Web n.0

I think the near future of the web will focus more heavily on the technology than the functionality of sites.

Two areas will be extremely important, performance - meaning AJAX, and security.

just_a_test - Server sources

The following URLs are distributing


<?php echo md5("just_a_test");?>

Some people use this code to explore web application vulnerabilities.

If you see these in your stats, you should check your server for anything out of the ordinary. It is possible these URLs are being used to scan your applications for vulnerabilities.

If you own one of these domains, you should check your server for anything out of the ordinary. You need to check the entire server, not just the posted link. It is possible your server is being used for unknown activities. Every PHP application should be checked.

http://honamfishing.co.kr/phpmysqladmin/libraries/nov/wulosu/
http://sans-packing.ru/img/jipeqap/ehudute/
http://www.channelnewsperu.com/imagenes/publicaciones/fotos/emesuki/ohuhud/
http://www.elettrodataservice.it/foto_articoli/pivafof/oqonon/
http://www.marsbook.co.kr/main/created/product/2/mumas/ohalupa/
http://www.municipioxii.it/sunnyway/igodoq/bukosud/
http://www.northfans.ch/forum/admin/settings/ocoyo/azad/
http://www.pattibus.it/phplib-7.2b/pages/godot/eridehi/&disp=single&more=1&c=1&tb=1&pb=1
http://www.stomol.ru/catalog/rivoz/vekudu/
http://www.thoseguysfilms.com/forums/templates/subSilver/images/timuji/ogu/
http://www.unduetretoccaate.it/codice/fog/iyi/
http://www.winbd.net/admin/jist_code/wowoz/opaxi/

If you are seeking professional assistance in securing your site and/or server, I recommend Breach Security.

The presence of a ‘just_a_test’ file on a server is not a reflection of the company that owns the site. It is not a known threat to PCs. That said, all PCs connected to the Internet should have adequate virus/worm/malware protection, updated as recommended.

Additional information this site (there are many excellent resources on the web as well):

http://web-notes.wirehopper.com/2008/03/01/cleaning-after-a-hack
http://web-notes.com/2008/03/27/md5-just_a_test

* Please note this list is not comprehensive, and the ‘just_a_test’ landscape is constantly changing. URLs listed may not be valid (meaning the file(s) was/were deleted). ‘just_a_test’ is only one of many creative web ventures.

Connections - Part of the next web generation

Many web applications are integrating and interfacing with PC based applications. This trend will continue to grow, because the web is no longer a separate world where people post information, but a vibrant communications channel that must be kept current to be of value. At the same time, the web sites themselves are more complex, and even with powerful, easy-to-use applications, the ability to post and manage content with familiar tools is very valuable.

Look for these types of features in new applications and plugins (many exist).

  • Blogging by email
  • Saving word processing documents directly to web applications
  • Offline editing with later synchronization (Google GearBox?)
  • Drag and drop, desktop to web
  • More content conversion utilities
  • Greater standardization across all platforms
  • Direct, dynamic multimedia connections
  • Content delivery networks to reduce the cost of distribution

These are good investments.

How to attract good professionals with a job post on the web

Well-qualified people seeking work have two primary questions:

  1. What will I have to do?

  2. What skills should I have?


This translates into “who do you want?” and “what do you want them to do?".

Questions about the company:

  1. Where is it?

Some people are very interested in benefits and compensation, but, unless there are special circumstances, those are really not as important. Special circumstances might mean that they may need really good health insurance to take care of a dependent, or a minimum amount of income to meet current financial obligations.

The location of the work is important, because, if they must go there everyday, it will have a major impact on their life.

Most people believe they are smart, and respect that other professionals are equally intelligent, whether they are recognized publicly or not. Most job seekers aren’t looking to work with people that describe themselves as ‘fun’. If someone is looking for a job, they are seeking a fair income, in exchange for a professional level of service. They aren’t looking for friends or fun.

When posting a job on the web, the following practices are valuable:

  • Ensure the job title is appropriate
  • Clearly describe the desired qualifications, especially those which you are not willing to compromise on
  • Clearly describe the role and responsibilities of the position
  • State the location, but don’t try to persuade people it is convienient. Convienience is relative.
  • Ensure there is a link to your company site, so people can learn more
  • Check the LinkedIn, FaceBook, and other public postings of your employees. Many candidates use these tools to find out what type of people work at your company. Be sure the posts are appropriate.

  • Salary is always commensurate with experience.
  • Avoid appearing desperate by running the same ads in the same places, over and over. People will assume there is a reason the position hasn’t been filled, or that the company has high turnover, and they won’t submit a resume
  • The work environment means different things to different people. It is better to say nothing, and allow the candidate to form their own opinion during the interview, whether by direct questions or simple observation.
  • If there are some very special benefits, it would be worth mentioning them. For example, free concert tickets, regularly, on-site daycare, telecommuting.
  • If there are any off-hours responsibilities or shifts, be sure to state that in the ad
  • Web professionals often submit URLs of recent work. Be sure to request them so you can review the work done. Candidates should describe their contribution to the project.
  • Be willing to negotiate for benefits and wages if the candidate is a really good fit, and make that clear during the interview (not on the job post).
  • Volatile companies with rapid growth may be perceived as risky, even if the growth is well-funded and the company is extremely successful. Avoid stating the position was created in response to growth, because rapid hiring may be followed in a few months with painful downsizing. Project an image of stability, so candidates feel they will have a secure position.
  • Be humble. Most people have strong positive feelings about their company, but by the same token, there are many great companies, and many great jobs. The job post isn’t an ad, it is a request for team members.

AJAX for speed and polish

With a good toolkit (think dojo), AJAX can let you make a beautiful site.

One strategy I adopted was to use a dual delivery approach on the server side, so server side code can deliver either HTML or JSON. This allows you to reuse the server side logic.

Although I used custom code, with PHP 5.2’s json_encode function and Smarty, an even better implementation would probably be to wrap the delivery logic with a framework like Zend to completely separate the delivery form from the application logic.

There is a tremendous bandwidth savings, and the site interface becomes much smoother, since the only parts of the page that are refreshed reflect the content updates.

In addition, with a toolkit, there are often great widgets and features to create better and more powerful interfaces.

If AJAX will be used, the HTML architecture may need to be adjusted, so it may be worth building up a single page fully, prior to coding the remaining pages. A bit of server side logic can really help as well.