 |
|
| FriendFeed is the easiest way to share online. Learn more » |
Simon Willison › Likes
Django 1.1 released - http://www.djangoproject.com/weblog...
Joonathan Mägi, Ruchira S. Datta, kuchin and 4 other people liked this
My Little Django - because magical mascots are awesome! - http://www.mylittledjango.com/
smencer, elena, Simon Willison and 3 other people liked this
LOL
- Davide Tarasconi
Google Online Security Blog: Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems - http://googleonlinesecurity.blogspot.com/2009...
Adewale Oshineye and Simon Willison liked this
"For larger and complex web applications, we notice two related vectors for XSS: 1. A developer forgetting to apply escaping to a given variable. 2. A developer applying the wrong escaping for that variable for the context in which it is being inserted. Considering the sheer number of templates in large web applications and the number of untrusted content they may operate on, the process of proper escaping becomes complicated and error prone. It is also difficult to efficiently audit from a security testing perspective. We developed Auto-Escape to take that complexity away from the developer and into the template system and therefore reduce the risks of XSS that would have ensued."
- l.m.orchard
weirdest thing I've read today: "2.86% of guinea pigs admitted to veterinary hospitals in the survey had been injured by karaoke machines"
Eric Florenzano, Ben Griffiths and Simon Willison liked this
Cartoon Off between New Yorker and XKCD - http://www.newyorker.com/online...
Misha, Neha Narula, Private Sanjeev and 22 other people liked this
That's awesome.
- Bret Taylor
This is the New Yorker guy's "your favorite animal eating your favorite food": http://mtblog.newyorker.com/online... :)
- Bret Taylor
That "as viewed by the elderly" drawing is going into my Social Networking 101" presentation. Cheers!
- John Craft
"Munroe draws his favorite animal eating his favorite food." is my favorite.
- Jordan Hofker
Usability Research on Federated Login (Google OAuth & Federated Login Research) - https://sites.google.com/site...
Simon Willison, Cédric Hüsler, DeWitt Clinton and Dion Almaer liked this
Fascinating research on sign-in forms.
- Chris Messina
from Mento
A lot of the JavaScript standard library is implemented by V8 in JS itself http://code.google.com/p...
Jeff Larson and Simon Willison liked this
Playlist: DjangoCon 2008 Sessions - http://www.youtube.com/view_pl...
Jon Parise, Jeff Larson, Simon Willison and 2 other people liked this
"Videos of the sessions from DjangoCon 2008, the first ever international Django conference. DjangoCon 2008 was hosted by Google's Open Source Team at the company's headquarters in Mountain View, CA, USA Sept. 6 & 7, 2008."
- DeWitt Clinton
from Bookmarklet
Simon tracked it down: http://simonwillison.net/2008...
- DeWitt Clinton
Joseph Romm: Obama, Don't Call McCain a Maverick Five Times in Your Ad! - http://www.huffingtonpost.com/joseph-...
Darren, Alex Barbara, Alex Power and 3 other people liked this
I couldn't agree more. I don't understand why Obama's team doesn't understand the basic principles of rhetoric. Rhetoric is not the same as negative attacks. It's a positive affirmation of factual negative characteristics (or at least it can be).
- Darren
I have to agree; the ad was clever, but using the word "maverick" only reinforces that frame in people's mind.
- Jamelle
Obama needs something simple that voters will remember. Maybe every time they mention Obama, it should be within a few words of "leader". And every time they mention McCain, it should be within a few words of "old" or "out-of-touch".
- Darren
The story behind Google Chrome - http://www.niallkennedy.com/blog...
Rob Diana, Richard Peat, Simon Willison and 2 other people liked this
Django, still amazing me after all these years - http://www.holovaty.com/blog...
Simon Willison liked this
Django 1.0 released! - http://www.djangoproject.com/weblog...
Bryan Landers, 李华顺, Ruchira S. Datta and 7 other people liked this
Pure awesomeness! If there were one entry that I wanted to click "Love" on, it would be this.
- Eric Florenzano
Developers, Using Libraries is not a Sign of Weakness - http://www.25hoursaday.com/weblog...
scott anderson, DeWitt Clinton, Benjamin Golub and 2 other people liked this
But having to use libraries is.
- Todd Hoff
I have to admit to thinking this way from time to time. Although then the reason is usually "I want to learn how to do what the library does by doing it myself" more so than "I can do it better, damnit!" or "How hard can it be? I'll cut back on requirements and filesize by doing it myself!"
- Daniel Bruce
Oh Noze! - http://ffffound.com/image...
Wally Punsapy, Alan Le, Rachel Garb and 5 other people liked this
We've had this posted on one of our Engineering Managers door for a while. Super cute.
- Erin Caton
Canon announces EF-S 18-200mm f/3.5-5.6 IS lens - http://www.dpreview.com/news...
Simon Willison and Long Nguyen liked this
Do want.
- Jasmin Patry
No USM... I'd pass.
- Holger Eilhard
I bought the tamron 28-300 3.5-6.3 when it came out and like it. a nice alternative to this lens.
- Chuq Von Rospach
Oh. Hadn't noticed that.
- Jasmin Patry
"A sizzlin' hot selector engine" by John Resig - http://www.reddit.com/goto...
Olifante, Thomas Brox Røst, David Hulbert and 5 other people liked this
"while ( expr && set.length ) {" in Sizzle.filter looks suspicious because set doesn't seem to change inside the loop. Should that be curLoop.length instead?
- Gabe
6-Year-Old Stares Down Bottomless Abyss Of Formal Schooling | The Onion - America's Finest News Source - http://www.theonion.com/content...
Anthony Citrano, Olifante, Piaw Na and 9 other people liked this
"Basic math—which the child has blissfully yet to learn—clearly demonstrates that the number of years before he will be released from the horrifying prison of formal schooling, is more than twice the length of time he has yet existed. According to a conservative estimate of six hours of school five days a week for nine months of the year, Bolduc faces an estimated 14,400 hours trapped in an endless succession of nearly identical, suffocating classrooms. This nightmarish but undeniably real scenario does not take into account additional time spent on homework, extracurricular responsibilities, or college, sources said. "I can't wait until school is over," said the 3-foot-tall tragic figure, who would not have been able, if asked, to contemplate the amount of time between now and summer, let alone the years and years of tedium to follow."
- bob
from Bookmarklet
Simon Whatley, Simon Willison and Alice Robison liked this
any london startups in the silicon roundabout area that i've missed on this mymap? http://maps.google.com/maps...
David Smith, Simon Willison and Adewale Oshineye liked this
onlinegalleries.com in Hoxton Square.
- Earle Martin
Tom Morris, Anthony Farrior, Nikpay and 18 other people liked this
only 6700 updates? *o_O*
- Yuvi
Yikes. Gnip to the rescue?
- Alexandre Solleiro
that really means that xmpp/pubsub might be the future or at least some other model.
- Rob Diana
How do you find these things out?
- Brynn M Evans
6.700 updates/month or since Flick integration?
- Benedikt Koehler
I think that's a misinterpretation. My understanding is that FF polled Flickr 2.7mil for 45k FF users, from which only 6k were actually online. I think there is a very big difference between the 2 messages.
- Alex Popescu
from twhirl
@Rob push models are not only the future, but the only real solution for such problems.
- Alex Popescu
from twhirl
@Alex you're more or less correct. However, those stats are from MONDAY -- a SINGLE day. The point is, FF made 2.7M requests to Flickr which returned less than 1% of actual updates.
- Chris Messina
Andy's analysis is here http://waxy.org/2008... and the slide show is here http://www.slideshare.net/rabble...
- Peter Dawson
Great presentation from Andy, excellent!
- Jason Wehmhoener
that was Monday? wow that might not scale.
- Rob Diana
@Chris I may be wrong, but it is a big difference between the 2 formulations. Anyways, the point is that poll model is not efficient and will start damaging the quality of some services. The only solution is moving towards push models (pubsub, xmpp), but this is quite a radical shift that some may not be prepared to accept.
- Alex Popescu
from twhirl
@Rob it will never scale. Just add a 0 to the number of users for which the query is made and the math leads us to 27mil requests/day from a single 3rd party. Another way: consider FF is gonna have to poll 10 similar services. It will have to deal with throwing out 27mil requests and process their responses which is equivalent with launching and processing 300+ responses/second (I've left aside the network latency and service response times).
- Alex Popescu
from twhirl
Alex, FF currentlly 42 service .and if hypothetically @ average of 27M per service, thats a lot of data to be pushed to a single consumption platform. Lets keep the user locked down to 45K. Any1 want to figure out capacity and bandwidth for such a scenario ? (Push !)
- Peter Dawson
300+ responses/second is not really all that unusual in some situations (trading/betting comes to mind)
- Jason Wehmhoener
@Alex, sorry, the sarcasm did not come through. I was trying to say that it will not scale long term, especially with how many users they currently have. Imagine the chaos if friendfeed went mainstream.
- Rob Diana
@Rob Sorry, I haven't caught the sarcasm. But we do agree on the subject, which is always good.
- Alex Popescu
@Peter I do think that we are saying the same thing :). Or is there any difference? Poll will never work at large scale. Full stop.
- Alex Popescu
@alex, agreed !!
- Peter Dawson
@Jason You're right. There are larger systems out there processing thousands of requests/s. But my point is that those numbers are only for gathering data. Then comes the data crunching + serving parts. Adding more machines/power may help but it is definitely not the solution. The only solution is pull, but for this companies would have to agree to consistently share the data in their systems. And that is a problem!
- Alex Popescu
@Alex, "only solution is pull" - correct. Industrial strength applications work like that . By this, I mean Exchange data being transcation an fullfilled with certain set SLA'/ threshholds (OLTP spec's for Ecomm) and in near real time. However, both partners are charging their customers by transaction and there is a reveunue sharing on the model for both service providers. In the same...
more...
- Peter Dawson
@Peter I'd say there is an important difference that should be underlined. In e-comm/financial services/etc they are handling private data, while Flickr/FF/YouTube represents "my" data. If I choose to put them online and pay for the service doesn't mean I am giving away my rights on that data. It should be "my" decision if I want it shared or not. Indeed, "you" (as in 'the service') can try to charge for this feature, but the 'data' is mine and I am the only one that should decide if it is sharable or not.
- Alex Popescu
@Chris: Here is a link http://radar.oreilly.com/2008... that confirms my version of the initial message.
- Alex Popescu
MySpace To Join OpenID, Bringing Total Enabled Accounts to Over A Half Billion - http://simonwillison.net/2008...
Susan Beebe, Nick Lothian and Simon Willison liked this
"Whenever people have told me OpenID is flawed because people don’t understand URLs I’ve answered “sure they don’t, but they know their MySpace page”." -Simon Willison
- DeWitt Clinton
But I do think people get URLs now. You see and hear them all over, be it the evening news, billboards, print ads, radio ads, etc. And not just simple domains, but more complicated ones like "Visit us at 'foobar.com/basketweaving'." I imagine that Joe Six Pack can understand perfectly well that his URL is 'facebook.com/joesixpack'.
- DeWitt Clinton
Chance of them actually *accepting* OpenID for logins: you might as well try frying an egg in your freezer.
- Earle Martin
wow, this is a big move... Facebook will have to play catch up again
- Susan Beebe
baby query is perfectly ok, he is haphazardly and erratically flying above the building, will stop worrying and cook dinner now
Simon Willison liked this
MySpace To Join OpenID, Bringing Total Enabled Accounts to Over A Half Billion - http://feeds.feedburner.com/~r...
Simon Willison, Nicholas James and David Recordon liked this
DjangoCon site is up: http://djangocon.org/ See you there!
Simon Willison and Eric Florenzano liked this
Efficient API Paging: count down, not up - http://www.dehora.net/journal...
Jauder Ho, Andy Denmark, Yuval Atzmon and 5 other people liked this
"By the way, if you designed your Data API around Atom and RFC5005 thus telling everyone "follow the next link" instead of "compute the next link's url, then follow it", you could switch physical paging models after the fact - the user agent doesn't care about your notion of a linked list, it'll key off the "rel" paging attributes. Whereas if you exposed the counting model directly via URL parameters, all clients will need to be upgraded. It's basic Data API practice to tell clients to follow typed links instead of asking them to compute parameterised URLs." -Bill de hÓra. The whole post is worth reading.
- DeWitt Clinton
Other ways to read this feed:
