Items in Jun, 2008
Filters: Year: 2008 × Month: Jun × Sorted by date
Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http:// and https:// instead. # 30th June 2008, 3:57 pm
The end of LugRadio. Wow. LugRadio was a podcast before the term podcast had even been coined. It will be sorely missed. # 30th June 2008, 2:03 pm
Enough Already with the Connections! Comet doesn’t mean making long-lived HTTP connections (which most browsers do anyway thanks to HTTP keep-alive), it means making long-held HTTP requests. I’m guilty of spreading this misinformation in the past. # 30th June 2008, 9:27 am
Dark Launches, Gradual Ramps and Isolation: Testing the Scalability of New Features on your Web Site. Smart advice from Dare Obasanjo that extend the “dark launch” idea illustrated by Facebook chat a few weeks ago. # 29th June 2008, 2:22 pm
Dissecting today’s Internet traffic spikes (via) Theo Schlossnagle on how the increasing popularity of interest aggregation services such as Digg and Reddit result in traffic spikes that dwarf the old Slashdot effect, making a the old rules of thumb for capacity planning irrelevant. # 29th June 2008, 2:12 pm
Microformats and accessibility: the soap opera that never ends. “Be sure to tune in next week, when we’ll drown a leading accessibility expert to see if she’s a witch.” # 29th June 2008, 8:44 am
Graphite. Real-time graphing package for server monitoring, similar to RRDTool. Created by the team at Orbitz, using Django and ExtJS for the frontend and Cairo to generate the graphs. # 28th June 2008, 11:53 pm
RefactorMyCode.com. Neat community for discussing improvements to code snippets. Login using OpenID. # 28th June 2008, 11:46 pm
BBC iPlayer Beta. Preview of the new version of the iPlayer. Nice to be able to listen to Radio programmes in the same interface as TV without having to use the cramped popup window. # 28th June 2008, 9:35 pm
How to sell your software for $20,000 (via) The best article I’ve read on software entrepreneurship in ages. # 28th June 2008, 9:21 am
Module Pattern Provides No Privacy... at least not in JavaScript(TM) (via) JavaScript variables hidden inside a closure aren’t as hidden as I thought—it turns out you can pass a closure as the second argument to eval (at least in Firefox) and “steal” private variables back out of it. # 27th June 2008, 7:01 pm
Capital FM London Traffic Map. We launched this today at GCap (née Global Radio). I’m particularly impressed with how well the team handled clustering the traffic cameras on the Google map. # 27th June 2008, 6:22 pm
Browser Uploads to S3 using HTML POST Forms. I didn’t know you could do this: create a regular HTML form that gives people permission to upload direct to your own S3 bucket, using a signed JSON policy statement in a hidden form field to prevent third parties from abusing your S3 account. # 27th June 2008, 12:11 pm
The Cron Commandments. How to write well-behaved cron scripts, from Dean Wilson. # 27th June 2008, 9:48 am
He/She/They: Grammar and Facebook. Facebook are going to start requiring gender information because foreign language translations wind up being too confusing when that information is not available. Aside: I wish they’d implement proper title elements on their blog posts. # 27th June 2008, 9:06 am
How-to: Full-text search in Google App Engine. Use search.SearchableModel instead of db.Model—it’s pretty rough at the moment which is probably why it’s still undocumented. # 27th June 2008, 8:25 am
sfical.py. Neat idea: write a CGI script that turns a proprietary API (in this case the SalesForce events API) in to standard ical format, then run it on your Mac’s local Apache server and subscribe to it from iCal. # 27th June 2008, 8:09 am
OAuth for Google Data APIs (via) Awesome. Now, how’s OAuth support shaping up over at Twitter (who are serious offenders when it comes to encouraging the password anti-pattern, despite Twitter engineers being key to the creation of the original OAuth spec)? # 27th June 2008, 7:49 am
CookBookNewFormsFieldOrdering. Handy tip—change the order of fields in a Django newforms instance by over-riding form.fields.keyOrder (since fields is a SortedDict). # 27th June 2008, 1:02 am
Bill Gates has pulled off one of the greatest hacks in technology and business history, by turning Microsoft’s success into a force for social responsibility. Imagine imposing a tax on every corporation in the developed world, collecting $100 per white-collar worker per year, and then directing one third of the proceeds to curing AIDS and malaria.
— Anil Dash # 26th June 2008, 5:17 pm
BUG: XSS Security flaw in BaseCamp Messages (via) BaseCamp lets users include HTML and JavaScript in messages, on the basis that anyone with a BaseCamp account is a trusted party. I’m not convinced: you could use this to circumvent BaseCamp’s access control stuff and read messages you’re not meant to. On the flip side, you could also use this to add brand new features to BaseCamp by using JavaScript in a message as a server-side equivalent to Greasemonkey. # 26th June 2008, 9:39 am
Why do browsers still not have file upload progress meters? Great question. # 26th June 2008, 8:27 am
You may find that there are plenty of job listings where the job requirements are described as, “must be expert with Photoshop and Illustrator…” or something long those lines. Ignore those job listings; they’re placed by inept and sick companies looking for decorators, not designers.
— Andy Rutledge # 25th June 2008, 7:17 pm
OpenID is a new and maturing technology, and HealthVault is frankly the most sensitive relying party in the OpenID ecosystem. It just makes sense for us to take our first steps carefully.
— Sean Nolan # 24th June 2008, 6:29 pm
mod_rpaf for Apache. A more secure alternative to Django’s equivalent middleware: sets the REMOTE_ADDR of incoming requests from whitelisted load balancers to the X-Forwarded-For header, without any risk that if the load balancers are missing attackers could abuse it to spoof their IP addresses. # 24th June 2008, 5:02 pm
Oxford Geek Night 7: 25 June 2008. I won’t be able to make this one, but a reminder for anyone in the area that the seventh Oxford Geek Night takes place tomorrow night at the Jericho Tavern. # 24th June 2008, 2:55 pm
Django snippets: Command to dump data as a python script. Extremely useful—dumps the data for an application as an executable Python script which will re-import it in to another database without any risk of colliding with existing IDs, sorting out foreign keys along the way. # 24th June 2008, 12:07 pm
The basics of creating a tumblelog with Django (via) Ryan Berg suggests having a StreamItem model that links uses a GenericForeignKey to link to other content types, then using signals to cause a StreamItem to be created for every other model type. I should switch to doing that on this blog: at the moment I have to query three separate tables to build the tumblelog part which results in messy code for ordering and pagination. # 24th June 2008, 11:09 am
Tailor. “Tailor is a tool to migrate or replicate changesets between ArX, Bazaar, Bazaar-NG, CVS, Codeville, Darcs, Git, Mercurial, Monotone, Subversion and Tla repositories.”—written in Python. # 24th June 2008, 9:59 am
The point of “Open” in OpenID
TechCrunch report that Microsoft are accepting OpenID for their new HealthVault site, but with a catch: you can only use OpenIDs from two providers: Trustbearer (who offer two-factor authentication using a hardware token) and Verisign. "Whatever happened to the Open in OpenID?", asks TechCrunch’s Jason Kincaid.
[... 451 words]