Archive | April, 2010

Thanks and Aaaaaaarrr to #jsconf, @voodootikigod, and friends. Wicked event!

19 Apr


The Tweets:

  • Just because you can do something with JS doesn’t mean you have to. So don’t reinvent SSL mkay #jsconf Sun Apr 18 20:57:58 +0000 2010
  • posted live notes from “The Best of @Souders” JS performance talk #jsconf Sun Apr 18 20:03:56 +0000 2010
  • “If we had this frag tag, it would be one of the biggest things website owners could do to improve the performance of their pages.” #jsconf Sun Apr 18 19:57:29 +0000 2010
  • RT @DmitryBaranovsk: My Rapha??l presentation from #jsconf is up: Sun Apr 18 19:02:25 +0000 2010
  • should i be concerned about an authoritative information source that goes down due to a traffic jam?! Sun Apr 18 18:46:53 +0000 2010
  • @joelanman any slides from your talk? Sun Apr 18 18:40:55 +0000 2010
  • the whole of EU is car pooling, apparently. #ashtag Sun Apr 18 18:18:48 +0000 2010
  • yeah so true…if no-one’s mentioning wifi, all is good! RT @raydaly: wireless speed at #jsconf is great. Sun Apr 18 16:34:10 +0000 2010
  • .@jdalton is certainly taking things forward with … git co’d it for the plane ride tonight #jsconf Sun Apr 18 16:33:24 +0000 2010
  • Live blogging notes from #jsconf – Facebook’s performance optimisation Sun Apr 18 16:06:19 +0000 2010
  • “Facebook is hiring. We still have a lot of Javascript to write, and delete” – Makinde wraps up his #jsconf performance talk Sun Apr 18 15:47:56 +0000 2010
  • @mahemoff s/tag/attribute Sun Apr 18 15:40:43 +0000 2010
  • appreciates Facebook’s use of an “ajaxify” tag 😉 Sun Apr 18 15:40:21 +0000 2010
  • Makinde Adeagbo is giving an incredibly lucid explanation of Facebook’s performance optimisation strategy. Live blogging it … #jsconf Sun Apr 18 15:38:50 +0000 2010
  • London agile conference for the stranded Sun Apr 18 15:02:49 +0000 2010
  • “When people say it’s a flash killer, I’m glad to hear it, but it’s BS” says #RaphaelJS creator @DmitryBaranovsk #jsconf Sun Apr 18 14:29:59 +0000 2010
  • these are the airports, those are the airplanes…and what do you notice? #ashtag (from @jobsworth) Sun Apr 18 03:42:53 +0000 2010
  • @detronizator behold those html5 slides from @edr Sun Apr 18 03:27:46 +0000 2010
  • Eagerly awaiting morning talks on two great techs I need to know more about: sproutcore and Raphael the Mighty #jsconf Sun Apr 18 02:38:53 +0000 2010
  • It’s so just ipad Sat Apr 17 20:52:19 +0000 2010
  • RT slicknet Why do most birthday entry fields in web forms default to the current year? Is that really the most common use case? Sat Apr 17 19:21:50 +0000 2010
  • slideshare’s flash widgets running on Gordon #jsconf Sat Apr 17 18:50:16 +0000 2010
  • .@tobeytailor is performance-optimising de-compression by converting the zipfile into a PNG and reading the bytes from canvas!! Sat Apr 17 18:32:24 +0000 2010
  • RT @dalmaer: The latest on the awesome nodejs framework in the session that @ryah just gave: Sat Apr 17 18:30:12 +0000 2010
  • .@tobeytailor: Gordon is100% Javascript, all the Flash content sitting openly in the DOM, 3100 lines of code, 15K #jsconf Sat Apr 17 18:26:39 +0000 2010
  • #NodeJS aspiration “i want to not change it every day” #jsconf Sat Apr 17 18:16:39 +0000 2010
  • @blaine no live stream, but there’s #jsconf video out apparently in the next month Sat Apr 17 18:13:56 +0000 2010
  • The improved NodeJS speed comes from the new Buffer abstraction. #jsconf Sat Apr 17 18:06:52 +0000 2010
  • @ryah’s comparison chart showing NodeJs running at nginx speeds for large response size #jsconf Sat Apr 17 18:04:48 +0000 2010
  • .@ryah: “as we start getting into large response sizes, node sucks” “it’s terrible. it’s not rails terrible (but) …” #jsconf Sat Apr 17 17:53:26 +0000 2010
  • .@ryah preps the showdown. node vs nginx vs tornado vs thin #jsconf Sat Apr 17 17:51:27 +0000 2010
  • Delayed proceedings in the #yayquery lunchtime coding challenge as the authorities seek to set up Dvorak layout Sat Apr 17 17:23:48 +0000 2010
  • is up next on Single Page App hacks…uploaded the slides -> #JSConf Sat Apr 17 15:25:44 +0000 2010
  • @Paul_Kinlan coffeescript – hi-level javascript wrapper. not so interesting to me just compiling on server,but now it can compile in browser Sat Apr 17 15:09:14 +0000 2010
  • #jsconf #ADomainForEveryCSSPropertyBringIt Sat Apr 17 14:55:04 +0000 2010
  • crazy hack via @paul_irish – contenteditable on the style tag, with body hidden. /cc @jermolene #jsconf Sat Apr 17 14:47:22 +0000 2010
  • i’m in your #jsconf, watching your #uxcamplondon and #shiftconf Sat Apr 17 14:38:19 +0000 2010
  • coffeescript was initially built in ruby, but is now built in coffeescript #jsconf Sat Apr 17 14:34:36 +0000 2010
  • Crock’s Javascript keynote at #jsconf 2010 Sat Apr 17 13:41:05 +0000 2010
  • And if douglas has his way, testing will be mandatory 😉 RT @douglassquirrel: We should apply to get coding into London 2012. Sat Apr 17 12:03:16 +0000 2010
  • hey @cowboy check out @crazybob’s auto crash reporter, another e.g of production excptn logging as in Sat Apr 17 04:44:53 +0000 2010
  • Heard at #scurvyconf- the official Olympic store is running server-side JavaScript 🙂 Sat Apr 17 01:20:28 +0000 2010
  • FP First Pony #scurvyconf has landed Sat Apr 17 00:45:30 +0000 2010
  • @premasagar’s fab writeup of quirks in sourceless iframes, one of the hacks i’ll cover at #JSConf tomorrow Fri Apr 16 21:43:24 +0000 2010
  • Advertisements

    It’s so just ipad

    17 Apr

    Crock’s Javascript keynote at #jsconf 2010

    17 Apr

    Crock’s keynote (iPhone typo alert etc) at jsconf 2010

    Live blogging notes

    JS came from self and scheme (2 failed languages in a clmmercial sense) and java.

    “MS abandoned the web” and disbanded the IE team to work on other things.

    Ajax gave Javascript a second chance. But people still hate it, and got good reason; after all, it was developed in about 10 days. People hate JS because it does have bad parts. Other reasons are less valid criticisms: DOM manipulation.

    Good things include Event handling, concise expressiveness.

    It’s now being used outside the browser: apps, owratong systems (widget frameworks), Databases, mobile, consumer electronics, and of course the server.

    The difficult thing for evolving JS is the web itself. The most effective way to male it a better language is to remove the bad parts.

    The problem is you can’t just discard those parts because people use them (and being bad and dangerous, many people like to use them). But *you* can discard them in your program, hence JSLint.

    Harmony is being evolved.

    * correcting the block scope problem, ie vars should go out of scope at the end of a block.

    * better support for variadic (various parameters)

    “IE6 Must Die”
    The new syntax is useless if you must support older browsers. IE6 is still so popular because we are letting it hang on.

    Under the IEEE floating point standard, 0.1+0.2 !== 0.3 …. Is only a problem on planets using the decimal system 🙂 IEEE also has a decimal standard, but too slow, so hopefully other techniques will be supported And built into the browsers.

    Intermediate representation? Eg abstract parse tree would support a feature like macros.

    Threads? “threads are evil” at application level, so crock doesn’t want them.

    Support for tail calls. They’re short ciruited as jumps meaning you can’t trve the stack.

    Crocks personal criteria for spec changes are readability and productivity, rather than just new features or mini incremental efficiency improvements.

    Crock reserves #1 priority for security, an prevention of XSS. Once a script gets a foothold, the attacker can see everything the user sees. Including secret tokens and running in the SSL channel; your server had no way to distinguish between trusted code and third party code. The attacker can completely control the display, e.g. Ask the use for their password. The attacker can send any obtained info to any server in the world.

    None of these things are bugs; they’re the standards, Invented in 1995, we’ve made no progress on them in 14 years. Why?

    * web stack is too complicated and browsers male heroic efforts to support malformed contents.
    * Javascript’s global object doesn’t recognize there are separate interests on the page.

    Mashups – extremely interesting and also very unsafe. Advertising is mashup too and had led to security problems.

    Caja and Adaafe go some way to helping …. Denying access to the global object and the DOM.

    ES5/Strict will support this kind of thing. But still more work to be done.

    This is another reason why IE6 must die; it won’t support these improved security models.

    The DOM is an awful API – painful for developers and insecure. Crock days html5 makes security worse:
    * increases surface area
    * gives attackers new capabilities for evil
    * it will take a long time to complete, so even longer to fox xss.

    Crocks proposal is to start again, with xss as the first priority. And with a new DOM modelled on the Ajax libraries.

    Most ppoular aproaches to security fail: security by inconvenience, by obscurity, by identity…fail. So we have to do security by vigilance. Ir everyone has to play a role, not just security experts.

    Fortunately, secure models fall from good design. See Parnas (1972), “capability security”. a worthy read. Not just information-hiding, but capabiity-hiding. (main takeaway is that global object is evil.)

    Ecmascript is being transformed into an object capability model.

    FP First Pony #scurvyconf has landed

    17 Apr

    Web-O-Random Updates

    15 Apr

    A few hours of coding in the sky led to a few new features for

    In particular:

    * Get as many random numbers as you like, with a third parameter – /10/20/50 will give you 50 numbers between 10 and 20

    * For lists, sampling without replacement. /a,b,c,d,e/3 gives you 3 independent samples (duplicates are possible); /a,b,c,d,e/-3 gives you 3 items without duplicates (as if you'd taken three random items out of the list); /a,b,c,d,e/0 gives you the list shuffled, and /a,b,c,d,e gives you just one element.

    * Better rendering of multiple items

    * Begun specialised randomizers – /coin gives you a coin toss (with image) ; /coin/5 gives you 5 coin tosses

    Underneath the surface is a generator ( based architecture, so new randomizers should be fairly straightforward. I'm interested in "color", "card", and "dice" for a start.

    Minor Twelebs Update

    14 Apr

    I migrated Twelebs today and in doing so, refreeshed myself on how it's set up. I forgot how simple it is to add celebs, just by adding them to a single Twitter account; the images auto-update after a propagation delay. The only thing missing for each of them is a Wikipedia URL and a one-line bio, but I can do without them for now.

    The main priority today was to add a ton of new celebrities since they were added about 18 months ago. A lot of water has passed under the Twitter bridge since then!

    I'm pleased with the results – you can't see them all until the new guys start posting, but there should be a couple hundreds Twelebs on there, and hopefully new tweets every minute or two.

    One thing I did was to use WeFollow as one of the resources (it didn't exist when Twelebs was launched). To that end, I built the following Greasemonkey script to redirect URLs from WeFollow's page about the user, straight to the Twitter page:

    A few browser extensions I’d like to see or make

    12 Apr

    * "Add To Delicious" with default tag setting (e.g. "toread") so I could easily use it in ??conjunction with Instalicious (, and the ability to add against a link, instead of having to open the page.

    * "Sitelighter" to highlight links to my favourite sites. (Perhaps site-specific, e.g. "when I'm looking at TechMeme, highlight links to Ajaxian").

    * "Feature Creep" to point out any interesting technical features of a site, e.g. it uses HTML5 tags, SVG, Canvas. This would be a win for pattern mining.

    * "Pathfinder" to support navigation through sites without a clean URL structure (something motivated by the many excuses for "enterprise web apps" I've had to deal with on intranets).

    * "Robotic" to support filling out forms and performing other menial tasks on the aforementioned inhumane sites (this is perhaps more of a framework for extensions that run across multiple URLs, than a specific extension, per se).

    Note: Maybe they exist; I haven't done the due diligence yet.