home comments edit

We bought a weed whacker this weekend, a $50 Black and Decker special from Home Depot.

I am the King of Weed Whacking.

And edging. I edged my whole lawn, front and back.

I’m telling you, more weeds were whacked than I can explain. There’s a whole section in our back yard that is/was a veritable weed forest, and that’s gone. Grass along the fence line - gone. And the edge of the lawn makes it look nice and crisp. First time we did that since we moved in.

Next up, a whole line of home improvements: The weed forest area (which is also, coincidentally, a drainage problem) is getting killed off and rototilled so we can put some wet-ground-friendly plants in there; the house is getting pressure washed and the trim will be repainted; and a sprinkler system will get put in to make sure we’re actually getting the thing watered correctly. Of course, none of that is cheap (particularly not the sprinkler system, and no, I’m not doing it myself, nor am I getting that friend of a neighbor’s buddy who happens to install sprinklers on the side).

web, javascript comments edit

In my feverish realization yesterday of how much interesting technology is coming out of seemingly nowhere, and in my desire to integrate FOAF, hCard, and every other up-and-coming data format into my ContactCard script, there’s something I totally spaced out on.

Cross-site scripting.

There is no way I can tell the ContactCard to get all the contact information from all these external sites because that’s cross-site scripting and the browser’s not going to allow it (or the user’s going to have to click a little dialog to OK the transaction).

Which brings me to another realization: AJAX is neat, but it’s not so cool if you want to do anything with data gathered elsewhere.

It puts a pretty severe limit on what you can push into the client and what you can’t. There seems to be this huge push to get things back in the client (the classic “centralize/decentralize” seesaw), but we’ve got this [justifiable] security barrier that’s stopping truly rich client-side web-based applications from working.

It’s so limiting. There are a lot cool services available out there - Amazon, Google, etc. - and I have to proxy the web service calls. Which means I can’t just stick the script on my site and call ‘er good.

So what now? Do I need to set up a web request proxy? Is it worth the bother?

Think about this - I can include script from other servers dynamically (through <script /> tags), I just can’t make separate requests for it. What if people stopped coming up with XML description formats and microformats and all of these other ways that I can’t access the data from the client and instead came up with data formats in JSON? (Yeah, I’m throwing away security on that one, but let’s ditch the practicality for just a second and think outside the box. You can shoot me down later.)

What about having a public, trusted service that provides known-object-to-JSON conversion? Something that knows how to proxy requests for certain known resource types and return the results in a JavaScript-interpretable format? If you did it right, you could ensure that the JSON object had any offensive script filtered out so you’d be reasonably safe.

How about this - let XMLHttpRequest make external requests for data but build into the JavaScript interpreter some way to flag the contents of the response so a person can’t just “eval” it because it’s not marked safe. If you really want to evaluate the response as script, you’d have to somehow copy the data to another variable or perform some other overt action, at which point it’s your own fault for being insecure.

Maybe you could be allowed to make requests to external sources, but only ones that return a valid XML document. Limiting, but not quite as limiting as what we’ve got today.

Or is AJAX just overrated? By the time I get my safe JSON object proxy, will we be back to storing everything on the server because the client is too bloated?

web comments edit

I didn’t realize what a can of worms I was really opening with the ContactCard popup contact information script I put out yesterday. And it’s not about the functionality of the script as much as where the script gets its data from.

In wanting to Get Things Done and get the script out there, the contact information that the script uses when it displays its information is actually stored in a JavaScript recordset that gets specified by the person setting it up on the web site. A good first step, to be sure, but we all hate maintaining contact information in multiple places - what if the script could read from external data sources?

In the last, like, day, I’ve become so much more vastly aware of these peripheral web development efforts that seem to be going on almost under the radar (and gathering some severe momentum).

First I learned about FOAF - Friend of a Friend - a way to specify contact information and relationships in a common XML format based on RDF. This sounded like a keen thing, especially in relation to the ContactCard script: wouldn’t it be cool to just say “user ‘tillig’ has his information stored over at such-and-such URL” and have the script automatically get that information for you so you don’t have to maintain it?

That didn’t seem like too much of a stretch, but FOAF seems to still be pretty young and changing, and it’d be some interesting work to do in creating a JavaScript FOAF document parser.

While thinking about that, I contacted Phil Haack, who cooked up a script that displays XFN (XHTML Friends Network) information. I thought he might have some input on how to best get this data or some ideas on other ways to retrieve centrally maintained contact information.

That’s when I really started getting into the notion of microformats and microtemplates.

Microformats seem to be, basically, the bastardization of existing HTML elements and attributes to describe information. hCard, a microformat for contact information that mimics the functionality of vCard, uses CSS classes to define elements for each bit of contact info being provided. (I do something sort of similar with the ContactCard script - I look for elements with a specific CSS class and those are the ones that get updated with the popup contact card behavior.) This is on a whole new level, though. For example, here’s a simple hCard with my name: <div class="vcard"><span class="fn">Travis Illig</span></div>

The XHTML Friends Network microformat is another one, using the “rel” attribute on links to specify the relation of someone else to you. (I’m not super convinced of the usefulness of this right now; it’s neat, but I’m having a rough time coming up for a really great use case.)

So I could use hCard as a data source, too. And write the parser for that, if there isn’t one already out there. The problem I see is that you can specify multiple hCards on a single HTML page… so how would I know which one to use?

From microformats, we move into microtemplates. Microtemplates are sort of like microformats in that they, too, change the meaning of existing HTML (CSS class in particular) to suit their needs. This time, though, it’s much closer to the idea of ASP.NET templates in data binding - you specify a set of empty HTML elements with specific CSS classes, then you use a microtemplate engine to take a set of data and bind it to the HTML element template. You can see a more concrete example of this at microtemplates.org.

I usually feel like I’m pretty up on web technology, but I gotta say, I feel blindsided. Like I just woke up and suddenly all this change just happened and I don’t know where I was. Interesting stuff, and I’m somehow just oblivious.

And I have mixed feelings about it. Was XML not good enough? Was it too specific? HTML always seemed to me to be predisposed to distributing non-structured data - is changing it to try to distribute structured data a good idea, or is it more like a square peg/round hole situation?

Regardless, I guess it’s time to jump on board. Here we go!

Recently inspired by a trip through Pragmatic Ajax and a look at Phil Haack’s XFN Highlighter Script, I decided to play around with the prototype JavaScript library and create a little pop-up contact information script.

What this allows you to do is specify the contact information for a given person including their name, email address, web site URL, a short description of them, and their Xbox Live Gamertag and have the contact info pop up automatically when you put your cursor over a link describing them.

To use it, you need to add the prototype library and the ContactCard library to the <head /> of your page. Then you define your list of contacts and related information in a separate script and add that - whenever you need to add, remove, or change contact info, you then just modify that separate script.

By adding the CSS class contactcard followed by a period and the ID of the given contact, the ContactCard script will automatically rewrite the page with the popup. If it’s a link, including XFN relationship information will automatically have that added to the contact card:

<a href="/" rel="me" class="contactcard.tillig">Travis Illig</a>

This works on any HTML element, not just links:

<span class="contactcard.tillig">Travis Illig</span>

The script will also automatically find links that have URLs matching those you have defined for contacts and will attach a contact’s card to those links without you having to do anything. (You can disable this behavior if you want.)

Full usage instructions, including how to customize the look of the popup card, are included. Check out the test page that is included for working examples.

Note 8/22/2014: There are better ways to do this with jQuery and Bootstrap now, but I’ve not bothered updating this script. You can still grab it if you like, but it’s totally unsupported.

Download ContactCard 1.2.0

Version History: 1.0.0: First release. 1.1.0: Added support for rendering XFN information for a link without having contact info attached. Fixed positioning bug. 1.2.0: Added option to automatically rewrite links that match the URL for a contact. Enabled by default.

I’m a reasonably easy-going person. Reasonably. And I’m all for folks who want to wear comfortable clothing. I, myself, am not a fashion plate by any means, usually opting for the jeans-and-a-screen-print-t-shirt look.

But there is something about flip-flops that I cannot fucking stand.

The slap-slap-slap of your sheer footwear incompetence echoes through my mind as you meander past. And you must meander, because it is impossible - nay, punishment - for you, the flip-flop wearer (or “flopper,” as you might be called), to move with any purpose. Should that happen, not only would the mindset of the laid-back shoe choice be contradicted, but the sheer physical torture of the harder, more frequent slap-slap-slap against the bottoms of your tender, tender feet would become too much to bear.

No, you must meander. Or you must shuffle, which is just as bad. The inability of many floppers to pick up their feet is something that scientific studies should be written on. Perfectly capable human being one day, utter sloth the next. The transformation is inexplicable.

It only makes it worse that people seem to think that flip-flops are a positive fashion statement of late. You know you’ve seen this one - gorgeous woman walking through the mall, a “10” on any scale, shirt that costs more than you make in a week, pants that fit perfectly, hair done up “just so…” And a pair of God damn flip-flops on her feet.

It’s a good thing I’m not single because flip-flops are grounds for instant disqualification. Flip-flops and smoking. In that order. Thank God Jenn doesn’t smoke and won’t wear flip-flops, I’d have to dump her ass like a used Yugo.

In fact, there are only four acceptable times at which you may wear flip-flops:

  1. You’re in the shower at the gym
  2. You’re walking on the beach
  3. You just escaped from jail and had to steal shoes from the closest convenience store
  4. You’re about to get arrested on Cops

All other times - no go. If you’re on the fence, save yourself. There are countless other models of sandal that you can take part in that won’t sacrifice your position in the eyes of humanity. Do not succumb to be a flopper.