August 2009
Aug. 22, 2009
svgweb. Awesome. I’ve been having a lot of fun with SVG for dynamic graphics recently (maps in particular), and hoping someone builds an SVG renderer in Flash so I could serve up SVG files for IE. Brad Neuberg and team have done exactly that.
Aug. 23, 2009
Facebook Hacked By 4chan, Accounts Compromised. It wasn’t Facebook that got hacked: 4chan members got hold of a list of usernames and passwords from an insecure Christian dating site and started using them to raise complete hell. Yet another demonstration that storing your user’s passwords in the clear is extremely irresponsible, and also a handy reminder that regular users who “don’t have anything worth securing” actually have a great deal to lose if their password gets out.
For those who haven't heard the story the details were pulled from a Christian dating site db.singles.org which had a query parameter injection vulnerability. The vulnerability allowed you to navigate to a person's profile by entering the user id and skipping authentication. Once you got there the change password form had the passwords in plain text. Someone wrote a scraper and now the entire database is on Mediafire and contains thousands of email/password combinations.
Bokode (via) New take on the humble barcode from the MIT Media Lab—Bokodes are 3mm wide but can be read at a distance by a regular digital camera lens using out of focus photography, exploiting the bokeh effect. The way in which the Bokode is read allows both distance and relative angle to the camera to be derived, making it ideal for Augmented Reality systems.
We completely understand the public’s concern about futuristic robots feeding on the human population, but that is not our mission.
— Harry Schoell, CEO of Cyclone
Exploring OAuth-Protected APIs. One of the downsides of OAuth is that it makes debugging APIs in your browser much harder. Seth Fitzsimmons’ oauth-proxy solves this by running a Twisted-powered proxy on your local machine which OAuth-signs every request going through it using your consumer key, secret and tokens for that API. Using it with a browsers risks exposing your key and token (but not secret) to sites you accidentally browse to—it would be useful if you could pass a whitelist of API domains as a command line option to the proxy.
Aug. 26, 2009
Introducing Amazon Virtual Private Cloud (VPC). Amazon now let you create a network of private EC2 instances completely isolated from the internet and the rest of the EC2 cloud, then link them back to your home network via a VPN.
How to Get Sharp Telephoto Images. Excellent tutorial.
Static Maps API v2. The new version of the Google Static Maps API (static images generated using arguments in a URL, no JavaScript required) adds support for paths, areas and automatically geocoding addresses to specify locations of markers and the centre of the map.
Tile Drawer (via) The most inspired use of EC2 I’ve seen yet: center a map on an area, pick a Cascadenik stylesheet URL (or write and link to your own) and Tile Drawer gives you an Amazon EC2 AMI and a short JSON snippet. Launch the AMI with the JSON as the “user data” parameter and you get your own OpenStreetMap tile rendering server, which self-configures on startup and starts rendering and serving tiles using your custom design.
“MongoDB is fantastic for logging”. Sounds tempting... high performance inserts, JSON structured records and capped collections if you only want to keep the past X entries. If you care about older historic data but still want to preserve space you could run periodic jobs to roll up log entries in to summarised records. It shouldn’t be too hard to write a command-line script that hooks in to Apache’s logging directive and writes records to MongoDB.
Aug. 28, 2009
Armadillo Cam—Armadillo Running and Sniffing Small Shrub. From the awesome Museum of Animal Perspectives.