Blogmarks
Filters: Sorted by date
17-year-old claims responsibility for Twitter worm. It was a text book XSS attack—the URL on the user profile wasn’t properly escaped, allowing an attacker to insert a script element linking out to externally hosted JavaScript which then used Ajax to steal any logged-in user’s anti-CSRF token and use it to self-replicate in to their profile.
Tweenbots: Cute Beats Smart. How do you build a robot that can get from one end of Washington Square Park to the other without your help? Give it a cute smile and a sign explaining where it’s going and rely on strangers to point it in the right direction along the way.
Running Rhino and Helma NG on Google App Engine. Helma NG is a JavaScript web app framework, which now works on App Engine out of the box.
A rev=“canonical” HTTP Header. Chris Shiflett proposes optionally exposing rev=canonical information in an HTTP header, thus allowing sites to discover shorter URLs using just a HEAD request and removing the need to parse HTML. The pingback specification also uses this shortcut.
Revving up. Jeremy Keith advocates adding the revcanonical attribute to regular A elements as well as / instead of hiding it in the head of the document, following the microformats design principle that invisible metadata is less valuable than augmenting visible links. I’ve updated my shorten bookmarklet to handle this case.
Using Scala with Google App Engine. Scala works, but I haven’t seen confirmation on actors yet (which are likely to break due to their dependency on threads).
Digg Search: Now With 99.987% Less Suck. Really nice implementation of faceted search, still using Lucene and Solr under the hood.
Experiences deploying a large-scale infrastructure in Amazon EC2. “At OpenX we recently completed a large-scale deployment of one of our server farms to Amazon EC2. Here are some lessons learned from that experience.”
Scaling Django web apps on Apache. Cool to see this kind of article cropping up on IBM developerWorks, but it’s a shame they don’t mention mod_wsgi.
Browsing my browsing. Roo Reynolds used the MeeTimer Firefox extension to gather statistics on his browsing habits, then extracted data directly from the SQLite database and generated his own graphs using PHP and the canvas element.
Protovis. JavaScript graphing library based on canvas, with an elegant chaining style API.
#DataJourn part 1: a new conversation. Journalism.co.uk report on the first instance of a Guardian story that was driven by an external developer’s work with data originally released on our Datablog.
Dynamic languages on Google App Engine—an overview. Ola Bini’s notes on exploring the new Java support for App Engine with the aim of getting JVM dynamic languages such as JRuby running. Restrictions include a complete lack of threads (which will make it hard to get Scala up and running), but JRuby trunk now works without modification.
App Engine: Scheduled Tasks With Cron. Cron tasks simply hit a URL on your application, and can be run as frequently as once a minute. They made up their own syntax, which much nicer than traditional unix cron.
Sphinx 0.9.9-rc2 is out. Interesting new feature: the Sphinx search server now supports the MySQL binary protocol, so you can talk to it using a regular MySQL client library and fire off search queries using SELECT syntax and the new SphinxQL query language.
Finding similar items with Amazon Elastic MapReduce, Python, and Hadoop streaming. Tutorial for running Hadoop jobs on Elastic MapReduce using Python and the 2005 Audioscrobbler dataset.
Building sites around social objects. Jyri Engeström’s concept of “social objects” is a genuinely useful new way to talk about social web sites.
Rabbits and warrens. Handy tutorial introduction to using RabbitMQ and AMQP with Python.
cufon. A promising alternative to sIFR, cufon uses VML on IE and canvas on other browsers to render custom fonts in the browser. You have to convert your font to JavaScript first, either using their free hosted tool or by installing the FontForge based server-side script yourself. The JavaScript encoded font file uses VML primitives to improve IE performance; the JavaScript library converts that to canvas calls for other, faster browsers.
Making the HTML5 time element safe for historians. PPK presents a detailed history of dates and calendars and points out that the HTML5 time element is ill prepared to faithfully represent the kind of dates historians are interested in.
Twitter: blaming Ruby for their mistakes? The comments on the entry include replies from Twitter employees and the RabbitMQ consultant they brought in, and provide a full rebuttal to the various accusations of NIH that were thrown around recently.
Ext Core 3.0 Beta Released. The Ext JavaScript team have just released the core library (similar to jQuery or Prototype) under an MIT license. The rich GUI elements that go on top are still under the GPL.
Mending The Bitter Absence of Reasoned Technical Discussion. Not at all surprised to see Alex Payne write this considering the low quality of discussion around anything technical to do with Twitter.
Almost Perfect (via) W. E. Peterson’s book on the rise and fall of WordPerfect Corporation, originally published in 1994 and now available for free online.
UK Television Series Map. Inspired by the US sitcom map, Meg Pickard is plotting TV series on a map of the UK.
TinyURL—Archiveteam. Excellent: the Internet Archive are crawling TinyURL (and hopefully other URL shortening services as well). The wiki page was created back in January. UPDATE from comments: Archiveteam are a separate organisation from the Internet Archive.
Introducing Digg’s IDDB Infrastructure. IDDB is Digg’s new infrastructure component for sharding data across multiple databases, with support for both MySQL and memcachedb. “The DiggBar and URL minifying service is powered by a 16 machine IDDB cluster, which includes 8 write masters in the index and 8 MySQL storage nodes.”
Automating PowerPoint with Python. Useful tutorial on using ActivePython’s win32com module to automate PowerPoint. The example code pulls in the top 50 banks by assets from the Guardian Data Store and generates a treemap using PowerPoint’s shape drawing primitives.
UK Guardian Data + ManyEyes = ISAF Troops Contribution Story. Including a heat map showing countries that are contributing the most troops to Afghanistan.
Tracking UK Liberal Indecency. The mashup I’ve been waiting for: Tom Hume used the Guardian Content API to track swearword usage over time.