Blogmarks
Filters: Sorted by date
Antisocial. Matt Westcott (a.k.a. Gasman) provides some technical background to his awesome Antisocial 3D canvas demo.
and now... Opera. Jon Hicks is joining Opera as Senior Designer. I absolutely cannot wait to see what he comes up with there.
Antisocial: a Javascript demo by Gasman. The demo is cool (3D on top of canvas); the “demotool” editor is simply amazing.
Places to see in London (for geeks). My geek-oriented guide to London attractions that you may not hear about otherwise, updated for this year’s overseas FOWA attendees. Suggestions for additions welcome.
XHTML—myths and reality. Useful overview of XHTML from Tina Holmboe of the W3C’s XHTML Working Group, which suggests considering HTML 4.01 strict unless you need mixed namespaces for things like MathML. I’ve been storing this blog’s content as XHTML but serving as HTML for several years now.
Giving Dabble DB a time machine. More innovation from Dabble DB—the service now offers a UI to their backup snapshots, letting you roll your own instance back to a specific point in time to recover accidentally deleted data.
Clickjacking and NoScript (via) NoScript CAN protect against clickjacking, but only if you enable the “Plugins|Forbid IFRAME” option.
Dealing with UI redress vulnerabilities inherent to the current web (via) The best explanation of clickjacking I’ve seen yet, complete with discussion of a number of non-ideal potential solutions. It looks like frame busting JavaScript will defeat it, but only for users who have JavaScript enabled—which means that in this case extensions like NoScript actually make you less safe. UPDATE: NoScript is smarter than I thought; see the comments.
Tracking your Cat with GPS. Alex Lee strapped a GPS to his cat.
FOWA pre-interview: Andrew Turner. I’ve started to post pre-interviews with speakers to the FOWA blog, in advance of the conference next week. First up is Andrew Turner of Mapufacture.
The Flickr Panda. Reminds me of the prime number shitting bear.
Why Google App Engine is broken and what Google must do to fix it. Aral Balkan describes a number of critical issues with App Engine. If you’re considering building something serious on it you need to read this article; I’ve run in to several of these problems myself just running toy projects on the platform. Here’s hoping they get addressed in the near future.
Obama ’08 for iPhone (via) Slick app, impressive for a three week turnaround. I’m guessing it uses the phone number area codes in your address book to arrange your friends by state for the “call your friends” feature, which is an ingeniously simple hack.
Tweetersation. Nat and my latest side project: a JSONP API powered tool to more easily follow conversations between people on Twitter, by combining their tweets in to a single timeline.
FB App Canvas Pages: I Think I’d Use IFrames. Facebook’s Charlie Cheever explains the difference between FBML canvas pages, iframe pages and XFBML when building Facebook apps. I’m always surprised at APIs that load untrusted content in an iframe, as it seems like an invitation for frame-busting phishing attacks.
Google’s Wikipedia and Panoramio layers are now available in the API. I really like their use of reverse domain style identifiers for the layer IDs: map.addOverlay(new GLayer(“org.wikipedia”));
What’s New in Python 2.6 (via) Python 2.6 final has been released (the last 2.x version before 3.0). multiprocessing and simplejson (as json) are now in the standard library, any backwards compatible 3.0 features have been added and the official docs are now powered by Sphinx (used by Django 1.0 as well). There’s plenty more.
simplejson 2.0.1. Python’s simplejson JSON library got a whole lot faster while I wasn’t looking.
[REDACTED]. Now that the iPhone NDA has been lifted be prepared for a flood of useful tips about the platform. Here’s Craig Hockenberry explaining how iPhone URL schemes work (used to great effect in the Pownce app for returning to the right place post-OAuth authentication in Safari).
Cascading. A Java API abstraction layer over Hadoop that lets developers think in terms of pipes and filters rather than map/reduce. The Cascading developers claim that this model is easier to understand and less error prone.
Coming Soon: Amazon EC2 With Windows. It’s not instantly clear if you need to source your own Windows licenses or if the license comes as part of the hourly VM charge. If it’s the latter, I can see this being fantastically useful for both automated and manual cross-browser testing—throw up a Windows VM for just as long as you need to run your tests, running them through rdesktop.
This Week in HTML 5—Episode 7: Clickjacking. Clickjacking is when a third party site is embedded in an iframe with opacity 0 and positioned such that a click on the page actually hits a button on the now invisible third party site. Mark Pilgrim explains how the NoScript site uses this in a non malicious way to for the “install now!” button.
Using the New MySQL Query Profiler. Extremely powerful new feature in MySQL 5.0.37. Definitely something for the Django debug toolbar.
Popular Websites Vulnerable to Cross-Site Request Forgery Attacks. Ed Felten and Bill Zeller announce four CSRF holes, in ING Direct, YouTube, MetaFilter and the New York Times. The ING Direct hole allowed transfer of funds out of a user’s bank accounts! The first three were fixed before publication; the New York Times hole still exists (despite being reported a year ago), and allows you to silently steal e-mail addresses by CSRFing the “E-mail this” feature.
A Brief Tour of Graphd. The secret sauce behind Freebase—a custom written graph server that models everything as a typed, versioned relationship and can churn through over 3,000 simple queries a second on a single AMD64 core.
CSS Systems for writing maintainable CSS. Nat has published the slides and notes from her BarCamp presentation this morning. I’m really excited about her approach, which involves designing a “CSS system” of markup patterns and CSS that embodies the design of an individual site. Future maintenance can then take this overall system in to account, which is assisted by a defined ordering system and shared vocabulary.
James May’s Big Ideas: Come Fly with Me (via) The BBC made an hour-long documentary on Ekranoplans! It’s available for the next 21 days on the iPlayer (UK residents only).
Flickr Engineers Do It Offline. Flickr wrote their own queuing mechanism (in PHP), and currently run ten queue servers on dedicated hardware for tasks like pushing new photos in to indexes, denormalisation and “backfills” which move data between clusters and run bulk scripts against large numbers of existing rows.
Wario Land: Shake It—Amazing footage! Some virals really do deserve linking to.
Cheap, Easy Audio Transcription with Mechanical Turk. Andy Baio’s in-depth tutorial on submitting HITs to Mechanical Turk. I hadn’t realised how straight forward and powerful the interface has become.