June 28, 2011
December 24, 2010
Merry Christmas, everyone, PadEdit is back! We’re thrilled to be able to bring you a thoroughly-checked, fully-vetted, overhauled version of the web-based iPad code editor I first released in July. PadEdit is still designed to be a “we know you’re on vacation in Borneo with only your iPad, but this is a people-are-dying emergency” first-responder tool to edit pages directly on your web server.
Version 1.3, in addition to featuring cleaner, better code, includes some slight updates to the UI, and some improvements to quote, bracket, parentheses, and brace balancing in the editor window.
So. What happened?
You may remember a polite fellow that sent a polite email telling me how absolutely awful PadEdit was. To his credit, he later sent an email apologizing for being “overly vicious,” saying he was worried about not being listened to. I feel terrible that his upbringing made him feel that writing an email like that was the only way that he would be listened to. Terrible, really.
Let’s go through his email. Graham was correct on one point: There was a problem with the previous version of PadEdit that, if you knew the URL PadEdit was installed at, you could upload any sort of file you wanted to the server. That’s bad — really bad — and entirely my fault. Thankfully, with the help of Craig Smith, that problem has been fixed. Craig, John Forte, and Brett Terpstra helped find some other problems (mostly unrelated to security) that needed improvement as well.
The concerns voiced in the rest of Graham’s email — according to five different developers I contacted — don’t really apply. Craig summed it up thusly: “With PadEdit, you’re basically going by the assumption that the user is trusted and is allowed to edit whatever they like, and isn’t trying to hack their own server. Graham seems to be looking at the it from the point of view that it’s a web app where the users are untrusted and may be trying to do malicious things with it. With proper authentication protecting PadEdit, [Graham’s concerns] aren’t really an issue.”
I don’t feel bad about withdrawing PadEdit from download for the problems it had, but I do feel a little sheepish for believing the sky was falling, and the world was going to explode because I wasn’t properly securing my software. I’m happy now that I have confidence that this version is not going to be a giant attack vector for any web developer that installs it. But, in the future, I won’t react so strongly to any one email.
That said, if you do find anything wrong with PadEdit, let me know! Version 2 is always on the horizon.
December 20, 2010
I’m busy wrapping up the year, here, and wanted to let you know that Honest Code will be closed on December 25th and January 1st for Christmas and New Year’s Day (respectively). Also, looking ahead further in the new year, I’m planning a vacation (the first in about two years) starting March 28. I’ll be back at my desk April 11.
Also, if you’re a PadEdit fan, be sure to check back here (and here) Christmas Day for a special surprise.
Have a very merry and meaningful Christmas, everyone, and Honest Code wishes you nothing but joy and success in the new year.
August 12, 2010
Work is generally feast or famine: Too much to do, or too little. In this case, the feast is bountiful, and everyone’s quiet (blogging-wise, at least) happily eating around the table. I’ve managed to find a few minutes between courses to share some good new links with you, though!
10K Apart is an app contest from the fine folks at A List Apart/An Event Apart challenging designers and developers to come up with an awesome app in less than 10K. (Certain libraries, like jQuery, are excepted, however). For those ready to go a step further, there’s a 1K contest, too.
Are you an artist, scientist, or philosopher? Perhaps a little bit of all three.
For those who enjoyed ThinkVitamin’s tutorial on custom post types, you’ll likely enjoy their guide to getting started with WordPress custom menus, too.
Might the oft-rumored, never-seen Verizon-compatible CDMA iPhone 4 be finally more than vapor? One can only hope.
Penultimately, here’s a lovely look at just how large China’s cities are growing.
Lastly, I’d like to update you on the rather sudden rise and fall of PadEdit. I posted a request for help with PadEdit on BuildItWith.me, and received some very nice emails from people interested in helping. It hasn’t, however, resulted in any real movement in the project. I’ve had some suggestions that perhaps Graham was overagressive in suggesting that the foundation security model is flawed, but I haven’t been able to independently verify that yet. Again, if you’re interested in taking a look at PadEdit from a security standpoint, I’d be thrilled to have your help. Drop us a line, if you’d be so kind.
July 14, 2010
According to this guy, it’s full of problems. Here I was, trying to do something nice, but I guess I released it too early. I need to take a step back and approach the security aspect of the software more thoroughly.
It’s a good thing he was polite!