Skip to main content

Posts

Showing posts from November, 2010

Eggnog review: Mountain Dairy Eggnog

Rich and creamy. Not quite enough nutmeg. Don't try the vanilla flavor. Better then average. Recommendation: Buy.

Eggnog review: Darigold Eggnog

Not enough nutmeg. Cheap sweetener flavor. Terrible. Recommendation: Don't buy.

Twitter API vulnerable to replay attacks

Reading about Google's security today reminded me of an vulnerability I discovered in the @ twitterapi a while ago. October 4th to be exact. The response was a typical but as of this writing the replay attack vulnerability has not been fixed. Replay attack A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution. Notification My email to security@twitter.com on October 4th and their response. A single OAuth request can currently be made repeated until the timestamp expires. For example the below url worked in a browser repeatedly. http://api.twitter.com/1/account/verify_credentials.json?oauth_consumer_key=DC0sePOBbQ8bYdC8r4Smg&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1286249576&oauth_nonce=2568844471&

Say no to broken Twitter avatars

What do all of the many Twitter mashups hanging around on the internet have in common? Broken avatars! At the rate users upload new avatars every site will at some point have outdated profile information. I have come up with a simple and elegant method of keeping profiles up to date with very little wasted computer cycles. The basic idea is to bind an event handler onto JavaScript error events with @ jQuery . This handler will perform two actions. Fist it will replace the image source with a temporary static link to the users avatar so the visitor will see a working image. Second the handler will ping the server with the screen_name of the missing avatar so the persistent storage can be updated. In your HTML load jQuery and use selectors to find all image elements with a class of twitter-avatar. The error handler bound to all the selected image elements updates the image source and pings the server. The second file is in PHP and uses TwitterOAuth but can be in any programming

Hello San Francisco!

I have enjoyed being in Seattle but have decided to take a job with @ Answerly and move to San Francisco. Answerly is a @ YCombinator startup building some awesome stuff and I am very excited to be joining the team. While I can't go into details yet, be sure to follow me (@ abraham ) on @ Twitter to see my latest startup experience unfold. I love working with lots of social data so I'm sure there will be some of that mixed in. :-P When am I moving? Well pretty much immediately. I will be in Portland for Thanksgiving before driving down I-5 early December. If you happen to be long the route drop me a note and maybe I will drop in for a bit. View Larger Map I am looking for an apartment in downtown SF so if you know of something or are looking for a roommate let me ( and doxy ) know. And with that be sure to look for me at SF tech events and have a wonderful Thanks Giving.

8 Experts Break Down the Pros and Cons of Coding With PHP

5. Abraham Williams : Copy-Paste Hacking Williams is a developer and self-styled “hacker advocate.” Williams, like his fellow experts, admits that PHP “has a short route to minimum viable product.” He also says that the readily available resources online can be great and terrible at the same time. “There is a huge amount of code laying around on the Internet ready to copy and paste to hack together. On the flip side, the low barrier of entry results in a lot of crappy code that you really don’t want running on your server.” He also says one of his favorite PHP apps is the open-source microblogging platform StatusNet . ( http://status.net/ ).

The 1-step Google login from heaven

@ alain94040 had an experience with some of @ Google 's terrible user experience trying to access his @ YouTube account. While Google definitely needs to improve their sign in system, (which they are doing) Alain's example is a perfect storm of everything going wrong. I though I would share my YouTube sign in experience: 1. Click on Sign In On YouTube I simple click "Sign In". Since I am always authenticated with my Google Account... Youtube refreshes and I am signed in.

Startup Weekend Seattle development tools

Startup Weekend Seattle had 13 teams working nonstop Friday through Sunday brainstorming, designing, and building startups. These are the tools they used. 501K - @ 501KPlan We are paying it forward one portfolio at a time ASP .NET MVC 3 MS SQL Server 2008 jQuery Facebook API Amazon Flexible Payments Service myhosting.com Subversion Chatter Sphere Discovering People and Things Around You Java Serverlet MySQL jQuery / UI eApps.com Clpstr - @ Clpstr Watch it Later iOS SDK Android SDK Windows Phone 7 SDK Ruby on Rails JavaScript Bookmarklet Embedly API GitHub Heroku PostgreSQL jQuery Tellus Homes We Create Ecologically, Economically and Socially Sustainable Homes Marketing Keynote Microsoft Excel Snuggle Cloud - @ SnuggleCloud Romance in the cloud Google Calendar embed Slicehost Ruby on Rails MS Paint Wufoo StyleCast - @ StyleCastMe Broadcast your style! Facebook API Google App Engine - Java DISQUS Comments PhoneGap Sencha We Refe

The Changelog: GitHub Follow Friday for 20101029

Another Friday, time to spotlight some GitHub folks you should follow. tenderlove (Aaron Patterson) nokogiri and mechanize , Aaron also empowers you to do fuzzy texticle searches. isaacs (Isaac Z. Schlueter) The man who helps you manage your package using npm . abraham (Abraham Williams) The author of the canonical PHP library for the Twitter API and fun Chrome extensions , a cool dude who is master of his domain — name .