OhRyan.ca

The new Google Docs design features custom square (rectangular) OS X Lion style scrollbars.

The header transition on the new Techrunch redesign is pretty brilliant. Another great site by Code & Theory.

Start, Middle, End.

Google+ lets you respond to notifications right inside the notification dropdown menu. The notification bar is present at the top of all Google pages…pure genius!

This year’s flood season is too be the biggest since 1997. Back then the Internet wasn’t really the internet as we know it. This year I’ve come across a few flood resources online.

MBFloods.ca is a resource for crowd-sourced flood data. Background info is on Ushahidi.com.

MTS has a few webcams setup around the province, The Winnipeg Free Press plotted them on a google map.

Look at all the water!

In October I blogged about a Firesheep, a Firefox plugin that highlights the inherent vulnerabilities in the way that Facebook and other websites handle sessions. TL;DR – Install the extension and with a click of a button you can capture un-encrypted Facebook sessions of any user using a WiFi network you’re connected to (read the full post for all the details). For research purposes, when a friend of mine was at Pearson a few months ago he fired up Firesheep and instantly had access to several dozen Facebook accounts.

This is a bad, very bad.

To combat this security hole, Facebook enabled secure HTTP connections in January. Enabling this feature renders Firesheep useless.

Unfortunately, Facebook’s implementation has one serious flaw. When you use (almost) any Facebook app you’re required to switch back to un-encrypted HTTP mode! You’re presented with this dialog:

The wording used in the dialog may make you think the setting is temporary while you’re using the app. I don’t know if it’s designed that way or if it’s just poorly worded. But in fact clicking “continue” will permanently disable your HTTPS preference!

Sad.

I suspect there’s probably a technical reason for this requirement, something about the way that apps include data from external domains. I haven’t looked into it. Facebook really needs to address this.

My suggestion would be to disable some sort of alert when navigate away from the app, which a one click solution for re-enabling HTTPS.