Tag Archives: JavaScript

The TiddlyWiki Report, Part I: Jonny LeRoy

This week’s WSJ.com/AWSJ column is about the TiddlyWiki (here, when it appears Friday), which I reckon is a wonderful tool and a quiet but major leap forward for interfaces, outliners and general coolness. I had a chance to chat with some of the folk most closely involved in TiddlyWikis, but sadly couldn’t use much of their material directly, so here is some of the stuff that didn’t fit.

First off, an edited chat with Jonny LeRoy, a British tech consultant who offered his view on TiddlyWikis over IM:

Loose Wire: ok, thanks… i’m doing a little piece on tiddlywikis, and was intrigued to hear how you got into them, how you use them, where you think they might be of use, how they might develop etc…
Jonny LeRoy: sure. I first came across them when a colleague sent round a link. The thing that hooked me was the “install software” page which just said – “you’ve already got it”. I’ve been doing web stuff (mainly Java server side development) for quite a while and seeing the immediacy of the tiddlywiki was great. I’ve tried all sorts of tools for managing thoughts and tasks and generally end up going back to pen and paper after a while. tiddlywiki is fast and easy enough for me to keep using it. The micro-content idea is pretty interesting but I’m also pretty interested in how they slot into general progressions in the “Web 2.0”. more and more functionality can now be pushed client side – especially with Ajax and related async javascript technologies. TiddlyWiki takes this to the extreme by pushing *everything* client-side …
That does raise the problem of sharing and syncing the data, but it’s not really in essence a collaborative tool. though there’s no reason why that can’t be added on top of what’s there. Does that make some sense?
Loose Wire: it does. very well put…
Jonny LeRoy: cheers 😉
Loose Wire: 🙂 i particularly like the tagging idea, which you seem to have introduced…

Jonny LeRoy: Yup – for me when I started using tiddlywiki the main thing missing was any kind of classification. I’ve had a fair amount of experience with pretty complicated taxonomies and ontologies – particularly for managing / aggregating / syndicating content on a travel start-up I was involved in. but the simplicity of sites like delicious and flickr started to make me realise that some simple keyword tags gets you nearly everything you need. and also removes half of the issues related to category hierarchies and maintenance. particularly when your dataset isn’t massive. even when the dataset and tag list grows there are ways of “discovering” structure rather than imposing it … see flickr’s new tag clusters for a good example of this. In the good open source fashion I had a quick hack at the TW code and put some basic tagging functionality in place. A few other people were creating tag implementations at the same time, but they were more based around using tiddlers as tags ….. I was fairly keen just to keep the tags as metadata. I’m still yet to see a good online wiki that has tagging built in. for me that’s been an issue with most wikis I’ve used

Loose Wire: i get the impression that tagging is still considered a social thing, rather than tagging for oneself, as a way to commit to hierarchies, a la outliners etc?
Jonny LeRoy: that’s one of the beauties of it – though not so much in TW. the free-association you get by browsing other people’s tags is amazing. comparing what you can find through something like delicious compared to open directory projects – dmoz etc is quite interesting
Loose Wire: it is great, but i feel there’s huge potential in using tags for oneself, too?
Jonny LeRoy: yup – when you’re using them for yourself you can set your own little rules that get round some of the hierarchy problems. overloaded tags – with more than one meaning can get confusing in a social context, but personally it’s much easier to manage how you refer to things. also the ability to add tags together – so you can search on multiple tags creates an ad hoc structure.
Loose Wire: yes. i’d love to see TWs let you choose a selection of tags and then display the matches… oops, think we’re talking the same thing there…
Jonny LeRoy: yeah – I’d been meaning to put that in place, but haven’t had a moment 🙂
Loose Wire: is that going to happen? all the various TWs are now under one roof, is that right?
Jonny LeRoy: Yeah – Jeremy Ruston – who started it all off seems to be managing things reasonably well. and pulling together different versions. there was a bit of a branch with the GTDWiki which got a lot of publicity.
Loose Wire: is that a good way to go, do you think?
Jonny LeRoy: it’s a weird one, because it’s not like a traditional open source project with code checked into CVS. so versioning can be quite hard. but it’s also one of the beauties of it – anyone with a browser and a text editor can have a go.

Loose Wire: i noticed the file sizes get quite big quite quickly?
Jonny LeRoy: a lot of that is the javascript – if you’re just using it locally then you can extract that out into another file. that makes saving and reloading a bit quicker. the file will grow though with the amount of data you put in.
Loose Wire: is that tricky to do?
Jonny LeRoy: no – you just need to cut all the javascript – put it into a new file and put in an HTML tag referencing it
Loose Wire: how much stuff could one store without it getting unwieldy?
Jonny LeRoy: That really depends on your PC / browser combo – how quickly it can parse stuff.  if you were going to want to store really large amounts of data then you might want to look at ways of having “modules” that load separately.

Loose Wire: is it relatively easy to turn a TW into a website/page?
Jonny LeRoy: yeah – couldn’t be simpler – upload the file to a webserver … and er … that’s it. it does rely on people having javascript enabled – but 99% do. one issue is that since all the internal links are javascript search engines like google won’t follow them. but google will read the whole text of the page if it indexes you

Loose Wire: where do you think this TW thing could go? do you see a future for it? or is it going to be overtaken by something else?
Jonny LeRoy: Definitely – the company I’m working at right now (ThoughtWorks) have used it for a major UK company . they used it for a simple handbook for new people
Loose Wire: oh really? excellent!
Jonny LeRoy: really simple to use and quick to navigate – it got pretty good feedback. I see more people being likely to use it personally on their own pcs though. I use it to keep track of things I’ve got to do or have done. the dated history bit is really useful to work out what was going on a couple of weeks ago.
Loose Wire: the timeline thing?
Jonny LeRoy: yup
Jonny LeRoy: I can also see new TW like products coming out for managing tasks better – an equivalent of tadalist on the client side. beyond that it’s a good thought experiment in how datadriven sites can work. the server can push the data in some structured format to the browser and then the browser uses TW like technology to work out how to render it.
Loose Wire: yes. … [however] i feel a lot of people like to keep their stuff on their own pc (or other device, USB drive, whatever). not all of us are always online….
Jonny LeRoy: exactly – the wiki-on-a-stick idea is great. you can stick firefox and your wiki on the usb key and off you go
Loose Wire: yes, very cool…
Jonny LeRoy: The next step is then to have the option to do some background syncing to a server when you end up online
Loose Wire: do you think more complex formatting, layout and other tasks could be done? and could these things be synced with portable devices?
Jonny LeRoy: the portable devices question is interesting – it really depends on how much javascript they’ve got on their browsers. there’s no reason why it’s not possible, but there are more vagaries of how the functionality is handled
Loose Wire: javascript is the key to all this, i guess….
Jonny LeRoy: it’s a bit like the web in the mid 90s where you didn’t have a clue what people’s browsers would support. it’s actually having a bit of a comeback. many people just see it as a little glue language to stick things together or move things around ….. but it’s actually really powerful – I discovered more of it’s dynamic possibilities while playing with TW. the best thing about it for me is that anyone who’s got a modern browser can run javascript – there’s no extra install.

Loose Wire: yes, making the browser an editor is a wonderful thing… what sort of things do you think we might see with it?
Jonny LeRoy: I’m not sure what new thing we’ll see, but we’ll definitely see the things we use the browser for already getting much better and smoother. the user interaction is starting to become more like working on a locally installed application.

Thanks, Jonny.

How To Cut A Long URL Short

(This post was originally made a few months ago at the loose wire blog. As part of efforts to streamline Loose Wire’s online activities, the material at loose wire cache is being moved to the blog. A list of the resources can be under either the Resources list in the sidebar or the Resources category, also in the sidebar.)

A way to turn long URLs into short ones, so you can paste links into emails without them wrapping (and therefore becoming unusable) etc etc. In most cases you just visit the site, enter the URL you want to abbreviate, and hey presto! you get a new short URL that should last forever. (A lot of them can be added to your browser toolbar via Javascript which makes the whole thing even easier.)


This is not yet exhaustive; much of this list is from notlong.com, which compares their features.

Are Blogs The Future Of Web Design?

Have blogs changed our idea of what constitutes a well-designed webpage?

I was reading Wired’s interesting piece on guerrilla webpage redesign, where disgruntled folk take the content of a badly designed website and make their own mirror, throwing out the Javascript, cookies, confusing menus, bugs, excessive art-junk for a slimmed down, simplified imitation on their own server.

While the piece talks about the trouble these folk go to, and the trouble they land up in, I couldn’t help noticing that David Jone’s excellent makeover of Wales’ National Assembly website is basically a blog. Everything is there from the original, but it’s all a lot easier to navigate and much easier on the eye. But it looks, feels, and walks, like a blog.

Are blogs turning the huge ship that is the World Wide Web back to its roots, where webpages were less about glitz and more about content, where simplicity and usability counted for more than multimedia interactivity and gee-whiz mouseovers? Or not? Or did it all happen a long time ago and I only just notice?

Phishing Gets Proactive

Scaring the bejesus out of a lot of security folk this weekend is a new kind of phishing attack that doesn’t require the victim to do anything but visit the usual websites he might visit anyway.

It works like this: The bad guy uses a weakness in web servers running  Internet Information Services 5.0 (IIS) and Internet Explorer, components of Microsoft Windows, to make it append some JavaScript code to the bottom of webpages. When the victim visits those pages the JavaScript will load onto his computer one or more trojans, known variously as Scob.A, Berbew.F, and Padodor. These trojans open up the victim’s computer to the bad guy, but Padodor is also a keylogging trojan, capturing passwords the victim types when accessing websites like eBay and PayPal. Here’s an analysis of the malicious script placed on victims’ computers from LURHQ. Think of it as a kind of outsourced phishing attack.

Some things are not yet clear. One is how widespread this infection is. According to U.S.-based iDEFENSE late Friday, “hundreds of thousands of computers have likely been infected in the past 24 hours.” Others say it’s not that widespread. CNET reported late Friday that the Russian server delivering the trojans was shut down, but that may only be temporary respite.

What’s also unclear is exactly what vulnerability is being used, and therefore whether Microsoft has already developed a patch — or software cure — for it. More discussion on that here. Microsoft is calling the security issue Download.Ject, and writes about it here.

Although there’s no hard evidence, several security firms, including Kaspersky, iDEFENSE and F-Secure, are pointing the finger at a Russian-speaking hacking group called the HangUP Team.

According to Kaspersky Labs, we may be looking at what is called a Zero Day Vulnerability. In other words, a hole “which no-one knows about, and which there is no patch for”. Usually it has been the good guys — known in the trade as the white hats — who discover vulnerabilities in software and try to patch them before they can be exploited, whereas this attack may reflect a shift in the balance of power, as the bad guys (the black hats) find the vulnerabilities first, and make use of them while the rest of us try to find out how they do it. “We have been predicting such an incident for several years: it confirms the destructive direction taken by the computer underground, and the trend in using a combination of methods to attack. Unfortunately, such blended threats and attacks are designed to evade the protection currently available,” commented Eugene Kaspersky, head of Anti-Virus Research at Kaspersky Labs.

In short, what’s scary about this is:

  • we still don’t know exactly how servers are getting infected. Everyone’s still working on it;
  • suddenly surfing itself becomes dangerous. It’s no longer necessary to try to lure victims to dodgy websites; you just infect the places they would visit anyway;
  • Users who have done everything right can still get infected: Even a fully patched version of Internet Explorer 6 won’t save you from infection, according to Netcraft, a British Internet security company.

For now, all that is recommended is that you disable JavaScript. This is not really an option, says Daniel McNamara of anti-phishing website CodePhish, since a lot of sites rely on JavaScript to function. A better way, according to iDEFENSE, would be to use a non-Microsoft browser. Oh, and if you want to check whether you’re infected, according to Microsoft, search for the following files on your hard disk: kk32.dll and surf.dat. If either are there, you’re infected and you should run one of the clean-up tools listed on the Microsoft page.

How To Cut A Long URL Short

Nothing that new here, but I thought it useful to point out: A way to turn long URLs into short ones, so you can paste links into emails without them wrapping (and therefore becoming unusable) etc etc. In most cases you just visit the site, enter the URL you want to abbreviate, and hey presto! you get a new short URL that should last forever. (A lot of them can be added to your browser toolbar via Javascript which makes the whole thing even easier.)


This is not exhaustive; much of this list is from notlong.com, which compares their features.

Update: Protecting Your Castle

 Further to my column this week about protecting your computer in the Far Eastern Economic Review, (subscription required), here as promised is the full email from Brian Johnson of Centerbeam. It’s an excellent primer.
Jeremy, thanks for the invitation to send you something about protecting computers viruses, worms and other exploits.  I?I’ve spent some time with the engineers here and have come up with a checklist of the steps people can, and should, take to protect their computers. 
So, maybe the best way to describe the overall strategy of protecting your computer is to ask you if you saw Lord of the Rings: The Two Towers.  If you did, you?you’ll certainly recall the siege on Helm?Helm’s Deep, the ancient fortress of Rohan.  The castle was built with several nested layers of defense.  When the Orcs broke through one layer, the army inside fell back behind the next layer of defense.
And this is the best approach to computer security and protection:  Build several layers of defense so that, even if one layer is compromised, another layer is there to protect you. 
Layer One:  Stop Problems Before They Reach Your Computer
       Turn off Your Computer When You Aren’t Using It
It?Helm’s very tempting these days to leave your computer on and attached to your always-on broadband connection.  Don?Don’t.  Turn off your computer when you leave your home.  Quite simply put, if your computer is off, it can?Don’t be hacked.
       Disposable Email Addresses
When doing commerce on the net, use a one-use, disposable email addresses.  This cuts down on spam, and especially spam that might carry a virus or worm with it.  Jetable.org is a good source of these addresses.
       Use A Firewall
Windows XP has a built-in firewall, but if you aren’t?Don’t on XP, or want an additional layer of protection to stop threat from ever reaching your computer in the first place, then try ZoneAlarm. 
       Turn Off Remote Services
Go to Start -> Settings -> Control Panel -> System -> Remote and turn off the remote assistance and remote desktop.  This will help prevent someone from hijacking your computer.
       Scan Your System for Vulnerabilities
Microsoft provides a free security tool called the Microsoft Baseline Security Analyzer, it can be used identify vulnerabilities, and how to fix them, quickly.  There are also a number of 3rd party security scanners available.
These five practices will help prevent viruses and worms from ever reaching you.
Layer Two: Immediately Identify and Stop A Risk When It Arrives At Your Computer
       Virus Protection
If an exploit makes it past your firewall, there?Helm’s still a way to stop it.  By now, hopefully, everyone has some sort of virus protection program installed on their computer.  If not, invest in a high-quality program such as the one offered by McAfee.  But do remember one thing, virus protection programs tend to look for the threats it knows to look for.  McAfee is constantly looking for new threats and regularly sends out updates.  Be sure to set up your virus program to automatically check for updates otherwise new exploits will not be caught.
Layer Three: Don?Don’t Allow Exploits to Work
If an exploit makes it past your firewall and your virus protection program, there?Helm’s still another level of defense:  Don?Don’t knowing allow the exploit to work.
       Get Your System Patches Up-To-Date
The easiest way to do this on a Windows XP system is to go to the System Update control panel and make sure this function is turned on and that it is checking daily for new updates.
       Turn Off Unused Services
If you do not need a particular service, (like File and Print sharing, etc.), disable them.
Disable Java, JavaScript and ActiveX if possible.  (Internet Explorer -> Tools -> Advanced)
       Don?Don’t Open Unknown Email Attachments
Pay attention to the email that hits your inbox- and don?Don’t click on it as soon as you receive it.  Don?Don’t open suspicious attachments (especially with file extensions such as .vbs, …exe, …bat, .wsh) and get in the habit of first saving all attachments, scanning them with anti-virus program before you execute them.
Layer Four: Find Out When Things Go Wrong
       Install An Alarm
Remember, many security measures depend on advance knowledge of what does and does not constitute a threat.  A finally line of defense is to set an alarm that will let you know when damage is done. 
A company called Tripwire makes a product that constantly monitors the critical system files on your computer and alerts you when they?they’ve been changed.  The idea here is two-fold:  It is the last perimeter of defense as it does let you know that something has made it past all the others and has started wrecking havoc. It also identifies the damage so you know what to repair. 
Layer Five: Be Able to Escape
       Boot Disk
The current exploit that?Helm’s on the loose has been known to complete crash a system so that it can?Don’t even be booted.  This is a reminder that it?Helm’s a good idea to create a boot disk, something you can boot the system with and at least recover your undamaged files.  To make one, right-click on your floppy drive and follow instructions.
It?Helm’s always a good idea and one more honored in the breech than in the observance ? like flossing.  Traditional back-ups onto removable media are time and task intensive.  And most people don?Don’t follow through on this best practice by keeping their back-ups someplace other than next to their computer.  A very good alternative is to do on-line back-up through a service like Connected.  This makes the process easy and, your data is someplace secure. 
Finally, resign yourself to the fact taking these steps are part of the price we pay for the convenience of personal computing.  In this day and age, it is inevitable that your system will come under attack.  So, you can pay the price now, or someday regret that you didn’t?Don’t.
Thanks, Brain.