- Screencasting tips — Jon Udell
Quote: “People learn to use tools by watching how other people use them, and imitating what they see.”.
(categories: screencasting tips udell education screencast ) - Tagging and foldering in Photo Gallery — Jon Udell
Tagging is including in Vista’s Photo Gallery: notable only in that it’ll be one of the first mass market (ie: something my mom might use) products that uses tagging.
(categories: tagging tags ontology metadata photogallery vista )
Monthly Archives: February 2007
Links: 2-20-2007
- Top Ten Mistakes in Web Design (Jakob Nielsen’s Alertbox)
Personal pet peeve from this list, number 9: “Opening New Browser Windows”
(categories: design ui usability tips ) - Seven steps to remarkable customer service – Joel on Software
I’m sure everyone and their mom will link to this, but it’s good… read it if you haven’t already.
(categories: customerservice support leadership marketing business )
Links: 2-19-2007
Links: 2-17-2007
- Increase file descriptor limit under Linux to prevent java.net.SocketException: Too many open files
Ran into this with Tomcat on my VPS box: updating /etc/security/limits.conf solved the problem immediately.
(categories: tomcat file_descriptor linux java.net.socketexception )
Links: 2-16-2007
- Kumar Mettu’s Blog: Using Fiddler with Firefox
Fiddler rules. Firefox rules. Together… ah.. not so much. If you mod your FF install to point to Fiddler, you have to have Fiddler open all the time in order to browse.
(categories: firefox fiddler http debugging )
Links: 2-10-2007
- slacktivist: Two beautiful daughters
Quote: “Augustine said hope has two children, anger and courage. Anger at the way things are and courage to make them better.”
(categories: colbertreport augustine hedges colbert america hope courage anger )
Links: 2-9-2007
- tecznotes: polite loops in JavaScript
When iterating over largish datasets in a browser, use a non greedy algorithm.
(categories: json javascript polite loops looping scripting theory programming ) - Jive Software: Jive Clearspace
Clearspace launched on Wednesday. Spanky new website too.
(categories: clearspace jivesoftware collaboration wikiblogforum discussions blogging wikis ) - Ken’s Java Blog: Clearspace on GlassFish
Ken Paulsen gets Clearspace installed on GlassFish. Looks like the first thing he did was create a blog too!
(categories: clearspace glassfish jivesoftware jive collaboration )
Links: 2-6-2007
- APP Implementations – Atom Wiki
Atom publishing protocol implementations.
(categories: atom app tools api ) - Imified
Quote: “Imified is an instant messenger buddy that works accross all major IM networks and offers access to a growing number of web applications, as well as productivity tools like notes, reminders, and todo’s. Imified helps you get things done faster.”
(categories: cool im instantmessaging robots bots )
Links: 2-5-2007
- You’re It! – Pew Internet and American Life: New Report on Tagging
Quote: “… 28% of internet users have tagged or categorized content online such as photos, news stories or blog posts”
(categories: tags tagging pew stats web2.0 ) - Why you should be using disambiguated URLs
Quote: “… Caches (both browser and intermediate proxies) can’t improve performance if you request the same content from a different URL.” Same thing applies to feed aggregators.
(categories: url caching uri usability http disambiguation ) - Slashdot FAQ – Tags
Quote: “We’re going to build the next generation of moderation on top of tags. That means we’re going to poach your namespace. Some tags will have a substantive effect on the system right from the start (or very soon). Our article tagger knows about tags
(categories: tagging tags slashdot folksonomy machinetags web2.0 )
The Referer header, intranets and privacy
I’ve discussed meaningful URL’s a number of times on this site: one of the biggest benefits of a good blog URL is that you can infer who posted the article, when it was posted and what the blog post is about. For the most part this is all ‘a good thing’. But when you’re blogging on an intranet and you create a blog post that results in a URL like this:
http://intranet.example.com/blogs/aaron/2007/02/07/our-secret-widget-is-going-to-kill-our-competition
and then in the blog post you put a couple links to your competition and embed a picture of their latest product, you’re potentially letting secrets through the firewall without evening knowing it. See, HTTP has this really nice mechanism for specifying both a) what page an image is loading in and b) what page the user was on when they clicked on a link to visit the next page. It’s called the HTTP referer and it’s commonly used for good: web statistics packages (like Google Analytics or AWStats) use the referer header to show you click paths through your site and to show you what other websites are linking to you. A typical request in an Apache HTTPD log file might look something like this:
86.105.195.89 - - [06/Feb/2007:01:54:32 -0500] "GET /blogs/aaron/ HTTP/1.1" 200 34659 "http://intranet.example.com/blogs" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1; .NET CLR 2.0.50727) Gecko/20061204 Firefox/2.0.0.1"
but back to the point at hand: if you’re using blogs or wikis or anything that might produce a clean, understandable, meaningful URL and you or your company are serious about security, you’ll want to make sure that HTTP Referers are blocked because you really don’t want the president of your company breathing down your neck on a Monday morning because your competition just called… and they know. Here’s how:
- Force anyone / everyone reading your internal site to use a Firefox plugin called RefControl, which allows you to control what gets sent in the referer field per website. Unless you’re the IT guy and you can force people to use this plugin, it’s doubtful this would work.
- Force all of your outgoing links through what’s called a dereferer. Again, this is unwieldy, can probably be subverted and may not work for images. (you can do the same thing by modifying your Firefox config, but the plugin is easier)
- Use HTTPS for all the pages on your intranet because RFC 2616 states that:
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
which means that even if someone does create a link to your competition’s website on the intranet, your competition won’t find out.
On a semi-related note, here are a couple things I learned from reading this article by Eric Lawrence (creator of the fine HTTP Fiddler Tool for Windows):
- Fiddler has a really cool diff feature where you can select two sessions, right click and select WinDiff from the menu
- somehow he’s got Firefox hooked up to Fiddler… I gotta learn how.
- example.com is reserved by RFC2606 specifically for the purpose of blog posts like this. Try the link. Who knew?