Object.keys = Object.keys || function(obj) {
  var keys = [];
  for (var key in obj) {
    if (obj.hasOwnProperty(key))
      keys.push(key);
  }
  return keys;
}

Browsers that don’t natively support Object.keys will now have that functionality added when the bookmarklet runs. Go ahead, give it a try: Recommend CSP

As before, the full source is posted for you to browse as well.

For instance, today I learned that ReCAPTCHA loads script both from api.recaptcha.net, but also from www.google.com. Note to self: figure out why Google needs to know about every ReCAPTCHA load.

You can test it out by clicking the following bookmarklet: Recommend CSP

If you find it useful, drag it to your bookmarks toolbar and you can use it from any web page. Feel free to check out the bookmarklet source as well.

In the future, I would like to add notifications for potential inline script violations.

Sometimes I make a tool that I use for a while and then wonder if it’s something others will find useful too. Here’s one of them…

For a while I was sharing links on my home page by linking to the feed of stories I’ve upvoted on Reddit, but that has become less satisfying as Reddit dumbs itself down each day (the same thing that happened to Digg a few years earlier). I decided to make my own link-sharing program that I could use by just clicking a bookmarklet whenever I was on a page I wanted to share.

It is a very simple program that stores the links in a flat text file and uses CORS to allow the bookmarklet to POST data to it from across domains. You can put the files in a directory on your server and use this simple bookmarklet to share links:

Drag this to your bookmarks toolbar: Share This

When you fetch the server script with GET you get back a JSON or RSS feed depending on the format parameter you pass.

Make sure the password in the bookmarklet stays synced with the password in the server file and change them to something secure.

Table cards:

8♣

A♣

9♦

A♦

8♠

Your cards:

J♠

4♠

Result: 2 Pair
Hands required: 1


Hand Type:

24-Sep-2006: Update

I’ve added code that logs each alert to a local database so that 1) duplicate alerts aren’t sent, even if the the stories are posted days or weeks apart, and 2) you can easily check which alerts have been sent historically.

Feel free to download the new code or the old code and tell me what you think.

Additionally I added a debug mode such that if you run

> ./feedMonitor.py --console

the script prints to the console only and doesn’t send the email or log to the DB, so that you can see what types of alerts might be sent with the present script options.

Lastly, a simple PHP script can be used to display the alerts which have been sent in a HTML table that looks like this.

I recently wrote a Python script which monitors RSS feeds for user-specified keywords. The need for this script arose from the large number of security websites and mailing lists I monitor for work-related posts. And you know how big a fan of automation I am…

All you need to run this script is Python and a SMTP server to send messages. If you know of an open SMTP relay feel free to use that, but you may find it easier to simply install Sendmail locally. The script is configured by default to send messages to localhost, so if you’re going to go the open relay route, you’ll need to configure the script accordingly.

For now, it is probably best to set the script up to run as a cron job and have the script run automatically every 10-30 minutes or so, depending on how urgently you need the alerts to come. Eventually, I will add to the script the ability to log which alerts were mailed in a SQL database so that 1) you don’t receive duplicate alerts, and 2) you can have a record of which alerts have been mailed historically.

Stay tuned for updates to the script, and feel free to contact me if you have any questions.

01-Sep-2009: Update

This code no longer works with the current eBay API, but I’ll leave it posted for reference.

eBay has some very cool functionality that allows application programmers to make API calls on a user’s behalf without using their site credentials. I decided to investigate the eBay API a bit and wrote a function that allows web developers to print the items listed in an eBay buyer’s My eBay section on third party web pages. Feel free to check out the code.

The eBay Developer Program has a guide to help developers begin using the API. You can make all kinds of unauthenticated function calls to the API, like listing search results, without using eBay’s Auth and Auth (Authentication and Authorization) system. But to make calls on behalf of a particular user, you will need to generate an auth token. This can be done using eBay’s Authentication Token Tool.

Essentially, this process works by entering an eBay user’s site crentials in the token generator and eBay returns a cryptographic token. This token can then be passed along with the API function calls to authenticate the caller without including the user’s login and password.

The function I wrote is essentially a wrapper to the API call GetMyeBayBuying. Calling my function, printMyEbay, will print the auctions that a user is a) watching, b) bidding on, and c) has won.