>HTML 5

>So I started looking at some of the new things available with HTML 5 by going through the slideshow found at Html5Rocks.  There’s some pretty cool stuff coming.  I don’t think it is that far away.  But it is definitely not immediate.  To prove that, just go to the site with IE.  The main HTML5Rocks site works in IE but the slideshow doesn’t.

The slideshow should work fine in IE once IE9 comes out.  But why do we have to wait?  Mozilla and Google managed to update their browsers to start supporting HTML 5.  Why can’t Microsoft do the same?  Why must we wait for IE9 (and then for adoption of IE9) before we can start taking advantage of many of the features of HTML5?  Seems to me that a position like that just slows down adoption of these great capabilities which will make development easier.  Making it even more ironic is that word is already starting to get out about how to add support for HTML5 to ASP.NET MVC (http://www.deanhume.com/Home/BlogPost/asp-net-mvc-html5-toolkit/29).

But I digress; I meant for this post to be about the new capabilities coming, not about Microsoft taking so long to support them 🙂

So, here are my favorite features coming with HTML5:

• The new input types for date, time, email, color, number.  Yes, many of these aren’t yet supported.  And the richest support is only in Chrome.  But when these come, it will be nice.  It will make validation easier and it will make things more consistent across web sites.  At least, once everybody starts accommodating the new types.
• Easy, easy ways to add audio and video to your site with the new audio and video tags.  
• The new CSS selectors will make lot’s of things easier.  And no more jQuery to get different backgrounds on alternate table rows!
• The TextStroke, Opacity, Rounded Corners, shadows and Gradient support is fantastic. Especially the gradient support.  I always hated the “hack” of using a 1px wide image to get a gradient color in a background.
• I can see the local storage changing the game a lot.  Today, if I have a multi-page “wizard”, I have to send and save the data on the server between pages.  With this capability, I could store the data locally and send it once when the user has hit a Save button making my process use less bandwidth and be a bit more crash proof.

I see no reason not to start using these features today.  Modernizr is a javaScript library that lets you know what features are and aren’t available in the current browser.  It extends that knowledge into CSS as well.  For example, if you want to have one background style if gradients are supported and a different one if they are not, you can code:

.cssgradients { /* Gradients supported by browser */

}

.no-cssgradients { /* gradients not supported by browser*/

}

This does mean some extra work when creating your scripts and your styles.  But it also means that you can take advantage of these new features and gracefully degrade them as necessary.  So the question becomes is the extra effort worth it?

I think it is.  

>Spam and Social Engineering

>I continue to be amazed not by the quantity of spam but by the social engineering aspects and how well it seems to work.  And how we tend to treat those people.

In my full-time job, part of my responsibilities are providing desktop support (we are a small shop so we all have a lot of roles).  In that role, I’ve seen how well some of these spam and nasty emails seem to work.  For example:

• We’ve seen a lot of “fake” retail invoices going out.  I’ve had people click on the links contained in those emails which take advantage of some IE holes and install some nasty software.  I’m personally surprised that the emails work even though there are issues with the email that make me spot it as a fake almost instantly. 
• We’ve had a few emails arrive talking about us being in violation of copyright.  The email is “sent” from a real law firm.  But again, the content of the email make me believe it is a fake almost instantly.  This email, in fact, has been a big enough problem that the law firm had to put a message on it’s website letting people know that they did not send the copyright violation email.

These instances got me thinking.  How am I able to spot these fakes but many other people can’t?  Granted I am a much more sophisticated computer user than most.  But why when I see the issues I think it is fake and many other people don’t draw the same conclusion.

For example, many of these emails were sent to an email address that didn’t match the name in the message.  For example, Jane Public would receive an email that was addressed to John Smith.  To me, this mismatch says to me “fake”.  But John Smith sees this and sends it to Jane Public because he is worried her order has a problem and she won’t know about it otherwise.

So, why do these types of emails work?  And what can we do to make them not work as well?

We’ve all given the “be suspicious of emails” talk.  Everybody has heard not to click on links in emails you don’t recognize.  So the spammers get around this by sending emails from places people do recognize.  When the email is from a place people do business with, many people will overlook minor issues and believe the email is legitimate.

How can we change the tools to help people identify a legitimate email from Amazon versus the fake?  The spam filters don’t catch them, at least not right away.  The mail programs display the email as legitimate.  The email looks legitimate.  But it’s not.  And the tools do nothing to help people identify these as fake.

We in IT don’t help the situation when we blame the user for clicking on these links.  We act like the people that click on these links don’t listen or don’t understand when we tell them how diligent they need to be.  If this problem was caused by another person instead of an email, we’d call the person who fell for the plea too trusting or gullible.  So why do we deride these people for believing an email that looks legitimate?