January 2009
Jan. 2, 2009
The compiler only pays attention to the semicolons and braces while ignoring the line breaks and indentation, but humans usually only pay attention to the line breaks and indentation while ignoring the semicolons and braces. This gives the code the opportunity to lie about what it’s really doing. Consequently we need to take extra care when writing in C, Java, C++, C# etc.
OSM 2008: A Year of Edits (via) Stunningly beautiful visualisation of the year in OpenStreetMap.
Antipatterns for sale. Twply collected over 800 Twitter usernames and passwords (OAuth can’t arrive soon enough) and was promptly auctioned off on SitePoint to the highest bidder.
Wikipedia over DNS. Added to my ~/bin/ directory as dns-wikipedia.sh: host -t txt $1.wp.dg.cx
Jan. 5, 2009
Talking about OpenID. “So a relying party walks in to a bar...”
The username/password key's major disadvantage is that it open all the doors to the house. The OAuth key only opens a couple doors; the scope of the credentials is limited. That's a benefit, to be sure, but in Twitter's case, a malicious application that registered for OAuth with both read and write privileges can do most evil things a user might be worried about.
MemcacheDB. A server that speaks the memcache protocol but uses Berkeley DB for reliable persistent storage. Speedy: 20,000 writes/second and 60,000+ reads/second. Includes a full replication mechanism (with custom memcache protocol commands) based on Berkeley DB’s.
Travel time to major cities: A global map of Accessibility (via) Visualisation developed by the European Commission and the World Bank.
Jan. 6, 2009
As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter's admin interface.
Update on the “antipatterns for sale” Twply auction (via) The collected username and password database is NOT included in the auction.
The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment.
Jan. 7, 2009
Weak Password Brings “Happiness” to Twitter Hacker. The full story on the Twitter admin account hack. I bet there are a LOT of web applications out there that don’t track and rate-limit failed password attempts.
Rate limiting with memcached
On Monday, several high profile “celebrity” Twitter accounts started spouting nonsense, the victims of stolen passwords. Wired has the full story—someone ran a dictionary attack against a Twitter staff member, discovered their password and used Twitter’s admin tools to reset the passwords on the accounts they wanted to steal.
[... 910 words]Gaza OpenStreetMap Update. “We’re looking into purchasing satellite imagery for the north or the entirety of Gaza. There’s actually B/W imagery available from yesterday!”
Jan. 8, 2009
Wetpaint no longer supports OpenID. I missed this, but they turned off their OpenID support in November due to low usage and high maintenance costs.
The simple truth is that in the age of Web 2.0/3.0, in the era of cloud and utility computing, the application server is a commodity. A commercial, proprietary app server simply cannot survive in this environment anywhere outside the lethargic, soft-padded walls of the enterprise.
why’s potion. why’s latest project is a small, fast language (JIT to x86/x86-64) which seems to take ideas from Ruby, Lua, Python and who knows where else. Everything is based around objects, closures and mixins, with the delightful inclusion of scoped mixins so you can modify an object only within a certain module (hence avoiding Ruby’s action-at-a-distance problems).
How we use IRC at Last.fm. With IRCCat, an elegant Java IRC bot that accepts Twitter-like messages to a network port (generally sent using netcat) and directs them to a user or channel.
Jan. 9, 2009
Manage Amazon EC2 With New Web-Based AWS Management Console. Finally! I’m amazed it took Amazon so long to do this. Managing EC2 instances from a custom Firefox extension was pretty bizarre. It’s a very nice interface, built on top of YUI. Unfortunately you still have to manage your entire virtual server farm using a single shared Amazon account.
The Django Book: Version 2.0 (via) Adrian’s working on a new edition of the Django Book updated to cover version 1.0. As with the first edition, it will be available free online in addition to a published Apress paperback. The first three chapters are now available.
Jan. 12, 2009
instanceof considered harmful (or how to write a robust isArray. JavaScript’s instanceof operator breaks when dealing with objects that may have been created in a different document or frame, since constructors are unique to each frame. Instead, you can check for arrays using the default Object.toString method which the JS spec guarantees will return [object Array].
Powering a Google search. I thought the recent estimate of each Google search producing 7g of CO2 was a little high—Google have responded with a claim that the amount is 0.2g instead.
Leo Hickman on the carbon cost of Googling. Alex Wissner-Gross (who published the 7g/search figures) appears to be including Google’s extra capacity, so total CO2 output divided by number of searches. Google’s 0.2g/search estimate includes just the energy used by the servers processing your query.
A Snapshot of The Yahoo! Photos Beta (from 2006). Scott Schiller shares an internal retrospective on the Yahoo! Photos interface from 2006, which was years ahead of its time (they started building it before the term Ajax had even been coined). The material on memory management and event delegation is particularly interesting.
“By installing Java, you will be able to experience the power of Java”. Wow, that’s some bad copy.
Jan. 13, 2009
Visualising Radio, pushing, not pulling. The BBC’s new radio player uses Comet over a Flash XMLsocket connection transport, with an ActiveMQ message queue behind the scenes. I’d like to know what server they’re using to broadcast out to the XMLsocket connections.
What the Internet has actually done is not decimate literary reading; that was really a done deal by 1970. What it has done, instead, is brought back reading and writing as a normal activity for a huge group of people.
Sloppy—the slow proxy. Java Web Start GUI application which runs a proxy to the site of your choice simulating lower connection speeds—great for testing how well your ajax holds up under poor network conditions.
New Gearman Server & Library in C, MySQL UDFs. Gearman, the job queue written for LiveJournal and now used by Digg and Yahoo!, has been rewritten in C. Looks like a good candidate for an easily configured lightweight message queue. Also includes hooks for writing MySQL functions that can interact with queues.
Gearman protocol. Notes compiled by Eric Day, principle author of the C server implementation.