If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

Clickbank has become synonymous with affiliate marketing in the past couple of years. This website offers a valuable service to both those with products who want to sell and those who want to sell but have no product.

Let’s look at selling your product through Clickbank first. If you have any type of informational product, you can set up an affiliate program through Clickbank and have hundreds of vendors selling it for you in no time flat. The setup fee for putting a product on Clickbank is $50, but once you have your account set up, you can add as many products as you wish. They charge you a percentage for each product sold through their affiliates.

The advantage to using Clickbank as your affiliate program organizer is that you don’t have to apply for an expensive merchant account, the website handles all payments. They also organize your affiliates so you can make sure that you pay your vendors on time, and can see at a glance how many people are selling your products.

Also, Clickbank has a pool of about 100,000 affiliates, so you do not have to struggle to attract two or three vendors to your site; they are already there, browsing for new opportunities. It can save the average webmaster a lot of time, as opposed to setting up your own affiliate program by writing your own code and then trying to find people to sell the products.

Now, if you are interested in becoming one of those 100,000 affiliates that Clickbank boasts of, you can sign up for free. Everything on Clickbank is an information product, so you can download them immediately once you pay.

The data base on the Clickbank website is massive, with thousands of products to choose from. Each one has vital information such as the price and the percentage that you, the affiliate will receive. Becoming an affiliate for any of these products is extremely easy; you simply need to plug your Clickbank ID into the code given for each product! The ID works with any product in the data base and instantly gives you access to any promotional materials that might be available for the product.

For example, you might decide to promote a cookbook on your website. Adding the code with your ID will allow visitors to click on the link to buy the cookbook, giving you a percentage. However, there are millions of cookbooks out there, so why would they buy this one and from you? This is where promo material comes in. The cookbook site might give affiliates sample recipes to post on the website, plus a fancy cover to display, as well as other information. All of this can be used by you to help create interest in the book.

Clickbank is a good option for both affiliates and affiliate marketers. It is certainly worth checking out if you have a product that you want to sell, as it is far more economical than many other options out there. And for affiliates, it offers a wide variety of products to choose from and instant access with just one ID.

• 0 Comments

Broadband internet (also known as high speed internet) is a very popular type of internet connection. It has a high data rate of transmission, which is really a fancy way of saying that it is faster than the old fashioned method of dialing up an internet connection!

DSL and cable modem are two of the most common types of broadband internet and they tend to give a minimum of 56 kbits per second (the average dial up connection is 31.2 kbits/s). This is a big advantage over the older methods of gaining internet access.

Broadband internet was first brought onto the market in the early 2000´s and it rapidly became very popular. Suddenly people could load websites in a fraction of the amount of time it took before! There were shorter waits for downloads and photos could be seen at a higher resolution more quickly. Broadband was a success!

In just a few years after it was introduced, broadband internet went from being used by a mere 6% of the population to a whopping 30%! It was a great boost for webmasters who liked to load their sites with graphics that take forever to load. Now they could actually have a great site that people would be able to look at!

Today, broadband internet connections are available around the world and people everywhere can enjoy rapid access to the internet. The advantage to website owners and designers is an increased ability to show their wares to the world. Now you can have decent sized photos and your potential clients with broadband can access them and see your products properly.

With broadband, it is also possible to reduce upload times as well as download times. This means that if you are selling information products, broadband are useful for both to designer and consumer. Large files can be uploaded via FTP onto a website and when the client gains access to the files, whether for free or through a fee paid, the download won’t take days.

Broadband access has improved the method of selling online. We can now even watch videos on the internet and new auction sites are beginning to take advantage of this, offering video shots of products instead of the standard photos. Other video sites such as YouTube offer a unique method of promoting your website, by using your products in an entertaining video which can then be uploaded to the social sharing site.

Another great use of broadband is the ability to set up a video phone online so that clients and service providers can speak easily to each other via web cam. All of these advantages are great for online businesses that can use them to create the best combination of promotion and service for their clients.

If you are a small online business owner who doesn’t yet have broadband internet action, it is time to think about getting it. It gives your business a leg up on the dial up competition, which is rapidly diminishing anyway.

• 0 Comments

There’s DVD+R, DVD+RW, DVD-R, DVD-RW, and even DVD-ROM! So what’s the difference between all of these different names, aren’t all DVDs the same? Well, it’s not quite that simple.

Let’s first start with the most obvious difference: some have R and some have RW. The “R” stands for readable, while the “W” stands for writeable.

The main difference between DVD-R and DVD-RW, or DVD+R and DVD+RW is that the R disc formats can only be written to once, and then it is only readable and can’t be erased for the rest of its digital life. While RW discs are can be written to and erased many times, they are both readable and writeable.

“R” discs are perfect if they are only needed to be written to once, such as giving some files to a friend or transferring them between PCs. “RW” discs have their strength in the ability to be used many times over, which is great for routine system backups, etc. And naturally, the RW discs are slightly more expensive than the R discs, but you’ll have to decide if the trade offs are worth the money.

Now, onto the difference between DVD-R and DVD+R. As I just described above, DVD-R & DVD-RW are sister discs, the difference being one is writeable once, while the other is writeable multiple times. The same thing is true for DVD+R & DVD+RW. So the question is, what’s the difference between the plus and minus?

In order to explain this we must take a trip back in time. When DVDs were first being developed, there was no industry standard. Multiple companies were competing to develop what they hoped would be the dominant form of the future.

The DVD-R DVD+R difference can easily be summarized by the following:

• The DVD-R/RW standard was developed by Pioneer, and is used primarily by Apple and Pioneer. These “minus” discs can only be written to in one layer on the discs surface. In addition, this format is supported by the DVD forum, but is in no way an industry standard. DVD-R/RW discs are cheaper than the “plus” format.
• The DVD+R/RW format is supported by Philips, Dell, Sony, HP, and Mcft. These discs can be written to in multiple layers, giving them slightly better and more disc storage than the “minus” format. Because of this additional capacity, they are slightly more expensive than “minus” discs.

A couple final things to clear up is the difference between DVD-ROM and DVD+RW, or the other DVD formats I mentioned above. The DVD-ROM drive can only read DVDs, while the other DVD drives can read and write data to DVDs.

And naturally the DVD+RW CD+RW difference can be explained by the “DVD” or “CD” prefix. DVDs, on average, can store up to 4.7 GB of data, while a CD can only store about 700 MB of data, or about 15% of a DVD’s capacity. While CDs are slightly cheaper, in my opinion, the benefits of DVDs are much greater.

So now that you’ve learned about the difference between DVD-R, DVD+R, DVD-RW, DVD+RW, and even DVD-ROM, which one is right for you? The easiest way to determine which is more beneficial is to watch the industry trends. A few years ago all pre-built computers were shipping with DVD-ROM drives. Today, most PCs have a burnable DVD drive.

I feel that the benefits of having a burnable DVD drive far outweigh any additional costs. They store much more data, and they are ideal for storing your home movies to watch on your DVD player.

My advice is to look at DVD burners that support all of the major formats I’ve mentioned above, DVD-R, DVD+R, DVD-RW, and DVD+RW. While a DVD drive that supports all of these formats may be slightly more expensive, it will allow you to use any type of DVD disc to burn to, and you’ll be protected from any industry shifts to one format or the other.

• 0 Comments

Ndisuio.sys, a very mysterious system file is present in Windows XP and Vista and is a driver for wireless things such as wi-fi and bluetooth. However, there have been many issues with this file downloading immense amounts of data and perhaps causing activity that is “big brother”ish.

The fact that hardly any information on this file downloading data is available by Microsoft makes things quite suspicious about it. It has even been noted that it looked as if it was transferring data to major companies like Comcast, Road Runner, Time Warner, BTC and Verizon.

The good news is, it turns out this file duplicates data that is sent/received, so wherever you go, it will also transfer the data to that file but it does not leave the computer/network so it’s not spyware. So it’s not as much of a big brother situation then it looks like. It simply performs internal communication tasks and stands for NDIS user I/O, hence, NDISUIO. NDISUIO is also used as a driver by many developers as it makes certain wireless network tasks easier such as implementing it for 802.11x connections. Some firewalls also use it as it can get the data in order to filter it.

But duplicating this data can hog resources for no reason, so disabling it is the best thing to do. The data rate of this file’s received data is huge, so that indicates that the data transfer is not over the Internet, but locally. So it’s just a duplicate of network activity but because it’s local everything transfers faster but uses more resources then casual internet usage as there’s more data involved at a given time span of 1 second, for example.

To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices.

• 0 Comments

What Is So Important About An Invalid Click and How Will It Affect Me?

More than anything, an invalid click is a big no-no and it will get your account terminated faster than anything else.  Having said that, an invalid click is when a publisher clicks on their own ads to add to their earning potential .  It’s also when a publisher asks others to click on their ads just to raise their revenue.  It also raises the advertiser’s costs and Google won’t tolerate this.  Google Adsense has state of the art technology and they know what’s going on.

Invalid clicks also happen when someone uses robots to click on ads or automated software.  It is any deceptive practice used to click on ads.

Invalid clicks are also unnecessary as there are plenty of money-making opportunities with valid clicks.  With an optimized website, useful content, and attractive ads, there’s no reason for anybody to even entertain the idea of using invalid clicks.

Having Control Over Your Adsense Account

You the publisher, have complete control over the advertisement that runs on your site.  You can choose to run only image ads, only text ads, or a combination of both.  Google recommends that you choose a combination of both to maximize your earning potential, but the decision is yours.

When making your ad decision, you also have the freedom to choose which type of ads run across your entire account (image or text) or you can narrow that decision to what type of ad might run on a particular page.

As of right now, you are not able to differentiate your image ad click rate from your text ad click rate.  You can of course, differentiate your click rate from one site as opposed to another site.  Say, for example, you run only image ads on one site and only text ads on another site.  By setting up channels to track both sites, you can see which site has the better click rate.  Of course, you have to take into consideration there would be more factors than whether you were running text or image ads.  The content, the placement of the ads in general, even the color could make a difference.

Refer to the Google Adsense Support Site for specific instructions on how to enable or disable image ads.  Remember, it’s all up to you!

• 0 Comments

You have probably seen the ads for email reading programs. They claim that you can get rich by simply reading a few emails each day and hundreds of thousands of people sign up for these programs. Exactly how legit are these businesses? Can you really earn money by just reading an email or two?

The way email reading services work is that they offer clients a certain number of hits to their websites. The clients pay for this service and the site then turns around and pays people like you to receive emails which must be opened and have a specific link clicked on in order to qualify. You usually have to stay on the advertiser’s site for 30-60 seconds before your hit is counted and you will be paid.

In general, reading and clicking an email is not a high paid job. You end up getting somewhere between half a cent and 3 cents per email that you open, if you perform the requested action.

Even if you are willing to work for such low pay, you need to be aware that many of these websites are not as great as they might look at first glance. Apart from sending you an email or two a day, they are earning from you and all their other “workers” by doing less ethical things like sell your personal information and email address to other companies. Some of these sites also have spyware which will install itself into your computer and gather vital information like bank account numbers, passwords and any other useful and confidential content that you have stored on your hard drive.

Other email programs are set up to lure people in, but they never actually pay. So they are receiving money for all the hits they send to their clients, but not paying out to their workers. It is a nasty way to do business, but these sites tend to draw so many people that they will never actually pay, that they just keep going! By promising to pay $1 per referral (or more), they ensure that people continue to reel in fresh meat so they will never lack for workers.

However, it is possible to find decent email reading websites that will not do you damage or steal your personal information and that will truly pay you when they say they will. The best way to find these is to ask people. Avoid anyone who gives you a referral URL since their opinion will be biased. You should also ask to see proof of payment. This just means that the person commenting will send you a screen shot of his or her Paypal account with the amount credited and the name of the business paying, or a photo of a check if that is how the email program pays.

A pay to read email program that is worth checking out is one that pays and has a clear privacy policy which states your information will not be used by anyone except them, and for job-related purposes only. They should also be able to provide proof of payment for their workers.

• 0 Comments

Flash-based sites have been a craze since the past few years, and as Macromedia compiles more and more great features into Flash, we can only predict there will be more and more flash sites around the Internet. However, Flash based sites have been disputed to be bloated and unnecessary. Where exactly do we draw the line? Here’s a simple breakdown.

The good:

Interactivity

Flash’s Actionscript opens up a vast field of possibilities. Programmers and designers have used Flash to create interactve features ranging from very lively feedback forms to attractive Flash-based games. This whole new level of interactivity will always leave visitors coming back for more.

A standardized site

With Flash, you do not have to worry about cross-browser compatibility. No more woes over how a certain css code displays differently in Internet Explorer, Firefox and Opera. When you position your site elements in Flash, they will always appear as they are as long as the user has Flash Player installed.

Better expression through animation

In Flash, one can make use of its animating features to convey a message in a much more efficient and effective way. Flash is a lightweight option for animation because it is vector based (and hence smaller file sizes) as opposed to real “movie files” that are raster based and hence much larger in size.

The bad and the ugly:

The Flash player

People have to download the Flash player in advance before they can view Flash movies, so by using Flash your visitor range will decrease considerably because not everyone will be willing to download the Flash player just to view your site. You’ll also have to put in additional work in redirecting the user to the Flash download page if he or she doesn’t have the player installed.

Site optimization

If your content was presented in Flash, most search engines wouldn’t be able to index your content. Hence, you will not be able to rank well in search engines and there will be less traffic heading to your site.

Loading time

Users have to wait longer than usual to load Flash content compared to regular text and images, and some visitors might just lose their patience and click the Back button. The longer your Flash takes to load, the more you risk losing visitors.

The best way to go is to use Flash only when you absolutely need the interactivity and motion that comes with it. Otherwise, use a mixture of Flash and HTML or use pure text if your site is purely to present simple textual and graphical information.

• 0 Comments

In February 2007, Yahoo quietly went live with Yahoo Pipes. Tim O’Reilly described it as “a milestone in the history of the Internet.” It’s the ultimate web mashup tool; keep reading to find out what it can do for you.If you’re at all familiar with UNIX, you understand the concept behind Yahoo Pipes. A “pipe” in UNIX connects two programs, taking the output from one program and using it as the input of the next program. You can even connect a series of programs with a whole set of pipes, performing several different operations until you get the result you need.

For the sake of an example, assume that you are looking for an apartment close to a new job. You might create a program that visits web sites with classified listings, extracts the apartment listings, runs the addresses through a locator program to check the distance, discards all the ones over a certain price range, then sorts the remainder by some factor (say number of bedrooms or closeness to schools). That would be five steps run through four pipes.

Potentially, that would also be a lot of work if you’re actually writing a UNIX program to do this for you. Full disclosure: I’m not a programmer myself, so I wouldn’t know. But Yahoo Pipes lets users do exactly that, and more. It lets you combine many different data feeds (such as RSS) into a single feed. Once you’ve combined all the feeds, you can use “modules,” which are like mini-applications, to sort, filter, remix, and generally pick out whatever is important to you while leaving the rest.

I’m sure I don’t have to tell you that there are a ton of possibilities here. You can consolidate all of your favorite news feeds together into one feed and have it filter for specific words; you can put your entire online life together in one place (LiveJournal, Flickr, Facebook, what have you) to make it easier to tell your friends and family what you’ve been doing; you can even custom build an aggregated feed that covers your web site’s topic. Let’s take a closer look at how it all works.

Getting Started 

It’s easy enough to get started. You go to the Yahoo Pipes page and click on My Pipes. Before I take you there, let me show you a screen shot of the page:

It doesn’t really do the page justice, but I think you can see that it lends itself to poking around. When I checked the page, the left column (“About Pipes”) made a number of interesting suggestions as to what you can do with Yahoo Pipes; the middle column was devoted to popular pipes; and the right column talked about updates. One recent update I’m sure many of you will be interested in explained how to use Yahoo Maps with Yahoo Pipes.

If you’re ready to build a pipe, just click on My Pipes. You’ll need to log in to Yahoo; it should come as no surprise that you can’t use the service unless you’re registered. Once you log in, you reach a page that says “Looks like you don’t have any Pipes. Why not create one?” It links to an editing page for creating your first Pipe. You’ll also find links to example pipes. You should be warned that example pipes seem to take quite a while to load. I didn’t want to wait, so I thought I’d better just try putting one together myself.

Thankfully, Yahoo provides a simple overview so I had some idea of what I’d be doing, at least in principle. I’m not a programmer by any stretch of the imagination, so those of you who are more tech savvy can laugh at my halting steps. You can also find a complete list of Pipes modules and other useful information in Yahoo’s documentation for Yahoo Pipes.

Building the First Pipe 

Before we start building a pipe, you need to be aware that Yahoo Pipes does not work on IE 6. I found this out the hard way. You’ll see the page, but when you try to drag and drop modules onto the editing area, they’ll just disappear. It works in FireFox as long as you’re using the latest version, otherwise it acts flaky.

Anyway, here’s the first page you’re confronted with when you start building your first pipe:

I’ve cut and reduced the image to fit. Now the menu column on the left is what Yahoo refers to as the Library. It lists all of the available modules as well as any pipes you have saved. Yahoo separates the modules into different categories depending on their functions:

• Sources are data sources that return an RSS feed.
• User inputs are input fields that your Pipe’s users fill in at runtime.
• Operators are basic functions like foreach, sort, count, and filter.
• Url modules build and manipulate URLs.
• String modules handle strings.
• Date modules manipulate dates.

Fortunately you get a helpful tool tip when you hover over each module that tells you in a sentence what it does. You’ll usually want to start a pipe by specifying where it will be getting the data. That means you’ll want to grab one of the feed modules, which you find under “Sources,” and drag it onto the “canvas,” like so:

As you can see, the module changed; it’s bigger, it changed color, and it now has a “pipe output” section. It’s waiting for you to put in the URL of the RSS feed you want to use. Yahoo helpfully provides a search box for feeds. You can add more feeds using the same module by clicking the plus sign next to the URL. Below, I’ve added five feeds:

The feeds I’ve chosen aren’t particularly large, but there are plenty of feeds online that are nothing short of huge. Of course, if you don’t think you have enough feeds (and since the point of Yahoo Pipes is to connect lots of different feeds), you may want to drag another feed box onto your editing canvas and connect the two modules. You’ll want to use a “Union” box for this, which you’ll find under “Operators.” You click and drag your mouse from the URL modules to the Union module to hook them up. You can really see how pretty the interface is at this point; you’re dragging some lovely blue connectors. Take a look:

At this point you’ll want to filter your pipe. Drag a Filter box over from the Operators. The Filter box lets you block (or permit) items that match certain rules. Here’s an example, hooked up to my pipe:

You can see how easy it would be for someone who is interested in a particular kind of news or trying to stay up to date in a particular field to pick out the stories that would be of most interest. If you have ever searched for something using key words, you can easily set up a filter.

Once you have finished filtering your pipe, you want to connect the filter to the “pipe output” box that appeared when you dragged your first module onto the editing surface. You do that in the same way that you did it with the other connections.

Finishing Your Pipe 

At the upper right hand corner of your working area are three buttons: New, Save, and Publish. When you have finished your pipe, click Save. You’ll be prompted to name your pipe. Type a name into the text box and hit Save.

After it saves, you’ll see a box at the top of the screen that says “Pipe Saved” and you’ll be able to click on a link labeled “Run Pipe.” That’s always a good idea. Does the pipe grab too much information? Or perhaps it grabs too little (as mine did)? You can always go back and modify your pipe until it gives you what you’re looking for.

You can build much more complicated pipes than the example I gave here. Yahoo points to one called “Apartment Near Something” as a possible inspiration. It starts with a search on Craigslist for apartments as the input and uses the Location Input module to narrow things down by city/state and zip code. Then the pipe accepts text input from the user specifying what they want to find an apartment near (i.e. parks, walking trails, schools, etc). Finally a sort module is added, so the apartments can be sorted by their distance from the desirable item.

As you can see, it’s pretty easy for even a non-programmer to start using this lovely graphical interface. If there is interest, I’ll cover the other areas of the Yahoo Pipes site: the many pipes that are already published, how to publish a pipe so the whole world can see it, the discussion forums, how to clone a pipe, how to build a more complicated pipe, and more. Meanwhile, I think I’ve given you enough to play with for now!

—

by Terri Wells 

• 1 Comment

It’s important not to skimp on security when setting up a content management system. This article explores an open source, surprisingly secure content management system that works well for both novice and experienced webmasters.

In a recent article about CMS Programs,

I made quick reference to a need to be security conscious when choosing a Content Management System.  Now, I’d like to correct that cursory glance at a subject that really should be of prime importance when making the decision about a system.  The original choice can impose opportunity, or limits, on your web’s safety and have far reaching effects on your success or failure.

Specifically, I want to explore the security solution found in a program that can be easily manipulated by a novice webmaster, while remaining entirely useful to the more advanced security professional.

A Historical Turd

The previous article also gave away my affinity for the Nuke CMS.  Now don’t run off just yet.  I know that if you are like a large part of the programming community, you think of this program as outdated, full of security holes, and not worth bothering with.  Some even claim it’s not really a CMS.  But take a look at what’s new.

The original PHP Nuke CMS, developed in 2001 specifically for novice webmasters, offered core code for the most basic admin functions and controls for building and maintaining a member-based website. To give him credit for honesty, the creator admits that he learned how to code PHP in one week, and then wrote the script for the PHP Nuke CMS in the next three. To give further credit for ingenuity, he created a system that anyone could use to build a web site, leveling the playing field for hundreds of thousands of small concerns who had the desire but not necessarily the money or know how to set up shop on the Internet.

Unfortunately, by nature of the fact that the code is open source, the systems vulnerabilities have been eagerly and aggressively exploited.  Malicious intrusions, by an embarrassingly long list of attacks often left unsuspecting web masters as victims of everything from SQL injection attacks to complete take overs, up to and including being locked out of the admin controls. And those were the easy risks, those that the webmaster could see.

Another not so easy to spot form of malicious abuse included gaining access to a domain’s email systems. Professional spam rings could then launch campaigns mailing thousands of users each day from the victim’s web site’s domain address.

The exploitability has not been helped by the fact that the program was extremely successful in reaching its target audience, namely new web administrators with little experience.  Such webmasters only learned about the abuse taking place on their sites when their IP address became blocked from major ISPs and they could no longer send or receive mail, or when they began getting hundreds of mail daemon messages on days they had sent nothing out. And, of course, the best proof that a site is being exploited, receiving mail offering watches, Viagra and child sex from their own domain.

Though it’s an easy cop out, all of PHP Nuke’s problems did not lie solely with the original creation.  Hundreds of well intentioned writers, eager to add on their own contribution to the Nuke, began developing modules to do this, and do that, also with little heed to security as an initial concern. Layer all of these problems in with the fact that add-on modules and blocks may or may not be updated regularly, if at all, and it’s easy to see how problems developed.

Nuke Community Searches for Answers 

Since the launch of PHP Nuke, a number of developers have recognized the security problems and mounted efforts to clean up the code.  Revisions, forks and complete rewrites have been undertaken with varying success rates.  Some focus on a wider set of user modules and functions, but most focus to some degree on better security.

While novices swarmed to get a site or two published with the new program, much of the web development community dismissed the Nuke because of its flaws.  But a recent registered user count at just three of the popular Nuke sites comes to more than 200,000.  Take into account the fact that many users operate multiple sites and it’s easy to see there are a horde of sites using this programming code, which means it should not be dismissed or ignored.

Having used a number of the variations of this program myself over the years, as well as the original, I want to talk about one that is worthy of some respect.

RavenNuke™ + NukeSentinel – A Knock-Out Punch

Reportedly, the core group of professionals at RavenNuke™ (RN) spent a year rewriting hundreds of core files to address the well documented security problems with the original code.  This resulted in the current RavenNuke™ code which includes “more than 10,000 fixes/patches” according to distribution documentation.  The NukeSentinel system, the flagship product of RavenNuke™, is a security module developed to work hand in hand with the secured RN release.

An accurate description of the overall security project would be the RavenNuke™ distribution with NukeSentinel.  They are two programs, and one does not have to be used with the other.  However, the NukeSentinel system works so well with this particular distribution that it is easy to forget they are not one program.

Raven’s distribution of Nuke still looks like a PHP Nuke program with all its modules and blocks.  An easy to spot difference from most other versions is that this code involves core files and a select few add-ons.  While some systems offer hundreds of blocks and modules with their systems, RavenNuke™ sticks with the basic operating functions, which have been modified to meet strict security standards.

Repackaging the Management of Difficult Security Concepts

A hacked website can completely intimidate new webmasters, who have a tendency to become discouraged and abandon their systems rather than regain control or even disable the site. This fact leaves hundreds of sites running malicious attack code all over the net.

See this quick search of a known hacker that shows relevant returns well into 100 sites. These results are only for a search on one name!  You can see a few others have also taken advantage of this site.  Obviously, they have gained control of the admin function enough to alter the title of the web site, and the site has been sitting like this long enough for the search engines to have picked up the change.

Look below at an image of just some of the back office controls designed to keep the malicious out of Nuke sites.  For security professionals and code writers, these protective measures will be standard practice.

For the novice, however, injections are something accomplished with a needle, worms live in the garden and a flood is why Noah built the arc.

Controls and blocks against known threats are already included to protect sites from a large variety of moderate to severe attacks.  The image below shows controls on just one branch of the tree menu. Literally thousands of combinations of secured preferences can be assigned to the web site. So, vulnerability in one web site does not automatically mean vulnerability in all. That’s another obstacle for intruders to overcome.

The Sentinel also provides specific admin protections and can be set to automatically write IP blocking information to Apache’s .htaccess file.

 While security programs generally offer a full set of functions to users, NukeSentinel provides an extra layer of protection for the Admin back office, which allows the user complete control over which functions are turned “on” or “off.”  Shown below are the system’s first 2 of 29 General Settings on NukeSentinel’s main menu.

Beyond the ability to control a feature’s basic on – off function, the developers of Sentinel also thought to allow varying degrees of protections for each threat.

If, for instance, you decide that you don’t want proxies to access your web site, you aren’t stuck with an all or nothing choice.  A block of this threat can be set to screen on a Lite, Mild or Strong level, directly from the drop down box.

Other threats can be controlled with ten levels of “punishment” for offenders, ranging from an email alert for the admin to an automatic temporary or permanent ban from your site.

This functionality allows tremendous control and customization for the non expert admin.

No longer does the novice, who may know something of PHP, but looks at the code and decides they shouldn’t touch it for fear of “breaking” the application, have to pray for the best.  He can now approach site protection aggressively because security controls have been translated into something with which he is familiar.

Notice in the image above, the inclusion of an upto date! warning and simple links that open into deeper levels of security.

Notice also that Sentinel’s control panel is loaded with helps. A click on a question mark brings up an instant answer to what a function is, or what it does.  A click on the “Blocker Configuration” help button reveals this pop up.

The Sentinel is not the most popular of the Nuke alternatives. For one, it is a little more difficult to install. Having been completely rewritten for security, the code is not always as easy to use as an upgrade on the existing version of an alternate Nuke system.

Once installed and working properly, the frequent bug fixes, patches and system upgrades from Sentinel version to Sentinel upgrade are managed without much problem.

With each upgrade, the developers have included an install program that makes much of the required fixes automatic and worry free for those who read the instructions first.

Pluses and Minuses

While a bit of learning curve should be expected when approaching this system, it is not prohibitive, even for a newbie. Documentation on the project is strong, and the support forums are active and responsive.

The one dubious drawback to this system is the tendency for the admin to lock themselves out of the web site. Though this problem is most often caused by admin error, and easily fixed after a search on the official RavenNuke™ forums, it can still be a frustration.  I called this a ”dubious drawback” because aggravating as it is to be locked out of your own web site, it’s a testament to the effectiveness of the system that if you make a security mistake, even you won’t get into the web site protected by this system.

This code is open source.  In this case, that property is an asset because it has attracted a core group of talented and dedicated developers.

Bugs and vulnerabilities are quickly found and closed.  More importantly, users can find answers to why and how to keep their systems safe at the official RavenNuke forums.

An added, and not insignificant bonus, is the HTML and CSS are 100% W3C compliant, making sites built with this version more easily accessed by new and coming web technologies.

Provided an administrator can commit a couple of hours each week to learning the system and checking for developments, this somewhat difficult system is actually the easiest way to Nuke Security.

The RN CMS presents a huge advantage for the entire net community by repackaging the management of difficult security concepts into a familiar interface that webmasters of all skill levels can use to prevent the spread of attack code and spam to other computers.

Once we wrap our brain around that concept, we can add this one. Not only is security repackaged and made easy, Sentinel’s core group of developers are aggressively involved with prevention of future attacks. While no one over at RavenNuke claims the Sentinel will block 100% of attacks now or in the future, it blocks enough of the known attacks to be worthy of praise.

This is not to imply that webmasters have no responsibility for protection and safeguards to their own sites. But the existence of a strong system of protection as a first line defense should make webmasters all over the world breathe a sigh of relief.

Find more about the RavenNuke™ and NukeSentinel at RavenPHPScripts.com

—

by Jessica Michaels 

• 0 Comments

Yahoo! continue their developer-focused effort with the Yahoo User Interface library, a collection of tools, utilities and controls written in JavaScript for achieving dynamic, interesting and cross-platform web pages. It makes extensive use of advanced DOM scripting, DHTML and AJAX techniques to help you easily construct rich and interactive web applications. In this article I’ll be looking at these tools and utilities in detail and examining what can be achieved using them.Although completely separate from other programming foundations and developer tools such as the Yahoo Widget Library for example, I think that Yahoo are trying to achieve the same thing here: provide something extremely useful to developers, get people interested and be recognized as not just a provider of news and search results, but also as one of the best providers of new technologies aimed at assisting people from all levels of experience to build better sites and services for themselves.

Let’s look at each of the tools in more detail. There are six fully fledged utilities packaged into the YUI, plus an experimental one, and two beta utilities. The six fully completed utilities are: the Animation utility, the Connection Manager, the Drag and Drop utility, the DOM collection utility, Event Utility and the YAHOO Global object. The two beta utilities are the DataSource utility and the Element utility. The experimental utility is the Browser History Manager.

The beta utilities are as available to use as the rest of the package, but their APIs are still open to developer feedback, to give the utilities some time to be played around with by the likes of you and me before the YUI team finalize and lock down the APIs. The experimental utility is also released to the general public under the same premise, but has had even less extensive testing than the beta utilities. These utilities do not have the same levels of documentation as fully released parts of the package and may therefore require a higher level of programming competence to be able to use.

Don’t let this put you off though. Once you’ve been using the YUI for a little while the syntax becomes easier to use intuitively, and developer feedback is an excellent way to communicate to the people behind the YUI exactly what we want to see in future releases. Although there is currently no formal way to request additions to the code or to provide feedback as such, bug reports and patch requests can still be submitted.

The Completed Utilities 

The YAHOO Global Object provides the namespace within which all YUI code resides. It is a mandatory utility that must be included on every page that utilizes any of the utilities or controls. To use YUI utilities, the Global object must be declared first in a <script> tag in the head of any page using the utilities. This utility can also be used to create custom namespaces for applications built on top of the YUI framework. In the simplest implementations of the YUI utilities, nothing needs to be done with the Global object other than defining it.

The animation utility provides a simple implementation of animations that involve moving objects within the browser or changing the size, color or other visual characteristics of objects. A range of methods are provided to control and configure animation and the syntax is easy to use and master. As well as providing complex animation, this utility can also be used to implement other interesting visual concepts such as fading and scrolling.

Creating a basic animation is easy. You simply specify the object to be animated, creating it dynamically if required, then use a series of attributes to tell the script how the animation should be achieved. A series of transition effects, such as easing in, which starts the animation slowly and then speeds up, or easing out, which does the opposite, can also be used.

The Connection Manager utility provides an easy abstraction layer for making in-page HTTP requests through a simplified interface to the AJAX XMLHttpRequest object. Using this utility means that you can send a request to a server and receive the response with just a couple of lines of code instead of the standard, manual method of creating the XMLHttpRequest. You don’t have to worry about providing code for different browsers as everything is done for you in the utility. You can even access and parse XML documents with ease using this utility.

Enabling objects to be dragged-and-dropped was a great DHTML effect a few years ago but required huge amounts of unwieldy code to work correctly. With the Drag and Drop utility, all you need to do is specify any DOM element to an instance of the YAHOO.util.DD constructor. That’s it; the element becomes draggable! Obviously in most implementations of the drag and drop effect, you’ll want to do more than simply move objects around; the drag and drop utility provides a set of custom events that fire at different times during the interaction which can capture different data and be used to achieve the desired result.

The DOM Collection utility provides easy access to obtaining any DOM element on the page and also simplifies the process of accessing collections of elements and tasks such as getting and setting style properties of DOM elements or collections. A few of the other utilities depend on the DOM utility and you’ll find that you often need to include a reference to it in the head of your pages.

The event utility is similar and is required by most of the other utilities. This utility gives you a simplified interface for subscribing to DOM events and for creating your own custom events. To cut down on the number of utilities that need to be included in your pages, Yahoo has combined the YAHOO, DOM and event utilities into a single utility (although they can still be used independently where required).

The Element utility (still in beta phase) provides a wrapper for HTML elements in the DOM and simplifies common tasks such as adding listeners and manipulating elements. The DataSource utility provides a common configurable interface for interacting with data from a variety of sources including JavaScript arrays and online servers over XHR. The Yahoo team is committed to using these utilities but advises that implementations created now may be subject to change once the API has been locked down.

As any web application developer knows, state changes to a web page’s content and structure are often not recorded by a browser’s history engine. The currently experimental Browser History Manager has been designed to facilitate the creation of web applications in which the back and forward buttons of the browser are fully functional and in which aspects of the application’s state can be bookmarked.

The Controls

So now that we have looked at the utilities, we will now briefly examine the controls available for you to use. There are currently eight fully released controls and two beta controls.

The first of these controls is the AutoComplete control, one that I’m sure you’ll all be familiar with. This control provides the front-end logic to a text-entry suggestion engine. You can work with data from a variety of predefined sources such as Yahoo web services for JSON data, Flickr XML data, or configure your own AutoComplete component using flat-file data. This control interacts with the DataSource utility.

The Calendar control enables users to choose one or more dates from a graphical calendar presented in a very familiar format and provides an easy-to-implement enhancement to any page requiring date selection to be completed. Anyone that read my article on creating a calendar control manually will appreciate exactly how much coding this control can save you!

The container control is a family of subcomponents that is designed to enable developers to create different kinds of container modules including a standard module container, an overlay, a tooltip, panel or dialog. Each of these modules has their own unique functionality and prove useful in a variety of situations.

The logger control allows you to make use of the event-driven messages that occur when controls or utilities are instantiated and interacted with, and is used primarily for debugging purposes but can easily be extended to fit the requirements of your application.

The Menu control is another component that provides a much sought-after effect with minimal coding, and allows you to forget about the subtle differences between browsers and get on with the more interesting aspects of design. It allows you to quickly and easily create fly-out menus, context menus or application-style menu bars. A Menu controls’ internal DOM is based on the familiar and easy to use <ul> element and can be configured and customized in a very short amount of time.

The Slider control can be used to add a rich visual replacement for a standard input box that allows you to develop a more interesting method of allowing users to enter numerical values in a finite range. This control is easily implemented and easily styled. It is inherently dependent on the Drag and Drop and the YAHOO-Dom-Event utilities, but can also be combined with the Animation utility for self-scrolling slider controls that animate when their background region is selected.

More Controls

The tabView control allows developers to easily add a tabbed view of different pages of content on the page. Like the Menu control, it is built primarily from a standard list element, which is held within a <div> element. Each tab is represented by a simple <li> element. A range of visually discrete tab styles can be used including standard, top-left, round-edged or horizontally aligned tabs, and new tabs can be added or removed programmatically with a minimum of effort.

The TreeView control can be used to create a variety of hierarchical tree structures that can be loaded dynamically. Customizing the icons used to expand each top-level tree element is easy, as is using custom fading animations to move between tree nodes.

The beta button control allows you to easily extend traditional HTML form buttons into rich, graphical buttons that feature enhanced functionality or style and even includes support for better radio buttons and checkbox controls. Eight different buttons can be created with this control: a basic push button, a link button which is specifically used to navigate to new URls when pressed, submit and reset buttons, a checkbox or radio button, a menu button that will show or hide a menu when pressed or a split button which can either display a menu or execute a user-specified command when clicked.

The final control, also at beta stage, is the DataTable control, which interacts with the DataSource utility to provide a highly accessible tabular format of data. It is fully screen-reader accessible and features sortable and resizable columns, pagination, scrolling, row selection and inline editing.

The Yahoo! Developer network site dedicated to the YUI provides a huge resource of information, examples and documentation for all of the utilities and controls mentioned in this article as well as some of the custom CSS tools that I haven’t had time to include. A blog provides the latest ongoing news and announcements for the project and a forum is provided where you can get help with specific issues you may encounter when working with the different controls and utilities. This is also the place where the YUI can be downloaded if required, but don’t forget that you can choose not to download any of the library, and let Yahoo serve the files you require across the Internet. The site can be found at http://developer.yahoo.com/yui so anyone interested in working with this rich set of utilities, controls and tools should head there immediately and get involved.

—

by Dan Wellman 

• 0 Comments