Why I still use PHP  Tags: webdevelopment.
Everbody seems to be against PHP nowadays. Well, not everyone, just the people with the loudest voices. In real life, I've never met anyone who disliked PHP. Online, there've been plenty.

So why is this? It's usually like this with something a minority finds bad. Cookies aren't really harmful, but people shouted enough until they got banned in the EU. Even before the ban, cleaning programs and even anti-virus makers (who you'd think know better) removed tracking cookies.

And yes, tracking cookies are slightly harmful for your privacy, but so is using the internet. You can be identified in numerous other ways, a cookie is more of an easy solution and a fail-safe.

Same with PHP, it's an

Javascript type conversion  Tags: programming, webdevelopment.
I used to have a lot of problems with Javascript on this back when I was just starting to program and had no experience coding besides writing HTML. Nowadays I don't have any trouble with this anymore, especially since the discovery that you can see the errors, but only now I think I can guess right 100% of the time.

Let's do a show-by-example, but try to guess for before clicking the button!

var n

CSRF: It's not trivial  Tags: security, webdevelopment, websites.
In the past few weeks I've found two websites with CSRF vulnerabilities. I wasn't really looking for it, but when they don't require me to enter my current password to change the password (or e-mail address, by which the password can be reset), it raises flags.

So what can you do with a CSRF vulnerability?
In one case, I could easily have gained myself admin permissions on a website with thousands of visitors a day.
The other, I'm not entirely sure what the extent was, but certainly get myself access to FTP accounts from websites.

CSRF stands for Cross-Site Request Forgery. It works like this:

Invalid JSON  Tags: webdevelopment, programming.
I've written about XML versus JSON before, praising JSON far above XML. I still stand by this, but I must say that there is an incredible lot of invalid JSON out there.

Most applications using JSON are client-server setups where the client downloads data from the server. Since JSON is native Javascript, you can just throw it in there along with any sort of Javscript instructions, and it'll work. Yeah, for you application only that is.

For example for my website playbylyrics.com I wanted to enable users to download the MP3 of what they were listening.

10 things Paul Irish learned from the jQuery source  Tags: webdevelopment, programming.
I got very annoyed by the arrogance of Mr. jQuery Board Member which some people seem to love... I thought I would get a great talk about 10 awesome things jQuery does that hardly anyone knows about. Instead this is an hour-long video full of 'stuff's and 'awesome's with like 0.1% content.

This post will be telling you all useful stuff he said, only without pretending every word that I say is awesome just because I said it.