We are working on a design that will keep TiddlyDocs as generic as possible. The core TiddlyDocs product will have a concept of “rooms”. This is the same kind of room you see in online forums or chat sites, where everyone inside the room contributes and sees content inside the room they’re in, and can’t [...]
TiddlyDocs User Authentication – Generic Design and Custom Features
August 14th, 2009 · No Comments
Tags: SoftwareDev
The New Registration and Login Grammars
June 25th, 2009 · 8 Comments
There is a well-established “grammar” for how we sign up and log into websites. Provide your name, email and password; verify the email; login to the site with username and password until you’re timed out. You know the drill. But a wave of new web apps and protocols is challenging the status quo, breaking the [...]
Tags: HumansAndTech · SoftwareDev
Explaining the “Don’t Click” Clickjacking Tweetbomb
February 12th, 2009 · 5 Comments
I just noticed some of my Twitter friends posting the following mysterious message: "Don't Click: http://tinyurl.com/amgzs6" It turns out this is a Tweetbomb. If you go to that link and click on the button below, you end up tweeting the same thing: ... thus all your friends see it and some of them click on it and re-post [...]
Tags: SoftwareDev
Frame-Busting Gadgets
September 16th, 2008 · 3 Comments
In the questions after my @media ajax talk, Simon Willison asked about frame busting. If gadgets sit inside iframes, what's to stop them from busting the frame, i.e. replacing the container with another website. I notice he made a similar comment when OpenSocial came out. If a gadget can cause iGoogle to go away in [...]
Tags: SoftwareDev
OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing
November 10th, 2007 · 15 Comments
OAuth, OpenID...they sound like the same thing and they kind of do vaguely similar things But I'm here to tell you, OAuth is not Open ID. They have a different purpose. I've been playing around with OAuth a bit in the past couple weeks and have a grip on what it's aiming to do and [...]
Tags: HumansAndTech · SoftwareDev
Ajax Functionality and Usability Patterns – Podcast 4 of 4: Functionality Patterns
September 23rd, 2006 · 2 Comments
This is the fourth and final podcast in the series on Ajax functionality and usability patterns (Book: Part 4, pp 327-530). This 54-minute podcast covers seven patterns of Ajax Architecture (Book: Chapter 17, pp 473-530): Lazy Registration Direct Login Host-Proof Hosting Timeout Heartbeat Unique URLs Dynamic Favicons Dedicated to the Nitobians, whose last podcast inspired me to crank another one out again. Recent events [...]
Tags: Links · Podcast · SoftwareDev
Wikipedia as a Honeypot
December 7th, 2005 · No Comments
How long until wikipedia becomes a honeypot? "Who wants to be a millionaire" contestant is struggling to answer the question, "What year did the Fonz jump the shark?", and calls out to Lifeline Buddy. Back in 2005, Lifeline Buddy would have googled for the answer. But this is 2007, and "wiki" is now a household name [...]
Tags: HumansAndTech
Host-Proof Authentication?
November 30th, 2005 · 1 Comment
Abe Fettig's done some important experimenting to arrive at a direct remoting technique, one which bypasses the need for a Cross-Domain Proxy and doesn't rely on cross-domain On-Demand Javascript. Compared to the latter technique, Abe's idea is more functional, because you get the power, expressivity, and bidirectional capability of XMLHttpRequest, as opposed to the On-Demand [...]
Tags: HumansAndTech · Links · SoftwareDev
