Blogmarks
Filters: Sorted by date
Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.
Amazon takes EC2 to the next level with persistent storage volumes. You can store a snapshot of a storage volume to S3 with a single API call, making backups trivial.
Multiple inheritance of newforms and modelforms. If you ever see “Error when calling the metaclass bases metaclass conflict: the metaclass of a derived class must be a (non-strict) subclass of the metaclasses of all its bases” when trying multiple inheritance with newforms and modelforms, here’s a scary solution I found.
CSRF presentation at RSA 2008. It terrifies me how few people understand CSRF, years after it was discovered. I’ll say it again: if you’re a web developer and you don’t know what that acronym means, go spend an hour reading about it—because the chances are your applications are vulnerable.
Sharedance (via) “Sharedance is a high-performance server that centralize ephemeral key/data pairs on remote hosts, without the overhead and the complexity of an SQL database.”—ideally suited to session data, which is a poor fit for a full relational database.
Active on IRC in the past hour. New Django People feature in collaboration with Brian Rosner—DjangoBot now provides information on currently active IRC participants. There’s an opt-out privacy control and the bot sends you a message about it the first time it logs your activity.
django-rosetta—Google Code. Very classy Django-powered interface for both reading and writing your project’s gettext catalog files, hence allowing application translators to work through a web interface.
Google App Engine for developers. Best in-depth coverage so far, from Niall Kennedy. I didn’t know that Guido had worked on the Django compatibility layer.
Video on Flickr! There’s a 90 second length limit, because “... Flickr is all about sharing photos that you yourself have taken. Video will be no different and so what quickly bubbled up was the idea of long photos, of capturing slices of life to share.”
A List Apart: Issue 256. The EveryBlock issue. Paul Smith on EveryBlock’s tasty custom maps, and Wilson Miner on EveryBlock’s tasty accessible data charts.
OpenID for Google Accounts. Google App Engine integrates with Google’s user accounts, so Ryan Barrett (of Google) used it to build an idproxy.net style OpenID provider.
Running Django on Google App Engine. Django 0.96 is included, but you need to disable the ORM related parts and use the Google App Engine Bigtable interface instead.
Google App Engine. Write applications in Python using a WSGI compatible application framework, then host them on Google’s highly scalable infrastructure. The most exciting part is probably the Datastore API, which provides external developers with access to Bigtable for the first time.
Hash Collisions (The Poisoned Message Attack). Demonstrates the MD5 weakness by providing two deliberately engineered PostScript documents with the same MD5 hash but radically different rendered output.
Comet at the Highland Fling. I thoroughly enjoyed the Highland Fling yesterday. Here are the slides from my talk on Comet.
Why the webstandards world appears to be choosing Django. I’m not convinced that this is a definite trend, but it certainly makes for an interesting discussion.
Implementing a syntax-higlighting JavaScript editor in JavaScript. Appropriately subtitled “a brutal odyssey to the dark side of the DOM tree”. Some seriously clever trickery going on here.
i am near (via) Inspired by wikinear.com and powered by FireEagle, currently just showing nearby pubs from OpenStreetMap but with more stuff planned. I love the URL scheme—pubs.iamnear.net.
Advanced JavaScript Debugging Techniques. There’s more to JavaScript debugging than just Firebug.
The Royal Mint: The New Designs Revealed. Matthew Dent’s design for the new UK coinage is inspired—absolutely beautiful. Can’t wait to get my hands on some of these.
Brendan Eich: Popularity. I never knew that Brendan went to Netscape on the promise of “doing Scheme in the browser”.
London Connections. Marvellously obsessive blog about the vagaries of London transport, including some really nice custom created maps. I love detailed maps of tube stations; anyone know a good place to find them?
Firefox 3’s password remembering. I’m loving Firefox 3, and the way it does password remembering (with a non-modal toolbar so you can tell if your password worked before deciding to save it) is just one of the major improvements. Opera gets this right as well.
CSS Compatibility and Internet Explorer (via) Official Microsoft guide to which CSS properties are supported by which versions of IE. This is the kind of documentation browser vendors should be providing as a matter of course.
OpenID and Spam. Matt Mullenweg: “OpenID has a ton of promise for the web—let’s not hurt it by setting people up for disappointment by telling them it’s a spam blocker when it’s not.” True for the case of general registration, but I still believe whitelisting known OpenIDs could be a powerful tool for fighting spam on personal sites.
Python-by-example. “This guide aims to show examples of use of all Python Library Reference functions, methods and classes”, thus addressing my number one complaint about Python’s standard library documentation.
What’s New in Edge Rails: Easier Timezones (via) Time zones can be a nightmare to get right—if this works well it’s going to make a lot of people’s lives a whole bunch easier.
Welcome to Game Neverending. It really is back! Hot tip: start by taking the survey, then sell the five pieces of blue paper at the bank with the pig on the roof.
Classy Query. Beautifully implemented parody of class-based JavaScript and verbose namespacing as a jQuery extension, from John Resig. The source code has some neat tricks in it, in particular the buildClass() function.
Find Your Friends. Flickr have added a characteristically classy friend import feature, pulling from Gmail, Yahoo! and Hotmail address books without any unhygienic password sharing. It’s a crying shame that the Yahoo! contacts API they are using isn’t available outside the company.