Category Archives: Websites

October 14, 2015

What's the Fuss with Google's Accelerated Mobile Pages (AMP)?

It’s easy for sites with rich content to run into performance issues on mobile devices. If you’ve ever browsed a content site that has a heavy footprint on desktop, chances are, the site wasn’t the fastest you’ve ever visited when you viewed it on your phone or tablet.

Google’s Accelerated Mobile Pages (AMP) project aims to solve these issues and make the user’s browsing experience “instant”, especially on resource-constrained mobile devices. The AMP project relies on existing standards and current technologies, so how exactly does it accomplish better performance? Largely by restricting what developers are able to incorporate into their sites.

This is a really good initiative.

July 10, 2015

Wraith

Wraith uses either PhantomJS, CasperJS or SlimerJS to create screen-shots of webpages on different environments and then creates a diff of the two images, the affected areas are highlighted in blue.

Made by the BBC News dev team.

July 4, 2015
May 15, 2015

The Trojan Emoji

Andrew Nacin, lead developer of WordPress, just finished a talk at Loopconf, where he talked about a series of related WordPress security fixes that spanned two years, with the final fix included into WordPress core under the guise of Emoji support.

The code has been in trunk since January, months before the release of 4.2. But it was there under the guise of Emoji support, as “noone had any idea what it did because it was 1,000 lines of the database abstraction layer to just remove invalid characters.”

Because of how opaque the vulnerability and the corresponding fix were, the team was able to spend a very long time working on and fixing the issue, all without exposing the vulnerability to the general public.

Beautiful. (via ma.tt)

April 24, 2015
April 17, 2015

A Bank Website on WordPress

There’s a thread on Quora asking “I am powering a bank’s website using WordPress. What security measures should I take?” The answers have mostly been ignorant junk along the lines of “Oh NOES WP is INSECURE! let me take my money out of that bank”, so I wrote one myself, which I’ve copied below.

Hear, hear. I am so tired of reading the same bullshit about WordPress and security.