Exporting ScreenFlow recordings for HD YouTube uploads

ScreenFlow works pretty well for me for all kinds of screencasts. Its default settings are pretty bad though, when I want to upload the exported video to YouTube and have is played back with decent quality. The problem is the default scale setting: The “Web – High” preset suggests to scale the video down by 50%. That reduces the file size a lot, but also produces output that will show up as “240p” on YouTube, which looks pretty awful.

For 720p videos, you want to set the resolution to exactly 1280×720. Export and upload that and YouTube will be able to play back the video with 720p “HD”, which looks so much better.

I’m recording videos on my MacBook Air 13″, which has a native resolution of 1440×900. That’s not the same ratio as 1280×720. For a recent recording I resized the canvas of the recording from 1440×900 to 1440×810. That cuts of some stuff at the top, bottom or both, but that worked fine in my case. The end result is a ratio that matches the 720p ratio, so scaling it down won’t distort the result at all.

Note that you need a verified YouTube account to upload videos longer than 15 minutes. Make sure you have that before attempting to upload an hour long screencast, and having to start over after the video gets rejected as too long.

Talk recording: Effective jQuery

This is the official recording of my talk at the jQuery Conference in San Diego in February 2014, titled “Effective jQuery – Patterns for maintainability and performance”, recorded a few weeks ago, published yesterday. I probably spent about two full weeks preparing this talk, with lots of rehearsing. Still, I was very nervous at the beginning, which can be heard quite well. Five minutes into the talk, covering technical stuff, I calmed down a lot, which can also be heard quite well.

The slides are available online.

I’ll be giving this talk again at this year’s enterJS 2014 in Köln (home town!), on day one, June 30th. They still have tickets, so if you’re close enough and want to see my talk live (and in german), get a ticket.

Release: Validation Plugin 1.12.0

Its been slightly over a year since the last release of the jQuery Validation Plugin. Its been almost eight(!) years since I started working on this plugin. Its been slightly over eight years since I started my first full time job as a software developer. Almost-decades aside, its time for a new release, so I’m happy to present you with a shiny new 1.12.0.

Since 1.11.0, lots of things changed. The documentation is now longer on the jQuery Wiki, the plugin home is no longer on this site, instead both moved on to their own home at jqueryvalidation.org (I’m still doing release announcements here though). The source code of the plugin was heavily restructured, laying the foundation for smaller modules that are easier to test and maintain. While src/core.js is still pretty big, all the additional methods are now in individual files, making them much easier to maintain.

On the “tell me something relevant for me” front there’s also lots of improvements: Along with the usual bug fixes, the plugin now uses some ARIA attributes, laying the foundation for making the validation more accessible, e.g. for screenreader users. There’s a lot of new and improve localizations along with several new and improve additional methods. All full list of all changes can be found in the changelog below.

Download this release.

If you use the plugin, please donate or ask your boss to make a donation!

Click here to lend your support to: jQuery Validation Plugin and make a donation at www.pledgie.com !

36 people contributed code to this release. A big thank you to: 1darvesh, Alfonso Martín, Andrew Ray, Andy Cohen, Bart Sipes, Bruno Pinto, Christian, Christian Haller, Dave Marr, Floris Robbemont, g1smd, James Thompson, Jamie R. Rytlewski, John Reilly, joseph.bott, Juan M. Cuello, Jörn Zaefferer, magic.xie, Markus Staab, Martin Laine, Max Toro, Nic Jansma, Nick Schonning, Pat Heard, Peter Conerly, Predrag Stojadinovic, rstaib, ruado1987, Strand McCutchen, Sævar Öfjörð Magnússon, Sérgio Rafael Siqueira, TaeyoungYoon, Thibaud Colas, Veres Lajos, Wing, YuraDubensky, zho. Also thank you to everyone who reported issues on GitHub or commented on them.

As usual:
  • Please post questions to the official Using jQuery Plugins Forum, tagging your question with (at least) “validate”. Keep your question short and succinct and provide code; a testpage makes it much more likely that you get an useful answer in no time.
  • Please post bug reports and other contributions (enhancements, features, e.g. new validation methods) to the GitHub issue tracker

The full changelog:

  • Add ARIA testing (3d5658e)
  • Add es-AR localization messages. (7b30beb)
  • Add missing dots to ‘es’ and ‘es_AR’ messages. (a2a653c)
  • Added Indonesian (ID) localization (1d348bd)
  • Added NIF, NIE and CIF Spanish documents numbers validation (#830, 317c20f)
  • Added the current form to the context of the remote ajax request (0a18ae6)
  • Additionals: Update IBAN method, trim trailing whitespaces (#970, 347b04a)
  • BIC method: Improve RegEx, {1} is always redundant. Closes gh-744 (5cad6b4)
  • Bower: Add Bower.json for package registration (e86ccb0)
  • Changes references from ‘$’ to ‘jQuery’, for compability with jQuery.noConflict. Closes gh-754 (2049afe)
  • Core: Add “method” field to error list entry (89a15c7)
  • Core: Added support for generic messages via data-msg attribute (5bebaa5)
  • Core: Allow attributes to have a value of zero (eg min=’0′) (#854, 9dc0d1d)
  • Core: Disable deprecated $.format (#755, bf3b350)
  • Core: Fix support for multiple error classes (c1f0baf)
  • Core: Ignore events on ignored elements (#700, a864211)
  • Core: Improve elementValue method (6c041ed)
  • Core: Make element() handle ignored elements properly. (3f464a8)
  • Core: Switch dataRules parsing to W3C HTML5 spec style (460fd22)
  • Core: Trigger success on optional but have other successful validators (#851, f93e1de)
  • Core: Use plain element instead of un-wrapping the element again (03cd4c9)
  • Core: make sure remote is executed last (#711, ad91b6f)
  • Demo: Use correct option in multipart demo. (#1025, 070edc7)
  • Fix $/jQuery usage in additional methods. Fixes #839 (#839, 59bc899)
  • Improve Chinese translations (1a0bfe3)
  • Initial ARIA-Required implementation (bf3cfb2)
  • Localization: change accept values to extension. Fixes #771, closes gh-793. (#771, 12edec6)
  • Messages: Add icelandic localization (dc88575)
  • Messages: Add missing dots to ‘bg’, ‘fr’ and ‘sr’ messages. (adbc636)
  • Messages: Create messages_sr_lat.js (f2f9007)
  • Messages: Create messages_tj.js (de830b3)
  • Messages: Fix sr_lat translation, add missing space (880ba1c)
  • Messages: Update messages_sr.js, fix missing space (10313f4)
  • Methods: Add additional method for currency (1a981b4)
  • Methods: Adding Smart Quotes to stripHTML’s punctuation removal (aa0d624)
  • Methods: Fix dateITA method, avoiding summertime errors (279b932)
  • Methods: Localized methods for chilean culture (es-CL) (cf36b93)
  • Methods: Update email to use HTML5 regex, remove email2 method (#828, dd162ae)
  • Pattern method: Remove delimiters, since HTML5 implementations don’t include those either. (37992c1)
  • Restricting credit card validator to include length check. Closes gh-772 (f5f47c5)
  • Update messages_ko.js – closes gh-715 (5da3085)
  • Update messages_pt_BR.js. Closes gh-782 (4bf813b)
  • Update phonesUK and mobileUK to accept new prefixes. Closes gh-750 (d447b41)
  • Verify nine-digit zip codes. Closes gh-726 (165005d)
  • phoneUS: Add N11 exclusions. Closes gh-861 (519bbc6)
  • resetForm should clear any aria-invalid values (4f8a631)
  • valid(): Check all elements. Fixes #791 – valid() validates only the first (invalid) element (#791, 6f26803)

goto fail

Looking for some Saturday evening programmer entertainment? How about a serious security flaw in very widely deployed software caused by a goto statement? What could possibly go wrong?

from xkcd.com/292/

Here’s Apple’s equivalent of the raptor mauling you. That’s the official version, which doesn’t provide any details (“Apples does not disclose any details”). It just says:

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

But you can find the details in this blog post by Adam Langley, who works at Google on Chrome (I think; the blog post implies that, the site doesn’t say). From that post:

static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
                                 uint8_t *signature, UInt16 signatureLen)
	OSStatus        err;

	if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
		goto fail;
	if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
		goto fail;
		goto fail;
	if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
		goto fail;

	return err;

Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn’t conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.

Someone found that entertaining enough to put it on a t-shirt. A few more pre-orders and it’ll get printed.