Simon Willison’s Weblog

Items in 2009

Filters: Year: 2009 ×

Web Sockets in Tornado. Bret Taylor has a simple class making it trivial to experiment with the Web Sockets protocol (now shipping in Chrome) using the scalable Tornado application server. He also raises the million dollar question: what will existing load balancers and proxies make of the new protocol? # 31st December 2009, 11:54 am

Showstopper! The Improvised Musical. Went to see this last night with some friends—they really do improvise an entire musical (a surprisingly good one, with catchy new songs and three part harmonies) based entirely on user suggestions. They have shows coming up in Brighton and Bath, thoroughly recommended. # 31st December 2009, 9:36 am

Newzald: From Moleskine to Market. A typeface designer describes the process involved in designing a new font and taking it to market. # 31st December 2009, 9:24 am

qTip. Advanced tooltip plugin for jQuery, including borders and pointers created using CSS. Very flexible (we used this for the latest MP expenses application) but a little on the heavy side, weighing in at 38KB when minified. # 30th December 2009, 6:23 pm

tipsy. Simple Facebook-style tooltip plugin for jQuery. # 30th December 2009, 6:21 pm

jsondns. A JSONP API for making DNS queries, with a nice URL structure. # 30th December 2009, 5:37 pm

I think it’s really important to know the whole stack even if you don’t operate within the whole stack.

Brad Fitzpatrick # 25th December 2009, 11:31 pm

Intercepting Predator Video. Bruce Schneier’s take on the unencrypted Predator UAV story. A fascinating discussion of key management and the non-technical side of cryptography. # 24th December 2009, 9:26 pm

Orderly JSON. Essentially the JSON equivalent of RelaxNG’s compact syntax—a pleasant mini-language for describing JSON objects which compiles to the more verbose JSONSchema format. # 23rd December 2009, 2:44 pm

The Dangers of Clickjacking with Facebook. theharmonyguy compiled a list of actions that can be triggered on Facebook by a single click, and hence are vulnerable to clickjacking attacks. The list includes authorising malicious applications, posting links to profiles, sending friend requests and sending messages to other users. Why don’t Facebook include frame busting JavaScript on every page? # 23rd December 2009, 10:20 am

PostgreSQL 8.5alpha3 now available. “Hot Standby, allowing read-only connections during recovery, provides a built-in master-slave replication solution.” Woohoo! # 23rd December 2009, 9:57 am

Socket Benchmark of Asynchronous Servers in Python. A comparison of eight different asynchronous networking frameworks in Python. Tornado comes out on top in most of the benchmarks, but the post is most interesting for the direct comparison of simple code examples for each of the frameworks. # 22nd December 2009, 10:34 pm

The Worst Ideas of the Decade: Vaccine scares. “The movement blaming vaccines for causing autism emerged in the early 2000s, and it was one of the most catastrophically horrible ideas of the decade.” # 22nd December 2009, 9:17 pm

New Redis ZINCRBY command (via) Just added to Redis, a command which increments the “score” for an item in a sorted set and reorders the set to reflect the new scores. Looks ideally suited to real time stats, and I’m sure there are plenty of other exciting uses for it. # 22nd December 2009, 8:38 pm

New Facebook clickjacking attack in the wild. I’m not sure why Facebook don’t use frame-busting JavaScript to avoid this kind of thing. The attack is pretty crafty—a Facebook page is positioned with everything obscured bar part of the blue “share this” button, and a fake “Human Test” asks the user to find and click the blue button to continue. # 22nd December 2009, 6:52 pm

Django | Multiple Databases. Russell just checked in the final patch developed from Alex Gaynor’s Summer of Code project to add multiple database support to Django. I’d link to the 21,000 line changeset but it crashed our Trac, so here’s the documentation instead. # 22nd December 2009, 5:22 pm

If you’re just linking to the stuff that people are all talking about on Twitter or that floats to the top of Hacker News, you may as well give up on your blog, as far as I’m concerned. Everybody already sees that stuff. You have to dig deeper to offer more interesting information, and an RSS reader is the best tool you can use for that purpose.

Rafe Colburn # 22nd December 2009, 11:03 am

But I guess where I was originally going is that nobody wants to write endings in television. They want to sustain the franchise. But if you don’t write an ending for a story, you know what you are? You’re a hack. You’re not a storyteller. It may not be that you have the skills of a hack. You might be a hell of a writer, but you’re taking a hack’s road. You’re on the road to hackdom and there’s no stopping you because stories have a beginning, a middle, and an end.

David Simon # 22nd December 2009, 10:52 am

Learn to Let Go: How Success Killed Duke Nukem. The fascinating 12 year story of Duke Nukem Forever. # 22nd December 2009, 10:45 am

Another leak, the worst so far (via) “Arweena, a spokes-elf for Santa Claus, admitted a few hours ago that the database posted at WikiLeaks yesterday is indeed the comprehensive 2009 list of which kids have been naughty, and which were nice.” The first comment is great too. # 22nd December 2009, 10:42 am

Round-robin Django setup with nginx. An nginx trick I didn’t know: a low proxy_connect_timeout value (e.g. 2 seconds) combined with the proxy_next_upstream setting means that if one of your backends breaks a user won’t even see an error, they’ll just have a short delay before getting a response from a working server. # 21st December 2009, 3:43 pm

Notes on designing the Guardian iPhone app. By John-Henry Barac, the principal designer of he iPhone application who also previously worked on the Guardian’s print transition to the Berliner format. # 20th December 2009, 12:55 pm

Crowdsourced document analysis and MP expenses

As you may have heard, the UK government released a fresh batch of MP expenses documents a week ago on Thursday. I spent that week working with a small team at Guardian HQ to prepare for the release. Here’s what we built:

[... 2051 words]

I think that what’s particularly hard with C is not the details about pointers, automatic memory management, and so forth, but the fact that C is at the same time so low level and so flexible. So basically if you want to create a large project in C you have to build a number of intermediate layers (otherwise the code will be a complete mess full of bugs and 10 times bigger than required). This continue design exercise of creating additional layers is the hard part about C. You have to get very good at understanding when to write a function or not, when to create a layer of abstraction, and when it’s worth to generalize or when it is an overkill.

Salvatore Sanfilippo # 18th December 2009, 3:50 pm

jQuery.require() implementation. John Resig has added a new jQuery.require() function to a jQuery development branch, for release as part of jQuery 1.4. The commit on GitHub has an extensive discussion attached to it (scroll to the bottom). # 17th December 2009, 11:24 am

getElementsByTagName(). Dean Edwards rolls a hand-rolled getElementsByTagName function for use with DOM fragments (which don’t provide the method). His code is a nice example of a tightly written tree walker using the low level DOM API. # 17th December 2009, 7:46 am

Insurgents Hack U.S. Drones. The video feed rather than the control protocol, but still.... “Fixing the security gap would have caused delays, according to current and former military officials. It would have added to the Predator’s price. Some officials worried that adding encryption would make it harder to quickly share time-sensitive data within the U.S. military, and with allies.” # 17th December 2009, 7:36 am

Django-Jython 1.1.0 released. Django on Jython matches its minor version numbers to Django, so this new release is compatible with Django 1.1. # 16th December 2009, 10:42 pm

Some Darwinists might say your optimal strategy would be to pair-bond with the older male but surreptitiously allow the younger, sexy male to fertilise you. But be careful, most men consider being cuckolded the greatest of betrayals.

The Guardian's Evolutionary Agony Aunt # 16th December 2009, 3:20 pm

Notes from the No Lone Zone. A computer scientist with a background in cryptography visits a Titan II ICBM launch complex. # 16th December 2009, 10:02 am