This story was written by Keith Dawson for UBM DeusM’s community Web site Develop in the Cloud, sponsored by AT&T. It is archived here for informational purposes only because the Develop in the Cloud site is no more. This material is Copyright 2012 by UBM DeusM.

Friday Four for 12 October

Four hand-curated items developers need to read.

In this installment of Friday Four, as usual I hand-select four items from around the Web that developers need to read this week.

The dark side of HTML5
Feross Aboukhadijeh, a young Web developer and computer security researcher in California, built a proof-of-concept page on how bad people could use the HTML5 fullscreen API to impersonate other sites. The example he uses mocks up the Bank of America home page, complete with browser-appropriate visual indications of https: security. (After you run Feross's demo, hit Escape to return from fullscreen mode.)

Here is an older instance of an "evil" use of HTML5 functionality: an advertising company, Ringleader Digital, uses an HTML5 local storage database to "stamp" mobile and other devices with a unique ID, which allows tracking the user's behavior across the entire Web. The Ringleader stamp is unaffected by user attempts to keep control of their privacy by cleaning out cookies or Web browsing history. The linked story is about a privacy lawsuit filed against Ringleader Digital -- over two years ago.

Such attacks using HTML5 features, both the merely unethical and the downright criminal, are bound to become more widespread, for a couple of reasons. First, people are not all that familiar with some of the effects HTML5 enables -- they may know about apps taking over the whole screen, but not be aware that Web pages can do the same. And second, HTML5 represents a huge expansion of the functionality available to Web developers. It would be noncontroversial to assert that the security attack surface has greatly expanded, as well.

Things great engineers almost never say
We first met recruiter Dave Fecak in my blog post on Cleaning Up the Recruiting Business. He's back with a list of the sorts of things mediocre engineers might be heard to utter, but that never pass the lips of the most talented techies. Two examples: "It works, but I don't know how to explain it." "I'm an expert in —" The point here, of course, is not simply to memorize these phrases and never say them; the point is to ponder the habits of mind that the very best engineers develop, such that their 24/7 attitudes lend themselves to greater focus and efficiency.

12 bad things we hope don't happen
A veteran of the open-source industry, Andrew C. Oliver, speculates on the dozen developments that, if they came to pass, would be the worst for the industry taken as a whole -- computers, software, IT, Web content, social networking, search, etc. This doesn't seem to be an ordered list. Any of them would represent a disaster. Among my favorites: Windows 8 flops. Linus Torvalds is hit by a bus. Legislation against municipal fiber spreads. Oracle buys Red Hat. (As it turns out, 3 out of the 12 disastrous scenarios involve actions by Oracle.)

How to build and launch great apps
Chris Vander Mey is a veteran of both Google and Amazon, and now runs his own startup. He wrote the book Shipping Greatness to share the knowledge he has gained along the way. He advises developers to act like a startup -- whether they are working alone or in the bowels of a large corporation. "In general, one of the things you learn and see is that everyone can think small and operate like a small company," advises Vander Mey.

The Friday Four owes a permanent hat tip to Ron Miller, whose collection of five links for developers and IT pros runs weekly on Ness.com.