A selection of posts that originally appeared on some of my older blogs hosted at

“Everything you need is here”


A co-worker of mine just got back from the Webmaster Jam Session and relayed this metaphor for Sharepoint, Microsoft’s CMS/Portal/EBTKS-ware, which we have been evaluating:

Implementing Sharepoint is a lot like building a house. It’s like a friend of yours says, ‘I know exactly what to do.’ And, he drives you to a Home Depot, drops you off at the front door and says, ‘Everything you need is here.’

Paraphrased from Jared Spool

* This post was originally published on September 26, 2007 at

Gmail auto-aliasing, or yet another reason to signup for Gmail


I’ve been slowly updating all of my online accounts to use my new Gmail account. There are many things to love about Gmail (ease of use, labels, ginormous storage limits), but one of my favorite features is auto-aliasing.

Follow up:

Auto-aliasing for Dummies

First, some background. An e-mail alias is just another name for an existing e-mail account. It’s handy in situations where you want to have a bunch of different e-mail addresses, perhaps for business sake, but you don’t want to have to deal with the hassle of logging into or maintaining multiple e-mail accounts. So for instance, you might have a personal e-mail account like, but then have a bunch of other e-mail addresses like and, both of which you set up to aliases of the first. All three are valid, deliverable addresses as far as your e-mail server is concerned, but all three go to the same mail box, and thus mail to any of the three addresses can be picked up under the single “” inbox.

(Note to SMTP nerds: I realize that this is probably not a completely accurate technical description, but it will do for our purposes here.)

Ye Olde E-mail Aliasing Task

On most mail services that I’ve used in the past, setting up an alias is a time consuming process that must be done in advance. For me, it would usually involve logging into my hosting provider’s control panel, selecting the domain I want to manage, clicking the link to manage all of the domain’s e-mail accounts, clicking the link to manage the e-mail account I want to create the alias on, and finally entering the new alias. This usually took somewhere in the realm of 10-15 minutes depending on how slow the control panel was responding. Considering this, I usually avoided creating e-mail aliases.

Aliasing Made Easy with Gmail

Gmail’s auto-aliasing feature lets you create aliases just by specifying an alternate form of your address. For instance, if your Gmail address is usually, you could create an auto-alias just be using instead. (The technical term for this type of aliasing is Plus-addressing.) Gmail will ignore anything after the plus sign for delivery of e-mail, but you can still use the extra alias information to create filters, run searches, or, as I do, to find out what web services are selling your e-mail address to marketing agencies!

Alias Your Way to a Spam Free Inbox

Yup, now every time I enter my e-mail address into an online form I’ll use an auto-alias to help me identify the site that I used it on. Typically I’ll just use the web site name as the alias, such as If I start seeing a ton of spam to that address (which come to think of it is unlikely anyway given Gmail’s awesome spam filter) I can create a new filter to automatically delete any mail addressed to that alias, as well as cancel my account with the offending site, or at the very least write them a scathing passive aggressive note.

Web Developers Take Heed!

I’m about to get technical, so skip over this if you have no idea what a regular expression is…

One unfortunate obstacle to using Gmail’s auto-aliasing feature is that many web sites use e-mail address validation filters that mistakenly report addresses containing a plus sign as invalid. This is a side effect of the fact that most e-mail validation schemes typically rely on a basic regular expression pattern which can’t possibly test for all valid permutations of an e-mail address. If you’re going to use a filter to test for a valid e-mail address, all you can really do is make sure that there is an @ symbol, followed by domain name of at least two-characters, followed by a “dot”, and ending with a TLD of at least two-characters. Other than that, the only real way to test for a valid, deliverable e-mail address is to send it an e-mail and wait for a response.

A lay-persons conclusion

So, if you’re not using Gmail by now – why aren’t you? It’s free; It’s web-based so it’s available anywhere you have access to a browser; It’s secure (you can use an SSL connection for even more security); It has a great built-in zero-configuration spam filter (7715 spam messages caught to date with only a handful of false-positives); You can apply multiple labels to e-mail conversations to make it easy to find things later; It’s got a great search tool (it is a Google application after all); You can import mail from any other account that supports POP3 (which is most accounts, Hotmail excluded); and now you know all about how to use auto-aliasing for fun and profit!

As an added bonus

Oh, and if you use a Blackberry or other mobile phone+EBTKS device, you can download Gmail for your phone! Woot for checking Gmail from the road!

* This post was originally published on September 26, 2007 at

Differences in HTML 5 from HTML 4


Here’s a link for all my developer friends:

HTML 5 is still being drafted, but here is an early list of differences from the current HTML 4 spec. There is some very interesting stuff being proposed for this version. One thing that caught my attention early on is that the specification won’t be considered complete until there are at least 2 complete implementations of the draft – something very different from previous versions. Also, the input element will have a lot more choices for the type attribute available, such as date pickers and true combo boxes. It will be interesting to follow this through the draft process. And the specification will have two sets of guidelines – one for web developers/content writers and another for browser/user agent developers. (One reason why <font> is not dead in HTML 5)

In related news, the W3C is calling on all web professionals to participate in the HTML 5 discussion.

* This post was originally published on June 29, 2007 at

A note about synchronous xmlhttp requests and Firefox


Since I just spent the better part of Friday debugging this problem and then the better part of Friday night Googling for a work around, it’s worth noting that there is a “bug” in the Firefox implementation of the xmlHTTPRequest object when using it for synchronous calls (i.e. the rest of the script pauses and waits for the request to complete, unlike typical asynchronous AJAX calls). When using the xmlhttp object in a synchronous fashion, Firefox does not process the onreadystatechange handler. Thus, any libraries that are dependent on this (for running post processing functions for example) will fail to work under these conditions. Interestingly, having the Firebug extension installed causes the object to behave properly. So a secondary note is to always test your apps in a “clean” instance of Firefox.

Here are the details that I came across, along with a work around: Lukav’s Weblog » Blog Archive » Firefox firebug and synchronos calls problem.

I’ve also set up a set of tests to demonstrate the problem. Try in both Firefox and IE to see the differences.

* This post was originally published on June 5, 2007 at

A Few Things Worth Noting from the Web 2.0 Expo


I spent the majority of this past week attending the Web 2.0 Expo and Conference in San Francisco. The sessions were amazing and I had a really good time. I have an entire notebook full of notes that I need to transcribe, but here are a few of the more memorable things.

Application Delivery Systems – The CTO of Citrix talked about so-called ADS hardware components that can do everything from rules-based data filtering, data compression, TCP multi-plexing, dynamic caching, DDoS protection, and plenty more (price dependent of course). Some usage examples and results were provided by one of the guys from Foldera.

RSSBus – turn just about any data source into an RSS feed, including activity in a file directory, Excel spreadsheet changes, database query, etc. Installable on a network or via localhost. Runs as a small server using .NET framework. RSS feeds can be secured using standard NTLM methods. Single-point administration (no user-defined reports if using in multiple user environment). Reports can also be coded using just about any programming language: PHP Python, etc. Project generally based on Python.

mod_ndb – Apache module that allows querying a MySQL Cluster using HTTP 1.1 methods (get, post, delete). Cuts out the middle man (MySQL Server). Realizes most benefit when combined with a scripting language (such as cURL through PHP). Configured through Apache httpd.conf (no mention of support for htaccess) directives. Delivered with several output formats (JSON, raw), future release will support user-defined output formats. No built-in security, but could use other Apache auth mods (like mod_auth_mysql). Note that MySQL Cluster has many limitations of it’s own, and this is only relevant when using a multi-app-server/multi-Cluster setup. Interesting concept though. The slides will be online after next week’s MySQL conference. – The two founders gave an interesting talk on securing web applications. They detailed the concept of a Privacy Wall, which as one of them outlines on their blog means “don’t have any direct links in your database between your users’ “public” data and their private data. Instead of linking tables directly via a foreign key, use a cryptographic hash that is based on at least one piece of data that only the user knows—such as their password. The user’s private data can be looked up when the user logs in, but otherwise it is completely anonymous.” See blog link for an example. (Note also Wesebe’s Data Bill of Rights, which states that a users’ data is theirs to do as they please – including downloading or removing entirely)

Vulnerabilities 2.0 – Alex Stamos from iSec (white-hat security firm) gave a talk about the new vulnerabilities in web 2.0 applications (namely those using AJAX). Of special note, XSS attacks now include javascript-injection since many Ajax-enabled applications evaluate JS code directly. (Another session suggested using parse instead of eval, especially with JSON-like return structures) Also, no current Ajax-framework is secure out of box. Also, make sure to physically scan any code output from a client-side JS proxy interface (i.e. anything that transforms server-side code to client-side code) to be sure no administrative functions are being exposed. Don’t allow Ajax calls that change state using the same parameters for every user (e.g. “makeAdmin()” with no user id or other parameter).

The author of The 4-Hour Work Week gave a very short and very interesting talk (video link) about focusing on the few critical tasks rather than the trivial many. He also talked about outsourcing your personal life or anything else that would cost 50% or less of what it would cost you to do on your own. For example, if laundry takes you 4 hours a week to do and your time is worth A (total income/10k/2), then finding someone who can do it for B (A*4/2) each week is worth while. He applied this not just to personal tasks like laundry, but to menial business tasks such as writing reports, updating spreadsheets, etc.

I have plenty more notes, including from a few usability, design and mobility (“placelessness”) sessions. If you are interested in anything in particular, let me know. Otherwise I’ll keep posting excerpts from my notes once I’ve had a chance to transcribe them.

Oh, and in case you were wondering, “Web 2.0” is still very much undefined. To illustrate that, conference attendees got t-shirts saying “Web 2.0 is _______” with a spot to write in your own definition. Mine’s still blank. If it’s possible to define it after-the-fact based on the overall conference theme, Web 2.0 is about harnessing collective intelligence and the switch from surfing -> services, pages -> rich interactions, sites -> content experiences, and web masters -> everyone.

* This post was originally published on April 22, 2007 at

Go to Top