Category Archives: Technical
On Twitter’s OAuth Fix
While the OAuth team is working on addressing the OAuth session fixation vulnerability at the spec level, Twitter made following changes to reduce the exposure window: Shorter Request Token timeout – This is good practice in general. Developers tend to … Continue reading
On OAuth Vulnerability
Twitter’s OAuth problem turned out to be a general problem affecting other OAuth service providers and well as consumers using ’3-legged’ OAuth use-case. For details, you should read not only the relevant advisory but Eran Hammer-Lahav’s post Explaining the OAuth … Continue reading
OpenID Middlemans
Apparently the invite-only OpenID meetup at Facebook took place tonight. The fact that it was held at Facebook points to a shift taking place in the OpenID world. What’s coming is obvious: somehow retrofit Facebook Connect into OpenID architecture. Repeat … Continue reading
Merb Herbs
Just a couple of crumbs from my brush with Merb tonight: dependencies.rb After merb-gen app, edit config/dependencies.rb to fix version numbers of dm_gems_version and do_gems_version gems used by the generated app. To find out what which version you have, type … Continue reading
Google App Engine Launcher Options
If you are not a geek, sorry about these tacky-techy posts. I like posting them to help others geeks running into same problems later. I’ve been running my GAE apps locally on my Mac using Google App Engine Launcher. The … Continue reading
So GAE
Yesterday, I went over to checkout Google App Engine and, because GAE made it so easy, ended up writing a little webapp I’ve been thinking about writing for a while. Besides, it’s been a while since I used Python so … Continue reading
Java Cloud
Still undecided about deployment strategies, I looked around to see if there are solutions like Aptana Cloud for Java, preferably with Eclipse support. Unbeknownst to me, Java cloud support started to bloom while I was busy wriggling over SafePage’s fate … Continue reading
