Jonathan Weiß

... I have ever owned:

The previous MacBook was a pretty good machine, but still here are some aspects that got even better:

• it seems to have much more efficient fans or cooling system: it takes longer until the fans reach a rotation speed at which they are audible.
• the new LED backlit display is significant brighter and more colorful than it's predecessor.
• it uses the iSight adjust the display brightness according to the ambient light.
• it ways noticeable less.
• the multi touch gestures are really nice (I finally can use them - yay!) and I think I will use them a lot when I work without a mouse connected.

I am so happy with this excellent piece of art. :-)

On Wednesday, the 29th and Thursday the 30th of October you will have the opportunity to meet some of the qooxdoo developers at the AJAX IN ACTION in Mainz, Germany.

• Fabian¹ will speak about the new widget and layout system and how to use it in his presentation "Moderne GUI-Entwicklung im Web mit qooxdoo" (english title "Modern web GUI development with qooxdoo") on Wednesday from 11:45 to 12:45.
• Andreas¹ will take part in the panel keynote together with other experts to answer non-everyday questions from the audience on the same day from 14:00 to 15:00.
• I will be around on Wednesday as a visitor as well. Alexander¹ will be there on Thursday.

I am really looking forward to this event, especially as I will have the opportunity to see a friend of mine, Golo, in action. ;-)

¹ We added a profile for ever developer on our core developers site, so check it out!

http://www.google.com/googlebooks/chrome

On Thursday we finally rolled out the best qooxdoo release off all times.

Within the last 13 months 26 developers made over 6,000 commits to our SVN repository and crunched 294 bugs. This all resulted in an effort of more than six man-years.
This release is not only the one with the most changes but also the best tested and documented one.

For this version we focused on two domains: the GUI Toolkit and the Tool Chain.
The GUI Toolkit is a complete rewrite of our old system built on top of a low-level DOM layer. This layer is designed to be replaceable: how über cool would it be to render widgets in SVG or Canvas once the technology is ready? ;-) The layer can be used stand-alone to provide generic and normalized access to the DOM and browser objects.
Another important point is the enhanced support for designing widgets. We added a container that lays behind the widget itself and can be filled with various content to draw borders, shadows, backgrounds and more.

qooxdoo 0.8 Demo Brower

Our Tool Chain is not Makefile-based any longer and does not require a bunch of Unix tools. The only requirement for the new Tool Chain is Python, which comes bundled with all good operation systems and can be installed easily under Windows.
There are many benefits from this new system (e.g. automatic generation of CSS Sprites, integrated internationalization support and easy editable JSON-based configuration files) which are essential for developing and deploying enterprise applications.

If you have not already done so, this is the perfect time to start working with qooxdoo. ;-)

Some people thought that this should had happened earlier after my (second, I dare to say) switch to the Mac, but it happened not until last week: I switched to TextMate as my main editor.

I have been using Eclipse for nearly three years now — and it is a really great development environment — but there are just to many stumble stones that prevent me from working the way I usually do. For instance, every once in a wile I can not type an more or even scroll through my code as Eclipse is busy updating the workspace. Perhaps it has just found the cache folder and tries to index its content – I can only guess.
However, the real pain-in-the... was the interaction with SourceForge.net's SVN services. I do not want to start writing about it, because it would only end in explicit blogging, so just have a look at this collation of screenshots:

Eclipse problems...

TextMate is fast, handy, works as "it should" and is fully-loaded with lots of time-saving and customizable features. This is the first time I thought someone has thought well during developing an editor. Just take a look at these three four features which just make so much sense:

• Select some text and enter " and the selected texts gets surrounded be with ".
• The cursor position or currently selected text is stored for every document.
• The tree's open elements are saved automatically and restored when opening a project.
• The project-wide search uses a cache.

TextMate just rocks!

There are many pages with detailed information about what makes TextMate the superior editor, but I want to concentrate on facts and features that are important for me and increase my productivity or enhance my workflow.

Features

• Bookmark handling
• Execute shell commands
• Snippets
• Folding
• Source control handling

Shortcuts

• Search (in project) as you type
• Show file in project
• Show file in finder
• Go to symbol
• Quicksearch
• Cycle through opened documents

Did I mentioned how fast it is and how few memory it consumes? ;-)

Here are some of my settings (basically optimized for qooxdoo development):

My files

• Color set (based on IR_WHITE)
• qooxdoo snippets
• Regular expression to ignore folders

Just download the demo and try it on your own. You will not be disappointed. :-)

Greetings! On Friday we released qooxdoo 0.8-beta1 one day delayed to our schedule due to some SVN problems our host sourceforge.net had to fight with. The general performance still is not on a good level, but at least we can continue working.
Anyway, this release came shortly after the last one but still offers many nice features and lots of new stuff to play with. ;-)
As we are eating our own dog food we started porting applications to 0.8 to gain experience in migrating applications and also to test the framework with real-life operations. The Demo Browser and API Viewer already have been ported and the Testrunner will follow soon.
This release includes many new features as Focus Roots and the Text Selection API.
You will find detailed information, as usual, in the release notes.

May the source be with you! :-)

I have always been interested in web security since web applications offer a big attack surface and I am personally fascinated by the creativity and passion the attackers show.
Therefore you will read much more about security on this blog in the near future. ;-)

Yesterday I visited a dissertation arranged by the Java User Group Karlsruhe in the building of the University of Karlsruhe. Software Architect Patrick Schemitz from Netpioneer GmbH talked about Web Application Security Auditing.

Here are my notes:

• In case of non-targeted attacks, your server or application does not have to be absolute secure, just more secure than others. ;-)
• The German Federal Ministry has defined an interesting security layer model (PDF, german).
• Parallel to this layer is the layer of responsibility: from IT services over software developers to the end user.
• Techniques
  1. Server
     • SQL injection
     • Code injection (buffer overflow)
     • SMTP injection
  2. Client
     • Cross side scripting
     • Session hijacking
     • Session riding
• Demos
  1. Server
     • PHP: register_globals, eval()
     • Perl: system()
     • SQL: two queries are build on one, skipping code by using a SQL comment
  2. Client
     • Reflected XSS: Manipulate input through URL to poison HTML sent from server
     • Persistent XSS: Manipulate input which is stored on server and can be delivered every time
     • Session hijacking if session data is stored in URL
• Counteractions
  1. Do not trust the user input.
  2. Filter input in different ways for database and frontend.
  3. Avoid eval() and system().
  4. Search for dangerous files (backups with different file extension, test files etc.) in the webserver's document root.
  5. Security analytic tools do not find many holes.

Yesterday we released qooxdoo 0.8-alpha2. This is another important step forward to the 0.8 final. The release does not offer many new features (most new features are ported widgets), but a polished and improved APIs instead.
My personal favors are the newly introduced sub-control handling and state inheritance. You can see the latter in action in the Spinner demo inside the demobrowser. If you toggle the button labeled "Custom style" the Spinner's child widgets will inherit the state from its parent and get styled as defined in the theme.

Be sure to read the release notes for details.
Happy coding. :-)

Today's hidden gem is a little extraordinary: it is not about a browser technique and it is only available in Firefox with installed Firebug extension. But I expect my target audience having a Firefox as butter and bread tool (thanks for this phrase, Thomas ;-)) fully loaded with extensions and custom settings...

The gem is a search able list which contains all JavaScript files used in the current document. This is perfect if you need to set or modify breakpoints or just want to get a quick overview about the used scripts in the page. If you are dealing with a large amount of JavaScript files, this list is absolutely useless and it gets worse if you are dealing with long paths. And here comes the search able feature in the play: just start typing in the open list and only matching file names are shown.

JavaScript files names containing "queue"

... just rock!

Yesterday they announced Diablo 3 at the 2008 Blizzard Entertainment Worldwide Invitational in Paris!

Screenshot from the gameplay video

Here are some facts I figured out.

• Five different characters (all in male and female version) can be played.
• A new, inhouse developed 3D engine is used together with the Havoc Physics engine.
• You will be able to return to Tristram.
• The game will offer an interactive environment that can be modified (e.g. destroyed) by the player or scripts.
• The new version of the Battle.net (which will be introduced together with Starcraft 2) will be used for Diablo 3.
• It will contain more than 100 different monster classes.

For more information check the official FAQ.

Diablo 3 is the other game beside Duke Nukem Forever that I can not wait to be released. :-)