Sean Coates’s profile

Web, Beer. I work on @gimmebar and other awesome technical things at @FictiveKin.

Latest Comments

1

Agreed! (-:

Here's my post: http://seancoates.com/blogs/ideas-of-march

S

Posted in Ideas of March.

Tue, 15 Mar 2011 at 13:16:00 GMT


2

I think the fundamental problems are:

1) There's no way to fully implement both a strong, rich client-side solution (such as pagination without page reloads) *and* simultaneously avoid things like breaking the back button, without manipulating URLs.

2) The tools to help with these (such as jQuery's hashchange support), don't integrate well with server-side technologies from which they should augment. This is compounded by the vast majority of users' browsers being able to process JS, but other tools cannot (such as Google's workaround).

We've run into both of these problems with Gimme Bar, and have chosen to focus on making the general case (like it or not, that's JavaScript right now) work first, and we'll drop back to non-JS rendering when we catch our breath. A great example of my second point above is that we're switching from jQuery templates to Mustache templates because the latter can be rendered in not-just-JavaScript (JS and PHP in our case).

Anyway... I don't have any real solutions. I like this conversation, though. I'm not as quick to condemn "#!" URLs as others have been, but I would prefer a much more elegant solution.

S

Posted in JavaScript and URLs.

Mon, 28 Feb 2011 at 16:21:29 GMT


3

Karma. Who's got the gold now? (-:

S

(crosspost to Luke's site)

Posted in Spammer Wins Gold.

Mon, 15 Feb 2010 at 06:13:57 GMT


4

I'm still unsure how I feel about this; been doing a lot of thinking. One thing I do know: you'll be missed, and it will be sad to have you go.

S

(repost; openID fale; sorry if it dupes)

Posted in Goodbye, OmniTI.

Fri, 17 Jul 2009 at 16:14:00 GMT


5

Isaac,

If you can't get to the web to check out the actual URL in a tweet, then then the URL is useless anyway, isn't it? If Twitter were to go this route, they could just pass the word (possibly with sms-friendly markup like [this]) in the SMS.

S

Posted in Save the Internet with rev="canonical".

Wed, 15 Apr 2009 at 21:38:10 GMT


6

Good post. I like this idea, but I think it needs some... shall we say "maturation" before it should be adopted globally. If only we had a system that would serve as a Request For Comments on Internet issues... (-;

Anyway, one thought that came to mind is potential hijacking with sites that are vulnerable to XSS. If I were to inject the <link ... /> into another vulnerable site via XSS, then that site's shorteners would point at the rogue site. Consider: http://example.com/xssvulnerablepage?inject=%3Clink%20rev%3D%27canonical%27%20url%3D%27http%3A%2F%2Fevil.example.org%2F%27%2F%3E

This would be especially bad on sites with persistent XSS vulnerabilities.

S

Posted in Save the Internet with rev="canonical".

Fri, 10 Apr 2009 at 18:53:38 GMT


7

To paraphrase:

Clickjacking requires the user to do something, explicitly (click on a button, or in this case, what LOOKS like a button).

CSRF requires only the user's BROWSER to do something, and this action is implicit on the user's part.

I visited the "don't click" site, but I actually didn't click the button, so I was not a victim. If this had been a CSRF vulnerability, my browser would have made me a victim without the [in]action on my part.

S

Posted in Twitter Don't Click Exploit.

Thu, 19 Feb 2009 at 20:16:58 GMT


8

You just posted this so your last entries didn't scroll into oblivion, didn't you? (-: (Aug 1st today, and all)

S

Posted in OSCON Wrapup.

Fri, 01 Aug 2008 at 05:09:05 GMT


9

Terry: even worse if the originator of that method was a generation (or 2) older and had passed away. I can't even count the number of times I've inherited old code that makes no sense but am afraid to touch the particularly goopy parts for fear of breaking something.

Reminds me of the story of the Magic Switch.

S

Posted in PHP Advent Calendar Day 2.

Thu, 13 Dec 2007 at 20:41:04 GMT


10

We use the "fix #123" "fixes #234" "see #456" "re 567" notation extensively, internally. It makes trac much nicer to work with, and svn's event hooks are just awesome.

S

Posted in PHP Advent Calendar Day 3.

Tue, 04 Dec 2007 at 20:14:14 GMT


About

  • Twitter: @coates
  • Location: Montreal
  • Joined: February 2005
  • Comments: 15