[Update: Ooops! I should check the links that I paste into my blog posts!]

On the Flickr devt blog they've got some interesting experiences when building their IPhone version of the site that apply to building any light version of a website:

• Don’t Use a JavaScript Library or CSS Framework - roll your own
• Load Page Fragments Instead of Full Pages - ajax in the changed content, rather than reloading the whole page
• Don’t Build for Just One Device - all the world is not an iPhone :)
• Optimize Everything - trim file sizes and compress content
• Tell the user what is happening - load indicators

Read more on the Fickr blog.

That trip turned out to be a bit of a whirlwind. Sorry I had to dash straight after the presentation!

The talk was an introduction to cross-site scripting (XSS), cross domain request forgery (CDRF) and clickjacking, and used a common theme of "never trust users" to show how trusting GET, POST, Cookies, Headers or other user supplied data could be your downfall.

I've already posted the slides to this talk from back when I presented at the Christchurch Code Camp: Overcoming your web insecurity

• Subscribe to my blog: http://pageofwords.com
• The Classifieds web site starter kit
• The Microsoft Anti-XSS Library (use instead of HttpUtility.Encode)
• Which ASP.NET Controls Automatically Encode?
• Clickjacking video
• Framebusting:
  http://pageofwords.com/blog/2008/10/06/FrameBustingInJavascript.aspx
• Security Runtime Engine (coming, will help with ASP.NET controls)
• OWASP – The Open Web Application Security Project – http://www.owasp.org

There's a new beta of the Anti-XSS library that you should check out when encoding your user-supplied data for use in HTML or attributes. At the same link is the new CAT.NET tool that analyses your code for weaknesses.

The Anti-XSS library now includes the Security Runtime Engine, which will help when encoding ASP.NET controls. I'll be posting about it here soon, so subscribe to my RSS feed :)

This is very illuminating reading: Browser Security Handbook

The set of web pages cover the standard concepts within web browsers such as how they treat urls, javascript and css, and then covers security features within each browser, such as same-origin policies.

This is the first time I have seen information about all the browsers in one place, and should be a useful resource to both understand the browser protection mechanisms, and how browsers differ in their implementation of security controls.

It's posts like this which are why I enjoy reading Ken Levine's blog ...by Ken Levine:

He's bleeding. Nurse, quick! Get me the Super Glue!!

Those sports stars are so clever...

Just got back from sunny Napier, where I presented the seventh iteration of my Visual Studio Tips n Tricks talk. It's the last one I have scheduled, and 7 is the most I've repeated any presentation in the past -- it was quite nice to polish it that much :)

I think almost every tip is linked to in one of the following posts from my blog -- if not, leave a comment and I'll post it.

Cheers,

Kirk

• Visual Studio Tips n Tricks (DEV313)
• Visual Studio - Copy references
• Turn off outlining / regions in Visual Studio
• Visual Studio 2008 tip of the day - relive the series
• Explore files from Visual Studio
• Snippet Designer released
• Ctrl + . -- Bring up that annoying smart tag menu
• Temporary Projects - You don't have to save them
• Christchurch - Visual Studio Tips'n'Tricks
• Visual Studio - Regedit your tab ordering and add a column guide

The SQL PASS Community Connection event is kicking off about now in Porirua (20 mins from Wellington). I'm not able to make it today, but I do plan to head along tomorrow.

Wake up, get up, and head on over!

I'm in Napier presenting my Visual Studio Tips and Tricks talk to the Hawkes Bay .NET Users Group.

I think we're on at 3:30pm at the Taradale EIT Campus, but email me if you're thinking of coming, and I'll get you the info.

Kirk

[Update 8 Dec 2008: Added details below]

The session is at 3:30pm on Tuesday 9 December, at the following location:

Room C117
C-block (Computing building)
EIT (Eastern Institute of Technology)
Taradale end of Gloucester Street
Taradale, Napier

I spent some time browsing the Givealittle site while eating my lunch today, and I'm struck by how great an idea it is.

JD from Mindscape posted about how they built the site, which is of course how I ended up there :)

When I've donated money in the past, or wanted to give a gift of donation for a wedding, birthday or Christmas, I've always spent ages on Google trying to find the project that 'fit' with the recipient (Are they religious? Do they like animals? etc). Givealittle lets you browse a whole bunch of charities on one site, and even give vouchers which let people choose charities of their choosing.

There's other features of Givealittle which are good news for givers and charities too, reduced costs of transactions, transparency over where the money is spent, collation of all your receipts so that tax time is easier and more.

A fantastic idea, and a site that I plan to use this Christmas.

Kirk

I had fun presenting on ASP.NET security tonight at the .NET Users Group. It was a bit of a whirlwind tour through some common security issues that you might come across when developing and deploying an ASP.NET application.

I've already posted the slides to this talk from back when I presented at the Christchurch Code Camp: Overcoming your web insecurity

I spent the evening at the Summer of Code user group event, along with James Hippolite and Scott McKenzie who are also from the Wellington .NET Users Group.

Summer of Code helps place students into companies over their summer break. At Xero we have James Sullivan currently working on Xero Labs samples on our Xero developer site.

The event tonight was to put students in touch with user groups around Wellington. It was great to see the cool user groups that are up and running, from PHP and Linux to WellRailed and SuperHappyDevHouse. Hopefully those students that were there got to see that there's a lot of good support if you're interested in learning new topics, and support for people that want help.

Go Wellington!

Kirk