Simon Willison’s Weblog


March 2007

March 1, 2007

The Beauty Of The Diffie-Hellman Protocol. Some useful explanations here. Diffie-Hellman is used by OpenID to establish a shared secret between the provider and the consumer.

# 10:08 pm / openid, diffiehellman, reddit, cryptography

More Django (likely more than is healthy). Jacob’s advanced Django tutorial from PyCon. I really like the template he’s using to present the slides and notes.

# 11:08 pm / jacob-kaplan-moss, django, pycon, tutorial, keynote

March 2, 2007

Permalink Redirect WordPress Plugin (via) Neat WordPress plugin that forces a redirect to an item’s permalink if the URL has any extra crud in it.

# 12:49 am / wordpress, disambiguated, urls, plugins

Steampunk Star Wars (via) Beautiful illustrations of Star Wars re-imagined in a steampunk context.

# 9:38 am / starwars, steampunk, illustrations

[...] I'm a fan of the virtual machine future. We should treat our operating system like a roll of paper towels. If you get something on it you don't like, you ball it up and throw it away, and rip off a new, fresh one.

Jeff Atwood

# 10:21 am / virtualization, jeff-atwood

i’m Home. “Every time you start a conversation using i’m, Microsoft shares a portion of the program’s advertising revenue with some of the world’s most effective organisations dedicated to social causes.” Microsoft are now getting their marketing ideas from spam e-mail forwards.

# 10:43 am / funny, im, microsoft, spam

Brian Cox at LIFT07. An accessible 20 minute explanation of particle physics and the Large Hadron Collider.

# 11:39 am / cern, large-hadron-collider, brian-cox

Adobe wants to be the Microsoft of the Web. The base platform technology for RIAs is too important to be controlled or designed by any single party.

# 1:01 pm / ted-leung, adobe, flash, flex, rias

Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL.

# 1:11 pm / json, security

Math for the Masses. now supports inline LaTeX. A great example of a feature that will turn a small subset of a user base in to life-long fans.

# 2:44 pm / wordpresscom, latex

March 3, 2007

WordPress 2.1.1 dangerous, Upgrade to 2.1.2. Helping to spread the word. You’re affected if you’ve downloaded WordPress 2.1.1 in the last three or four days.

# 8:06 am / security, wordpress

Programming Erlang. A book on Erlang from the creator of the language himself, out in July but available to buy now as a beta PDF.

# 8:49 am / erlang, books, joe-armstrong

March 4, 2007

Rack. “Rack provides an minimal interface between webservers supporting Ruby and Ruby frameworks”. Ruby’s equivalent of WSGI has just hit v0.1.

# 8:49 pm / rack, ruby, wsgi

json-taglib. Because JSON just doesn’t have enough angle brackets.

# 8:52 pm / json, xml, jsp

Scaling Python for High-Load Web Sites. Slides from a talk at PyCon. Be sure to switch to the notes view (Ø in the bottom right)—a really nice overview of scaling up from a CGIs to load balanced, memcached Python application servers.

# 9:14 pm / memcached, python, scaling, pycon

pear 0.8. “A libevent/pyevent-based locking session daemon for the web”. Relational databases aren’t particularly well suited to the access characteristics of session data.

# 9:19 pm / sessions, libevent, python

PHP 4 phpinfo() XSS Vulnerability. Another reason not to run an open phpinfo() page on your server.

# 9:24 pm / php, phpinfo, xss, security

Five things I hate about Python. By Jacob Kaplan-Moss. I didn’t know you could force eggs to install unzipped with an option in ~/.pydistutils.cfg—that’s always been my least favourite thing about them.

# 10:32 pm / eggs, python, jacob-kaplan-moss

March 5, 2007

Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.

# 2:38 pm / delegation, delegationcoupons, kimcameron, identity, authentication

Dashcode review. “Dashcode is quite possibly the best non-Firebug Javascript environment I’ve ever used.” High praise indeed.

# 9:06 pm / dashcode, firebug, widgets, javascript

JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.

# 10:51 pm / joe-walker, json, csrf, security

March 6, 2007

phpbb-openid: Your AIM screen name is your OpenID. Log in to a phpBB board with an AOL OpenID and it will try to associate your OpenID with an account that lists that AIM in the profile. This is the kind of behaviour I talked about in my FOWA talk.

# 7:57 am / phpbb, openid, fowa, aim, aol, phpbbopenid

Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway.

# 8:06 am / json, security, xss

OpenID on My first project launch as a freelancer. You can now use your blog as an OpenID.

# 8:41 pm / openid, wordpress, wordpresscom, freelance

Hacking with Python. Nat introduces snaflr, a Python script for republishing selected links from a number of users to one communal account.

# 11:11 pm / delicious, python, natalie-downe

March 7, 2007

37 Signals’ next app Highrise will support OpenID. I can’t wait to see how the 37 Signals team deal with the UI challenges involved in supporting OpenID logins.

# 9:23 am / openid, 37-signals, highrise

On any given Web page, users will either click something that appears to take them closer to the fulfillment of their goal, or click the Back button on their Web browser.

Mark Hurst

# 1:58 pm / viawilson, mark-hurst, usability

W3C Relaunches HTML Activity (via) “XHTML has proved valuable in other markets” == XHTML on the public Web has failed. Long live HTML!

# 10:34 pm / html, xhtml, w3c

Relying Party Best Practices. Proposed guidelines for OpenID consumers from Martin Atkins, currently under discussion on the mailing list.

# 11:45 pm / martin-atkins, openid, bestpractices

March 8, 2007

Web Focus Leads Newspapers to Hire Programmers for Editorial Staff. It’s great to see this trend taking off. A newsroom is an excellent place to work as a programmer.

# 12:27 am / newspapers, programmers, jobs, adrian-holovaty, jacob-kaplan-moss