A while back I posted a simple solution for restricting website access in a situation where HTTP basic authentication couldn’t be used.

Not much more to the story, but I did make a few tweaks to my sample code. The mod_rewrite rule and javascript have been a tiny bit improved, so now after a successful login, it will try to redirect you to where you intended to go. (Previously, it always sent the user to /) 

Also, in the comments I made it MUCH clearer that this is NOT intended to be a secure solution, just a simple way to keep Google and random people out of things. Anyone with a basic knowledge of HTML/Javascript/Cookies (or less than basic) could read the source and figure out how to create the “secure” cookie, and BAM they’re in like Flynn.

I’m solidly impressed with the WPMU Plugin Commander. One thing that seemed odd to me about WPMU was that I either enable users to have plugin control, or NO ONE (not even the site admin) has the ability to enabled/disable plugins (without a lot of hacking).

This plugin provides a control panel where I can globally enable/disable plugins, set plugins to be auto-enabled for new blogs, and give users the ability to enable/disable only selected plugins.

The perfect scenario is, I want to auto-anable Akismet for my users, so they get spam filtering on comments. Also, I want them to have the ability to try out other various plugins, but don’t want them able to turn off Aksimet.

I’ll echo the sentiments of others I read when discovering Plugin Commander, “this functionality should be in WPMU core!”

As I mentioned recently, I’ve been using pre-release versions of Firefox 3 for a while now. I’ve been happy, but today is great because FF3 was officially released!

They are trying to set the record for most downloads in a day, so go get it!

Since moving to the Mac, I’ve tried to use Safari almost exclusively. I definitely like it, and it’s got some great tools, but I usually found myself running back to Firefox 2 whenever I had to really do work on a website because I really like some the power Firefox extensions give me. A couple of the things NOT too like about Firefox 2 was the heavy memory usage, the crashing, and the lack of native Mac OS X widgets.

I’ve been playing with Firefox 3 betas off and on, but yesterday I noticed Firefox 3 release candidate 2 is out! This is likely going to be the last pre-release until the official launch, it has fixed a lot of bugs, and it solves some of my nagging issues. Memory usage is better, crashing less frequent, and we now have native widgets! Of course, I use Firefox for work, so to use FF3 I need my extentions which haven’t all been available till now:

• Firebug 1.2 beta
• Firecookie 0.5 beta
  
• LiveHTTP Headers
• Web Developer

Yesterday I mentioned this to my co-worker who expressed concern about being able to test in Firefox 2. We already have this issue with IE6/IE7 and there’s no good solution for that but to have an extra copy of Windows with only IE6 installed. (yes, you can try weird hacks like this, but they don’t always seem to work)

Well, with Firefox (old and new) there’s this snazzy profile manager tool, which lets you choose what profile you want to use.

First, if you want to have multiple copies of Firefox installed, just name them differently. When you download Firefox the app is named “Firefox” I’m planning to use Firefox 3 as my standard now, so I’ve left it named that renamed my old Firefox to “Firefox2″. Shocking, isn’t it.

Now, from Terminal, I can run the following:

$ /Applications/Firefox2.app/Contents/MacOS/firefox -ProfileManager

You should see something like this:

By default, you’ll probably only have the “default” profile, but you can create a profile dedicated to testing in FF2 which should prevent it from screwing with my FF3 profile (as I’ve noticed can happen). Another side effect is that this lets you run multiple copies (of the different versions) of Firefox at once. Also, un-check the “Don’t ask at startup” box, and you won’t have to run the secondary browsers from the command-line to ensure you get the profile you intended.

For the record, I’ve tested the same thing on Windows XP. While you can install multiple copies/versions of Firefox and use the different profiles the same way, you cannot run both copies at the same time. At least I couldn’t make it work.

I just stumbled onto the coolest little app for Mac. Plainview is a web browser based on WebKit (also the guts of the Safari browser). What’s unique is it’s intended to NOT have chrome (the name for all tose fancy navigation bars, address text boxes, menus etc). It’s slim… so slim the chrome is non-existent. This is a full-screen mode web browser, intended to utilize the full screen real estate for presentations! Essentially, instead of having to take screenshots of websites and put them into power point or something, you can just demo the site. It’s awesome… and i’m not even explaining it as well as they did… but I am tired.

I hope that in the near future I can use this for more than playing around.

Aaron (one of my co-workers), recently posted a link about OpenID. I’ve given OpenID only cursory glances over the last year, but the Coding Horror link in Aaron’s post had a comment to this Google Video where Simon Willison gives a Google Tech Talk on The Implications of OpenID. The video is nearly a year old, but to date, it’s done more to convince me to get on the OpenID bandwagon than anything else.

I recently had an odd situation come up, though it’s not incredibly hard to imagine. I needed to create a staging web server, identical to production, but it should live on a different hostname (eg, staging.holyarmy.org, instead of www.holyarmy.org). The content should not accessible to the public, nor to search engines. This isn’t really so much a privacy or security issue as it is a convenience and customer service issue. If search engines somehow picked up on our staging site (and they would, given it’s full of SEO triggering info, google analytics scripts and the like) then our search information could become poisoned with the staging URL. Also bad would be if a customer found the staging site and posted information to the wrong place. I’ve actually seen both of these happen in the past when measures were not in place to prevent it.

Read more »