Simon Willison’s Weblog

Subscribe

April 2009

April 17, 2009

Haystack (via) A brand new modular search plugin for Django, by Daniel Lindsley. The interface is modelled after the Django ORM (complete with declarative classes for defining your search schema) and it ships with backends for both Solr and pure-python Whoosh, with more on the way. Excellent documentation.

# 9:53 pm / django, python, search, haystack, whoosh, solr, orm, daniel-lindsley

April 20, 2009

Sign in with Twitter. Intriguing: Twitter are now an OpenID-style identity provider... using OAuth.

# 4:10 am / oauth, twitter, openid

Phusion Passenger for nginx. Passenger (aka mod_rails / mod_rack) enables easy deployment of Rails and Ruby apps under Apache... and the latest version adds support for nginx as well. It works as an HTTP proxy and process manager, spawning worker processes and forwarding HTTP requests to them via a request queue. It can also handle Python WSGI applications—anyone tried it out for that yet?

# 4:53 am / nginx, passenger, python, rails, deployment, apache, ruby

peeping into memcached. “Peep uses ptrace to freeze a running memcached server, dump the internal key metadata, and return the server to a running state”—you can then load the resulting data in to MySQL using LOAD LOCAL INFILE and analyse it using standard SQL queries.

# 6:35 pm / performance, scaling, memcached, introspection, peep, mysql, sql, evanweaver, twitter

pubsubhubbub. From Brad Fitzpatrick, a simple but clever way of using web hooks (HTTP callbacks) to inform subscribers that an Atom feed has updated in almost real-time—solving the constant polling problem and making it easier for small sites to offer publish-subscribe APIs. Any Atom feed can delegate subscriber updates to a “hub” server. An example hub server implementation is provided running on App Engine.

# 6:49 pm / brad-fitzpatrick, pubsub, realtime, atom, pubsubhubbub, appengine, python, webhooks

Inside the precision hack. How 4chan members subverted a Time.com online poll to reorder the options and spell out their own message. Partly poor application design from Time (the first version used a GET request without input validation), but I challenge anyone to design an anonymous online poll that can’t be fixed using the more sophisticated techniques 4chan eventually deployed based on HTTP proxies.

# 8:36 pm / security, polls, 4chan

I used to think Twitter would never catch on in the mainstream because it’s somewhat stupid. Now I realize I was exactly wrong. Twitter will catch on in the mainstream because it’s somewhat stupid. It’s blogging dumbed down for the masses, and if there’s one surefire way to build something popular, it’s to take something else that is already popular and simplify.

Matt Maroon

# 8:50 pm / twitter, blogging, popularity, mainstream, matt-maroon

April 21, 2009

Some Notes on Distributed Key Stores. Another ringing endorsement for Tokyo Cabinet, this time from Leonard Lin.

# 9:15 am / tokyocabinet, leonardlin, keyvaluepairs

April 22, 2009

Finding and fixing memory leaks in Python. Using Dozer, a clever piece of WSGI middleware which displays sparklines of Python object counts and allows you to introspect them, using the gc module under the hood.

# 12:16 pm / amir-salihefendic, python, debugging, memory, memoryleaks, wsgi, middleware

Perhaps it's just frustration speaking here, but when Apple ties my hands behind my back and lets users punch me publicly in the face without allowing me to at least respond back, it’s hard to get excited about building an app.

Garrett Murray

# 12:17 pm / garrett-murray, apple, appstore, iphone

And Now For Something Entire... Oooh! Shiny! Alex Russell on O3D, the new 3D browser plugin from Google that makes OpenGL accessible to JavaScript (and embeds V8 so performance won’t suck even on slower browsers).

# 12:19 pm / google, javascript, alex-russell, 3d, o3d, v8, opengl

April 23, 2009

The First Ten Things the New CEO of MySpace Should Do. From the always thought provoking Jason Calacanis.

# 11:30 am / jason-calacanis, ceo, myspace, socialnetworks

OAuth Security Advisory 2009.1. It’s a show-stopper: an attacker can start an OAuth permission request flow from a consumer site, then trick another user from the same site in to completing that flow and hence authorising the attacker to act on their behalf. A fix to the spec is forthcoming; in the meantime, don’t start an OAuth flow from an untrusted location.

# 3:06 pm / ouath, security, sessionfixation

April 24, 2009

A Curious Course on Coroutines and Concurrency. David Beazley’s sequel to last year’s mind-expanding “Generator Tricks for System Programmers”, perfect for if you’ve ever puzzled over what exactly you can use Python’s generator-based coroutine support for.

# 10:58 am / coroutines, concurrency, generators, python, david-beazley

April 26, 2009

Bring bandwidth and disks. Help me save Geocities. Not because we love it. We hate it. But if you only save the things you love, your archive is a very poor reflection indeed.

Jason Scott

# 10:30 am / yahoo, geocities, archiveteam, jason-scott

Google container data center tour (on YouTube). 45,000 servers in 45 shipping containers, along with some serious looking plumbing.

# 10:14 pm / google, youtube, video, datacenters

April 28, 2009

A new leaf. George Oates is now heading up the Open Library project at the Internet Archive. Sounds like a perfect match.

# 12:55 am / openlibrary, george-oates, internet-archive

python-sqlparse (via) Python library for re-identing SQL statements. This could make debugging Django’s generated SQL a whole lot easier. You can try the library out using an App Engine hosted application (complete with an API).

# 8:25 pm / python, sql, sqlparse, appengine, django

Ubuntu brings advanced Screen features to the masses. Ubuntu 9.04’s screen-profiles package adds a taskbar to screen and emulates the gnome panel. You can even add a widget showing the cost of your current EC2 session.

# 9:52 pm / screen, ubuntu, ec2, linux

April 29, 2009

moot wins, Time Inc. loses. The Time.com poll hack was more sophisticated than I first thought... Time implemented reCAPTCHA half way through the voting period, but the 4chan community fought back with a custom interface that crowdsourced the job of voting and let individuals submit up to 30 votes a minute.

# 11:13 am / captcha, recaptcha, 4chan, timedotcom, security, voting, onlinepolls, moot

whine flu, railsmalefail 2009. Danny quotes the smartest take on the CouchDB/pr0n controversy: “It’s about presenting women as ’the other,’ not ’us.’ It would have been just as offensive if all the women shown were domineering mothers in aprons, shaking their fingers and threatening with rolling pins.”

# 11:39 am / danny-obrien, rails, couchdb, sexism

With YQL Execute, the Internet becomes your database. This is nuts (in a good way). Yahoo!’s intriguing universal SQL-style XML/JSONP web service interface now supports JavaScript as a kind of stored procedure language, meaning you can use JavaScript and E4X to screen-scrape web pages, then query the results with YQL.

# 10:50 pm / yql, yahoo, apis, sql, javascript, xml, jsonp, json, e4x

Building a Better JavaScript Profiler with WebKit. Clever hack from Francisco Tolmasky which solves the problem of JavaScript profilers showing ? as the name of any anonymous functions. He patched the WebKit profiler to look for a displayName attribute on a function and show that as the function name instead.

# 11:57 pm / webkit, profiling, javascript, franciscotolmasky

April 30, 2009

REST worst practices. Jacob Kaplan-Moss’ thoughts on the characteristics of a well designed Django REST API library, from November 2008.

# 7:53 pm / jacob-kaplan-moss, rest, django, python

django-piston. Promising looking Django mini-framework for creating RESTful APIs, from the bitbucket team. Ticks all of Jacob’s boxes, even including built-in pluggable authentication support with HTTP Basic, Digest and OAuth out of the box.

# 7:55 pm / django, rest, restful, python, apis, authentication, oauth, digest, piston, jespernoehr, bitbucket

Loading Scripts Without Blocking. Steve Souders is publishing extracts from his new book, “Even Faster Web Sites”. Here’s a systematic study of different JavaScript loading methods, along with a decision tree for picking the most appropriate one for your application.

# 7:56 pm / javascript, steve-souders, performance, blocking, loading

Coupling asynchronous scripts. More from Steve Souders, this time discussing methods to cause externally loaded scripts to execute in the correct order, obeying dependencies. Surprisingly there’s no mention of YUI loader or the Dojo packaging system.

# 7:57 pm / steve-souders, dojo, yui, javascript, loading

Why I don’t love JavaScript’s Module Pattern. Jonathan Snook points out that the module pattern (where private functionality is hidden in a closure and only public methods are revealed to outside scopes) makes code a lot harder to debug. I use the module pattern for pretty much everything, not because I want to keep stuff private but more to avoid any chance of leaking out in to the global namespace. If I need to debug a value I temporarily assign it as a property on the global window object.

# 7:59 pm / javascript, modulepattern, jonathan-snook, closures, debugging

2009 » April

MTWTFSS
  12345
6789101112
13141516171819
20212223242526
27282930