Cookies are set by WordPress in the CVblog, but
they are not viewed, stored, or compiled for any other purpose.
Cookies are not used elsewhere on the site.
Other Identifying Data
Apache (web server) records standard information for every visit,
such as operating system, browser, and IP address. The logs are used
to generate site statistics, but the data is not otherwise compiled
or stored. The only other use of identifying information is by CGI
scripts (e.g. Contact
Form). Scripts are favorite targets of those making sport, and
business, of compromising sites, so IP addresses are logged separately
and available for forensics in the event of an attack. They are used
for no other purpose.
No attempts are made to identify visitors, and there is no storing or
compiling of data beyond default settings of standard software (as
described above). My business seeks visitors to engage the company for
advancing their purposes, and is not about using their personal data
to facilitate some ulterior gain of mine.
The main web site does not currently use any active scripting.
This is a conscious choice based mostly on personal security
preferences. My browser's are generally configured with scripts
disabled, although enforcement has eased somewhat in recent
Arguably, more caution is required today, not less. Although valid
uses exist for scripting, malicious use is on the rise. Drive-by downloads
are becoming a more common tactic for the botnet criminals—and not
just from illegitimate sites. Compromised pages on popular, mainstream
sites are increasing,2 as this becomes a
more popular attack vector. In short, carefully policing the sites you
visit, staying away from "bad" ones, is no longer sufficient to remain
safe from the reach of malware.
We have chosen to forgo the benefits of active scripting. Of course,
this doesn't mitigate the risk of site compromise, but it does allow
visitors to have scripts disabled without losing functionality. "Bells
and whistles" (e.g. navigation menus) are implemented using CSS. This
site will lack the glitz of some others, but it allows for safer browsing
and forces the focus on content, rather than moving and/or flashy parts.
Navigation used to be ad hoc, with the old site using both left
and right navigation blocks, sometimes changing between sections with
different subject matter. To start, the new site adopted a two
column layout, with navigation links at the top, which will be
implemented consistently across the site. The CVblog is
the lone current exception, a conscious and functional choice. One
possible future exception will be the integration of content from the
old web site, which might reflect the design of the period. The one
constant: the logo on every page connects to the home page.
Following external links will most often take you to the destination
using a new window or tab. With tabbed browsers, my preference has
changed, from strongly opposing this behavior, to wanting links opened in
a new tab. There is no way to please every visitor, so the best guess was
to configure this site according to my choices.
An effort was begun in 2009 to make the site standards compliant
(XHTML 1.0 Transitional, CSS 2.1). It was not a priority at the time,
as it meant retrofitting old pages, some dating back 10 years. The
process is now facilitated by the business retooling. New pages are
created following the standards, and old ones converted if/when they
are reintegrated, so the site should be fully compliant.
There are exceptions in the CVblog, which uses WordPress and
includes a third-party theme and plugins. Tests indicate mostly compliant
output with the few "errors" caused by attributes which are valid CSS 3.
They could be eliminated by simply deleting the definitions in the
third-party .css files, but our purpose is to eliminate deprecated
features and botched syntax of otherwise standard code. These exceptions
are not errors, per se, and not a concern for current efforts.
A firefox addon, NoScript, facilitates simple and temporary
granting and revocation of rights per site/visit.
U.S. Treasury sites were compromised May
03, 2010. There are many other examples and the pace of attacks