Litmus – Web Page and Email Testing Platform

Today I heard about the impending launch of the new incarnation of the SiteVista web page and email testing tool ‘Litmus‘. A quick email later and I got myself a shiny beta invite and took it for a spin (thanks Paul).

There are some screen shots up on the SiteVista blog which give a fair impression of the kind of thing we are talking about here. Some of the features that might not be so obvious from the screen shots are such things as test versioning, public access/collaboration control, the ability to save browser combinations, multi-user collaboration, test histories and I’m sure a whole load of other stuff that I am yet to discover in my limited noodling…

Having tried a couple of the other tools of this ilk (Browsercam, Browsershots, Browsrcamp) I would say that Litmus will definitely ‘raise the bar’ in terms of features, UI and performance.

So… keep your eye on the SiteVista blog and expect some action any day now…

Disclosure: I have worked with the gentlemen of Salted but I am a man of morals and wouldn’t post something here that I didn’t mean.

Beware of GMail not enforcing an SSL connection…

I’ve just been reading this: TG Daily – Point and click Gmail hacking at Black Hat (thanks for passing that on Al)

Basically, if you aren’t logging into GMail using SSL then someone can grab your cookie and replay it. Well, that is pretty obvious if you are familiar with how all that kind of thing works and of course, I only log into GMail using SSL in fact, Google enforces this. Oh… actually, now I look it doesn’t enforce it at all…

If you enter the url mail.google.com it automatically redirects you to https://mail.google.com and all is well. But if you log in and then close your browser, re-open it and enter it again it takes you straight to http://mail.google.com presumably passing the unencrypted cookie along the way.

Opening up your e-mail is not good, especially when you consider the alarming wealth of sites that still send password reminders as plain text which are all sitting in your mail archive along with those that send your full credit card number when you get an order confirmation.

GMail works perfectly well if you add the all important little ‘s’ into any of its URLs so why don’t they just enforce it and save us the bother?

Clicking more than once may charge your credit card multiple times…

I bought some tickets from the Royal Liverpool Philharmonic Hall (that sounds like I’m all very cultured but, sorry to disappoint, they were for a pirate fancy dress party). At the checkout I was confronted with this:

Jeysus… Come on. It’s the 21st century for heaven’s sake. Surely this problem has been dealt with before?

Well, yes it has. The common solution is to disable the ‘Buy’ button using JavaScript in its “onclick” handler (or change its text or some such thing). This is probably what I would have done but it has the problem that it falls over if JavaScript isn’t enabled and will incur the wrath of Uncle Dave… You could argue that those without JavaScript enabled probably number less than 10% and then only a tiny fraction of those are going to be trigger happy so it solves the problem more or less. To complement that you could provide a big red warning as above and hide it with JavaScript as the page loads. This would mean it is displayed to those without JavaScript and would be hidden from those with it. This probably fits in with the Unobtrusive JavaScript mantra.

A more meaty non JavaScript solution is to put some sort of form id into a hidden field in the form on the server side when it is first rendered and then store it when the order is first received. Then only process orders that have not already been received. This works but the problem that arises is that after the second, erroneous, click you have to deal with where the user is redirected to so you need to be able to retrieve the order using the hidden value to allow the next page, confirmation or whatever, to be properly served (I can’t use served in this context anymore without thinking of South Park). This requires a bit of thought as the order may not have been processed when the second click is ‘received’ so you may not yet have an order to work against.

So, has anyone else got any bright ideas or should those with an itchy trigger finger be left to suffer the duplicate order fate of their own making?

‘Be’ Internet – Very Nice Indeed

I have been on the case of changing my ISP for a little while now. I have had a Pipex Business package for a few years, latterly at 2mb and haven’t had any problems to speak of. My only issue is that 2mb is the fastest service they provide to business customers and I’m seeing at least 8mb all over for the same price or less that I have been paying (£26).

So, I had a look around and spotted ‘Be’ which offers downloads of up to 24mb and uploads of 1.5mb (you can get up to 3mb up I think but I didn’t go for that)… I asked around and found that David Smalley had taken the plunge and he seemed happy enough. I signed up…

Well, today it finally arrived. All went smoothly and I only lost my connection for a couple of hours.

Nuff said…

Liverpool GeekUp and the new Upcoming.org

I just discovered that the new Upcoming.org site has been released and very nice it is too. The first feature I used was to change my location to Liverpool rather than London. I’m not a particularly practised Upcoming user but I’d never managed to tame the ‘metro’ thing on the old site.

With my location changed to Liverpool I was pleased to see the Liverpool GeekUp spring up on the ‘front’ page.

We’ve had a Manchester GeekUp for a good while now but Stuart and I thought it was about time we got a Liverpool version going and with Andrew’s blessing we have done.

So, on the last Thursday of every month we will be holding a ‘GeekUp’ at 3345 Parr St in Liverpool, from 6pm onwards. If you have an interest of any description in all things Internet and are local to Liverpool, come along…

Yahoo – you gotta love ’em

Having heard about the release of Yahoo Pipes I was keen to have a look at what it was all about as it certainly sounded the business. Unfortunately by the time I got around to paying them a visit earlier this afternoon the site was down.

I just thought I’d have another look and the url is currently displaying this:

You’ve gotta love ’em…

Free Anti-Virus, Anti-Spam and Redundancy for Small Business Email

Sorry about the mildly sensational title but I haven’t posted for a while and my traffic is going down the pan so I thought I’d spice it up a bit. That isn’t to say I’m not going to tell you how mind…

Just to get the acknowledgements out of the way I didn’t think of this all by myself but had it suggested to me by Steve at Convex IT. I thought it was a good idea so here’s what you do.

Lots of small businesses run MS Exchange or more likely MS Small Business Server at the end of an ADSL web connection. This is fraught with problems not least of which are managing anti-virus and spam and coping with the inevitable loss of connectivity. I looked around a while back for some sort of back-up mail server service but didn’t find much around.

What you need to do is:

• Set up a Google Apps for Your Domain account which give you e-mail services on your domain
• Create a catch all mail address in there
• Point your domain mx record at the Google address
• Point your mail server at Google’s

Voila… you now have Google filtering your spam, checking your mail for viruses and holding on to your mail if your Internet connection goes tits up.

Your mail might not arrive quite so quickly as it did and this also isn’t going to be the best for large numbers of users but for small companies I think it is a good idea.

There will be those, you know who you are, who will question why there is a need to run a server at all instead of just using Google corporate mail. I think there are probably lots of reasons, having all company e-mail stored locally, shared folder, calendar sharing (I know Google has a calendar but I’m still not sure it is up to Exchange’s features quite yet.)

Update on the IE7 Security Flaw

According to Microsoft it doesn’t have one. Apparently, the security issue that I talked about the other day is actually in Outlook Express but can be exploited through Internet Explorer.

That’s OK then…

Run Internet Explorer 6 & 7 together on the same machine.

Web designers need to test their sites on a number of different browsers and one of the big gripes about IE7 is that it doesn’t allow you to leave IE6 on your machine when you install it. The same is true for IE6 and IE5.5, IE5 etc…

Well, here’s how you do it.

UPDATE: After writing this post I realised that the method below is fraught with problems not least of which is the fact that whilst it looks like IE6 I think it is actually using the gubbins from IE7 and it is really slow and buggy anyway. I have since discovered a standalone version of IE6 that is definitely IE6 and actually works… Download it here. I have left my original post below for posterity. Apologies to those of you that wasted your time dicking around with my original instructions…

ANOTHER UPDATE:  Yousif has got an installer that ‘installs’ all previous versions of IE back to 3 as standalone applications. He also gives a couple of registry edits that affect things like conditional comments etc.
<crap>

Before installing IE7 make a copy of the installation directory of IE6 which is usually at C:/Program Files/Internet Explorer. Leave the copy in your Program Files directory and name it Internet Explorer 6 or for that matter whatever you fancy, “Dennis” for example.

After installing IE7 if you run iexplore.exe from your Internet Explorer 6 directory it will just start IE7, unless that is you follow these steps.

Create a new text file called iexplore.exe.local in your Internet Explorer 6 directory. Make sure that you have renamed it correctly and not iexplore.exe.local.txt as this, funnily enough, doesn’t work. (disable “Hide extensions for known file types” in Tools/Folder Options/View if you haven’t already.) The iexpore.exe in your v6 directory will now open up IE6…

</crap>

This is old news but I thought I’d resurrect it in light of the new release of Internet Explorer and the fact that people on the beta forums were still complaining about the lack of support for mulitple versions. It obviously isn’t old news to them.

There are a number of sites detailing how to run IE7 in standalone mode leaving IE6 as it is but I think that is a bit arse about face. You want to install IE7 and have the old version(s) in buggy standalone mode surely…

This works with previous versions of IE which Peter-Paul Koch has kindly hosted for you here along with a list of issues when using this technique.

Internet Explorer 7 Vulnerability

IE 7 was released today and within seconds there was a vulnerability released by Secunia. There are two sides to this…

First, heads are going to roll at Microsoft I would have thought because of all of the ‘we waited forever to get all of this out of the door to make sure it was secure’ hype we have had from them for a while. The last thing they need prior to the release of Vista, which incidentally does not suffer the vulnerability with IE7, is what will undoubtedly become a high profile vulnerability on the day IE7 shipped.

The other side, which makes me sick in some ways… I would bet my left teste that Secunia knew about this vulnerability during the beta and yet, rather than disclose it to Microsoft, as technically they should if they were using the beta, they waited until minutes after the release was announced to tell the world. What does Secunia stand to gain in undermining Microsoft’s security reputation, like it needed undermining in the first place.

I don’t know… You tell me.