Sean Coates's Profile

Isaac,

If you can't get to the web to check out the actual URL in a tweet, then then the URL is useless anyway, isn't it? If Twitter were to go this route, they could just pass the word (possibly with sms-friendly markup like [this]) in the SMS.

S

Posted in /blog/2009/apr/save-the-internet-with-rev-canonical.

Wed, 15 Apr 2009 at 17:38:10: Link

Good post. I like this idea, but I think it needs some... shall we say "maturation" before it should be adopted globally. If only we had a system that would serve as a Request For Comments on Internet issues... (-;

Anyway, one thought that came to mind is potential hijacking with sites that are vulnerable to XSS. If I were to inject the <link ... /> into another vulnerable site via XSS, then that site's shorteners would point at the rogue site. Consider: http://example.com/xssvulnerablepage?inject=%3Clink%20rev%3D%27canonical%27%20url%3D%27http%3A%2F%2Fevil.example.org%2F%27%2F%3E

This would be especially bad on sites with persistent XSS vulnerabilities.

S

Posted in /blog/2009/apr/save-the-internet-with-rev-canonical.

Fri, 10 Apr 2009 at 14:53:38: Link

To paraphrase:

Clickjacking requires the user to do something, explicitly (click on a button, or in this case, what LOOKS like a button).

CSRF requires only the user's BROWSER to do something, and this action is implicit on the user's part.

I visited the "don't click" site, but I actually didn't click the button, so I was not a victim. If this had been a CSRF vulnerability, my browser would have made me a victim without the [in]action on my part.

S

Posted in /blog/2009/feb/twitter-dont-click-exploit.

Thu, 19 Feb 2009 at 15:16:58: Link

You just posted this so your last entries didn't scroll into oblivion, didn't you? (-: (Aug 1st today, and all)

S

Posted in /blog/2008/jul/oscon-wrapup.

Fri, 01 Aug 2008 at 01:09:05: Link

Terry: even worse if the originator of that method was a generation (or 2) older and had passed away. I can't even count the number of times I've inherited old code that makes no sense but am afraid to touch the particularly goopy parts for fear of breaking something.

Reminds me of the story of the Magic Switch.

S

Posted in /blog/2007/dec/php-advent-calendar-day-2.

Thu, 13 Dec 2007 at 15:41:04: Link

We use the "fix #123" "fixes #234" "see #456" "re 567" notation extensively, internally. It makes trac much nicer to work with, and svn's event hooks are just awesome.

S

Posted in /blog/2007/dec/php-advent-calendar-day-3.

Tue, 04 Dec 2007 at 15:14:14: Link

Jamie:

Please excuse any typographical errors I might make during this post, as I'm laughing almost too hard to contain myself at your obviously funny joke, and you seem to be the type of person who would pounce due to a typo.

With that out of the way, what are you trying to accomplish here? I found Elizabeth's anecdotes an interesting read and a nice reminder that even though people like you, Jamie, are probably intellectually superior to anyone who might come after you, the harsh reality is that those people will not always have someone of such genius to look up to to solve their woeful problems.

Chris, Elizabeth and I (along with the other 22 authors) are providing this content for free. We all lead extremely busy lives, and we normally get paid for writing, so we're doing this to help the community and because we think it's interesting.

If you're already enlightened to everything that can possible be shred with you by people who are so obviously below you, then by all means, bid farewell to your mother, go back downstairs, and visit OTHER sites, ignoring us, but at the very least stop the whining; it just makes you sound like much more of an idiot than you could possibly be.

S

(for the record, this post is my personal opinion blah blah blah)

Posted in /blog/2007/dec/php-advent-calendar-day-2.

Mon, 03 Dec 2007 at 10:11:48: Link

Another type of logical fallacy that is rampant in online discussion is ignorance of causality.

Take the following statements:

- We have flowers in our garden. In the summer time the flowers bloom. In the winter, they don't. Therefore, blooming flowers make the sun shine and the temperature rise. It only makes sense.

Obviously, we know this to be false, but without an understanding of the cause/effect, in this scenario (ie, if you didn't know that the sun causes the flowers to bloom, and not that blooming flowers cause the sun to shine), the above is plausible.

S

Posted in /blog/2007/sep/logic.

Tue, 25 Sep 2007 at 21:47:04: Link

Andy: that doesn't actually prevent anyone from stealing accidentally-exposed code.

A simple:

<?php echo file_get_contents('http://example.com/exposedscript.php'); ?>

Would do it.

(so would: `curl http://example.com/exposedscript.php`)

S

Posted in /blog/2007/sep/catching-up-and-keeping-up.

Thu, 06 Sep 2007 at 14:15:36: Link