Simon Willison’s Weblog

Items tagged recovered in May

Filters: Month: May × recovered ×


On HTTP Load Testing. Mark Nottingham explains that running good HTTP benchmarks means understanding available network bandwidth, using dedicated physical hardware, testing at progressively higher loads and a whole lot more. # 18th May 2011, 10:17 am

tobeytailor’s gordon. Another Flash runtime in pure JavaScript project, released back in January. Not quite as advanced as Smokescreen yet (it doesn’t have an audio implementation) but already available as open source under an MIT license. # 29th May 2010, 11:57 am

The easiest way to have no-downtime upgrades is have an architecture that can tolerate some subset of their processes to be down at any time. De-SPOF and this gets easier (not that de-SPOFing is always trivial).

Ryan King # 29th May 2010, 11:36 am

Smokescreen demo: a Flash player in JavaScript. Chris Smoak’s Smokescreen, “a Flash player written in JavaScript”, is an incredible piece of work. It runs entirely in the browser, reads in SWF binaries, unzips them (in native JS), extracts images and embedded audio and turns them in to base64 encoded data:uris, then stitches the vector graphics back together as animated SVG. Open up the Chrome Web Inspector while the demo is running and you can see the SVG changing in real time. Smokescreen even implements its own ActionScript bytecode interpreter. It’s stated intention is to allow Flash banner ads to execute on the iPad and iPhone, but there are plenty of other interesting applications (such as news site infographics). The company behind it have announced plans to open source it in the near future. My one concern is performance—the library is 175 KB and over 8,000 lines of JavaScript which might cause problems on low powered mobile devices. # 29th May 2010, 11:32 am

Zero-downtime Redis upgrade discussion. GitHub have a short window of scheduled downtime in order to upgrade their Redis server. I asked in their comments if they’d considered trying to run the upgrade with no downtime at all using Redis replication, and Ryan Tomayko has posted some interesting replies. # 28th May 2010, 2:50 pm

Is This Really The Future of Magazines or Why Didn’t They Just Use HTML 5? A scathing critique of the new Wired iPad app, which weighs in at 500MB per issue due to storing every single page as two static PNG images—one for landscape and one for portrait mode. “The only real differentiation between the Wired application and a multimedia CD-ROM is the delivery mechanism: you download it via the App Store versus buying a CD-ROM”. # 28th May 2010, 12:13 pm

Twitter is an open, real-time introduction and information service. On a daily basis we introduce millions to interesting people, trends, content, URLs, organizations, lists, companies, products and services. These introductions result in the formation of a dynamic real-time interest graph. At any given moment, the vast network of connections on Twitter paints a picture of a universe of interests. We follow those people, organizations, services, and other users that interest us, and in turn, others follow us.

Dick Costolo # 25th May 2010, 4:54 pm

A New Type of Phishing Attack. Nasty trick from Ava Raskin—detect when your evil phishing page loses focus (when the user switches to another tab, for example), then replace the page content with a phishing UI from a site such as Gmail. When the user switches back they’re much less likely to bother checking the URL. Combine with CSS history sniffing to only show a UI for a site that you know the user has visited. Combine that with timing tricks to only attack sites which the user is currently logged in to. # 25th May 2010, 3:20 pm

OpenCart CSRF Vulnerability. Avoid OpenCart—it’s vulnerable to CSRF, but the maintainer has no intention of fixing it as “there is no way that I’m responsible for a client being stupid enough to click links in emails”. # 25th May 2010, 12 am

doc/beatings.txt (via) Rubberhose is a disk encryption system developed by the founder of Wikileaks that implements deniable cryptography—different keys reveal different parts of the encrypted data, and it is impossible to prove that all of the keys have been divulged. Here, Julian Assange explains how this works with a scenario involving Alice and the Rubber-hose-squad. # 24th May 2010, 2:17 pm

What’s powering the Content API? The new Guardian Content API runs on Solr, scaled using EC2 and Solr replication and with a Scala web service layer sitting between Solr and the API’s end users. # 24th May 2010, 2:08 pm

Busting frame busting: a study of clickjacking vulnerabilities at popular sites (via) Fascinating and highly readable security paper from the Stanford Web Security Research group. Clickjacking can be mitigated using framebusting techniques, but it turns out that almost all of those techniques can be broken in various ways. Fun examples include double-nesting iframes so that the framebusting script overwrites the top-level frame rather than the whole window, and a devious attack against the IE and Chrome XSS filters which tricks them in to deleting the framebusting JavaScript by reflecting portions of it in the framed page’s URL. The authors suggest a new framebusting snippet that should be more effective, but sadly it relies on blanking out the whole page in CSS and making it visible again in JavaScript, making it inaccessible to browsers with JavaScript disabled. # 24th May 2010, 11:40 am

Headroid1—a face tracking robot head. Kind of creepy—Ian Ozsvald’s openCV + pySerial motorised camera follows your face around the room, and will soon be able to react to your emotions. # 21st May 2010, 4:59 pm

OpenPlatform Content API Explorer. The new API explorer for the Guardian’s Content API. # 20th May 2010, 5:42 pm

The Guardian’s Open Platform is open for business. The Guardian’s Content API is now out of beta. Of particular interest: you can access basic article metadata (headline, URL and tags) without using an API key at all, and the API supports JSONP—just request format=json and include a callback=foo argument. # 20th May 2010, 5:40 pm

App Engine at Google I/O 2010. OpenID and OAuth are now baked in to the AppEngine users API. They’re also demoing two very exciting new features—a mapper API for doing map/reduce style queries against the data store, and a Channel API for building comet applications. # 20th May 2010, 3:30 pm

ZOMBO.com in HTML5. Uses SVG (scripted by JavaScript) and the audio element. Finally, Zombo.com comes to the iPad. # 20th May 2010, 3:26 pm

Doing things with Ordnance Survey OpenData. Jo Walsh’s guide to processing Ordnance Survey OpenData using PostgreSQL and PostGIS. # 20th May 2010, 3:22 pm

Google Font Directory: Font Preview. Handy tool for trying out the 18 open source fonts Google have released, along with server-side browser sniffing technology that serves up the correct version (including for IE6). The browser sniffing makes me a bit uncomfortable—will it play well with intermediate caches? What happens if I save a local copy of a page and then open it up in a different browser? # 20th May 2010, 3:20 pm

jed’s fab. Spectacular web framework for Node.js which, despite using nothing but regular JavaScript, has syntax that is easily confused with Lisp. General consensus at work is that truly understanding how this works is a crucial step on the path to JavaScript enlightenment. # 18th May 2010, 6:50 pm

Understanding node.js. A king providing orders to his army of servants is a much better analogy than my hyperactive squid. # 18th May 2010, 6:44 pm

reddit’s May 2010 “State of the Servers” report. An interesting Cassandra war story: Cassandra scales up, but it doesn’t scale down very well: running with just three nodes can make recovery from problems a lot more tricky. # 18th May 2010, 6:37 pm

With Flickr you can get out, via the API, every single piece of information you put into the system. [...] Asking people to accept anything else is sharecropping. It’s a bad deal. Flickr helped pioneer “Web 2.0″, and personal data ownership is a key piece of that vision. Just because the wider public hasn’t caught on yet to all the nuances around data access, data privacy, data ownership, and data fidelity, doesn’t mean you shouldn’t be embarrassed to be failing to deliver a quality product.

Kellan Elliott-McCrea # 18th May 2010, 6:21 pm

Django 1.2 release notes (via) Released today, this is a terrific upgrade. Multiple database connections, model validation, improved CSRF protection, a messages framework, the new smart if template tag and lots, lots more. I’ve been using the 1.2 betas for a major new project over the past few months and it’s been smooth sailing all the way. # 17th May 2010, 9:11 pm

ElasticSearch memcached module. Fascinating idea: the ElasticSearch search server provides an optional memcached protocol plugin for added performance which maps simple HTTP to memcached. GET is mapped to memcached get commands, POST is mapped to set commands. This means you can use any memcached client to communicate with the search server. # 15th May 2010, 10:17 am

plasticbag.org: My last day at Yahoo! Tom Coates on four years at Yahoo! # 15th May 2010, 10:14 am

The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words “insert,” “delete,” “drop,” “update,” “null,” or “select.”

Sacramento Credit Union # 14th May 2010, 12:40 am

Music: The Geeking. More on Simon Tatham’s Gonville music font. He concluded that “Bézier curves are not a good tool for font design”, and instead switched to using curves based on involutes of circles with his own custom curve design tool. # 12th May 2010, 12:43 pm

Firefox 4: the HTML5 parser—inline SVG, speed and more. A complete replacement for the oldest part of Gecko (the HTML parser dates back to 1998) headed up by HTML5 validator author Henri Sivonen, using the parsing algorithm defined in the HTML5 specification. Improvements include parsing taking place off the main UI thread and the ability to embed SVG and MathML directly inline in HTML pages. # 12th May 2010, 8:56 am