Linkalicious Friday: Session-jacking, AWS for Free, and the Case of the Missing 24 Seconds
It’s Friday again, so it’s time for some more delicious links from across the Web:
The latest revision of the W3C’s HTML5 draft specification has been released. And there was much rejoicing.
If you’ve yet to hear about Firesheep this week, you’re not following the right people on Twitter. It’s a frighteningly easy-to-use Firefox extension that can sidejack cookie-based sessions over open Wi-Fi networks. Firesheep has drawn strong attention to this major flaw in many authentication systems (including those of big players like Facebook and Twitter). If you want to protect your application from this sort of session hijacking, check out this great piece on the GitHub blog about how they secured their logins in response to the Firesheep release.
Amazon Web Services has announced a free tier of the service. As of November 1, new AWS users will have access to the free tier for one year. It includes, among other things, an EC2 Micro instance, 5GB of S3 storage, and 30GB of internet data transfer. If you’ve been reading Host Your Web Site in the Cloud, but have been a little gun-shy about signing up for AWS, this is the perfect way to have a play around without spending any money.
Gone in 24 seconds: a weird quirk in the way PHP and MySQL handle timestamps. It turns out that MySQL’s
FROM_UNIXTIME methods account for leap seconds, whereas PHP’s date and time functions don’t. So timestamps generated for the same date/time strings in MySQL will differ from those generated in PHP by 24 seconds. Worth being aware of at least, because it seems like the kind of error that would result in hours of frustration if you had no idea what was causing it! (via phpdeveloper.org)
That’s all for this week. If you see any stories during the week that you think would be fun to feature in my Linkalicious Friday post, send them my way: email@example.com.
Have a good weekend!
Feature image by Tracy Hunter.