Category Internet

Rails3 Critique Tidbit: html_safe, raw() and h.

One of the most annoying thing with Rails has always been how it provides for convenience at the expense of uncertain (and sometimes shady) abstraction implementations. It's a great framework for prototyping, yet there are reasons why quite a few people are skeptical about it. Nevertheless, in the truest tradition of Ruby, Rails provides a pretty clean way to do web application development. Rails 3, the latest incarnation of the framework builds upon a solid foundation, offering great improvements in many areas. But not everywhere. Take for example the html_safe string escaping that supersedes 'h'. In Rails 3, all input strings are automatically escaped, unless the developer passes the string through raw() before the string. That's fine, as it's bound to make sloppy developers safer by forcing them to go out of their way to leave the string unescaped. One of the issues with this, however, is how the old way of escaping, 'h', is still around in some cases: say when you want to render a link using link_to and you use raw to provide formatting to your link (via span) and include some part of user provided input (as found in the example provided in the xss and scripting screencast at 02:20), then you have to resort --- once again --- to using 'h'. This is confusing and inconsistent; if all strings are automatically escaped, you'd expect input variables to be automatically escaped too, even if included in strings using raw().

The fad stage [of blogging] is over

That seems to be generally true; while the number of posts has most definitely gone down in most of the blogs I'm following, what remains is a relatively new and open medium that gives a podium to so many capable, willing and knowledgeable people. Not in a 140 character haiku, but in an unrestricted form. At the same time, I'm saddened by how many good, even great, writers have remained silent for so long (or write hundreds of quasi-sensical 'tweets'); while it shouldn't be the case, it turns out that being a fad had its advantages, in that it helped a large number of people discover and participate in it. If anything, I'm hopeful that the adulthood of blogs will increase, even marginally, the signal to noise ratio.

Ο Δρόμος του Τσαγιού στα Ιντερτιούμπζ!

Πάει ένας περίπου χρόνος από τη πρώτη μου παραγγελία — και το σχετικό άρθρο για το δικτυακό κατάστημα τσαγιού tsai.gr. Οι εντυπώσεις ήταν ως επι το πλείστον θετικές, με μεγάλη ποικιλία τσαγιών και βοτάνων, άμεση εξυπηρέτηση και εξαιρετικό πακετάρισμα των προϊόντων. Μεγάλη (και σημαντική) εξαίρεση οι τιμές του καταστήματος οι οποίες ήταν περίπου 20% ακριβότερες […]

Οπτικοακουστικό Αρχείο ΕΡΤ — Μέρος Δεύτερο

Τον Δεκέμβριο του 2007, έγραψα ένα άρθρο με τίτλο ‘Οπτικοακουστικό Αρχείο ΕΡΤ’. Ο λόγος ήταν η τεράστια σημασία του εγχειρήματος, τόσο για εμένα, όσο και για εκατομμύρια συμπολίτες μου αλλά και για την ευρύτερη σημασία της διάθεσης του αρχείου, μιας μοναδικής κληρονομιάς και μέρος της ιστορίας αυτού του τόπου. Παρά τη θετική άποψή μου για […]

Here comes the Cavalry!

Welcome Google! About a year since we first came up, designed and implemented Geo|Ads, Google just launched their own Location Based Advertising in the States. We always knew we were tiny. Some thought we had interesting ideas. At least now we know that they are not exactly bad from a business point of view either =) <div style="width: 480px; margin: auto; margin-top: 10px; "

Ye Olde Google Maps

Google Maps is an invariably fantastic service that has slowly become a de facto platform for easy geographic representation of data. Lots of sites use the service, APIs and tools provided to visualise, inform and project information onto maps. In Hellas (Greece), Google has — with the help of Teleatlas, the primary data provider for […]

Google Wave Developer Sandbox

I’ve been granted access to Google Wave for a bit less than a day now, and from my limited time with it I can say the following: It feels much more like an application than a web page. This is contrary to most other ‘apps’ by Google, including Google Docs, Maps, GMail, Reader etc. where […]

Γιού Τέρν.

Μια φορά και έναν καιρό… Πριν από λίγο καιρό στο podcast που κάνουμε σε ημι-σταθερή βάση με τον Παναγιώτη, τον Γιώργο, τον Αστέρη τον Δημήτρη και εκλεκτούς προσκεκλημένους, μιλούσαμε για mobile internet. Από τη συζήτηση δε θα μπορούσε βέβαια να λείπει το iPhone, μια συσκευή που ανεξάρτητα από τα δικά της πλεονεκτήματα έφερε σημαντική ώθηση […]

Slammin' Magnatune [For No Good Reason]

For some unknown reason someone [or a group of people] have been hitting Magnatune hard with credit card fraud, to the point where the company was dropped by their payment processor. This is a great example of how a good company [and one that helps artists worldwide] gets harassed by 'criminals' only to find itself punished by the very same people whose inadequate systems are responsible for the mess in the first place: Visa. John Buckman reports that Magnatune saw ⅓ of its subscriber base disappear due to this change [Magnatune is now depending on PayPal for its credit card transactions and the fact that each payment goes via another entity makes it slightly harder to charge the recurring fees subscriptions bring, without asking the users to register with PayPal etc]. As regular readers may have noticed, I am a great fan of Magnatune; both ethically and artistically I find their effort and business commendable and I have, over the years, found several excellent albums from that company. I hope that things get better for them soon. As a sidenote, I really wonder why someone would hit Magnatune in this manner. Clearly it's not aimed at getting hold of the music, given that you can get the tracks for free anyway...