Blogmarks
Filters: Sorted by date
The Adobe PDF XSS Vulnerability. If you host a PDF file anywhere on your site, you’re vulnerable to an XSS attack due to a bug in Acrobat Reader versions below 8. The fix is to serve PDFs as application/octet-stream to avoid them being displayed inline.
OpenID Speech at Webtuesday Zurich. Good set of slides, along with the tidbit that local.ch (which had slippy maps years before Google) is implementing OpenID.
Choosing Secure Passwords. Bruce Schneier describes the state of the art in password cracking software.
Ubuntu sugar cookies (via) Different coloured dough is used to bake the Ubuntu logo in to the cookies themselves, kind of like making sushi rolls.
Design Comics Templates 1.0 (via) Free OpenOffice slides with cartoons suitable for use in technical storyboards.
What Python looks like naked. Michal Wallace has been doing some really interesting work writing purely functional code in Python. His latest experiment replaces all of the basic Python statements with equivalent functions.
Atom API for AOL Journals. AOL are doing some really cool things with the Atom Publishing Protocol.
AACS: Extracting and Using Keys. Another DRM system bites the dust, this time when it’s only just made it out of the gate.
Offline Gmail and Blogger Using the Dojo Offline Toolkit. These are just mockups at the moment, but they’re a useful illustration of how offline browsing modes for Web applications could work.
Nginx vs. Lighttpd for a small VPS. My VPS is still running nginx with no problems at all.
Microsoft Breaks HTML Email Rendering in Outlook 2007. They’ve dropped the IE renderer and replaced it with... Microsoft Word! No CSS background images, no floats, no CSS positioning, no forms. Wow.
AirPort Extreme. New today, but didn’t make the keynote. You can plug a USB hard drive in to it and access it over the network.
macrumorslive.com. The MacRumors ajax keynote coverage gets better every time—now they have live photos in addition to the text updates. Simple but effective.
IE JScript Performance Recommendations Part 3. Once again, Microsoft’s official advice is to avoid closures entirely rather than learn how to use them safely. Sigh.
OpenID Questions. I’ve attempted to provide answers in the comments.
A Semantic Solution for Presenting NSFW Content. It’s basically a NSFW microformat.
Shelves in Subversion (via) Useful revision control concept that I haven’t seen before.
Guide to the Dabble DB Plugin API (via) This is really nice—Dabble POSTs your plugin script a bunch of CSV values, your script returns CSV for the derived fields. Doesn’t seem to state which flavour of CSV though.
Apple’s Next-Generation Themes. Cabel’s spotted an Apple patent with screenshots of their in-house tool for creating resolution independent user interface themes.
The Second Life Viewer is now open-source (via) I’d heard that the biggest barrier to this was the need to protect the SL economy from malicious disruption. The FAQ is fascinating, and a real tribute to open-source principles.
mimeparse.py (via) Parsing mime-types is harder than you might think.
Buggy Saints Row: The Musical. An inspired musical piss-take from Cabel Sasser.
rathergood Plush Toys product demos. The ones that weren’t eventually manufactured include a Rock Otter and a Northern Kitten.
rathergood.com toys. Ninja and Viking kittens, a Blode and even a Spongmonkey!
supervisor2. I haven’t tried this yet, but looks like a decent process monitoring tool. It even has an XML-RPC interface.
Why doesn’t Python have more data format readers in the stdlib? I for one would love to see simplejson included in the standard library, with or without a C implementation.
ephemeral profiles (cuz losing passwords is common amongst teens). Lost your password? Create a new profile; you had too many friends you didn’t know anyway.
MoneySavingExpert. Don’t let the cheesy design fool you; this site actually has some really useful (apparently trustworthy) UK personal finance advice.
Writing a Jokosher extension. I like the way API calls are made through an API object passed to the extension’s startup function.
The Dojo Offline Toolkit. The Dojo Offline Toolkit will be a small, cross-platform, generic download that enables web applications to work offline.