June 2008
June 20, 2008
This is the new blog-spam. [...] 'web design company' takes the highest ranking comment from reddit, and posts it on the site that the original comment is based on. [...] Neat eh? They get to have links on a site that won't get blog-spam filtered, because the comment is 'relevant', since the comment originates from a comment thread about the site.
Google Trends for Websites: myspace.com,facebook.com. New fun tool from Google Trends.
We’re all ops people now. Edd’s experience reflects my own: the kind of systems I’m building these days involve way more than just development, they often involve significant sysadmin type skills as well. Desperately need to get better at that stuff.
June 21, 2008
Comic Sans, the Film. “A documentary film coming soon”
Arbitrary code execution vulnerabilities in Ruby (via) Sounds nasty—integer overflows and unsafe allocs leading to memory corruption. Definite DoS and possible code injection as well. Upgrade to Ruby “1.8.5-p231, or 1.8.6-p230, or 1.8.7-p22” ASAP.
jsontime. Nat and I threw this together this morning—it runs on Google App Engine and exposes Python’s pytz timezone library over JSONP.
June 23, 2008
Removing Microformats from bbc.co.uk/programmes. “Until these issues are resolved the BBC semantic markup standards have been updated to prevent the use of non-human-readable text in abbreviations.”
June 24, 2008
The point of “Open” in OpenID
TechCrunch report that Microsoft are accepting OpenID for their new HealthVault site, but with a catch: you can only use OpenIDs from two providers: Trustbearer (who offer two-factor authentication using a hardware token) and Verisign. "Whatever happened to the Open in OpenID?", asks TechCrunch’s Jason Kincaid.
[... 451 words]Tailor. “Tailor is a tool to migrate or replicate changesets between ArX, Bazaar, Bazaar-NG, CVS, Codeville, Darcs, Git, Mercurial, Monotone, Subversion and Tla repositories.”—written in Python.
The basics of creating a tumblelog with Django (via) Ryan Berg suggests having a StreamItem model that links uses a GenericForeignKey to link to other content types, then using signals to cause a StreamItem to be created for every other model type. I should switch to doing that on this blog: at the moment I have to query three separate tables to build the tumblelog part which results in messy code for ordering and pagination.
Django snippets: Command to dump data as a python script. Extremely useful—dumps the data for an application as an executable Python script which will re-import it in to another database without any risk of colliding with existing IDs, sorting out foreign keys along the way.
Oxford Geek Night 7: 25 June 2008. I won’t be able to make this one, but a reminder for anyone in the area that the seventh Oxford Geek Night takes place tomorrow night at the Jericho Tavern.
mod_rpaf for Apache. A more secure alternative to Django’s equivalent middleware: sets the REMOTE_ADDR of incoming requests from whitelisted load balancers to the X-Forwarded-For header, without any risk that if the load balancers are missing attackers could abuse it to spoof their IP addresses.
OpenID is a new and maturing technology, and HealthVault is frankly the most sensitive relying party in the OpenID ecosystem. It just makes sense for us to take our first steps carefully.
June 25, 2008
You may find that there are plenty of job listings where the job requirements are described as, “must be expert with Photoshop and Illustrator…” or something long those lines. Ignore those job listings; they’re placed by inept and sick companies looking for decorators, not designers.
June 26, 2008
Why do browsers still not have file upload progress meters? Great question.
BUG: XSS Security flaw in BaseCamp Messages (via) BaseCamp lets users include HTML and JavaScript in messages, on the basis that anyone with a BaseCamp account is a trusted party. I’m not convinced: you could use this to circumvent BaseCamp’s access control stuff and read messages you’re not meant to. On the flip side, you could also use this to add brand new features to BaseCamp by using JavaScript in a message as a server-side equivalent to Greasemonkey.
Bill Gates has pulled off one of the greatest hacks in technology and business history, by turning Microsoft's success into a force for social responsibility. Imagine imposing a tax on every corporation in the developed world, collecting $100 per white-collar worker per year, and then directing one third of the proceeds to curing AIDS and malaria.
June 27, 2008
CookBookNewFormsFieldOrdering. Handy tip—change the order of fields in a Django newforms instance by over-riding form.fields.keyOrder (since fields is a SortedDict).
OAuth for Google Data APIs (via) Awesome. Now, how’s OAuth support shaping up over at Twitter (who are serious offenders when it comes to encouraging the password anti-pattern, despite Twitter engineers being key to the creation of the original OAuth spec)?
sfical.py. Neat idea: write a CGI script that turns a proprietary API (in this case the SalesForce events API) in to standard ical format, then run it on your Mac’s local Apache server and subscribe to it from iCal.
How-to: Full-text search in Google App Engine. Use search.SearchableModel instead of db.Model—it’s pretty rough at the moment which is probably why it’s still undocumented.
He/She/They: Grammar and Facebook. Facebook are going to start requiring gender information because foreign language translations wind up being too confusing when that information is not available. Aside: I wish they’d implement proper title elements on their blog posts.
The Cron Commandments. How to write well-behaved cron scripts, from Dean Wilson.
Browser Uploads to S3 using HTML POST Forms. I didn’t know you could do this: create a regular HTML form that gives people permission to upload direct to your own S3 bucket, using a signed JSON policy statement in a hidden form field to prevent third parties from abusing your S3 account.
Capital FM London Traffic Map. We launched this today at GCap (née Global Radio). I’m particularly impressed with how well the team handled clustering the traffic cameras on the Google map.
Module Pattern Provides No Privacy... at least not in JavaScript(TM) (via) JavaScript variables hidden inside a closure aren’t as hidden as I thought—it turns out you can pass a closure as the second argument to eval (at least in Firefox) and “steal” private variables back out of it.
June 28, 2008
How to sell your software for $20,000 (via) The best article I’ve read on software entrepreneurship in ages.
BBC iPlayer Beta. Preview of the new version of the iPlayer. Nice to be able to listen to Radio programmes in the same interface as TV without having to use the cramped popup window.
RefactorMyCode.com. Neat community for discussing improvements to code snippets. Login using OpenID.