BlogMKE

Most of us have been in the situation where you spend a good chunk of time writing a form for a client – adding fields, handling every miniscule conditional client request (“Can these three checkboxes only appear every third vernal equinox, after 0500hrs, and can they have a baby blue background? Thanks!”), cleaning and validating the data to within an inch of its life – only to get an email (sometimes within mere hours of making the form live) that goes something like this:

Dear web person:
Why have I gotten four emails from 7622uhdxx@gmail.com concerning time share opportunities in the Ozarks in the past hour?

Oh noes, you’ve got form spam.

“But I’m using both client and server-side validation!”, you cry. Yes, I’ve said the same thing to myself in these situations. Now, unless your particular form is a valuable target, like, say, I don’t know, one of the forms associated with the Facebook account creation process, you’re probably not dealing with an actual human being hitting your goods. No, the galley slaves of the 21st century probably have bigger captchas to fry than your little feedback form.

So, usually it’s safe to assume that you’re getting hit with a script – a script that’s learned a few things over the years. The first thing it probably learned was to ignore Javascript, so all the “return false” statements in the world aren’t going to save you. Well, what about server-side validation? Unfortunately, this script knows about required fields, and just to be on the safe side, it puts something in every input area you’ve got. Lastly, it knows what an email address looks like and knows how to populate the field labeled (conveniently) “Email” with one that passes your average regular expression.

It’s not looking good for our intrepid little form.

Sometimes, though, you can use a script’s own intelligence against itself. This is where all this canary nonsense comes in. A canary trap is a way to identify where a leak of sensitive information is coming from. If you create six versions of a classified memo, each one with an identifying characteristic, knowing where an information leak is coming from is would then be a matter of simply paying attention to which version of the information was leaked, and to whom that version was given.

Sort of similarly, a script isn’t going to read CSS. It doesn’t need to, as it’s not all that concerned with the elegance of your design. As mentioned before, it is kind of a brute, so it’s going to put data in every field, even in one that’s been hidden with CSS. So, the basic idea is that if your own form validation receives data from a field that a normal (non-script) user wouldn’t even be seeing, then you know something isn’t right. Knowing that, you can just kill the submission action and get on with your day.

So, add an input area to an HTML form and then hide it with CSS:

<span style="display:none;"><input type="text" name="canary"></input></span>

It probably doesn’t have to be inline CSS. Feel free to simply add the rule to your stylesheet.

And then use your language of choice for some server-side validation to catch whether or not something’s been put in your canary field.

<?php
if ($_POST['canary']) {
die('Oh no you didn\'t!');
}
?>

Obviously, you can call the input anything you want . . . like, Melvin. Call it Melvin. This method has worked pretty well for me so far. One does have to consider how this would affect legitimate users of screen readers, or people who, for whatever reason, aren’t seeing CSS. I think it’s a matter of graceful degradation. It’s not a required field, and a real person who actually encounters it is probably most likely to leave it blank anyway. It is more likely than not that this would not be an impediment to these legitimate users.

Just got done with a photo shoot to capture details of the newly opened Number9 Salon. The shots will be used on the new site as well as in future advertising. Not too shabby for 30 minutes of work. Check out all the photos here.

Peter over at Avenue A | Razorfish was kind enough to share a new campaign they’ve been working on for Wamu and I’m once again impressed. They’re leaping off the concept of “happily ever after” and turning it into a gorgeous pop up book. The art and animation on the book is REALLY cool, I’m loving the style and the pop outs are killer.

I can only assume that the dude (or dudette) in charge of marketing at Wamu is a pretty suave individual. It is nice to see a brand that is consistent without being boring. This is a new concept, but I get the same feel as I did from the Landing Page – this is a bank that can have a little fun, not take things too seriously and make the concept of learning about banking interesting and informative.

Only problem I have with it is the monster. Conceptually I get it, but I think it looks like an afterthought and doesn’t fit with the feel of the book art. Peter mentioned they will be working a little more on him before launch, so those could certainly be taken care of without too much work.

I really should be working, but when blogspiration hits (I just coined that, don’t steal it), you have to post. A few days ago I was looking at Memory, Dwelling, Ruins, an art installation at a house in Merrick’s Beach back in February. There were some REALLY cool pieces, a few of my favorites are below.

I am seriously digging on Robbie Rowland’s cross in the kitchen floor. For that matter, thematically I also really like Susan Jacobs’ deconstruction of the bedroom and Campbell Drake & James Carey’s deconstruction of the roof. There’s a video of Robbie Rowland working on the cross that disappointed me a little, I envisioned him cutting the cross one tiny section at a time and leaving it attached to the floor but he cut the whole thing out and then reattached it. Having said that, do yourself a favor and check out some of his other work – he likes to cut things into tiny shreds and dammit, its cool. I can’t begin to guess how Susan Jacobs did her piece, though, really amazing. Matt Morrow’s takes a second look for sure, all the objects in the room are made of wood.

Simon Cooper is a professor at Monash University that likes to be long-winded and say pompous shit, but he’s got a pretty thorough discussion of the installation as a whole over here. My favorite line:

“…a house whose presence as an emerging work of art was only possible due to its immanent destruction.”

That just struck me as really cool. Spoiler alert, I’m about to say some pompous shit now. Humanity reminds me a lot of an emerging work of art, not only possible due to its immanent destruction but largely due to its lack of awareness that the destruction is just around the bend. Even on an individual basis I think people themselves are slowly moving through their lives toward true art, with death waiting to laugh in your face just as you start to get a handle on things. The house is exactly that, moving ever closer to being something more than a house, probably happy as can be, bunch of company over sawing and painting things and so on only to meet the wrecking ball one week later.

I really hope I’m reading this article wrong.

“Google has begun beta-testing “Gadget Ads”–interactive applications that advertisers can embed into Web pages, which will add a rich media solution to the search giant’s suite of products.”

The absolute best part about AdWords was that Google took a huge leap away from the obnoxious, disgusting, awesomeness-of-the-web-killing trend in ads. Visit myspace to see exactly what I’m talking about. Anyway, Google decided that in addition to completely changing how advertisers pay for ads, they’d also change how they are displayed and introduce a completely new (and I mean completely, not just online) paradigm – subtlety.

Unless I’m reading this entirely wrong I believe they are introducing a way to make it EASIER for advertisers to “add flash, video, real-time feed, and transaction functionality to typically static display ads.” Wait, what? In other words, advertisers will now be banging out “hit the conductor with a rusty trombone for a chance to win” ads with lightening fast ease?

Here’s the bit that is sad. Check this:

“As rich media technology becomes more readily available, advertisers are increasingly turning to widget-like applications for solutions that don’t require users to actively search for content or click through to a landing page.”

Awesome concept. Reminds me a little of the Snocap integration to sell songs on myspace, kill the landing page and allow for content and transaction to occur wherever you are – nifty. Except, Snocap is an extremely focused integration, they sell only one thing, individual songs. With Google they are assuming that advertisers are responsible, innovative professionals that will create these awesome applications.

Call me a cynic (go ahead, seriously), but dude, you KNOW that 99% of people using the Gadgets will be creating completely obnoxious craptastic ads, allowing you to “throw your empty Bud bottle at your trailer park wife” for a chance to win. Please let me be wrong, please!

I totally bought Coda and while it is awfully shiny and nice, it is going to take a little getting used to. It also crashed a couple times right oughta the digital box, but an update seems to have taken care of that. Anyway, I e-mailed both support and Cabel directly about auto uploading to a server farm (in my indelible e-mail humor I actually called it a server petting zoo, since we only have 2). Anyway, he posted today about responding to support e-mail and said:

“Of the 1,748 e-mails we’ve received in the last week, I’ve replied to 1,638 so far.”

Well, guess what? My 2 weren’t responded to. They must hate me. I totally just whipped out a calculator to try to figure out what kind of percentage of hatred that is, but I’m so far removed from my education (or the diploma I Photoshop’d) that I can’t figure it out.

UPDATE

Damn, they both responded. I should technically delete this post, but like… I’m lazy. And I know a ton of people have direct linked it, don’t want to break the links you see.

I don’t have a lot to say about the Virginia Tech tragedy, mainly because I don’t feel like my two cents are worth much. Based on working on a residential campus it has certainly been a troubling thing to think about for me, but me talking about young people, gun control, video games, etc. just doesn’t seem right.

I do, however, feel as though I can talk about how Virginia Tech has handled the matter online. I’ve been watching very closely as the last few days have unraveled, as vt.edu is the only real way that the general public can have a connection to what happened. We have contingency plans in place for hurricanes here at Eckerd and have had to use several of them before, but I can’t even imagine trying to handle something like this. You just can’t plan for it.

The day of the shootings the homepage was redirected to an IP, my guess is that they did this so that they didn’t have to replace their homepage, they could instead just redirect to a copy of it on another server. The homepage contained only one small news story, a statement from the President and a few sparse links. Gone were Admissions, Academics, Student Life, everything. I thought this was exactly the right response, leaving your homepage as if nothing is going on sends a message and I think the fact that they were willing to drastically alter it showed that they were doing their best to respond appropriately.

On Tuesday more news stories and information about their convocation appeared, but the sparse links remained. They were updating extremely frequently, which again is to me the precise thing they should have been doing. I am sure their University Relations and Web Communications teams were working pretty much around the clock to control the one media channel they could control.

On Wednesday the homepage underwent another transformation into the screenshot you see above (click it for a larger view). Once again I think their team made an incredible decision in creating a memorial right there on the homepage. It is again primarily a source for news and information, but now contains the names of some of the victims, photographs from the convocation and the main links have returned in a footer. I really think this shows a great deal of respect and reverence.

Other related items of interest are the tragedy section, the convocation streamed live, and the higher ed outreach page.

It may seem odd to be analyzing web design, but this is the kind of stuff I think about at work. I don’t know that we would have been able to handle it as well as they did. I was quoted in Computerworld in a story about sms text messaging as a way to alert students to emergencies. I definitely feel as though our decision to purchase an sms system gives us a great advantage, but what didn’t come across in the article was my concern that there is no guarantee technology would have changed what happened – you’ve got to have a lot of infrastructure, good cell numbers and smart staff to know when to use it. Interestingly enough the day after that article was posted, a public relations staff member from Virginia Tech responded letting Computerworld know that they do in fact have a text messaging system and they used it. It is an interesting revelation because the blogosphere (ugh) has been rampant with people saying e-mail notification wasn’t enough.

Yeah, crazy, eh? I saw a nicely designed banner ad for WaMu today and actually clicked it. I think the last time I intentionally clicked a banner ad was in 1999. Anyway, I was really entertained by the landing page that the ad linked to for a couple of reasons. As a landing page should be it is short, focused and relates to the banner ad. But, they’ve also made a pretty clever little experience.

The concept is the personification of the banner ad and the landing page, which nothing new there, advertisers have been giving life to inanimate objects for ages. However, they’ve actually done this is in a really clever way.

Give the above a click, seriously, it is worth it. Once inside check out how when you rollover the reasons to apply you get a different amusing message from Landing Page. It looks like there are 3-4 per reason, so someone spent a long time writing these things. Some aren’t very funny, but for the most part I’m impressed. Here are a few of my faves:

“Look at you point that mouse! You’ve already mastered the basics of online banking.”
“I’m saving up for a new font – something bigger and bolder with cup holders and a sunroof.”
“Wherever you are, chances are WaMu is there. That would be creepy if it weren’t so convenient.”

So, I really didn’t want to have yet another blog that just points to other stuff. But, guess what? I’m pointing to stuff! I’m also pointing to something that happens to be old, like 2000 old. Lame.

This thing completely blew my mind on several levels and since I really like numbered lists, here’s one:

1. This was shot on mini-DV. Then effects were added, then every frame was printed out and photocopied (which ties in BEAUTIFULLY with the story) and shot again on 35mm. Needless to say it took 8 months to edit a 12 minute film.

2. This thing has a killer storyline! This dude works at a copy shop, and… wait, just watch the thing, ok? It really is a cool concept that is creepy and thoughtful and just works. You feel for the dude, so confused.

3. It looks old. Not just because the frames are photocopied, but the casting, the choice of sets, and dressing – it all works to create a nostalgic 20′s or 30′s vibe. Combine that with lack of dialog and a sparse violin centered soundtrack and you’re convinced you’re watching a classic.

4. They’ve got special effects! There are some really impressive effects for a short film. Check out how seamlessly they multiply the guy, replace outdoor set elements and create vistas from nowhere. Granted, knowing the final medium would be photocopy I imagine you can skimp a little on the details, but still impressive. You can check out a short making of movie here.

So, everyone and their uncle has already posted about the Get the Glass game. Everyone has already talked about how badass it is, how good it looks, how it is actually a fun game, blah blah. Seriously, though, this is one of the coolest, most well done things I’ve seen online in a REALLY long time. But, I don’t want to be everyone else, so here is my post on milk in two parts.

1. Dude, how much did that cost? There have been an amazing amount of companies putting out obscure, one-off, non sequitur sites of late and I have to wonder what they’re getting out of it. Just like what usually happens with a viral type of site or video or whatever they probably just get a spike in traffic – check out my more brilliant post on this topic for further discussion. The short of it is that I cannot see a real ROI for doing something like this. No doubt milk is enjoying some seriously good traffic and internets cred, but like, wouldn’t that only be good for them if instead of milking cows they built websites? If this was a portfolio site they’d be set. But no, they sell milk. And who buys milk? Mom buys milk. Will mom be standing in the soda aisle this coming weekend and say “Shit, you know what? I’m getting some milk. Yeah, that game totally ruled, I’m getting milk. Screw you soda!” The amazing part is that companies continue to drop what I can only assume is hundreds of thousands of dollars for stuff like this… I need to learn flash.

2. They did that shit with models! This seriously warms my heart. The island in the game is an actual, physical model. Check out more on that here. There aren’t a lot of details, but there are some awesome shots of the model which is really impressive. They did a killer job of combining the movements of a camera through a physical model with digitally created water, game board and the little van. This is some seriously complicated stuff and all just for a website. A website for milk! Crazy.