|
NtotheTC posted:If I have a file input that is designed to take files, is there a Javascript or jQuery solution to getting that file, checking to make sure it's an image, and then getting some Exif data from the image? You can check the filename to see if it ends in .jpg/.gif/etc, but you'll want to do additional server-side verification on file uploading to make sure someone's not trying to smuggle an .exe in a .jpg. You really shouldn't extract EXIF information on a file that's on another domain (e.g. before they actually upload it) due to cross-site scripting vulnerability, but you can do it. java script: can I read EXIF data from a file upload input? However, this only works on modern browsers, so if you need it to work on IE <9 or people have JavaScript turned off, you're borked.
|
# ? Sep 1, 2013 19:31 |
|
|
# ? May 8, 2024 04:26 |
|
NtotheTC posted:If I have a file input that is designed to take files, is there a Javascript or jQuery solution to getting that file, checking to make sure it's an image, and then getting some Exif data from the image? I guess this depends on what you want to do with this image. Using a CDN like Cloudinary will solve all of those problems with the added benefit of on the fly image manipulation via urls / faster load times.
|
# ? Sep 1, 2013 19:34 |
|
To elaborate, I have latitude/longitude fields on the form that I'd like to autofill from the exif data of the image they select for the file input. This is just an optional "nice to have" feature, I've already got a location picker widget (or they can input manually) for when the image doesn't have any geolocation data. I was hoping to keep it client-side if possible. But if I have to send the image data via ajax to the backend I can, that just involves more validation like you say. Edit: That stack question you posted was very useful, basically someone going down the same journey as me. It's just a quick weekend project so I'm bang in the HTML5 solution and be done with it. Thanks! NtotheTC fucked around with this message at 20:37 on Sep 1, 2013 |
# ? Sep 1, 2013 20:03 |
|
daggerdragon posted:You can check the filename to see if it ends in .jpg/.gif/etc, but you'll want to do additional server-side verification on file uploading to make sure someone's not trying to smuggle an .exe in a .jpg. Um, what? There is no XSS vulnerability involved here, unless you execute the image data or something equally insane, and anyway, we are loading up an image from the user's hard-drive, what are they going to do? Hack their own account? Yes you can absolutely open up local files from a file input and poke around in them using FileReader. Yes this won't work in older browsers but this isn't 1998, people actually keep up to date (though of course your particular situation may be different and you might have specific browser requirements... most people don't though). Here is how to do it.. There is nothing insecure about it, it is a perfectly valid technique, just requires a somewhat recent browser.
|
# ? Sep 2, 2013 01:31 |
|
IMlemon posted:I don't know anything about web development apart from very basics of html, css and javascript and I want to build a website. I'm rather overwhelmed by the choice of available javascript frameworks and libraries. What I want to do is pretty drat simple - fetch some data from my backend and display it, create some graphs, do some sorting/filtering on the data, etc. I will not be modifying any of this received data. Should I bother with any frameworks or should I just grab jQuery and some widget library and get to work? jQuery is probably the best thing to start out with. Hot new poo poo like Angular is probably going to come off as way too weird and won't really buy you anything useful. jQuery is a good middle-ground between "useful" and "crazy JS magic".
|
# ? Sep 2, 2013 01:34 |
|
On the other hand, Angular is pretty popular and does let you do things like graphing.
|
# ? Sep 2, 2013 03:15 |
|
Having some problems in IE/IIS using custom fonts. Currenlty I am implementing ~5 different fonts using @font-face. The syntax for this declarations correct. I am testing in firefox, chrome, ie/8/9/10. I am not accessing the page using 'localhost' at any time. Senario 1: accessing page using https://www.dev.site.com/page from server firefox: works ie/8/9/10: works chrome: works Senario 2: accessing page using https://www.dev.site.com/page from outside server firefox: works ie/8/9/10: does not work chrome: works It is strange because I am not using localhost to access the site. I added Network Service to full control on the directory and that didnt seem to help Anyone have any thoughts? I am using the fully qualified domain in both scenarios. My IE browser is set to allow downloading of custom fonts.
|
# ? Sep 3, 2013 20:04 |
|
DholmbladRU posted:Having some problems in IE/IIS using custom fonts. If you're using some kind of ASP with a web.config, are you serving the right MIME types for the fonts?
|
# ? Sep 3, 2013 20:28 |
|
Huragok posted:If you're using some kind of ASP with a web.config, are you serving the right MIME types for the fonts? Yup all are added to IIS mime.
|
# ? Sep 3, 2013 20:32 |
|
Are you testing from a different computer, or just putting your same computer on an outside network? Also, post your @font-face declaration. IE can be pretty bitchy if it's not in the correct format.
|
# ? Sep 3, 2013 20:42 |
|
Bognar posted:Are you testing from a different computer, or just putting your same computer on an outside network? Thanks for the input. I used font squirrel website or what ever it is called to help build font-face declaration. Currently I am VMed into my server using a fully qualified domain name from that vm all fonts work in all browsers. However if I access the site using the same url from a different machine the fonts will not work in IE
|
# ? Sep 3, 2013 20:44 |
|
I'd open IE 10 on the machine outside the network and access the developer tools (F12). On the Network tab, click 'Start Capturing' and reload one of your pages with Ctrl+F5. From there you can see if the request for the font was made, if it failed, and what type of error code there was if it did fail.
|
# ? Sep 3, 2013 21:23 |
|
Oh My Science posted:They currently use http://www.onprint.com/platform/ and pay about $250 a month to keep it running. The driving force behind finding something new is that customers simply do not use the 'design your card online' feature and 95% of his customer base uploads a file or has the in house designer do it. OnPrint doesn't pay for itself, and moving over to something similar would have the same problem. Now this may have been bad marketing on his end, but I can't remember the last time I really wanted to browse through a hundred pre made designs online instead of just uploading my own. Hey sorry about the delay on this, I generally read CoC when I have downtime and that commodity mysteriously disappeared in the last little while. Given what you've said above I'm guessing the fastest approach would be would be shopify + ring fenced upload section. There's even plugins that allow it (e.g. http://apps.shopify.com/user-photos) but if you know your way around the Shopify API I'm guessing it'd be trival to make your own.
|
# ? Sep 3, 2013 21:40 |
|
Not really sure how to phrase this (and therefore how to search for it), but are there any test suites out there for sanitizing input with Javascript? Like "these are all the known ways someone could insert a script tag into a wiki," or something. This is just toy project – I'll only ever be endangering myself – but I'd still like to learn more about being safe. For reference, I'm tinkering with a Node-based, Markdown-oriented wiki.
|
# ? Sep 4, 2013 02:08 |
|
I'm a little confused. Are you looking for a library that will test your forms with various known problematic strings, or are you looking for one that will sanitize input against those known problematic strings?
|
# ? Sep 4, 2013 02:14 |
|
tarepanda posted:I'm a little confused. The latter, I think. But the former would also be useful.
|
# ? Sep 4, 2013 02:18 |
|
Something like this? http://jqueryvalidation.org/documentation
|
# ? Sep 4, 2013 02:30 |
|
Cross posting this from the Working in IT thread 'cause I think it fits pretty well here too. I have a question. Currently my title is Web Developer. I've worked at my current job for two years and have a BS in IT and a BA in Psychology. I'm strong in Photoshop, HTML/CSS/JavaScript, and I've had some significant exposure to PHP/MySQL and ASP.Net (I develop most of our sites in SharePoint). I like all this stuff. But the problem is, being sort of the "general web guy", I also do a ton of simple miscellaneous website upkeep and boring content editing. I'm eventually wanting to move to a position that focuses almost entirely on web design + development, cutting out the aforementioned boring monkey work. A position where my design skills are allowed to shine, and my dev knowledge is the backbone. What's a typical title for the position I'm describing? User Interface Designer? User Experience Developer? Additionally, what should I begin learning/practicing/devoting my spare time to in order to best prepare for this position? I should also say that a big part of wanting to change is pay. Looking at Salary.com, I see the median salary for "Interface Designer - Web" is over $80k, about 35% more than I'm currently making. And the description of that position is pretty much what I do now.
|
# ? Sep 4, 2013 18:39 |
|
caiman posted:Cross posting this from the Working in IT thread 'cause I think it fits pretty well here too. My $0.02: I think it's better to focus on either the development "backbone" or the UX design. There are plenty of programmers out there with programming degrees and whatnot, most projects will require more then one person so needing someone that does both things in significant amounts is actually very rare in my experience. It is more common doing "bit jobs" and contract work but that is the opposite of where the money is. I broke into full-time serious programming from just general "web-design" and it worked out well for me. Web programming still requires some specific knowledge above generic programmers with comp-sci degrees - like, they can usually do it just fine, but they won't be as aware of the gazillion html/css gotchas and knowing the HTTP spec by heart and the big security no-nos. So it pays quite well even without a degree, and eventually you've just done so much programming that you can hold your own against people with proper degrees doing non-web programming. So that's the one option. The other option IMO has much better potential because full-time, proper UX designers are actually impossibly hard to find. It's easy to hire a bunch of smarty-pants programmers for your project but then they come up with "programmer's interfaces" and you realize you know need someone whose primary occupation is... not doing that. And it turns out they cost a fortune. The big inherent draw-back is that the thing that makes UX people so hard to find is that there isn't really an accepted "UX design" program or accreditation, you pretty much have to go on their portfolio, but that in turns means that you will only be as employable as your portfolio. If all your work is some proprietary product behind a firewall or paywall that nobody knows about, it's tough making your case. You also pretty much have to work as a contractor because most projects just don't need a full-time UX person - it's something they need to be done as a "pass" during different phases of the project - e.g. once during the initial planning, and again as a troubleshooting after the fact. Some full-time positions exist, but they are very few and far between. Like, google probably has less then a dozen. Apple another half-dozen maybe. Microsoft probably has more then that but that's because they are terrible at cohesive team building. But these are the sort of numbers you are looking at for full-time employment, so you can't very well plan on it. So yeah, contracting. Again, it pays preposterously well when you get it going, but it comes with all the usual strings attached: you have to take care of all the petty time consuming bullshit (insurance, keeping books, paying the office rent, managing your "brand") and you live and die by networking. If you are are completely devoid of salesmanship, interpersonal skills and self-direction, you're going to have a bad time. Either way, there isn't a day when I don't thank my lucky loving stars for having stumbled into this field, because once you get over the "lovely contracts" hump it is one of the very very few places left that is actually reliable and well paid which doesn't depend on either a) not having been born before the 80s or b) knowing a guy. Cheers!
|
# ? Sep 4, 2013 19:05 |
|
So how much html/css/js skill does a UX designer typically utilize?
|
# ? Sep 4, 2013 20:25 |
|
caiman posted:So how much html/css/js skill does a UX designer typically utilize? Depends on the size of the company and their resources. I think a lot of small companies use UX and UI design incorrectly in their job postings.
|
# ? Sep 4, 2013 20:33 |
|
Mr. Wynand posted:The other option IMO has much better potential because full-time, proper UX designers are actually impossibly hard to find. It's easy to hire a bunch of smarty-pants programmers for your project but then they come up with "programmer's interfaces" and you realize you know need someone whose primary occupation is... not doing that. And it turns out they cost a fortune. The big inherent draw-back is that the thing that makes UX people so hard to find is that there isn't really an accepted "UX design" program or accreditation, you pretty much have to go on their portfolio, but that in turns means that you will only be as employable as your portfolio. If all your work is some proprietary product behind a firewall or paywall that nobody knows about, it's tough making your case. You also pretty much have to work as a contractor because most projects just don't need a full-time UX person - it's something they need to be done as a "pass" during different phases of the project - e.g. once during the initial planning, and again as a troubleshooting after the fact. Some full-time positions exist, but they are very few and far between. Like, google probably has less then a dozen. Apple another half-dozen maybe. Microsoft probably has more then that but that's because they are terrible at cohesive team building. But these are the sort of numbers you are looking at for full-time employment, so you can't very well plan on it. So yeah, contracting. Again, it pays preposterously well when you get it going, but it comes with all the usual strings attached: you have to take care of all the petty time consuming bullshit (insurance, keeping books, paying the office rent, managing your "brand") and you live and die by networking. If you are are completely devoid of salesmanship, interpersonal skills and self-direction, you're going to have a bad time. I'd like to expand on this as a UX professional. Mr. Wynand is correct in that the demand for proper UX is incredible; there are at least an order of magnitude fewer of us than there are of engineers. And he is also correct that it is a remarkably squishy term, which makes both hiring difficult, and interviewing difficult, because every company has a slightly different idea of what they're hiring for. Companies that are the size of Google likely have dozens (if not hundreds) of people on their design teams. Roughly half of that will be visual design. The next largest contingency falls under the "UX" umbrella: UX, interaction design, IA, UI design, etc. The remainder will be comprised of user researchers, design project managers, management, prototypers, and various leads and strategists. If you want to get into UX, you need to know what you want to do. Most large design organizations are firewalled (either explicitly or implicitly) from development. UX within these kinds of organizations is completely code-free. You'll spend your days wireframing with tools like Balsamiq or Axure or Omnigraffle, or perhaps producing higher-resolution mockups in tools like Photoshop. You may be embarking on user research projects: Quantitative surveys, ethnographic interviews, user testing, etc. You'll probably be in a room with product managers and engineers, whiteboarding out solutions to various requirements. You may feel stymied by process. In smaller organizations, the role of UX is more expansive. In general, UX occupies that muddy area between product management, visual design, and engineering. Silicon Valley startups tend to want designers that can produce beautiful, pixel-perfect production assets, implement wonderfully simple front-end interactions, and then test products with real users. This is a unicorn hunt. These people are exceedingly rare. Really good UX designers are generally centered around responsiveness to user needs – you mentioned your degree in psychology, which underpins the human-centered design community – and have a strong competence in another, adjacent field. So, UX + really good visual design, or UX + really strong technical skills, or UX + really good market and user research skills. Average UX designers mostly stick to the requirements, crank out wireframes, and are generally content in their role within a much larger organization/process. I tend more toward the UX + technical skills camp (although you can see by questions earlier that I don't call myself a developer). Whether designers should code or not is a huge debate within the design community. Personally, I think designers should know how to code, but I do not think it is a good idea to actually work on production code. Design is about constraints – financial constraints, time constraints, engineering constraints, etc. When you make yourself responsible for production work, the constraints of that job can compromise the design. There's always a healthy tension between how "ideal" user interface works and what can reasonably be built, but being both designer and engineer makes the constraints much more pronounced. I think a better approach is hacking prototypes: A prototype communicates design ideas more powerfully than a set of static wireframes, and it offloads the kind of throwaway work that a lot (but certainly not all) engineers hate. Bottom line: UX is a very lucrative field, but it runs the gamut from "never touch code/rarely talk to engineers" all the way to "one man stop for all things front-end." Figure out what you'd like to be responsible for, and chances are there is a someone hiring for that right now.
|
# ? Sep 4, 2013 20:50 |
|
As much as PHP gets poo poo on around here, is there any trend of it declining in use among top high-traffic websites? I like playing around with Rails and Django, I'm just curious about how things are progressing. Are things trending more toward MVC-friendly setups like Ruby and Python frameworks? Toward HTML5? Or is PHP still the frontrunner? Or, professionally speaking, is .NET the go-to development platform when it comes to "top" websites? Mostly just things I'm curious about. I love learning about web development, even though it'll more than likely just stay a hobby since my main IT focus is networking. But it's still interesting to me to know how things are trending on the backend.
|
# ? Sep 4, 2013 21:31 |
|
Mr. Wynand and Kobayashi, thanks for the great replies. Are there any resources/books/sites/whatever you'd recommend to prepare myself for a UX career? I've already found https://www.uxmastery.com and am finding it pretty informative.
|
# ? Sep 4, 2013 21:51 |
|
None whatsoever, I'm pretty much all code all the time these days, sorry. (However, the one set of books I read on the subject that I think has prevented me from doing any particularly great harm in my "programmer's interfaces" are Donald Norman's The Design of Everyday Things and Don't Make Me Think, but that's pretty 101-level stuff.)
|
# ? Sep 4, 2013 22:11 |
|
QPZIL posted:As much as PHP gets poo poo on around here, is there any trend of it declining in use among top high-traffic websites? "top" websites like Google, Twitter, Instagram, Pinterest, It's tough to say what the future will bring, but learning something *other* than .NET and PHP will serve you well. Rails and Django are good choices, but there are many others. My $0.02, and I hope somebody else will offer a "no way, PHP is the way!" reply, because I may well be out of the loop, since I've done everything in my power to avoid that awful, awful language for the last several years. Lumpy fucked around with this message at 23:35 on Sep 4, 2013 |
# ? Sep 4, 2013 22:20 |
|
Facebook uses PHP.
|
# ? Sep 4, 2013 22:22 |
|
Thermopyle posted:Facebook uses PHP. They used to. I think some stuff still runs a homegrown version, but (and I could be mistaken) that more and more of their stuff was not running PHP any more. Here's some info: http://www.zdnet.com/blog/facebook/why-facebook-hasnt-ditched-php/9536 that article posted:There is also a lot of industry precedent indicating that re-writing an entire codebase in another language is usually one of the worst things you can do, so at all levels there is a reluctance to do that. The preferred strategy is to write new components in a de-coupled manner using a better language of choice (C++, python, Erlang, Java, etc); this is easily facilitated by Facebook's early development of thrift, an efficient multi-language RPC framework. This also helps avoid the worst effects of PHP: it can be totally avoided in subcomponents where the language is grossly-unsuitable. The broad effect is that the overall codebase slowly evolves away from depending as heavily on PHP, with the components that are still in PHP being written in tightly-controlled, disciplined ways by veteran members of the staff. Hmm, so they do still use it more than I thought. Interesting! Lumpy fucked around with this message at 23:36 on Sep 4, 2013 |
# ? Sep 4, 2013 22:30 |
|
I code in PHP and I really don't see the big deal with it. Granted this is mostly with existing backends like WordPress but I can get it to do just about anything I need. Granted, I am not as hardcore as most here.
|
# ? Sep 4, 2013 22:32 |
|
I'm a PHP programmer by trade, and if using a framework like Laravel, it becomes nearly on par frameworks that don't still have cryptic error messages in Hebrew. It's also been around forever, so you can pretty much find a solution to any issue. Couple that with the shitzillion plugins on Composer, and it's pretty drat good.
|
# ? Sep 4, 2013 22:43 |
|
Winter is Cuming posted:I'm a PHP programmer by trade, and if using a framework like Laravel, it becomes nearly on par frameworks that don't still have cryptic error messages in Hebrew. It's also been around forever, so you can pretty much find a solution to any issue. Couple that with the shitzillion plugins on Composer, and it's pretty drat good. I've just done a bit of this for a contract. It was fine. PHP has always been fine (well, save for the famous HOLY poo poo WHAT WERE THEY THINKING stuff e.g. register_globals). I would never make it my full-time job, nor do I see a reason to actually choose it over anything else, but people keep acting like they'll catch cooties if they even open up a PHP file. It's still made up of if statements and function calls and poo poo, you're going to live through it. It's not even that weird a language. You want to see some poo poo, try ColdFusion or AppleScript.
|
# ? Sep 4, 2013 23:57 |
|
Mr. Wynand posted:I've just done a bit of this for a contract. It was fine. PHP has always been fine (well, save for the famous HOLY poo poo WHAT WERE THEY THINKING stuff e.g. register_globals). I would never make it my full-time job, nor do I see a reason to actually choose it over anything else, but people keep acting like they'll catch cooties if they even open up a PHP file. It's still made up of if statements and function calls and poo poo, you're going to live through it. It's not even that weird a language. You want to see some poo poo, try ColdFusion or AppleScript. The only reason people act like they'll get cooties is because there's like 2500:1 PHP developers versus other developers all over the internet. So, when someone says HOW I MAEK WEB SITEZ, PHP inevitably gets recommended. It's like...yes, I can use this to build a house: (I swear I didn't go searching for a PHP hammer, I just did an image search for "lovely hammer") But why when I can use this or a dozen other high-quality hammers? Or even this? If you know better and yet everywhere you go people go "USE A lovely HAMMER", most people are going to (quite reasonably) stop saying "That is a recommendation that can get you a great house, however you may want to check out these other options if your use case will allow you to move away from the PHP double-clawed hammer" and start going "gently caress you to hell for even mentioning PHP".
|
# ? Sep 5, 2013 00:56 |
|
Thermopyle posted:The only reason people act like they'll get cooties is because there's like 2500:1 PHP developers versus other developers all over the internet. So, when someone says HOW I MAEK WEB SITEZ, PHP inevitably gets recommended. Well said. PHP in and of itself is not the devil (although some would argue that), and you certainly can write clean, well thought out code in it. So I guess the biggest "problem" with PHP is that it's rare you live on an island where you are the only developer. Since PHP makes it easy to write awful code, and it's "baby's first webz language" the hell of PHP is mainly other people, and the code they write. Which you then have to debug. Or support, or...
|
# ? Sep 5, 2013 13:12 |
|
0 down vote favorite I have implemented @font-face for a number of fonts on a website. This is an asp website hosted on IIS7. Currently I am testing with FF23, Chrome, IE8/9/10. I am having some difficulties with the fonts in IE. When I am not accessing the webpage from my server the fonts will render properly on FF and Chrome, however on all the IE browsers they will not. When I am accessing the website on the server(2008 r2) I am using the same URL(fully qualified domain name). When I am accessing not on the server I am using the same fully qualified domain name. Both the fonts and the website are hosted on the same machine(same domain). There are no errors thrown by @font-face in FF or Chrome, not sure how to check in ie. code:
|
# ? Sep 5, 2013 15:51 |
|
When it comes to PHP, I end up thinking "Knowing what I know now, why would I ever use PHP over <other web framework>?" I can't think of a single thing that PHP does other than be prolific. And I wince when people say "Well it's popular so if you're new you can always find out what you need to know" because it generally means "You will be able to find a code stub on a blog that you can copy and paste into your PHP file without reading/understanding it." Its main plus point seems to be "easy for new people" but this appears to hinge entirely on its popularity. It certainly has nothing to do with the language itself because from what I've seen it's teeming with ways to trip up people who aren't experienced in it. (bizzare implicit type conversion choices etc).
|
# ? Sep 5, 2013 15:58 |
|
Mr. Wynand posted:The other option IMO has much better potential because full-time, proper UX designers are actually impossibly hard to find. It's easy to hire a bunch of smarty-pants programmers for your project but then they come up with "programmer's interfaces" and you realize you know need someone whose primary occupation is... not doing that. And it turns out they cost a fortune. The big inherent draw-back is that the thing that makes UX people so hard to find is that there isn't really an accepted "UX design" program or accreditation, you pretty much have to go on their portfolio, but that in turns means that you will only be as employable as your portfolio. Kobayashi posted:Really good stuff about UX I'm aspiring to become that UX unicorn. At my current job, I'm doing everything from user research and mockups to contributing to the front-end production code. I was hired as a UI/UX designer, but quickly started doubling as the de facto front-end developer. It's a very small team, and we don't have a dedicated front-end developer (yet). I'm primarily a creative who happens to enjoy and have a knack for techie stuff like programming and engineering (took extracurricular programming classes for fun and grew up playing with Legos), so the do-all UX position is very appealing to me. Also the money is, too. It's definitely the place to be these days, especially with other ares of design like web and graphics being so saturated. I'm also firmly in the designers should code camp, especially with the prevalence of mobile and the ubiquity of people using computers and devices. So much stuff that industrial designers design these days has a digital interface, from the ATM to the dashboard of your car. I have a friend who's an R&D industrial designer for a car company, and even though his primary work is on the physical aspects of the car interior, he's still very much involved with how the digital/screen components mesh with the physical components, and having a handle on how the programmy stuff works is very helpful. Also, coding know-how makes a designer way more versatile/hireable. I don't think I'd have gotten hired if I was pure design with zero front-end coding knowledge. I'd think those specialized design-only UX jobs could only really be supported at large firms where they have a whole team of front-end devs to implement and integrate your designs, but at the smaller places, it's reeeally helpful to have coding skills to give you a leg up over your design-only peers. caiman posted:Mr. Wynand and Kobayashi, thanks for the great replies. Are there any resources/books/sites/whatever you'd recommend to prepare myself for a UX career? I've already found https://www.uxmastery.com and am finding it pretty informative. To answer your earlier question about how much HTML/CSS/JS, I'm working with HTML and CSS pretty much all the time, and I know enough JS/jQuery/general programming to make simple things happen with you click or whatever, and to go into JS files, figure out what does what, and modify the HTML markup it outputs so I can make UI improvements (i.e. strip/replace Bootstrap classes (gently caress you .span2) and unnecessary inline styling).
|
# ? Sep 5, 2013 18:25 |
|
Authentic You posted:just moved into UI/UX from an industrial design degree with graphic design and web design/dev experience post graduation (I actually haven't done any meaningful industrial design since graduating, but alas). I've been thinking about the HCI masters - Are you me? I'm suffering the bane of being "pretty good at everything" and so I'm the UI designer, graphic designer, project lead, architect, and lead developer on every project I work on. Which sucks, because it's so hard to give each of these things the attention they deserve when you are doing them all (usually at the same time) and I also find limiting myself because of time constraints (strangely enough, when I do 5 jobs at once, I'm not given 500% more time!) and because while I'm designing, I am worried "will I have time to develop this", so the UI suffers. I've been really considering getting a masters in HCI, or just forcing myself to get a new job and *focus* on one area. The problem is, I love developing too...
|
# ? Sep 5, 2013 18:35 |
|
Dynamic favicons http://lab.ejci.net/favico.js/ Anyone tried this? It looks pretty cool.
|
# ? Sep 5, 2013 20:08 |
|
Assets over HTTPS question: I have a dashboard that customers log in to and the dashboard loads a bunch of images from a HTTP s3 bucket, leading browsers to display the "are you ok with seeing insecure content?" message box, which I believe scares the poo poo out of our users. Our static site right now is served from an ec2 box with nginx with a ssl cert, so I could move all of the assets over there as well, but I'd really like to stop having a separate machine just to deliver static content. I'm pretty happy with gzipping all our stuff and uploading it to S3, except then I lose SSL, which isn't cool. I believe CloudFront can do SSL with custom certs, but that's $400 bucks if I remember correctly. I'd like to spend around $0 on this if possible, and still drop the need to have a box for it. What are my options? Has anybody found a reliable and dirt-cheap way to host static https content without a box?
|
# ? Sep 5, 2013 20:54 |
|
|
# ? May 8, 2024 04:26 |
|
DreadCthulhu posted:Assets over HTTPS question: I have a dashboard that customers log in to and the dashboard loads a bunch of images from a HTTP s3 bucket, leading browsers to display the "are you ok with seeing insecure content?" message box, which I believe scares the poo poo out of our users. That's because it usually is insecure The point of https is (among other things) to protect against MitMs, e.g., someone on the user's LAN or WiFi or (less likely) upstream anywhere on the routing path to your server. Allowing your images to be manipulated is certainly less dangerous then other things (like js, flash or css), but still allows some funny-business, like (off the top of my head): - Being able to read the https URL which may have an sid in it if you're dumb. - Being able to read cookies which is a very big deal, though this can be defended against quite easily by setting the secure flag on your cookies (but did you?) - Allowing all sorts of fun social engineering attacks just by displaying images that prompt the user to do something dangerous. quote:Our static site right now is served from an ec2 box with nginx with a ssl cert, so I could move all of the assets over there as well, but I'd really like to stop having a separate machine just to deliver static content. I'm pretty happy with gzipping all our stuff and uploading it to S3, except then I lose SSL, which isn't cool. I believe CloudFront can do SSL with custom certs, but that's $400 bucks if I remember correctly. I'd like to spend around $0 on this if possible, and still drop the need to have a box for it. You know HTTPS is supported out of the box with S3 right?
|
# ? Sep 5, 2013 21:10 |