webdesignbook
 
Web Design Small Cover

See the book at amazon.co.uk or amazon.com

Related Books

Digital Media Tools Small Cover

See Digital Media Tools, 3rd ed. at amazon.co.uk or amazon.com

Digital Multimedia Small Cover

See Digital Multimedia at amazon.co.uk or amazon.com

MacAvon A Store

Visit our Amazon Associates Store

The authors are not responsible for the content of any external sites linked to from webdesignbook.org

All material on this site is ©2006–2007 MacAvon Media Productions and may not be reproduced without permission.

RSS | Atom

The Web Design Book Blog

PDFs on the iPad

If you have an iPad and want to be able to read our books on it, you can now do so easily. The latest versions of Apple’s free iBooks app can display PDFs as well as books in ePub format. An Apple knowledge base article describes how to transfer PDFs to an iPad either by email or, more conveniently, by syncing through iTunes, for reading in iBooks. The instructions are clear and concise, so I won’t repeat them here. You can buy PDFs of the individual chapters of Web Design: A Complete Introduction from the MacAvon Media Download Store. You then just have to import the PDF into iTunes, by dragging it to the Books icon in the iTunes library, and from there you can sync it to your iPad. Chapters from Digital Multimedia are also available, but only in lecturers’ course bundles, so if you are a student on a course that uses that book, you should encourage your lecturer to open a lecturer’s account and create a bundle. You will be able to buy the chapters he or she recommends and sync them to your iPad in the same way. If you are a lecturer at one of those institutions that are giving their students iPads, creating course bundles will allow you to provide them with our chapters in a form that can be read on their devices.

The books look good on the iPad. You can zoom in, see page thumbnails, add bookmarks and so on. Apparently, you cannot add notes to a PDF book, as you can to an ePub book, although it is possible that this will feature will be provided in a later version of iBooks.

The iBooks app can be installed on iPhones and iPod Touches running iOS 4, too, but the small screen size of those devices makes them less appropriate for reading our books. Unless you want to ruin your eyesight you will have to zoom in, so you won’t be able to see a whole page at a time. The book’s layout doesn’t really allow for that. At present, we don’t plan to create ePub versions of the books, because that format does not seem to be able to accommodate our material, especially the illustrations, well. However, we continue to investigate all possibilities for publishing and may be able to offer ePub for some titles in the future. In the meantime, we commend PDF as a format that can faithfully reproduce the printed book, and now that iBooks supports PDF, it provides you with a way of taking our books around with you on an iPad if not on smaller devices.

UPDATE: Further research reveals that Amazon's Kindle (2nd Generation and Latest Generation) and Kindle DX devices can be used in a similar way to display PDF documents. As with the iPad, you can email a PDF to your Kindle, using a special email address for the purpose, or just drag and drop PDF files from your computer to your Kindle's "Documents" folder when it's connected via USB. The Kindle's PDF Reader allows you to zoom and scroll.

You thus have at least two viable options for viewing PDF chapters from our books on mobile devices. No doubt, when the rumoured Android-based tablets appear, they will offer similar facilities.

— Nigel Chapman · 6 August 2010

Security Through Obscurity

A while ago I drew your attention to the way in which hackers are targeting the setup scripts of well-known Open Source applications. In particular, phpmyadmin is a popular target.

You might think that you could frustrate such attacks by changing the name of the directory in which the application is installed from the default, which normally includes the application’s name, making the target visible to intruders. Here is a recent list of URLs causing 404 errors on our server:

/MyAdmin/: 2 Time(s)
/MyAdmin/scripts/setup.php: 2 Time(s)
/PMA/scripts/setup.php: 6 Time(s)
/PMA2005/scripts/setup.php: 6 Time(s)
/admin/mysql/scripts/setup.php: 6 Time(s)
/admin/phpmyadmin/scripts/setup.php: 6 Time(s)
/admin/pma/scripts/setup.php: 6 Time(s)
/admin/scripts/setup.php: 6 Time(s)
/db/scripts/setup.php: 6 Time(s)
/dbadmin/scripts/setup.php: 6 Time(s)
/myAdmin/: 2 Time(s)
/myAdmin//scripts/setup.php: 2 Time(s)
/myAdmin/scripts/setup.php: 2 Time(s)
/myadmin/: 2 Time(s)
/myadmin/scripts/setup.php: 8 Time(s)
/mysql-admin/scripts/setup.php: 6 Time(s)
/mysql/: 2 Time(s)
/mysql/scripts/setup.php: 8 Time(s)
/mysqladmin/: 2 Time(s)
/mysqladmin/scripts/setup.php: 8 Time(s)
/mysqlmanager/scripts/setup.php: 6 Time(s)
/nosuichfile.php: 5 Time(s)
/noxdir/nosuichfile.php: 6 Time(s)
/p/m/a/scripts/setup.php: 6 Time(s)
/pHpMy/scripts/setup.php: 6 Time(s)
/pHpMyAdMiN/scripts/setup.php: 6 Time(s)
/php-my-admin/scripts/setup.php: 6 Time(s)
/php-myadmin/scripts/setup.php: 6 Time(s)
/phpAdmin/: 2 Time(s)
/phpAdmin/scripts/setup.php: 2 Time(s)
/phpMyA/scripts/setup.php: 6 Time(s)
/phpMyAdmi/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.10.0/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.10/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.4/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.5/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.6/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.7/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.8/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.11.9/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.2.3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.2.6/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.0/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.4/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.5/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.6/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.7/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.8/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.3.9/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.0/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.4/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.5/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.6/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.7/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.8/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.4.9/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.0/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.4/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.5-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.5-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.5-rc2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.5/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.6-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.6-rc2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.6/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.7-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.7/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.8/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.5.9/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-alpha/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-alpha2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-beta1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-beta2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-pl2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-pl3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-rc2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0-rc3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.0/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.1-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.1-pl2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.1-pl3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.1-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.1-rc2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.2-beta1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.2-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.2-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.3-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.3-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.4-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.4-pl2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.4-pl3/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.4-pl4/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.4-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.4/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.5/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.6/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.6.7/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.6.8/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.6.9/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.7.0-beta1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.7.0-pl1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.7.0-pl2/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.7.0-rc1/scripts/setup.php: 6 Time(s)
/phpMyAdmin-2.7.0/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.1/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.2/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.3/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.4/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.5/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.6/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.7/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.8/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.7.9/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0-beta1/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0-rc1/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0-rc2/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0.1/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0.2/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0.3/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0.4/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.0/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.1-rc1/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.1/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.2/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.3/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.4/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.5/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.6/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.7/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.8/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.8.9/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.9.1/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2.9.2/scripts/setup.php: 5 Time(s)
/phpMyAdmin-2/scripts/setup.php: 5 Time(s)
/phpMyAdmin-3/scripts/setup.php: 5 Time(s)
/phpMyAdmin-4/scripts/setup.php: 5 Time(s)
/phpMyAdmin/: 2 Time(s)
/phpMyAdmin/scripts/setup.php: 9 Time(s)
/phpMyAdmin1/scripts/setup.php: 5 Time(s)
/phpMyAdmin2/: 2 Time(s)
/phpMyAdmin2/scripts/setup.php: 7 Time(s)
/phpMyAds/scripts/setup.php: 5 Time(s)
/phpadmin/: 2 Time(s)
/phpadmin/scripts/setup.php: 4 Time(s)
/phpm/scripts/setup.php: 5 Time(s)
/phpmanager/scripts/setup.php: 5 Time(s)
/phpmy-admin/scripts/setup.php: 5 Time(s)
/phpmy/scripts/setup.php: 5 Time(s)
/phpmyad-sys/scripts/setup.php: 5 Time(s)
/phpmyad/scripts/setup.php: 5 Time(s)
/phpmyadmin/: 2 Time(s)
/phpmyadmin/scripts/setup.php: 9 Time(s)
/phpmyadmin2/: 2 Time(s)
/phpmyadmin2/scripts/setup.php: 7 Time(s)
/pma/: 2 Time(s)
/pma/scripts/setup.php: 7 Time(s)
/pma2005/scripts/setup.php: 5 Time(s)
/scripts/setup.php: 5 Time(s)
/sqladmin/scripts/setup.php: 5 Time(s)
/sqlmanager/scripts/setup.php: 5 Time(s)
/sqlweb/scripts/setup.php: 5 Time(s)
/vhcs2/tools/pma/scripts/setup.php: 5 Time(s)
/web/phpMyAdmin/scripts/setup.php: 5 Time(s)
/webadmin/scripts/setup.php: 5 Time(s)
/webdb/scripts/setup.php: 5 Time(s)
/websql/scripts/setup.php: 5 Time(s)

(In case you’re wondering, phpmyadmin is not installed anywhere on our server.)

Pretty much any obvious alternative name you might choose has been tried, not to mention nosuichfile (sic). So if you want to hide your phpmyadmin installation by using an obscure directory name, you really need to choose something that has no obvious connection with phpmyadmin, PHP, SQL, mySQL, databases or administration. Even if you install phpmyadmin into a directory called jamsandwich, though, you are not really making the installation more secure. Eventually, intruders will find a way of scanning directories looking for known patterns of files and sub-directories within them.

UPDATE: These attempted attacks went on for about a week, with some new possibilities being tried. In particular, on a couple of days, requests were sent for a phpmyadmin directory inside a wordpress directory, so you can't hide it there.

Your safest option is not to install phpmyadmin at all. Use the command line, or Rails migrations or their equivalent, if you can. If you need to administer the database through a Web interface make sure you keep the installation up to date so that known security holes are plugged, and choose hardened passwords or use certificates to verify logins. Make sure you have set the permissions correctly on all directories and files, and be sure to delete the configuration scripts as soon as you have set everything up. By all means obscure the directory name, but don’t call it jamsandwich. They might know that one now.

— Nigel Chapman · 28 July 2010

MacAvon Media Services for Lecturers

We are pleased to announce the launch of our Services for Lecturers at the MacAvon Download Store.

If you are a lecturer or instructor using, or considering using, one of our books in teaching a course at a university or other institution of higher education, you can request a free Lecturer’s Account, giving you access to the services for lecturers. At present, there are two services.

Lecturers can obtain free PDF copies of Web Design, Digital Media Tools and Digital Multimedia for evaluation or private use. This is an alternative to our publisher’s normal evaluation copy service. We hope our new service will be especially useful for lecturers in countries where it takes a long time for printed books to be delivered. (If you prefer your evaluation copies on paper, you can still request them using the form on each book’s support site in the normal way, or from Wiley’s own Web site.)

With a Lecturer’s Account at MacAvon Media you can also create what we are calling Course Bundles. A course bundle is a collection of one or more PDF documents selected personally by a college lecturer or instructor to recommend to students on their own course for purchase at a specially discounted price. Course bundles may include any number of chapters or other available documents, and may be a mixture of chapters from different books. When you create a course bundle you are provided with a unique URL (which ideally you should embed in your course support page), so that your students can go directly to the correct page to purchase the bundle you have created. Discounts are always applied to course bundles, depending on the number of documents included in the bundle.

We know that many courses using our books only need to refer to some chapters. Course Bundles allow students to buy only the chapters required for their course instead of paying for the whole book. As PDF documents, the chapters in a bundle can be read on a variety of devices, including mobile ones, and they relieve students of the physical burden of carrying around some fairly heavy books. For students in countries where purchase of books published overseas may be difficult or take a long time, PDF course bundles provides instant delivery of their course material. They also provide protection from the risk of malware associated with using bit torrents and from potential defrauding by the increasing number of sites which claim to offer PDF downloads of popular textbooks but require users to provide credit card details and pay a subscription or other fee. When students buy from MacAvon Media they are buying direct from the authors. If they purchase course bundles they have the added security of knowing that their lecturer has personally selected and approved the material they are buying.

Course bundles can include chapters from all three of our printed books. They are the only way in which chapters from Digital Multimedia can be bought in PDF form. Over the coming months we will be creating new material that will be available exclusively in PDF from the MacAvon Download Store. All such material will be available for inclusion in course bundles.

We must emphasize that Lecturers’ Accounts are only available to bona fide lecturers or instructors at recognized institutions, and we ask anyone requesting a Lecturer’s Account to provide some means of verifying their identity and status (either a current college Web page confirming their contact details and position, or a photo or scan of their college ID card). Regrettably, we must reserve the right to refuse requests if we are not satisfied that they are genuine.

We hope that many lecturers will find these services valuable. If you are a lecturer, we encourage you to find out more and request an account. (There is no charge of any kind, and we do not ask for any financial details.) If you are a student, and would like to be able to buy course bundles, please tell the lecturer on your course about our Services for Lecturers.

— Nigel and Jenny Chapman · 5 July 2010

Older