Barnaby Walters

I am a British web developer and luthier working at Vísar in Reykjavík, Iceland.

I build and play the Hurdy Gurdy, cook/bake granola and pizza and help build the independent web.

  1. Javascript has no real Set or Dictionary implementation, which for someone spoiled by python’s set and dicts is rather frustrating. However, in leiu of the poorly supported js Set type, plain old objects can be massaged into acting as both sets and dicts:

    
    // Python: d = dict()
    var d = {};
    
    // d['key'] = 'value'
    d['key'] = 'value';
    
    // d.get('nonexistent', 'fallback')
    d.hasOwnProperty('nonexistent') ? d['nonexistent'] : 'fallback';
    
    // d.keys()
    Object.keys(d);
    
    // s = set()
    var s = {};
    
    // s.add(1)
    s[1] = true;
    
    // 1 in s
    s.hasOwnProperty(1);
    
    // Accessing all values in set:
    Object.keys(s);
    

    Notes: the in operator can be used to test membership, but will incorrectly return true for __proto__, as well as all properties up the prototype chain, i.e. all properties and methods of Object. hasOwnProperty is much safer to use.

    Similarly, the use of the ternary operator for get-item-with-fallback could in theory be replaced with d['item'] || 'fallback', unless of course the value stored was falsey, in which case the or will incorrectly return a truthier fallback.

  2. MTU has this wonderful explanation of the differences in physics between open/closed conical and cylindical bore instruments. Try some of the equations out in grapher or an equivalent!

    Open cylindrical bore (e.g. panpipes): y=sin(nx)

    Closed conical bore (e.g. saxophone): y=sin(nx)/nx

    where n is the harmonic e.g. 1, 2, 3, 4 etc. in both cases.

  3. Slowly getting a PuSH subscription service working. It should be fairly easy to turn it, once finished, into a layered library so people can either bolt it onto a Silex/Symfony app and have it all just work, or use the lower level client and logic in other frameworks.

  4. superfeedr: @BarnabyWalters Pinging from http://blog.superfeedr.com/indieweb-microformats-fragments-subscriptions/ … to http://waterpigs.co.uk/notes/4T3FSd/  I get "Source URI does not contain a link to the target URI"

    @superfeedr thanks for the heads-up, it was a caching issue in — now squashed with your mention happily on my page! I need to make taproot show names of blog posts instead of/in addition to the first bit of text.

  5. Problems with Hash Fragment Subscriptions

    Superfeedr has this awesome feature allowing you to subscribe to fragments of an HTML page rather than the whole thing — perfect for cases where the publisher of the HTML page doesn’t send PubSubHubbub pings to let the hub know when content has changed, as this forces the hub to poll the content and notify subscribers on even the smallest change to the content.
  6. Last night: fixed intonation, fitted tapping string. Even without a dedicated EM pickup it’s sounding great! Can’t wait to get it hooked up to an amp.

  7. Fixed a simple security hole in , uncovered unintentionally by an attack mounted ≈5hrs ago — intent appeared to be to create new user accounts, unintended result was the creation of a new, empty article.

    Hundreds of requests were made against URLs similar to these:

    • /articles/do.php
    • /articles/modules.php?app=user_reg
    • /articles/index.php?app=home&mod=public&act=register
    • /action/sign_up
    • /articles/sign_up.html
    • /articles/?page=login&cmd=register
    • /articles/tiki-register.php
    • /articles/index.php?page=register&action=register
    • /index.php?page=item&action=item_add
    • /articles/index.php?user/create_form/
    • /articles/join.php
    • /articles/index.php?dll=register
    • /articles/index.php?option=com_community&view=register
    • /articles/register.php
    • /articles/signup.php

    Presumably these URLs are compromised on other systems — needless to say they are far too ugly to exist in ! I’m unsure exactly why /articles was used as the base URL for the attack in all cases apart from two.

    As these URLs don’t exist, and will never exist, it should be safe enough to add server- or application-level filters immediately closing any requests which include them.

  8. And my hurdy gurdy is fixed! Huge thanks to Brooks Hood for letting me use his workshop space — top guy, highly recommended for guitar repair work if you’re in Reykjavík.