image

The documentation for a non-blocking web server Tornado beautifully described as it copes with a great load, and generally it is the crown of mankind creation in the field of non-blocking servers. This is partly true. But when building the complex applications beyond the scope of “one more chat” reveals many non-obvious and subtle points about which we should know before run into the pitfalls. The club developers of intellectual games “Trellis” willing to share their thoughts about the pitfalls.

We are talking about a second branch of python, the latest version of Tornado 1.2.1, and postgresql, which is connected over psycopg2.

Application instance


Many programmers love to use a pattern of singleton for easy access to the application class. If we think about the future horizontal scaling that is not recommended to do it. The request object will give you a thread-safe application that can be used safely.
KlauS 12 september 2011, 12:42

We all have heard the jokes about men who used a rasp-file to file a memory in order to fit it to a motherboard, many times this joke made us happy in different variations ... However, I needed to count something, I have 3 pieces of PCI-E x16 (and 2 x1) in the motherboard, but the lower 2 are placed in such way that there can be installed only one graphics card (two-slot), and I need 3, because the third one goes for the desktop to make it faster.
image
Then my gaze has fallen upon an old-timer that many times helped me out - nVidia 8400GS. Now I need just to take the rasp-file and try to cram it in x1 slot...
KlauS 10 september 2011, 11:51

Clickjacking is the mechanism that misleads users when they follow a link to any site; it redirects the user to a malicious webpage. Clickjacking has become very effective. It is often used to spread through the Facebook links to the malicious websites. Recently, these techniques proved their effectiveness to breach the anonymity of website’s visitors. Also, following a sly link may lead to an attacker that will gain an access to the OAuth data. Let us see how it happens.

Classic application of clickjacking - spreading links through the Facebook

The attacker hides the “Like” or “Share” buttons in a transparent iframe in the classic scenario of clickjacking. This iframe is located above the element of page, which should be clicked by the user; also iframe can follow the mouse cursor. When we click on the element it is redirected to the invisible “Like” or “Share” buttons. Such operations are not limited to the Facebook, the attacker only needs to hide the elements of another website in the iframe.

Below is shown a typical message that can be seen in the net of Facebook, if one of our connections were intercepted by clickjacking:

image
Enyman 9 september 2011, 10:30

2147483647 (231-1), Mersenne prime is the maximum possible value for 32-bit integer that is the largest integer that can be written in 32 bits.

What does this have to do with the phone numbers? Ironically, it has the most direct relation. It turns out that a significant number of American programmers are developing the systems in order to optimize it, where numbers are stored on the server in the form of 32-bit integers. Thus, the maximum possible number is equal to (214) 748-3647 in the United States, where 214 is a code of Dallas. When we enter into the database greater value then it is stored the maximum possible number of 2147483647.

If we conduct a search on the Internet, we can find hundreds of the phone books from all over America, which refer to the same number in Dallas. We can only sympathize to the owner of this phone number.

How could not the project’s clients to notice the mistake on the part of developers? Probably many of them did the business in the region, where the code is less than 214, so that the other phone numbers just did not get into the database. Maybe the developers convinced someone that this is the best way to optimize: in such form the numbers take up less space than when are stored in the form of individual characters. In fact many are obsessed with the optimization. The lessons of Y2K did not go well for all; moreover, a new generation of programmers grew up who do not remember Y2K at all.

via Computerworld
xially 9 september 2011, 10:18

image
Once upon a time, every programmer has written something like this here:
double div (double a, double b){
return a / b;
}

He was fully convinced that this function does exactly what he need - divides a by b. But sooner or later, it turned out to be next friend or teacher, who explained that this function makes one more important thing in the life of any program: it brings down it with the exception of dividing by zero, if b makes zero. After that, the future programmer had to understand the need of validation of input data. Someone decided that this issue is settled, and someone came to the conclusion that this is only half of the matter.

In fact, put verifications at every step are a common practice. This is taught in the university. But with the time comes the idea that something is not right:
  • Verification of different things takes a lot of space in a code. Because of verifications, this code stops to be visible.
  • Profiler shows that a significant portion of time is spent on the verifications. The program is slow and users complain about it.
  • The same verifications repeat for many times. If a certain class has functions that call each other and work with the same data - verifications are written to each of them and some of them trigger “run free”.
Pirat 8 september 2011, 11:51

High-loaded project (website) is not necessarily a popular social net, video hosting or MMORPG. The easiest way deeply to improve the website’s requirements for the hardware is transferring storage of sessions in the database. In this article we will discuss how to store data in the database and at the same time does not cut on the performance. Using a small amount of RAM we can quite well save the time of CPU. We're talking about situation when memcached is not available and other special resources of caching.

Magic MEMORY tables

DBMS MySQL database system realizes the type of tables that are stored in memory permanently and always are available for a short time. This is MEMORY, there is a synonym HEAP. The second name is older; therefore, it is preferable to use the first one.
Comparing with MyISAM or InnoDB, this format is a very limited, but it handles well the storage of operational data. Traditionally, we will give its pluses and minuses, we start with the pluses:
Pirat 7 september 2011, 12:29

I faced the necessity to introduce a sip phone to the browser. On the internet mostly is the information on the basis of red5 + red5phone, but it seemed a bit of crocky and insufficiently reliable. Let us just say I was not satisfied with the time correlation of deployment and the required hardware resources to a level of quality, support, and ranging, also it is problematic for integration in a web project.
A little more searching I found this one project on the internet. It makes essentially the same as red5, but it is written in python and it has a flexible web interface.
In fact, the web-based interface is a small application on the flash, which is controlled by JavaScript or other programming language by calling the built-in functions of applications and processing of events. It has the ability to be integrated in other flash applications.
Tags: Flash, python, rtmp, sip
Pirat 7 september 2011, 10:24

The other day I debugged the driver, because when I was using it, at first glance appeared chaotic and some magic BSoDs. All function calls were correct; there were not any errors with zero pointers and other common problems. I did not figure out what could happen with this driver, I asked more experienced friend to see what's wrong. A few hours later he said that understood the reason for the bug. The result confused both of us.

It turned out that the cause of falling was the banal and simple: in the logic of the driver was used a stack extensively, often a function used 10 - 20 KB of memory on the stack under various buffers and arrays. MSDN says that the kernel stack is limited to three pages of memory (for 32-bit architecture is about 12KB), and therefore it is better to refrain from the multiple function calls and recursion.
Pirat 6 september 2011, 11:11

In general, as any beginning programmer of JavaScript (2 years ago), I wanted to carry out everything myself. So there appeared a very fast regular expression of 280 characters.

A little history


Approximately one and a half years ago, I found out about the library “yass”, which has been the fastest tool to find DOM elements in a JavaScript through CSS selectors (reference to tests).
Then I had a terrible interest. I wanted to invent a way that will be even faster. At that time, I just was reading the book “Regular expressions- Library of programmer” the second edition of J. Fridley. It was summer, I was still a student and I had plenty of free time. Work has begun...

I decided to write an article because of the following expression, which can almost completely analyze the CSS selector query (even a little advanced, which goes beyond the standard CSS3):
/(?:(?:\s*[+>~,]\s*|\s+)|[^:+>~,\s\\[\]]+(?:\\.[^:+>~,\s\\[\]]*)*)|\[(?:[^\\[\]]*(?:\\.[^\\[\]]*)*|[^=]+=~?\s*(?:"[^\\"]*(?:\\.[^"\\]*)*"|'[^\\']*(?:\\.[^'\\]*)*'))\]|:[^\\:([]+(?:\\.[^\\:([]*)*(?:\((?:[^\\()]*(?:\\.[^\\()]*)*|"[^\\"]*(?:\\.[^"\\]*)*"|'[^\\']*(?:\\.[^'\\]*)*')\))?/g
Pirat 5 september 2011, 14:53

image
Let us try to write a simple Drum Machine in Perl using MIDI and Tkx as a graphical toolkit.

Key Features

1. 47 tools, 4 can be used simultaneously.
2. Keyboard control.
3. Volume control.
4. Control of BPM from 60 to 600 beats per a minute.

General MIDI provides a special channel under number 10 for the percussion instruments.

The required numbers of notes can be found on this webpage.

We need the modules: Win32API:: MIDI and Tkx. The last you have to be installed, if you are using ActivePerl.
Pirat 4 september 2011, 19:29