Blogmarks
Filters: Sorted by date
Using Git as a versioned data store in Python. gitshelve supports the same interface as Python’s built-in shelve module but stores things to a versioned Git repository instead of just a pickled dictionary. I’ve been casually wondering what a Git-powered CMS would look like.
Cubescape. Beautiful isometric cube building tool by Cameron Adams, written in JavaScript and jQuery.
Crossdomain.xml Invites Cross-site Mayhem. A useful reminder that crossdomain.xml files should be treated with extreme caution. Allowing access from * makes it impossible to protect your site against CSRF attacks, and even allowing from a “circle of trust” of domains can be fatal if just one of those domains has an XSS hole.
Engineering @ Facebook: Facebook Chat. The new Facebook Chat uses Comet (long polling with a hidden iframe) against a custom web / chat server written in Erlang, designed to handle a launch to all 70 million users at once. It was tested using a “dark launch” period where live pages simulated chat request traffic without showing any visible UI.
goog/useragent/iphoto.js. The Goog library includes code to detect the user’s installed version of iPhoto, based on reverse engineering the Mac.com Gallery RSS feeds. This has Mark Pilgrim written all over it.
Doctype: /trunk/goog. Google’s newly released JavaScript library (pure JavaScript, so more along the lines of YUI and jQuery than GWT). I haven’t found the documentation for it yet, but the code is extremely well commented. UPDATE: The documentation is spread throughout Doctype.
Doctype on Google Code. Alternative way of browsing Google Doctype—if you link to articles here instead of using the permalinks in the official version non-JavaScript user agents will be able to access the content you’ve linked to.
Google Doctype. So now we know what Mark Pilgrim’s been doing at Google... heading up a project to create an encyclopaedia of web development. The JavaScript UI for browsing it is a bit weird (though you do at least get real pages if you disable JavaScript in your browser).
Google Maps now shows photos and Wikipedia articles. Click the “More...” button. My first thought was “how do they get so many photo markers on the map?”—Firebug shows that they’re generating tiles on the server containing multiple photo markers, then when you click on one an Ajax call checks which photo is in that particular spot.
Django: security fix released. XSS hole in the Admin application’s login page—updates and patches are available for trunk, 0.96, 0.95 and 0.91.
Session variables without cookies. Brilliant but terrifying hack—you can store up to 2 MB of data in window.name and it persists between multiple pages, even across domains. Doesn’t work with new tabs though, and storing JSON in it and eval()ing it is a bad idea—a malicious site could populate it before sending the user to you.
Graffletopia. Huge collection of free OmniGraffle stencils.
Django admin OmniGraffle stencil. Alex Lee put together a beautiful stencil for OmniGraffle containing all of the common UI elements seen in the Django admin interface, as a tool for wireframing.
Persevere adds Comet Support. Persevere sounds neat: a RESTful HTTP/JSON data store (the interface reminds me of CouchDB) which recently gained the ability to “subscribe” to a resource and receive notifications of updates via comet.
django-db-log. Middleware that logs Django exceptions to the database, using a clever scheme based on an MD5 of the traceback text to group duplicate errors in to batches.
Yahoo! Internet Location Platform. As an ex-Yahoo! this is really exciting—WhereOnEarth (a London company acquired by Yahoo! in 2005) provide the incredibly detailed geographical data used by Flickr, Upcoming and FireEagle—and now it’s available as an external API.
Airship Ventures (via) New startup providing tours of Silicon Valley in a frickin’ Zeppelin. Strangely enough I’ve been complaining about the lack of Zeppelins over Silicon Valley for several years. Really.
Beanstalkd. This is the light-weight cross-language queue I’ve been waiting for. Similar to Starling but your workers don’t need to poll for new jobs; you can call the blocking “reserve” call instead.
Python with a modular IDE (Vim). Great tips—I’d use these if I wasn’t still scarred from the time vim encrypted my file instead of saving it because I had caps lock on by mistake.
Byteflow Blog Engine. This looks like the most full-featured of the Django blog engines by a pretty big margin, including OpenID client and server support. A product of the growing Russian/Ukrainian Django community.
Processing.js. John Resig’s outstanding port of the Processing visualisation language to JavaScript and Canvas. Runs amazingly well in Firefox 3. One hell of a hack.
Opera Dragonfly. Opera’s new Firebug-style developer console. Out in alpha and it shows (slow to load and the interactive console leaves a lot to be desired) but still looks incredibly promising, especially the remote debugging tools for working with Opera on phones and games consoles.
Unobtrusive JavaScript with jQuery. The online handout for the tutorial I gave this morning at XTech.
Sneaking Ruby Through Google App Engine (and Other Strictly Python Places). In a characteristic stroke of genius, _why makes a solid initial attempt at compiling Ruby 1.9 source to Python 2.5 bytecode.
Making Time Machine work with the ReadyNAS. Finally, a decent set of instructions on using a ReadyNAS with Time Machine. The trick is to create a local sparse disk image with a magic name (based on hostname and eth0 MAC address), then move it to the NAS.
twistori. Lovely implementation of a neat idea for a Twitter app from Amy Hoy and Thomas Fuchs.
James B. on Pownce (via) James Bennett has started using Pownce for sort of medium-format blog entries, longer than a tweet but shorter than a blog essay and delivered with a healthy dose of snark.
How one site dealt with SQL injection attack (via) Horrifying story of developer incompetence from Autoweb: “The contractor had no idea how to find and fix the Web page vulnerability that allowed the SQL injection attack code to execute successfully.”
Django Users Group London meetup, 19th of May. The inaugural meeting of DJUGL will be on the 19th of May at the Capital Radio building in Leicester Square, sponsored by GCap Media. Three presentations starting at 7pm (I’ll be giving one of them), then on to the pub. Sign up on EventWax; there are only 70 places.
SourceForge Allows OpenID Logins. Excellent—SourceForge is the kind of site that I log in to infrequently enough to always forget my password (and indeed username) making OpenID a great fit.