Driscoll Web Development Blog

Get information, tools, news, tips, and more from the expert web developers at Driscoll Web Development.

Google

Monday, February 23, 2009

Driscoll Web Development Launches iamguiltyof.com: the social confessional

On February 19, 2009, we launched iamguiltyof.com: the social confessional. As the name of the site might imply, the purpose of iamguiltyof.com is to allow people to make anonymous confessions of guilt and follow others' confessions in real-time.

We're very happy with how our first weekend went: iamguiltyof.com drew over 1,000 visits from over 700 unique visitors in just 4 days. In order to keep the momentum going we've added a Twitter bot into the mix so that users can tweet their confessions and see them posted on iamguiltyof.com AND get updates on their confessions and others' confessions via the bot's timeline (for more information on the iamguiltyof.com Twitter bot, read this).

Some of our users have drawn comparisons between iamguiltyof.com and similar sites, but most (if not all) have cited that iamguiltyof.com offers a distinct advantage with its real-time delivery of confessions to users. That, we believe, along with multiple points of entry to the application and a clean and simple interface not unlike that of Twitter, makes iamguiltyof.com a leader in the social confession / gossip space.

But, don't take our word for it: we strongly encourage all readers to go to iamguiltyof.com and check it out for themselves. Furthermore, we'd love to hear your feedback on the site, either via comments to this post or via the feedback form that is available on iamguiltyof.com

Labels: , , , ,

Tuesday, January 27, 2009

Now Available: The BitlyXAPI Library for .NET Development

Introducing: the BitlyXAPI library for .NET development!

This library allows .NET developers who wish to leverage the Bitly API in their applications a way of quickly implementing the Bitly API in their libraries/apps without having to worry about the plumbing, constructing calls, etc.

The zip file includes the BitlyXAPI DLL, a sample application (with source code), and documentation.


Download the BitlyXAPI package here:
http://bit.ly/gnBS
http://driscollwebdev.com/downloads/BitlyXAPI/BitlyXAPI_1.0.zip

Labels: , , , , , , ,

Tuesday, February 12, 2008

Piping Up About Yahoo! Pipes

Syndicated content is, in my opinion, the boon of the Web 2.0 age. Both casual and power internet users incorporate feeds into their daily lives - some without even realizing it. Syndication allows us to quickly and easily get the up-to-date information that we want or need with a minimum of effort (given readily available consumption mediums such as desktop readers, mobile devices, web browsers, and email clients).

Of course, syndication does have its downsides. One problem is that of "over-subscription", meaning that a feed consumer is subscribed to more feeds than he can possibly read in a reasonable amount of time. Couple with this problem the fact that many feeds contain the same (or very similar) content, and it's easy to see why the novelty wears off for most users. Add, just for fun, the fact that most people who subscribe to syndicated content do so through different consumption media, and the world of syndicated content consumption becomes a mess rather quickly.

Take my father-in-law, a devout New England sports fan, for example. A recent inspection of his home computer revealed that he is subscribed to several different sports-related feeds, including: 1 feed for score updates, 1 feed for news, and 2 editorial blog feeds. I suspect that my father-in-law has also subscribed to these same four feeds on his computer at work. So, in total, he has loaded eight separate URLs and clicked on a "subscribe" link (or icon) eight separate times in order to get his daily sports fix, which seems like a lot of work.

Shouldn't there be an easier way?

Enter Yahoo! Pipes

If you've never heard of Yahoo! Pipes, you're probably wondering what it is exactly. Put simply, it's a way to aggregate (and/or manipulate) content from multiple sources, and output that content to a single source. Anyone with a Yahoo! account can create new Pipes, and the surprisingly intuitive drag-and-drop interface makes it as easy as can be to aggregate content from multiple sources.

For my father-in-law, I fetched the sports news feed from ESPN, scores from totallyscored.com, and his hometown team blogs from the Boston Globe. With the data in hand, I filtered the ESPN feed to include only news for his teams and sorted all of the data by date (most recent first). Then, I simply saved and published my new Pipe, and it was all ready to go. But, to make my new Pipe easy to remember, I used Yahoo's convenient pipe naming feature... so now I can always find it at http://pipes.yahoo.com/driscollwebdev/newenglandsports

So now my father-in-law only has to put one address into his feed reader in order to get caught up on his teams' news, scores, and editorials. Truthfully, though, I haven't even gotten to the part where Pipes shines.

Let's say that my father-in-law decides that he wants to add another blog and another news feed to his syndicated content. Under the old regime, he would have to subscribe to each in all of his feed readers, meaning that he would have to type the URI into his browser and then click 'Subscribe' at least twice (four times if we assume that he'll do it at work too).

But with Pipes, all he has to do is log in and add the URI to the list of feeds already aggregated in his Pipe... and that's it. There's nothing else to subscribe to because he's already subscribed to the Pipe - so the new data will just start flowing in to all of his reader applications!

From a developer's perspective, Pipes is a great shortcut for the kind of work that would normally take up quite a bit of time. Rather than spending time creating the code to filter, sort, and format syndicated content from multiple sources, we can simply retrieve our new Pipe's RSS feed and use the pre-formatted, pre-sorted, and pre-filtered data in whatever manner we choose. This allows us to focus more on building a cool application (a Boston-sports-skinned SpringWidget perhaps), and less time worrying about data cleanliness.

I've only really scratched the surface here of what Yahoo! Pipes can do - I highly recommend that you give it a try for yourself. If you want to see some examples of our Pipes, you can check them out at http://pipes.yahoo.com/driscollwebdev.

Brian

Labels: , ,

Friday, December 21, 2007

Technology for the Holidays

So in case you haven't heard, Christmas is right around the corner - which means 2008 is coming up fast. We're gearing up for a new year at DWD, and we have some pretty cool prospects in front of us for oh-eight.

First and foremost, we're all-in on a consulting contract with one of the Philly area's leading WBT/E-Learning software development firms. We've spent a few weeks with the folks at this growing company, and so far it has been a blast. We're looking forward to working with them throughout 2008.

"Hey, what's with the title?!? I thought this post was supposed to be about technology?", you might be wondering aloud.

Well, fear not, we have some juicy tidbits for you from inside the walls of DWD!

As part of our contract with the aforementioned E-Learning firm, we've been looking into new ways to develop and deliver the firm's software. What did we find? We found the Flex 3 beta SDK and Adobe AIR, of course! After unzipping everything and flying through the code in the sample apps, we put together a few POCs for our client. All told, it was a lot of fun playing around with Flex and AIR, and we already have some ideas for some desktop RIAs that we plan to work on in our spare time.

While we wouldn't qualify this as a review of either Flex or AIR, they do have their downside - most notably the fact that Adobe has opted not to support Flex or AIR development in pre-CS3 versions of Dreamweaver and Flash. This is not very surprising, of course, as Adobe is doing everything it can to bring users of the Macromedia product line into the CS3 fold. However, it would be nice if Adobe gave some consideration to those who purchased Macromedia Suite 8.0 just before the merger was announced.

Seeking an IDE that would support both Flex and AIR development, we came across Aptana Studio 1.0. At first seemingly lightweight, we found some pleasant surprises in Aptana Studio's plugins to support AIR, PHP, AJAX, and Ruby on Rails development. We were also quite happy to find that we could build in support for Flex development simply by specifying the Flex compiler. What's more, Aptana Studio includes several Javascript libraries for RIA development - including Scriptaculous, Yahoo! UI, MooTools, and several others. Best of all, Aptana Studio supports iPhone application development via plugin, which is really exciting (almost as exciting as an iPhone under the tree).

As you can see, we have a lot to look forward to in the new year, and we hope you do as well. Happy and Safe Holidays from us to you... We'll see you in 2008!

Brian Driscoll
Owner, Driscoll Web Development

Labels: ,

Friday, November 30, 2007

4 Ways to Keep Your Forms Safe

It's every webmaster's deepest fear, and as developers we hear about it more and more each day: brute force attacks on online forms that litter websites, databases, blogs, forums, and inboxes with unwanted Spam. From the webmaster's perspective it's both tedious and costly to remove database records and blog/forum comments that promise everything from free Viagra to... well, things we won't even mention here. And, not only do these Spam attacks cause eyesores in visual content, they also eat up bandwidth and storage space - both precious commodities these days.

Here are some ideas for webmasters and web developers to implement in order to keep their forms from becoming targets for Spam attacks.


1. Validate Form Input on the Server
This seems like an obvious step to take, but there are still so many websites out there that do not implement server-side validation of form input. Web developers often complain that server-side input validation impedes usability and page flow by adding an additional step to the form-filling process, but the rise of AJAX has rendered that complaint all but obsolete. Current technologies such as AJAX make communicating with the server in real-time (as the form is being filled) possible, thus form inputs can easily be validated on the server without causing headaches for the end-user. We recommend using Regular Expressions to search for unwanted input.

2. Implement CAPTCHA Verification on Your Form
CAPTCHA, short for "Completely Automated Public Turing test to tell Computers and Humans Apart", is quickly becoming the de-facto standard for protecting forms against brute force attacks. The method typically involves the use of an image that contains heavily distorted text on a "noisy" background (see image below). The way in which the image appears prevents computers from successfully solving the problem of identifying the character sequence, however to a human it's easy to see that the words are "following" and "finding."



We subscribe to the DRTW principle when it comes to this topic, so we highly recommend implementing a third-party CAPTCHA solution on your form rather than trying to code it yourself (freeCap, available from pureMango, is our favorite). However, if you're really in an ultra-nerd mood and want to see how it's done, we recommend taking a look at this article.

3. Make Your Form Un-searchable
If the page that contains your form shows up in search engine results, you're pretty much asking to be spammed. There are four things that you can do to get your forms out of search engine results:
  • Add a <meta> tag to the <head> of the page to keep search engines from indexing your form page.
  • Create a robots.txt file and upload it to the root directory of your web server to keep search engines from indexing your form page.
  • Remove all <url> elements from your sitemap that contain references to your form page.
  • Request that the specific URL for your form page be omitted from search results (See Yahoo! SiteExplorer and/or Google Webmaster Tools for more information on this).
Of course, many webmasters and business owners bristle at the idea of making their forms "invisible" to the eyes of potential visitors, but in our opinion the benefits of doing this outweigh the risks of being spammed.

4. Make Your Form Load Dynamically
The idea of loading page content dynamically from a database or script when the page loads is certainly not a new one. However, when it comes to forms, most developers hard-code form elements into the page. A dynamically loaded page is nearly impossible to cache, making it nearly impossible for attackers to find (the attacker's user-agent would have to load the page in order to discover the form).


It is difficult to guarantee the safety of online forms against malicious attacks. As much as we use new technologies and coding practices in our work, those who seek to do us harm are learning those same technologies in an attempt to find ways to exploit them. So, while these 4 tips will help you a great deal to keep Spam attacks from occurring on your website, you should always be looking for new and different ways to secure your form from attacks.

-DWD Staff





Labels: , ,