Source: https://dev.twitter.com/comment/reply/304/491

Update: It looks like this can also happen with the Facebook JavaScript API: http://forum.developers.facebook.net/viewtopic.php?pid=362167#p362167. I guess it’s because they use iFrames, and using them locally can cause security problems.

Afterwards, I went searching for the cause and found this forum post, which explains that the problem is caused by the Mozilla Archive Format extension, which has a setting that even affects pages not saved as .maff. To fix the problem, go into the MAF extension settings and change “When saving complete web page contents:” from “Take a faithful snapshot of the page” to one of the other options.

“Our records show based on your resume, which was imported into our system recently that you are an experienced IT professional whose background may possibly align to the senior level position we have been retained to work on…” [Emphasis added by me.]

Wow, they didn’t even try to pretend that they read my resume or sent me a personal email, pretty ballsy, and of course the job had nothing to do with my skill set. It’s also hard to imagine any quality senior level candidates responding to such a faceless, generic email. To any recruiters who might be reading, this sort of email gets marked as SPAM.

The Problem: After login the page would render correctly as if the user was logged in, but when navigating to another page it was as if the user wasn’t logged in. Upon investigation I could see that the cookies weren’t being saved.

The Solution: A quick Gogole search brought me to this blog post: IE Blocking iFrame Cookies. It’s an easy to fix P3P issue, and the author describes how to add the necessary header for various languages/frameworks.

Rather than add the header to each Django view or write custom Django middleware, I just added the header to my Apache configuration. The following goes in your VirtualHost Directive:

Header add P3P ‘CP=”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”‘

In order to work you have to enable mod_headers (run “sudo a2enmod headers”).

I was looking at django-css, a project which would integrate CSS compilation into my Django projects, and it mentioned 4 popular languages: HSS, Sass, CleverCSS, and LESS.

Here’s a spreadsheet comparing the features:

Popularity
I think SASS is by far the most popular. I’m secretly rooting for it, since it’s probably in higher demand and would therefore be a more valuable skill to have, though it would be awkward introducing Ruby dependencies in a Python project.

Inheritance
The main reason I want to use a CSS meta language is for the inheritance. When looking at the documentation for CleverCSS I couldn’t see any inheritance implementation, which is a shame because it’s the only one implemented in Python and would’ve been easier to integrate into my Django project.

HASS example:

var nomargin = { margin : 0px; padding : 0px; }

pre {
    $nomargin;
    color : #FF0000;

}

The inherited styles can’t be a normal CSS class, so this can’t be used to inherit classes from a CSS framework.

SASS Mixin example:

@mixin table-base {
  th {
    text-align: center;

    font-weight: bold;
  }
  td, th {padding: 2px}
}

@mixin left($dist) {
  float: left;
  margin-left: $dist;
}

#data {
  @include left(10px);
  @include table-base;
}

The inherited definition needs to be declared as a mixin, and I’d rather not modify any CSS frameworks. There is a project called Compass that provides CSS frameworks rewritten in SASS, but I’d rather not add yet another dependency into my project, especially a Ruby one (nothing against Ruby, it’s just undesirable within the context of a Python project).

SASS Inheritance example:

.error {
  border: 1px #f00;
  background: #fdd;
}
.error.intrusion {
  font-size: 1.3em;
  font-weight: bold;
}

.badError {
  @extend .error;

  border-width: 3px;
}

Just what I want, but it generates more code than needed:

/* CSS */

.error, .badError {
  border: 1px #f00;
  background: #fdd;
}

.error.intrusion,

.badError.intrusion {
  font-size: 1.3em;
  font-weight: bold;
}

.badError {
  border-width: 3px;
}

LESS example:

.bordered {
  border-top: dotted 1px black;

  border-bottom: solid 2px black;
}

#menu a {
  color: #111;

  .bordered;
}
.post a {
  color: red;
  .bordered;
}

Generates:

#menu a {
  color: #111;
  border-top: dotted 1px black;

  border-bottom: solid 2px black;
}
.post a {
  color: red;
  border-top: dotted 1px black;

  border-bottom: solid 2px black;
}

Exactly what I need. The documentation says, “Any CSS class, id or element ruleset can be mixed-in that way.” And since it’s written in JavaScript, you can load your LESS files and compile them on the client side, which should make designing and debugging a lot easier. LESS best suits my needs, so it’s the one I’ll be going with.

Update: It turns out LESS doesn’t eliminate the inherited classes, they’re still present in the output. Even so, I still think it best suits my needs.

Update 2: It looks like django-css isn’t being maintained, so you should probably use django_compressor.

Download psd2html-gimp-plug-in

How do I install/use it?
The project page will have current installation and usage instructions.

What does it do?
The script detects which layers are on top of other layers and what their size and relative positions to each other are. This data is used to arrange the layers into a hierarchy, which can then be expressed as HTML nodes. Each layer is expressed as a <div> element with a unique id based on the layer name, and that id is used to specify the size and position of that element using CSS. Text layers are saved as text within the HTML file, and image layers are extracted to the <template_name>_files/ directory, relative to your PSD file.

Can you port this to Adobe Photoshop?
I think it would be possible to write a similar plugin for Photoshop, but for a large variety of reasons it’s not very practical. Reasons include: GIMP is FOSS and Photoshop is proprietary; GIMP plugins can be written in Python and I think Photoshop plugins have to be in written in C, C++, or Flash/Flex; based on what I’ve read on Adobe’s website I’d need to get their permission; and I don’t have Photoshop. Plus, Photoshop and the development tools I’d need only run on Mac and Windows, and I switched to Ubuntu almost 2 years ago.
I know lots of people prefer Photoshop and hate GIMP. If so you can always do your work in Photoshop and just use GIMP for PSD conversion.

Use the right documentation.
There’s a lot of outdated docs out there. I frequently find myself at OAuth Core 1.0 Revision A, and it’s such a pretty page and easy on the eyes, but way at the top where you’re likely to miss it is a notice saying it’s obsolete. The notice says to use RFC 5849: The OAuth 1.0 Protocol and, although hideous, it’s up to date and more complete.

How’s the signature algorithm written?
Here’s some pseudo-code:

If you’re writing in JavaScript as well I recommend Crypto-JS.

What’s the format for the timestamp?
It’s just a UNIX timestamp (in seconds).

How do I generate a nonce value?
The OAuth spec just says it’s a random string. I think the Google documentation says something about using a string representation of a 64 bit integer. I had no idea what they were talking about, but somewhere I read you just need to md5 hash a random integer, and it worked for me.

If developing for a Google service, use their OAuth playground.
Their OAuth Playground is a great way to see the process you have to go through and what the requests look like. If trying to authenticate with another provider see if they also have an API test app.

Don’t expect detailed errors.
You’ll be lucky if the response tells you “signature invalid”, but you won’t be told what’s wrong with it. My strategy was to compare my signatures and parameters to those used by the Google Playground; taking values from there that you know are valid and using them to test your code is a good way to debug.

The scope parameter has to EXACTLY match the URLs used in your API calls
In the Google OAuth Playground, selecting “Picasa Web” will input “https://picasaweb.google.com/data/” for the scope. Note the use of https:// for the protocol. If you make API calls using that URL, it will fail since none of the Picasa services are served over https. If you try to make calls using regular http you will get an OAuth error saying invalid scope. In order for it all to work, you have to use “http://picasaweb.google.com/data/” for the scope.

Once you’ve got the right information it’s really quick to fix. Here’s 2 links that I found helpful:

Generating an SSL Certificate with Apache+mod_ssl
Has the commands you need for generating a self signed certificate.

If while generating the certificate you get the error “unable to write ‘random state’”, you’ll need to chown the .rnd file (sudo chown user:group ~/.rnd) and try again.
I put all the generated files in /etc/apache2/ssl/.

How to get Apache to do both HTTP and HTTPS on one IP address?
Shows the basic Apache configuration needed for HTTPS. To get HTTPS working, I just copied my existing virtual host definition, modified it to use the port 443, and added the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile directives.

Here’s a copy of my file: