|
Web safe color chart |
||||||||
Everyone needs a 256 bit 'web safe' color chart. Its sort of compulsory.
So here is mine. (Click for full sized version.)
|
Just how open is the Internet really? |
||||||||
Several major online events have been rolling along in the press recently, two of which are particularly 'landmark' in their influence on the internet, and net morality in general.
The first is the Pirate Bay court case in Sweden. This has been an ongoing court case for several months now, and wherever you stand in terms of the piracy argument it could have large repercussions for both sides of the fence. The Swedish court recently found the four defendants guilty (http://www.guardian.co.uk/technology/2009/apr/17/the-pirate-bay-trial-guilty-verdict) but seemed to give them a verdict that is wholly out of sync of what they were originally pushing for. So it appears more of a token gesture than crippling blow to the Pirate Bay.
The other point of contention that seems to be gathering momentum at the moment is a Goldman Sachs complaint site. www.out-law.com (http://www.out-law.com/page-9944) rounds up the article nicely here. The gist is that a disgruntled investment banker has started a blog http://www.goldmansachs666.com that is aimed at highlighting the evils of Goldman Sachs. Obviously they have taken offence at this, and decided to sue. The argument they have seems quite weak to me, they are arguing that his site may be confused for actually being affiliated with them. This is partly due to the domain name, and the fact that all the content is Goldman Sachs related.
There have always been controversial domain registrations for nefarious or otherwise purposes, but in this case it appears that neither side is willing to back down, and with the public perception of banks being pretty dim at present it will be interesting to see if this opens the floodgates for public online criticism or slams them shut in their faces.
|
Cross Site scripting hack test form |
||||||||
One of the more basic cross site scripting hacks is where the user simply 'injects' other web templates into yours, using a form.
By submitting a string through a form and allowing it to return the value in an unencoded format a user can inject malicious code. In this example we will create a frameset, and set the source as a different domain than the originating site.
To test this yourself create a simply form, and set the value of the text field to the value that the user enters.
2
3<form method="post">
4
5<input type="text" name="formValue" size="30" value="<cfoutput>#form.formValue#</cfoutput>">
6<input type="submit" name="Action" value="Send">
7
8</form>
I'm using ColdFusion, but the language itself doesn't matter, the vulnerability is the same. Next submit the form using a string like the one below. This string is built up of the form field name, and a valid html frameset, surrounded by escape characters.
Submit the form, and you will be returned to the same template, but it has translated the html string, and is now proudly displaying someone else's site on your domain.
This is only possible because the form is returning the form value in raw html. You can eliminate this issue by simply adding a html stripping routine to the form. Something like HTMLCodeFormat replaces special characters in a string with their HTML-escaped equivalents.
|
Development language choices and their place in the project scoping cycle |
||||||||
The Register recently posted an interesting article on the most 'popular' development languages in use today, and a brief dissection of why they have been nominated by the community.
Selecting the right code base to develop your applications in has always been a tricky decision. There are many criteria involved in selecting the right technology, and picking the wrong one can have far reaching consequences for the project, and indeed the application life in general. The article above points out many of the good, and bad points of a range of different languages, but I thought I would explore some of them in more depth.
I've grazed over several major topics here but will be fleshing out some of these points into full discussions, hopefully over the coming weeks.
One of the points that they touch on is resource availability. This is increasing becoming an issue in many development circles. With an increase in the number of available development languages, what with older languages remaining in production environments for longer, and many new languages entering the market this is only set to become even more prominent. How many languages must a developer know to become a useful project asset? How flexible is a development team? Is there really such a thing as a .Net developer, or a php developer anymore? In the last few years development staff have had to broaden their horizons substantially, just to stay in a team.
Other 'new' factors have risen to prominence, such as the Kudos factor. Is it cool to develop in a newly to market language? What are the problems associated with being an early adopter? Lack of resource springs to mind, and the development of new languages themselves can be very rocky indeed. I personally have been involved with, or used late beta or early version 1.X languages and frameworks, just to have them take a radically different approach on the next iteration, simply due to their immaturity. Also with the growth of some popular sites (google/facespace etc) they have also popularised the development languages they use. Just bear in mind that a project does not live or die by the code base being used.
Of course there is always the ever present split over open source or establishment development environments. This may often be dictated for a project due to wider issues. If your server architecture is unix, then you are unlikely to try and develop that new application in .Net. Both bring their own plus's and minus's I will go into more depth with those here.
One point that isn't mentioned the differing costs associated with many of these languages. Using open source software may dramatically reduce the costs of production, but could lead to higher staff costs, as experienced technical resources can demand a premium. Similarly using enterprise level vendor products such as .Net may well expand your resource pool due to its relative easy of use, but the costs of both server and client development software soon climbs.
One of the most overlooked aspects of deciding the technology base for your next application is the interconnectivity with our in-house, or third party systems. Are you exposing any elements as external services? Having worked with both confused.com, and gocompare.com I've had first-hand experience of the non-standardisation of WebServices. Both companies use differing technologies (VB and .Net) and interface with a WSDL service in totally different ways. For an open standard remote services are a mixed bag when dealing with different platforms. The last thing you want is to be writing translation applications for your actual application.
