Blogmarks
Filters: Sorted by date
Qwery—The Tiny Selector Engine. A quarter of the size of Sizzle (1K gzipped and minified) due to only supporting ID, class and attribute selectors. Could be useful for things like embeddable widgets and badges, where depending on a larger library is impolite.
Product design at GitHub. At GitHub, every employee is a product designer.
YC Is Not a School for Startups—It Is Marine Corp Boot Camp for Startup Founders. This is a great description of what it’s actually like to do YC. If you’ve been wondering why I haven’t blogged much over the past three months, this is why.
Your Web, Half a Second Sooner. Google AdSense now serves a tiny bit of JavaScript that loads everything else in a dynamically populated iframe, thus avoiding blocking the rest of the page load. It’s about time online advertising providers started taking page performance seriously.
DNS Prefetching Implications. deviantart use a subdomain per user, which meant the DNS prefetching feature in Firefox and Chrome was costing them an extra 10 billion DNS queries per month. Disabling it with a meta tag saves them $1600/month in DNS service charges.
CSRF: Flash + 307 redirect = Game Over. Here’s the exploit that Django and Rails both just released fixes for. It’s actually a flaw in the Flash player. Flash isn’t meant to be able to make cross-domain HTTP requests with custom HTTP headers unless the crossdomain.xml file on the other domain allows them to, but it turns out a 307 redirect (like a 302, but allows POST data to be forwarded) confuses the Flash player in to not checking the crossdomain.xml on the host it is being redirect to.
Going Postel. Jeremy points out that one of the many disadvantages of publishing JavaScript dependent content on the Web is that a single typo can render your entire site unusable.
Breaking the Web with hash-bangs. Mike Davies explains why Gawker’s new Ajax fragment-tastic redesign is a web architecture error of colossal proportions.
elasticsearch: Percolator. Another fascinating elasticsearch feature: Percolator lets you register searches with your elasticsearch cluster, then pass in a document and have the matching query IDs returned. It’s an upside down search engine. I’m sure there are some very neat things you could build with this, I just haven’t figured out what they are just yet.
UK Web Archive: WW2 People’s War. Good news: the British Library has already archived the BBC’s WW2 People’s War site (on 22nd May 2006).
Erase and rewind. The BBC plan to delete 172 sites from the bbc.co.uk domain, including WW2 People’s War, described thus: “The BBC asked the public to contribute their memories of World War Two to a website between June 2003 and January 2006. This archive of 47,000 stories and 15,000 images is the result.” Appalling.
How we made an API for BoingBoing in an evening. Fluidinfo really is a fascinating piece of software. The team loaded in 11 years of BoingBoing content, allowing you to run structured queries against the data using their standard API, but also allowing users to attach their own information to the same corpus using Fluidinfo tags. Writable APIs are much less common than read-only APIs—Fluidinfo instantly provides both.
Get Lanyrd conference recommendations by email. This is the first time I’ve built a custom email subscription feature, and it’s been a very interesting ride. We’re trying to find the right balance between keeping people informed in a timely fashion with useful information while not overloading their inbox with too many messages. You can opt for daily, weekly, fortnightly or monthly emails and we’ll try to ensure you only hear about events you haven’t seen before.
Google APIs & Developer Products. Presented as a sort-of-periodic table. There’s quite a bit of stuff on here I didn’t know about.
37signals Product Blog: We’ll be retiring our support of OpenID on May 1. The support costs far outweighed the benefits to customers, especially now that 37signals have their own single sign in mechanism that works across all of their products.
Tip: Flickr standard photo response as slideshow.
Neat trick—you can construct a URL to Flickr’s slideshow widget that includes the results of any API method, including the all-powerful flickr.photos.search. It’s a shame you can’t embed the resulting slideshow in an iframe.
The code injected to steal passwords in Tunisia. Here’s the JavaScript that (presumably) the Tunisian government were injecting in to login pages that were served over HTTP.
The Inside Story of How Facebook Responded to Tunisian Hacks (via) “By January 5, it was clear that an entire country’s worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades.”—which is why you shouldn’t serve your login form over HTTP even though it POSTs over HTTPS.
The science of the hashtag. Interesting analysis of how the #lessambitiousmovies hash tag took off thanks to retweets from a couple of key users with very creative followers.
Display your events on your own website with Lanyrd Badges. We’ve launched badges for Lanyrd—JavaScript that lets you embed a top bar or a content “splat” showing events you plan to attend, talks you’ve given in the past and other various combinations. I’m quite pleased with the implementation—the badges are configured using classes on a link to your Lanyrd profile, and the badges themselves are served through a combination of Amazon CloudFront for the initial script and a Varnish cache for the badge data itself to keep things nice and snappy.
The Virtues of Monitoring. Fantastic guide to the various levels of monitoring required for a modern web application.
The First Few Weeks—ep.io. Another take on managed Python Django/WSGI hosting, from Andrew Godwin and Ben Firshman.
Hello from Gondor. “Effortless production Django hosting” from the Eldarion team.
Introducing the FluidDB Explorer. Every good API deserves a dedicated API browser.
US iPhone Data for International Visitors: A Guide. AT&T will swear blind that their pay-as-you-go data plan doesn’t work with iPhones or other smart phones. Here’s how to prove them wrong.
Desk Depot. We picked up some chairs from here the other day—it’s a fascinating place, essentially an entire history of Silicon Valley told through second-hand furniture.
Getting Started—Google URL Shortener API. The API for the goo.gl URL shortener is really nice—no API key required, easy to create a short URL and you can retrieve detailed stats breakdowns (similar to bit.ly) as JSON for any URL.
URL Design. Thoughtful tips on modern URL design, from GitHub designer Kyle Neath. GitHub has the best designed URLs of any application I can think of.
Audio Sprites (and fixes for iOS). Remy Sharp on the limitations of HTML5 audio support in iOS.
OpenCorporates (via) “The Open Database Of The Corporate World”—a URL for every UK company.