URL Design Sins: 16 things that don't belong in URLs

Much has been said for a long time about making your URLs easy to use, remember, type, hack, and spread virally. There is still no dearth of ugly URLs all over the Web. A few very popular content management systems also engage in dirty URL practices, and it’s a shame. To aid you in cleaning up your URLs, here’s a list of specific things that do not belong in a URL.

Read More

Can Security Questions be Subliminally Discriminatory?

It’s not funny how many cultural, socio-economic, and even religious assumptions can be implicit in the design of a simple form. Here’s the form I was greeted with today when I tried to log on to ShareBuilder.

Read More

HOWTO Use Custom DNS Redirects to Save Browser Keystrokes

Given the recent interest in DNS and its role in the public infrastructure of the Internet, sparked by the release of Google Public DNS, here’s a hack that can help you save keystrokes in the browser while accessing your favorite sites. Instead of typing in “youtube.com” or “twitter.com”, you can just type “y” or “t”. If you’re looking for a map of San Francisco, CA, you can type “map/sf” and jump to the right place in Google Maps.

A bright bold blinking marquee disclaimer before we start: this is advanced territory. If you don’t know what sudo is and why is special, be careful following these instructions because you may unintentionally destroy your ability to do anything at all on the Internet — including looking up instructions for getting unstuck. Also, these instructions only apply to Mac OS X and Linux, or other UNIX variants.

Redirect custom DNS hostnames to frequently-accessed sites

The file /etc/hosts on your machine is consulted by the DNS resolver before making a request to a DNS server. The idea is to add new DNS entries to the hosts file on your machine, pointing short domains such as g and t to Now, whenever you type g or t into your browser, the hostname will be matched from your /etc/hosts file, instead of receiving an NXDOMAIN reply (i.e., this domain does not exist) from an upstream DNS provider. Since this request is received by your own machine, you can then handle it to do whatever you want, including, but not limited to, redirecting the user to the intended destination.

This HOWTO assumes that Apache is installed and running on your system with PHP and mod_rewrite support.

Modify /etc/hosts

Open /etc/hosts in your favorite text editor, and add one line for each shortcut you’d like to set up. Leave everything else unchanged. (You will need to sudo edit this file.)

# Host Database
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
## localhost c # for Calendar f # for Facebook g # for Google Search m # for Mail map # for Maps t # for Twitter w # for Wikipedia y # for Yelp yo # for YouTube broadcasthost
::1             localhost
fe80::1%lo0 localhost

You can test that this change worked, by typing in the address (e.g. https://g/ in your browser. Instead of seeing a page that says that your browser "can’t find the server 'g'", now you would see a page saying that your server isn't configured correctly, or welcome to Apache, or whatever you would see if you typed http://localhost/ instead. If that worked, proceed.

Configure Apache to handle requests for unknown domains/URIs

Edit the following lines in /etc/apache2/httpd.conf. The following code shows an excerpt with lots of context around the line you need to edit. Locate the relevant section in your file.

# This should be changed to whatever you set DocumentRoot to.
<Directory "/Library/WebServer/Documents">
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    # The Options directive is both complicated and important.  Please see
    # https://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    Options +Indexes +FollowSymLinks +MultiViews

    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    AllowOverride All # <-- Change this from None to All

    # Controls who can get stuff from this server.
    Order allow,deny
    Allow from all


Locate your Apache root directory. It's usually /Library/WebServer/Documents on the Mac or /var/www in Ubuntu. If you're unsure, check where it is by issuing the following command in a terminal: (assuming you're running Apache 2.x)

grep "DocumentRoot" /etc/apache2/httpd.conf

In that directory, save the following file. It should be named exactly .htaccess. (That's htaccess with a period at the beginning, so it's a hidden file on UNIX.) Save it as /Library/WebServer/Documents/.htaccess on Mac OS X or /var/www/.htaccess on Ubuntu.

<IfModule mod_rewrite.c>

RewriteEngine on
RewriteBase /

RewriteCond    %{REQUEST_FILENAME} !-f
RewriteCond    %{REQUEST_FILENAME} !-d
RewriteRule    (.*) /index.php [L]


The actual redirection script

Here's the script that I use for redirection, but you can roll out your own, and do anything with each request you receive. (If you do something phenomenally awesome, I'd love to hear about it in your comments.) As you can see, it's customized to the sites I frequent, including location preferences (e.g. the Yelp shortcut takes me to Yelp San Francisco directly. The search box is preconfigured for SF.)

Save this as /Library/WebServer/Documents/index.php (on Mac OS X) or as /var/www/index.php on Ubuntu.

  $uri = preg_replace('/^\//', '', $_SERVER['REQUEST_URI']);
  switch($_SERVER['SERVER_NAME']) {
    case 'c':
    case 'f':
    case 'g':
      redir('https://www.google.com/search?q=' . $uri);
    case 'm':
    case 'map':
      redir('https://maps.google.com/?q=' . $uri);
    case 't':
    case 'w':
      if ('' === $uri) {
      } else {
        redir('https://en.wikipedia.org/wiki/Special:Search/' . $uri);
    case 'y':
      if ('' === $uri) {
      } else {
        redir('https://yelp.com/search?ns=1&find_loc=San%20Francisco,%20CA&find_desc=' . $uri);
    case 'yo':
      if ('' === $uri) {
      } else {
        redir('https://www.youtube.com/results?search_query=' . $uri);

  function redir($url) {
    header('Location: ' . $url);

That's it, now type your shortcuts into your browser instead of the longer URLs, and there you are. If you run into trouble, leave a comment and I'll address it.

The only downside of this approach

Redirecting involves an additional HTTP request to your machine, which introduces additional latency. The request, however, is from your machine to your machine itself, so there's no network involved. Personally, I feel that the keystrokes saved by the technique would have taken longer to type than the shortcuts I set via this method. But you don't lose anything if you set this up and don't use it — just continue to type entire URLs and you will never pay a latency penalty.

Read More

Marathon Fundraising: A Noble Goal or Exploiting your Social Network?

I’ve grown increasingly skeptical of organized marathons that request donations from one’s friends in order for runners to participate. Both goals on their own — personal fitness and charitable fundraising — are noble; it’s their marriage that seems unholy to me.

Read More

On-the-fly CSS Compression in PHP

Web site optimization experts suggest that webmasters try to minimize the number and size of HTTP requests necessary to serve web pages. Web designers often use multiple CSS files because they are easier to manage, but this requires as many HTTP requests as there are CSS files.

This free script serves all your CSS files as a single HTTP resource, minified (by removing comments and extraneous whitespace), and gzip-compressed. It also requests browsers to cache the CSS content for at least a day before trying to fetch a new version.

The best part is that this does not pre-process the files, so it does not add any steps to your deployment process. It's licensed free for commercial and non-commercial use, with attribution requested.

Read More