Blogmarks
Filters: Sorted by date
FleetDB (via) Yet Another Key-Value Store: Schema-free, JSON protocol, everything cached in RAM, append-only log for durability, multi-record transactions... but what’s really interesting about this one is that it’s written in Clojure and takes full advantage of that language’s concurrency primitives. The prefix operators used by the select API hint at its Lisp heritage.
Timing attack in Google Keyczar library. An issue I also need to fix in the proposed Django signing code. If you’re comparing two strings in crypto (e.g. seeing if the provided signature matches the expected signature) you need to use a timing independent string comparison function or you risk leaking information. This kind of thing is exactly why I want an audited signing module in Django rather than leaving developers to figure it out on their own.
Design and code review requested for Django string signing / signed cookies. Do you know your way around web app security and cryptography (in particular signing things using hmac and sha1)? We’d appreciate your help reviewing the usage of these concepts in Django’s proposed string signing and signed cookie implementations.
PythonInterface—OpenCV (via) OpenCV’s new Python interface looks very nice. I’d love to see some full fledged examples of using it to solve real-world computer vision problems.
Self-Proclaimed Social Media Gurus on Twitter Multiplying Like Rabbits (via) 15,740 of them, including 2,091 social media consultants, 807 social media experts, 445 social media gurus and 68 social media stars.
Balsamiq: A look back at 2009. Peldi Guilizzoni from Balsamiq shares some numbers from 2009—$1.1 million profit on $1.6 million revenue, with a team of three people.
Videos from DjangoCon 2009. The videos from September's DjangoCon are now available, including my "Cowboy development with Django" talk (also on the Internet Archive).
I talked about building Wildlife Near You on a /dev/fort trip to Alderney and the MP's expenses project at the Guardian.
countdown_to_newyear.py. A quick Python / OS X script I knocked up last night to count in the new year (using the OS X “say” command).
The Tablet. John Gruber further demonstrates his mastery of long-form blogging. It’s reassuring to know that he started putting the notes for this entry together way back on the 24th of September.
Web Sockets in Tornado. Bret Taylor has a simple class making it trivial to experiment with the Web Sockets protocol (now shipping in Chrome) using the scalable Tornado application server. He also raises the million dollar question: what will existing load balancers and proxies make of the new protocol?
Showstopper! The Improvised Musical. Went to see this last night with some friends—they really do improvise an entire musical (a surprisingly good one, with catchy new songs and three part harmonies) based entirely on user suggestions. They have shows coming up in Brighton and Bath, thoroughly recommended.
Newzald: From Moleskine to Market. A typeface designer describes the process involved in designing a new font and taking it to market.
qTip. Advanced tooltip plugin for jQuery, including borders and pointers created using CSS. Very flexible (we used this for the latest MP expenses application) but a little on the heavy side, weighing in at 38KB when minified.
tipsy. Simple Facebook-style tooltip plugin for jQuery.
jsondns. A JSONP API for making DNS queries, with a nice URL structure.
Intercepting Predator Video. Bruce Schneier’s take on the unencrypted Predator UAV story. A fascinating discussion of key management and the non-technical side of cryptography.
Orderly JSON. Essentially the JSON equivalent of RelaxNG’s compact syntax—a pleasant mini-language for describing JSON objects which compiles to the more verbose JSONSchema format.
The Dangers of Clickjacking with Facebook. theharmonyguy compiled a list of actions that can be triggered on Facebook by a single click, and hence are vulnerable to clickjacking attacks. The list includes authorising malicious applications, posting links to profiles, sending friend requests and sending messages to other users. Why don’t Facebook include frame busting JavaScript on every page?
PostgreSQL 8.5alpha3 now available. “Hot Standby, allowing read-only connections during recovery, provides a built-in master-slave replication solution.” Woohoo!
Socket Benchmark of Asynchronous Servers in Python. A comparison of eight different asynchronous networking frameworks in Python. Tornado comes out on top in most of the benchmarks, but the post is most interesting for the direct comparison of simple code examples for each of the frameworks.
The Worst Ideas of the Decade: Vaccine scares. “The movement blaming vaccines for causing autism emerged in the early 2000s, and it was one of the most catastrophically horrible ideas of the decade.”
New Redis ZINCRBY command (via) Just added to Redis, a command which increments the “score” for an item in a sorted set and reorders the set to reflect the new scores. Looks ideally suited to real time stats, and I’m sure there are plenty of other exciting uses for it.
New Facebook clickjacking attack in the wild. I’m not sure why Facebook don’t use frame-busting JavaScript to avoid this kind of thing. The attack is pretty crafty—a Facebook page is positioned with everything obscured bar part of the blue “share this” button, and a fake “Human Test” asks the user to find and click the blue button to continue.
Django | Multiple Databases. Russell just checked in the final patch developed from Alex Gaynor’s Summer of Code project to add multiple database support to Django. I’d link to the 21,000 line changeset but it crashed our Trac, so here’s the documentation instead.
Learn to Let Go: How Success Killed Duke Nukem. The fascinating 12 year story of Duke Nukem Forever.
Another leak, the worst so far (via) “Arweena, a spokes-elf for Santa Claus, admitted a few hours ago that the database posted at WikiLeaks yesterday is indeed the comprehensive 2009 list of which kids have been naughty, and which were nice.” The first comment is great too.
Round-robin Django setup with nginx. An nginx trick I didn’t know: a low proxy_connect_timeout value (e.g. 2 seconds) combined with the proxy_next_upstream setting means that if one of your backends breaks a user won’t even see an error, they’ll just have a short delay before getting a response from a working server.
Notes on designing the Guardian iPhone app. By John-Henry Barac, the principal designer of he iPhone application who also previously worked on the Guardian’s print transition to the Berliner format.
jQuery.require() implementation. John Resig has added a new jQuery.require() function to a jQuery development branch, for release as part of jQuery 1.4. The commit on GitHub has an extensive discussion attached to it (scroll to the bottom).
getElementsByTagName(). Dean Edwards rolls a hand-rolled getElementsByTagName function for use with DOM fragments (which don’t provide the method). His code is a nice example of a tightly written tree walker using the low level DOM API.