October 2008
Oct. 1, 2008
Using the New MySQL Query Profiler. Extremely powerful new feature in MySQL 5.0.37. Definitely something for the Django debug toolbar.
This Week in HTML 5—Episode 7: Clickjacking. Clickjacking is when a third party site is embedded in an iframe with opacity 0 and positioned such that a click on the page actually hits a button on the now invisible third party site. Mark Pilgrim explains how the NoScript site uses this in a non malicious way to for the “install now!” button.
Coming Soon: Amazon EC2 With Windows. It’s not instantly clear if you need to source your own Windows licenses or if the license comes as part of the hourly VM charge. If it’s the latter, I can see this being fantastically useful for both automated and manual cross-browser testing—throw up a Windows VM for just as long as you need to run your tests, running them through rdesktop.
Cascading. A Java API abstraction layer over Hadoop that lets developers think in terms of pipes and filters rather than map/reduce. The Cascading developers claim that this model is easier to understand and less error prone.
[REDACTED]. Now that the iPhone NDA has been lifted be prepared for a flood of useful tips about the platform. Here’s Craig Hockenberry explaining how iPhone URL schemes work (used to great effect in the Pownce app for returning to the right place post-OAuth authentication in Safari).
simplejson 2.0.1. Python’s simplejson JSON library got a whole lot faster while I wasn’t looking.
Oct. 2, 2008
What’s New in Python 2.6 (via) Python 2.6 final has been released (the last 2.x version before 3.0). multiprocessing and simplejson (as json) are now in the standard library, any backwards compatible 3.0 features have been added and the official docs are now powered by Sphinx (used by Django 1.0 as well). There’s plenty more.
Google’s Wikipedia and Panoramio layers are now available in the API. I really like their use of reverse domain style identifiers for the layer IDs: map.addOverlay(new GLayer(“org.wikipedia”));
FB App Canvas Pages: I Think I’d Use IFrames. Facebook’s Charlie Cheever explains the difference between FBML canvas pages, iframe pages and XFBML when building Facebook apps. I’m always surprised at APIs that load untrusted content in an iframe, as it seems like an invitation for frame-busting phishing attacks.
Tweetersation. Nat and my latest side project: a JSONP API powered tool to more easily follow conversations between people on Twitter, by combining their tweets in to a single timeline.
Obama ’08 for iPhone (via) Slick app, impressive for a three week turnaround. I’m guessing it uses the phone number area codes in your address book to arrange your friends by state for the “call your friends” feature, which is an ingeniously simple hack.
Oct. 3, 2008
Why Google App Engine is broken and what Google must do to fix it. Aral Balkan describes a number of critical issues with App Engine. If you’re considering building something serious on it you need to read this article; I’ve run in to several of these problems myself just running toy projects on the platform. Here’s hoping they get addressed in the near future.
Oct. 4, 2008
The Flickr Panda. Reminds me of the prime number shitting bear.
FOWA pre-interview: Andrew Turner. I’ve started to post pre-interviews with speakers to the FOWA blog, in advance of the conference next week. First up is Andrew Turner of Mapufacture.
Oct. 6, 2008
Tracking your Cat with GPS. Alex Lee strapped a GPS to his cat.
Oct. 7, 2008
Dealing with UI redress vulnerabilities inherent to the current web (via) The best explanation of clickjacking I’ve seen yet, complete with discussion of a number of non-ideal potential solutions. It looks like frame busting JavaScript will defeat it, but only for users who have JavaScript enabled—which means that in this case extensions like NoScript actually make you less safe. UPDATE: NoScript is smarter than I thought; see the comments.
Clickjacking and NoScript (via) NoScript CAN protect against clickjacking, but only if you enable the “Plugins|Forbid IFRAME” option.
Giving Dabble DB a time machine. More innovation from Dabble DB—the service now offers a UI to their backup snapshots, letting you roll your own instance back to a specific point in time to recover accidentally deleted data.
XHTML—myths and reality. Useful overview of XHTML from Tina Holmboe of the W3C’s XHTML Working Group, which suggests considering HTML 4.01 strict unless you need mixed namespaces for things like MathML. I’ve been storing this blog’s content as XHTML but serving as HTML for several years now.
Oct. 8, 2008
Places to see in London (for geeks). My geek-oriented guide to London attractions that you may not hear about otherwise, updated for this year’s overseas FOWA attendees. Suggestions for additions welcome.
Antisocial: a Javascript demo by Gasman. The demo is cool (3D on top of canvas); the “demotool” editor is simply amazing.
Oct. 9, 2008
and now... Opera. Jon Hicks is joining Opera as Senior Designer. I absolutely cannot wait to see what he comes up with there.
Antisocial. Matt Westcott (a.k.a. Gasman) provides some technical background to his awesome Antisocial 3D canvas demo.
Oct. 10, 2008
Videos from FOWA 2008. The Carsonified team have a scarily fast turnaround on the videos from this year’s Future of Web Apps. Most of yesterday’s talks are already available to watch online, as a full talk or the edited highlight reel.
Oct. 13, 2008
Versioning REST Web Services. Peter Williams suggests using a vendor MIME media type in the Accept header to specify a required API version, because embedding the API version in the URL itself leads to a single resource ending up with many different URLs, one for each API version.
Oct. 14, 2008
asql—Apache SQL querying. Command line tool for loading web server log files in common log format in to a SQLite database, with a built-in interactive shell.
Browser Paint Events. The latest Firefox nightlies include a new MozAfterPaint event which fires after a portion of the page has been redrawn and provides co-ordinates of the affected rectangle. John Resig provides a neat bookmarklet that uses the new event to visualise repainting operations.
Minimal nginx conf to split get/post requests. Interesting idea for master-slave replication balancing where GET v.s. POST is load-balanced by nginx, presumably to different backend servers that are configured to talk to either a slave or a master. This won’t deal very will with replication lag though—you really want a user’s session to be bound to the master server for the next few GET requests after data is modified to ensure they see the effects of their updates. UPDATE: Amit fixed my complaint with a neat hack based around a cookie with a max age of 10 seconds.
Yahoo! Releases OpenID Research. Extremely valuable research, conducted with a group of typical Yahoo! users. OpenIDs usability remains bad, and if we don’t get it right soon something centralised like Facebook Connect will take over and the Web will stop being open.
Oct. 15, 2008
Announcing the New York Times Campaign Finance API (via) The New York Times have released their first data API, exposing campaign finance data from the Federal Election Commission.