ENTRIES TAGGED "mozilla"
- Mozilla’s Secure Coding Guidelines — the Mozilla recommendations for web application security. See also OWASP, Google’s Browser Security Handbook and Google’s course.
- How Fast-Flux Service Networks Operate — explanation of a technique used by botnets and other malware hordes to make it hard to figure out on which machines the services are actually running. For an example, see The Inside Story of the Kelihos Botnet Takedown.
- Log In — clever humour built out of password dialog boxes.
- Dan Saffer: How To Lie with Design Research (Google Video) — Experience shows that, especially with qualitative research like the type designers often do, two researchers can look at the same set of data and draw dramatically different findings from them. As William Blake said, “Both read the Bible day and night, But thou read’st black where I read white.” (via Keith Bolland)
- Teaching What You Don’t Know (Sci Blogs) — As that lecturer said, learning new things—while challenging—is also stimulating & fun. If that sense of excitement and enjoyment carries through to your actual classes, then you’ll speak with passion and enthusiasm—how better to in turn enthuse your students? Ties in with the Maori concept of Ako, that teacher and student learn from each other.
- Bored of 3D Printers (Tom Armitage) — made me wonder how long it would be before we drop the “3D” prefix and expect a “printer” to emit objects. That said, I love Tom’s neologism artefactory.
New Browser, Google APIs, NFC Checkin, and XSS Prevention
- Mozilla Home Dash — love this experiment in rethinking the browser from Mozilla. They call it a “browse-based browser” as opposed to “search-based browser” (hello, Chrome). Made me realize that, with Chrome, Google’s achieved a 0-click interface to search–you search without meaning to as you type in URLs, you see advertising results without ever having visited a web site.
- Periodic Table of Google APIs — cute graphic, part of a large push from Google to hire more outreach engineers to do evangelism, etc. The first visible signs of Google’s hiring binge.
- NFC in the Real World (Dan Hill) — smooth airline checkin with fobs mailed to frequent fliers.
- XSS Prevention Cheat Sheet (OWASP) — HTML entity encoding doesn’t work if you’re putting untrusted data inside a script tag anywhere, or an event handler attribute like onmouseover, or inside CSS, or in a URL. So even if you use an HTML entity encoding method everywhere, you are still most likely vulnerable to XSS. You MUST use the escape syntax for the part of the HTML document you’re putting untrusted data into. That’s what the rules below are all about. (via Hacker News)
Bounty Paid, C Archived, Blind Queried, and Links Shared
- Open Kinect — less than a week after the bounty for developing an open source driver for Microsoft’s Kinect controller was announced, it is claimed. libfreenect is the software.
- CCAN — the Comprehensive C Archive Network.
- TextCAPTCHAs — simple questions, written in English, that are accessible to blind users.
- F1 — Mozilla browser extension for sharing links via Twitter, Facebook, and Gmail. (via Chris Blizzard on Twitter)
Mozilla Updated License Draft, Government Problems, T3h Internets, and Online Voting System
- Alpha Draft of Mozilla Public License v2 Out — The highlight of this release is new patent language, modeled on Apache’s. We believe that this language should give better protection to MPL-using communities, make it possible for MPL-licensed projects to use Apache code, and be simpler to understand. (via webmink on Twitter)
- Challenge.gov — contest-like environment for solving problems. Not all are glowing examples of government innovation: $12,000 for healthy recipes for kids–this is not a previously-unsolved problem. More relevant: NASA Centennial Challenge to build an aircraft that can fly 200 miles in less than two hours using the energy equivalent of less than 1 gallon of gas per occupant. (via scilib on Twitter)
- A Virtual Counter-Revolution (The Economist) — It is still too early to say that the internet has fragmented into “internets”, but there is a danger that it may splinter along geographical and commercial boundaries. (via mgeist on Twitter)
- Selectricity — open source system to run online votes, from Benjamin Mako Hill.
Big Dumps, 3D Printing Atom Movers, Faceted Browsing, and Useful Math
- Socorro: Mozilla’s Crash Reporting System (Laura Thomson) — We receive on our peak day each week 2.5 million crash reports, and process 15% of those, for a total of 50 GB. In total, we receive around 320Gb each day. Moving to a Hadoop-based system in the future, as they’re limited by database and filesystem storage.
- DIY Atomic Force Microscopy — use a 3D printer to make the parts so you can build a cheap and simple AFM head suitable for single molecule force spectroscopy. (via Vik Olliver)
- Elastic Lists — open-sourced ActionScript for a clever faceted browsing system. (via Flowing Data)
- The Most IMPORTANT Video You’ll Ever See (YouTube) — a math lesson everyone should have. (via Hacker News)
Web IDEs, Timely Election Displays, Face Recognition, # Books/Kindle
- Sketch for Processing — an IDE for Processing based on Mozilla’s Bespin.
- British Election Results to be Broadcast on Big Ben — the monument is the message. Lovely integration of real-time data and architecture, an early step for urban infrastructure as display.
- Face.com API — an alpha API for face recognition.
- Average Number of Books/Kindle — short spreadsheet figuring out, from cited numbers. (Spoiler: the answer is 27)
Wikileaks Fundraising, Internet Censorship, Unfree as in Video, and Museums Online
- WikiLeaks Fundraising — PayPal has frozen WikiLeaks’ assets. Interesting: they need $600k/yr to run.
- The Great Australian Internet Blackout — online protest to raise awareness about the Great Firewall of Australia.
- History of the World in 100 Objects (BBC) — a radio show, telling the history of humanity in 100 objects from the British Library. Exquisitely high quality commentary (available in original audio and in textual transcript), hi-resolution images, maps, timelines, and more. It’s growing day by day as episodes air, and shows how a quintessentially offline place like a museum can add to the online world.
XMPP, Future of Web Frameworks, Infrastructure Stories, Better Email Client
- App Engine Now Supports XMPP (Jabber) — messaging servers, whether XMPP or PubSubHubBub, are becoming an increasingly important way to loosely join the small pieces. Google’s incorporation of XMPP into GAE reflects this (and the fact that Wave is built on XMPP). (via StPeter on Twitter)
- Snakes on the Web (Jacob Kaplan-Moss) — The best way to predict the future of web development, I think, is to keep asking ourselves the question that led to all the past advances: what sucks, and how can we fix it? So: what sucks about web development? An excellent and thought-provoking talk about the possible directions for improvement in web framework design.
- Ravelry (Tim Bray) — We’ve got 430,000 registered users, in a month we’ll see 200,000 of those, about 135,000 in a week and about 70,000 in a day. We peak at 3.6 million pageviews per day. That’s registered users only (doesn’t include the very few pages that are Google accessible) and does not include the usual API calls, RSS feeds, AJAX. [...] We have 7 servers running Gentoo Linux and virtualized into a total of 13 virtual servers with Xen. [...]“. Interesting technical and business discussion with an unexpected busy site.
- So’s Your Facet: Faceted Global Search for Mozilla Thunderbird — email clients are LONG overdue for improvement. Encouraging to see an active and open research project to improve it from the folks at Mozilla Messaging.
- Us Now — UK documentary, available streaming or on DVD, about how open government and digital democracy makes sense. It’s good to watch if you’ve not thought about how government could be positively changed by technology, but I don’t think it’s radical enough in the future it describes.
- It’s Gonna Be The Future Soon — great video for the Jonathan Coulton song that’s the Radar theme song, my theme song, and probably works well as an anthem for most of us goofy future-loving freaks. Taken from the DVD of a live show. (via BoingBoing)
- Jetpack — Mozilla Labs’ new extension system. Mozilla Labs is building quite the assemblage of interesting hack tools, and it’s interesting how significantly they’re aimed at the developer and encouraging lots of add-ons and after-market extensions for the browser. I wonder whether this is a deliberate strategy (“community will beat off Chrome!”) or whether it’s a simple consequence of the fact that Mozilla is a developer organisation.
- Sci Bar Camp — Science topics, Palo Alto, 7 July 2009.