Items in Sep, 2007
User account breaches are inevitable. We should take that in to account when designing our applications.[... 545 words]
Currently WebRunner applications share cookies with other WebRunner applications, but not with Firefox. WebRunner uses its own profile, not Firefox’s profile. There is a plan to allow WebRunner applications to create their own, private profiles as well.
hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order. # 28th September 2007, 9:10 am
CSS Sprite Generator (via) Upload a zip file of images and get back a CSS sprite plus a set of pre-calculated background image rules. Tool built by Ed Eliot and Stuart Colville for their forthcoming book “High Performance Web Site Techniques”. # 27th September 2007, 10:59 pm
Large codebases are the problem, not the language they’re written in. Find a way to break/decompose big codebases into little ones.
Halo 3 Site Demonstrates Flaws in SilverLight. The Halo 3 “interactive manual” is like a throwback to Flash in the late 90s—“skip intro”, pointless transitions, text you can’t select or enlarge, links that aren’t links—all wrapped up in an ugly blob (only this time it’s XML instead of binary data). # 27th September 2007, 2:38 pm
WordPress 2.3: Canonical URLs. Fantastic to hear that WordPress 2.3 supports this, and that they picked the right terminology for it (I’ve called the same thing “disambiguated URLs” in the past). # 27th September 2007, 2:03 pm
WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks. # 27th September 2007, 1:55 pm
Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge. # 27th September 2007, 10:29 am
Announcing the Dopplr 100. Similar to how Facebook used to only allow college e-mail addresses, Dopplr is now open to holders of e-mail accounts from 100 large corporations. The blog release doesn’t specify if each corporation gets its own special “group” within the application; that would be a neat touch. # 26th September 2007, 4:34 pm
I have another technique [...] that I’ll be switching jQuery to. If you attempt to insert into the document.body before the document is fully loaded, an exception is thrown. I take advantage of that to determine when the document is fully loaded.
DOMContentLoaded for IE, Safari, everything, without document.write. Stuart has taken Hedger’s recent IE technique, combined it with the others and compressed it in to a short-as-possible code snippet that you can paste in to your scripts without having to include the whole of jQuery/YUI/Dojo/Prototype. # 26th September 2007, 12:19 pm
Firefox 3 Antiphishing Sends Your URLs To Google. Stories like this crop up every now and then, but no one ever seems to mention that the Google Toolbar has been doing this since it was released (more than five years ago) provided you have PageRank display turned on. # 25th September 2007, 11:04 pm
DRM-free MP3 downloads from Amazon. The good: they have what looks like the entire Universal and EMI catalogues in DRM-free 256bit MP3s. The bad: you need a US billing address! So close... # 25th September 2007, 4:30 pm
Your telco knows who you are, where you live and even your credit card number or bank account. It’s their business to provide you physical access from a real location and identify you as a customer by sending you invoices and receiving money from you. This means that Orange OpenIDs are verified IDs of real people as a matter of principle.
lxml.cssselect (via) lxml includes an implementation of CSS 3 selectors, which compiles them to XPath expressions. Should be a useful tool for parsing Microformats from Python. # 24th September 2007, 11:57 pm
IEContentLoaded. An alternative method of detecting DOMContentLoaded on IE; works by polling until the doScroll() method on an unattached element stops throwing errors. # 24th September 2007, 12:10 pm
OLPC: Give 1 Get 1. The long rumoured “buy two OLPCs, donate one to the third world” scheme is actually happening. I plan to get one; the robustness, battery life and WiFi range should make for an excellent conference / outdoor machine. # 24th September 2007, 11:07 am