Blogmarks
Filters: Sorted by date
MediaWiki API. Wikipedia’s best kept secret?
Speechification. “A blog of Radio 4. Not about Radio 4 but of it. We point to the bits we like, the bits you might have missed, the bits that someone might have sneakily recorded. Other speech radio from around the world will no doubt find its way here too.”
Python one-liner of the day. I love the idea of publishing one-liners accompanied by one-line test suites.
Mass Attack FAQ. Thousands of IIS Web servers have been infected with an automated mass XSS attack, not through a specific IIS vulnerability but using a universal XSS SQL query that targets SQL Server and modifies every text field to add the attack JavaScript. If an app has even a single SQL injection hole (and many do) it is likely to be compromised.
CSS Variables. Hooray! My number one requested CSS feature (and I know I’m not alone), proposed by Daniel Glazman and David Hyatt so I imagine we’ll see it trialled in WebKit pretty soon.
Internet Asshattery, Armchair Scaling Experts Edition (via) Leonard says what needs to be said about the most recent case of Twitter scaling flame-bait.
Generator Tricks for Systems Programmers. The best tutorial on Python’s powerful generator feature I’ve seen anywhere.
Google AJAX Search API: Flash and Server Side Access. Over a year after Google shot down their SOAP Search API, they’ve quietly released a JSON based one under the guise of supporting “Flash and other non JavaScript environments”. Comes with the strange requirement that an HTTP referer be sent with every request; the API key is optional.
Reading binary files using Ajax. There’s a simple trick for Firefox, and (amazingly) you can get IE to play along using a function written in VBScript.
OSM Super-Strength Export. Awesome new feature on OpenStreetMap: you can browse to anywhere on the map, then hit “export” and download a rendered bitmap or vector (PDF and SVG) image of the currently displayed map—and because it’s OSM there’s no watermark and a very liberal usage license.
Plazes adds Fire Eagle Support. The Plazer software can now automatically update your location in FireEagle based on fingerprinting your laptop’s local network.
ISPs’ Error Page Ads Let Hackers Hijack Entire Web (via) Earthlink in the US served “helpful” links and ads on subdomains that failed to resolve, but the ad serving pages had XSS holes which could be used to launch phishing attacks the principle domain (and I imagine could be used to steal cookies, although the story doesn’t mention that). Seems like a good reason to start using wildcard DNS to protect your subdomains from ISP inteference.
Embedding custom non-visible data in HTML 5. “Every HTML element may have any number of attributes starting with the string ’data-’ specified, with any value.”—this will be incredibly useful for unobtrusive JavaScript where there’s no sensible place to store configuration data as HTML content. It will also mean Dojo has an approved method for adding custom attributes to declaratively instantiate Dojo widgets.
JavaScript: The Good Parts. Douglas Crockford’s soon-to-be-published book on the subset of JavaScript that he recommends. Promises to be “short, but dense”—if it’s half as good as his JavaScript lectures this is going to be a must-have.
HTML 5 vs. Yadis. The draft HTML5 spec currently disallows values for http-equiv and link rel which aren’t listed in the spec—meaning both methods of specifying a link to an OpenID server are invalid for HTML5. This should probably be fixed...
Mibbit (via) Excellent web-based IRC client, should be great for when pesky firewalls get in the way. Also a good candidate for use with a site-specific browser.
PayPal Plans to Ban Unsafe Browsers. At first I thought they were going to encourage real anti-phishing features in browsers, which would be a big win for OpenID... but it turns out they’re just requiring EV SSL certificates which have been proven not to actually work.
Cluetrainwreck. Comcast’s official Twitter account is pretty creepy... “I hope we can change your perception of Comcast!”.
Quotation search in Google News (via) Extremely impressive application of (I suppose) natural language processing in Google News—it now extracts quotations from news stories, even handling things like “he said” and “she said” and resolving them back to the speaker.
KML: A new standard for sharing maps. Google’s KML format, which is already supported by both Microsoft and Yahoo!’s map software, has been accepted under the wing of the Open Geospatial Consortium and is now an international standard.
Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.
Amazon takes EC2 to the next level with persistent storage volumes. You can store a snapshot of a storage volume to S3 with a single API call, making backups trivial.
Multiple inheritance of newforms and modelforms. If you ever see “Error when calling the metaclass bases metaclass conflict: the metaclass of a derived class must be a (non-strict) subclass of the metaclasses of all its bases” when trying multiple inheritance with newforms and modelforms, here’s a scary solution I found.
CSRF presentation at RSA 2008. It terrifies me how few people understand CSRF, years after it was discovered. I’ll say it again: if you’re a web developer and you don’t know what that acronym means, go spend an hour reading about it—because the chances are your applications are vulnerable.
Sharedance (via) “Sharedance is a high-performance server that centralize ephemeral key/data pairs on remote hosts, without the overhead and the complexity of an SQL database.”—ideally suited to session data, which is a poor fit for a full relational database.
Active on IRC in the past hour. New Django People feature in collaboration with Brian Rosner—DjangoBot now provides information on currently active IRC participants. There’s an opt-out privacy control and the bot sends you a message about it the first time it logs your activity.
django-rosetta—Google Code. Very classy Django-powered interface for both reading and writing your project’s gettext catalog files, hence allowing application translators to work through a web interface.
Google App Engine for developers. Best in-depth coverage so far, from Niall Kennedy. I didn’t know that Guido had worked on the Django compatibility layer.
Video on Flickr! There’s a 90 second length limit, because “... Flickr is all about sharing photos that you yourself have taken. Video will be no different and so what quickly bubbled up was the idea of long photos, of capturing slices of life to share.”
A List Apart: Issue 256. The EveryBlock issue. Paul Smith on EveryBlock’s tasty custom maps, and Wilson Miner on EveryBlock’s tasty accessible data charts.