Hello world!
Welcome to [rcbth] Sites. This is your first post. Edit or delete it, then start blogging!
eric buthWelcome to [rcbth] Sites. This is your first post. Edit or delete it, then start blogging!
GlimmerBlocker is an absolutely essential piece of Mac software that gives you the ability to run a local proxy that can modify or block any web request or response on your machine. It’s billed as an adblocker, but another great use was made apparent today by the advent of Firesheep, a proof-of-concept tool that makes it easy to perpetrate sidejacking attacks and break into people’s Facebook accounts and whatnot.
The “simple” solution is to use HTTPS whenever you exchange cookes with these sites, but that’s easier said than done. That means every time you click a link, or run JavaScript on a page you have to check all the URLs, and even one mistake could cost you.
Enter GlimmerBlocker. In the glimmer blocker control panel, add a new rule that effects facebook.com (just an example).
Then click the “request” tab and add the following three lines of JavaScript.
if(!gb.request.url.indexOf('http://')){
gb.response.sendRedirect(gb.request.url.replace('http://', 'https://'));
}
So that it looks like this.
And that should do it. All of the requests are intercepted before they are sent to Facebook, so your cookies should be safe. There are also individual browser plugins to accomplish this task, but I greatly prefer GlimmerBlocker.
If you’ve looked for an apartment in Brooklyn before – or anywhere else, I imagine – you’ve probably noticed the “fuzzy” neighborhood designations that seem to get attached to Craig’s List posts. Neighborhood definitions, which are often fought over in NYC, are of course subjective and usually decided by agencies and owners trying to rent out apartments. However, when a particular neighborhood “brand” becomes popular, apartment listers tend to take huge liberties in deciding where to place the reasonable, descriptive boundaries of the residential area.
In the past decade, it seems like there’s been no hotter Brooklyn real-estate frenzy than that which took place over Williamsburg. In an effort to illustrate all this, I’ve written a little application which maps Craig’s List apartment searches in north Brooklyn. It makes three separate requests: one for Williamsburg apartments excluding the adjacent neighborhoods of Bushwick and Bedford-Stuyvesant, and another for each of those excluding Williamsburg.
The resulting pages are scraped using Ruby’s hpricot, a new favorite of mine, for the Google Maps links at the bottom. The query strings from those URLs are then passed to the Google Geocoding API which turns them into longitude and latitude values that can be mapped with a little bit of JavaScript. The whole thing updates every evening. Enjoy!
WordPress supports a few different XMLRPC APIs, all of which have different methods and key titles for specifying content. For a project I’m working on I was looking for the simplest Ruby code to get a post up with a title, content, tags, and categories.
The code bellow is a mashup of the available options that seems to work just fine.
require 'xmlrpc/client'
# build a post
post = {
'title' => 'Post Title',
'description' => 'The content of the post',
'mt_keywords' => ['a', 'list', 'of', 'tags'],
'categories' => ['a', 'list', 'of', 'categories']
}
# initialize the connection
connection = XMLRPC::Client.new('yourdomain.com', '/xmlrpc.php')
# make the call to publish a new post
connection.call(
'metaWeblog.newPost',
1,
'wp_username',
'wp_password',
post,
true
)
I was a little surprised by how not straight forward this was, but, like I said, this end result works.
If your using Capistrano to deploy code from a Git repository with submodules in it, you’ve likely run into empty directories where your sub-repositories should have been cloned. The reason is that Capistrano does not excute the Git clone command with the recursive option by default. You can change that with one line of code in your configuration file:
set :git_enable_submodules, true
Found that by searching through the Capistrano change log. There’s probably some better documentation somewhere, but that worked.
If you run a Twitter bot that uses a non-OAuth login pathway, you are going to be out of luck this coming August. With a web application that needs to publish or read from Twitter, OAuth is a good idea anyway because it keeps un-encrypted passwords out of your database and gives access control to the user on the service provider’s end. The burden of security in this scenario is mostly on Twitter, which is good for everyone.
The hangup, if you aren’t running a web application, is that the process involves several redirects with form data to exchange your application’s identifying information, prompt the Twitter user to allow access, and receive and store the resulting token. With no web application to handle such requests, a CLI bot needs an alternative (though one-time) method of obtaining a valid token.
After looking around for a while, I found this Ruby script (cleaned up below) which uses the twitter_oauth gem to walk you through the process.
require 'twitter_oauth'
client = TwitterOAuth::Client.new(
:consumer_key => 'TWITTER_CONSUMER_KEY',
:consumer_secret => 'TWITTER_CONSUMER_SECRET'
)
request_token = client.request_token
puts "#{request_token.authorize_url}\n"
puts "Hit enter when you have completed authorization."
pin = STDIN.readline.chomp
access_token = client.authorize(
request_token.token,
request_token.secret,
auth_verifier => pin
)
puts access_token.inspect
When running the script, navigate to the URL it prints out and follow the on-screen instructions to obtain a PIN. Then return to the script, paste in the PIN, and press enter. The resulting variable dump will contain both a valid token and token secret that can be used in conjuction with your consumer information to connect to Twitter.
For example, you could now use grackle to make Twitter API calls:
require 'grackle'
TWITTER_AUTH = {
:type => auth,
:consumer_key => 'TWITTER_CONSUMER_KEY',
:consumer_secret => 'TWITTER_CONSUMER_SECRET',
:token => 'TOKEN',
:token_secret => 'TOKEN_SECRET'
}
client = Grackle::Client.new(:auth=>TWITTER_AUTH)
… and you’re set.
Patrick and I are back from Boston. I was fighting off a virus, and I have to thank him for putting up with me being slightly miserable a good amount of the time. Danielle Morrill posted the videos of all the Ignite talks today, including mine which I’ve embedded bellow.
The basic thrust of the talk was the inner-platform effect and why it matters for WordPress developers. Really, I think it’s one of the biggest problems for anyone involved in making and/or using web applications these days. This was a way to get the point out there quickly, but hopefully I can follow up with some writing on the topic sometime soon. (Famous last words, I know.)
This WordCamp seemed to be a lot more focused on the small business aspects of the WordPress community than the one we attended in New York, but we did get to see some great (if brief) dev talks on the WordPress API, HTML5, etc. and one very reassuring panel on using WordPress in academics. I also had a great time listening to Doc Searls and David Weinberger talk about The Cluetrain Manifesto among many other topics. They’re the kind of people I could listen to for hours.
At some point they were asked about net neutrality and gave an answer I hadn’t really heard before: no one really knows how to define net neutrality, but the problem could be solved by forcing content and application providers to stay out of the broadband business. I suppose that’s an internet-as-utility argument, but it’s not something that seems very present in the political debate.
Anyway, thanks to all the organizers and especially Mitcho for putting together the Ignite event.