Posts in Jan, 2009
Filters: Year: 2009 × Month: Jan × Sorted by date
why’s potion. why’s latest project is a small, fast language (JIT to x86/x86-64) which seems to take ideas from Ruby, Lua, Python and who knows where else. Everything is based around objects, closures and mixins, with the delightful inclusion of scoped mixins so you can modify an object only within a certain module (hence avoiding Ruby’s action-at-a-distance problems).
The simple truth is that in the age of Web 2.0/3.0, in the era of cloud and utility computing, the application server is a commodity. A commercial, proprietary app server simply cannot survive in this environment anywhere outside the lethargic, soft-padded walls of the enterprise.
Wetpaint no longer supports OpenID. I missed this, but they turned off their OpenID support in November due to low usage and high maintenance costs.
Gaza OpenStreetMap Update. “We’re looking into purchasing satellite imagery for the north or the entirety of Gaza. There’s actually B/W imagery available from yesterday!”
Rate limiting with memcached
On Monday, several high profile “celebrity” Twitter accounts started spouting nonsense, the victims of stolen passwords. Wired has the full story—someone ran a dictionary attack against a Twitter staff member, discovered their password and used Twitter’s admin tools to reset the passwords on the accounts they wanted to steal.
[... 910 words]Weak Password Brings “Happiness” to Twitter Hacker. The full story on the Twitter admin account hack. I bet there are a LOT of web applications out there that don’t track and rate-limit failed password attempts.
The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment.
Update on the “antipatterns for sale” Twply auction (via) The collected username and password database is NOT included in the auction.
As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter's admin interface.
Travel time to major cities: A global map of Accessibility (via) Visualisation developed by the European Commission and the World Bank.
MemcacheDB. A server that speaks the memcache protocol but uses Berkeley DB for reliable persistent storage. Speedy: 20,000 writes/second and 60,000+ reads/second. Includes a full replication mechanism (with custom memcache protocol commands) based on Berkeley DB’s.
The username/password key's major disadvantage is that it open all the doors to the house. The OAuth key only opens a couple doors; the scope of the credentials is limited. That's a benefit, to be sure, but in Twitter's case, a malicious application that registered for OAuth with both read and write privileges can do most evil things a user might be worried about.
Talking about OpenID. “So a relying party walks in to a bar...”
Wikipedia over DNS. Added to my ~/bin/ directory as dns-wikipedia.sh: host -t txt $1.wp.dg.cx
Antipatterns for sale. Twply collected over 800 Twitter usernames and passwords (OAuth can’t arrive soon enough) and was promptly auctioned off on SitePoint to the highest bidder.
OSM 2008: A Year of Edits (via) Stunningly beautiful visualisation of the year in OpenStreetMap.
The compiler only pays attention to the semicolons and braces while ignoring the line breaks and indentation, but humans usually only pay attention to the line breaks and indentation while ignoring the semicolons and braces. This gives the code the opportunity to lie about what it’s really doing. Consequently we need to take extra care when writing in C, Java, C++, C# etc.