Archive for the ‘Mashup’ Category

Updates to Twiike (v.0.2) – Twitter your Nike+ runs!

October 7, 2008

Just pushed an update to Twiike (figured why not make an update the same time Twitter was doing theirs).

Enhancements in this release:

  • Made signup 1-step using your Nike+ login.  This removes the need to use the “Share with friend” link from within Nike+.
  • Added pulldown menu to set default distance metric (km/mi) on your Twitter settings. This is now used for any runs published.  It’s initially set based on your Nike+ user preferences.
  • Added the user tweets to the Twiike timeline to drive additional traffic for Twiike users
  • Added retrieve your password (which is set to your Nike+ password when you sign up).
  • Added ajax progress bars to all functions that require the server to respond so users don’t think the site is not doing anything

Please keep it coming with the suggestions.  I received a ton today and would love to know how to keep making it better for users.

Post your Nike+ Runs on Twitter (Nike Plus)

October 4, 2008

Over the last couple weeks I’ve been getting more and more into running again.  While I don’t have the gumption to go run on streets since breaking my foot, I have been hoofing it on the treadmill at least 3-4 times a week.  The challenge has been that I love to update my Twitter and Facebook pages with my status and wanted a simple way to NOT have to update my runs by hand.  So today I’m releasing a VERY alpha version of what I’m calling Twiike (Twitter+Nike).  What it does is watch for me to sync my iPod after runs and posts those runs to Twitter (which I also have wired to update my Facebook status via the Twitter Facebook app).

It’s SUPER easy to use.  Basically login to your Nike+ account, click ‘Share with Friends’ in the upper right corner of the run, click ‘Send to a friend,’ enter ‘nikeplus@twiike.com’ in the email address field and click the ‘Send it’ button.  You’ll get a welcome mail that will link you to login and enter your Twitter account (or set one up if you don’t have one yet) and VOILA!  Twiike will auto post to Twitter every time you sync after a run.

I’d love feedback on what people like and what people think sucks and where it can be improved enhanced.

Click here to try it out.

Here’s what it looks like on Twitter

Injection attack vulnerability in phpMyAdmin w/ fix

November 12, 2007

phpMyAdmin

Over the last several weeks Jason Lidow of DigiTrust Group and I have been chatting back-and-forth about a number of vulnerabilities he and his team have been finding in open-source packages using MySQL and PHP. In particular, his DigiTrust Group guys have been uncovering a gaggle of exposures in phpMyAdmin, the most widely used control panel for managing MySQL from virtual hosts (I use it on more than a couple of my web apps).

Over the weekend, Jason sent over an issue that piqued my interests. It details potential injection attacks in phpMyAdmin. I hate these things. They’re dirty, and I don’t mean in the good way. The attack described would let normal users take over administrator’s accounts..

This one in particular is more evil than others I’ve come across as it’s a one-time action with an evergreen effect.

The phpMyAdmin folks have developed a patch/fix for the exposure and is now available at http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7.

The super-geeky report of the vulnerability is available here:
http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html.

To read more about Jason’s crack team go here http://www.digitrustgroup.com. These guys are probably the best I’ve seen at what they do (they actually scare me a little). DigiTrust Group has, over the last several years, turned from a few wunderkind genius hacker types to a serious consulting org that works for everyone from Fortune 1000s to small and medium-sized companies as they grow and need help finding potential IP and infrastructure exposures.

What’s an injection attack???:

This type of XSS vulnerability is also referred to as a stored or persistent or second-order vulnerability, and it allows the most powerful kinds of attacks. It is frequently referred to as HTML injection. A type 2 XSS vulnerability exists when data provided to a web application by a user is first stored persistently on the server (in a database, filesystem, or other location), and later displayed to users in a web page without being encoded using HTML entities. A classic example of this is with online message boards, where users are allowed to post HTML formatted messages for other users to read.

These vulnerabilities are usually more significant than other types because an attacker can inject the script just once. This could potentially hit a large number of other users with little need for social engineering or the web application could even be infected by a cross-site scripting virus.

The methods of injection can vary a great deal, and an attacker may not need to use the web application itself to exploit such a hole. Any data received by the web application (via email, system logs, etc) that can be controlled by an attacker must be encoded prior to re-display in a dynamic page, else an XSS vulnerability of this type could result.

Ajax thought for the day

August 22, 2007

DIV innerHTML updates are way cooler for binary actions than dealing with responses.

WipBox driving traffic to eBay listings

February 15, 2007

Pulled this stat a couple minutes ago. Last week I started posting cool eBay listings I found that were done by WipBox users. In just about 7 full days the WipBox blog pushed 417 clicks into the 3 listings I featured. Pretty neat.  Check out more on the WipBox blog or try WipBox for yourself!

click_02152007_ebay.jpg

How cool is it to see people use something you’ve built!?!?!

February 7, 2007

I was on eBay and came across several listings made using WipBox. How cool is that?!?!? Read the post and check out the listings!

http://wipbox.wordpress.com/…-wipbox-users/

Holy 45,000 pvs and 3,000 new users this week!

February 6, 2007

Yesterday and today have been INSANE on WipBox!!!  45,000+ page views and 3,000 new users in the last 2 days.

There will be a moderate update happening tomorrow night with some solid bugs/usability fixes.  Also there will be a tutorial on what  the graphs do and how to use them best. I’ve also wrangled  some resources to help get BIGGER releases done to and make it way more usable and friendly.

Please keep sending in bugs, though. I’ve been putting them into the bug tracker and have all of them slated to be addressed as soon as possible.

Also, please be patient.  I originally created this for myself to use in less than a month.  For me it works great.  But, it’s becoming VERY clear that, as more people have been signing up, I’m finding  things need to be made more usable.

J.

WipBox…WOW! 4 days LIVE -> 375 users, ~6000 PVs

January 22, 2007

What a great way to start things off!!! Had awesome feedback from people right out of the gates, was written up by Mashable and Emily Chang’s eHub, received excellent suggestions and had WAY more than expected signups.

Launching Wed, the last 4 days brought 5,987 page views, 1,968 visits and 375 registered users. Thanks to everyone for trying WipBox out!!! I’m planning some cool new additions, but definitely, let me know how I can make it better.

WipBox Traffic 01.21.2007

1,000+ Downloads of my Python POS NLP Tagger

January 17, 2007

Well with less than 4 days to go until the 1yr anniversary of the release of my Simple Python Part-of-Speech (POS) NLP Tagger, it’s exceeded 1,000 downloads. That also marks the day I learned Python as I was getting my tires changed at Costco and had 6 hours to kill. Printed out the tutorials and took them with me. Got home, figured…let’s port Mark’s C# tagger to Python. That’d be a great way to figure things out. And voila! 1,000 downloads later, it seems to have been the right idea.

Here’s the link for those who wanna play with it.

If anyone needs anything special added to it, let me know. I’m loving LAMP+Python in general and dig excuses to make things better.

Oh yeah, I guess that also means my tires are a year old now too…drat!

Better info for my eBay and Craigslist listings…

January 16, 2007

I decided at the beginning of December to play around with mashing something up. The result is WipBox (pronounced whip-box).

I was selling a couple things on eBay and got REALLY annoyed with how long it took me to get everything together, take the pics, find the right categories, find the right price and THEN research good product information for people to bid on my listings. If I simply put up the item with a decent pic and a half-assed description, I’d normally get the lower-end of my expectation range. But if I took 25-30 minutes extra and cut and pasted some detailed specs and reviews on it, I was at the high end of what I was hoping to get for it, and even in some cases I got WAY more than I expected.

That got me thinking. Well, Amazon has this great resource API that I could call to get better descriptions which I could then skin and include in my listings…and eBay has category and price info available from their API, and if I use that with a basic checklist, I could sell things more quickly and more profitably. Then I tried using it on a handful of listings and was stoked about the results. I was able to list thing 4-5x faster on either site. My auctions on eBay bumped up to an 86% success rate from the low 70s% and the closing price was about 10-20% higher that I’d expect. And my response rates on Craigslist more than doubled. A case in point was when I helped T sell her car. We couldn’t believe how many people called simply because they’d never seen such a nice listing on Craigslist. One guy even said he wouldn’t have considered it (being above 100k miles) if the listing didn’t look so good and have all of the info he needed in one spot. Kinda cool.

Well after 4 weeks of casual on-again off-again coding and stuff, I’d like to introduce the world to my little mashup, WipBox (http://www.wipbox.com). It’s in its second iteration, but I’d definitely appreciate any feedback you or your friends may have.

It was developed all on MAMP (Mac/Apache/MySQL/PHP) and deployed on WAMP (Windows-flavored). I’m using SOAP calls to the Amazon and eBay APIs; Mootools for the AJAX (which there is a ton of — but not in the hokey ways most people are using it right now) and user experience stuff; Maani charts for charting and TinyMCE for WYSIWYG editing the listings before you export.

Take a look, play with it (IT’S F.R.E.E…FREE), and let me know what you think.