Menu ⇓

  4. Identified next personal block after some false starts: toolkit which makes not only subscribing to content but maintaining subscriptions+crawling historical content extremely easy.

    Basic requirement for compelling services:

    • feed reader
    • spam prevention
    • search engine

    all of which I’ve started building separately before realising that it makes much more sense for them to all be the same thing.

    Made a lot of progress on foundations this afternoon, code still in domain-specific anti-spam tool repo github.com/barnabywalters/shrewdness but nearly ready to be packaged up and put to use!

  8. Slowly getting a PuSH subscription service working. It should be fairly easy to turn it, once finished, into a layered library so people can either bolt it onto a Silex/Symfony app and have it all just work, or use the lower level client and logic in other frameworks.

  9. Fixed a simple security hole in , uncovered unintentionally by an attack mounted ≈5hrs ago — intent appeared to be to create new user accounts, unintended result was the creation of a new, empty article.

    Hundreds of requests were made against URLs similar to these:

    • /articles/do.php
    • /articles/modules.php?app=user_reg
    • /articles/index.php?app=home&mod=public&act=register
    • /action/sign_up
    • /articles/sign_up.html
    • /articles/?page=login&cmd=register
    • /articles/tiki-register.php
    • /articles/index.php?page=register&action=register
    • /index.php?page=item&action=item_add
    • /articles/index.php?user/create_form/
    • /articles/join.php
    • /articles/index.php?dll=register
    • /articles/index.php?option=com_community&view=register
    • /articles/register.php
    • /articles/signup.php

    Presumably these URLs are compromised on other systems — needless to say they are far too ugly to exist in ! I’m unsure exactly why /articles was used as the base URL for the attack in all cases apart from two.

    As these URLs don’t exist, and will never exist, it should be safe enough to add server- or application-level filters immediately closing any requests which include them.

  11. Mocking up what an subscription UI could look like:

    A personal site optionally has a homepage feed, as well as linking from the homepage to other pages with some rel value. When asked to subscribe to a URL, if a feed reader finds these links, it shows a UI a list of the linked feeds, with “Homepage” (any posts found on the page) automatically selected.

    The user can then select/deselect feeds, with the preview updating to reflect what the subscription will look like. The selection dialog could either be a modal which goes away once confirmed, or it could be a collapsable panel in the feed column, which has the nice side effect of putting the preview directly where it will be seen, in context.

    Additionally, either the personal site could mark up, or the feed reader detect, special feeds such as personal metrics feeds, and treat those differently.

  15. Last night: built commenting on posts direct from my feedreader using — video demo:

    Example replies sent using this technique: 1, 2

    Next up: cleaning code, implementing likes, distilling learnt knowledge into diagrams, code.

    Futher reading:

  19. Posting this note from barnabywalters.bit — been experimenting with namecoin, got .bit domains resolving on my machine by following instructions namecoin.bitcoin-contact.org, installed namecoin wallet on my VPS and registered a name, pointed it at my web server.

    Surprisingly it was a fairly straightforward process. The most difficult part was getting hold of some namecoin to register names with — I ended up trading some of my DOGE for NMC on vircurex.com.