2008-04-20
In thinking about using OpenID with TYWYK I'm now thinking about security issues with it.
OpenID is really just about as insecure as email is for authenticating. Anyone can create an OpenID server (just like a mail server) and as many users as they want (just like a mail server). OpenID is not a spam-blocker and as far as I can tell never will be.
So how to verify? Well we could send a verification link to the email address associated with the OpenID account, but that would be just as insecure as OpenID is. I'm thinking now the best way to do it is require the user to fill out a CAPTCHA with their OpenID the first time they login to a site. This would prevent automated spamming of user account creation.
Other ideas
On a sidenote there should be another level to this with white/black-listing. There should be list lookups for OpenID providers just as there are for email servers. With this you could allow first-time authentication without a CAPTCHA and still be safe.
No Comments »
2008-04-20
There's no good tail -f equivalent for commandline in Windows. I've tried the following with success. All are free:
- Lightweight and my favorite for now, pretty easy to customize: BareTail
- Very lightweight: Tail for Win32
- Somewhat more heavyweight and customizable. Easy to change highlight colors: MakeLogic Tail
All of these have tabbed/multi-buffer interfaces.
Just download one and tell it where your rails app's log/development.log file is.
No Comments »
2008-04-20
For TYWYK I wanted to prevent spam early on, but still allow anyone to post. I chose using a CAPTCHA. I'm using Jason Perry's ReCAPTCHA plugin which uses ReCAPTCHA.
It's pretty straightforward. Just read the README and all the comments on agilewebdevelopment and you should be good to go!
Only gotcha that I ran into was making the ReCAPTCHA match the design on my submit page. Took me awhile to find this, but basically I had to just copy/paste the HTML and manually insert my public key INSTEAD of using recaptcha_tags.
No Comments »
2008-04-09
So I downloaded Safari 3.1 for Windows today and I started playing with the "Develop Menu". You can enable it through Edit>Preferences>Advanced and check "Show develop menu in menu bar".
The network profiler thing on this is an amazing piece of work. If you're ever looking to do a performance assessment of a website based on page size/load times this is what you'll want to use. You can see how long it takes for the page to respond, how long each element takes to load and how big all of the page elements are individually or in groups. I did one for my small budget photo page. Check out the screenshot.
1 Comment »
2008-04-06
I often try to find ways to get back to nature in my life. It may seem odd that my job involves me spending all day on my computer, but I really do try to incorporate the old ways of the world. There's a lot of ancient wisdom that has been lost for one reason or another and I'm bent on bringing it back.
I'm male. In the past few months however I've been sitting on the toilet when I go to the bathroom to help exercise my legs and also to prevent splashing. It's much easier cleaning up.
Recently I've been thinking more about it and thought that sitting really isn't the way we're meant to go to the bathroom though. Whether it's pee or poop there is no instance you can imagine in nature where one would sit down as though he was on a chair to do it. I would say it's likely that even men in older times would not stand all of the times they do it. If you've ever peed standing in the wild you'll find that you get a great deal of splash on yourself.
So I was watching a video on qigong the other day and the instructor on the tape mentioned it. I thought what the hell I might as well try it. So I did this morning. No problems. In fact it felt pretty good. It's a very comfortable position. I could balance quite well on the platform of the toilet seat alone.
So after doing it I thought "well I wonder how many other people do this", so of course I googled. I didn't really find numbers.. I found that most of Asia and Africa does it and most of the US and Europe does not pretty much. But what was more striking to me than any numbers was facts I've found about health benefits:
And the benefits:
- Makes elimination faster, easier and more complete.
- Protects the nerves that control the prostate, bladder and uterus from becoming stretched and damaged.
- Securely seals the ileocecal valve, between the colon and the small intestine. In the conventional sitting position, this valve is unsupported and often leaks during evacuation, contaminating the small intestine.
- Relaxes the puborectalis muscle which normally chokes the rectum in order to maintain continence.
- Uses the thighs to support the colon and prevent straining. Chronic straining on the toilet can cause hernias, diverticulosis, and pelvic organ prolapse.
- A highly effective, non-invasive treatment for hemorrhoids, as shown by published clinical research.
- For pregnant women, squatting avoids pressure on the uterus when using the toilet. Daily squatting helps prepare one for a more natural delivery.
So I'm sold. Probably won't be buying a squat-style toilet ever since western ones work fine for me, but I'll be squatting from now on =)
No Comments »
2008-04-05
I've used MRTG in the past. It's cool, but it's hell to configure. I just need something simple for a single server that just works.
Munin rules.. especially if you're on Ubuntu/Debian. It's good for monitoring multiple servers or just one. Here's a demo.
Install is pretty much:
sudo apt-get install munin munin-node
Pretty much zero config if you're starting a server from scratch.
Here are two of the sites I used to help me get up and running:
No Comments »
2008-04-05
The more time I spend on the internet after having an OpenID account the more I get annoyed. There are tons of places that should allow you to login using it: anywhere you post comments, review sites, anywhere that you would post content only once or twice, anywhere that you would use only to subscribe to a service (newspaper, magazine, etc), job application websites.
I've found myself on sites like this this week and refused to open up an account because I find it ridiculous that more people have not adopted this system. The voices of the internet must cry out in rage soon.
That being said, it should be understood that OpenID should not just be used in these small areas. It's a great place to start a a good example of why it should be used, but it's a platform flexible enough to be used for authentication just about anywhere on the web.
Unfortunately I think it's a ways off. Site owners are still interested in 'owning' their users and their content; the technology is still a little complex to understand for less net-savvy users - could be difficult for them to get accounts; for non-net-savvy users more large sites like google or ISPs will have to become OpenID providers for it to become mainstream.
More links:
1 Comment »
2008-04-04
These are recordings of the South By Southwest interactive festival 2008. Lots of good content here about design, startups, business, programming, gaming and other tech stuff.
http://2008.sxsw.com/coverage/podcasts/
Not all of them are uploaded yet, but most of them are. They're trying to get more up.
http://feeds.feedburner.com/SXSWpodcasts here's an rss feed if you want to keep up.
No Comments »
2008-04-03
This is incredible. There are so many apps that you need tabs for. WinTabber will let you create them for any that you want. On top of that it has opacity settings and such. Check out the demo.
I wanted tabbed putty windows. Now I have them!
No Comments »
2008-04-01
I've always liked indeed.com for salary info. I was browsing today and found this:
"Fortune 50" $75,000
"Fortune 100" $63,000
"Fortune 500" $41,000
"Fortune 1000" $59,000
"Early Stage" $77,000
No Comments »
