January 2008
Jan. 8, 2008
Why we switched to Jetty. Zimbra (recently acquired by Yahoo!) are using Jetty for Comet. It sounds like they are using Bayeux as well.
daemon.py (via) Neat little Python module for daemonizing a process; handles logging and pid files out of the box.
Jan. 9, 2008
$.comet (via) The first Comet (with Bayeux) plugin I’ve seen for jQuery—currently only handles long-polling over XMLHttpRequest, but still a promising start.
Good architectural layering, and Bzr 1.1. Mark Shuttleworth on the growing importance of plug-in architectures as an open source project evolves, as they allow new developers to release their own components without needing commit access to the project. Django is pretty good for this, but more hooks (and a faster event dispatch system) would be useful.
The Flickr [OpenID] implementation, coupled with their existing API, means we could all offer things like "log into my personal site for family (or friends)" and defer buddylist management to the well-designed Flickr site, assuming all your friends or family have Flickr accounts.
pysolr. Python wrapper for Solr, the search web service wrapper for Lucene. One thing I’m not clear on: do you need to configure Solr with the fields you’ll be indexing in advance, or can Solr create new fields on the fly to match the data you send it?
Cross-Site XMLHttpRequest (via) “Firefox 3 implements the W3C Access Control working draft, which gives you the ability to do XMLHttpRequests to other web sites”—you can mark a document as available for cross-domain requests using either an Access-Control HTTP header or an XML processing instruction.
Jan. 10, 2008
Is your Rails app XSS safe? SafeErb is an interesting take on auto-escaping for Rails: it throws an exception if you try to render a string that hasn’t been untainted yet.
In my opinion it is better to compare OpenIDs to credit cards. [...] Just as a credit card company may place limit on the level of guarantee, web sites are at liberty to restrict the OpenIDs it will recognize and accept. Just as many of us carry more than one credit card, we may have multiple OpenIDs and use them for different occasions. Just as some department store credit card is not accepted outside of that store, it is possible that IDs issued by some OpenID providers may not be accepted by some sites.
Jan. 11, 2008
RubyForge: Starling. “Starling is a light-weight persistent queue server that speaks the MemCache protocol. It was built to drive Twitter’s backend, and is in production across Twitter’s cluster.”
Jan. 12, 2008
bunnie’s blog: OLPC XO-1 (via) Bunnie Huang critiques the hardware design of the OLPC XO-1.
Schools and colleges should make pupils, teachers and parents aware of the range of free-to-use products (such as office productivity suites) that are available, and how to use them.
— Becta
The Art & Science of JavaScript. The JavaScript book I contributed to is now shipping! My chapter describes how to build a Flickr / Google Maps mashup entirely using client-side code (via JSON-P).
Jan. 13, 2008
Poorly Macbook, ineffective error message design. Nat’s MacBook died the other day, throwing out some impressively meaningless error symbols. How exactly are you meant to Google for a circle with a line through it?
I've never heard anyone from the REST camp claim that building distributed systems was "easy". [...] The WS-* folks have historically been obsessed with making things easy, usually for an imaginary business analyst who is nowhere near as technically adept as they. The REST folks, on the other hand, seem much more interested in keeping the entire stack simple, and for everyone involved.
Jan. 14, 2008
Javascript CSS Selector Engine Timeline. It’s not every day you see a piece of code you wrote compared to a Ford Pinto :)
twauth: simple mobile openid using twitter (via) Brilliant proof of concept by Ian McKellar: an OpenID provider that authenticates you by sending you a Twitter direct message.
Weebl and Bob do CSI (via) Superb.
A little something I’ve been working on. Paul Bissex has been working on a Django book with Jeff Forcier and Wesley Chun, to be published by Prentice Hall. It sounds like they’re a good way along the process.
Jan. 15, 2008
jQuery 1.2.2: 2nd Birthday Present. The API stays the same, but there are some healthy speed improvements, a new way of adding custom events and (most importantly) .ready() now waits for the CSS to be ready in addition to the DOM.
Jan. 16, 2008
Sun To Acquire MySQL. Sun also employ Josh Berkus, one of the lead developers of PostgreSQL.
Flickr: The Commons. Exciting pilot collaboration with the Library of Congress to release images with “no known copyright restrictions”. The header photo (of a bench) is one of my favourite spots in the world, in Mission Dolores Park, San Francisco.
.first() and .last() methods for jQuery. I got fed up of expecting these to exist, so I wrote them as a couple of one-liner plugins.
Django snippets: “for” template tag with support for “else” if array is empty. A neat solution to a common pattern; I’d personally like to see this included in Django proper.
MacHeist Bundle. Everything’s now unlocked, meaning you can pick up TaskPaper, CSSEdit, Snapz Pro X (excellent for screencasts) and Pixelmator for $49.
Jan. 17, 2008
Yahoo! Announces Support for OpenID. Here’s the official press release: “Yahoo! Support Triples Number of OpenID Accounts to 368 million”. Directed identity gets a mention; it’s going to be enabled for www.yahoo.com and www.flickr.com. The public beta starts on January 30th.
A Yahoo! ID is one of the most recognizable and useful accounts to have on the Internet and with our support of OpenID, it will become even more powerful. Supporting OpenID gives our users the freedom to leverage their Yahoo! ID both on and off the Yahoo! network, reducing the number of usernames and passwords they need to remember and offering a single, trusted partner for managing their online identity.
openid.yahoo.com. Yahoo!’s human readable guide to OpenID, complete with tour. It looks like they’re relying on the “sign-in seal” to protect against phishing.
Automate firing of onload events. Paul Irish suggests setting up your site’s onload handlers in a single external JavaScript file then executing different handlers depending on the body element’s id attribute.
8 More Design Mistakes with Account Sign-in (via) Second of a two part series by Jared Spool. I agree with all of them with the possible exception of #15 which advocates providing a non-email password recovery solution. Security “questions” are usually dreadfully insecure, and introduce the need to lock users out of their accounts after just a few tries.