So far most of the assignment is on track, but some of my plans haven’t yet been ticked off my list. For example I was hoping to include my own Google Adsence, but I could not get that to work. After a while it would not let me sign into my account!

Overview

• Historical context
• DOCTYPEs and such
• Can/should I use HTML5 now?
• The problem with browsers…
• Syntax
• Semantics
• The new (structural) elements
• HTML5 content model
• Audio, Video and Canvas

Historical context
Somewhere along the way, W3C lost sight of the purpose of web markup when they proposed the radical XHTML 2 – an attempt to move the web to XML. It envisaged a new web built with new tools – and is was not backwards compatible with existing web content. It’s as if they were mainly interested in the markup language itself and not with those who were going to use it (browser-makers and front-end developers). Things came to a head in 2004 when Ian Hickson proposed an extension of HTML which was rejected by W3C. Hickson and other rebels formed the Web Hypertext Application Technology Working Group (WHATWG).

WHATWG wanted a markup language that could be used to build web applications and not just webpages. They began developing Web Forms 2.0 and Web Apps 1.0, which merged to become HTML5. In 2006, W3C admitted that their approach just wasn’t working. Shortly afterwards, W3C issued a new charter for an HTML Working Group. They decided to use the work begun by WHATWG as the basis for the new specification.

For a while, W3C were developing two different and totally incompatible markup languages. But in 2009, they announced the end of XHTML2 development. Once the ambiguity was removed, web designers pounced on HTML5 as the “new kid on the block”. Both WHATWG and W3C continue to work on HTML5 but they are working together and progress has been faster than expected.

Partly as a reaction against the idealist nature of XHTML 2 development, HTML5 is a very pragmatic markup language. Rather than attempting to impose a new order on the web, it looks at what people are already doing and tries to codify it. The introduction of the <header> and <footer> elements are a good example of this. HTML5 development principles: Support existing content, Do not reinvent the wheel, Pave the cowpaths.

Doctypes
“…the doctype for HTML5 is very pragmatic. Because HTML5 needs to support existing content, the doc-type could be applied to an existing HTML 4.01 or XHTML 1.0 document. Any future versions of HTML will also need to support the existing content in HTML5, so the very concept of applying version numbers to markup documents is flawed.” Jeremy Keith HTML5 for Web Designers

• The HTML 4.01 DOCTYPE:
  <!DOCTYPE HTML PUBLIC » “-//W3C//DTD HTML 4.01//EN” “http://www.w3.org/TR/html4/strict.dtd”>
• The XHTML 1.0 Strict DOCTYPE:
  <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict //EN ” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>
• The HTML5 DOCTYPE:
  <!DOCTYPE html>

Content Type:
HTML5 aims to simplify markup, requiring only that information that is essential for the browser. For example, there is no need to specify a “type” attribute for the script tag because javascript is the only script type used.

• <meta http-equiv=”Content-Type” content=”text/html; charset=UTF-8“ />
  HTML5: <meta charset=”UTF-8″>
• <link rel=”stylesheet” type=”text/css” href=”file.css“ />
  HTML5: <link rel=”stylesheet” href=”file.css”>
• <script type=”text/javascript” src=”file.js”></script>
  HTML5: <script src=”file.js”></script>

Can/should I use HTML5 now?
It is not imperative to use HTML5 now. It is still new and some browsers do not support the new elements. HTML5 is not finished and may change. There are however plenty of reasons why you may want it now. It’s sexy, it’s got a better functionality, it’s future proofing your site and it’s (almost) got freedom from proprietary technologies.

The key difficulty in implementing HTML5 now is that older versions of Internet Explorer (those before IE9) do not understand the new HTML5 elements. The workaround is to use JavaScript to tell IE how to interpret them. This is best done using Remy Sharp’s lovely html5shiv, now hosted at Google.

<!–[if lt IE 9]>
<script src=”//html5shiv.googlecode.com/svn/trunk/html5.js”></script>
<![endif]–>

Syntax

Strict XHTML 1.0 syntax
<h2>Students</h2>
<p>Typically, our students fall into three groups…</p>
<p>See <a href=”/our-students/”>Our students</a> for more information.</p>
<img src=”/our-students/graduation.jpg” width=”552″ height=”413″ alt=”Graduation” />

Valid HTML5 syntax
<H2>Students</H2>
<p>Typically, our students fall into three groups…</P>
<p>See <A Href=”/our-students/”>Our students</a> for more information.</p>
<img src=”/our-students/graduation.jpg” width=552 height=”413″ ALT=”Graduation”>

Mixed upper and lower case tags and attributes, quoted and unquoted values, self-closing elements unclosed… …HTML5 has a pretty liberal syntax, however, we should still observe good coding practice. The strict syntax (top) also validates as HTML5. Most front-end developers agree that maintaining XHTMLs strict syntax in HTML5 is a good idea.

New Structural Elements
HTML5 has been designed to give web designers the tags they need to markup common page elements without needing to use id and class names

• <article> Defines an article
• <aside> Defines contents aside from the page content
• <embed> Defines external interactive content or plugin
• <figcaption> Defines the caption of a figure element
• <figure> Defines a group of media content, and caption
• <footer> Defines a footer for a section or page
• <header> Defines a header for a section or page
• <nav> Defines navigation links
• <section> Defines a section
• <wbr> Defines a possible line-break

Built-in Obsolescence
HTML5 aims to be backward compatible. Therefore there are no deprecated elements, only obsolete elements. This means that you can use obsolete elements, which your browser will still render, however your web page will be “non-conforming” due to the use of these. A list of elements that are obsolete: <frame> <frameset>  <noframes>  <acronym> (use <abbr> instead). Presentational elements such as: <font> <big> <center> <strike> are also obsolete.

Semantic Shift
Some previously presentational elements have not been made obsolete but have gone through a semantic shift so that their meaning has changed.

• <small> no longer means “render this at a small size.” It now means “this is the small print” for legals, T’s & C’s or privacy agreements.
• <b> previous meaning “render in bold.” New meaning “to be visually different from the normal text, without conveying extra importance.”
• <i> previous meaning “italicize.” New meaning “in an alternate voice or mood”.

These changes are largely made to keep the specification and elements relevant to non visual user agents such as screen readers. ‘Bold’ and ‘Italic’ are words that only make sense visually. The idea of developing towards non visual user agents encourages designers to think beyond basic visual design and development.

Anchors
One element in the HTML5 specification that has almost been re-invented. The <a> (anchor) element has always been an inline element meaning multiple <a> elements were needed for hyperlinks that span multiple elements. In HTML5 multiple elements can be wrapped into a single <a> element. For example:
<a href=”index.html”>
<h1>Welcome to my site</h1>
<p>Paragraph</p>
</a>

Document Structure
The HTML5 document structure aims to describe the content structure rather than the page structure because content can be portable (syndicated) and is not always defined within the context of a “page”. Notice in the two below comparisons, HTML5 has two <h1> tags, whereas we have always known there should only be one <h1> on a page.

XHTML 1.0 markup for a blog:
<div class=“header”>
<h1>My wonderful blog</h1>
</div>
<div class=“blog_articles”>
<div class=“article”>
<h2>The Zen of HTML5</h2>
<p>HTML5 is an evolution of HTML4…</p>
<p class=“author”>by David Watson</p>
</div> <!– /article –>
<div class=“article”>
…
</div> <!– /article –>
</div> <!– /blog_articles –>

HTML5  markup for a blog:
<header>
<h1>My wonderful blog</h1>
</header>
<section>
<article>
<header>
<h1>The Zen of HTML5</h1>
</header>
<p>HTML5 is an evolution of HTML4…</p>
<footer>
<p>by David Watson</p>
</footer>
</article>
<article>
…
</article>
</section>

Document Outline
HTML5 introduces a new concept to markup: sectioning. The new structural elements such as <section> and <article> are not just semantically rich versions of <div>, they are used to provide structure and hierarchy to a document. One <div> nested within another gives no meaning and conveys no hierarchy, whereas, an <article> nested within a <section> is considered subordinate to its parent as well as providing semantic information.

There is no hierarchical difference in the two <h1> here because the second <h1> is just embedded in a div which doesn’t say anything:
<h1>HTML5 is weird</h1>
<div>
<h1>XHTML has its problems</h1>
</div>

There is a hierarchical difference in the two <h1> tags here. The first <h1> is of more importance than the second. The first <h1> is the heading of the page, whereas the second <h1> is embedded in an article which means it is the title of the article and therefore not as important:
<h1>HTML5 is weird</h1>
<article>
<h1>XHTML has its problems</h1>
</article>

In order to make sense of sectioning and to understand why it’s possible to have many <h1> headings in a HTML5 document, whereas in XHTML it was best practice to have only one, it’s important to realise that the nature of headings has changed in HTML5. In XHTML, <h2> is subordinate to <h1> but in HTML5, one <h1> can be subordinate to another, depending on context.

The reason for this apparently bizarre implementation is actually quite simple. When XHTML was first codified, most websites were static and the context of any document element was obvious. Everything related to the webpage <body> and every element below (or within) that element was fixed in terms of its hierarchy. As more and more websites became dynamic, pulling content from databases and populating templates, it became difficult to be specific about heading levels because one couldn’t say where any particular chunk of content might end up. A blog is a very good example of what can go wrong. When a blog is listed with other blogs, the title of the blog would be of an <h2> importance but when the blog is the full page, the title of the blog is of a <h1> importance. So the new use of multiple <h1> embedded in <article> enables a blog title to have two types of importance, depending on it’s context.

Audio and Video
For the first time, HTML5 provides a way to play audio and video in a browser without the use of plugins like Flash. Unfortunately, there is still a problem with media formats. The most popular formats like MP3, are not open and browser makers must pay to support them. So, although the “big boys” can afford to pay for MP3 support in their browsers, Mozilla cannot – Firefox does not support MP3 but it does support the open Ogg Vorbis format. Unfortunately, not all of the other browsers support the .ogg format. The result is that we must provide different formats to different browsers.

An example from HTML5 for Web Designers by Jeremy Keith:
<audio controls>
<source src=”witchitalineman.ogg” type=”audio/ogg”>
<source src=”witchitalineman.mp3″ type=”audio/mpeg”>
<object type=”application/x-shockwave-flash” data=”player.swf?soundFile=witchitalineman.mp3″>
<param name=”movie” value=”player.swf?soundFile=witchitalineman.mp3″>
<a href=”witchitalineman.mp3″>Download the song</a>
</object>
</audio>

The above example has four levels of graceful degradation: The browser supports the audio element and the Ogg Vorbis format. The browser supports the audio element and the MP3 format. The browser doesn’t support the audio element but does have the Flash plug-in installed. The browser doesn’t support the audio element and doesn’t have the Flash plug-in installed.

Canvas
Canvas is a new element that can be used to create images dynamically. For example, data could be pulled from a database and <canvas> could be used to draw a graph of that data.

Security Precautions

• PC anti-virus/malware
• Use strong Passwords and keep them safe
• Keep backups
• Latest version of apps
• Employ good coding practice: sanitise untrusted data such as URL parameters
• Check your site files via FTP and look for anything suspicious
• Check your server anylitics regularly for suspicious activity
• Understand how hackers operate

How websites are attacked

• Using stolen credentials: Login details stolen using keyloggers etc.
• SQL injection: Malicious strings added to URL Parameters
• Cross-Site Scripting: Malicious scripts run via HTML forms etc.
• Denial of Service: Flooding a server with requests so that it becomes unavailable to legitimate users.

SQL Injection
SQL Injection is a technique hackers use to manipulate PHP code and insert their own scripts. They do this by replacing the seemingly innocuous URL parameter with their own code. Example:  http://www.cadtutor.net/corner/single-article.php?id=351
In the above example, “351” would be replaced with code that attempts to allow the hacker access to your database or to do practically anything else.

There are many different types of SQL Injection attacks, depending on context. They can be used to circumvent secure logins. Or to list all information in a database. Or to drop (delete) a database table. Or to insert malicious scripts that do other things – ultimately, a hacker could gain control of a web server. Hackers actively look for security holes…

Unsafe Code
The following script fragment takes the value given to it from GET, assigns it to a variable ($article) and uses that value in the SQL query. This is a very bad idea:
URL: article.php?article_id=5
<?php
$article=$_GET['id'];
require (‘/home/cadtutor/config_files/corner_config.php’);
require ($_SERVER['DOCUMENT_ROOT'].’/corner/includes/db_connect.inc.php’);
# query for the article requested
$query=”SELECT * FROM articles WHERE article_id = $article”;
$result=$db_conn->query($query);
$row=$result->fetch_assoc();
…

Safe Code
This script fragment checks to see if the URL parameter conforms to the data type expected and if it doesn’t, the request is sent to the 404 page:
<?php
$article=$_GET['id'];
# if $article has no value or is not a string integer, go to 404
if (!$article || ctype_digit ($article) == FALSE) {
header(“location:/general/404.php”);
}else{
require (‘/home/cadtutor/config_files/corner_config.php’);
require ($_SERVER['DOCUMENT_ROOT'].’/corner/includes/db_connect.inc.php’);
# query for the article requested
$query=”SELECT * FROM articles WHERE article_id = $article”;
$result=$db_conn->query($query);
$row=$result->fetch_assoc();
…

Server Logs
195.229.235.36 – - [25/Jan/2011:02:45:04 +0000]“GET /corner/article.php?id=999999.9+UNION+ALL+SELECT+0×31303235343830303536%2C0x31
303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536– HTTP/1.1” 200 26037 “-” “Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij”
You may be able to spot unusual user agent names in your server logs. In the above example, “Havij” doesn’t sound like any browser I’ve ever heard of. That’s because it isn’t a browser, it’s a piece of software used by a hacker to look for security vulnerabilities.

Software for hacking
Havij – Advanced SQL Injection Tool
Havij is legal and free. The product description is chilling:
“Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij. The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.”

What can hackers do?
Hackers can use a security hole to add their own files to your site, leading to all sorts of possibilities. They can even add a file manager that only they have access to. This is a script from an innocuous file called .sym.php – the leading period is used to hide the file:
<?php # Web Shell by oRb
$auth_pass = “b497dd1a701a33026f7211533620780d”;
$color = “#df5″;
$default_action = ‘FilesMan’;
$default_use_ajax = true;
$default_charset = ‘Windows-1251′;

Web Shell Software
Root Kit
Once a hacker finds a way to upload a file to your site, either via FTP or some vulnerability, they can install a file manager like the one above and eventually a “Root Kit”.

A Root Kit is malicious software that hides itself but allows a user to gain “root” access over a computer – usually a web server. Once such software is in place, the hacker has complete control of the server and can even lock out legitimate admin users. The only safe way to recover from such an intrusion is a complete server rebuild and to fix the original vulnerability so that it can’t happen again.

What can hackers do?
They can steal information from databases such as financial data, passwords, names, addresses, credit card details etc. They can steal media valued at millions of dollars from organisation that really should be protecting their interests better. They can change files on your website so that they install viruses on your visitor’s computers, causing your website to be blacklisted by Google. They can make your life really miserable and lose you lots of money. Hackers don’t just target big organisations. They seek out small, vulnerable sites for practice and fun.

Currently the hacking of websites is on the increase. Hacker’s software is freely available and increasingly sophisticated, though easy to use – anyone can do it. No website can be 100% secure but if you take all possible precautions, you can considerably reduce the risk. Guardian article about Hacking

Google warns users about unsafe sites
‘This site may harm your computer’ may appear under a site on the Google Search results page. If this happens to your site, you must use Google Webmaster Tools to request that Google scan your site and remove the notice if it is found to be clean.

What if I get hacked?

• Close the site immediately – use .htaccess to redirect all traffic to a temporary holding page: Redirect 302 / http://www.mysite.com/site-maintenance.html
• Report the problem to your web host.
• Find the source of the problem.
• Eradicate the problem.
• Never open the site until you are 100% sure it is safe for your visitors.
• Request a Google review.

Where can I get help?
Some companies claim to be able to recover hacked sites for you but unless you have lots of money, you’re pretty much on your own – however, if you have a good web host, they should be able to help and there is plenty of advice available, particularly from Google.

• Google Webmaster Tools: About malware and hacked sites
• Google Webmaster Central: FAQ: Malware and hacked sites
• Google Webmaster Central: Best practices against hacking StopBadware.org

Introduction to Freemium Business Model
What is Freemium?
Freemium is a business model in which the owner or service provider offers basic features to users at no cost and charges a premium for supplemental or advanced features.
Give your service away for free, possibly ad supported but maybe not, acquire a lot of customers very efficiently through word of mouth, referral networks, organic search marketing, etc., then offer premium priced value added services or an enhanced version of your service to your customer base.
The word Freemium is combining the two aspect of the business model “FREE” and “PREMIUM”
Free + Premium = Freemium

And was coined by Jarid Lukin of Alacra in 2006 after venture capitalist Fred Wilson came up with the idea
Chris Anderson (Wired Editor in chief) likened freemium to handing out muffins on the street to entice people to start eating your muffins. But with muffins there’s a significant cost to giving away each muffin. With digital goods, you can give away 90% of your product for free, without any cost for those goods.
He says ‘free users’ aren’t free loaders, and that it’s okay to let the minority (paid users) subsidize the majority. Because the free users will recommend to friends, it’s a great form of marketing. And for those paid users, many of them are very strong customers — they may be price insensitive, with very little churn.
Importantly, this means that freemium is NOT the same thing as “premium with a free sample.”
A restaurant that offers free appetizers is not a freemium business.

Why You Would Go Freemium
There are basically two reasons to go for a freemium business model:
• Marketing. By definition, having a free product makes it really easy to get customers. And internet economics make this very attractive, because the marginal cost of every new free users will be very low. Free users can also be good marketing because even though a free user might not convert, they can invite other free users who might.
• Network effects. A network effect is what happens when a product or service becomes more valuable the more people use it. A phone isn’t very useful if you can’t call anyone else with it. But once everyone you know has a phone, it becomes a pretty valuable thing to have. If you’re in a market that lends itself to network effects you’re going to want to have a free basic product because if you don’t someone else will and will use the network effects to crush you.

What Freemium Needs To Work
According to Phil Libin (Evernote Founder/CEO Phil Libin –whose Freemium company is very profitable), here’s what you need to be able to do to make freemium work:
• Get lots and lots of free users. It seems obvious, but it’s important to keep in mind. Freemium is a numbers game: if only 1% of your users are going to pay you, then you need to have lots and lots of free users (millions, typically) to make that 1% enough money.
• Get all of these users to stick around. Also important, as we’ll see.
• HAVE A PRODUCT OR SERVICE WHO’S VALUE TO USERS INCREASES WITH TIME. This is the biggest thing that most people miss, hence the caps. The value of your service needs to increase the more people use it. A classic example is Spotify, where you create all your playlists and organize your music. Once you’ve done that, as investor Sean Parker says, “We’ve got you by the balls,” and you’re much more likely to pay up. The value of Spotify to you has gone up from being just music to music, your playlists and your friends’ playlists, so paying starts to make sense.
• Keep costs low. Also seemingly obvious but actually a big deal: freemium works because the marginal cost of each additional user is low, so you need to keep your operating costs correspondingly low. Again, internet economics, through things like open source and the cloud, help, but that’s not going to be true for everyone.
FACT: with Freemium vast majority of your users use your product for free and a minority pay.

Examples of Freemium
For Services
My favorite example of a freemium service is when I was at college. No matter what bar I went to, they were offering free food such as burgers, hot dogs, peanuts or fried chicken in hopes they would have us pay for something premium, that being a beer or a mixed drink. Did this work on us? Every time!
Another famous freemium is that of a Kirby Vacuum. Have you ever had someone come to your door and ask you if they could setup an appointment for them to do a cleaning of a room for free? You either knew what was going to happen or you said to yourself, heck yes!
Well if you made the appointment, you knew a salesman would come in and clean a room in your house with an outstanding vacuum cleaner. After they cleaned your room, you hoped they would do more with this great product but instead, they wanted you to buy it. You either said yes, no, or have them call you back because you are thinking about it (which is a no).
How is this freemium service? It is a freemium service because they are giving you something free, that being a clean room, and they are trying to sell you something at a premium, which is the vacuum.

Freemium for Web 2.0
If you take a look at the ever popular Flickr website, they use freemium too. Flickr lets their free costumers upload their photos and other items for the world to see. The unfortunate thing is that people can only upload an limited amount. If you want the premium service, that being unlimited storage space, you can buy it for an extra 24.95 a year.
There are a lot of freemium Web 2.0 properties on the web today. It is a business model that is not going away!
Free Digital Photos – Giving free small size digital pictures free on a website whilst the standard size one had to be paid for
Trillian – the basic service is free, but there is paid version that is full featured

Freemium for Software
There are more and more freemium software programs coming out each day. One of the most popular ones is well, any anti-virus program. They let you use it with great protection. Take for example AVG Free Anti-Virus. You get a great program if you download it but if you want added protection, you must pay 49.95 per year.

 
Things to look out for my considering Freemium
It is important that you require as little as possible in the initial customer acquisition process. Asking for a credit card even though you won’t charge anything to it is not a good idea. Even forced registration is a bad idea. You’ll want to do some of this sort of thing once you’ve acquired the customer but not in the initial interaction.
Don’t require any downloads to start. Don’t require plugins. Support every browser with any material market share. Make sure your service works on various flavors of Windows, OSX, and Linux. In short, eliminate all barriers to the initial customer acquisition.
And make sure that whatever the customer gets day one for free, they are always going to get for free. Nothing is more irritating to a potential customer than a “bait and switch” or a retrade of the value proposition.

Does Freemium Work?
It does. You can tell it works because more and more companies are using it especially in the phone and software world.
Danny Rimer, the London-based venture capitalist with Index Venture said Freemium works because you reduce the main stumbling blocks of product adoption. He said web-based users who don’t have to pay for it will often start evangelizing the benefits to others.