October 2008
Oct. 26, 2008
YouTube Enables Deep Linking Within Videos. Add #t=1m45s to the end of a YouTube URL to jump to that spot. I’d be a lot more impressed by this if visiting a YouTube link in the UK didn’t use IP geo targetting to redirect me to uk.youtube.com, losing the fragment identifier and hence the #t specifier in the process.
Web Security Horror Stories: The Director’s Cut. Slides from the talk on web application security I gave this morning at <head>, the worldwide online conference. I just about managed to resist the temptation to present in my boxers. Topics include XSS, CSRF, Login CSRF and Clickjacking.
Oct. 27, 2008
Windows Live Adds Support For OpenID. I hope they include the option to log in to the provider using CardSpace, to address phishing.
typeface.js. Outstanding hack—renders custom fonts using VML in IE and canvas in everything else, using fonts that are defined as a set of vector paths stored using JSON.
GeoCouch: Geospatial queries with CouchDB. Interesting approach: uses “external2”, a branch that allows external services to be called from CouchDB. SQLite’s SpatiaLite extension is then used as an external spacial index.
Where I’m actually living in augmented reality, Jefferson Airplane and what does this mean for photos. Rev Dan Catt takes us to the future.
Oct. 29, 2008
I'm really typecasting myself here. If there were an international "Person most likely to write a Spectrum emulator in Javascript" award, I'd have taken it for the last five years running.
JSSpeccy. A ZX Spectrum emulator written in Javascript.
Oct. 30, 2008
Zeppelin 101 in 5 mins (via) Ribot videoed my five minute lightning talk on Zeppelins at last night’s Skillswap Brighton.
Ghostly fingers of APIs. Phil Gyford has a lovely diagram of the sites that he updates manually and the surprisingly large number of other sites that they affect.
In the final Production release we will be adding the ability to sign in to the Live ID OpenID Provider using any of the credential types that can be used with regular Live ID sign-in's -- including CardSpace, SmartCard, eID, etc.
New OpenID Implementations Abound. I’ve missed linking to a bunch of OpenID news recently—in particular, Google Accounts are becoming OpenID identifiers and LiveJournal has quietly ugraded its consumer support to OpenID 2.0.
Yahoo, Caja, OpenSocial. Yahoo!’s new application platform uses OpenSocial, and protects itself from malicious JavaScript using Google’s Caja secure JavaScript engine. I hadn’t realised that Caja was ready for production use—this is excellent news.