Book cover

My editor, Simon St. Laurent, sent me a copy of my new book cover. The tagline is currently being changed, but when the art department is finished, I’ll post a copy.

It’s a companion book to JavaScript: The Definitive Guide, which features a rhino on it’s cover. So what could be more appropriate for a Learning JavaScript book than a baby rhino? It’s adorable.

The book tagline works, too. In fact, it’s forming the basis for the Learning JavaScript site design. Oh, how I wish I had graphic skills; I don’t, so I’ll have to muddle along. Regardless, it’s going to be a fun site.

I am so pleased to be back working with, and writing about, scripting. I like lightweight technologies. Always have; always will.


Surest way to lose a customer

I am beta testing Firefox 2 on one of my machines, and will be writing about the new JavaScript 1.7 in a post over at ScriptTeaser. One of the advantages to Firefox 2 is the spellchecker, which works with all text windows. It really is the way to go, rather than have to enable the functionality on every server.

Most of my Firefox extensions don’t work with 2.0b, but one that does is the NoScript, which allows you to ‘whitelist’ a site for JavaScript use. The purpose is to protect yourself if you end up at a site that has a JS exploit, but still allow JavaScript usage for trusted sites. Unfortunately, if a whitelisted site also has an opening for a cross-site scripting hack, exploitive JavaScript can be ‘injected’ into the page.

One can always turn JS off, but that just cuts you off from the useful to frivolous use of scripting that is pretty ubiquitous now. Still, it’s an option.

I like to use NoScript, as I like to see how sites look when their JavaScript is turned off. After all, sites need to make sure they work in a non-script environment. Home pages such, shown below, are unacceptable–the mark of sloppy developers far too hung up on technology. Note to the company: Expedia’s worked fine without JavaScript.


When stereotypes are fostered

Recovered from the Wayback Machine.

I wrote a relatively positive piece on Blogher over at Just Shelley. I guess I’ll use the Bb Gun to write the negative stuff. Or a better way of looking at this: address some of the comments that bring out the bitch in me.

There’s this from a twenty something who since she’s never experienced any problems of gender bias in her life, women can’t possibly have any problems, and should stop ‘whining’ about such:

I don’t know how else to put it, but I say that to encompass my almost zero interest in most women’s issues and female activism and empowerment. Now, I think women deserve to vote and can have careers and can do whatever they want to. However, I hate the male-bashing and whining about it being a male world that so often dominates feminist conversations (but, as a caveat, not all conversations). For example, one of the take away points from the session was to hire women or help other women get hired, etc. Are you kidding me?! Hiring someone because they’re a woman is just as bad as hiring someone because they are a man. There seems to be a little bit of a double standard going on there.

There’s already a double standard. Do you know that all interview techniques at Google, Yahoo, and other major companies are primarily devised by male engineers between the ages of 25 and 45? Now, you tell me: who is going to do better with these techniques? A woman of any age? An older man or woman? Or a male engineer, between the ages of 25 and 45. Most likely from the same socioeconomic background as those who devised such tests?

To assume that because bias isn’t blatant it doesn’t exist makes one naive at best; self-centered at worst. Am I being hard on this young woman? Damn straight. She’ll most likely only get reaffirmation from her own set as to the justice of her views. What I’m suggesting, strongly, is that she develop a bit of empathy. The quality of empathy is understanding that just because you’ve not experienced an event directly, doesn’t mean the event doesn’t happen.

ValleyWag already touched on Dave Winer’s obsessive use of chick when referencing anything women were doing at Blogher. To give Winer credit, he did make a statement about how being a man at Blogher must be how a woman feels at ETech. I noticed he hasn’t said one word on the second day, but to give him the benefit of the doubt, much of this could be because of the blatant marketing of the conference.

Robert Scoble wrote:

Other things I learned from BlogHer?

That the stereotypes about women are true (they talk about things like mothering, cooking, sewing, and soft stuff like feelings, sex, relationships, along with broader things like books and movies far more often than I usually hear among the male dominated groups I usually find myself in after conferences). But, the fact that they are true gives women HUGE economic power and content power that the tech bloggers simply won’t touch.

So that’s what women are good for other than sex, having babies, and taking care of the house. We buy things.

I shouldn’t rise to such bait, but I suppose it would be too much for anyone to contemplate that Blogher attracted primarly women who do want to discuss such issues. That’s more or less how the conference was promoted. Would Scoble be surprised to hear both men and women talking about open source products at OSCON? Or new technology at ETech?

Having said that, there is a part of me that wishes the Blogher folks would not stress so much that they’re representative of ALL women in weblogging–because they aren’t. Theirs is a commercial enterprise which, more and more, is catering to specific types of interest; reflected in the conference, which was geared more toward certain types of topics and discussions. By stressing the company’s all inclusiveness, rather than band us, they’re branding us.

Media companies have to have a focus audience, and Blogher is a media company. Linux Journal, where Doc Searls works, focuses on men with certain interests. That doesn’t mean that Linux Journal will appeal to all men, the same as Blogher’s conference will appeal to all women. To draw inferences from the given sampling to the global all is an example of failed logic.

Now, having said all of that: what’s wrong with the ladies (and gents) of Blogher discussing these things? They’re terrific discussion points, and obviously, for the most part, the people who attended enjoyed the topics. The world is full of infinite variety–including men who liked the discussions just as much as the women. In fact, much of the more positive commentary I’ve heard on Blogher has been from men, and not just about women as marketing target.



The Head Lemur sent me the link to this important story about a security threat based on JavaScript. This is a tough type of event to prevent, because it is increasingly difficult to turn JS off–so much of online content is JS dependent.

Typically most attacks of this nature will occur because malicious script is embedded into a web site through a cross-site scripting attack (XSS). The only way to prevent these is to scrub your form entry fields to make sure script or other unwanted material isn’t getting through. (Which reminds me that I have to check my new sites’ comments, to make sure these are ‘clean’.)

This is a threat, but I would say it’s of secondary concern compared to some others. No, don’t shoot me. It requires that a lot of factors be in place before it can work: your router not have password protection, your printers always be on and have a built-in web server and so on. The more sophisticated your home network, the more vulnerable you are. However, the more sophisticated the home network, the more we have to assume you know how to protect such network.

Still, not sure what we can do so plug such breaks. Would be a shame to start crippling JavaScript, just when it started to get interesting. As for ‘firewalling’ the browser, I agree that browsers need to make us more aware of what is happening behind the scenes. I’m also all for extensions such as Firefox’s NoScript to ‘whitelist’ JavaScript sites (though XSS can make this mute if the whitelisted site provides openings for malicious JavaScript insertion.)

(Slashdot coverageOriginal press release and white paper on the exploit.)



Fascinating take on the Stolen Lollipop scandal that’s erupted between the world of photography and the world of weblogging. Thanks to 3 Quarks Daily for the link.

At issue is a new gallery opening showing photographs of children obviously upset and crying. Several webloggers took umbrage at what they called ‘child abuse’. The photographer and her husband said it was no such thing, it was a case of giving the children a lollipop and taking it away.

My take: unless they have to pose for these photographs daily, I doubt the children will be emotionally scarred from this event. However, I don’t like the photos. I think they’re contrived and overly sentimental and melodramatic. They perfectly reflect the photographer’s stated inspiration, which was so maudlin, it made me gag.

Give me the freshness and honesty of Walker Evans. Any day.

From the article:

In the end, “This is more a story about blogging than about photography,” said Stephen White, formerly a gallery owner and currently a private dealer and collector in Studio City. “It’s about a generation that’s so caught up in itself that everything it says it thinks is significant, even though it’s not saying anything at all.

“People in the photography world, anyone who is sophisticated about photography, knows that this is not offensive,” he said. “Taking away a lollipop is not child abuse. There’s no irreparable harm. I’m just not sure there’s any significance to the photographs, either.”