betweenGo

Image optimization is an art that not many people master. There are many good image editing tools that allow us to get the best visual result for a certain file size but “under the hood” a lot more optimization can be done.

Smushit.com is a service that goes beyond the limitations of Photoshop, Fireworks & Co. It uses image format specific non-lossy image optimization tools to squeeze the last bytes out of your images - without changing their look or visual quality. You’ll get a report of how many bytes you can save by optimizing your images and all the changed images as a single zip for download.

Smush it comes in different flavours:

• You can upload a bunch of pictures in your browser
• You can provide us with a list of image urls or
• You can get a Firefox Extension to optimize the images found on any web page

Saving bytes has never been so easy - you point us in the right direction, and we’ll do the rest for you. A ZIP archive with optimized images will be generated for you.

New from the Yahoo Performance team.

Takes your image(s) and makes their file size as small as possible: converts GIF to PNG8, throws out JPG metadata, etc.  Does not make JPGs more lossy; the results look exactly the same.

Install the Firefox plugin and you can hand it a URL — and when it’s done, it’ll give you a ZIP file of all the images from that URL in reduced form.

Our Travel page, for instance:
Smushed 12.97% or 30.14 KB from the size of your image(s).
I’m actually pretty pleased we are “only” 30KB over.  I’d have thought it’d be more.

Our visitor HIW page:
Smushed 30.48% or 51.16 KB from the size of your image(s).

This is from my friend, Chris Weekly.

I think it is necessary for us to be precise when we talk about “security popups” as there are many different kinds.

Some of these are always preventable, some are unavoidable in certain scenarios, all vary according to the browser version and its user config.

Anyway here’s a kickstart:

1. SSL Certificate Warnings (various) - Triggered on HTTPS URL’s on domains with an expired or self-signed certificate. 
2. Insecure Content Warnings - Triggered on HTTPS URL’s when the page contents embed references to HTTP resources (images, iFrames, stylesheets or scripts).
   This is preventable by proper JSP/taglib usage. Note it is ok for links to use http:// even in https:// pages as they’re not automatically followed.
3. HTTPS to HTTP Redirection Warnings - Triggered when an HTTPS request triggers a redirect to an HTTP URL.
   This is unavoidable in some scenarios but should be avoided by design whenever possible.
4. HTTP/HTTPS Switch Alert - Triggered when simply navigating from HTTP to HTTPS or back.
   This is out of our control, but most browsers don’t have this on by default, and users tend to turn this global setting off after seeing it once or twice (on any site) as it’s so common and harmless.
5. Content not under this site’s control (New) - Apparently resulting from the recent Microsoft security patch.
   I believe this is triggered by scripts which are not on the same domain as the page requested.
   This is most likely to arise w/ 3rd-party tracking pixel-related scripts.  Needs more investigation.

   Update: I may have made an incorrect assumption that it related to recent MS security updates; it might instead be triggered by attempts of javascript on one domain to interact w/ the page on another domain. Which script and whether this is in fact the root cause of #5 is TBD. 

There are others but I think these are the main ones we’ve been dealing with lately.

Thanks,
Chris

I read this article on Slashdot, Gmail, SPF, and Broken Email Forwarding?, which explains how email forwarding to Gmail and possibly other service providers may sometimes silently fail.

Background: Like many people, I have me@mydomain.com as my public facing Email address. When Email comes into my server, I forward it to me@gmail.com. But since my friend has published SPF (Sender Policy Framework) records that say only his server is allowed to send Emails for friend@frienddomain.com, gmail apparently rejects (silently buries actually!) the Email since it is forwarding through my server. Please note that this is exactly what SPF is designed to prevent — spammers from sending Emails with your address — but it breaks forwarding and has other problems.

I also do what the author above talks about, i.e. I forward the email for my various domains to my various Gmail accounts.  Hopefully this is not an issue, that no one who emails directly to my domain email addresses is using SPF.

One proposed solution by a Slashdot poster makes sense, use Google apps.  Fortunately this is available for free on Dreamhost, my web host, and is easy to set up.  I might try it later.

Is there another solution?

Yes, of course. Have all your email sent to Google in the first place! You don’t have to switch everything over to the Google app tool, you can just set MX records for your domain pointing to them, and collect it all (or forward it inside or outside Google.) It’s free (with a paid version available.) Check it out here Smart apps for email, documents, sites and more

Those guys at Facebook sure are smart. Here is an online presentation titled Needle in a Haystack: Efficient Storage of Billions of Photos.

Jason Sobel, the manager of infrastructure engineering at Facebook, … explains how Facebook efficiently stores ~6.5 billion images, in 4 or 5 sizes each, totaling ~30 billion files, and a total of 540 TB and serving 475,000 images per second at peak.

Slashdot | How Facebook Stores Billions of Photos

Often I find myself wondering what version of Adobe Flash or Shockwave I am running. Here are some useful pages for doing that.

• if you’ve installed Flash and/or Shockwave
• what version of Flash you are running
• install Flash
• install Shockwave

One day I might try to figure what is the difference between Flash and Shockwave, when I actually care.

Chris Weekly says Google Doctype looks like “a new, excellent resource for keeping up with webdev tips and tricks, browser compatibility issues, etc.”

Documenting the Open Web

Browse Google Doctype

Google Doctype is an open encyclopedia and reference library. Written by web developers, for web developers. It includes articles on web security, JavaScript DOM manipulation, CSS tips and tricks, and more. The reference section includes a growing library of test cases for checking cross-browser and cross-platform compatibility.

Google Doctype is 100% open.

• Open source
• Open content
• Open to contributions from anyone

This PC World article describes how to optimize Firefox for broadband. Another site verifies that these changes are a good idea.

I haven’t noticed a change yet but it seems like a good idea.