Blogmarks
Filters: Sorted by date
IE 6 and 7 hit by hack attack code. IE6 and 7 have what looks like a buffer overflow vulnerability caused by a strange intersection of CSS, innerHTML and large JavaScript arrays. No exploits in the wild yet but it’s only a matter of time.
Major IE8 flaw makes ’safe’ sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea.
Chromium OS User Experience. The 2 minute UI concept video is probably the best way to understand the ideas behind Google’s Chrome OS.
Simple CouchDB multi-master clustering via Nginx. An impressive combination. CouchDB can be easily set up in a multi-master configuration, where writes to one master are replicated to the other and vice versa. This makes setting up a reliable CouchDB cluster is as simple as putting two such servers behind a single nginx proxy.
The OS Opportunity. John Gruber repeats his argument that PC makers should create their own OSes, and points out that compatibility concerns are less important than they’ve ever been because “the Web provides us with a core set of software and APIs that work everywhere”.
Announcing Kong: A server description and deployment testing tool. An ultra simple website monitoring tool written in Django which makes it easy to manage a list of Twill scripts for testing different sites. It was developed at the Lawrence Journal-World—Eric showed me a demo if this a year or so ago and I’ve been hoping they would open source it.
Debugging in Python. The missing manual for Python’s powerful pdb debugger.
Deep Tracing of Internet Explorer. dynaTrace Ajax looks like an awesome tool. For once, Internet Explorer has a development tool that other browsers can be jealous of.
Me and Belle de Jour—’Could it be Brooke?’ (via) Lovely piece of internet detective work and UK blogging history. Darren from LinkMachineGo figured out Belle de Jour’s identity right back in the start, based on his knowledge of the early UK blogging scene. Not only did he keep the secret, but he set up a clever honeypot in the form of an innocuous page containing terms that tied her identities together. When the page started getting hits from an Associated Newspapers (Daily Mail) IP address a few weeks ago he tipped Belle off via Twitter.
Re-mapping the future for Ordnance Survey—making public data public. “The Prime Minister and Communities Secretary John Denham will today announce that the public will have more access to Ordnance Survey maps from next year, as part of a Government drive to open up data to improve transparency.”
node.js at JSConf.eu (PDF). node.js creator Ryan Dahl’s presentation at this year’s JSConf.eu. The principle philosophy is that I/O in web applications should be asynchronous—for everything. No blocking for database calls, no blocking for filesystem access. JavaScript is a mainstream programming language with a culture of callback APIs (thanks to the DOM) and is hence ideally suited to building asynchronous frameworks.
Going evented with Node.js. Comprehensive Node.js tutorial—from basic principles to installation and writing a simple Twitter search command-line client application.
Algae and Light Help Injured Mice Walk Again. Optogenetics is a rapidly growing field which uses viruses to implant genes from plants in to neurons and enable them to be controlled by blue and yellow light. In the lab it’s made mice run in circles without causing any apparent long-term damage, and the technology has the potential to provide a read/write interface to the human brain itself.
How Grandmas May Give Kids an Evolutionary Edge. Absolutely fascinating: XY v.s. XX chromosomes mean that paternal grandmothers have a 50% chance of sharing an X with their son’s daughters, but a 0% chance of sharing an X with their son’s sons. A study on survival rates of 43,000 children found a corresponding correlation with the proximity to a paternal or maternal grandmother. Men: Dad’s Mum is out to get you!
A New Theory of Awesomeness and Miracles, by James Bridle, concerning Charles Babbage, Heath Robinson, MENACE and MAGE. I didn’t go to Playful ’09, but I really wish I had.
10 Uses for Blocks in C/Objective-C. Part of the Cocoa for Scientists series, which is by far the best free Objective-C / Cocoa tutorial I’ve seen anywhere.
Drupal or Django? A Guide for Decision Makers. A surprisingly interesting comparison—the author describes Django as “a framework with CMS-like tendencies” and Drupal as “a CMS with framework-like tendencies”, then explores the benefits of those two different approaches.
dustin’s gomemcached (via) A memcached server written in Go, an experiment by memcached maintainer Dustin Sallings.
SPDY: The Web, Only Faster. Alex Russell explains the benefits of Google’s SPDF proposal (a protocol that upgrades HTTP)—including header compression, multiplexing, the ability to send additional resources such as images and stylesheets down without needing the data:uri hack and Comet support built in to the core assumptions of the protocol.
How to Make a US County Thematic Map Using Free Tools. This is the trick I’ve been using to generate choropleths at the Guardian for the past year: figure out the preferred colours for a set of data in a Python script and then rewrite an SVG file to colour in the areas. I use ElementTree rather than BeautifulSoup but the technique is exactly the same. The best thing about SVG is that our graphics department can export them directly out of Illustrator, with named layers and paths automatically becoming SVG ID attributes. Bonus tip: sometimes you don’t have to rewrite the SVG XML at all, instead you can generate CSS to colour areas by ID selector and inject it in to the top of the file.
Awkward Suggestions (via) The Google search box “suggest” feature returns very different results depending on the quality of your grammar—“how 2” v.s. “how might one” is particularly illuminating.
Verified by Visa is training people to get phished. Searching for “Verified by Visa” on Twitter produces an endless stream of complaints. I don’t think I’ve ever heard anyone say anything good about it—and it certainly doesn’t make anything more secure. Presumably there’s some kind of legal liability benefit to it, though I imagine it benefits the card issuers rather than the consumer.
Writing good documentation (part 1). Jacob explains some of the philosophy behind Django’s documentation. Topical guides are particularly interesting—many projects skip them (leaving books to fill the gap) but they fill an essential gap between tutorials and low-level reference documentation.
The Go Programming Language. A brand new systems programming language, designed by Robert Griesemer and Unix/Plan 9 veterans Rob Pike and Ken Thompson and funded by Google. Concurrency is supported by lightweight communicating processes called goroutines. “It feels like a dynamic language but has the speed and safety of a static language.”
A history of Python packaging. A comprehensive history by Martijn Faassen, who argues that the existing set of tools tools works fine and has been working fine for several years.
Correct way to handle mobile browsers. If your site has an equivalent “mobile” version running on a different subdomain, how and when should you redirect mobile users to it and how should you let them opt in or opt out?
node.js. “Evented I/O for V8 JavaScript”—a JavaScript environment built on top of the super-fast V8 engine which provides event-based IO functionality for building highly concurrent TCP and HTTP servers. The API design is superb—everything is achieved using JavaScript events and callbacks (even regular file IO) and the small standard library ships with comprehensive support for HTTP and DNS. Overall it’s very similar to Twisted and friends, but JavaScript’s anonymous function syntax feels more natural than the Python equivalent. It compiles cleanly on Snow Leopard. Definitely a project to watch.
Fixing Poor MySQL Default Configuration Values. Some tips from Jeremy Zawodny on configuring MySQL for high traffic environments—he suggests skip-name-resolve, connect_timeout=20, thread_cache_size=not-zero, max_connect_errors=very-high-number, slave_net_timeout=30.
Fabric 0.9.0. A Python-based SSH automation and deployment tool. Released today, 0.9.0 is finally the official “stable” release—which is good, as it breaks API compatibility with previous versions and caused me all sorts of confusion when I tried to learn Fabric recently.
Django-Jython 1.0.0 released! Now with database backends for PostgreSQL, Oracle and MySQL. The next release (planned for next month) should provide full compatibility with Django 1.1—the current release has 1.1 support for PostgreSQL but only 1.0 support for the other two databases.