$3k Bug Bounty - Twitter's OAuth Mistakes

by @edent | # # # # #
A Twitter login screen. Highlighted is the information that it cannot access your DMs.

Imagine the scenario. You're trying out some cool new Twitter app. It asks you to sign in via OAuth as per usual. You look through the permissions - phew - it doesn't want to access your Direct Messages. You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and […]

Continue reading

PodCast review: This Week - The Musical

by @edent | #

Take a listen It is a delightful twist on the usual podcast fare. Genuinely joyous, and giggle-inducing. Definitely worth adding to your ever-growing roster of digital downloads.

Continue reading

Open Glasgow's Moral Maze

by @edent | # #
The Glasgow Open Government Licence. Highlighted is a passage saying the data cannot be used for illegal or immoral purposes.

Glasgow City Council has released a treasure-trove of open data. Nearly one-hundred datasets ranging from Live Traffic Information - to historic climate data. A fantastic boon for researches and open government enthusiasts. But there's a sting in the tail. The majority of the datasets are under the Open Government Licence (OGL). That's basically Creative Commons […]

Continue reading

Using the WordPress mShots Screenshot API

by @edent | # # # | 4 comments | Read ~152 times.
The Logo for WordPress

A few years ago, I wrote about Google's secret screenshot API - a slightly cumbersome way to take website screenshots for free. There's another service which you may find simpler to use - mShots from WordPress. Here's how it works: Take any website link: https://twitter.com/JennyVass/status/1067855777040338944 URL Encode it: https%3A%2F%2Ftwitter.com%2FJennyVass%2Fstatus%2F1067855777040338944 Add it to the end of […]

Continue reading

Top 10 reasons to attend an all-male event

by @edent | # # # # | Read ~231 times.

There's been lots of talk recently of the dearth of women attending technical conferences. This problem is blown out of all proportion! There are many excellent reasons to attend an all-male tech event: Reduced chance of having an affair while away on business ⚤ Hetrosexuals only! Won't accidentally mistake a CEO for a cocktail waitress […]

Continue reading

Major sites running unauthenticated JavaScript on their payment pages

by @edent | # # # # # # | 9 comments | Read ~23,350 times.
HTML code from Spotify.

A few months ago, British Airways' customers had their credit card details stolen. How was this possible? The best guess goes something like this: BA had 3rd party JS on its payment page <script src="https://example.com/whatever.js"></script> The 3rd party's site was hacked, and the JS was changed. BA's customers ran the script, which then harvested their […]

Continue reading

Building an Alexa-Powered Electric Blanket

by @edent | # # # # | 5 comments | Read ~3,376 times.

One evening, my wife turned to me in bed and said, "Winter is coming..." Well, what she actually said was "Get your frozen feet away from me, you cold-blooded monster!" The only way to save our marriage? HOOK OUR BED UP TO THE INTERNET! I couldn't find an electric blanket with IoT connectivity - so […]

Continue reading

Should you use SRI for self-hosted scripts?

by @edent | # # # | 2 comments | Read ~191 times.

Here's a curiosity which I found while stumbling through the Sony PlayStation store. The website loads internally hosted scripts using SRI (SubResource Integrity). Why? Does your work require you to swipe an ID card to access the building? That seems pretty normal. Does your work also remind you to keep your badge visible, and to […]

Continue reading

OpenBenches - some stats

by @edent | # # # # | 4 comments | Read ~185 times.
UK map covered in thousands of markers.

For the last year-and-a-bit, Liz and I have been running OpenBenches.org. An open data website dedicated to memorial benches. Here are some rough and ready numbers about how it has gone so far. 9,870 Benches At the time of writing, we're a little shy of 10,000 benches. As you can see, we have photos from […]

Continue reading

I've broken myself - dealing with RSI

by @edent | # # # | 2 comments | Read ~139 times.

I've recently been suffering from a nasty bout of RSI. Thanks to the NHS, I know it isn't full Carpal Tunnel Syndrome, which is good. But I do need to take better care of myself. My usual kit is the MS 4000 ergonomic keyboard and an Evoluent Vertical Mouse. But recently I've been travelling a […]

Continue reading