Web Info & Tutorials

Ian Hickson likes to get practical. He was able to run some reports on ~ten billion documents in the Google index
, and used the data to be able to give real advice to HTML parser implementors.

As always, it is always interesting to see what real world data throws out at you.

The three sets of data that I posted are all derived from parsing several billion documents from Google’s Web search index using a parser I wrote in Sawzall.

The first set of data gives the relative aggregate distribution of invocations of the “in head”, “in body”, and “in table” insertion modes, for each of the insertion modes. This allows implementors to determine, for instance, that invoking the “in body” code while in a cell must be very efficient, while invoking the “in body” code from the “after frameset” code need not be as efficient, in case the implementor has a strategy that optimises one at the cost of another. See: documentation, data.

The second set of data gives the relative aggregate distribution of tokens for each phase/insertion mode pair. This can help implementors that are using a cascade of if statements decide on the right order for their statements. For instance, the most common token type seen in the “in body” insertion mode is character data, and the second most token is the start tag token for an a element, but the isindex start tag was almost never seen. This tells implementors that they should check for characters and a start tags long before checking for isindex tags. See: documentation, data.

The last set of data examines the number of attributes per element. It allows implementors to decide on the optimum memory allocation strategy for attributes. For example, since most elements have 9 or fewer attributes, the data structure that stores attributes can be optimised for simply having 9 attributes, using little memory, and if an element has more than this number of attributes, the implementation can switch to a separate implementation that is more memory-heaving but is optimised for large numbers of attributes. See: data.

Joe Walker has spoked about adding SameRefererOnly to the cookie spec.

I think we could adapt an idea like HttpOnly to tackle CSRF - I’d like to see a “SameRefererOnly” marker for cookies.

SameRefererOnly is an indication that a cookie should only be sent to a Site when the referring domain is the same as the destination domain.

A number of people have commented that you could use server based referer checking to fix CSRF, however that doesn’t work for 2 reasons, firstly sometimes referers are not sent, and secondly using old versions of Flash, you can forge referer headers anyway.

However if we move the checking into the browser, then we should be able to instruct browsers to be more careful what they do without our cookies.

In other security news, Christian Matthies has explained DNS Pinning which includes pretty pictures:

We’re pleased to announce our new job board. We get tons of inquiries from people who want to us to post information about their job opportunity. We tried to keep up by posting these into a Job category on the site, but it was always a second class citizen and it would get lost.

Since we knew that people wanted the feature, we looked for a self-service system, and found one.

The board is much more user-friendly, for those looking for new jobs and those looking for new employees. Catch-all recruitment sites deliver hundreds of unqualified resumes. Industry-specific job boards are the way to go. Thanks for the interest expressed in an Ajaxian job board. It’s finally arrived.

For Job Hunters

This community is in a fantastic position. The San Jose Mercury News ran a piece a few months back talking about how hard it is to find anyone knowledgeable in Ajax related technologies. You can afford to be picky, find rewarding and creative jobs, oh, and you can make a good living doing it!

Take a peak at what is on offer on the board now. It has just started, so we expect to see more new exciting opportunities.

For Job Posters

If you need qualified Ajax personnel this is the place for you. We, the Ajaxian community, are proud of our abilities, and we are changing the web. Get direct access to qualified, skill-hungry innovators, who are top notch JavaScript developers, architects, and user experience folk.

Go ahead and post your job. It is $100 for 30 days.

Marketo produces code for managing your wager engine marketing.

The agency itself is rattling rich, and offers prototypal collection practice of Ext JS and jQuery. You crapper wager an online demo, and you module attending flush plateau and tree components, and the generalized “looks same an app” feel.