Blogmarks
Filters: Sorted by date
Primality regex. A regular expression that can identify prime numbers. Unsurprisingly, this one comes from the Perl community.
OmniTI_OpenID. OmniTI’s PHP OpenID 1.1 consumer library. Much less full featured than the JanRain library, but it’s good to have more than one.
Chris Shiflett: My Amazon Anniversary. Chris Shiflett discloses an unfixed CSRF vulnerability in Amazon’s 1-Click feature that lets an attacker add items to your shopping basket—after reporting the vulnerability to Amazon a year ago!
What is OpenID Good For? Dare Obasanjo provides some smart responses to Tim Bray’s criticisms of OpenID, including a good angle on the phishing problem.
pg8000 v1.02. The pure Python PostgreSQL library now supports DB-API 2.0 (and SSL too). That didn’t take long!
Improve your forms using HTML5! (via) Anne Van Kesteren demonstrates the Web Forms 2 support in Opera 9—new form attributes include autofocus, required and type=email.
WaSP Street Team. A new Web Standards Project initiative to encourage the promotion of Web standards in local communities. Your help needed!
SXSW: Web App Autopsy. Conversion rates and revenue per customer for RegOnline, FeedBurner, Wufoo, and Blinksale.
The Figures Behind The Top Web Apps. DropSend.com makes $100,000 profit a year, before tax. Ryan’s slides also have cost-to-build data for Freshbooks, Maya’s Mom, Mobissimo and Wesabe.
You vs. the Real World. The lengths programming libraries go to to be liberal in what they accept.
Google Video: How do I enter transcripts? Neat feature of Google Video I hadn’t seen before: you can upload timestamped transcripts of your videos. Anyone seen a video that uses these?
wii.js (via) A JavaScript library that lets you detect the Wii browser, and provides easy hooks for reacting to keys pressed on the Wiimote.
opensource @ Joost. Joost is built on top of Mozilla, Redland, SQLite and a bunch of other bits and pieces of Open Source infrastructure.
Balancing One-Wheeled Scooter. Technical details of the scooter I linked to earlier.
XSS. Sanitising HTML is an extremely hard problem. The sanitize helper that ships with Rails is completely broken; Jacques Distler provides a better alternative.
Meet the one wheel balancing scooter. Home made one wheeled motorised scooter that looks like a skateboard and self-balances like a Segway.
Ficlets (via) AOL’s first application to launch on Rails, and their first application to accept OpenIDs as well as AOL screen names.
Google Seattle conference on scalability. Google are hosting a conference on scalability in Seattle on June 23rd. They’ve just put out the CfP.
OpenID Server Integrated with CAS. Case Western Reserve University now provides an OpenID for every network account holder.
pg8000 (via) A pure-Python interface to PostgreSQL, using the PostgreSQL network protocol directly. Doesn’t (yet) support DB-API 2.0, but that’s promised in a future release.
Ajax3d Demo. Really impressive Virus clone, using the canvas element.
Web Focus Leads Newspapers to Hire Programmers for Editorial Staff. It’s great to see this trend taking off. A newsroom is an excellent place to work as a programmer.
Relying Party Best Practices. Proposed guidelines for OpenID consumers from Martin Atkins, currently under discussion on the mailing list.
W3C Relaunches HTML Activity (via) “XHTML has proved valuable in other markets” == XHTML on the public Web has failed. Long live HTML!
37 Signals’ next app Highrise will support OpenID. I can’t wait to see how the 37 Signals team deal with the UI challenges involved in supporting OpenID logins.
Hacking del.icio.us with Python. Nat introduces snaflr, a Python script for republishing selected links from a number of del.icio.us users to one communal account.
OpenID on WordPress.com. My first project launch as a freelancer. You can now use your WordPress.com blog as an OpenID.
Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway.
phpbb-openid: Your AIM screen name is your OpenID. Log in to a phpBB board with an AOL OpenID and it will try to associate your OpenID with an account that lists that AIM in the profile. This is the kind of behaviour I talked about in my FOWA talk.
JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.