Blogmarks
Filters: Sorted by date
Rails 1.2.4: Maintenance release. “Session fixation attacks are mitigated by removing support for URL-based sessions”—I’ve always hated URL-based sessions; I’d be interested to hear if their removal from Rails causes legitimate problems for anyone.
Client Side Load Balancing for Web 2.0 Applications (via) I recall that early versions of Netscape picked a random server from a hard-coded list each time a user clicked the “What’s New” button, back before server-side scaling techniques were well understood.
YSlow: Bug (fix) in Firebug’s Net Panel. The latest release of the YSlow page analysis plugin (announced at FOWA) also fixes a misleading bug in Firebug’s Net panel.
identity-matcher. Dopplr’s social network importing code (for Gmail, Twitter, Facebook and sites supporting Microformats), implemented as a Rails ActiveRecord plugin.
Google Maps, HTML version. Google’s mostly undocumented accessible version of Google Maps. Robin Christopherson demonstrated this yesterday at FOWA.
Amazon makes you lie to log off (via) Amazingly, the only way to sign out of Amazon these days is to use the “If you’re not XXX, click here” link—the traditional “sign out” link has quietly vanished.
Cronto. I saw a demo of this the other day—it’s a neat anti-phishing scheme that also protects against man in the middle attacks. It works using challenge/response: an image is shown which embeds a signed transaction code; the user then uses an application on their laptop or mobile phone to decode the image and enters the resulting code back in to the online application.
BBC Radio 4—Click On. I was interviewed on today’s programme, about OpenID. The clip is about 7 minutes in to the program, which is available using RealPlayer and the BBC’s Listen Again service.
Programming Nu (via) Interesting new programming language—Lisp style syntax, Ruby style semantics, built in Objective C bridge so you can access Cocoa APIs directly.
Email addresses your OpenID via DNS. Sam Ruby has warmed to the idea of making e-mail addresses usable as OpenIDs via a DNS SRV record.
Idea: The Histogram as the Image. How to hide the New York City skyline in the histogram of an image.
OLPC Peru/Arahuay. A fascinating case study of the introduction of the XO to a school in Peru. It’s really exciting to see the project starting to make an impact.
Kosmos Distributed File System (via) New open source distributed filesystem similar to Google’s GFS.
hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order.
CSS Sprite Generator (via) Upload a zip file of images and get back a CSS sprite plus a set of pre-calculated background image rules. Tool built by Ed Eliot and Stuart Colville for their forthcoming book “High Performance Web Site Techniques”.
DbMigration—a schema migration tool for Django. Nice and simple tool for adding schema migrations to a Django application.
Halo 3 Site Demonstrates Flaws in SilverLight. The Halo 3 “interactive manual” is like a throwback to Flash in the late 90s—“skip intro”, pointless transitions, text you can’t select or enlarge, links that aren’t links—all wrapped up in an ugly blob (only this time it’s XML instead of binary data).
WordPress 2.3: Canonical URLs. Fantastic to hear that WordPress 2.3 supports this, and that they picked the right terminology for it (I’ve called the same thing “disambiguated URLs” in the past).
WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks.
Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge.
djangogigs.com—from idea to release in 6 hours. Now that’s what I call rapid development.
Announcing the Dopplr 100. Similar to how Facebook used to only allow college e-mail addresses, Dopplr is now open to holders of e-mail accounts from 100 large corporations. The blog release doesn’t specify if each corporation gets its own special “group” within the application; that would be a neat touch.
DOMContentLoaded for IE, Safari, everything, without document.write. Stuart has taken Hedger’s recent IE technique, combined it with the others and compressed it in to a short-as-possible code snippet that you can paste in to your scripts without having to include the whole of jQuery/YUI/Dojo/Prototype.
Firefox 3 Antiphishing Sends Your URLs To Google. Stories like this crop up every now and then, but no one ever seems to mention that the Google Toolbar has been doing this since it was released (more than five years ago) provided you have PageRank display turned on.
Sun’s OpenID IdP: Real vs Fake. The thinking behind Sun’s decision to allow users of their OpenID provider to pick fake names and assign personal e-mail addresses.
DRM-free MP3 downloads from Amazon. The good: they have what looks like the entire Universal and EMI catalogues in DRM-free 256bit MP3s. The bad: you need a US billing address! So close...
Zimki is to shut down. I guess they were just too revolutionary for Canon Europe, the corporate mothership, to understand.
France Telecom Supports OpenID! France Telecom is the parent company of Orange. Apparently all 40 million France Telecom subscribers now have an OpenID.
lxml.cssselect (via) lxml includes an implementation of CSS 3 selectors, which compiles them to XPath expressions. Should be a useful tool for parsing Microformats from Python.
mySociety Disruptive Technology Talks. Four great talks coming up in London this Autumn, courtesy of the lovely folk at mySociety.