Skip to main content

Posts

Showing posts from June, 2011

Of Auto-Authenticating URLs, Shortlinks, and Danger

The road to hell is paved with good intentions, they say.

So, it was a good intention when someone (not me) decided to install a link shortener and send password reset links through it, before producing the printed newsletters that would be sent out to individual members. They would need to type the URLs in by hand, so a shorter URL was a good idea. At least, it must have seemed like it, at the time.
Today I took a look at this system, which I was asked to clean up before it gets used again after several months of being ignored. I admit it didn't click in my mind immediately, but after producing some newsletter content in our staging system and verifying the shortlinks were being recorded properly, it suddenly jumped out of the screen and bit me on the nose:
The shortener was producing sequential links for a bunch of password reset links.
What this meant in practical terms is that two newsletters sent out with password reset links for two different users would send them URLs like h…

A tale of three TODO products

I'm the kind of guy that hates the amount of time he spends considering, evaluating, and test driving new productivity software. Recently I had yet another surge of uncertainty over my use of Remember The Milk, and I tried a few other things. I gave a spin on Nozbe and Todo.txt, and I've come to a conclusion.

For now...
I have been a big fan of Remember The Milk, and I pay for a professional account. Even still, I'm not above admitting I might be wrong, so when a few things started to annoy me I sought out something new. I had heard Todo.txt talked up a lot on This Week in Google, given that the author is a host on the show. I had also tried Nozbe in the past, but new it had several large updates since then and wanted to give it another try.
Remember The Milk
I really was happy with RTM, so I want to make clear the things I do like about it! I really have been happy with the Android app, and with the use of smart lists to create filters that match different contexts I want t…

Relearning Twisted.web

I want to use Twisted.web for some projects, and I haven't used it in years. I'm relearning and I feel like a novice all over again, as I should, given the years that have passed since I have seriously looked at any twisted code. I miss it, very much. Want to relearn or learn for the first time? I can't stress enough the excellence of a quick pass through the examples of Twisted.web in 60 Seconds. Go through those immediately. Afterwards, I read up on the new twisted.web.template, which is based on the Nevow templates I worked with so long-feeling ago, and I'm pretty happy with what I see there. I'm wondering how well it will produce HTML5 compliant markup, not that it is very strict, but it looks pretty clear.

My brain still thinks in asynchronous operations and I constantly have to unravel those thoughts and figure out how to express them, non-ideally, in a synchronous workflow. This is becoming tiring, and while I don't plan on leaving Django, I do plan on g…

Windows 8, HTML5 Applications, and Bitching, Moaning, Whiny Developers

I have a great idea, Windows developers: stop being a big bag of whiny bullshit. Oh my god, you have yet another optional API in your toolbox, if you want to use it. Oh no! It's based on scary web thingies you haven't used before! Guess what? COM was new and scary, and so was Win32, and so was .Net and WFC and DirectX and everything else Redmond is spat at your feet to walk on our praise, at your discretion, for the last several decades. You're making a big whiny fuss because you have one more optional API to use, for a novelty new feature that has obvious merits, but is so obviously not the entire picture of Windows 8 that your overt and public cry-fest would be laughable if it was even remotely believable. I refuse to accept that the host of Windows developers is really buying into the bullshit story that everything in the history of Windows is getting swept under the rug and replaced by this, that everything is immediately an old, festering legacy API with legacy applic…

Node.js Conference

[via reddit/r/programming]
I would attend such a conference.