I thought I was being so clever when I put a content-negotiated API into TradeUps.net, my web development playground. To put it simply, a page can return the same information in different formats, depending upon the HTTP Accept: header. For example, this profile page (view only in Firefox for now) responds to a standard browser request with an HTML document, but returns JSON when it sees Accept: application/json as a header. In this case, a script on the page calls the same URL (/user/admin) again to get the map data in javascript-friendly format. That's where the weirdness starts.

Read more

Four days ago, a group calling itself the "MediaDefender-Defenders" released a torrent pointing to 700 megabytes of corporate emails from MediaDefender, a company providing "BitTorrent protection services" to record labels and movie studios. The emails expose company strategy, confidential contracts, passwords and login information, lists of servers and IP addresses, and reactions to mentions of the company in the news [read them here]. This post is a summary of recent events, along with a heaping of speculation as to what happened behind the scenes.

Read more

(No excerpt available.)

The TinyURL.com service allows you to instantly generate short URLs from long ones. For example, a link to a long URL at Wikimedia Commons becomes http://tinyurl.com/2lp8q4. Each new URL submission is added to a database, and the next free alphanumeric string is set as an identifier.

Naturally, I had to try some rather amusing subsets of the range of alphanumeric possibilities. (Read: Offensive language ahead.)

Read more

I am writing a web app that hides much of its inner workings, as any good web app should. (Why? future-proofing, security, simplicity of user experience, etc.) I chose to route all requests that involve server-side scripting through a single file, capture.php. But somewhere along the way, form POSTs stopped working! Why?

Read more