March 2007 Entries



OpenID - More thought - Great system if..

I was thinking a bit more on the OpenID and Cardspace issues. OpenID seems like it would be the better of the two in that it is truly open and everyone can use it regardless of platform and technology.  Also, it does not have the "Microsoft" label attached to it, so it is more likely to be accepted by those that do not like Microsoft for one reason or another.

So, what could take OpenID from a possible death march to become the great system it was designed to become?  Opps, "death march"?  Yeah, it does not seem to have the umph it should for how long it has been around.  If it were firmly embraced by the tech world, we would already be using it to sign into systems such as Google, eBay, Amazon, ect or at least have the opportunity use it.  More on this in a minute.

I think the first problem with OpenID is the suggested lack of security, the system is open to phishing attacks, which it clearly is and probably will be if not already.  With the current state of OpenID, it is quite possible for a site to open up that would redirect you to their cloned OpenID server that would look exactly like your OpenID server (if you use any of the popular public servers).  Those not really paying attention, could cause them to use their login and password at the site, opening the user's vault of sites to the hackers.  This is not good and would surely happen at some point.  People seem to be easy to trick or we would not receive so many Nigerian email scams along with all the phishing problems in email.

The solution is really quite simple and should be required in the standards along with being adopted immediately by all OpenID servers.  Simply require a person to be logged into their OpenID server prior to visiting a site where they use their ID or that they will be required to use a direct link (from their system/bookmarks/etc) to sign into the site and not allow someone to sign in from a redirected session from the target site.  This will kill every phishing scheme from the web instantly.

While forcing people to sign in directly or (my favorite) to be signed in before the visit sites, may make things not quite as smooth as some would like, it would solve the only security issue and fully open the door to OpenID.  This added step may not be too rough though, as I am sure there will be plenty of utilities come out that you run on your computer to keep you signed into your server.  Additionally, all major browsers would probably add this ability or at least have add-ons for it.  This is a required step if OpenID is to be fully trusted. Everyone needs to remember, there are a lot of people that do not pay attention while hopping from site to site, and there would surely be many that are duped out of their accounts, giving a bad name to OpenID.

The next step is the software, which needs to be improved.  For example,  Windows ASP.NET sites need libraries that can easily provide full OpenID consumer/server functionality in at least VB.NET or C#, which are the most popular languages on the .NET platform.  These same libraries could also be used on the Linux/Mono platform giving them even wider deployment.  All major platforms should have libraries and plenty of examples on how to implement all levels of OpenID.  In addition, all these libraries need to be BSD license so that anyone can use any part without restriction! 

The final step is to push the largest sites to use OpenID or at least to offer it as an optional sign in system.  I know the push is for open source projects and that is all good, but one large fish such as Google, eBay, Amazon, Yahoo, MySpace, etc. would help move OpenID into prime time.  At the very least, a lot of publicity should go into shaming these large companies into using the free and open OpenID.  This is not only good for OpenID, but these large companies will save big time in the long run without having to maintain password information and all the issues that go with it such as lost or stolen passwords, not to mention that the can be assured that the person logging into their system is the one that created the account.  If OpenID was not open to phishing schemes, I would have it as the exclusive login system on my sites.  For the most part, this eliminates the ability for others to hack someone's account unless they have breached the OpenID servers.

To sum it up, OpenID standards need to require a fix for the security issue,  the OpenID community needs to provide better BSD licensed libraries and all should focus on obtaining a few big fish (which a lot of OpenID users to help out in putting pressure on big fish).  This will make OpenID a great system and one that could change the face how the net is used!

The first step is to get the OpenID standards to include the requirement for an anti-phishing scheme login!

posted @ Sunday, March 25, 2007 9:22 AM | Feedback (2) | Filed Under: Misc   ** All Categories  



Need help on Skins and Containers for DNN

Over the last two weeks, I have learnt a bit about developing skins for DNN (DotNetNuke).  My first lesson was the fragility of tableless skins.  The first five days of my journey was devoted primarily to designing layouts under XHTML Strict and found that there are current a couple bugs in DNN for this doctype along with the typical limitations of CSS as implemented in the latest browsers.  One of the primary issues is allowing for overflowing content, which can happen at times.  The only solution that is durable enough for general use is the old method of table layouts, as it is elastic enough to handle overflowing content issues and seems to be the best method at this time, with the current standing of browsers and CSS.  This limitation is not due to DNN nor how it functions, it is due to CSS standards and how they are currently handled in browsers of today.

Onto containers, which I have looked at both as a tableless and table type layout and have come to the same conclusion, it works best with the current menu system in DNN modules to use tables.  With that in mind, it is trivial to setup my first series of containers.  The problem comes in when you want to make some slight variation. 

For example:

My first series is of a plain block type.  Easy, now I want them in 15-20 colors, so now I am at 15-20 containers.  The next series are containers that provide rounded corners and of those, I want slight variations such as:

  • All corners rounded
  • Left side corners rounded but right side not
  • Right side corners rounded but left side not
  • Top corners rounded but bottom ones not
  • Bottom corners rounded by top ones not
  • Diagonal from top left to bottom right rounded and not others
  • Diagonal from top right to bottom left rounded and not others

That gives me six more containers, but I would like one in each color like series one.  This gives me a total of 160 containers to basically have two key styles or at the most eight styles if each corner combination is counted as a style.

Now, I want to offer each container with a shadow effect, a beveled inset effect and a few others.  With just two effects, I am over 600 containers.  After just a bit of work, I could see thousands of containers which would take forever for users (those laying out the sites) to choose.

Recently, I posted a suggestion for the addition of a Skin Configuration Manager, where a simple XML file would allow the designer to expose a series of values that the person laying out the site could use to customize the skin without touching the file.  The same principle could apply to containers, where the designer could expose a series of options the user could adjust on a per portal, per page or per module instance without the need for different versions of the container. 

For example, those 20 different color containers could be one container with an option to change the color on up to a per instance basis.  That instantly takes the drops the count of containers in the example above, from 160 versions down to only a eight.

Since there may be many module instances using a specific container on a page, the custom settings for the specific container would need to be fed to the page as a style dependant on that module instance.  At page level, DNN could create a single style class for multiple containers on the page to use.  On portal level, it might even create a dynamic style sheet to include (same could be used on page level).

While DNN does provide a lot of skinning ability, it would make life much easier on both the designer of skins and containers and those who layout sites, if there were a method to configure skins and containers.  Mostly of the time, the basic idea of a configuration manager for the skin and container could use the same functionality.  Maybe down the road, people may require more ability such as a configuration module for a skin or container, but for the most part the generate skin and container configuration should work.

Here is the suggestion for a new feature I made:

One of the problems designing skins is the number of skins you need to create for various themes of a specific skin. It would be great if there were a method to allow the admin to change various settings of a skin at a of a page/portal level, thus drastically reducing the number of skins in a pack. Not only can it require many different versions of a skin, it can also be a headache to document all the features the admin can override in CSS, not to mention a pain to change those CSS settings to the portal/page.

An addition of a "Skin Configuration Manager" (SCM) setting page to DNN, that would display and allow easy editing of any of the optional features of a skin (specified by the author of the skin detailed in a skin configuration xml file) would provide the solution, offering enhanced flexibility and limiting the number of hard coded versions of a single skin.

The SCM, would be called up from a settings option in the skin, portal settings or page settings pages for the current skin. If the xml configuration file exists for the specific skin, it would build a configuration page from the options listed in the xml configuration file to edit and override various features of the skin, typically CSS settings or CSS file inclusions (from a specified list).

If the skin has an xml configuration file, it would allow the admin to adjust different CSS settings or possibly select an alternate CSS file (from a defined list) for inclusion. Possibly, other types of settings could be added other than CSS settings.

The skin xml configuration file could be something like:

 
<group name="Color and Shape Settings">
   <setting name="Page Width" type="CssValue" css=".mainPageWidth" />
   <setting name="Header Text Color" type="CssValue" css=".headerTextColor" />
   <setting name="Header Top Corners" type=CssList">
       <csslistitem name="Round Corners" value=".headerLeftCorner 
          { background-image: url(%skinpath%HeaderLeftRoundConer.jpg);} 
            .headerRightCorner { background-image:url(%skinpath%HeaderRightRoundCorner.jpg); }" 
       />
       <csslistitem name="Square Corners" value=".headerLeftCorner 
         { background-image: url(%skinpath%HeaderLeftSquareConer.jpg);} 
           .headerRightCorner { background-image:url(%skinpath%HeaderRightSquareCorner.jpg); }" 
       />
   </setting>
</group>
<group name="Alternate Themes">
   <setting name="Theme" type="cssIncludeList" >
       <cssincludeitem name="Maroon Theme" includefile="%skinpath%MaroonTheme.css"/>
       <cssincludeitem name="Blue Theme" includefile="%skinpath%BlueTheme.css"/>
       <cssincludeitem name="Green Theme" includefile="%skinpath%GreenTheme.css"/>
   </setting>
</group>

In this example, when the SCM is brought up by the admin, it would display a configuration window with two tabs called "Color and Shape Settings" and "Alternate Themes". In the first tab it would show three options, the first would be labeled "Page Width" followed by an input box, "Header Text Color" with an input next to it to enter the color and finally a label "Header Top Corners" with a dropdownlist containing the options: "Round Corners" and "Square Corners".

The other tab would contain a single setting labeled "Theme" and would have next to it a dropdownlist with the options "Maroon Theme", "Blue Theme" and "Green Theme".

It is probably obvious what the SCM would do when options are selected, but here it goes. The CSS value and CSS list types, it would simply add in the CSS statements given in that setting to the current page/portal CSS override settings, much like you would do manually to override a CSS value for a given page/portal. The CssIncludeList would make DNN add the CSS file that was selected to the page/portal thus overriding any previous settings.

Just this one feature of having a configuration manager would be a great help in building skins without having to dump out large number of various skins in skin packs or heavy documentation on how to change the flexible portions of a page. Another example that comes to mind is for full width or fixed width skins. Currently, most people provide different versions. Often it could be handled through a single CSS setting, which such a configuration manager would be easy to select, thus the skin developer only has to show one skin, but in the skin configuration, they could select the width and/or full width/fixed width.

 

 
posted @ Friday, March 23, 2007 8:18 PM | Feedback (3) | Filed Under: DNN (DotNetNuke)   ** All Categories  



20 Years to Web standards or a New Dream?

As might be obvious from my posts on web standards, there are some issues I really hate.  That said though, one of my biggest headaches comes from all browsers not being compliant with the standards already in place.  If tomorrow, the major browsers became compliant with all the standards, most developers would still be faced with supporting prior versions for at least a few years and possibly up to five or more years.  I am just currently cutting up IE5 and below. 

At the present rate it looks like it will be another twenty years before we see all today's web standards implemented in the major browsers.  There is too much room for interpretation and wars are typical.  It seems that the standards are not high enough priority, while features take the front seat.

So, as developers, there are no answers to the current problems in browsers today.  With this lag in standards/compliance, the future does not look too bright.  It takes way too long for a standard to be adopted and everyone to switch over to a newly adopted standard.  There needs to be a better way to role from a new standard to all users adopting it, but I have no answers on how, that is for sure.

Maybe this is a window of opportunity for another technology to come and change how we view the net.  Imagine if someone built a different type of view that was easy to design sites, was cross platform and had built in notification system to allow two-way communications with sites.  All it would take is for a few sites that are popular to adopt the technology and the world would come knocking.  We could see the complete face of the Internet change in a matter of months, not years or decades.

If there was a project to write the web, given any possible methods, how would I like it to work?  That is, if there was no restraint on this fantasy, I mean, you could completely change the net's design and not be locked into any web standard of today:

  • what features would I like to see
  • how would I like to lay out a site,
  • how would the communications work, keep it stateless?
  • what types of display would I use, WPF styling?
  • what about client side programmability?
  • security and local storage?
  • disconnected access?
  • privacy and user validation
  • subscriptions?

These are just a few things off the top of my mind that could put me into a tailspin for ages to decide (I use to think I was a procrastinator, but I am not sure, I figure I will decide for sure later).  I wonder what the list would consist off if enough developers joined in and all of us dreamed a little dream!

posted @ Sunday, March 11, 2007 9:39 AM | Feedback (2) | Filed Under: Web Dev/ASP.NET/C#   Misc   ** All Categories  



Continuing frustration with web "standards"

I really tire of dealing with so called “web standards”.  Why cannot the browsers authors come together and finally make something that works.  At the same time, “fix” the so-called standards, such as the stupid box model!  Why not have a layout element working as grids of various cell dimensions, borders and padding?  

After years of battling these “standards”, I am getting frustrated at the amount of wasted time trying to make things work in different browsers and attempting to use the fragile web standards.  If it were up to me, I would scrap the standards and make IE the standard and work to fix its issues.

Where is all this coming from you might ask?  Well, I was working on a DNN skin for one of my sites and spent more than 7-8 hours tracking down alignment issues in the layout which was based in DIVs that all displayed properly in IE (7 and 6).  When I checked it in Firefox 1.5.0.10, it looked horrible. 

I worked and worked to get things to look the same and fixed most areas, but one I had big problems.  In the end, for one part, I had to resort to a table for a header (I know, those evil tables, yeah, yeah, yeah, but it works - or at least it should).  For the last year or so, I have worked little with tables as a layout tool and much to my surprise, Firefox does not like strict XHTML when images are inside a td tag.

Here is an image of what it is supposed to look like (as it does in IE):


This is what Firefox gives:

You will notice the gray extends below the image.  This is simple html and it should not require any other styles just to have the table cell wrap the image, however, Firefox fails to show it correctly.  It seems to have a link to font size, if I reduce the font size to a low number the gray under the image is decreased and if I increase the font size (still smaller than the image) the gray is extended even further.

I know, I will have to spend time digging on the Internet to find the solution to this issue, but this is what I am overly tired of doing.  Just think how many developers out there have the same problems and waste the same time just because there is no real standard.  How can it be considered a standard when it is not implemented the same in all browsers.  If anything is a standard, IE’s rendering is the standard as it is use by the majority of people on the planet.

These games are pathetic!  I just hope WPF of something of that nature becomes popular enough we can dump these stupid web standards!

For those that want to view the valid strict XHTML for this issue it is at:

http://www.ReflectedThought.com\TestTableImageBox\

update: As pointed out by Andrew, this is yet another "standard" that seems to get in the way.  By default, under the standards, a table cell will have a baseline which images will be aligned by, even though there is no text in the cell, it will use the parent baseline.  This means it will have a gap at the bottom of your image to allow of descenders for the current font, even though there is no text.  Of course, IE does the smart thing when there is no text and aligns your images to the bottom of the block (cell). 

To rid yourself of this problem, you can either do a:

td img
{
    vertical-align:bottom; 
}

or add the style to the image.  Even if you set the vertical-align of on the cell, it does not effect the image.

Another example of the IE leading the standard and the standard should be adjusted, but you know it never will!

posted @ Wednesday, March 07, 2007 10:22 PM | Feedback (2) | Filed Under: Web Dev/ASP.NET/C#   ** All Categories