- Flex 3 SDK Development
- Dealing with Build Times in AIR
- Creating and using an mx_internal style Namespace
- Debugging Basics in Flex 3 (beta)
- Error Logging with AJAX
- HTML Reporting in AIR
Not all these posts are mine but most of them are.
Cheers,
Todd
Friday, November 16, 2007
Pier Developer Blog Listing...
Developer Post Round-Up:
Wednesday, November 07, 2007
The Gmail Upgrade Has Arrived...
...at least for me. I'm not sure if everyone can see it yet. Below is a sneak peek ofa the new Contact Manager. If you're working in a small shop it looks like it can be a decent little CRM.
As for the main interface, not a whole lot has changed except for the inclusion of a dropdown menu.
The interface changes are nice but the main upgrade is speed. You'd almost think this is running on the desktop, near seamless experience. They actually prompted me to shut off Firebug just so it wouldn't ruin the experience. The Net Monitor intercepts all the incoming requests slowing things down a bit.
I'm sure I'm missing a couple items but that's all I have to report for now. Hope you get to check it out soon!
Cheers,
Todd
As for the main interface, not a whole lot has changed except for the inclusion of a dropdown menu.
The interface changes are nice but the main upgrade is speed. You'd almost think this is running on the desktop, near seamless experience. They actually prompted me to shut off Firebug just so it wouldn't ruin the experience. The Net Monitor intercepts all the incoming requests slowing things down a bit.I'm sure I'm missing a couple items but that's all I have to report for now. Hope you get to check it out soon!
Cheers,
Todd
Tuesday, November 06, 2007
Basecamp JS Injection
I've used Basecamp on and off for a couple years now. Generally, I thought it was a great application: secure, well-designed, simple & efficient. That is until I ran into this little beauty today.
In case you can't figure out what you're looking at, thats a lightbox with an Iframe pointing to pierinc.tickspot.com. No, that's not a new feature for Basecamp that you missed out on. One of my colleagues, today, noted that he could enter HTML into the Todo list. Immediately, I was like uh-oh...I wonder if I can....out come the <script> tags. You can insert html script tags right into the Todo list and it doesn't get sanitized. A little scary if you use Basecamp for larger projects, perhaps with a developer you don't completely trust.
After a little inspection of the DOM and playing around, I "mashed up" tickspot, our time tracking application, with basecamp so I can kill two birds w/ one stone. Beyond the security risk, this could actually be kinda fun. Tossing anything I want onto my Basecamp page for easy access. I still think Basecamp is a great application but this a serious no no. I had higher expectation from the 37Signals folks than this (perhaps its a feature...lol).
Cheers,
Todd
PS-I don't have a picture of it but the first thing I did was animate all the <div> tags. I had them flying all around the page...great way to freak out your boss ;)
***Update***
37Signals Support responded with this message:
In case you can't figure out what you're looking at, thats a lightbox with an Iframe pointing to pierinc.tickspot.com. No, that's not a new feature for Basecamp that you missed out on. One of my colleagues, today, noted that he could enter HTML into the Todo list. Immediately, I was like uh-oh...I wonder if I can....out come the <script> tags. You can insert html script tags right into the Todo list and it doesn't get sanitized. A little scary if you use Basecamp for larger projects, perhaps with a developer you don't completely trust.
After a little inspection of the DOM and playing around, I "mashed up" tickspot, our time tracking application, with basecamp so I can kill two birds w/ one stone. Beyond the security risk, this could actually be kinda fun. Tossing anything I want onto my Basecamp page for easy access. I still think Basecamp is a great application but this a serious no no. I had higher expectation from the 37Signals folks than this (perhaps its a feature...lol).
Cheers,
Todd
PS-I don't have a picture of it but the first thing I did was animate all the <div> tags. I had them flying all around the page...great way to freak out your boss ;)
***Update***
37Signals Support responded with this message:
Basecamp intentionally allows HTML (and JavaScript) because many ofour
users find great value in being able to use that. We're fullyaware that this
allows for XSS attacks, but Basecamp is based on thenotion of trusted parties.
You should only allow people into thesystem that you believe won't hack your
system (just as you shouldonly invite people into your office that you don't
believe will stealfrom you). If your friend becomes a foe, you can revoke their
accountand change your login credentials. Just like you would simply not letthem
into your office.
If this was a public system, it would definitely be different. You can't
have a public forum today without carefully dealing with XSS issues.
In the 3+ years we've operated Basecamp, we've never had a single suchcase
occur, though. So it doesn't seem like it's a big problem. And I know many of
our customers would scream murder if we removed the option to use HTML in their
messages, as they've become accustomed toover the past 3+ years.
I'm not sure I total agree with the sentiment of leaving security up to your users but its certainly a refreshing change from the pervasive concept of the "low-trust" internet.
==>If you're into javascript...hack away!
Friday, November 02, 2007
Shakakai.com
If you're wondering why I haven't been posting here as often as I used to, I've been tied up on my new website Shakakai.com. Its a site that was created with two main goals:
There's a couple things I need to watch out for taking this approach:
Cheers,
Todd
- To aggregate all the content I'm generating over the web, be it blog posts, tweets, del.icio.us or digg tags, and a host of social website content.
- As an experiment into using Google as Content Delivery Network ( commonly referred to as a CDN)
There's a couple things I need to watch out for taking this approach:
- Accessibility - When building out the view, you need to actively review the accessibility of the markup you're using. Its very easy to blow off the standards when you're waist deep in JavaScript.
- Load Time - Minimize the amount of JS that gets loaded up front so the initial load time appears extra snappy. Then switch over to on-demand loading for any additional functionality (e.g. a "donate now" button)
Cheers,
Todd
Subscribe to:
Posts (Atom)
