Simon Willison’s Weblog

Subscribe

Tuesday, 12th August 2008

Exposure (iPhone app) behaves suspiciously. Exposure on the iPhone does OAuth-style authentication incorrectly—it asks the user to authenticate in an embedded, chromeless browser which provides no way of confirming that the site being interacted with is not a phishing attack. Ben Ward explains how the Pownce iPhone app gets it right in the comments. Exposure author Fraser Spiers also responds.

# 7:47 am / oauth, exposure, flickr, iphone, ben-ward, phishing, pownce, security

IMG-2-JSON (via) I’m not the only person deploying simple JSON-P APIs on App Engine: Adam Burmister’s tool extracts dimension, mimetype and EXIF metadata when provided the URL to an image file.

# 9:43 am / jsonp, appengine, img2json, adam-burmister, mimetype, exif, json, api

Reviews of the Pownce app on the iPhone app store on Flickr. I had to stitch together a screenshot because you can’t actually link to content in the App Store (unless you don’t care that people without iTunes won’t be able to follow your link). Three out of the four reviews complain about the OAuth browser authentication step, which is frustrating because Pownce have implemented it so well.

# 11:05 am / oauth, usability, pownce, iphone, security, phishing, appstore, itunes

Carphone crackdown on phone insurance scam. Story from 2005 but relevant today: I’ve been pestered by scam calls about phone insurance since buying my iPhone from Carphone Warehouse yesterday—the scammers apparently wardial against Carphone Warehouse’s assigned blocks of numbers. Caused a bit of a scene on Twitter until I figured out Carphone Warehouse weren’t actually at fault.

# 11:45 am / carphonewarehouse, scams, iphone, insurance

Django snippets: RequestFactory. I’ve been wanting this for ages; when I finally got around to writing it it turned out to only be a dozen or so lines of code. Makes it easy to create mock request objects in Django, which you can then use for testing view functions directly (bypassing the current test client mechanism which requires views to be assigned to a URLconf before they can be tested).

# 12:40 pm / django, testing, requestfactory, code, python, httprequest

Fire Eagle has launched! No need for an invite any more, hooray!

# 9:33 pm / fireeagle, location, yahoo