Things that made me happy this morning:

• Denise Stephens, keynoter extraordinaire from Scripting Enabled is featured in the Guardian
• SlideShare released the slideshare mobile version using Yahoo BluePrint – this was a hack on Open Hack Day Bangalore
• The JavaScript Workshop released an interview with me
• Open Hack Day is coming back to London! Sign up now
• If you want to use the command line more, here’s a good list of most useful unix commands
• Finally a nice introduction to PHP and cURL
• The folks at flickr are doing strange and mental things again: fast client side search explained
• If you ever wondered how addons.mozilla.org battles XSS attacks, here’s how

Following my talk on web application security at the Web Directions North I had a lot of questions on PHP security and I have to admit I am OK but not an expert on the matter. Luckily enough there are experts I rely on and if you are in London next Tuesday you can go and see them give a talk for free!

In the second in the series of “YDN Tuesday” monthly events, Jose Palazon, Yahoo’s mobile security expert, will be talking about PHP Security.

The venue is Skills Matter Limited at 1 Sekforde Street, EC1R 0BE
London, England.

Jose will be presenting a series of demos on how to exploit and prevent the most popular security flaws in web applications, such as SQL and blind SQL Injections, Cross Site Scripting, file uploads, file handling functions, global variables and, favorite of them all, programmers ingenuity!

YDN Tuesdays are tech talks held on the first Tuesday of every month at Skills Matter’s London offices. The events are FREE, but you need to sign up for them at Skills Matter’s website.

• The top 13 software development quotes have some gems in them with my fave probably being “Nine people can’t make a baby in a month.” – Fred Brooks
• EveningArwen on Etsy has a very dishy Star Trek inspired corset for sale that should get geek heartbeats quicken.
• Sophos has a good list of passwords used by a worm to brute-force access to servers and Modern Life is Rubbish has a top 10 most common passwords list. This makes me happy and very very scared at the same time
• Andrew Woods is confused about the spatial nature of the UK and its semantics and I got the Yahoo Geo team to tackle this – blog post to come
• Todd Hoff has a good piece on How to achieve scalability by doing essential work up-front based on what was done at Flickr
• I so want a cookie monster cup cake
• The work the New York Times is doing is exciting me more and more. Their Times Open idea is spot on and it was fun meeting them at the hackdays in London.

Reverse psychology is an interesting thing. Currently Twitter is being hammered by thousands of people twittering about a page that has a button that tells them not to click it. Why do they do it? Because they are told not to. How come they are twittering about it? A small thing called clickjacking.

Scott Schiller shows in a screenshot how the trick works:

The page with the don’t click button actually has an iframe over the button that loads your twitter.com/home page with the predefined tweet about going to the site. The iframe also positions your update button to cover the “don’t click this” button and has an opacity of 0 so you do submit your tweet without knowing it.

The scam works. If you currently check twitter search for “don’t click” then you’ll have an amazing amount of fresh tweets every few seconds. There’s also a French version in the wild

So if you get the tweet, don’t follow the page. If you see a button to click, be very wary of what is going on there!

I just finished my talk at Web Directions North in Denver, Colorado about web application security:

[slideshare id=990546&doc=990546]

There’ll also be a video of the talk available in due time :)