Simon Willison’s Weblog

Subscribe

October 2008

Oct. 26, 2008

YouTube Enables Deep Linking Within Videos. Add #t=1m45s to the end of a YouTube URL to jump to that spot. I’d be a lot more impressed by this if visiting a YouTube link in the UK didn’t use IP geo targetting to redirect me to uk.youtube.com, losing the fragment identifier and hence the #t specifier in the process.

# 8:28 am / broken, geoip, fragments, urls, youtube

Web Security Horror Stories: The Director’s Cut. Slides from the talk on web application security I gave this morning at <head>, the worldwide online conference. I just about managed to resist the temptation to present in my boxers. Topics include XSS, CSRF, Login CSRF and Clickjacking.

# 12:15 pm / security, xss, csrf, logincsrf, clickjacking

Oct. 27, 2008

Windows Live Adds Support For OpenID. I hope they include the option to log in to the provider using CardSpace, to address phishing.

# 9:34 pm / phishing, cardspace, openid, microsoft, techcrunch, live

typeface.js. Outstanding hack—renders custom fonts using VML in IE and canvas in everything else, using fonts that are defined as a set of vector paths stored using JSON.

# 11:45 pm / fonts, typefacejs, canvas, javascript, json, vml, typography

GeoCouch: Geospatial queries with CouchDB. Interesting approach: uses “external2”, a branch that allows external services to be called from CouchDB. SQLite’s SpatiaLite extension is then used as an external spacial index.

# 11:48 pm / geocouch, couchdb, erlang, sqlite, spatialite, external2

Where I’m actually living in augmented reality, Jefferson Airplane and what does this mean for photos. Rev Dan Catt takes us to the future.

# 11:53 pm / revdancatt, dan-catt, augmentedreality, rjdj, iphone

Oct. 29, 2008

I'm really typecasting myself here. If there were an international "Person most likely to write a Spectrum emulator in Javascript" award, I'd have taken it for the last five years running.

Matt Westcott

# 5:24 pm / matt-westcott, jsspeccy, javascript

JSSpeccy. A ZX Spectrum emulator written in Javascript.

# 5:25 pm / emulator, canvas, matt-westcott, javascript, jsspeccy, spectrum, zxspectrum

Oct. 30, 2008

Zeppelin 101 in 5 mins (via) Ribot videoed my five minute lightning talk on Zeppelins at last night’s Skillswap Brighton.

# 5:05 pm / video, speaking, lightningtalk, ribot, skillswap, vimeo, zeppelins

Ghostly fingers of APIs. Phil Gyford has a lovely diagram of the sites that he updates manually and the surprisingly large number of other sites that they affect.

# 5:08 pm / phil-gyford, apis

In the final Production release we will be adding the ability to sign in to the Live ID OpenID Provider using any of the credential types that can be used with regular Live ID sign-in's -- including CardSpace, SmartCard, eID, etc.

Jorgen Thelin

# 5:09 pm / cardspace, smartcard, eid, windowslive, openid, jorgen-thelin

New OpenID Implementations Abound. I’ve missed linking to a bunch of OpenID news recently—in particular, Google Accounts are becoming OpenID identifiers and LiveJournal has quietly ugraded its consumer support to OpenID 2.0.

# 5:11 pm / openid, google, livejournal, openid2, martinatkins

Yahoo, Caja, OpenSocial. Yahoo!’s new application platform uses OpenSocial, and protects itself from malicious JavaScript using Google’s Caja secure JavaScript engine. I hadn’t realised that Caja was ready for production use—this is excellent news.

# 5:14 pm / caja, yahoo, opensocial, javascript, security

2008 » October

MTWTFSS
  12345
6789101112
13141516171819
20212223242526
2728293031