Wednesday, April 30, 2008

Tuesday, April 29, 2008

Poor man's let statement

So we've all read how javascript 1.8 (and ecmascript 2) has let statements, but until our favorite browser gets there, here's how I work around the limitation:

var a = 1
new function() {
  var a = 2;

Friday, April 25, 2008

CSS variables are back on the table

So there are proposals for CSS variables yet again. Some like it, some don't, some have already proposed it in the past.

My 2 cents is that this feature won't be particularly useful for the next decade or so. Judging from Microsoft's approach to things like opacity, I wouldn't expect to see IE implementing this until *after* it becomes part of the CSS spec.

Thursday, April 24, 2008

Money vs security again

Big vulnerability affecting essentially the entire internet: ISPs are hijacking unused subdomains to put up (insecure) ad pages, and it's possible to hijack these pages for spoofing and phishing.

Tuesday, April 22, 2008

Beating botnets with more botnets

Very interesting research on using a swarm of servers to shield an application server against DDoS attacks.

"It is a very interesting approach that integrates a number of existing ideas," says Yin Zhang of the University of Texas in Austin, US.

"I particularly like the idea of leveraging swarming to defend against botnets," Zhang added. "Converting BitTorrent users into a community-based botnet defense sounds interesting and promising."

Javascript 1.8 features

Tiago Silveira goes over upcoming features in Javascript. There is a lot of neat functional programming sugar going on.

His first comment is intriguing though:

In one sentence: Javascript 1.8 (supported by Firefox 3) has many of Python's features, but is a Frankenstein's patchwork of so many languages it might achieve the highest maintenance costs a language other that PERL has ever seen.

Monday, April 21, 2008

Stuff happening over on the server-side

Dion Almaer talks about RDBMS, ODBMS and Google's App engine. It's an interesting discussion, and it touches on line between the academic world and the business world: RDBMS is the de facto standard for data storage in business, but will it stay so, in the face of all the alternatives that are popping up?

My bet is that in the end, SQL will win. There are too many SQL-driven behemoths out there, and for the ordinary teenage learner, SQL tools (via PHP, or Visual Studio or whatever) are widely available and are very easy to play with.

Nonetheless, I'd like to see some more dissemination for these alternative data storage models, so that their patterns become more apparent, and so that they can ultimately be standardized (even if only loosely by de facto usage)

Weapons of mass murder

So it seems they're banning those red laser pointers in Australia.

Mr Iemma said the misuse of these devices had the potential to cause mass murder.

"It only takes a fraction of a second for a pilot to become temporarily blinded and that could have catastrophic consequences," Mr Iemma said.

"It is a gutless and cowardly act that could result in an horrific outcome."

Thursday, April 17, 2008

Army develops robotic suit

Sweet, bring on the zerg.

More on evil

Just yesterday I blogged about a experiment on the nature of evil.

I guess evil is contagious after all.


Avoid spam while helping digitizing books. Apparently, it's still uncracked and it seems it will continue to be for a very long time (At least, against machines).

Wednesday, April 16, 2008

A quote from Dan Moren

There’s something profoundly other about Macs—for many of us, they’re objects of craftsmanship rather than just tools. You don’t need to do anything other than go into an Apple Store and see how people behave around them to get that. Then, just for contrast’s sake, take a stroll down to Best Buy, and see how people treat the computers there.

Dan Moren

Checking for traffic tinkering

Interesting research that uses javascript to test whether a page was modified by third parties (such as ISPs) between the server and client.

End of the world

So, I guess we're doomed. Or at least, Disneyland is.

The Lucifer Effect

This is perhaps the most fascinating psychological experiment I've ever seen.

Tuesday, April 15, 2008

Suing the wrong small business

So, Monster Cables apparently sued Blue Jeans Cables over one of its brand.

Here's the response, written by Blue Jeans' president, who apparently used to be a lawyer. It's a pretty entertaining letter.

Sunday, April 13, 2008


I was playing with Java today and found this somewhat amusing method name.

I wonder if this method will be deprecated in favor of a new one called "isReallyDefinitelyWriteableDude"

Saturday, April 12, 2008

Escaping HTML the easy way

If you've done even a little bit of web development, you've probably had to write some sort of html-escaping script before to avoid html injection scenarios (when outputting user-generated content to a page, most likely). It probably looks something like the following (in javascript):

//the old-school way
var escapeHTML = function(s) {
  s = s.replace(/&/g,"&");
  s = s.replace(/</g,"&lt;");
  s = s.replace(/>/g,"&gt;");
  return s;

Seems kinda clunky, doesn't it?

Here's a much simpler way to do it:

var escapeHTML = function(s) {
  return "<![CDATA[" + s + "]]>"

Friday, April 11, 2008

My favourite sugar

I've mentioned before that I've playing with D. Here's my current favourite feature in this language

//here's a trivial function
int add(int a, int b)
  return a + b;
//and the unusually neat way to call it:
int a = 10.add(20);

What happens here is that you can call any function as a method of any object, as long as the first parameter of the function is of the same type as the object you're "attaching" it to. Obviously, you omit the first parameter in the actual list of parameters when calling functions this way. It looks very Ruby-like in this example, and it can make code pretty clean-looking. Take this snippet for example:

import std.regexp;

void main()
  string s = "Hello World";
  int hello = find(s, "Hello");
  int world = find(s, "World");

It can be written like this:

import std.regexp;

void main()
  string s = "Hello World";
  int hello = s.find("Hello");
  int world = s.find("World");

The second syntax looks a lot cleaner and more modern, and there aren't any performance losses by using the dot syntax. Who needs fancy-pants classes? :)

Taking it a step further

D is a statically-typed language, but it does have a templating system, meaning you can write code that essentially looks like dynamically-typed code:

//some generic function
void add(T)(T object1, T object2)
  object1 += object2;
//some generic data type
alias int foo;
//some other generic data type
struct Point2D
  float x = 0;
  float y = 0;
  //overloading +=
  void opAddAssign(Point2D point)
    x += point.x;
    y += point.y;

foo n1 = 1;
foo n2 = 2;

n1.add(n2);//n1 == 3

auto p1 = Point(1, 1);
auto p2 = Point(2, 2);

p1.add(p2);//p1 = { x : 3 , y : 3 }

IETester - IE5.5, 6, 7 and 8... in one program

Still in alpha though.

Dromaeo javascript performance test

John Resig released this cute little page that benchmarks the performance of the browser's javascript engine. The site's concept is similar to except that you can run the tests live.

From a glance over the wiki, John seems to have done quite a bit of research on minimizing interferences such as rendering loading times, so this should be a easy place to go whenever you want to pitch the latest version of your favorite browser against other browsers and compare their javascript engine speeds.

Monty Hall teaches psychologists

Fascinating article: John Tierney explains a fundamental probabilistic flaw in cognitive dissonance research methodologies.

Thursday, April 10, 2008

9-years-old rides subway home

Can you believe this actually made the news? It goes to show that we, with our silly fears of things that almost never happen, can be our own worst enemies.

The circus is in town

Anyone else's been wondering what's up with the semi-comical stories lately?

Wednesday, April 9, 2008

More slickspeed

I just ran DOMAssistant's latest slickspeed benchmark and I must say that DOMAssistant looks sharp.

Of particular interest is the ".note" test. I just wish they added benchmarks on more practical queries like ".class tag" or ".class .class". They do have "tag.class tag.class", but since the optimum algorithms for these queries is somewhat different (especially in less capable browsers), I think those cases are all relevant.

Another thing that is worth pointing out is that library authors could put a bit more effort in testing in IE6. There are way too many tests with inconsistent number of elements returned. It's true that "p:nth-child(even)" isn't a very realistic test, but "div + p" and "div:not(.example)" are not that far fetched.

Anyways, did anyone notice that the legend at the bottom is broken in IE6? :)

Google App Engine Review

Highlights some pros and cons, for those considering it. In a nutshell, it's great for start-ups, but perhaps not so attractive for your "next-big-thing", psychologically speaking.


It's a site where you can pick songs by colors representing moods. Quite interesting concept.

Friday, April 4, 2008

On Doug Crockford's MD5 hash suggestion

For those out of the loop, I'm referring to this and this.

Simon Willison dug up this neat intro to hash-related attacks that is well-worth reading, especially if you're not too security-savvy. I blogged about this type of attacks a few months ago here.

This whole discussion suggests two things to me: 1 - that it's dangerous to rely on technology you don't understand, and 2 - that it's time to start considering better hashing algorithms.

What's next? Godzilla?

Someone is planning on making a real life version of a Gundam robot. I want one to help me take over the world.

Django entering the limelight?

Maybe I should learn Python after all. Interesting discussion about back-enders vs. front-enders preferences.

Thursday, April 3, 2008

Wednesday, April 2, 2008

Microsoft acquires patent for U-Prove

I'd love to see more developments about this.

For those who don't know, U-Prove is an algorithm that allows users to selectively disclose private information. I guess this acquisition answers Schneier's doubt about its business model :)

All hail the flying spaghetti monster

It has come to save us all from doom! Or at least, to put a smile on our faces.

Ian Hickson on the performance aspect of Acid3

Ian quantifies the requirements to "smooth animation".

How not to secure your borders

So apparently, the US is outsourcing the manufacturing of passports to some questionable companies. Why? Because it's cheaper, of course.