Simon Willison’s Weblog

Why I don’t love JavaScript’s Module Pattern. Jonathan Snook points out that the module pattern (where private functionality is hidden in a closure and only public methods are revealed to outside scopes) makes code a lot harder to debug. I use the module pattern for pretty much everything, not because I want to keep stuff private but more to avoid any chance of leaking out in to the global namespace. If I need to debug a value I temporarily assign it as a property on the global window object. # 30th April 2009, 7:59 pm

Coupling asynchronous scripts. More from Steve Souders, this time discussing methods to cause externally loaded scripts to execute in the correct order, obeying dependencies. Surprisingly there’s no mention of YUI loader or the Dojo packaging system. # 30th April 2009, 7:57 pm

Loading Scripts Without Blocking. Steve Souders is publishing extracts from his new book, “Even Faster Web Sites”. Here’s a systematic study of different JavaScript loading methods, along with a decision tree for picking the most appropriate one for your application. # 30th April 2009, 7:56 pm

django-piston. Promising looking Django mini-framework for creating RESTful APIs, from the bitbucket team. Ticks all of Jacob’s boxes, even including built-in pluggable authentication support with HTTP Basic, Digest and OAuth out of the box. # 30th April 2009, 7:55 pm

REST worst practices. Jacob Kaplan-Moss’ thoughts on the characteristics of a well designed Django REST API library, from November 2008. # 30th April 2009, 7:53 pm

Building a Better JavaScript Profiler with WebKit. Clever hack from Francisco Tolmasky which solves the problem of JavaScript profilers showing ? as the name of any anonymous functions. He patched the WebKit profiler to look for a displayName attribute on a function and show that as the function name instead. # 29th April 2009, 11:57 pm

With YQL Execute, the Internet becomes your database. This is nuts (in a good way). Yahoo!’s intriguing universal SQL-style XML/JSONP web service interface now supports JavaScript as a kind of stored procedure language, meaning you can use JavaScript and E4X to screen-scrape web pages, then query the results with YQL. # 29th April 2009, 10:50 pm

whine flu, railsmalefail 2009. Danny quotes the smartest take on the CouchDB/pr0n controversy: “It’s about presenting women as ’the other,’ not ’us.’ It would have been just as offensive if all the women shown were domineering mothers in aprons, shaking their fingers and threatening with rolling pins.” # 29th April 2009, 11:39 am

moot wins, Time Inc. loses. The Time.com poll hack was more sophisticated than I first thought... Time implemented reCAPTCHA half way through the voting period, but the 4chan community fought back with a custom interface that crowdsourced the job of voting and let individuals submit up to 30 votes a minute. # 29th April 2009, 11:13 am

Ubuntu brings advanced Screen features to the masses. Ubuntu 9.04’s screen-profiles package adds a taskbar to screen and emulates the gnome panel. You can even add a widget showing the cost of your current EC2 session. # 28th April 2009, 9:52 pm

python-sqlparse (via) Python library for re-identing SQL statements. This could make debugging Django’s generated SQL a whole lot easier. You can try the library out using an App Engine hosted application (complete with an API). # 28th April 2009, 8:25 pm

A new leaf. George Oates is now heading up the Open Library project at the Internet Archive. Sounds like a perfect match. # 28th April 2009, 12:55 am

Google container data center tour (on YouTube). 45,000 servers in 45 shipping containers, along with some serious looking plumbing. # 26th April 2009, 10:14 pm

A Curious Course on Coroutines and Concurrency. David Beazley’s sequel to last year’s mind-expanding “Generator Tricks for System Programmers”, perfect for if you’ve ever puzzled over what exactly you can use Python’s generator-based coroutine support for. # 24th April 2009, 10:58 am

OAuth Security Advisory 2009.1. It’s a show-stopper: an attacker can start an OAuth permission request flow from a consumer site, then trick another user from the same site in to completing that flow and hence authorising the attacker to act on their behalf. A fix to the spec is forthcoming; in the meantime, don’t start an OAuth flow from an untrusted location. # 23rd April 2009, 3:06 pm

The First Ten Things the New CEO of MySpace Should Do. From the always thought provoking Jason Calacanis. # 23rd April 2009, 11:30 am

And Now For Something Entire... Oooh! Shiny! Alex Russell on O3D, the new 3D browser plugin from Google that makes OpenGL accessible to JavaScript (and embeds V8 so performance won’t suck even on slower browsers). # 22nd April 2009, 12:19 pm

Finding and fixing memory leaks in Python. Using Dozer, a clever piece of WSGI middleware which displays sparklines of Python object counts and allows you to introspect them, using the gc module under the hood. # 22nd April 2009, 12:16 pm

Some Notes on Distributed Key Stores. Another ringing endorsement for Tokyo Cabinet, this time from Leonard Lin. # 21st April 2009, 9:15 am

Inside the precision hack. How 4chan members subverted a Time.com online poll to reorder the options and spell out their own message. Partly poor application design from Time (the first version used a GET request without input validation), but I challenge anyone to design an anonymous online poll that can’t be fixed using the more sophisticated techniques 4chan eventually deployed based on HTTP proxies. # 20th April 2009, 8:36 pm

pubsubhubbub. From Brad Fitzpatrick, a simple but clever way of using web hooks (HTTP callbacks) to inform subscribers that an Atom feed has updated in almost real-time—solving the constant polling problem and making it easier for small sites to offer publish-subscribe APIs. Any Atom feed can delegate subscriber updates to a “hub” server. An example hub server implementation is provided running on App Engine. # 20th April 2009, 6:49 pm

peeping into memcached. “Peep uses ptrace to freeze a running memcached server, dump the internal key metadata, and return the server to a running state”—you can then load the resulting data in to MySQL using LOAD LOCAL INFILE and analyse it using standard SQL queries. # 20th April 2009, 6:35 pm

Phusion Passenger for nginx. Passenger (aka mod_rails / mod_rack) enables easy deployment of Rails and Ruby apps under Apache... and the latest version adds support for nginx as well. It works as an HTTP proxy and process manager, spawning worker processes and forwarding HTTP requests to them via a request queue. It can also handle Python WSGI applications—anyone tried it out for that yet? # 20th April 2009, 4:53 am

Sign in with Twitter. Intriguing: Twitter are now an OpenID-style identity provider... using OAuth. # 20th April 2009, 4:10 am

Haystack (via) A brand new modular search plugin for Django, by Daniel Lindsley. The interface is modelled after the Django ORM (complete with declarative classes for defining your search schema) and it ships with backends for both Solr and pure-python Whoosh, with more on the way. Excellent documentation. # 17th April 2009, 9:53 pm

Paul Buchheit: Make your site faster and cheaper to operate in one easy step. Paul promotes gzip encoding using nginx as a proxy, and mentions that FriendFeed use a “custom, epoll-based python server” as their application server. Does that mean that they’re serving their real-time comet feeds directly from Python? # 17th April 2009, 5:19 pm

Drop ACID and think about data. I’ve been very impressed with the quality and speed with which the PyCon 2009 videos have been published. Here’s Bob Ippolito on distributed databases and key/value stores. # 17th April 2009, 5:13 pm