Items in Jan, 2009
Filters: Year: 2009 × Month: Jan × Sorted by date
why’s potion. why’s latest project is a small, fast language (JIT to x86/x86-64) which seems to take ideas from Ruby, Lua, Python and who knows where else. Everything is based around objects, closures and mixins, with the delightful inclusion of scoped mixins so you can modify an object only within a certain module (hence avoiding Ruby’s action-at-a-distance problems). # 8th January 2009, 6:37 pm
The simple truth is that in the age of Web 2.0/3.0, in the era of cloud and utility computing, the application server is a commodity. A commercial, proprietary app server simply cannot survive in this environment anywhere outside the lethargic, soft-padded walls of the enterprise.
— Aral Balkan # 8th January 2009, 6:10 pm
Wetpaint no longer supports OpenID. I missed this, but they turned off their OpenID support in November due to low usage and high maintenance costs. # 8th January 2009, 2:53 pm
Gaza OpenStreetMap Update. “We’re looking into purchasing satellite imagery for the north or the entirety of Gaza. There’s actually B/W imagery available from yesterday!” # 7th January 2009, 11:10 pm
Rate limiting with memcached
On Monday, several high profile “celebrity” Twitter accounts started spouting nonsense, the victims of stolen passwords. Wired has the full story—someone ran a dictionary attack against a Twitter staff member, discovered their password and used Twitter’s admin tools to reset the passwords on the accounts they wanted to steal.
[... 910 words]Weak Password Brings “Happiness” to Twitter Hacker. The full story on the Twitter admin account hack. I bet there are a LOT of web applications out there that don’t track and rate-limit failed password attempts. # 7th January 2009, 12:04 pm
The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment. # 6th January 2009, 11:56 pm
Update on the “antipatterns for sale” Twply auction (via) The collected username and password database is NOT included in the auction. # 6th January 2009, 9:41 am
As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter’s admin interface.
— Blaine Cook # 6th January 2009, 9:37 am
Travel time to major cities: A global map of Accessibility (via) Visualisation developed by the European Commission and the World Bank. # 5th January 2009, 1:24 pm
MemcacheDB. A server that speaks the memcache protocol but uses Berkeley DB for reliable persistent storage. Speedy: 20,000 writes/second and 60,000+ reads/second. Includes a full replication mechanism (with custom memcache protocol commands) based on Berkeley DB’s. # 5th January 2009, 12:37 pm
The username/password key’s major disadvantage is that it open all the doors to the house. The OAuth key only opens a couple doors; the scope of the credentials is limited. That’s a benefit, to be sure, but in Twitter’s case, a malicious application that registered for OAuth with both read and write privileges can do most evil things a user might be worried about.
— Alex Payne # 5th January 2009, 10:47 am
Talking about OpenID. “So a relying party walks in to a bar...” # 5th January 2009, 10:46 am
Wikipedia over DNS. Added to my ~/bin/ directory as dns-wikipedia.sh: host -t txt $1.wp.dg.cx # 2nd January 2009, 11:29 am
Antipatterns for sale. Twply collected over 800 Twitter usernames and passwords (OAuth can’t arrive soon enough) and was promptly auctioned off on SitePoint to the highest bidder. # 2nd January 2009, 10:48 am
OSM 2008: A Year of Edits (via) Stunningly beautiful visualisation of the year in OpenStreetMap. # 2nd January 2009, 10:34 am
The compiler only pays attention to the semicolons and braces while ignoring the line breaks and indentation, but humans usually only pay attention to the line breaks and indentation while ignoring the semicolons and braces. This gives the code the opportunity to lie about what it’s really doing. Consequently we need to take extra care when writing in C, Java, C++, C# etc.
— Elliotte Rusty Harold # 2nd January 2009, 10:26 am