Blog

Twitter Tools 1.5b2

I’ve got a new beta version of Twitter Tools ready for testing. Twitter Tools is a WordPress plugin that creates an integration between your blog and your Twitter account.

This release has a couple of bug fixes (from version 1.5b1) and a couple of new features:

fixed a logical bug that made the “exclude replies” option work backwards (oops!)
removed a try/catch for PHP 4 compatibility (oops!)
added support for hashtags (linked to search.twitter.com)
abstracted all API endpoints and URLs so that it can theoretically support any service that implements the Twitter API

Hopefully this will be ready for a full release shortly, with only minor changes (if any). I guess we’ll find out soon.

The download and more information are available on my WordPress Plugins page.

If you have any trouble with this, please open a thread in the WP Support Forums and send me the link.

Popularity: 2% [?]

4 Comments |

Posted August 27th, 2008 @ 11:48 AM

Around the web

1 Comment

Muxtape gets shut down. Pandora might get shut down. Everyone is pissed off. A call for patronage.
Dumber is Faster with Large Data Sets (and Disk Seeks)
Predictions for Apple September Thingy
YouTube - 1988 Paul Hunt gymnastics comedy beam routine
blackrimglasses - The Frustration of Wanting Something You Can’t Buy
How To Launch Software (Aaron Swartz’s Raw Thought)
Failure - a little early to be calling it quits on this one I think.
A review of the Nokia E71 - mirrors many of my thoughts re: BlackBerry v. iPhone.
My Take On Demo Day - I managed to stay out of most of the photos.

Projector Choices

Posted in: Technology

I need to get a projector for the office and I’m having a hack of a time trying to decide on a relatively cost-effective projector that has a 1280 pixel wide resolution (generally 720p).

These two are the current leading contenders:

I have a Sharp for my home projector and I’m quite satisfied with it. Some of what I’ve read makes me think the Sharp is a better machine, however the Optma is smaller (which is important when it’s sitting on a conference table as it will, for a while at least) and has a bunch of good reviews, so I’m not that worried about it either.

Anyone have experience with either model or can see anything important in the specs that I could be overlooking?

Popularity: 5% [?]

1 Comment |

Posted August 22nd, 2008 @ 3:25 PM

ShareThis 2.3

Posted in: News, WordPress

There’s a new version of ShareThis out this evening. This release fixes a bug in version 2.2 where the ShareThis button might not be visible correctly if your WordPress theme shows post excerpts on certain pages.

ShareThis is a plugin that makes it easy for your visitors to share your content to other people or online destinations and social web sites. You can see it in action by clicking the ShareThis link at the bottom of any of the posts or pages on this site.

The download and more information are available on my WordPress Plugins page.

If you have any trouble with this, please open a thread in the ShareThis Support Forums and the team will be happy to help you out.

Popularity: 7% [?]

9 Comments |

Posted August 21st, 2008 @ 6:29 PM

New Lijit WordPress Plugin

Posted in: Crowd Favorite, Case Studies, News, WordPress

There’s a new and improved Lijit WordPress plugin available for download. This version is one that my company, Crowd Favorite, had the pleasure of helping build.

The new plugin makes it easy for you to enable Lijit search from the default WordPress search box, or you can add in the full Lijit ~~widget~~ wijit if you like.

I use Lijit search on alexking.info, where I aggregate content from all of the various sites and services I publish content on. The Lijit search performs a search across all of that content - pretty slick.

I’m pretty pleased with the overall user experience for the plugin. It nicely handles set-up for new or existing users, gives straightforward options and instructions, and even brings in your Lijit search stats with a new link on the WordPress admin dashboard.

Many thanks to the great folks we were able to work with at Lijit in building the new plugin. It was a pleasure working with people that care deeply about their users and are also technically astute.

Popularity: 9% [?]

11 Comments |

Posted August 20th, 2008 @ 12:17 AM

Around the web

0 Comments

Fight the Future
Macbook + Coffee = Bad - one of those “laugh but also feel kinda sick about it” things.
blackrimglasses - Holy Jesus - power of attorney? - I can understand why they need it, but yeah…
Memoranda - some good points here.
The Long Term Performance of InnoDB - this is completely true, but as a web developer I really want this sort of thing to be hidden from me.
Washburn and the Winner’s Curse - I’ve been long lementing the bad contracts the Mariners have been dishing out.
WordPress MU Domain Mapping 0.1 - will be checking this out with interest.
RedMonk: We’re Not Perfect, But We Try - really glad we were able to help build this for Steve and the good folks at RedMonk.
**The opinions expressed in this blog post are mine alone…. - yeah…
Consuming Not Creating, Revisited - heh.

WordCamp Utah

Posted in: Crowd Favorite, WordPress

WordCamp Utah is coming!

September 27th is the date - registration is open.

I’m quite looking forward to this (particularly since I wasn’t able to make WordCamp SF this weekend), both as a speaker and as an attendee. I’ll probably be flying in Friday mid-day and out on Sunday.

Big thanks to Joseph Scott for organizing.

My company, Crowd Favorite, is proud to be one of the sponsors of the event.

Popularity: 9% [?]

5 Comments |

Posted August 15th, 2008 @ 5:39 PM

Debugging an XSS attack

Posted in: Development

Today I ran across a Cross Site Scripting (XSS) attack in the wild. Since the victimized site is run by a friend, I did a little digging to see how the attack was done so I could tell him about the issue and how to fix it. Here is a little background on XSS attacks and how to debug them and avoid them.¹

An XSS attack is when someone is able to inject code into a page - generally when a user can get JavaScript code to execute within a web page. These can do bad things like steal your cookies and do bad things on your behalf, or annoying things like pop up windows and redirect you places.

If you are trying to debug an XSS attack, the first rule of thumb is not to use your main browser. Don’t use anything that has “your” data in it - things like login cookies, etc. Instead, use your secondary browser or your development profile for your main browser if you have one.

Your browser can show you the behavior that the attack is performing, which is useful. However, depending on the attack, getting the HTML source from your browser may not be so easy. Also, many browsers will “clean up” the HTML a bit as they render it, so the HTML you see from your View Source command isn’t always exactly what the web server sent down.

You should use a command line utility like cURL or wget to download the raw HTML source and look through there for the vulnerability.

You’ll probably find a place in the HTML where a tag was closed before you expected it, and a SCRIPT tag somewhere you didn’t expect it.

There are a number of ways to avoid XSS attacks. The main approaches are:

Strip out tags/content you don’t want to support. These should definitely include script tags, and also attributes on other tags that can execute JavaScript - attributes like onload, onclick, etc.
Encode your HTML output so that angle backets become < instead of < and quotes become " instead of ". This prevents the JavaScript from being executed in the browser because the attempted HTML tags don’t end up as HTML tags, they instead show what would normally be seen as HTML source.

There’s a ton of info on preventing XSS attacks out there on the web. If you’re a web developer, make sure to do a little reading on this.

This is the one security area developers fail most often when interviewing for a position at Crowd Favorite. [back]

Popularity: 9% [?]

3 Comments |

Posted August 12th, 2008 @ 6:46 PM

Around the web

1 Comment

Paul Abrams: The McCain Strategy Is Vintage Karl Rove, the Media Loves It, and the Obama Camp Is Not Taking It Seriously Enough
tecosystems - Big Brother is Watching You. On Twitter.
Sprint: Sprint Finally Makes Good On 3G Data Capping - this totally sucks. (thanks Eric)
Paris Hilton Responds to McCain Ad - “I’ll see you at the debates, bitches.” - hah!
Beta testing on iPhone 2.0 - I think “half-baked” is a generous term for the current state of the App Store.
Davenetics* : Tiger and Steve
Zennaware - Cornerstone - another lovely looking Subversion client for the Mac. Great to see competition for Versions - I look forward to testing this out.
Twitter is down again, hilarious Chris Shiflett: End of Life for PHP 4 (thanks Shawn)
Will There Be Only One Cloud?
Placating people with options - interesting take on the Google Code license availability changes.
Google Code vs License Proliferation - good commentary from Steve, as usual.
Try before you buy at the iPhone App Store? - I have to think the people at Apple know this too.
iPhone, iCal, and CalDAV - calendaring options are improving drastically.
Short random thoughts from Coors Field - I consider Safeco and Coors fields two of the best places to actually watch a ballgame.
Uses for an iPod Touch Around the House - at some point I need to do this for our house.
iPhone App Store is Revolutionary - for all it’s warts, this is also true.
The MobileMe Thunderbird Address Book Sync
Configure ActiveSync with a single Exchange server (Exchange sync for an iPhone)
WordPress 2.6.1-beta1 - Dougal’s right on top of this stuff.
Wake n’ Bacon (thanks Jeremy)
OMG I heart the iPhone! - while the iPhone succeeds wildly in bringing the “smartphone” to the masses, it also fails in some pretty fundamental ways.
Action! - I look forward to seeing how this goes. I’ve got no doubt Ethan can pull it off.
IE previews from within Coda - very nice.

I credit Brent and the excellent NetNewsWire for iPhone for my newfound ability to (almost) keep up with my feeds again.

Addictomatic Refreshed

Posted in: Crowd Favorite, Case Studies, News

Addictomatic is sporting a shiny new suit today.

The overall look has been updated with a great new design from Bryan Bell, and a number of little features have been added and minor tweaks made since the initial launch.

I’ve got a few more screenshots here, but it’s a lot more fun to just go poke around.

Here is a partial list of the changes:

New theme design.
Welcome message for first time visitors.
List of Hot Topics next to the Create box.
New Browse the News navigation.
Integrated ads from the Deck.
More little JavaScript effect niceties.
Numerous behind the scenes changes for performance.

The main focus of the refresh was to make it easier for new visitors to explore the site. To this end we exposed more links to Hot Topics, added weight to the Browse the News (formerly Newsfix) button, and configured the Browse the News drawer to stay open on Browse the News pages. This last change keeps the other news topics visible more often, giving people enticing things to click on. Hopefully the results will be good.

Thanks, as always, to Dave Pell for trusting us to work on his baby. We have a lot of fun building and using Addictomatic.

Popularity: 13% [?]

2 Comments |

Posted August 6th, 2008 @ 11:15 AM

alexking.org

Blog

Twitter Tools 1.5b2

Around the web

Projector Choices

ShareThis 2.3

New Lijit WordPress Plugin

Around the web

WordCamp Utah

Debugging an XSS attack

Around the web

Addictomatic Refreshed

Twittering...

Recent Posts

Recent Popular Posts

Topics

Archives

Feeds

Subscribe by E-mail

About This Site

Crowd Favorite

Ads