I have been having fun with jQuery for a while and found it a truly state-of-art Javascript library. It’s got many good non-intrusive designs and incredible behaviour predictability. I figured one day that I was reluctant to do DOM manipulation when I was asked to do some SIMPLE proof-of-concept javascript hacks. I certainly hate jQuery in a way that it makes me so lazy, you know, people sometimes feel more secure with better knowledge of the underlying mechanisms but I just can’t help forgetting them.

Anyway, while I am lovin’ jQuery, I always thought I had an reliable omnipotent library, the mighty Dojo Toolkit (”Hallelujah“!) , and that really made me feel secure as if I am backed with it so that if I ever found something can’t be tackled by “lightweight” libraries like jQuery, I can go and grab Dojo and attack the problems with Dijits and Dojox.

“…Maybe the team lead is travelling in a space shuttle between galaxies…”

However, as the title of the article suggests, it doesn’t seem to be the case any more. I haven’t looked into Dojo for a year, but last time I used it it still had one of world’s most promising cross browser dynamic graphic feature, with a lot buzz on a higher level charting engine as well. Yet after year, I figured the current chart engine doesn’t even support custom labelling meaning it will only show 1 - oo on the x axis. What can you achieve with such a limitation? Is it really hard to add a feature simple as that in?  I didn’t give up right away but rather googled for related discussions, and I did, cool, you may think just like I did. Well I found too very similar ones, both of which one of Dojo’s team lead had replied to promising the issue will be written in a few weeks, doesn’t sound too bad eh? The posts were 1 year apart in time, i.e. the first one was in 2007 with the promise that it was going to be done in a few years yet it’s still not there by now. Maybe the team lead is travelling in a space shuttle between galaxies so the time he sees is slower. That’s fine and cool but I certainly won’t be able to live to the pointer when he returns.

Okay, so I can’t use Dojox charting now, but I did some low level dojox.gfx before. How about we go and check that out? Go to the API tool, it’s got a much better interface now with eye-comforting dark gray and nice gradients. It also lists class properties, methods and namespaces in separate sections prefixed by type specific icons. Nice. Yet for most of the classes, there weren’t a single line of words describing what do the functions do or how they should be used, basically in the same state as years ago. Dojo had been behind in documentation since the beginning however it’s not improved after ages. Even the Ajax bubble is about to break yet they still haven’t done their job.

I also checked out Dojo Spotlight, a showcase of projects which adopt Dojo to implement front-end effects. I see few really inspiring ones and many had terrible look and feels.

I am not so sure about what happened to the organization of Dojo but I was pretty disappointed. I felt kind of lost because it doesn’t back me up that well as it used to be so I think I shall take it off my list and hopefully it can hit back sometime later.

I came across with this video when I was checking out the Facebook API.

I think he looks nervous, somewhat at the time…..even though there were stories of how he overslept the meeting with Yahoo! last year, but there is nothing to blame.

I recently updated my Facebook password because my password was reset by Facebook for some unknown reason. This incident alerted me of security levels of my passwords. I was pretty much using the same passwords for many of my most important emails but also on some doubtable websites, even though they all claim they will not share registration information with anyone else.

Risks

• Increasing number of phishing sites. Phishing refers to websites which mimic designs of some popular website and asks users of the authentic website to “log-in” to the site. They would then store the credential and use them for malicious purposes;
• Increasing risk of cross-domain scripting attack. Along with the exposure of Ajax, cross-domain-scripting has gained more power and browsers can be tricked to send cookies of some domain to illegitimate domains, exposing important information in cookies to third parties;
• Reusing same id name across all websites. In the past few years many specialized web applications have been built and the Internet has become more heterogeneous. These new web apps offers service like no others. Even though they all provide APIs for other people to access their function, up to now, users still need to have register at all places. Keeping user names consistent is certainly what most people would like to do during registration. Therefore, if someone has gained the username and password pair of someone from one site it uses, it can be reused, sooner or later, on some others, or at least, as a great heuristic guess.

Schema

To guide myself in choosing password during registrations, I’ve created the following diagram to show the level of seriousness in selecting password strength for different accounts on the web.

Highest Level - Frequently Used Emails

We shall use the most complex passwords for these services and never give them to anyone else. These are fundamental online identifications which may help you reset passwords of other services in the case of password breaks.

Second Highest Level - Essential Favorite Web Apps

For some of famous and well-respected web services, we may use a looser password, but still contains variations of cases and character sets.

Second Lowest Level - Not-So-Trustworthy Websites

Some blogs ask users to register before they can post comments. This is okay since they may be victims of spam themselves. Many blogs are well-respected and they offer great contents. The authors don’t really care about your password but simply want to block unfriendly visitors. But the problem is some of those bloggers may not be able to take care of their user info, especially for those non-technical bloggers. If someone hacks through their database and get all the information about you, the damage can be significant. It will happen sooner or later, on some of the blogs. So it’s good to be prepared before hand.

Lowest Level - All Other Websites

If you are visiting some websites with crappy designs, you may need to think carefully before you give away your common password to them. Or any other websites which claim you’ve won a great fortune, stay alerted and calm. Everyone knows they are malicious and deceptive, when they are thinking about it clear-minded.

Misc

A strong password is usually at least 8 character long and would consists of letters in lower or upper cases, numbers, and even punctuation.

There was a meeting today but I wasn’t able to get to my office before meeting starts, and so I decided to connect to my remote computer from home to attend the meeting. Soon I realized that I chained four computers by “remote desktop”-ing from one to another. Here are the details:

Notation:

• Computer A - Laptop at Home
• Computer B - Desktop at Home
• Computer C - Desktop at Office
• Computer D - Laptop at Office

Facts:

• I didn’t bring D home last night
• My home phone is far away from B
• VPN is installed on B, but NOT on C

Limitations:

• To connect to C remotely, I must have VPN client installed
• To connect to D using remote desktop, I must be from intranet
• The meeting requires D and any phone

Solution:

1. 1. I dialed VPN from B connect to C. But I realize that I cannot reach the phone from B;
2. 2. So I turned on A positioned close to the phone, and connect to B with Remote Desktop. Next I found I actually need to connect to the meeting server from D;
3. 3. From A, in the Remote Desktop window connected to B, I tried to open another Remote Desktop connection to D. But D only accepts request from intranet and thus B’s request is rejected;
4. 4. From A, in the Window showing B, I connected to C using Remote Desktop;
5. 5. From the Remote Desktop Window just opened on C, connect to D using the third Remote Desktop.
6. 6. To make it worse, we actually used net meeting for screen sharing and so I was connected to another Desktop from D.

FON ARRIVED!!! More coverage soon!!!!

Have some FON - WIFI 2.0!