Simon Willison’s Weblog

Subscribe

July 2010

July 4, 2010

Escaping regular expression characters in JavaScript (updated). The JavaScript regular expression meta-character escaping code I posted back in 2006 has some serious flaws—I’ve just posted an update to the original post.

# 6:23 pm / escaping, javascript, regular-expressions, recovered

Python 2.7 Release. Includes three of my favourite features from Python 3: odicts, set literals and set and dictionary comprehensions.

# 11:21 pm / dictionaries, odict, python, python3, sets, recovered

python/trunk/Lib/httplib.py in 1994 (via) Python’s original httplib implementation, checked in by Guido 16 years and 4 months ago. Not much younger than the Web itself.

# 11:25 pm / guido-van-rossum, http, httplib, python, recovered

July 5, 2010

S.Korea ends Microsoft’s online shopping monopoly. The crazy rules mandating Active X based encryption for government and e-commerce sites have finally been dropped, after the Korea Communications Commission found them “unfit for a new Internet environment involving smartphones”.

# 8:21 am / activex, korea, microsoft, recovered

July 8, 2010

How we deploy new features. GitHub are experimenting with using Redis for configuration management. I’ve been thinking about this recently too—managing feature flags feels like an ideal use-case for Redis, since it lets you read multiple values on every page access without adding a bunch of extra read traffic on your regular database.

# 10:04 am / github, redis, recovered, feature-flags

July 10, 2010

getlatlon.com commit dae961a... I’ve finally added an OpenStreetMap tab to getlatlon.com—here’s the diff, it turns out adding a custom OpenStreetMap layer to an existing Google Maps application only takes a few lines of boilerplate code.

# 12:22 pm / getlatlon, google-maps, javascript, openstreetmap, projects, recovered

July 11, 2010

MapOSMatic. Clever service built on top of OpenStreetMap, which renders double sided city maps with a map and grid on one size and an A-Z street name index on the other. Runs on top of Mapnik, PostGIS and Cairo, with a few thousand additional lines of Python and Django.

# 12:15 pm / cairo, django, maposmatic, mapping, openstreetmap, postgis, postgresql, python, recovered

Diffable: only download the deltas. JavaScript library for detecting and serving diffs to JavaScript rather than downloading large scripts every time a few lines of code are changed. “Using Diffable has reduced page load times in Google Maps by more than 1200 milliseconds (~25%). Note that this benefit only affects users that have an older version of the script in cache. For Google Maps that’s 20-25% of users.”

# 12:19 pm / diffable, google-maps, javascript, performance, steve-souders, recovered

DNode: Asynchronous Remote Method Invocation for Node.js and the Browser. Mind-bendingly clever. DNode lets you expose a JavaScript function so that it can be called from another machine using a simple JSON-based network protocol. That’s relatively straight-forward... but DNode is designed for asynchronous environments, and so also lets you pass callback functions which will be translated in to references and used to make remote method invocations back to your original client. And to top it off, there’s a browser client library so you can perform the same trick over a WebSocket between a browser and a server.

# 2:27 pm / async, dnode, james-halliday, javascript, json, node, recovered

July 15, 2010

Multi-node: Concurrent NodeJS HTTP Server. Kris Zyp’s library for spawning multiple Node child processes (one per core is suggested) for concurrent request handling, taking advantage of Node’s child_process module. This alleviates the need to run multiple Node instances behind an nginx load balancer in order to take advantage of multiple cores.

# 8:22 am / javascript, kriszyp, nginx, node, recovered

July 18, 2010

simplegeo’s python-oauth2. The Python OAuth library scene is frighteningly complicated at the moment. This seems to be the most actively maintained, and the readme includes working example code for talking to the Twitter API (including integration with Django auth).

# 5:22 pm / django, oauth, oauth2, python, simplegeo, twitter, recovered

July 20, 2010

Three new features for reddit gold. Reddit’s experiments with a subscriber program are interesting to watch. 9,000 people signed up as subscribers without there being any benefit at all, and they’re now being rewarded with the ability to opt out of ads and access to computationally expensive features (like different ways of sorting their own user page) that wouldn’t scale for the entire user base.

# 5:54 pm / ads, reddit, scaling, subscriptions, recovered

Easier custom Model Manager Chaining. A neat solution to the problem of wanting to write a custom QuerySet method (.published() for example) which is also available on that model’s objects manager, without having to write much boilerplate.

# 6:21 pm / django, orm, queryset, recovered

[UPDATE] Spatial Search in Apache Lucene and Solr. Spacial search is finally coming (back) to Solr—trunk now supports sorting and boosting by distance.

# 6:28 pm / lucene, search, solr, spatialsearch, recovered

July 21, 2010

What to do when PyPI goes down. My deployment scripts tend to rely on PyPI these days (they install dependencies in to a virtualenv) which makes me distinctly uncomfortable. Jacob explains how to use the PyPI mirrors that are starting to come online, but that won’t help if the PyPI listing links to an externally hosted file which starts to 404, as happened with the python-openid package quite recently (now fixed). The comments on the post discuss workarounds, including hosting your own PyPI mirror or bundling tar.gz files of your dependencies with your project.

# 10:19 am / deployment, jacob-kaplan-moss, packaging, pip, pypi, python, setuptools, recovered

July 22, 2010

Jeremiah Grossman: I know who your name, where you work, and live. Appalling unfixed vulnerability in Safari 4 and 5 —if you have the “AutoFill web forms using info from my Address Book card” feature enabled (it’s on by default) malicious JavaScript on any site can steal your name, company, state and e-mail address—and would be able to get your phone number too if there wasn’t a bug involving strings that start with a number. The temporary fix is to disable that preference.

# 8:44 am / apple, autocomplete, browsers, exploit, safari, security, vulnerability, recovered

July 28, 2010

nodejitsu’s node-http-proxy (via) Exactly what I’ve been waiting for—a robust HTTP proxy library for Node that makes it trivial to proxy requests to a backend with custom proxy behaviour added in JavaScript. The example app adds an artificial delay to every request to simulate a slow connection, but other exciting potential use cases could include rate limiting, API key restriction, logging, load balancing, lint testing and more besides.

# 11:34 pm / http, javascript, node, nodejs, proxy, recovered

July 29, 2010

canto.js: An Improved HTML5 Canvas API (via) Improved is an understatement: canto adds jQuery-style method chaining, the ability to multiple coordinates to e.g. lineTo at once, relative coordinate methods (regular Canvas does everything in terms of absolute coordinates), the ability to use degrees instead of radians, a rounded corner shortcut, a more convenient .revert() method and a simple parser that can understand SVG path expressions! The only catch: it uses getters and setters so won’t work in IE.

# 9:39 am / canto, canvas, david-flanagan, html5, javascript, svg, recovered

Hookbox (via) For most web projects, I believe implementing any real-time comet features on a separate stack from the rest of the application makes sense—keep using Rails, Django or PHP for the bulk of the application logic, and offload any WebSocket or Comet requests to a separate stack built on top of something like Node.js, Twisted, EventMachine or Jetty. Hookbox is the best example of that philosophy I’ve yet seen—it’s a Comet server that makes WebHook requests back to your regular application stack to check if a user has permission to publish or subscribe to a given channel. “The key insight is that all application development with hookbox happens either in JavaScript or in the native language of the web application itself”.

# 9:48 am / comet, django, hookbox, javascript, michael-carter, php, rails, webhooks, recovered

2010 » July

MTWTFSS
   1234
567891011
12131415161718
19202122232425
262728293031