Blogmarks
Filters: Sorted by date
Film + Food & drink | guardian.co.uk (via) The Guardian’s publishing system supports tag intersections based on the URL; this page shows all film stories that also mention food. There’s even an RSS feed.
Tip: Configure SAX parsers for secure processing. Explains the billion laughs attack, among others.
DoS vulnerability in REXML. Ruby’s REXML library is susceptible to the “billion laughs” denial of service attack where recursively nested entities expand a single entitity reference to a billion characters (kind of like the exploding zip file attack). Rails applications that process user-supplied XML should apply the monkey-patch ASAP; a proper gem update is forthcoming.
TraceMonkey. Brendan Eich has been preaching the performance benefits of tracing and JIT for JavaScript on the conference circuit for at least a year, and the results from the first effort to be merged in to Mozilla core are indeed pretty astounding.
Visualization Strategies: Text & Documents. “List of ...” style posts usually make me want to stab someone with a fork; this is how that kind of post should be done—well researched, carefully written and, most importantly doesn’t call itself a “Top X Ys that will Z your ZZ”!
Get Lat Lon now has a “Get my location (by IP)” button. It took all of five minutes to add using the new google.loader.ClientLocation API. The button is only visible if your location can be resolved.
Gears API Blog: Gears 0.4 is here! New features are Geolocation, a Blob API for dealing with arbitrary binary data, onprogress() events for tracking HTTP downloads and uploads (meaning progress indicators) and the built-in Gears dialogs localized to 40 languages.
Google Code Blog: Two new ways to location-enable your web apps. The Gears Geolocation API isn’t very exciting just yet as it only really works on windows mobile devices, but the new google.loader.ClientLocation Ajax API is great—it gives you the user’s location based on looking up their IP address, saving you from needing to install a IP-to-geo lookup database.
django-timezones. Models, form fields and a template filter for dealing with timezones in Django.
Persistent Django on Amazon EC2 and EBS—the easy way. Useful tutorial on getting Django up and running on EC2 with EBS for a persistent PostgreSQL database.
Package Management Sudoku. "A package management system that can solve Sudoku based on package dependency rules is not something that I think would be useful or worth having" - like a red flag to a bull. (Internet Archive)
Amazon Elastic Block Store (EBS). EC2 just got a whole lot more useful—you can now create “block level storage volumes” (think virtual hard drives) and mount them to an EC2 instance for real persistent storage—but because they’re virtual you can clone them, snapshot them and benefit from automatic replication.
querySelectorAll in Firefox 3.1. John Resig benchmarks the various JavaScript libraries’ support for querySelelectorAll, and finds an impressive 2-6x performance improvement over native DOM traversal. It’s worth clicking through to John’s experimental plugin for adding support to jQuery, which does a clever trick using __proto__ to convert the collection returned by querySelectorAll in to a jQuery object in browsers that support it.
SecondLife rolls out Mono-powered servers. Most of the work on this was done in Linden Lab’s Brighton UK office. If you’re interested in Mono and want to live in Brighton, they’re hiring!
Facebook engineering notes on Scaling Out. Jason Sobel explains a couple of tricks Facebook use to deal with consistency between their California and Virginia data centres. The first is to hijack the MySQL replication stream to include information about memcached records to invalidate; the second is to use Layer 7 load balancers which inspect a “last modification time” cookie and send users to the masters in California if they have updated their profile in the past 20 seconds.
UnicodeDictWriter—write unicode strings out to Excel compatible CSV files using Python. Stuart Langridge and I spent quite a while this morning battling with Excel. The magic combination for storing unicode text in a CSV file such that Excel correctly reads it is UTF-16, a byte order mark and tab delimiters rather than commas.
Cyberstar. Adrian made the front cover of the Chicago Tribune magazine!
Dare left something out (and it’s important). Dave Winer: “You should at least learn the lessons and add to REST what it needs to catch up with XML-RPC. Seriously. What’s missing in REST, btw, is a standard method of serializing structs, lists and scalar types.” That would be JSON.
Explaining REST to Damien Katz. I didn’t know that it was Mark Baker back in 2002 who first pointed out that SOAP was flawed because it ignored the architecture of the Web as defined by Roy Fielding’s Ph.D thesis.
АЭРОКРАТ КОНЦЕПТ (via) Another great Airship blog. I don’t speak Russian, but the photos and videos speak for themselves.
Historic Airship Pictures: the Shenandoah, the Los Angeles, the Akron and the Macon as well as the Zeppelins and many more. The US Navy built some truly beautiful airships back in the 1930s.
Domain-Driven Design in an Evolving Architecture. How the team at guardian.co.uk used Domain-Driven Design in their recent two year rebuild. The core of DDD is having end users involved with domain modeling, which results in a shared domain language that should be understood by everyone involved.
minidetector. Neat piece of Django middleware that adds a “mobile = True” attribute to the request object if the request’s user-agent matches a list of strings of known low-power browsers in mobiles, PDAs or game consoles.
REST, I just don’t get it. Read the comments for some excellent practical reasons to care about REST, including cache management (PUT and DELETE can expire the cache entries for the corresponding GET), the ability to add or move parts of the server API without redeploying client libraries and the idempotency of GET / PUT / DELETE and HEAD (repeated POST operations may have side-effects).
This Week in Django. After 33 episodes Django’s usually-weekly podcast finally has its own website.
YUI 3.0 Preview Release 1. YUI sandboxing is a really good idea, which cleverly addresses both the need to run multiple versions of the library at once and the complaints about how verbose traditional YUI code can get.
ECMAScript Harmony. John Resig explains the outcome of the recent “Oslo meeting” where proponents of ECMAScript 3.1 (incremental improvements to JS as it exists today) and 4 (massive, sweeping changes including many new programming constructs) harmonised their differences. The combined effort is closer to 3.1 than it is to 4, which I think is the right decision.
Free licenses upheld by US “IP” court. Free software and CC licenses which dictate conditions that, when violated, turn you in to a copyright infringer now have precedence in US law.
Around the world and back again. Flickr are using data from OpenStreetMap to provide street-level detail of Beijing for the Olympics.
Keyczar (via) New open source cryptography toolkit from Google, designed to get algorithm selection, key rotation and versioning right so you don’t have to. Java and Python versions are available; the Python version depends on PyCrypto.