Simon Willison’s Weblog

Google Code Blog: Two new ways to location-enable your web apps. The Gears Geolocation API isn’t very exciting just yet as it only really works on windows mobile devices, but the new google.loader.ClientLocation Ajax API is great—it gives you the user’s location based on looking up their IP address, saving you from needing to install a IP-to-geo lookup database.

# 10:12 am / location, gears, geolocation, clientlocation, javascript, apis

Gears API Blog: Gears 0.4 is here! New features are Geolocation, a Blob API for dealing with arbitrary binary data, onprogress() events for tracking HTTP downloads and uploads (meaning progress indicators) and the built-in Gears dialogs localized to 40 languages.

# 10:14 am / gears, geolocation, onprogress, javascript, blobapi, http

Get Lat Lon now has a “Get my location (by IP)” button. It took all of five minutes to add using the new google.loader.ClientLocation API. The button is only visible if your location can be resolved.

# 10:16 am / location, javascript, clientlocation, getlatlon, projects

Visualization Strategies: Text & Documents. “List of ...” style posts usually make me want to stab someone with a fork; this is how that kind of post should be done—well researched, carefully written and, most importantly doesn’t call itself a “Top X Ys that will Z your ZZ”!

# 11:17 am / visualization, lists

TraceMonkey. Brendan Eich has been preaching the performance benefits of tracing and JIT for JavaScript on the conference circuit for at least a year, and the results from the first effort to be merged in to Mozilla core are indeed pretty astounding.

# 11:13 pm / john-resig, tracemonkey, javascript, mozilla, performance, brendan-eich, jit

DoS vulnerability in REXML. Ruby’s REXML library is susceptible to the “billion laughs” denial of service attack where recursively nested entities expand a single entitity reference to a billion characters (kind of like the exploding zip file attack). Rails applications that process user-supplied XML should apply the monkey-patch ASAP; a proper gem update is forthcoming.

# 11:11 am / rails, ruby, rexml, xml, security, dos, billionlaughs

Tip: Configure SAX parsers for secure processing. Explains the billion laughs attack, among others.

# 11:12 am / billionlaughs, xml, security, sax, elliotte-rusty-harold

Film + Food & drink | guardian.co.uk (via) The Guardian’s publishing system supports tag intersections based on the URL; this page shows all film stories that also mention food. There’s even an RSS feed.

# 11:18 am / intersection, feeds, guardian, rss, tags

The Python Property Builtin. The always-educational Adam Gomaa explains the Python property built-in and shows how it can be used to improve Django’s model-based URL generation.

# 1:08 pm / django, python, property, adam-gomaa, urls

Django documentation (for 1.0). The documentation refactor is in: the docs for the upcoming 1.0 release have been tidied up, rearranged and ported to a new documentation system based on Sphinx (the Python documentation toolkit, NOT the full-text search engine). The URL has also changed to docs.djangoproject.com.

# 10:49 am / python, documentation, django, sphinx-docs

jeresig’s sizzle. Sizzle is a new selector engine (work in progress, no IE support yet) from John Resig, designed to be small, standalone, library agnostic and ridiculously fast. It should eventually replace jQuery’s current selector engine, but if it stays around 4KB it’s also going to be really useful for projects that don’t need the overhead of a full library.

# 11:41 pm / john-resig, javascript, jquery, selectors, sizzle

“You’re No One If You’re Not On Twitter”. The inevitable Twitter song by Ben Walker (@ihatemornings), the resident troubadour at the Oxford Geek Nights. Go along on Wednesday to see him live!

# 8:59 pm / oxford-geek-nights, twitter, song, ben-walker

Oxford Geek Night 8—27th August 2008. Once again in the Jericho Tavern, this time with a musical theme.

# 9 pm / jerichotavern, oxford-geek-nights

Flickr Developer Blog: API Responses as Feeds (via) Flickr API calls that return a “standard photos response” (e.g. flickr.photos.search and flickr.favorites.getList) can now output eight different feed formats as well, including Atom, RSS flavours, geoatom, geordf and KML. Error codes are returned as X-FlickrErrCode HTTP headers.

# 10:20 pm / flickr, apis, feeds, kml, atom, geordf, rss, geoatom, http

Gears for Safari Beta. “Chances are it will break your browser. Please proceed with caution.”

# 4:27 pm / gears, google, safari, beta

json-tinyurl. Because sometimes you want to be able to create a shorter version of a URL directly from JavaScript without hosting your own server-side proxy.

# 10:58 am / jsontinyurl, json, jsonp, appengine, projects, javascript, tinyurl

Django 1.0 release party. The big ass-party will be at the Tied House in Mountain View on Saturday the 6th from 7pm. RSVP on the linked announcement.

# 12:07 pm / bigassparty, django, djangocon, tiedhouse, party, mountainview

Django 1.0 beta 2 released! 1.0 draws ever closer. Important new features include major documentation and comment system refactorings, plus the removal of a bunch of deprecated code (including oldforms). Feature and string freezes are now in place, so it’s just bugs and documentation improvements between now and the final release.

# 2:41 pm / django, python

Django snippets: Sign a string using SHA1, then shrink it using url-safe base65. I needed a way to create tamper-proof URLs and cookies by signing them, but didn’t want the overhead of a full 40 character SHA1 hash. After some experimentation, it turns out you can knock a 40 char hash down to 27 characters by encoding it using a custom base65 encoding which only uses URL-safe characters.

# 10:18 pm / django-snippets, django, python, hashes, sha1, base65, cryptography, security, cookies, signedcookies, urls

URLsafe base64 encoding/decoding in two lines. A much better solution than my base65 hack—if you understand how base64 padding works (I didn’t) you can use it to generate URL-safe compressed hashes. Performance should be significantly better than my version.

# 9:57 am / base64, urlsafe, base65, python

Using Akismet with Django’s new comments framework. A nice example that demonstrates two features that were recently rolled in to the Django 1.0 betas: the new signals library and the new comments framework.

# 10:12 am / comments, signals, django, python, akismet, spam

FriendFeed Blog: Simple Update Protocol. FriendFeed infamously poll RSS feeds on the 43 services they support millions of times an hour in an effort to keep their content as real-time as possible. SUP is a new proposal by FriendFeed for a sort of “master feed” of changes to a site—instead of hitting the Flickr feed for each of their users they would just poll Flickr’s SUP feed every minute or so to find out who had uploaded a new photo, and only retrieve the RSS feed for those users.

# 12:16 pm / friendfeed, sup, feeds, atom, rss, flickr, polling

Capital Radio (the new site). Launched today, this is the Django-powered project I’ve been working on with the fantastic team at GCap.

# 2:47 pm / django, capitalradio, gcap

How to use Google Code’s code review tool. I missed this, but Google Code now has a pleasantly simple code review system built in to the source code browser. You can add comments to any changeset, including annotations attached to individual lines of code.

# 4:25 pm / google-code, googleprojecthosting, codereviews

Capital Radio’s London Guide. Worth pointing out: the search / map interface on this page is one of the best examples of progressive enhancement I’ve ever seen. Try disabling JavaScript and see what happens. It seems like most developers just can’t be bothered with this kind of attention to detail these days, which disappoints me.

# 1:48 am / capitalradio, londonguide, progressive-enhancement, unobtrusivescripting, javascript, accessibility, google-maps