web notes - a blog

I think the near future of the web will focus more heavily on the technology than the functionality of sites.

Two areas will be extremely important, performance - meaning AJAX, and security.

The following URLs are distributing

<?php echo md5("just_a_test");?>

Some people use this code to explore web application vulnerabilities.

If you see these in your stats, you should check your server for anything out of the ordinary. It is possible these URLs are being used to scan your applications for vulnerabilities.

If you own one of these domains, you should check your server for anything out of the ordinary. You need to check the entire server, not just the posted link. It is possible your server is being used for unknown activities. Every PHP application should be checked.

http://honamfishing.co.kr/phpmysqladmin/libraries/nov/wulosu/
http://sans-packing.ru/img/jipeqap/ehudute/
http://www.channelnewsperu.com/imagenes/publicaciones/fotos/emesuki/ohuhud/
http://www.elettrodataservice.it/foto_articoli/pivafof/oqonon/
http://www.marsbook.co.kr/main/created/product/2/mumas/ohalupa/
http://www.municipioxii.it/sunnyway/igodoq/bukosud/
http://www.northfans.ch/forum/admin/settings/ocoyo/azad/
http://www.pattibus.it/phplib-7.2b/pages/godot/eridehi/&disp=single&more=1&c=1&tb=1&pb=1
http://www.stomol.ru/catalog/rivoz/vekudu/
http://www.thoseguysfilms.com/forums/templates/subSilver/images/timuji/ogu/
http://www.unduetretoccaate.it/codice/fog/iyi/
http://www.winbd.net/admin/jist_code/wowoz/opaxi/

If you are seeking professional assistance in securing your site and/or server, I recommend Breach Security.

The presence of a ‘just_a_test’ file on a server is not a reflection of the company that owns the site. It is not a known threat to PCs. That said, all PCs connected to the Internet should have adequate virus/worm/malware protection, updated as recommended.

Additional information this site (there are many excellent resources on the web as well):

http://web-notes.wirehopper.com/2008/03/01/cleaning-after-a-hack
http://web-notes.com/2008/03/27/md5-just_a_test

* Please note this list is not comprehensive, and the ‘just_a_test’ landscape is constantly changing. URLs listed may not be valid (meaning the file(s) was/were deleted). ‘just_a_test’ is only one of many creative web ventures.

Many web applications are integrating and interfacing with PC based applications. This trend will continue to grow, because the web is no longer a separate world where people post information, but a vibrant communications channel that must be kept current to be of value. At the same time, the web sites themselves are more complex, and even with powerful, easy-to-use applications, the ability to post and manage content with familiar tools is very valuable.

Look for these types of features in new applications and plugins (many exist).

• Blogging by email
• Saving word processing documents directly to web applications
• Offline editing with later synchronization (Google GearBox?)
• Drag and drop, desktop to web
• More content conversion utilities
• Greater standardization across all platforms
• Direct, dynamic multimedia connections
• Content delivery networks to reduce the cost of distribution

These are good investments.

Well-qualified people seeking work have two primary questions:

1. What will I have to do?

2. What skills should I have?

This translates into “who do you want?” and “what do you want them to do?".

Questions about the company:

1. Where is it?

Some people are very interested in benefits and compensation, but, unless there are special circumstances, those are really not as important. Special circumstances might mean that they may need really good health insurance to take care of a dependent, or a minimum amount of income to meet current financial obligations.

The location of the work is important, because, if they must go there everyday, it will have a major impact on their life.

Most people believe they are smart, and respect that other professionals are equally intelligent, whether they are recognized publicly or not. Most job seekers aren’t looking to work with people that describe themselves as ‘fun’. If someone is looking for a job, they are seeking a fair income, in exchange for a professional level of service. They aren’t looking for friends or fun.

When posting a job on the web, the following practices are valuable:

• Ensure the job title is appropriate
• Clearly describe the desired qualifications, especially those which you are not willing to compromise on
• Clearly describe the role and responsibilities of the position
• State the location, but don’t try to persuade people it is convienient. Convienience is relative.
• Ensure there is a link to your company site, so people can learn more

• Check the LinkedIn, FaceBook, and other public postings of your employees. Many candidates use these tools to find out what type of people work at your company. Be sure the posts are appropriate.

• Salary is always commensurate with experience.
• Avoid appearing desperate by running the same ads in the same places, over and over. People will assume there is a reason the position hasn’t been filled, or that the company has high turnover, and they won’t submit a resume
• The work environment means different things to different people. It is better to say nothing, and allow the candidate to form their own opinion during the interview, whether by direct questions or simple observation.
• If there are some very special benefits, it would be worth mentioning them. For example, free concert tickets, regularly, on-site daycare, telecommuting.
• If there are any off-hours responsibilities or shifts, be sure to state that in the ad
• Web professionals often submit URLs of recent work. Be sure to request them so you can review the work done. Candidates should describe their contribution to the project.
• Be willing to negotiate for benefits and wages if the candidate is a really good fit, and make that clear during the interview (not on the job post).
• Volatile companies with rapid growth may be perceived as risky, even if the growth is well-funded and the company is extremely successful. Avoid stating the position was created in response to growth, because rapid hiring may be followed in a few months with painful downsizing. Project an image of stability, so candidates feel they will have a secure position.
• Be humble. Most people have strong positive feelings about their company, but by the same token, there are many great companies, and many great jobs. The job post isn’t an ad, it is a request for team members.

To succeed as an open source company:

• Allow people to download, install, and run the code. There is no other way to evaluate software
• Offer a free version
• Revenue could be created by offering a more powerful ‘full’ version, by selling specialized modules, allowing removal of a license/copyright notice, support - both technical and end user, training, books and materials.
• Foster a community with forums, welcome contributions
• Choose a product carefully. No product can be everything to everyone. Even within the chosen market, be sure you can do an excellent job with your stated mission.
• Strive to keep hosting requirements simple. A good framework can be a tremendous help
• Partner with complimentary software toolkits, and integrate them in such a way that they can be reused within a site
• Provide a modular, extensible architecture so the application can be customized
• Separate the application and design, and allow multiple views into the application. Thus, web, modile, and applications can perform the same functions without application changes.
• Provide a robust documentation structure, online. Allow contributions from the community
• Present successful implementations of your software (links to sites), so people can see what it can do.
• Provide good upgrade mechanisms
• Connect with commonly used applications, such as OpenOffice and Microsoft products
• Offer a loose partnership program to help people find companies which support your product, but avoid complex agreements and fees.