Monday 30 April 2012

Simple JavaScript EU Cookie Compliance Code

JavaScript code to comply with EU law on Cookies and Privacy whilst browsing.

Something I quickly did at work the other day was useful enough to put up on my site for people to download and use. I have just updated it to make it more customisable and even more useful so I thought I would update the blog as well.

If you live in the European Union you might have been aware of a recent rule for websites that was made many years back but totally ignored up until now.

It is going to take a test case in the courts to resolve it one way or the other but just to be safe and to be compliant with new EU law about cookies I have created a generic EU Cookie / Privacy JavaScript function.

This code can be referenced from any site in the footer (a global footer would be advised) and then your site will become compliant with EU diktats on website privacy and cookies straight away.

The code is wrapped in a self calling function so will be called as soon as the script is loaded into the DOM.

You might want to add a call to the main function call on line 409 of the script into your own onDOM or onWindow ready function to make sure it is called after all other scripts that may load cookies into the users browser last.

// call the CheckCookie function
EUCookie.CheckCookie();


The parameters at the top of the EUCookie object that display the message and the wording for the buttons are all customisable (different languages, different HTML etc) and you can modify the code to pass in different variables as you see fit.

On our site which handles multiple languages and parameters we have handled this by removing the self calling function code from the script just leaving the EUCookie namespace and then in our global footer doing something like this:


<script type="text/javascript" src="/jobboard/scripts/JS/EUCookie.js"></script>
<script type="text/javascript">
 
 // set custom values for the EUCookie object
 EUCookie.EUMessage = '<p>Do you want this site to accept cookies and be compliant with EU law?</p>';
 EUCookie.AgreeText = 'Accept';
 EUCookie.DisagreeText = 'Decline';
 EUCookie.RedirectLink = 'http://www.strictly-software.com/';
 EUCookie.MsgWidth = '400px';
 EUCookie.MsgHeight = '200px';

 // check whether the user wants to use the site with cookies
 EUCookie.CheckCookie();

</script>


As you can see the EUCookie object script - with self calling (function(){ })(); removed is loaded in first and then any parameters you want to change are modified on the singleton before the CheckCookie() function is called.

The script also handles browsers where the user has totally disabled cookies either through a toolbar like the Web Developer Toolbar or through the browser itself and if the user has no cookies passed to it then the message won't even appear.

I have just added in "Paranoid Mode" which is a setting you can turn on which will do the following when testing for cookies.
  • It will not only just check for document.cookie but actually create a test cookie, read it and then delete it before checking it has gone - some old browsers only clear cookies on a new session.
  • It will also set a timer (the length of time in milliseconds is also set by the ParanoidCheckTimer property) that will constantly check the DOM for the re-enabling of cookie use e.g if you use the Web Developer Toolbar you can disable cookies on the fly. If you loaded the page with cookies off and then set them on with the toolbar the ParanoidMode setting will detect the change and show the popup message.

If the user decides they don't want to use cookies and therefore if the site if it relies on them, then they are taken away to another customisable URL the EUCookie.RedirectLink parameter which defaults to my blog at the moment.

Obviously this url could be changed to a cookieless version of your site so that they can continue to use it . Maybe a version designed for mobiles where cookies are not used at all could be a viable option.

If the user clicks on the "I agree" button then a cookie called EUCookie is set for 365 days on their computer and on each subsequent visit it rolls over for another 365 days.

Obviously if the user clears their cookies, or lets an anti-virus scanner or tool like CCleaner remove the EUCookie my script sets, then they will be asked the question again on their next visit. So you might want to change the wording of the message to reflect this.

I have also added another property called AlwaysShowMsg which will always show the warning message whether or not cookies are currently enabled or not. You never know when a 3rd party script or your system might load in a cookie so this might be useful - also check out the ParanoidMode setting.

I have also added in a property called HideScroll which can be set to BODY, HTML or an empty string. This will hide the relevant scrollbars when the lightbox is shown to prevent users scrolling down past the greyed out area. The scrollbars are returned to a setting of "auto" once the DOM is cleared of the cookie messages if agreed to.

I have also added in some code to measure the viewport and the scroll position so that the message box is properly centered in the screen rather than the inline 20% margin style it was using before.

Benefits of this EU Cookie Compliance Script 
  1. It is easily installed and makes any website comply with EU law. 
  2. The code is wrapped in a namespace and therefore you shouldn't get problems with functions overwriting functions etc. 
  3. It uses very simple design inline and backward compatible styles to create a lightbox and "center" the box on the page.
  4. All the major parameters can be customised including the name and value of the EU compliance cookie, the text for the buttons, the redirect link and the styling.
  5. No framework is used or relied upon and all the code is self contained within the script. 
  6. The ParanoidMode option allows you to automatically detect when cookies are switched on or used if the page is loaded without their use. This enables a loaded page to still show the message when it detects cookies being used.
  7. The code is a simple drop into any global footer of your site. Just put a reference to the script in your footer and the script should work (as long as you haven't got previous JavaScript errors).
The only downside is that the script relies on JavaScript to be enabled and for a cookie to be set to tell the website that cookies are allowed. A server side version could be made easily enough but for the 90% of internet users who use JavaScript this script should be good enough.

Plus as most 3rd party cookies are set by advertising or other external scripts with JavaScript then this solution is enough to stop them in their tracks especially with paranoid mode which will kick in whilst you have a loaded page open and an external script decides to attempt to set a cookie 1 minute into your viewing. A server side solution wouldn't handle this.

You can see and download the source code from here: EU Cookie Law Compliance Code

Feel free to make use of it as you want but if you don't change it dramatically (e.g just add a missing ; etc) then please leave the credits at the top of the script.

Hopefully this script will help all of us out and prevent those evil virus spreading cookies from infecting all our computers before it's too late :)

Thursday 26 April 2012

Start Up Menu

Cleaning up items from your Startup folder

Yesterday I noticed on my new Windows 7 machine at work that I had an McAfee anti virus tool in my Startup directory. As I already have a company installed Kaspersky anti-virus tool (not my choice) I wondered how the hell it had got there (my memory is not as it used to be).

Therefore I went searching for ways to clean up my Startup menu as having too many application in there often slows down a fast boot up and we all want to get on our machines and start work as fast as possible don't we!

One good tool that I used to use on my old XP PC before being given a blank Win7 machine was CCleaner and it is still a good tool for cleaning up your browsers, cookies, caches, clipboards, recycle bins, temporary files and a lot more.

In fact I installed and used it yesterday to clean up my registry after I un-installed the McAfee program as there were still related keys that remained after the uninstall.

You can download it from here: Download CCleaner or visit their site: http://www.piriform.com/CCLEANER.

Another way is to:
  • Go to the Start Menu.
  • Right click on Startup.
  • Select "Open all users".
Make sure your folder has been set to show all hidden files, extensions and anything else Windows might like to be hiding from you.

Another tool which I didn't know about until this morning is to run this from the Run prompt: msconfig.exe

This opens up a nice little windows application that you can configure how the system starts the computer when it is turned on including:
  1. Whether to load all the devices and drivers or only basic ones.
  2. Whether to always boot up in "Safe Mode" or with "Network functionality".
  3. If you really want to you can control how many processors are used and the maximum amount of memory to use.
  4. Under the tools tab it also gives you a wide variety of tools for troubleshooting, removing programs, changing access permissions and much more.
However the thing we are interested in is the Startup tab which lists all the items set to start up automatically when Windows turns on. From here you can enable or disable items in your startup folder.

Adding Items to the Startup Folder

With my new machine I wanted a windows service I had created in .NET to run whenever my PC was started.

The service itself was already set to automatically start on boot but I had created a little windows form application with a "Stop" and "Start" button that enabled me to control the service as well as give me key information about what was going on as well as any problems with the service. Problems such as not being able to connect to the external API I was using or application errors such as not being able to log to my own log file.

To add this application to those that automatically started up I created a shortcut from the .EXE and copied it into the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup folder and now it automatically starts whenever I start my machine.

Hopefully this is useful to someone.


Troubleshooting Internet Wireless Connectivity Problems

Quickly diagnosing Network Issues on your Windows XP PC

If you are like me and have a WinXP laptop at home then you will miss some of the nice diagnostic features Windows 7 comes with (we will skip Vista for obvious reasons) - By the way I have finally got a Windows 7 machine at home and at work!

I like WinXP purely because it lets you do what you want without all those annoying pop ups asking you to confirm everything you want to run.

However the other day for some reason I opened my laptop only for my Internet connectivity to be disabled with the message that the relevant driver was no longer installed! Why I have no idea as I had been using the laptop only hours before without an issue.

No I hadn't accidentally turned off the Wireless switch at the top of the Sony Laptop or accidentally disabled the radio from the utility and a quick virus scan using my last update showed nothing untoward.

The Intel Wireless Troubleshooter had all the options greyed out and the Windows Wireless Network Manager wasn't even in the task bar for some reason so I couldn't check the repair function on that either.

However (and this might be obvious to people who know) but there is a little tool you can run from your Start Menu which will diagnose any network issues and fix them if it can. This is probably the same tool that Windows Messenger uses when you use their own diagnostic tool.

To run this tool do the following:

  • Go to the Start Menu
  • Choose the RUN option
  • Enter the following into the input box: %windir%\network diagnostic\xpnetdiag.exe
  • Hit OK
If it can fix the problem it will tell you and if it can't then you will need to look deeper e.g check your router, check your inbound Internet connection and make sure there isn't a local Internet problem in your area.

The diagnostic log that I got looked liked this:

Last diagnostic run time: 08/20/11 13:33:34 HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity



info HTTP: Successfully connected to www.microsoft.com.

info HTTPS: Successfully connected to www.microsoft.com.

info FTP (Passive): Successfully connected to ftp.microsoft.com.







DNS Client Diagnostic

DNS - Not a home user scenario



info Using Web Proxy: no

info Resolving name ok for (www.microsoft.com): yes

No DNS servers



DNS failure









Gateway Diagnostic

Gateway



info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:

info This computer has the following default gateway entry(ies): 192.168.1.1

info This computer has the following IP address(es): 192.168.1.5

info The default gateway is in the same subnet as this computer

info The default gateway entry is a valid unicast address

info The default gateway address was resolved via ARP in 1 try(ies)

info The default gateway was reached via ICMP Ping in 1 try(ies)

info TCP port 80 on host 207.46.19.254 was successfully reached

info The Internet host www.microsoft.com was successfully reached

info The default gateway is OK







IP Layer Diagnostic

Corrupted IP routing table



info The default route is valid

info The loopback route is valid

info The local host route is valid

info The local subnet route is valid

Invalid ARP cache entries



action The ARP cache has been flushed







IP Configuration Diagnostic

Invalid IP address



info Valid IP address detected: 192.168.1.5







Wireless Diagnostic

Wireless - Service disabled



Wireless - User SSID



action User input required: Specify network name or SSID

Wireless - First time setup



info The Wireless Network name (SSID) to which the user would like to connect = BLAH

Wireless - Radio off



info Valid IP address detected: 192.168.1.5

Wireless - Out of range



Wireless - Hardware issue



Wireless - Novice user



Wireless - Ad-hoc network



Wireless - Less preferred



Wireless - 802.1x enabled



Wireless - Configuration mismatch



Wireless - Low SNR









WinSock Diagnostic

WinSock status



info All base service provider entries are present in the Winsock catalog.

info The Winsock Service provider chains are valid.

info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.

info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.

info Provider entry RSVP UDP Service Provider passed the loopback communication test.

info Provider entry RSVP TCP Service Provider passed the loopback communication test.

info Connectivity is valid for all Winsock service providers.







Network Adapter Diagnostic

Network location detection



info Network location could not be detected

action User input required: Select network location

info Using home Internet connection

Network adapter identification



info Network connection: Name=Local Area Connection, Device=Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller, MediaType=LAN, SubMediaType=LAN

info Network connection: Name=Wireless Network Connection, Device=Intel(R) PRO/Wireless 3945ABG Network Connection, MediaType=LAN, SubMediaType=WIRELESS

info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394

info Network connection: Name=Strategies VPN old, Device=WAN Miniport (PPTP), MediaType=TUNNEL, SubMediaType=NONE

info Network connection: Name=Strategies VPN, Device=WAN Miniport (PPTP), MediaType=TUNNEL, SubMediaType=NONE

info Both Ethernet and Wireless connections available, prompting user for selection

action User input required: Select network connection

info Wireless connection selected

Network adapter status



info Network connection status: Disconnected

info Network adapter hardware problem: This device is disabled.

warn Network adapter status not healthy

action Automated repair: Enable network connection

action Enabling the network adapter

info Network adapter successfully enabled

info Network connection status: Connected







HTTP, HTTPS, FTP Diagnostic

HTTP, HTTPS, FTP connectivity



warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved

warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved

warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved

warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved

warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved

warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved

error Could not make an HTTP connection.

error Could not make an HTTPS connection.

error Could not make an FTP connection. 


If like many people you have now moved onto a newer operating system like Windows 7 then you can take advantage of their inbuilt network troubleshooter which can be accessed by following this guide:

  1. Click the Start button.
  2. Click the Control Panel‌.
  3. In the search bar in the top right corner enter "Troubleshooter".
  4. Run the search and click on "Troubleshooting" in the list of results.
  5. Click Network and Internet
  6. Pick the type of problem you are having and it will run a diagnostic test for you. If you are having internet connectivity issues then you should select the first option "Internet Connections"

For more information on troubleshooting internet and wireless connectivity problems on Windows 7 machines read this step by step guide on troubleshooting connectivity problems.

Thursday 19 April 2012

I was recently asked how much I think I am worth in monetary value to a company and this got me to thinking that in this global economy in which India and China are churning out IT developers at factory rates all willing to put bids in for huge pieces of work on vworker.com for $200 and then spend their whole time on sites like this asking for help I wonder what my readers think someone with a CV like my own would be worth in today's IT environment. My online CV can be found here but here is a cut down version of it.

Overall Skillset

  • Over 15 years of SQL development work. From relational to real-time VLDB's I have designed, developed and maintained systems from MySQL to MS SQL 2008 (and soon SQL 2012)
  • Experience in a wide variety of languages including (in alphabetical order) ASP (classic), ASP.NET, C#, CSS, HTML, Java, JavaScript (server and client side), .NET, PHP, XHTML, XML and VXML.
  • Developed a large number of systems   (200+)  that are still running that use 3 versions of a system I personally developed (back and front end). These systems offer the sometimes unobtainable mix of a high turnaround to increase sales through very short development times, very customisable, good performance and an ease of maintenance that means most of the bugs and setup errors are fixed at the press of a button. These systems currently compete with the market leader in our field at a fraction of the cost.
  • I have a solid grounding in both object orientated and procedural development methodologies.
  • Caching, minification, compression and other optimisation techniques both database and front-end side.
  • JavaScript widget development including creating a number of custom JS widgets as well as creating JavaScript reliant sites that are progressively enhanced.
  • Automated tasks to report, analyse and fix potential issues all without a finger being lifted due to data driven database systems.
  • Good coding practises that can improve old systems written in legacy languages like ASP Classic including how to limit 3rd party COM object and other object re-use, reduction of logging, regular expressions that don't create catastrophic backtracking and other well known but sadly untaught tricks of the trade such as how to debug problems.
  • A search on Google for "Stricty-Software" will show you the wide variety of tools, sites and skills I have available and these include
    1. Developing and now selling my own Windows Applications including the Twitter HashTag Hunter Application that allows new site owners to find the @accounts and #hashtags they should be following and using by scanning Twitter for certain keywords without getting you blocked.
    2. Developing 5 WordPress plugins that have been well received by the SEO community as well as other WordPress users. These include plugins to Automatically add tags to posts imported into site (AutoBlogging) without using 3rd party plugins. Another favourite is the Strictly-TweetBot that allows users to post multiple Tweets to multiple Twitter accounts whenever posts are published. The options for each Tweet include the ability to add tracking codes, content analysis to block or allow the post and the use of tags or categories as #hashtags in the Tweet. I have even fixed problems in other well known WordPress plugins that were key to integrating with WordPress.
    3. Still on the subject of WordPress I have written a 3 part "Survival Guide" for Microsoft programmers new to Linux, Apache, MySQL and PHP get their heads round the many problems WordPress and a LAMP system can throw at you that covers basic SSH terminal commands, Performance tools, Plugins to install and to avoid and security options to prevent your site from being hacked.
    4. Being able to understand, de-construct and find problems in well known and well used frameworks such as jQuery and Prototype. I have also created my own lightweight JavaScript framework Getme.js which offers selectors, chaining, Sizzle compatibility and a few important functions but leaves the majority of the coding up to the developer. This prevents the sometimes annoying choice of having to go "all X framework" or "no framework".
    5. Developing and releasing a large number of free scripts, projects and functions for readers of my www.strictly-software.com site. From HTML Encoders (that encode properly), to SQL performance tuning and SQL injection clean up scripts my site is a key source of information for techies around the world.
  • I am also a developer of a wide range of free online tools which can be found at tools.strictly-software.com including de-packers and reformaters, encoders, compressors, scanners and one of the first online Twitter Translators.
  • I am an expert in Regular Expressions and SQL Injection detection. I also was one of the first people to discover the SQL Denial of Service attack that is possible on certain sites that allow users to enter complex search patterns. I also regularly list common hack vectors and de-encrypt SQL injection attacks so that people know what they are doing.
  • Having to defend critical systems from constant hackbots, scanners, spammers and content scrapers I have over the years become an expert in ways to reduce "bad" traffic through various means including .htaccess rules, trick robot.txt files, free advertising through blocking image hotlinking and using real time data analysis to determine spoofers from humans and BOTS.
  • On the other side of this coin I have also created many SEO tools (both white and blackhat) that include apps for proxy hunting and checking performance, content scraping without overloading servers or being blocked as well developing directive based languages for scraping with ease.
  • I have developed a number of BOTS, Web and Windows Services, as well as writing regular expressions to parse HTML from external sites, creating my own two step CAPTCHA's to beat BOTS and many other techniques.
  • As well as being a keen sportsman into martial arts, badminton and football I am also the creator of the term "Techies Law" and "Job Rapist".
I would suggest taking the time to read my full online CV or a cut down version on LinkedIN before taking a minute out of your day tell me what you think someone with this wide ranging skill set should be paid for an annual salary in the UK.

Remember £1 is about $1.60 or €1.22. If you have another answer please write a comment and remember you can only vote once as the poll is blocked by IP and cookie so you can only vote once! Thank you