html
The web is, to put it charitably, a rather forgiving place. You can feed web browsers almost any sort of HTML markup or JavaScript code and they'll gamely try to make sense of what you've provided, and render it the best they can. In comparison, most
web development
From the dawn of the web – at least since Netscape Navigator 4.x – it has been possible to resize the text on a web page. This is typically done through the View menu. This was fine in the early, primitive days of the web, when page layouts were simple and
programming languages
I'm not a huge fan of The Daily WTF for reasons I've previously outlined. There is, however, the occasional gem – such as this one posted by ezrec: Browsing through a web archive of some old computer club conversations, I ran across this sentence: "Apple made
security
In Cross-Site Request Forgeries and You I urged developers to take a close look at possible CSRF / XSRF vulnerabilities on their own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least
security
As the web becomes more and more pervasive, so do web-based security vulnerabilities. I talked a little bit about the most common web vulnerability, cross-site scripting, in Protecting Your Cookies: HttpOnly. Although XSS is incredibly dangerous, it's a fairly straightforward exploit to understand. Do not allow users to
security
So I have this friend. I've told him time and time again how dangerous XSS vulnerabilities are, and how XSS is now the most common of all publicly reported security vulnerabilities -- dwarfing old standards like buffer overruns and SQL injection. But will he listen? No. He'
javascript
One of the early technology decisions we made on Stack Overflow was to go with a fairly JavaScript intensive site. Like many programmers, I've been historically ambivalent about JavaScript: * The Power of "View Source" * The Day Performance Didn't Matter Any More * JavaScript and HTML:
asp.net mvc
As we work with ASP.NET MVC on Stack Overflow, I find myself violently thrust back into the bad old days of tag soup that I remember from my tenure as a classic ASP developer in the late 90's. If you're not careful bordering on manically
php
Robert Miesen sent in this story of a project pathology: I was part of a team writing an web-based job application and screening system (a job kiosk the customer called it) and my team and our customer signed on to implementing this job kiosk using Windows, Apache, PHP5, and the
web development
I may not be smart enough to join Mensa [http://en.wikipedia.org/wiki/Mensa_International], but I am smart enough not to build websites like the American Mensa website. [https://www.us.mensa.org/AM/Template.cfm?Section=Calendar&Template=Security/NoPassword.cfm] Do you see the mistake?
web development
Pop quiz, hotshot. Which one is the superior Uniform Resource Locator? www.fakeplasticrock.com or fakeplasticrock.com This is one of those intractable problems. Global wars have been fought over so much less. In hacker circles, this is sometimes referred to as a bikeshed discussion. That said, I do have
software development
A little over a month ago, I announced that I was quitting my job. But there was also something else I didn't fully announce. But I refuse to become a full-time blogger. I think that's a cop-out. If I look at the people I respect most