For all those that love IP news, here's an interesting one.
Wednesday, April 30, 2008
Tuesday, April 29, 2008
Poor man's let statement
So we've all read how javascript 1.8 (and ecmascript 2) has let statements, but until our favorite browser gets there, here's how I work around the limitation:
var a = 1 new function() { var a = 2; alert(a); }() alert(a);
Monday, April 28, 2008
Friday, April 25, 2008
CSS variables are back on the table
So there are proposals for CSS variables yet again. Some like it, some don't, some have already proposed it in the past.
My 2 cents is that this feature won't be particularly useful for the next decade or so. Judging from Microsoft's approach to things like opacity, I wouldn't expect to see IE implementing this until *after* it becomes part of the CSS spec.
Thursday, April 24, 2008
Money vs security again
Big vulnerability affecting essentially the entire internet: ISPs are hijacking unused subdomains to put up (insecure) ad pages, and it's possible to hijack these pages for spoofing and phishing.
Tuesday, April 22, 2008
Beating botnets with more botnets
Very interesting research on using a swarm of servers to shield an application server against DDoS attacks.
"It is a very interesting approach that integrates a number of existing ideas," says Yin Zhang of the University of Texas in Austin, US.
"I particularly like the idea of leveraging swarming to defend against botnets," Zhang added. "Converting BitTorrent users into a community-based botnet defense sounds interesting and promising."
Javascript 1.8 features
Tiago Silveira goes over upcoming features in Javascript. There is a lot of neat functional programming sugar going on.
His first comment is intriguing though:
In one sentence: Javascript 1.8 (supported by Firefox 3) has many of Python's features, but is a Frankenstein's patchwork of so many languages it might achieve the highest maintenance costs a language other that PERL has ever seen.
Monday, April 21, 2008
Stuff happening over on the server-side
Dion Almaer talks about RDBMS, ODBMS and Google's App engine. It's an interesting discussion, and it touches on line between the academic world and the business world: RDBMS is the de facto standard for data storage in business, but will it stay so, in the face of all the alternatives that are popping up?
My bet is that in the end, SQL will win. There are too many SQL-driven behemoths out there, and for the ordinary teenage learner, SQL tools (via PHP, or Visual Studio or whatever) are widely available and are very easy to play with.
Nonetheless, I'd like to see some more dissemination for these alternative data storage models, so that their patterns become more apparent, and so that they can ultimately be standardized (even if only loosely by de facto usage)
Weapons of mass murder
So it seems they're banning those red laser pointers in Australia.
Mr Iemma said the misuse of these devices had the potential to cause mass murder.
"It only takes a fraction of a second for a pilot to become temporarily blinded and that could have catastrophic consequences," Mr Iemma said.
"It is a gutless and cowardly act that could result in an horrific outcome."
Thursday, April 17, 2008
ReCaptcha
Avoid spam while helping digitizing books. Apparently, it's still uncracked and it seems it will continue to be for a very long time (At least, against machines).
Wednesday, April 16, 2008
A quote from Dan Moren
There’s something profoundly other about Macs—for many of us, they’re objects of craftsmanship rather than just tools. You don’t need to do anything other than go into an Apple Store and see how people behave around them to get that. Then, just for contrast’s sake, take a stroll down to Best Buy, and see how people treat the computers there.
Checking for traffic tinkering
Interesting research that uses javascript to test whether a page was modified by third parties (such as ISPs) between the server and client.
Tuesday, April 15, 2008
Suing the wrong small business
So, Monster Cables apparently sued Blue Jeans Cables over one of its brand.
Here's the response, written by Blue Jeans' president, who apparently used to be a lawyer. It's a pretty entertaining letter.
Sunday, April 13, 2008
IsDefinitelyWritable
I was playing with Java today and found this somewhat amusing method name.
I wonder if this method will be deprecated in favor of a new one called "isReallyDefinitelyWriteableDude"
Saturday, April 12, 2008
Escaping HTML the easy way
If you've done even a little bit of web development, you've probably had to write some sort of html-escaping script before to avoid html injection scenarios (when outputting user-generated content to a page, most likely). It probably looks something like the following (in javascript):
//the old-school way var escapeHTML = function(s) { s = s.replace(/&/g,"&"); s = s.replace(/</g,"<"); s = s.replace(/>/g,">"); return s; }
Seems kinda clunky, doesn't it?
Here's a much simpler way to do it:
var escapeHTML = function(s) { return "<![CDATA[" + s + "]]>" }
Friday, April 11, 2008
My favourite sugar
I've mentioned before that I've playing with D. Here's my current favourite feature in this language
//here's a trivial function int add(int a, int b) { return a + b; } //and the unusually neat way to call it: int a = 10.add(20);
What happens here is that you can call any function as a method of any object, as long as the first parameter of the function is of the same type as the object you're "attaching" it to. Obviously, you omit the first parameter in the actual list of parameters when calling functions this way. It looks very Ruby-like in this example, and it can make code pretty clean-looking. Take this snippet for example:
import std.regexp; void main() { string s = "Hello World"; int hello = find(s, "Hello"); int world = find(s, "World"); }
It can be written like this:
import std.regexp; void main() { string s = "Hello World"; int hello = s.find("Hello"); int world = s.find("World"); }
The second syntax looks a lot cleaner and more modern, and there aren't any performance losses by using the dot syntax. Who needs fancy-pants classes? :)
Taking it a step further
D is a statically-typed language, but it does have a templating system, meaning you can write code that essentially looks like dynamically-typed code:
//some generic function void add(T)(T object1, T object2) { object1 += object2; } //some generic data type alias int foo; //some other generic data type struct Point2D { float x = 0; float y = 0; //overloading += void opAddAssign(Point2D point) { x += point.x; y += point.y; } } foo n1 = 1; foo n2 = 2; n1.add(n2);//n1 == 3 auto p1 = Point(1, 1); auto p2 = Point(2, 2); p1.add(p2);//p1 = { x : 3 , y : 3 }
Dromaeo javascript performance test
John Resig released this cute little page that benchmarks the performance of the browser's javascript engine. The site's concept is similar to shootout.alioth.debian.org except that you can run the tests live.
From a glance over the wiki, John seems to have done quite a bit of research on minimizing interferences such as rendering loading times, so this should be a easy place to go whenever you want to pitch the latest version of your favorite browser against other browsers and compare their javascript engine speeds.
Thursday, April 10, 2008
9-years-old rides subway home
Can you believe this actually made the news? It goes to show that we, with our silly fears of things that almost never happen, can be our own worst enemies.
Wednesday, April 9, 2008
More slickspeed
I just ran DOMAssistant's latest slickspeed benchmark and I must say that DOMAssistant looks sharp.
Of particular interest is the ".note" test. I just wish they added benchmarks on more practical queries like ".class tag" or ".class .class". They do have "tag.class tag.class", but since the optimum algorithms for these queries is somewhat different (especially in less capable browsers), I think those cases are all relevant.
Another thing that is worth pointing out is that library authors could put a bit more effort in testing in IE6. There are way too many tests with inconsistent number of elements returned. It's true that "p:nth-child(even)" isn't a very realistic test, but "div + p" and "div:not(.example)" are not that far fetched.
Anyways, did anyone notice that the legend at the bottom is broken in IE6? :)
Google App Engine Review
Highlights some pros and cons, for those considering it. In a nutshell, it's great for start-ups, but perhaps not so attractive for your "next-big-thing", psychologically speaking.
Guitarati
It's a site where you can pick songs by colors representing moods. Quite interesting concept.
Tuesday, April 8, 2008
Monday, April 7, 2008
Friday, April 4, 2008
On Doug Crockford's MD5 hash suggestion
For those out of the loop, I'm referring to this and this.
Simon Willison dug up this neat intro to hash-related attacks that is well-worth reading, especially if you're not too security-savvy. I blogged about this type of attacks a few months ago here.
This whole discussion suggests two things to me: 1 - that it's dangerous to rely on technology you don't understand, and 2 - that it's time to start considering better hashing algorithms.
What's next? Godzilla?
Someone is planning on making a real life version of a Gundam robot. I want one to help me take over the world.
Django entering the limelight?
Maybe I should learn Python after all. Interesting discussion about back-enders vs. front-enders preferences.
Thursday, April 3, 2008
Interesting critique of ISO and OOXML
BenoƮt Jacob argues that software doesn't need to be formally standardized.
Wednesday, April 2, 2008
Microsoft acquires patent for U-Prove
I'd love to see more developments about this.
For those who don't know, U-Prove is an algorithm that allows users to selectively disclose private information. I guess this acquisition answers Schneier's doubt about its business model :)
All hail the flying spaghetti monster
It has come to save us all from doom! Or at least, to put a smile on our faces.
How not to secure your borders
So apparently, the US is outsourcing the manufacturing of passports to some questionable companies. Why? Because it's cheaper, of course.