Archive for the ‘Code’ Category
XSS
Recently I ran into some XSS (Cross Site Scripting) restrictions:
Security Error: Content at http://foo/bar may not load data from http://bar/foo
Error: uncaught exception: [Exception... "Access to restricted URI
denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)"
location: "http://bar/foo Line: 47"]
Javascript on host B was running from host A and doing an XHTTPRequest request to host B. So what to do? Well I found this article on using JSON to do cross domain scripting (and here is even more background) but it didn’t seem like the best solution since it wasn’t clear how cross browser compatible the solution was.
Then I realized that I could just have one Javascript embed and no remote code if I generate the Javascript on the fly using PHP (conceptually this is very similar to the JSON call). Doing
<script type="text/javascript" src="http://foo/bar.php"></script>
is totally valid. Embedded JS doesn’t have to have .js extension. XSS problem solved and cross browser compatibility retained.
Get Your Fire Eagle badge!
After my unpleasant experience hacking up a WordPress plugin to display location within my blog, I decided to write my own Fire Eagle badge that isn’t associated with any particular service or CMS. Here is how it works: You authenticate against Fire Eagle, I give you a few lines of HTML, you insert the code anywhere you want. If you know what you are doing you can even hack it up. The map is optional. Four lines with the map, two without.
There’s no login on my end, I have no idea who you are. If you lose your badge, just make a new one.
Try it here. If it works for you (or doesn’t), let me know.
Update: I had to take the badge service down temporarily because of cross site scripting restrictions but I think those are resolved. If you’ve made a badge you’ll have to generate yourself a new one. Sorry about that. On the up side it takes a few seconds to do. thanks
Badge spotted in the wild:
It Totally Works!
Check it:
I take a photo and my location is updated on my blog. This will really motivate me to take even more photos as I am getting a tangible added value from photo documentation.
This would be nice to have embedded in Facebook, as an iGoogle widget or possibly something much more lightweight that you could embed with javascript anywhere.
Also, unrelated — Jake at Local Projects has launched his City of Memory project, curated stories from the five boroughs. I had a small hand in this project a few years back, well worth checking out.
My Present Location
Is now on my blog (look to the right), in (mostly) real time. For real. I’ve actually incorporated Fire Eagle into my daily activity. A while ago I wiped out my N95 and decided that the extra hoops ZoneTag wants me to jump through to upload my images to Flickr weren’t really worth it. It was much simpler for me to use the native photo app and send MMS photos to Flickr.
Well I was right, without ZoneTag my photo uploading interaction was simplified, but I really missed having a photo’s location on Flickr. And I would get ‘where are you?’ comments on my photos, so my friends must have gotten used to ZoneTag too. Today I reinstalled ZoneTag and noticed the Fire Eagle integration. Well since i’m uploading photos w/location info on a daily basis, why not keep my location current? All I have to do to get that working is authenticate ZoneTag against Fire Eagle. No problem.
So far so good, but then how do I display my location? The Fire Eagle application gallery has a number of integration points (Loki, Dopplr, Outside.in) but all I wanted to do was display my location on a blog, not have to deal with yet another service. There is no Wordpress integration in the Fire Eagle application gallery, but I did track down a Wordpress widget Klaus Komenda wrote appropriately titled ‘I am Here’. After hacking at it for a bit (incorrect paths, outdated versions of the Fire Eagle libraries, adding support for older wordpress versions, etc.) I got it to work with my blog.
My integration is still a little busted up, the map isn’t showing just yet, but it’s a great start. Now all I have to do is go somewhere else, take a photo and see if my location badge updates. If anyone is interested in how I got this thing going, let me know. Maybe i’ll even write up a WordPress plugin of my own.
What i’m coding
A couple of new code related developments this week. First off, now that we have the open net, walled gardens are discouraged and APIs/syndication is everywhere, it’s been a long time since I had to scrape anything. What’s more I always thought of scraping sites as a one off hack, I never considered that it could be a viable business model. But recently I had to write a tool that would programatically pull content from Kodak Gallery, a popular photo sharing site with no API whatsoever. To get the job done I used mechanize, which in turn uses hpricot and finally I used firebug for debugging. The whole process was surprisingly pleasant consider i’m picking apart html bits. I’ve always been cautious about relying on scraping but I suppose if you do it to a popular site they’re in turn cautious about changing their code.
In other exciting news, a few months ago I put my name on the SimpleDB beta list and I got an invitation on Friday. There have been a lot of great projects for ruby/rails in the space and even a toolkit from the New York Times. I’m really eager to integrate SimpleDB and figure out if it’s mature enough to roll into production.
