76 items tagged “urls”
2010
How do sites prevent vanity URLs from colliding with future features ?
For wildlifenearyou.com and djangopeople.net I used the same trick as described by others in this list—an enormous blacklist of everything I could possibly want to use for a future feature.
[... 157 words]The Web for me is still URLs and HTML. I don’t want a Web which can only be understood by running a JavaScript interpreter against it.
— Me, on Twitter
apache.org incident report for 04/09/2010. An issue was posted to the Apache JIRA containing an XSS attack (disguised using TinyURL), which stole the user’s session cookie. Several admin users clicked the link, so JIRA admin credentials were compromised. The attackers then changed the JIRA attachment upload path setting to point to an executable directory, and uploaded JSPs that gave them backdoor access to the file system. They modified JIRA to collect entered passwords, then sent password reset e-mails to team members and captured the new passwords that they set through the online form. One of those passwords happened to be the same as the user’s shell account with sudo access, leading to a full root compromise of the machine.
RFC5785: Defining Well-Known Uniform Resource Identifiers (via) Sounds like a very good idea to me: defining a common prefix of /.well-known/ for well-known URLs (common metadata like robots.txt) and establishing a registry for all such files. OAuth, OpenID and other decentralised identity systems can all benefit from this.
Introduction to Surlex. A neat drop-in alternative for Django’s regular expression based URL parsing, providing simpler syntax for common path patterns.
“Tis Pity We Called Her A Whore” And Other Ineffectual Digital Apologies. A useful reminder that URLs can be libellous.
Some People Can’t Read URLs. Commentary on the recent “facebook login” incident from Jono at Mozilla Labs. I’d guess that most people can’t read URLs, and it worries me more than any other aspect of today’s web. If you want to stay safe from phishing and other forms of online fraud you need at least a basic understanding of a bewildering array of technologies—URLs, paths, domains, subdomains, ports, DNS, SSL as well as fundamental concepts like browsers, web sites and web servers. Misunderstand any of those concepts and you’ll be an easy target for even the most basic phishing attempts. It almost makes me uncomfortable encouraging regular people to use the web because I know they’ll be at massive risk to online fraud.
2009
tr.im is “discontinuing service”. “However, all tr.im links will continue to redirect, and will do so until at least December 31, 2009.Your tweets with tr.im URLs in them will not be affected.”—these statements seem to contradict themselves. Will tr.im URLs in tweets stop working after December 31st or not? Any chance they could hand the domain over to the Internet Archive? At any rate, this is exactly why centralised URL shorteners are a harmful trend.
Exclusive: The Future of Facebook Usernames. I have to admit I was planning to just let Facebook get on with it, assuming that the OpenID provider part would show up of its own accord—but maybe I should write a thoughtful and persuasive essay about it after all.
(Yet) Another DiggBar Update. Digg are responding in exactly the right way in my opinion—the DiggBar will start returning 301 redirects for anonymous users, while users who are logged in to Digg can opt-out of the feature if they want to (usage statistics show that most Digg users are fine with the feature).
Counting the ways that rev=“canonical” hurts the Web. Mark Nottingham complains about misapplied trust (a page can falsely claim to be the canonical URL for another page), the easy confusion between rev and rel and the lack of discussion with relevant communities.
tinyarchive.org. Blaine Cook’s archive of 301 and 302 redirects—needs to be automatically updated by a crawler for it to be really useful though.
I like rev=“canonical”. Les Orchard summarises the current debate over what colour to paint the rev=“canonical” bikeshed.
We’re using the same trick on flic.kr to avoid having to maintain a look up database, though we’re using base 58.
rev=canonical bookmarklet and designing shorter URLs
I’ve watched the proliferation of URL shortening services over the past year with a certain amount of dismay. I care about the health of the web and try to ensure that URLs I am responsible will last for as long as possible, and I think it’s very unlikely that all of these new services will still be around in twenty years time. Last month I suggested that the Internet Archive start mirroring redirect databases, and last week I was pleased to hear that Archiveteam, a different organisation, had already started crawling.
[... 920 words]Specify your canonical. You can now use a link rel=“canonical” to tell Google that a page has a canonical URL elsewhere. I’ve run in to this problem a bunch of times—in some sites it really does make sense to have the same content shown in two different places—and this seems like a neat solution that could apply to much more than just metadata for external search engines.
2008
YouTube Enables Deep Linking Within Videos. Add #t=1m45s to the end of a YouTube URL to jump to that spot. I’d be a lot more impressed by this if visiting a YouTube link in the UK didn’t use IP geo targetting to redirect me to uk.youtube.com, losing the fragment identifier and hence the #t specifier in the process.
Versioning REST Web Services. Peter Williams suggests using a vendor MIME media type in the Accept header to specify a required API version, because embedding the API version in the URL itself leads to a single resource ending up with many different URLs, one for each API version.
[REDACTED]. Now that the iPhone NDA has been lifted be prepared for a flood of useful tips about the platform. Here’s Craig Hockenberry explaining how iPhone URL schemes work (used to great effect in the Pownce app for returning to the right place post-OAuth authentication in Safari).
Django snippets: Sign a string using SHA1, then shrink it using url-safe base65. I needed a way to create tamper-proof URLs and cookies by signing them, but didn’t want the overhead of a full 40 character SHA1 hash. After some experimentation, it turns out you can knock a 40 char hash down to 27 characters by encoding it using a custom base65 encoding which only uses URL-safe characters.
The Python Property Builtin. The always-educational Adam Gomaa explains the Python property built-in and shows how it can be used to improve Django’s model-based URL generation.
“Simon Willison’s Weblog” on the redesigned Delicious. The new search feature is extremely impressive; I can see myself coming here before hitting Google for some things. I’m not too keen on the way they’re adding ’www’ to the beginning of my URL when they display it though.
Email Address to URL Transformation (EAUT) specification now available! Allows OpenID users to login using their E-mail address, which is converted in to an OpenID URL based on rules specified in an XRDS document attached to the root domain. Seems like a good idea to me.
MySpace To Join OpenID, Bringing Total Enabled Accounts to Over A Half Billion. Another 200 million OpenIDs—but the important difference between this and the Yahoo! and AOL announcements is that MySpace users know what their profile URL is. Whenever people have told me OpenID is flawed because people don’t understand URLs I’ve answered “sure they don’t, but they know their MySpace page”.
i am near (via) Inspired by wikinear.com and powered by FireEagle, currently just showing nearby pubs from OpenStreetMap but with more stuff planned. I love the URL scheme—pubs.iamnear.net.
A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy.
.aspx considered harmful. Jon Udell: “I guess I’m extra-sensitive to the .aspx thing now that I work for Microsoft, because I know that to folks outside the Microsoft ecosystem it screams: We don’t get the web.”—he goes on to mention that smart URL rewriting is thankfully built in to the upcoming ASP.NET MVC framework.
2007
Web design 2.0—it’s all about the resource and its URL. The fact that the BBC is now building things against this kind of theoretical basis is immensely exciting.
sorl-thumbnail. This looks like a decent attempt at a generic Django thumbnailing service, but I’m always wary of code that allows URL hackers to create large numbers of files that will be cached to disk. UPDATE: My mistake, thumbnail creation can only be caused by template authors.
ASP.NET MVC Framework. This looks pretty good. It includes clean URL support that’s very similar to how Django does things (with a nice alternative syntax for developers who don’t like regular expressions).