Blogmarks
Filters: Sorted by date
Balancing One-Wheeled Scooter. Technical details of the scooter I linked to earlier.
XSS. Sanitising HTML is an extremely hard problem. The sanitize helper that ships with Rails is completely broken; Jacques Distler provides a better alternative.
Meet the one wheel balancing scooter. Home made one wheeled motorised scooter that looks like a skateboard and self-balances like a Segway.
Ficlets (via) AOL’s first application to launch on Rails, and their first application to accept OpenIDs as well as AOL screen names.
Google Seattle conference on scalability. Google are hosting a conference on scalability in Seattle on June 23rd. They’ve just put out the CfP.
OpenID Server Integrated with CAS. Case Western Reserve University now provides an OpenID for every network account holder.
pg8000 (via) A pure-Python interface to PostgreSQL, using the PostgreSQL network protocol directly. Doesn’t (yet) support DB-API 2.0, but that’s promised in a future release.
Ajax3d Demo. Really impressive Virus clone, using the canvas element.
Web Focus Leads Newspapers to Hire Programmers for Editorial Staff. It’s great to see this trend taking off. A newsroom is an excellent place to work as a programmer.
Relying Party Best Practices. Proposed guidelines for OpenID consumers from Martin Atkins, currently under discussion on the mailing list.
W3C Relaunches HTML Activity (via) “XHTML has proved valuable in other markets” == XHTML on the public Web has failed. Long live HTML!
37 Signals’ next app Highrise will support OpenID. I can’t wait to see how the 37 Signals team deal with the UI challenges involved in supporting OpenID logins.
Hacking del.icio.us with Python. Nat introduces snaflr, a Python script for republishing selected links from a number of del.icio.us users to one communal account.
OpenID on WordPress.com. My first project launch as a freelancer. You can now use your WordPress.com blog as an OpenID.
Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway.
phpbb-openid: Your AIM screen name is your OpenID. Log in to a phpBB board with an AOL OpenID and it will try to associate your OpenID with an account that lists that AIM in the profile. This is the kind of behaviour I talked about in my FOWA talk.
JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.
Dashcode review. “Dashcode is quite possibly the best non-Firebug Javascript environment I’ve ever used.” High praise indeed.
Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.
Five things I hate about Python. By Jacob Kaplan-Moss. I didn’t know you could force eggs to install unzipped with an option in ~/.pydistutils.cfg—that’s always been my least favourite thing about them.
PHP 4 phpinfo() XSS Vulnerability. Another reason not to run an open phpinfo() page on your server.
pear 0.8. “A libevent/pyevent-based locking session daemon for the web”. Relational databases aren’t particularly well suited to the access characteristics of session data.
Scaling Python for High-Load Web Sites. Slides from a talk at PyCon. Be sure to switch to the notes view (Ø in the bottom right)—a really nice overview of scaling up from a CGIs to load balanced, memcached Python application servers.
json-taglib. Because JSON just doesn’t have enough angle brackets.
Rack. “Rack provides an minimal interface between webservers supporting Ruby and Ruby frameworks”. Ruby’s equivalent of WSGI has just hit v0.1.
Programming Erlang. A book on Erlang from the creator of the language himself, out in July but available to buy now as a beta PDF.
WordPress 2.1.1 dangerous, Upgrade to 2.1.2. Helping to spread the word. You’re affected if you’ve downloaded WordPress 2.1.1 in the last three or four days.
Math for the Masses. WordPress.com now supports inline LaTeX. A great example of a feature that will turn a small subset of a user base in to life-long fans.
Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL.
Adobe wants to be the Microsoft of the Web. The base platform technology for RIAs is too important to be controlled or designed by any single party.