Tag Archives: tips

[not] Protecting web sites and services from DNS rebinding attacks

Update: Nope, my solution won’t work. As Christian Matthies points out in the comments, it is possible to spoof the HTTP Host header as well (his link in the comment is broken because of an extra comma, but this one … Continue reading

| Tagged , , , | 8 Comments

Three simple tips for LAMP web site developers

You’ve learned to write some basic HTML, CSS, PHP/Python/Perl and SQL, found a hosting service, and are ready to create your first LAMP web application. You’ve already read a bit about security (you know always to escape user-supplied parameters, etc.). … Continue reading

| Tagged , , , | 3 Comments

Coding lessons from university

Dare Obasanjo, smart code guy and occasional punching bag for the anti-Microsoft people, is collecting lists of Three Things I Learned About Software In College. I posted mine in a comment on his blog, but decided to reproduce them here. … Continue reading

| Tagged ,

My biggest problem with Wikipedia

Summary: You can’t partition a web site’s users into discrete groups by language. I don’t worry much about Wikipedia’s objectivity or reliability — no sources (especially not newspapers or Britannica) are objective or reliable, and at least Wikipedia preserves its … Continue reading

| Tagged , ,

REST, the Lost Update Problem, and the Sneakernet Test

Dare Obasanjo is giving a bit of pushback on the Atom Publishing Protocol, but the part that caught my attention was the section on the Lost Update Problem. This doesn’t have to do with REST per se as much as … Continue reading

| Tagged , , | 11 Comments

Anonymity and freedom

Elliotte Rusty Harold is right that anonymity goes together with freedom, and I was happy to read his excellent posting How to Blog Anonymously. Rusty distinguishes three different kinds of anonymity — roughly “I don’t want to be embarrassed”, “I … Continue reading

| Tagged , , | 1 Comment

REST: the quick pitch

Now that the Java world is noticing REST, the low-pain alternative to RPC standards like WS-*, people are starting to blog about it again. Gossip with other IT folks also tells me that people’s customers are actually asking for REST … Continue reading

Posted in REST | Tagged , , | 19 Comments