Document Domain

Every few years I run into an issue with JavaScript-based rich text editors and spellcheckers when they spawn pop-ups. The pop-ups open but don't function. If I open my Firebug console in the pop-up, I see something like: Permission denied for <http://assets2.mysitedomain.com> (document.domain has not been set) to get property Window.tinymce from <http://www.mysitedomain.com&gt; (document.domain has not been set). … Continue reading Document Domain

SSL in Ruby on Rails

Update The world has shifted since I wrote this solution and blog post. The popularization of Firesheep and concerted efforts in understanding and optimizing SSL performance has led to the wise trend of enforcing HTTPS everywhere. There are much better (and simpler) ways to secure Rails applications. The one aspect of my solution that I still recommend incorporating … Continue reading SSL in Ruby on Rails

Fandango and Facebook Just Violated My Privacy

I just bought tickets from Fandango to see a movie with my girlfriend later this week. On the order confirmation screen, I noticed a Facebook-looking message peek its head and then quickly disappear. I whipped-out one of my clever hacking tools and made it appear again: Yes, I see the "No Thanks" link, but the whole dialog was … Continue reading Fandango and Facebook Just Violated My Privacy

Analogies of a Parking Violation, Part One: Security Enforcement

A few days ago I couldn't find my car. After five minutes of pressing the panic button on my keychain, I realized that I accidentally left it at the community pool behind my house. My homeowner's association placed a large, 5.5x4.25" sticker on one of its windows, informing me that I had broken a community rule by leaving it there overnight and … Continue reading Analogies of a Parking Violation, Part One: Security Enforcement