1. Learning about umw.domains, a project to give UMW students+faculty their own personal domains. It’s a great project!

    My own has been a place of experimentation and self-expression for years now and I’ve learnt a lot, and connected with many people through it. Anything which makes personal domains more accessible is a move in the right direction.

  2. Identified next personal block after some false starts: toolkit which makes not only subscribing to content but maintaining subscriptions+crawling historical content extremely easy.

    Basic requirement for compelling services:

    • feed reader
    • spam prevention
    • search engine

    all of which I’ve started building separately before realising that it makes much more sense for them to all be the same thing.

    Made a lot of progress on foundations this afternoon, code still in domain-specific anti-spam tool repo github.com/barnabywalters/shrewdness but nearly ready to be packaged up and put to use!

  3. Slowly getting a PuSH subscription service working. It should be fairly easy to turn it, once finished, into a layered library so people can either bolt it onto a Silex/Symfony app and have it all just work, or use the lower level client and logic in other frameworks.

  4. Fixed a simple security hole in , uncovered unintentionally by an attack mounted ≈5hrs ago — intent appeared to be to create new user accounts, unintended result was the creation of a new, empty article.

    Hundreds of requests were made against URLs similar to these:

    • /articles/do.php
    • /articles/modules.php?app=user_reg
    • /articles/index.php?app=home&mod=public&act=register
    • /action/sign_up
    • /articles/sign_up.html
    • /articles/?page=login&cmd=register
    • /articles/tiki-register.php
    • /articles/index.php?page=register&action=register
    • /index.php?page=item&action=item_add
    • /articles/index.php?user/create_form/
    • /articles/join.php
    • /articles/index.php?dll=register
    • /articles/index.php?option=com_community&view=register
    • /articles/register.php
    • /articles/signup.php

    Presumably these URLs are compromised on other systems — needless to say they are far too ugly to exist in ! I’m unsure exactly why /articles was used as the base URL for the attack in all cases apart from two.

    As these URLs don’t exist, and will never exist, it should be safe enough to add server- or application-level filters immediately closing any requests which include them.

  5. Mocking up what an subscription UI could look like:

    A personal site optionally has a homepage feed, as well as linking from the homepage to other pages with some rel value. When asked to subscribe to a URL, if a feed reader finds these links, it shows a UI a list of the linked feeds, with “Homepage” (any posts found on the page) automatically selected.

    The user can then select/deselect feeds, with the preview updating to reflect what the subscription will look like. The selection dialog could either be a modal which goes away once confirmed, or it could be a collapsable panel in the feed column, which has the nice side effect of putting the preview directly where it will be seen, in context.

    Additionally, either the personal site could mark up, or the feed reader detect, special feeds such as personal metrics feeds, and treat those differently.

  6. Last night: built commenting on posts direct from my feedreader using — video demo:

    Example replies sent using this technique: 1, 2

    Next up: cleaning code, implementing likes, distilling learnt knowledge into diagrams, code.

    Futher reading: