mariuss' weblog

One method to protect your web application from nasty form posts is to check the HTTP Referer header and make sure the post comes from the same site. Somebody could use a script or a form on another site (or local on the file system) to post directly to one of your form handlers. This would allow them to bypass any limitations that you may have in your own form (size or data type) or to post repeatedly in a loop trying different configurations (or a dictionary attack).

Many security experts will say that checking the referrer is useless since it can be easly spoofed in a script or using browser extensions. While they are right, there is a class of attacks for which checking the referrer makes total sense.

Read the rest of this entry »

"Freedom is what freedom was when I did not know that I am free."

From a newspaper clipping, a couple of years old. It looks like the male dominated society is still going strong.

It looks like I just missed the Day Out of Time this year. One of the calendar reform proposals, the World Thirteen Moon Calendar, has this special day every year, this allows for uniform 13 months of 28 days each for every year (13 * 28 + 1 = 365). Not sure how it accounts for the extra 0.25 days corresponding to leap years in the Gregorian calendar.

A nice way to install Java on a Debian based system is by creating the .deb package on your own machine using the java-package utility. Follow the instructions in the "Fastest way to install Sun's Java in Ubuntu?" blog entry.

For Ubuntu you can also use a third party repository that has JDK 1.5.

Update: Another debian repository with non-free software is hosted on tux.org, see the Installing Java 1.4 Under Ubuntu 5.04/Hoary Hedgehog blog posting.

Read the rest of this entry »

The US is looking into extending the daylight saving time by four weeks. I could never figure this DST thing out, feels like the trick I am doing in the morning to make sure I catch the bus, I set the clock 10 minutes ahead ;-)

Anyhow, a few more extensions like this and the DST will cover 12 months, it will be a none issue then. I am reading about calendar reforms these days, it may make sense to go all the way and do the proper thing instead.

Mozilla is working on a developer site with Wiki based documentation for web development: http://developer.mozilla.org/en/docs/Main_Page

An excellent idea, it would be great to get (X)HTML, CSS, XML... reference documentations here. At some point I was thinking that Wikibooks could host such documentation, but Mozilla is a better place I guess, more focused. I hope it will take off.

A really nice overview (and tons of useful links): Be the Media: the state of the public webcasting platform - CommonMedia.org.

Both Google and Yahoo are coming out with mapping APIs. Not sure if they will work with addresses outside of USA.

Google seems to deal only with coordinates, so you need to first use some other service to get them for a specific address. geocoder.us does the trick, but only for US.

Both service require you to register and get an API key / Applicati

Read the rest of this entry »

Just found this excellent web design resource: Web Design Patterns.