...more recent posts
HTML Purifier is incredibly awesome. It's a set of scripts you can run user submitted HTML content through before displaying on the web (or, better, before saving to the database so you only have to run it once on submitted content) and it will remove any non-whitelisted HTML tags, as well as foiling various possibly nefarious acts (e.g., script attributes on tags, etc...) It also does a great job of cleaning up unclosed tags so that individual posts don't screw up formatting of an entire page. Seems like a mandatory thing to have if you are accepting HTML content from users (and clearly if you accept from anonymous users.) It's just incredibly robust.
One issue I ran into though (it's pretty complex) is that URLs in links were being replaced by '%5C'. The problem was that I was running the HTML through mysql_real_escape_string before HTMLPurifier. You need to do HTMLPurifier first, and then mysql_real_escape_string. I have no idea why, but that is the case. Maybe this will help someone else.
Image map for detailed information. Might need this for an upcoming project.
Browserling is a new cross browser testing web application built with stackVM. They run IE 5.5, 6, 7, 8, 9, FireFox, Opera, and Safari instances on their servers, and you can use these browsers remotely through a virtual machine inside Google Chrome on your local machine. So unlike browsershots.org (which is free or something for-pay like LitmusApp) which just sends you back screenshots of your specified web page as seen in different browsers, Browserling actually lets you interact with the web page. But...
I haven't been able to get it to work. Or, rather, it works, but it shows me a random page rather than the one I request. So not very useful on that count. Hopefully they get it worked out because this would be a really great tool.
HTTPS-everywhere is a FireFox extension from the EFF that helps secure a limited number of popular sites which already support some form of encryption over HTTPS by rewriting links in page to always use HTTPS. In other words, some popular sites like Gmail, Wikipedia, and Facebook, allow you to use HTTPS to browse securely, but they make it a tiny bit difficult by not always defaulting to HTTPS. So some links on a secure page will point to other parts of the site using regular HTTP. The HTTPS-everywhere extension will rewrite such links to help you stay connected securely.
Bunch of front end links for my own uses (and so I can finally close some of the 50+ tabs I have open). I'm doing a lot more client side stuff lately, especially using jquery. I still hate fiddling with HTML and CSS, but not nearly as much as I used to, and javascript is sort of fun although I'm not nearly as comfortable there as in PHP on the server. In any case:
Markup.io - super clever bookmarklet that lets you draw on any webpage, and then share your results. Great for communicating while tweaking web page design.
Common security mistakes in web applications, and the ha.ckers.org cross site scripting cheat sheet. You have to understand this stuff if you are building web apps.
jQuery.pidCrypt - a jQuery plugin to impliment the pidCrypt library
SVG-edit - web-based, Javascript-driven SVG editor that works in any modern browser. Link is to a demo - pretty fun to play around with. Not going to replace illustrator, but it is pretty amazing what can be built in modern browsers.
Zoom-info - pretty simple jQuery image effect that I happen to like. Also Rocketbar, persistent headers and footers, from the same place.
jQuery BBQ - simple, yet powerful bookmarkable #hash history. There are many different implementations of this idea, but this seems to be the most complete. And, sort of humerously, jQuery starwipe, from the same place. From the page:
With jQuery Star Wipe you can enable the single best transition ever created, the star wipe, in any recent WebKit browser!....Only works in modern browsers, but indeed, probably the single best page transition ever.
Why do I need this plugin?
If you even have to ask, then you don’t need it. In fact, you’re not even allowed to look at the live example. Just go away, now.
Protocol relative URL from Paul Irish. Helps with the problem when creating pages with image links when you don't know whether the page will be on http: or https:. It's amazing to me that there is always some other cool trick that I have never heard of before.
jQuery Face Detection (like the technology behind tagging people in FaceBook.)
And finally, one server side piece of goodness: Google's mod_pagespeed for Apache:
...[A] module for the Apache HTTP Server called mod_pagespeed to perform many speed optimizations automatically. We’re starting with more than 15 on-the-fly optimizations that address various aspects of web performance, including optimizing caching, minimizing client-server round trips and minimizing payload size. We’ve seen mod_pagespeed reduce page load times by up to 50% (an average across a rough sample of sites we tried) -- in other words, essentially speeding up websites by about 2x, and sometimes even faster.
Spamhaus, the venerable spam blacklisting service, is starting an invite only whitelist. (Blacklists say "we think these addresses are spammers" while whitelists say "we think these addresses are not spammers"; both can be used by email servers to reduce the amount of spam delivered to users.) The invite only part means, I would guess, that this list will be a big business type thing (I doubt I'll be able to be listed, but I'm sure Chase and Verizon will have no problem). This is the sort of issue that can be tricky in the sense that it seems to split the web into tiers based on something like corporate size, and this seems to cut against the democratic spirit of the web. On the other hand, spam is a ridiculously annoying problem, and this seems like it will only help the situation. So it's a good example of something the younger me might have been against on principle, but which I'm now in favor of for purely pragmatic reasons. The best internet isn't the one that exists somewhere in my dreams; it's the best one we can actually make in reality.
Is the Stuxnet worm targeting the Iranian nuclear infrastructure? Slashdot discussion is here. Debka (grain of salt, etc...) says that Iran has confirmed this to be the case. Pretty interesting.
I've run into an issue where I was hitting the memory limit of Safari on the iPad (loading in very large image galleries) which was causing the browser to crash. (ouch!) It turns out that there is possibly no direct way to unload images from memory in this case, but you can force something to the same effect by changing the src of images you want to unload to point to a small (1x1px) image file. This will unload the real (large) image from memory, replacing it with the small one. Details at the link.
Rsync using sudo via remote shell:
stty -echo; ssh myUser@REMOTE_SERVER/ "sudo -v"; stty echothen:
rsync -avze ssh --rsync-path='sudo rsync'/ myUser@REMOTE_SERVER:/REMOTE_PATH/ LOCAL_PATH
Way behind on a bunch of stuff to post. But I really need to remember this for my own uses since it seems to have improved the performance of Mail.app under 10.5 (which had become so slow it was very frustrating to use and taking up way too much of my time.)
1. Quit Mail.app
2. Back up Mail just in case (i.e., copy ~/Library/Mail to somewhere safe)
3. in Terminal type:
sqlite3 ~/Library/Mail/Envelope\ Index4. Still in Terminal, at the sqlite> prompt, type:
vacuum subjects;and wait for the sqlite> prompt to return (several minutes in my case.)
5. Ctrl-d to drop out of sqlite3 back into terminal
6. Restart Mail.app
Huge speed improvement for me.