keeran.com

So this Twitter bomb is spreading like wildfire – it works by overlaying the Twitter page in an invisible iframe (spotted by @peterc).

As most people stay logged in to Twitter, when they click the ‘Don’t click’ button (who can resist?!), it actually submits a tweet for you.

I’m not sure if this is exploiting any vulns at all. Some people are crying out ‘XSRF!!’ etc, but I’m not sure this is the case.

See attached screenies for firebug explanation :)

See Simon Willison’s presentation on web security for a more thorough explanation of click jacking and other exploits.

update: looks like Twitter have reacted

So after 5 or 6 years of paying a ridiculous rate for one of the first VPS accounts I ever bought, I’ve decided to switch. Pure laziness has cost me a fortune with that account I swear! I’ve started moving all of my personal hosting over to Linode, a UML (update and now Xen) VPS provider in the states.

Why Linode?

• They have great packages, readily available (slicewhat?) and competitively priced.
• Lots of distributions to choose from, all easily managed in their web application.
• They supported the Rails Rumble! Performance during the rumble was great.
• Friendly support on IRC, direct from the owner in some cases.

They’ve already proven themselves at hosting Rails developers and I’m sure a lot of knowledge has been collected for future support, so I have a good feeling about this.

Things might be a bit unstable for the next few days while I move people around, but it’s looking good so far.

Update

Now Linode fully support Xen VPS’. I submitted a support ticket to find out if I would notice a performance improvement if I migrated. They confirmed that I would and started the migration process. All I had to do was shut down the server, hit a button in their (excellent) control panel and wait 5 minutes while the VPS image transferred.

Recently I’ve noticed a problem with Textmate when changing focus between different apps in OSX, usually going back and forth between Firefox and Textmate. Essentially Textmate lags for 3-5 seconds every time it regains focus as it refreshes the project drawer, which when you’re trying to tweak lots of small issues can be a huge annoyance.

After spending an hour or so searching for an explanation (it’s a well documented problem – especially for people editing large projects over network shares), I gave up and asked in the TM IRC channel (##textmate on Freenode). The solution to the problem is here, and it’s not very easy to find online though regular channels:

ReMate Textmate Plugin

Follow the instructions on the page, toggle the option in the Window menu, no more annoying lag!

Apparently the problem will be resolved in TM2.0, but that isn’t shipping until Leopard is out, which isn’t good enough really! Many thanks to the author and the guys in ##textmate for the help :)

So the voting for Rails Rumble opened yesterday so I decided to brush up our 48hour effort and at least get it doing something useful.

http://stet.beanlogic.co.uk is now online and allows you to create, save and reload notes for any page you happen to be viewing, all from a bookmarklet.

I have outlined where we can take the project on the home page, for the time being I’m happy to get the working proof of concept out in the wild. It may only work in Firefox however :)

If you like the app or you’re interested in the Rails Rumble, head over to the voting application to give us a rating and check out the other competition applications.

Flow: Still happening, we’re going for an intense dev session at the end of Sept to get it somewhere presentable.

Life: Not much going on due to so much bloody work! Moved into a new house, trying to find the time to get it decorated.

Business: Strength to strength, recruiting more Rails developers towards the end of the year.

Misc: Have registered at www.railsrumble.com – you should too!

I can’t believe how quickly this year is going! Hopefully this will be the last pointless diary post in a while ;)