News roundup: Crankshaft, WebSockets disabled, 3d Christmas tree

Crankshaft for V8

an expository essay

Crankshaft is a new JIT compilation infrastructure for V8, the JavaScript engine that powers Chrome and node.js. It offers very significant speed gains and has increased V8’s performance by 50% on their its own V8 benchmark suite, as well as increase the page load performance by 12% for JavaScript-heavy pages such as Gmail.

There’s also an interesting note explaining that Crankshaft has a less noticeable effect for smaller scripts, such as those in the SunSpider benchmark:

“The idea is to heavily optimize code that is frequently executed and not waste time optimizing code that is not. Because of this, benchmarks that finish in just a few milliseconds, such as SunSpider, will show little improvement with Crankshaft. The more work an application does, the bigger the gains will be.”

As always in this friendly JavaScript engine arms race, Mozilla was at the ready with a friendly response by David Mandelin, which included his analysis and pointed out some of the new concepts Crankshaft brings to the table. He also mentions, most importantly, that Mozilla’s own JavaScript engine JaegerMonkey won’t get left behind.

WebSockets disabled by default because of caching proxy vulnerability

WebSockets has now been disabled by default in Firefox and Opera due to a security vulnerability detailed in this paper.

This post at the Pusher App blog offers a bit of a level-headed explanation, explaining that the vulnerability isn’t with WebSockets itself, but with buggy caching proxies which are susceptible to cache poisoning. It offers the explanation that the vulnerability was detected with Java and Flash clients, and has probably been in the wild for quite a while with technologies other than WebSockets. It’s only now come up likely because of the expected scrutiny and poking around on a new up-and-coming technology like WebSockets.

It’s interesting to note that Chrome was going to follow suit and also disabled WebSockets by default, but decided to leave it on, in favor of using a different handshaking mechanism (CONNECT) that appears to be immune to the vulnerability.

Christmas tree in canvas (JS1k)

With the Christmas JS1k competition under way, a few entries are starting to make the rounds! This canvas-based 3d rotating Christmas tree is quite impressive all on its own, and even more impressive considering it’s 1023 bytes, just one character short of the 1k limit.

Releases

JavaScriptMVC 3.0: Good To Go! – Jupiter JavaScript Consulting
Popcorn.js 0.2 Facelift – Popcorn.js 0.2 Facelift – Bocoup Web Log
qooxdoo 1.3

Upcoming Events

Node.js Camp SF (Dec 14, 2010 in San Francisco)
The Faster Websites Online Conference (Dec 16, 2010 online)
JS Boot Camp (February 10-11, 2011 in Reston, Virginia, US)
JSConf 2011 (May 2-3, 2011 in Portland, Oregon, US)
NodeConf 2011 (May 5, 2011 in Portland, Oregon, US)

Tidbits

A Web of Sync: Sencha developer James Pearce discusses MVC and the open web stack.
JavaScript Advent Calendar 2010 のリンク集-: a Japanese JavaScript Advent Calendar in a JSON object on GitHub.
JavaScript Snow: DHTML Snowstorm: by Flickr developer Scott Schiller
htracr: a packet sniffer and visualisation tool for HTTP (in node.js)
JavaScript has become the most popular language on GitHub (overtaking Ruby).
LivelyCouch: a framework that integrates Node.js with CouchDB and is driven by HTTP events
jquery Mobile + CouchDB: Part 1 – Getting Started
oia: A port of the Io programming language to Javascript.
Implementing a Fixed Position iOS Web Application
The Latest Updates to JavaScript 1.8.5
Loading Javascript Modules | Programming, Languages, Tools
The Big List of JavaScript, CSS, and HTML Development Tools, Libraries, Projects, and Books – Rey Bango
Namespacing in JavaScript | JavaScript, JavaScript
stackJS: A javascript module loader and dependencies handler
PHP Advent 2010 / JavaScript for PHP Developers
BitmapData.js: HTML5 Canvas API implementation of the AS3 BitmapData class.
InfoQ: Yehuda Katz Discusses SproutCore
Font events: Using JavaScript callbacks « The Typekit Blog
DailyJS: Node Tutorial Part 5
High Performance Web Sites :: Evolution of Script Loading
Backbone.js: Introducing The Backbone Store! by Elf Sternberg
HTML5 Script Execution Changes in Firefox 4 Beta 7
sprite.js: a framework that lets you create animations and games using sprites in an efficient way
capuchin: A JavaScript implementation running on the Rubinius VM
Coding Better Object-Oriented JavaScript with Closure Compiler
Animating Isosurfaces with WebGL and Workers

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • Google
  • description
  • Reddit
  • TwitThis
  • Simpy
  • StumbleUpon

One Comment

  1. [...] in December 2010 WebSockets started to get disabled by default on browsers because of a security vulnerability. The [...]




© webdevpublishing 2011