Super Volatile

Krzysztof Szafranek's link blog

Hi, I'm Krzysztof and I make websites.
When I'm not making websites, I read these.
Filed under

web applications

See all posts on posterous with this tag »
 
Jul 15, 2011 / 9:32am

Permissions For Web Applications

Traditionally Web applications are untrusted, treated as potentially malicious, and hence "sandboxed" to deny them the ability to affect the user's system or access user data. As we add capabilities to the Web platform, we sometimes encounter situations where legitimate applications want functionality that must be denied to malicious applications. A natural solution is to ask the user whether such requests should be permitted.
more on weblogs.mozillazine.org

Robert O'Callahan of Mozilla compares usability of permission model of Android and web browsers.

Filed under: android   security   usability   web applications  
 
Jun 23, 2011 / 11:16pm

Whoops and hashbangs

So, yes, yes; URLs are used as a key for locating documents and resources across the web. That is all well and good. But I’m thinking; what happens when the web hosts things other than documents and resources? Like applications? Like games? Like physical objects? What happens when we need to serve humans based on other signals, such as their location, the time of day, their context, their intent?
more on tripleodeon.com

Reflections on a distinction between web resources requiring URL's and mere application states.

Filed under: web applications   webdevelopment  
 
Feb 1, 2011 / 11:25pm

Launch: Basecamp Mobile

And then Android really began to make a run. Android market share increased and more and more customers were asking for Android apps for our web apps. So we stopped and thought about it for a bit. Do we want to have to hire an iOS developer and an Android developer? That’s a lot of specialization, and we’re usually anti-specialization when it comes to development.
more on 37signals.com

When 37signals people write about what they're doing, they make it sound revolutionary and extremely creative. However, this is really the most sane approach to make mobile apps. I hope it will make more people reflect on the hype of writing native apps for closed environments that cover small fractions of the market.

Filed under: mobile   web applications  
 
Dec 19, 2010 / 1:59pm

Requiring email and passwords for new accounts

People with non-email usernames will often forget their passwords, but without knowing their email address, Instapaper can’t send them a reset-password link. Automated password resets aren’t possible at all for the 5% of customers who have passwords but non-email usernames.
more on blog.instapaper.com

Instapaper was using very liberal approach to authentication: users could provide usernames without emails and were not required to set up passwords. Now the author of Instapaper has to back off as it clearly didn't work out.

Filed under: security   web applications  
 
Sep 14, 2010 / 8:06am

The End of Bloglines is Nigh - Will Close October 1

According to a report on TechCrunch, Bloglines' parent company IAC will make an official announcement later today and shut the service down on October 1. In the early days of RSS, Bloglines was the go-to feed reader for early adopters. Over the last few years, however, the company struggled to innovate and hold on to its users.
more on readwriteweb.com

I had been using Bloglines for something like 2 years in past, so it's sad to see it go. Even more so to see that nobody even tries to compete with Google anymore.

Filed under: google   web applications  
 
Jul 31, 2010 / 11:51am

What happened to HTTP authentication?

What baffles me is that HTTP authentication hasn't been developed further.
more on rooftopsolutions.nl

Good question. HTTP authentication has been around in every browser for ages, yet each website is forced to reinvent it anyway.

Filed under: security   web applications