Logged another 2.4 hours today. Flew a Cessna 172 from Sarasota out to Sebring with a friend for lunch. Unfortunately the restaurant there was closed for kitchen remodeling or something, so we flew down to Okeechobee instead. Had a decent hamburger with fries (the classic $100 hamburger as they call it). After lunch it was time to fly back to Sarasota. Air traffic wasn't too busy until later in the afternoon. Enjoyable flight overall.
As a ColdFusion developer I try to ensure my applications are as secure as possible against things like SQL injection and cross-site scripting attacks. However, the other side of my job as a network administrator requires that I also ensure the underlying infrastructure is secure (network, servers, etc.). Part of this is keeping ColdFusion updated and ensuring that any potential vulnerabilities are addressed or mitigated. In the past, this has been a tedious chore. I monitor the Adobe mailing lists and keep an eye out for new patches and install them when they become available. I ensure the ColdFusion administrator is locked down or redirected on sites that need the CFIDE mapping. The list goes on. A relatively new tool by Foundeo called HackMyCF is making my job a whole lot easier. This service acts as a vulnerability scanner which you can point at your web site. It will then test for various known ColdFusion vulnerabilities and deliver a report outlining what was found with helpful links to the proper patches that need to be applied. It even makes suggestions about removing the X-Powered-By and Server HTTP response headers. It will only e-mail reports to e-mail addresses on the same domain as the web site or check for a random filename it asks you to create to ensure nobody can scan your site on a whim. The tool comes from a highly respected member of the ColdFusion community, so I trust that they are not stockpiling the results of these tests over thousands of servers for future exploitation. If you have a ColdFusion server, consider running HackMyCF against it. You might be surprised at the results.
Google has released a new toy for the web developers among us to play with. They now have a new font API which can be integrated into any web page. The best part is that it's one line of code to add and you're all set. Just add this to the head section of your HTML document:
<link href='http://fonts.googleapis.com/css?family=Lobster' rel='stylesheet' type='text/css'>
Then, just specify one of their available fonts in your CSS styles wherever you want to use one of them, like so:
<p style="font-family: 'Lobster';">Some text</p>
Easy! One of the big complaints I've heard from both clients and other developers is that we're limited to a small subset of fonts that are available on everyone's computer. Just because a client has some fancy font they want to use doesn't mean everyone will have it available for the page to use. We've had to use the font within Photoshop and then save an image of what the text is supposed to look like. Usually a different font is desired for headings, and you don't want to replace your text headings with images because it will make the site unusable for people with screen readers and impact search engine rankings (unless you're using some fancy CSS image replacement techniques). With the Google font API, as long as the font you want is available through the API, you can use it without regard to whether or not someone has it on their computer.
I took a look at the CSS that Google's font API is generating and it appears that they are just declaring the font and using the src attribute to specify another URL where the font itself lives. The downside to all of this is that it adds several additional HTTP requests to the page load. First, there is the stylesheet call to go get the generated CSS for the fonts, and then another HTTP request to go fetch the font file after the CSS has been loaded. The technique has been around for a while (I once had a font made out of my own handwriting and used it on the web for a short period), but I haven't seen it used out in the wild very often (likely due to the license restrictions on attractive fonts). Now that Google is making some fonts freely available to use, perhaps we'll see some different typefaces out there in the wild more often.
Recent Comments