Simon Willison’s Weblog

Subscribe

January 2007

Jan. 15, 2007

CSS library for Python (via) “A Python package to parse and build CSS Cascading Style Sheets. Partly implements the DOM Level 2 Style Stylesheets and CSS interfaces.”

# 2:32 am / css, python

The Django newforms-admin branch. This should make customising the Django admin application a whole lot easier.

# 2:43 am / django, admin, newforms, branch

Free VMware Server in action. I’m interested in reading more case studies of Virtual Machine deployments in the wild.

# 3:18 am / virualization, vmware, casestudy

Five things you may not know about me: 1. My PIN number. 2. The root password for my computer. 3. Where I put the front door key. 4. My sexual peccadillos. 5. What I’ve got in my pocketses.

Jeremy Keith

# 11:44 am

jQuery 1.1. jQuery is one year old. The latest release features API improvements and some significant optimisations.

# 5:13 pm / jquery, javascript

Jan. 16, 2007

As software architects, power consumption is now squarely in our camp to manage. There is plenty we can do to improve the quantity of power our data centers consume. [...] This is not just a hardware problem any longer.

Dan Pritchett

# 8:20 am / dan-pritchett, power

OpenID users can be just as trusty as local users. Martin Atkins makes a similar argument to my own: OpenIDs are trustworthy, provided you subject them to the same authentication steps (CAPTCHA/e-mail validation) as regular users.

# 11:13 am / openid, martinatkins

How can my non-tech-savvy Mum maintain her own website?

Here’s a trick I’ve used in the past. Find a simple wiki package (I used Tavi). Install it, twice. Point both installations at the same backend database. Now password protect one of them with .htaccess—that’s the one that gets used to edit her site. Make some simple template modifications to the other one to make it not look like a wiki—remove the edit links (and delete the edit saving code for good measure), configure it to display WikiLinks with spaces in the middle, then add the site’s navigation around the top. This wiki will be the public site.

[... 216 words]

New Dutch accessibility law. Sounds extremely forward thinking, designed by people who really understand the field. Just one problem: the guidelines are only available in Dutch!

# 12:59 pm / dutch, ppk, accessibility, guidelines, law

Gmail Atom feeds. Could be useful as a pipe for creating an e-mail interface to an existing Atom-consuming application.

# 2:50 pm / gmail, atom

Jan. 17, 2007

MySpace: Too Much of a Good Thing? CSS customization really was just the result of forgetting to strip HTML. They “eventually” decided to filter out JavaScript(!)

# 9:09 am / myspace, css, javascript, xss, security

Inside MySpace.com. Case study of scaling against a network effect. Includes pretty honest coverage of the mistakes made along the way, although the article was put together second hand from conference presentations rather than from interviews.

# 9:18 am / myspace, scaling

Mono-based device wins Best-of-Show at CES. “The Sansa Connect is running Linux as its operating system, and the whole application stack is built on Mono, running on an ARM processor.”

# 11:21 pm / mono, linux, hardware, ces, open-source

FIPA Abstract Architecture. Bill de hÓra shows how the work of the Intelligent Agents community relates to SOA / WS-*. We studied FIPA at University and the parallels to parts of the Web Service stack are pretty interesting.

# 11:32 pm / soa, bill-de-hora, fipa, ai-agents

Jan. 18, 2007

Planet OpenID. Aggregating news about OpenID—surprisingly high traffic.

# 12:04 am / openid, planet

Visual Security: 9-block IP Identification. Smart (and pretty) trick for showing a representation tied to a commenter’s IP address without affecting their privacy.

# 4:55 pm / ip, donpark, 9block, privacy

Jan. 19, 2007

The NHL’s All-Star voting disaster. The NHL ran an online poll to decide which players are picked for their All-Star Game. The only authentication was a poorly implemented CAPTCHA. Unsurprisingly, it got gamed.

# 9:50 am / gaming, nhl, security, captcha, stupid

MySpace Blocking Widgets? Making your business dependent on revenue from MySpace is sharecropping of the worst possible kind.

# 9:54 am / myspace, sharecropping, widgets

Introducing: World Explorer and TagMaps. “Can we automatically extract information from Flickr geotagged images to create a rich visualization of the world we live in? The answer is: you bet.”

# 9:55 am / yrb, tagging, flickr, maps

TagMaps. The toolkit behind the new YRB World Explorer, available to developers as a reusable Flash component.

# 10:01 am / tagmaps, worldexplorer, yrb, flash

Solving the OpenID phishing problem

Most of the arguments I hear against OpenID are based on mis-understandings of the specification, but there is one that can’t be ignored: OpenID is extremely vulnerable to phishing.

[... 531 words]

Links to academic papers on phishing. Posted to the openid-general list by Mike Beltzner.

# 5:32 pm / academic, openid, phishing

I can also sum things up for you even more succinctly:

  • users are task oriented, driving to complete the goal the
    quickest way possible
  • users pay more attention to the content area than the browser chrome
  • users don't understand how easy it is to spoof a website

Mike Beltzner

# 5:33 pm / openid, phishing

Jan. 20, 2007

MonsterID as Gravatar Fallback. Cute monsters created using a trick similar to Don Park’s 9-blocks. I like these more than gravatars.

# 11:21 pm / monsterid, 9blocks

XMPP OpenID server. An OpenID provider that sends you a Jabber message when you try to log in, to help guard against phishing.

# 11:24 pm / xmpp, openid, phishing

Fork JavaScript. A great name for Yet Another JavaScript Library. This one tries to combine the best bits from YUI and Prototype.

# 11:39 pm / forkjavascript, javascript, yui, prototype

Jan. 21, 2007

Phishing and OpenID: Bookmarks to the Rescue? Ping extends my proposal to use bookmarks as the principle authentication mechanism, resulting in a system that is much easier for people to understand.

# 1:36 am / phishing, bookmarks, ka-ping-yee, openid

Anonymous OpenID. A mailinator-style service for OpenID. I’m glad someone’s built this; it reinforces the idea that an OpenID should not be trusted as an account without first using a verification step.

# 2:03 am / openid, mailinator

Jan. 22, 2007

Social whitelisting with OpenID

A key feature of OpenID is that it provides a globally unique identifier for every user, no matter what site or service they are using on the Web.

[... 502 words]

Subtlety (via) Instantly create an RSS feed from a public subversion repository.

# 8:20 am / subversion, rss, syndication

2007 » January

MTWTFSS
1234567
891011121314
15161718192021
22232425262728
293031