December 2009
Dec. 16, 2009
Django-Jython 1.1.0 released. Django on Jython matches its minor version numbers to Django, so this new release is compatible with Django 1.1.
Dec. 17, 2009
Insurgents Hack U.S. Drones. The video feed rather than the control protocol, but still.... “Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator’s price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies.”
getElementsByTagName(). Dean Edwards rolls a hand-rolled getElementsByTagName function for use with DOM fragments (which don’t provide the method). His code is a nice example of a tightly written tree walker using the low level DOM API.
jQuery.require() implementation. John Resig has added a new jQuery.require() function to a jQuery development branch, for release as part of jQuery 1.4. The commit on GitHub has an extensive discussion attached to it (scroll to the bottom).
Dec. 18, 2009
I think that what's particularly hard with C is not the details about pointers, automatic memory management, and so forth, but the fact that C is at the same time so low level and so flexible. So basically if you want to create a large project in C you have to build a number of intermediate layers (otherwise the code will be a complete mess full of bugs and 10 times bigger than required). This continue design exercise of creating additional layers is the hard part about C. You have to get very good at understanding when to write a function or not, when to create a layer of abstraction, and when it's worth to generalize or when it is an overkill.
Dec. 20, 2009
Crowdsourced document analysis and MP expenses
As you may have heard, the UK government released a fresh batch of MP expenses documents a week ago on Thursday. I spent that week working with a small team at Guardian HQ to prepare for the release. Here’s what we built:
[... 2,081 words]Notes on designing the Guardian iPhone app. By John-Henry Barac, the principal designer of he iPhone application who also previously worked on the Guardian’s print transition to the Berliner format.
Dec. 21, 2009
Round-robin Django setup with nginx. An nginx trick I didn’t know: a low proxy_connect_timeout value (e.g. 2 seconds) combined with the proxy_next_upstream setting means that if one of your backends breaks a user won’t even see an error, they’ll just have a short delay before getting a response from a working server.
Dec. 22, 2009
Another leak, the worst so far (via) “Arweena, a spokes-elf for Santa Claus, admitted a few hours ago that the database posted at WikiLeaks yesterday is indeed the comprehensive 2009 list of which kids have been naughty, and which were nice.” The first comment is great too.
Learn to Let Go: How Success Killed Duke Nukem. The fascinating 12 year story of Duke Nukem Forever.
But I guess where I was originally going is that nobody wants to write endings in television. They want to sustain the franchise. But if you don't write an ending for a story, you know what you are? You're a hack. You're not a storyteller. It may not be that you have the skills of a hack. You might be a hell of a writer, but you're taking a hack's road. You're on the road to hackdom and there's no stopping you because stories have a beginning, a middle, and an end.
If you’re just linking to the stuff that people are all talking about on Twitter or that floats to the top of Hacker News, you may as well give up on your blog, as far as I’m concerned. Everybody already sees that stuff. You have to dig deeper to offer more interesting information, and an RSS reader is the best tool you can use for that purpose.
Django | Multiple Databases. Russell just checked in the final patch developed from Alex Gaynor’s Summer of Code project to add multiple database support to Django. I’d link to the 21,000 line changeset but it crashed our Trac, so here’s the documentation instead.
New Facebook clickjacking attack in the wild. I’m not sure why Facebook don’t use frame-busting JavaScript to avoid this kind of thing. The attack is pretty crafty—a Facebook page is positioned with everything obscured bar part of the blue “share this” button, and a fake “Human Test” asks the user to find and click the blue button to continue.
New Redis ZINCRBY command (via) Just added to Redis, a command which increments the “score” for an item in a sorted set and reorders the set to reflect the new scores. Looks ideally suited to real time stats, and I’m sure there are plenty of other exciting uses for it.
The Worst Ideas of the Decade: Vaccine scares. “The movement blaming vaccines for causing autism emerged in the early 2000s, and it was one of the most catastrophically horrible ideas of the decade.”
Socket Benchmark of Asynchronous Servers in Python. A comparison of eight different asynchronous networking frameworks in Python. Tornado comes out on top in most of the benchmarks, but the post is most interesting for the direct comparison of simple code examples for each of the frameworks.
Dec. 23, 2009
PostgreSQL 8.5alpha3 now available. “Hot Standby, allowing read-only connections during recovery, provides a built-in master-slave replication solution.” Woohoo!
The Dangers of Clickjacking with Facebook. theharmonyguy compiled a list of actions that can be triggered on Facebook by a single click, and hence are vulnerable to clickjacking attacks. The list includes authorising malicious applications, posting links to profiles, sending friend requests and sending messages to other users. Why don’t Facebook include frame busting JavaScript on every page?
Orderly JSON. Essentially the JSON equivalent of RelaxNG’s compact syntax—a pleasant mini-language for describing JSON objects which compiles to the more verbose JSONSchema format.
Dec. 24, 2009
Intercepting Predator Video. Bruce Schneier’s take on the unencrypted Predator UAV story. A fascinating discussion of key management and the non-technical side of cryptography.
Dec. 25, 2009
I think it's really important to know the whole stack even if you don't operate within the whole stack.
Dec. 30, 2009
jsondns. A JSONP API for making DNS queries, with a nice URL structure.
tipsy. Simple Facebook-style tooltip plugin for jQuery.
qTip. Advanced tooltip plugin for jQuery, including borders and pointers created using CSS. Very flexible (we used this for the latest MP expenses application) but a little on the heavy side, weighing in at 38KB when minified.
Dec. 31, 2009
Newzald: From Moleskine to Market. A typeface designer describes the process involved in designing a new font and taking it to market.
Showstopper! The Improvised Musical. Went to see this last night with some friends—they really do improvise an entire musical (a surprisingly good one, with catchy new songs and three part harmonies) based entirely on user suggestions. They have shows coming up in Brighton and Bath, thoroughly recommended.
Web Sockets in Tornado. Bret Taylor has a simple class making it trivial to experiment with the Web Sockets protocol (now shipping in Chrome) using the scalable Tornado application server. He also raises the million dollar question: what will existing load balancers and proxies make of the new protocol?