour, that somebody is sending you a stock tip that will triple your money in an hour, or that somebody wants to give you any current trendy electronic device for free, then you deserve anything you get when you open the spam.

According to AOL postmaster Charles Stiles (quoted on IT Vibe), "Spammers have been on a year-long mission to mislead and deceive in 2005. While the volume of spam reaching AOL email in-boxes has remained at low levels compared to it's height in late 2003, the spam that's out there is more insidious, crafty, devious, and dangerous than ever. So when it comes to protecting your in box, consumers should adopt a 'code red' mentality for 2006, because ultimately their personal identity is at stake."

AOL alone blocks an average of 1.5 billion spam messages every day. That's more than half a trillion messages per year for just one (admittedly large) ISP. AOL says it blocks about 80% of the spams it receives, but that still leaves 20% getting through.

Have you installed the secret MSN Messenger beta?

If you have, you're in trouble. Toward the end of December, a "leaked" copy of the MSN Messenger started showing up. Trouble is, it's not beta software and it's not from Microsoft. It's an application that will turn your computer into a zombie.

MSN Messenger 8 is in beta, true, but it's a closed beta. If you want the latest version of Microsoft's Messenger program, wait for Microsoft to release it. The current bogus application is a virus.

If you download it from a site that claims to have a leaked version, you'll be infected. And if that happens, others who connect to your copy of MSN Messenger will also be infected. Nice, eh? If you don't explicitly trust someone, why would you accept software from them? This is one of life's mysteries.

Annoying legal disclaimer

My attorney says I really need to say this: The Technology Corner website is for informational purposes only. Neither Joe nor I assume any responsibility for its accuracy, although we do our best. The information is subject to change without notice. Any actions you take based on information from the radio program or from this website are entirely at your own risk. Products and services are mentioned for informational purposes only and their various trademarks and service marks are the property of their respective owners. Technology Corner cannot provide technical support for products or services mentioned on the air or on the website.