Friday, December 19, 2008

[Update: Ooops! I should check the links that I paste into my blog posts!]

On the Flickr devt blog they've got some interesting experiences when building their IPhone version of the site that apply to building any light version of a website:

  • Don’t Use a JavaScript Library or CSS Framework - roll your own
  • Load Page Fragments Instead of Full Pages - ajax in the changed content, rather than reloading the whole page
  • Don’t Build for Just One Device - all the world is not an iPhone :)
  • Optimize Everything - trim file sizes and compress content
  • Tell the user what is happening - load indicators

Read more on the Fickr blog.

posted on Friday, December 19, 2008 11:42:04 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [2]
 Wednesday, December 17, 2008

That trip turned out to be a bit of a whirlwind. Sorry I had to dash straight after the presentation!

The talk was an introduction to cross-site scripting (XSS), cross domain request forgery (CDRF) and clickjacking, and used a common theme of "never trust users" to show how trusting GET, POST, Cookies, Headers or other user supplied data could be your downfall.

I've already posted the slides to this talk from back when I presented at the Christchurch Code Camp: Overcoming your web insecurity

There's a new beta of the Anti-XSS library that you should check out when encoding your user-supplied data for use in HTML or attributes. At the same link is the new CAT.NET tool that analyses your code for weaknesses.

The Anti-XSS library now includes the Security Runtime Engine, which will help when encoding ASP.NET controls. I'll be posting about it here soon, so subscribe to my RSS feed :)

posted on Wednesday, December 17, 2008 10:19:01 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Thursday, December 11, 2008

This is very illuminating reading: Browser Security Handbook

The set of web pages cover the standard concepts within web browsers such as how they treat urls, javascript and css, and then covers security features within each browser, such as same-origin policies.

This is the first time I have seen information about all the browsers in one place, and should be a useful resource to both understand the browser protection mechanisms, and how browsers differ in their implementation of security controls.

posted on Thursday, December 11, 2008 11:39:15 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]

It's posts like this which are why I enjoy reading Ken Levine's blog ...by Ken Levine:

He's bleeding. Nurse, quick! Get me the Super Glue!!

Those sports stars are so clever...

posted on Thursday, December 11, 2008 11:16:39 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Tuesday, December 09, 2008

Just got back from sunny Napier, where I presented the seventh iteration of my Visual Studio Tips n Tricks talk. It's the last one I have scheduled, and 7 is the most I've repeated any presentation in the past -- it was quite nice to polish it that much :)

I think almost every tip is linked to in one of the following posts from my blog -- if not, leave a comment and I'll post it.

Cheers,

Kirk

posted on Tuesday, December 09, 2008 8:40:49 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Saturday, December 06, 2008

The SQL PASS Community Connection event is kicking off about now in Porirua (20 mins from Wellington). I'm not able to make it today, but I do plan to head along tomorrow.

Wake up, get up, and head on over!

posted on Saturday, December 06, 2008 8:05:06 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Friday, December 05, 2008

I'm in Napier presenting my Visual Studio Tips and Tricks talk to the Hawkes Bay .NET Users Group.

I think we're on at 3:30pm at the Taradale EIT Campus, but email me if you're thinking of coming, and I'll get you the info.

Kirk

[Update 8 Dec 2008: Added details below]

The session is at 3:30pm on Tuesday 9 December, at the following location:

Room C117
C-block (Computing building)
EIT (Eastern Institute of Technology)
Taradale end of Gloucester Street
Taradale, Napier

posted on Friday, December 05, 2008 10:29:04 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Thursday, December 04, 2008

I spent some time browsing the Givealittle site while eating my lunch today, and I'm struck by how great an idea it is.

JD from Mindscape posted about how they built the site, which is of course how I ended up there :)

When I've donated money in the past, or wanted to give a gift of donation for a wedding, birthday or Christmas, I've always spent ages on Google trying to find the project that 'fit' with the recipient (Are they religious? Do they like animals? etc). Givealittle lets you browse a whole bunch of charities on one site, and even give vouchers which let people choose charities of their choosing.

There's other features of Givealittle which are good news for givers and charities too, reduced costs of transactions, transparency over where the money is spent, collation of all your receipts so that tax time is easier and more.

A fantastic idea, and a site that I plan to use this Christmas.

Kirk

posted on Thursday, December 04, 2008 1:04:26 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [2]
 Wednesday, December 03, 2008

I had fun presenting on ASP.NET security tonight at the .NET Users Group. It was a bit of a whirlwind tour through some common security issues that you might come across when developing and deploying an ASP.NET application.

I've already posted the slides to this talk from back when I presented at the Christchurch Code Camp: Overcoming your web insecurity

posted on Wednesday, December 03, 2008 9:14:41 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Tuesday, December 02, 2008

I spent the evening at the Summer of Code user group event, along with James Hippolite and Scott McKenzie who are also from the Wellington .NET Users Group.

Summer of Code helps place students into companies over their summer break. At Xero we have James Sullivan currently working on Xero Labs samples on our Xero developer site.

The event tonight was to put students in touch with user groups around Wellington. It was great to see the cool user groups that are up and running, from PHP and Linux to WellRailed and SuperHappyDevHouse. Hopefully those students that were there got to see that there's a lot of good support if you're interested in learning new topics, and support for people that want help.

Go Wellington!

Kirk

posted on Tuesday, December 02, 2008 9:57:52 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]