I’m reading about origins of The Manhattan Project right now. It’s a little shocking how easy it is to make an atomic bomb. Extremely difficult to make the fuel, yes, but the actual weapon? You just put these two chunks of rock together, quickly.
Making a military-grade version took an elite team of scientists and engineers, of course, and that process ultimately resulted in the overengineered world-shattering monstrousity that is the H-bomb.
But the early feasability reports are chilling in their simplicity.
Caught this nice tip from the makers of Forumwarz, re: preventing users or bots from flooding you with form submissions:
“Memcached allows you to set an expiry for any key you set. So, instead of using the timestamp column in the database [to prevent multiple requests within a timeframe], you can simply set a key in memcached with an expiry of your cool down period. Then, when you are about to insert, check to see if the key exists in memcached. If it does, don’t insert. If it doesn’t, insert your row and then add the key there.”
Nice to remember when scaling makes it worth adding memcached to your infrastructure (memcached requires some sort of vlan for secure deployment, otherwise _anyone_ can write to your caches).
You could also use Amazon’s SimpleDB or (for small sites) a session key. The point is to prevent flooders from tying up your database at all, if possible.
Using Camino as a site-specific browser for Google services.
I had been using Fluid.app in GMail mode, but email address auto-complete stopped working.
Also, Fluid browsers use the same cookie store as Safari, and Mail, and every other WebKit instance—integration is a blessing and a curse—which means they aren’t actually as isolated from each other as I thought. (They have different javascript processes and session stores, which makes cross-site-scripting less likely, but any application that performs auto-login on receipt of a stored cookie is still potentially scriptable.)
Camino is Firefox under the hood, but developed as a native Macintosh app. More importantly, it has it’s own cookie and certificate store. As a bonus, it’s open source. And it doesn’t have any annoying GMail bugs.
The only downside: there is no “open domains outside of google.com in default browser” option. I can live with that. At least when I go to other domains I won’t be logged in already.
A public safety message: Do you know how to casually record audio on your cell phone or mp3 player?
Last year, a Bronx teenager took down a corrupt detective by surreptitiously recording his interrogation on an mp3 player.
Recently, a Colombian immigrant caught an USCIS agent demanding sex in exchange for a green card. She recorded the 16 minute conversation on her cell phone.
Please take a few moments to see if you can—quietly—record several minutes of audio on your phone or portable music player. Evidence may some day be your best defense against abuse of power.
