Simon Willison’s Weblog

Subscribe

Tuesday, 14th April 2009

Amazon Says Listing Problem Was an Error, Not a Hack (via) “A friend within the company told him that someone working on Amazon’s French site mistagged a number of keyword categories, including the ’Gay and Lesbian’ category, as pornographic, using what’s known internally as the Browse Nodes tool. Soon the mistake affected Amazon sites worldwide.”

# 8:32 am / security, amazon, amazonfail, csrf

Visualising Sorting Algorithms. Aldo Cortesi dislikes animations of sorting algorithms, so he designed a beautiful technique for statically visualising them instead (using Python and Cairo to generate the images).

# 8:55 am / aldo-cortesi, python, cairo, sorting, algorithms, visualisation

You guys are moving on this stuff too fast! Welcome to 2002, when lots of us had more spare time than employment and we deployed new crap like this on our blogs and sites daily.

Les Orchard

# 8:57 am / nostalgia, les-orchard, revcanonical

Reducing XSS by way of Automatic Context-Aware Escaping in Template Systems (via) The Google Online Security Blog reminds us that simply HTML-escaping everything isn’t enough—the type of escaping needed depends on the current markup context, for example variables inside JavaScript blocks should be escaped differently. Google’s open source Ctemplate library uses an HTML parser to keep track of the current context and apply the correct escaping function automatically.

# 9:26 am / html, google, ctemplate, django, escaping, open-source, security, xss

Counting the ways that rev=“canonical” hurts the Web. Mark Nottingham complains about misapplied trust (a page can falsely claim to be the canonical URL for another page), the easy confusion between rev and rel and the lack of discussion with relevant communities.

# 2:11 pm / mark-nottingham, revcanonical, standards, urls

London’s abandoned Underground Stations on Google Street View. “The network is littered with buildings that belonged to stations that closed their doors to the public because routes were changed and diverted, or because there was just too little traffic to make them viable. Here are some of the remnants of disused Underground stations that you can see on Google’s Street View of London.”

# 2:51 pm / google, martinbelam, streetview, underground, london

We did some studies and found that the attribute was almost never used, and most of the time, when it was used, it was a typo where someone meant to write rel="" but wrote rev="". To be precise, the most commonly used value was rev="made", which is equivalent to rel="author" and thus was not a convincing use case. The second most common value was rev="stylesheet", which is meaningless and obviously meant to be rel="stylesheet".

Ian Hickson

# 4:34 pm / ian-hickson, hixie, revcanonical, rev, html5, markup