Simon Willison’s Weblog

Socks away! Roald Dahl’s wartime sex raids. That explains “My Uncle Oswald”.

# 1:43 pm / funny, roalddahl

Preparing to rescue Hubble. The Big Picture has pictures of the preparations for next month’s Space Shuttle Atlantis mission to repair the Hubble Space Telescope for the last time, including a photo of astronauts practicing underwater.

# 1:54 pm / space, hubblespacetelescope, spaceshuttle, nasa, thebigpicture, photography

Google Chrome, the comic book (via) Google have finally announced a browser project, though it’s currently vapourware (or rather comicware), existing only as a Scott McCloud comic. Still, it looks fascinating—entirely open source, WebKit with a brand new JavaScript VM, every tab running in a separate process for smarter memory usage and some new UI concepts and anti-pishing measures thrown in as well.

# 7:45 pm / googlebrowser, google, scott-mccloud, javascript, webkit, phishing, antiphishing, usability, chrome

What’s New in Python 2.6. The new multiprocessing package looks pretty useful, especially as it provides a way to work around Python’s GIL.

# 9:03 pm / gil, python, multiprocessing

Chromium. Google Chrome is out! Here’s the open source project, including the code for the new V8 JavaScript virtual machine.

# 9:06 pm / google, browsers, open-source, v8, javascript, chromium, chrome

V8 Design Elements. High level design details of Google’s V8 JavaScript engine, including how it uses “hidden classes” to optimise object property lookups and a bit of information on the machine code generation and garbage collection.

# 11:58 pm / google, javascript, v8, chrome

Django: Security fix released. The Django admin used to save partially-submitted forms if your session expired, and continue the submission when you logged in. It turns out that’s actually an unblockable CSRF exploit and is hence broken as designed, so it’s now been removed. Thanks Ed Eliot and other GCap colleagues for helping me flesh out the potential attack.

# 12:14 am / csrf, django, security, exploit, edeliot, gcap

We haven’t changed the name of the conference to “Over Quota”. Aral is having intermittent App Engine quota problems, which are proving impossible to debug. I had a similar problem with an App Engine app a while ago—the quota / debugging story really needs fixing.

# 1:37 pm / aralbalkan, appengine, google

dmigrations thread on Django Nashville. The Django Nashville Google Group is currently hosting the most interesting discussion of dmigrations.

# 10:36 pm / dmigrations, django, python, nashville, google-groups

Low level hooks for multi-database support in Django. As discussed in this sub-thread on reddit: The internal Django Query class has a ’connection’ attribute which can be set by the constructor. This low level hook is the secret to talking to more than one database at once, but higher level APIs have not yet been defined. Jacob Kaplan-Moss: “As a matter of fact, at least a couple high-traffic Django sites are using the new hooks.”

# 11:33 pm / reddit, django, query, multidb, python, jacob-kaplan-moss

Django 1.0 released! Outstanding. Massive thanks to everyone who contributed. We made it!

# 1:08 am / django, python, release, celebration

Django 1.0 release notes. What’s new in Django 1.0. Short answer: one heck of a lot.

# 1:10 am / django, python, releasenotes

The story behind Google Chrome. Superbly researched by Niall Kennedy—a detailed overview of the staff and acquisitions that went in to Google Chrome.

# 1:50 am / chrome, google, niallkennedy

Think Wize crew celebrates the Django 1.0 release. With a trip to the Django Reinhardt museum at his birthplace in the village of Liberchies, Belgium.

# 1:55 pm / djangoreinhardt, django, belgium, thinkwize

Document startups in chaos as Adobe’s Flashpaper discontinues. Don’t be a sharecropper.

# 1:57 pm / sharecropping, adobe, flashpaper, startups

Cappuccino Web Framework. Now open source (LGPL)—the Objective-C-in-JavaScript web application toolkit from 280 North, who are speaking at this year’s FOWA in October. Beautiful logo.

# 3:27 pm / open-source, lgpl, javascript, objectivej, cappuccino

Django tickets with keyword “djangocon”. Adrian and Jacob ran an “I want a pony” session during their closing keynote at DjangoCon—I’ve filed the feature requests as tickets tagged with the “djangocon” keyword.

# 3:02 am / djangocon, djangocon08, iwantapony, django, python, adrian-holovaty, jacob-kaplan-moss, tickets

Django snippets: server with debugging backdoor. Six lines of code that uses spawning to fire up a Django server on port 8000 and a remote interactive interpreter backdoor on port 8001, so you can interogate the state of your server within the same process.

# 10:15 pm / django, spawning, python, debugging

django-html. A small project I’m working on to make Django behave better with regards to HTML v.s. XHTML.

# 11:59 pm / projects, djangohtml, django, html, python, xhtml

The web framework for ponies. At DjangoCon Cal Henderson suggested that Django should get a mascot with “magical powers”. Brian Veloso obliges.

# 11:59 pm / django, djangocon, calhenderson, ponies, brian-veloso

Hugely informative thread on multi-db support in Django. I brain-dumped some ideas for a Django multi-database connection API on the developer list, and got a ton of smart push-back from people who’ve been there and have the scars to prove it.

# 11:31 pm / multidb, django, databases

Dromaeo: JavaScript Performance Testing (via) This is one classy benchmark. Run it in as many browsers as you like (each run is saved to the server and assigned a run ID), then compare the results by appending ?id=[run1],[run2]... to the URL.

# 4:06 pm / benchmark, john-resig, dromaeo, javascript, performance

Interview with Ian Hickson about HTML5. Good questions, interesting answers, including an explanation and breakdown of the planned 2022 date for the final recommendation.

# 5:29 pm / html5, ian-hickson

The alt=“” attribute from Ian Hickson. In case you were wondering how it all ended, Hixie has a mammoth summary post explaining the facts and the potential alternatives.

# 5:45 pm / ian-hickson, html5, alt

Prototype based programming in python. Neat implementation of JavaScript-style prototype inheritance in Python.

# 5:50 pm / python, javascript, prototype

The TimeToLead.eu technical stack: Django and Flex. Nice case study of a site using Django’s i18n support along with django-rosetta.

# 8:33 pm / django, rosetta, i18n, torchbox, jpstacey, timetolead, flex, python

OAuth on the iPhone. Mike from Pownce explains their superbly implemented OAuth flow for the Pownce iPhone app, and how much push-back they got on it from regular users. One interesting point is that an iPhone application could “fake” a transition to mobile safari using core animation as part of a sophisticated phishing attack. This is a flaw in the iPhone OS itself—it does not offer a phishing-proof chrome as part of the OS.

# 9:47 pm / oauth, iphone, security, phishing, pownce, mike-malone

djangopony.com (via) “Magic that can’t be removed”

# 12:10 pm / djangopony, pony, django, magic