Ajax Girl

Ruben Daniels was on a mission to create XPath and XSLT support that works on Safari.

This isn’t the first effort:

After searching the web I found several XPath/XSLT implementations:

• google AJAXSLT (168 KB)
• Cameron McCormack’s Xpath implementation (119 KB)
• JS-XPath IE-only (16 KB)

I always try to keep the socalled ‘footprint’ of the application as low as possible. Loading a more than 100KB library to just add some functionality that should’ve existed in the first place, was unacceptable. The JS-XPath library only extends the one already available in IE. So I started building an XPath implementation myself with only one goal in mind; Create the smallest Xpath and XSLT implementation in javascript possible.

He ended up with some small libraries, and he discusses how he got there in his entry.

How to use it

Source: Ajaxian
Original Article: http://ajaxian.com/archives/xpathxslt-support-in-safari

PBWiki is on a bit of a roll. After confirming a $2 million round of financing last week, they’ve just launched a partnership with 30Boxes that allows users to insert a calendar into a wiki. Actually getting the calendar into the wiki requires way too many steps, and I agree with 30Boxes founder Narendra Rocherolle that this should be made into a template option, as Jotspot did in 2006, shortly before their acquisition by Google.

Wikis are basically commodities at this point. There are dozens of hosted and unhosted versions to choose from, and revenue models are pretty thin. PBWiki has a loyal following of users, though, and has spent very little money getting to where they are today. We’ll see how they do over the next year.

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/95001939/

Digg users have begun calling with increased volume for the creation of a special section of the site designated for photographs and pictures.  Two requests to this effect have received more than 6 and 8 thousand diggs in the past 2 weeks.  It’s hard to imagine that some sort of photo section of the wildly popular news site won’t be introduced soon. I’m looking forward to it.

From item descriptions on the front page of the site that include a call for a photos section to repeated requests in comments left to photos - the desire from at least some users is increasingly visible.  When the upstart blog CenterNetworks posted a petition yesterday titled Dear Kevin Rose, Please Create a Photo Section, Digg users quickly responded with thousands of diggs.  Two weeks ago, a photo of a Digg error page at the URL http://digg.com/view/pictures became the second most popular item on Digg this month.

What would a photography section mean for Digg?  It would likely make Digg one of the most high profile and accessible places for photos to quickly find a mass audience.  If a substantial portion of Digg users take interest in a pictures section, more than they have the site’s Extreme Sports section for example, aspiring photographers could come in droves.  I can only imagine that many of those photographers could sell rights to the most successful photos after gaining the approval of tens or hundreds of thousands of Digg users.  A photos section could become particularly interesting.

Digg introduced major video and podcasting sections in December.  While the video part of the site is relatively active, podcasts have not proven to be conducive to the Digg model.  Since individual episodes of serialized podcasts can’t be listened to and voted on in any practical matter, the podcasting section of Digg has become a nearly static popularity contest.  In order to provide the maximum value for Digg users, a section needs to see large numbers of submissions and churn.  I expect we’ll see at least an announcement that a photos section is coming soon, perhaps at the same time OpenID support is added.

What kind of photos do people on Digg like? The following are all the photos that have received more than 1000 diggs in the last week.

Marshall Kirkpatrick is the Director of Content at SplashCast and will be assisting with TechCrunch while Michael Arrington travels.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/94967645/

Yahoo!’s recent addition MyBlogLog is making news again — and not for another security exploit (that was last weekend) or spammer gaming. Well, it is related to those two topics — Shoemoney, a notable blogger in the affiliate marketing world with a fairly large following of readers that like his insight on all things related to online marketing, has been banned from MyBlogLog.

The real funny thing is that the security hole Shoemoney blogged about had been discovered and posted publicly (in French language — translation here) over a month ago by eMich — yet as of this writing, that user hasn’t been banned. Founder Eric Marcoullier responded to this:

That is truly amazing and embarrassing that someone sent us details of this hack a month ago. I’ve checked my historical email (I receive all the incoming emails) and cannot find it, so it either got spam filtered or lost during my transition to a new laptop. Neither is really no excuse. As you may have heard, we’re hiring a community manager who will help ensure that this sort of oversight will not happen in the future.

There is no policy on MyBlogLog’s website to state when they would ban a member — ironically they stated earlier this week that they plan to create a Terms of Service (TOS), so that users would be accountable for breaking the rules.

Shoemoney has posted various exploits in the past, but it wasn’t til this latest one that Yahoo! decided enough was enough. The exploit he posted about was how you could surf the web acting as another user. Thus, you could change some code on your computer and visit a website with the MyBlogLog recent reader widget installed, and the avatar/profile of any MyBlogLog user you want to be, would appear in that widget. Shoemoney posted the IDs of some notables such as MyBlogLog CEO Scott Rafer, Jason Calacanis, and TechCrunch. By doing this, you could continue surfing your own website using Jason Calacanis, and then after 10 visits to your community (if that default option was still set in the user’s account), Jason Calacanis would be joined to your community — and that would give you some clout.

Getting the IDs isn’t hard — it’s referenced in every user’s avatar image filename (note: this was changed within hours of the Shoemoney post). However, MyBlogLog felt Shoemoney was exposing people’s data and then “urging readers to spoof them.” I wouldn’t say he was urging them, but more that he was showing off.

Shoemoney has been a fan of MyBlogLog — supporting the service with their widget on his website and recently posting a list of 10 things he wanted to see that would help improve MyBlogLog and reduce spam. A couple of these ideas have been implemented as a result of this past weekend’s exploits. Shoemoney isn’t the only user to publicly exploit flaws in MyBlogLog — Michael Jensen showed how easy it was to keep your avatar (which could easily be a marketing message or your logo) on webpages of a website — he did this to TechCrunch (we have since removed the MyBlogLog widget). Jensen wasn’t banned.

The backlash has begun with Internet marketing consultant Andy Beal boycotting MyBlogLog until they reinstate Shoemoney’s profile. He argues that anyone could have looked up the MBL data and that it was hypocritical to expect an email from Shoemoney first (pointing out that notable Yahoo! blogger Jeremy Zawodny didn’t email Andy prior to publicly accusing Andy of being a spammer). Photographer and CEO of Flickr competitor Zooomr Thomas Hawk and SEO blogger Graywolf have both removed their accounts in boycott as well.

Since being acquired by Yahoo!, the once loved independent darling of the blogosphere has been feeling the heat — and now gets lumped with any Yahoo! angst. MyBlogLog is no longer the independent underdog start-up it once was — that role has shifted to the new blood in competitors OthersOnline and Explode.

Editor’s Note: Post by Steve Poland, whose blog Techquila Shots brainstorms web start-up ideas.

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/94937710/

Impressive. [via Sam via tumble]

Source: Signal vs. Noise
Original Article: http://www.37signals.com/svn/posts/292-rubikubism-embracing-constraints

San Jose based company Pramati announced its product Dekoh this week and gave me a look around the application. Dekoh’s goal is to bring the web and the desktop together and to give developers the ability to create applications on top of that platform. Those applications can be shared and deployed anywhere in the network. It’s a lofty goal, and with more flexible desktop technologies on the horizon like Apollo and WPF and some more entrenched properties like YourMinis and Netvibes that could do the same thing, I’m not sure it will stack up.

That said, there are definitely parts of Dekoh that don’t exist in other places. Dekoh is built on Java and you can move seamlessly between online and offline mode thanks to an embedded web server. I asked about security and Vijay Puller, the CEO told me that they had configured the port so that only the local machine could browse to it. When you create an account, you’re given a Dekoh portal, something like yourname.dekoh.com and you can add buddies, install applications and share your desktop. It adds an interesting twist of social networking to the webtop space and in the example I saw, you could share photos or invite your buddies to play a game.

The most robust part of the platform is the ability to create and deploy applications. Currently there are a few applications and I believe Dekoh is planning on creating more when the product ships. The one that seemed the most fleshed out was the photo application. It ties in with the friend system of Dekoh so that you could share photos with your Dekoh contacts and manage photo sets. While I think this area has the most promise, I also wonder if developers will take to the product. You can build applications with JavaScript and HTML, so porting existing applications wouldn’t be an issue, but Dekoh needs to find a hook for users that makes developers interested in doing that. Right now this seems like a very developer-centric platform with applications that would be interesting to users, but have been done better other places. For a first mover willing to take a chance, it might be worth checking out. They’re also building out a widget platform which they plan to make available to non-Dekoh users. Their tag cloud widget struck me as pretty cool.

In the end Dekoh is trying to cover a lot of ground by incorporating Widgets, the webtop, online/offline access and home brewed applications. The ideal solution needs all of these to succeed, but I’m inclined to think the more free form solutions that exist are going to ultimately succeed. But throw some productivity applications into Dekoh and you could have a great intranet portal that works whether your at the office or on an airplane. It’s all just a matter of getting the developers to come to the platform. They’ve set up a developer portal at dekoh.org to help with that.

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

Source: TechCrunch
Original Article: http://feeds.feedburner.com/~r/Techcrunch/~3/94828652/

So far we’ve talked about the big picture and permissions and groups. Next we’re going to talk about the welcome screen and workspace tabs.

The Blank Slate
Back on September 19, 2003 I posted a message about the “Blank Slate.” The blank slate is the first screen someone sees when they log into a web-app for the first time. It’s what they see when there isn’t any data. It’s the critical first impression.

We pay a lot of attention to the blank slate states. I think Highrise has at least 8 of them. One for almost ever major feature and some special “almost-blank slates” for screen with just a little bit of data. Some blank slates go away instantly while others go away after you’ve done something three times.

The Welcome Tab
One blank slate I wanted to focus on for this Highrise preview is the Welcome State. This is the first screen you see after you’ve created your Highrise account. It gives a quick link to get started with the primary feature (adding people), a summary of the key benefits of Highrise, and some other things you can do too.

This is valuable information. It’s a great “home base.” However, most blank slates go away after you’ve seen them once. They go away once data has been entered into the system. That’s usually the right thing to do, but blank slates can also be comforting places to return to if you ever get lost or confused or just want to go back somewhere that’s “safe.”

So we decided in Highrise we’d make the initial blank slate its own tab called “Welcome.” You can keep the welcome tab around for 1 minute or for 3 months or forever. When you feel comfortable enough with Highrise you can choose to hide the welcome tab forever.

The Workspace Tabs
The other thing we wanted to present in this third Highrise preview are the workspace tabs.

Like most web apps, Highrise has a set of permanent tabs. In Highrise they are Dashboard, Contacts, Tasks, and Cases.

Next to those tabs are the workspace tabs.

The workspace tabs are built dynamically based on the last 5 people, companies, or cases you’ve viewed. They keep the recently or frequently accessed subjects near by. It’s especially handy when you’re working with or jumping between a small set of people. Instead of having to browse or search for these people each time, the workspace tabs keep them close at hand.

Sign up to have a chance at a Golden Ticket
As we get closer to launch we’ll begin issuing “golden tickets.” Golden ticket holders will have access to sign-up for Highrise prior to the public launch. To sign up for a chance at a golden ticket, be sure to sign up for the Highrise announcement list

Source: Signal vs. Noise
Original Article: http://www.37signals.com/svn/posts/291-preview-3-highrise-welcome-and-workspace-tabs

Ryan Buterbaugh has created an Ajax version of Scrabble on the web called Wabble (mirror).

The application doesn’t require any registration, and uses the Taconite framework as the base.

Source: Ajaxian
Original Article: http://ajaxian.com/archives/wabble-web-20-scrabble

Dan Moore noted that the good people at OWASP have recently released version 2 of their testing guide which is available on a Wiki, and as a PDF.

On the Ajax front there is good content such as:

• Testing for Ajax Introduction
• How to Test Ajax
• How to test for REST attacks

Testing for Ajax Endpoints

Before an AJAX-enabled web application can be tested, the call endpoints for the asynchronous calls must be enumerated. See Application_Discovery_AoC for more information about how traditional web applications are discovered. For AJAX applications, there are two main approaches to determining call endpoints: parsing the HTML and JavaScript files and using a proxy to observe traffic.

The advantage of parsing the HTML and JavaScript files in a web application is that it can provide a more comprehensive view of the server-side capabilities that can be accessed from the client side. The drawback is that manually reviewing HTML and JavaScript content is tedious and, more importantly, the location and format of server-side URLs available to be accessed by AJAX calls are framework dependent.

The tester should look through HTML and JavaScript files to find URLs of additional application surface exposure. Searching for use of the XMLHttpRequest object in JavaScript code can help to focus these reviewing efforts. Also, by knowing the names of included JavaScript files, the tester can determine which AJAX frameworks appear to be in use. Once AJAX endpoints have been identified, the tester should further inspect the code to determine the format required of requests.

Source: Ajaxian
Original Article: http://ajaxian.com/archives/owasp-testing-guide-20

Posterwire.com’s movie poster of the year

The 2nd Annual Posterwire.com Movie Poster of the Year Award

Bill Sullivan photographs

Elevator photos from Bill Sullivan. [via DP]

Ridgid drill

“It lights up when it’s plugged in! And it has a picture of a drill on it so you know which cord to unplug!”

New $1 coins

The Presidential $1 Coin Program: “The United States is honoring our Nation’s presidents by issuing $1 circulating coins featuring their images in the order that they served, beginning with Presidents Washington, Adams, Jefferson and Madison in 2007.” The new coin features
edge-incused inscriptions.

Brother, Would You Take a Dollar Coin…Please? talks about previous dollar coins that never quite took off.

Despite the fact that the Susan B. Anthony was minted for three consecutive years (and again in 1999), the coin was, for the most part, regarded as a sad aberration among consumers…

Just a month after the coin’s introduction, the magazine Forbes was already hinting at trouble. From the Aug. 6, 1979, issue:

The public’s vote won’t be in for a while but banks and retailers are showing reservations, presumably because the coin’s size — slightly larger than a quarter — could lead to expensive confusion in handling. One department store cashier in Washington, D.C., where the Susan B. was first circulated, says flatly: “I reject it on the grounds that it is not paper and it’s got an old woman on it.”

Source: Signal vs. Noise
Original Article: http://www.37signals.com/svn/posts/286-designed-movie-poster-of-the-year-bill-sullivan-photographs-ridgid-drill-and-new-coins