Doing it and doing it and doing it ...WELL!

We are back!

Fresh with another launch, A1Infrared.com is alive and kicking. After a little fussing with HostGator,

I believe that is unacceptable

we were able to get ionCube Encoder working. Yes, we do support open source, but our core framework libraries are not open source. So, we want to give thanks to HostGator for meeting our requirements.

In other news, we are moving strong with Lease2Buy, approaching the finish line. With the last cup of Gatorade crushed and dropped a few miles back, we are leading the marathon. See, most of the other web companies start off fast, but they're quickly wheezing in the back. Not us, not here at ProjectSkyLine. We set a pace and keep to it. In fact, we're starting to set a pace for a lot of *stuff* that's going on. We going strong.

Keep in touch.

- psl

Skillings & Sons Website Launch

After nearly 3 weeks of programming, graphic design, ajax debugging, a custom gallery and countless trips through iStockPhoto, we are proud to launch Skillings & Sons' corporate website.

This launch marks the culmination of nearly 6 months of joint effort by Ben Sgro (President), Devin Bousquet (Vice President), Diana Melgarego (Finance Director) of ProjectSkyLine LLC and Brandi Coulter (Marketing Manager & website liaison) of Skillings & Sons.

In an on going effort to support the online needs of Skillings & Sons, we are providing hosting support in conjunction with Nexcess, and managing a robust online marketing plan with the assistance of Matt VanWager of FindMeFaster.

(Matt will be speaking at SEMNE on Sept 11, check if out if your around!)

The new Skillings & Sons site exhibits a terrific user-interface (UI) design, fueled by the artistic excellence of Devin Bousquet. The tabbed interface provides a simple to navigate and user friendly interface for Skillings' target demographic.

::tech note:: The original tabbed interface used Ajax to load the content, which worked fine. We use CSS to control the mouse over attributes and we chose to have the state of "on" (the currently loaded page) be represented with a specific color. Since the CSS had to be redrawn and sent along with the Ajax, we soon found out that you CANNOT do this IE. Smooth.
We removed this feature and went with something that worked cross browser. We'll get into more of the technical aspect of this at a later date.

The site also sports a "search" ability, which is powered by MySQL fulltext indexing. It works well, but will be receiving a tune in the approaching days.

ProjectSkyLine built ajax drop down menus to highlight (and hide) specific data. In conjunction with the scriptaculous javascript library, we've added fluid motion to the drop down of these menus. We've also used the scriptaculous library to selectively highlight important messages within the site. In keeping with a smooth and memorable user experience, we are using cookies to keep track of the state of the drop down menus. Meaning, when a user navigates away from a page and then returns, the drop down is in the same state as they left it. Terrrrrrrific!

Another thing**** we learned while building our custom image gallery (powered by scriptaculous and Ajax) is that IE on VISTA (NOT XP) does not allow you to rewrite a cookie
multiple times without a page refresh. Sheesh.

::tech note:: Our original image gallery design was suppose to be modular enough that it could be both 1) used again and 2) released as open source. To maintain state (if the user leaves and then returns) we used cookies. However, we soon found out IE7 on Vista doesn't allow cookies to be written more than once. On IE7-XP & FF-XP & FF-Vista this technique worked. So, what's the reason ...? We checked and altered the browser security settings to see if that effected it, adding out development server to the list of "ok" sites, and lowering security to exploit enticing levels. heh. Nothing. So, we rolled back the code to instead of cookies, use sessions. Those HAD to work. And they did. For those that are interested, the source to the gallery will be made open shortly.

Skillings & Sons is full of other subtle design features that make it clear why ProjectSkyLine LLC is moving on up and setting some triumphant trends.

- psl

ProjectSkyLine deploys Halftime Magazine & matching Website

Yup, its true! Our magazine creator, Brian Cain, has been working tirelessly with Devin, ProjectSkyLine's creative director in preperation of Half/Time Magazine's 4th release.
For those of you whom are not familiar with Half/Time Magazine, read on:

H/T Magazine is an indepently published and voluntarily fueled magazine of uplifting stories, inspirational artwork and candid interviews. Check out the sample chapter.
We'd like to commend Devin on a job well done!

In other news, we've began work on a complete revamp of Lease2Buy.com. This website held a #1 position on google for lease 2 buy and rent to own homes. However, Rob, the owner, really wanted to spruce up the visitors experiance. Devin has constructed a new logo, new layout, new buttons, new typography..hell, nothing is really left except the content..and we've even improved that! Stay tuned for the launch later this month!

We're approaching our release date for the Skillings & Sons new website. We've been working hard on this and will present a detailed case study with the release.

We've also added a new employee, Chris Lyght, a part-time web developer. Chris brings experiance in graphic design, programming and sales. We look forward to seeing Chris's work
on Lease2Buy, as he is the lead programmer on this project.

More to come, more to come.

- psl

Joomla, XSS and Obfuscated Code

Hello again,

Yesterday, our chief engineer Ben, came about an interesting backdoor php script that a friend off irc was talking about. He was studying the joomla source, prior to implementation, and found that tons of joomla sites had been owned with a XSS used to load the r57shell php script.

We've included a copy of the script here for educational purposes: http://www.projectskyline.com/phplist/r57shell.txt

Ben went and posted this information to the NYPHPlist to provide fellow developers
an insight into the tools crackers are using against us.

A member of the PHPList pointed out that the script has some backdoor, author alerting features: http://seclists.org/fulldisclosure/2006/Sep/0083.html

Ben decided to base64_decode( ) the obfuscated variables and see what kinds of programs the
shellscript was building and executing.

The first section of code is that of the author alert...this provides the author w/the ip of the owned machine.

Ben then went ahead and decode the programs...a link to them is here:
http://www.projectskyline.com/phplist/test.php

Can't trust those russians!

- psl

I'm out for Presidents to represent me.

Greetings,

The ProjectSkyLine executives just returned from an extended stay in the beautiful presidential mountain range of NH. Photos and more are located at flickr.

After a nice hiatus, we are returning full force and moving forward with StoryXchange, our premiere skunk works project. In tandem, we are also delving deeper into the development of WARP2.

Oh, yes, we are also proud to announce our business arrangement with Skillings & Sons, to both create their online presence and managing their online marketing campaign. You can read the press release.

We look forward to a very exciting June!

- psl

Google to police the net, ProjectSkyLine to write better code

Greetings,

Yup, totally unrelated. Google will begin to police the net and we will write better code. As you know, we started the port from PHP4 to OOP PHP5, along with using a MVC inspired design and smarty templates. All great things.

We just read in a slashdot post that:

For some time now, searches have displayed 'this site may harm your computer' when Google has tagged a site as containing malware. Now the search engine giant is is further publicizing the level of infection in a paper titled: The Ghost In The Browser. For good reason, too: the company found that nearly 1 in ten sites (or about 450,000) are loaded with malicious software. Google is now promising to identify all web pages on the internet that could be malicious - with its powerful crawling abilities & data centers, the company is in an excellent position to do this. 'As well as characterizing the scale of the problem on the net, the Google study analyzed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets. Widgets are small programs that may, for example, display a calendar on a webpage or a web traffic counter. These are often downloaded form third party sites. The rise of web 2.0 and user-generated content gave criminals other channels, or vectors, of attack, it found.'"

Now, at first glance that is great. Besides the common posts about, "won't we be shutting out %10 of the web?".

I see an immediate tactic of malware distributed through 3rd party applications to contain code that will *hide* or disable the exploit code that injects the malware when it see's a google bot querying the page.

Pretty simple for them to do, since google bot advertises itself. In fact, writers could just have it not displayed on any OS/Browser that it couldn't effect. If it needed Windows IE Version 6 to run the exploit, programmers could only serve to that browser.

But then of course bots could start serving fake URI data.

We'll see, won't we.

In other news, we've just completed a case study of our current, *exciting* clients.
Take a look at it here.


We also started working with the World Food Prize, modifying our RSVP software, Project-Contact, to account for a special event they are organizing. Because it is a
government function, special attention must be paid to securing the data and its'
transmission. This project is currently being tested. Stay tuned for more.

We've also been working in depth on WARP2, beginning the complete wireframe and SQL transaction specification. Programming seems easy compared to this!


Also, our lead designer Ben has been working on a few skunkwork projects, including data mining, scripting, automation and emailing. Ha, fill in the blanks.

More to come!

- PSL

Gone Test One

-Marketing

The brochure is always a testament to design. Compile a list of the most unique, interesting, and most important information about your company on to a 8.5 by 11 double side of paper. Now divide that content into 6 columns (three on each side), with order and a constant flow. Make sure the registration is dead on and then send them out to be printed.

This is what we came up with:


We sent them to be printed at Vista Print again. The other material we had printed there were of good quality so we shall stick with them.


We believe the brochure came out well and will now use them in out press kits. We designed them with InDesign and Illustrator and used images from our portfolio and our product line.


Other pieces in our press kit are the postcard, business card, fact sheet, contact info, and other field study documents.

Please send us a request for a press-kit at contact@projectskyline.com or visit our contact page at http://www.projectskyline.com/index.php?act=600

-PSL