Christian Heilmann

You are currently browsing the Christian Heilmann blog archives for November, 2007.

Archive for November, 2007

Minified Metro, Sticky Event Handling and great new encounters – that was ParisWeb 2007

Sunday, November 18th, 2007

Minification is the process to remove all unnecessary whitepace (spaces, tabs, linebreaks) from a piece of code to make it weigh less when downloaded. During a strike in Paris this is exactly what happens to the public transport system:

overcrowded metro

I’ve spent the last three days at Paris Web – a three day conference about web standards and accessibility held in Paris, France. Just to sum it up: although travelling through the city to reach the two different locations was more of a nightmare that I’d ever imagined, the conference itself was an amazing experience and I am happy to have been a part of it.

Paris Web shows the hallmarks of a conference that is organized by people who are simply passionate about bringing the good ideas of standardization and accessibility to the people and not to line their pockets.

The two day conference pass held in an IBM building with a state-of-the-art auditorium (I am still geeking out about the remote control and having a monitor in the stage to see my slides) and a more than adequate supply of coffee and beverages was 100 Euro for two days. The workshops, sadly enough (because of the strike) held in a school on the other side of town set back attendees for only 10 Euros!

These prices meant that you were able to reach the folk you normally can’t as they are not able to afford the ticket for much pricier conferences. Pending me, the low price did not mean you didn’t get a line-up of impressive speakers and great presentations. The list of speakers read like a who-is-who of the francophone web scene and included people from WaSP, the W3C, IBM and members of the prototype team.

My presentation at the conference “Successful teams use web standards”

My own presentation was deliberately kept non-technical and explained the benefits of following a standard when you develop web sites:

My workshop on Unobtrusive JavaScript

I based the workshop on my seven principles of unobtrusive JavaScript and tried to apply them by enhancing a table of contents pointing to several content areas in a document. There will be a blow-by-blow description of the enhancement when I get time.

The room was not ideal for doing a workshop as it was a classroom crammed with computers and 19 inch CRT monitors which meant that you couldn’t see much of the people you are teaching something.

I’ve promised the group that by the end of the session the JavaScript savvy ones will have realized that a lot of time they code too much and that the JavaScript afraid participants will know how to work and communicate with JS developers (yes, that is possible).

Making the best of the room and following a whim I explained event handling and event delegation using real people:

Event Handling using Human Guinea Pigs

The first row were the links in the table of contents, behind the list items, then a UL to the left and Stephanie Booth on the left was the window object (I did not treat her as an object, do not start these rumours!). The lady sitting up front was the event listener and the sticky note in the hand of one of the links was the event object e. It is tricky to explain, I guess you had to be there.

I am currently still cleaning up the workshop files and will put them up on my server as soon as they are done. You will find them at later on today.

Will the show go on?

I’ve heard rumours that this would be the last Paris web, and I’d consider that a shame, as it is a conference that reached where it very much needs to and there are too many people to thank and mention. It was a great experience and it should go on.

There are lots of photos of the conference on flickr and the organizers told me that all the sessions will be available as creative commons videos on dailymotion later on.

Photos by
Raphael Goetter and Christophe Porteneuve

The seven rules of unobtrusive JavaScript

Monday, November 12th, 2007

I’ve written a lot about unobtrusive JavaScript before, but I never really held a workshop about it. Well, now as part of the Paris Web Conference later this week in Paris, France I am giving one which is already sold out and I am very much looking forward to it.

As part of the workshop I prepared my materials and wanted to have a nice outline to follow. I took this as an opportunity to build up on the older materials and the outcome of this exercise is that I managed to define the rules of unobtrusive JavaScript, which are:

  • Do not make any assumptions
  • Find your hooks and relationships
  • Leave traversing to the experts
  • Understand browsers and users
  • Understand Events
  • Play well with others
  • Work for the next developer

I’ve explained them all in some detail here: The seven rules of unobtrusive JavaScript

After the workshop I will also add the code demos with some more detail, but that’ll be most probably after @media Ajax.

I hope this is helpful to you, it is creative commons, so use it for good.

Another Hack Day – this time in Brighton and on a farm!

Thursday, November 8th, 2007

I’ll still be in Paris, but were I here I’d be very interested to go. Sussex Folk who want to spend a Saturday developing some prototypes and bounce ideas of other developers can come to Brighton on the 17th of November to attend the Farm Hack Day.

From the horse’s (cow’s, chicken’s…) mouth:

Hack Day is a chance for web developers and designers to get together and work on small, fun projects, e.g. a new widget for their website. During the day people will learn from each other and show off their skills in a friendly, slightly geeky environment. This Hack Day is organised by members of the Brighton Farm freelancers group. The day will be free, supported by sponsors. Tickets will be allocated through EventWax. [...]. This is part of the Brighton Digital Festival

Darn, I should move to Brighton. Hack on!

wp-super-cache cached too far for me (and others)

Thursday, November 8th, 2007

Having just upgraded this wordpress to the new one I wanted to have the whole goodness and installed wp-cache to have static pages of my posts. However it seems that the newly released wp-super-cache plugin for WordPress had some nasty vulnerabilities.

The first to report that to me was Chris Messina on twitter followed by Stefanie Sullivan reporting about Tiffany Brown having the same issues. Checking the folders created I found the same two injection attempts Tiffany mentioned. The caching allowed code injected as txt urls via “i” or “s” parameters to be executed.

In my case I found that half my server was mirrored into the supercache folder in the plugin’s cache folder. Not good.

I was happy to see that my etc folder and other more interesting bits were not reached yet before I deactivated the plugin. Right now I am playing grepmaster to see if there are some injections left. My action: deactived and deleted all caching plugins and their cache folders (best via SSH as FTP is a PITA with so many files).

Dear API Developers, this is what I would like to have

Wednesday, November 7th, 2007

Jonathan Boutelle of Slideshare reacted to my slideshare show widget and liked how I hacked around the API by re-using the RSS feed. He now asked in the comments what I’d like to see from an API. Well, here goes:

  1. Allow for “hackable” URLs, with definition of the output. Flickr and are good examples, especially the option of defining a callback for the JSON: gets me a JSON data wrapped in a Delicious object, gets me the raw JSON data and wraps it in a function call to foo(). This rocks! The same goes for defining the output as the last parameter. Flickr does that well – for JSON, for RSS, for LOLCAT
  2. make sure that the JSON output is easy to use and does not have any annoying bits (encoded HTML or namespaced attributes – the description property in the flickr JSON to me is pointless weight for example)
  3. make the URL as logical as possible, I don’t like to have to use the user ID in flickr for example when the readable user name would be easier to do.
  4. it’d be great if you could send a unique ID as a parameter as that would allow you to match returned data to calls (as both dynamically created script nodes and Ajax calls may return in any order)

However, all of this does not replace the real API, which should

  1. allow me to define only the data bits that I need (and cut down to the smallest possible feed – no twitter, 150kb JSON is not good!)
  2. give me extras when I go through a developer ID. How about offering me free stats (even as an own API) when I build a widget that uses my ID - we do this now to throttle usage anyways. In a second phase this could also be used for a revenue sharing program.
  3. offer things like enforced authentication (you know the photos you don’t want to show your mother)
  4. allow for local caching methods (deliver the data gzipped for example)
  5. allow me access to things that the open REST calls don’t (my sets, my favourites, my contacts, my profile settings)
  6. be read and write – I want to build widgets that allow data entry from my blog to your systems, without leaving it.

Anything else?