Posted
by
Peter Baumgartner
on
June 27, 2012.
Filed under
code
One of my recent tasks in Ginger was to ensure that we weren’t leaking referrer URLs when you click on an external link in Ginger. It seemed like an easy task and one that’s probably been solved before. What I found was a trainwreck of solutions and a classic example of the trade-off between security and usability.
The Problem
We use human-readable slugs in our URLs in Ginger. It makes it easy to identify where a link goes just by looking at it. It’s a win for usability. We also allow users to create links to external sites in the messages they create. Another usability win.
The problem is when a user clicks on one of these links, the URL from Ginger could be sent as the HTTP Referrer to the external site. This is bad for security and privacy. Those nice URLs could leak sensitive information ...
Posted
by
Graham King
on
June 15, 2012.
Filed under
business,
remote working
When your client is hundreds of miles away, but your bed only three feet, it helps to understand motivation.
The first thing to understand about motivation is that it’s not something you do to someone. That’s called coercion. With enough power you can make anyone do almost anything, but you can’t make them want to; and typically creative work done by people who want to do it is better. The tl;dr of motivation is this:
If you want to build a ship, don’t start by collecting wood, sawing planks and assigning tasks, but awaken in people’s hearts a yearning for the beautiful deep sea. – Antoine de St Exupéry, Citadelle
Extrinsic motivation (especially contingent rewards such as bonuses) has been shown to only improve performance on menial repetitive tasks, and to decrease performance on even slightly creative tasks. There’s a good summary in ...
Posted
by
Peter Baumgartner
on
June 5, 2012.
Filed under
django,
javascript
Our new product Ginger relies heavily on Backbone.js for most of the client-side functionality (you can read about our full web-stack here). Our JavaScript guru Marco built the initial prototype and then was pulled away by client work. I reluctantly filled in, but my background is primarily in Django. My JavaScript experience was minimal (primarily stitching together jQuery plugins to get the desired effect).
After a month or two of being submersed in Backbone, I’ve seen the light and am now relatively competent. When I got started I was completely lost. Here are some things that probably would have helped me back then. Whenever possible, I’ve linked to the source of the Backbone Todo example for code samples.
Terminology
In many ways, Backbone and Django are similar. They’re both MVC-like, but some of the terminology they use is different. Here’s a quick map:
