“As a coder working for an organisation you are focused on building something to meet a defined spec. This spec will say things like “background should be blue”, “tabulated interface for user management” and “should not crash”. It may come with a set of images stitched together by a UI designer of how the site/app/thing is expected to look – either crayoned on the back of a fag packet or more likely mocked up in Photoshop so the UI programmers can pull it apart again for the logos and buttons. In a really good spec you’ll find a storyboard defining how it should behave, ready-made content and all the copy up front. We wish.”
via mockyblog
October 28, 2010
Programmers: how to make the systems guy love you
October 27, 2010
Using MySQL as NoSQL – A story for exceeding 750,000 qps on a commodity server
“Most of high scale web applications use MySQL + memcached. Many of them use also NoSQL like TokyoCabinet/Tyrant. In some cases people have dropped MySQL and have shifted to NoSQL. One of the biggest reasons for such a movement is that it is said that NoSQL performs better than MySQL for simple access patterns such as primary key lookups. Most of queries from web applications are simple so this seems like a reasonable decision.
Like many other high scale web sites, we at DeNA had similar issues for years. But we reached a different conclusion. We are using “only MySQL”. We still use memcached for front-end caching (i.e. preprocessed HTML, count/summary info), but we do not use memcached for caching rows. We do not use NoSQL, either. Why? Because we could get much better performance from MySQL than from other NoSQL products. In our benchmarks, we could get 750,000+ qps (queries per second) on a commodity MySQL/InnoDB 5.1 server from remote web clients. We also have got excellent performance on production environments.
Maybe you can’t believe the numbers, but this is a real story. In this long blog post, I’d like to share our experiences.”
October 24, 2010
Firesheep
“It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.”
December 21, 2009
Blogging tools
“It occurs to me that the tools we have available each do a large variety of things, and that there’s no good reason for these functions to be bound together into one application. For example, Maciej’s recent article on why not to have a public of WordPress (and more details) shows that serving the website and editing it can be very separate pieces. The original ancient Blogger software also used to push a copy up to your site via FTP.”
Great ideas.