Simon Willison’s Weblog

EuroDjangoCon 2009. Tickets are now on sale for the conference, scheduled for 4th-6th of May (not March as I originally said) in Prague (followed by two days of development sprints).

# 4:59 pm / django, djangocon, eurodjangocn, prague, python

Twitter Don’t Click Exploit. Someone ran a successful ClickJacking exploit against Twitter users, using a transparent iframe holding the Twitter homepage with a status message fed in by a query string parameter. Thiss will definitely help raise awareness of ClickJacking! Twitter has now added framebusting JavaScript to prevent the exploit.

# 7:56 pm / framebusting, javascript, security, clickjacking, twitter, chris-shiflett

Tokyo Cabinet: Beyond Key-Value Store. Useful overview of Yet Another Scalable Key Value Store. Interesting points: multiple backends (hash table, B-Tree, in memory, on disk), a “table” engine which enables more advanced queries, a network server that supports HTTP, memcached or its own binary protocol and the ability to extend the engine with Lua scripts.

# 11:17 am / keyvaluepairs, tokyocabinet, http, memcached, lua, hash, databases

pytyrant. A pure-python client library for the Tokyo Tyrant binary protocol (used to access Tokyo Cabinet databases over a network). The library appears to be developed by Bob Ippolito and the team at Mochi Media.

# 11:19 am / bobippolito, mochimedia, pytyrant, python, tokyocabinet, tokyotyrant

Specify your canonical. You can now use a link rel=“canonical” to tell Google that a page has a canonical URL elsewhere. I’ve run in to this problem a bunch of times—in some sites it really does make sense to have the same content shown in two different places—and this seems like a neat solution that could apply to much more than just metadata for external search engines.

# 11:28 am / search-engines, google, canonical, relcanonical, metadata, seo, urls

Tokyo Tyrant Tutorial. Buried at the bottom of the Tokyo Tyrant protocol documentation, this is the best resource I’ve seen yet for getting up and running with the database server (including setting up replication).

# 11:29 am / replication, tokyotyrant, tokyocabinet, databases, keyvaluepairs

Tokyo Cabinet and Tokyo Tyrant Presentation. By Tokyo Cabinet author Mikio Hirabayashi. The third leg of the Tokyo tripod is Tokyo Dystopia, a full-text search engine which is presumably a modern replacement for Mikio’s older hyperestraier engine.

# 11:34 am / hyperestraier, tokyocabinet, tokyotyrant, tokyodystopia, fulltextsearch, mikiohirabayashi

Xapian performance comparision with Whoosh. Whoosh appears to be around four times slower than Xapian for indexing and empty cache searches, but Xapian with a full cache blows Whoosh out of the water (5408 searches/second compared to 26.3). Considering how fast Xapian is, that’s still a pretty impressive result for the pure-Python Whoosh.

# 1:15 pm / whoosh, xapian, search, fulltextsearch, python, richardboulton

The Django and Ubuntu Intrepid Almanac. Will Larson’s impressively comprehensive guide to configuring and securing an Ubuntu VPS from scratch to run Django, using PostgreSQL and Apache/mod_wsgi behind nginx.

# 3:42 pm / apache, modwsgi, postgresql, nginx, django, ubuntu, vps, sysadmin, will-larson

Google App Engine 1.1.9 boosts capacity and compatibility. Niall summarises the recent changes to App Engine. urllib and urllib2 support plus massively increased upload limits and request duration quotas will make it a whole lot easier to deploy serious projects on the platform.

# 8:35 pm / appengine, niallkennedy, google, urllib

Web Hooks and the Programmable World of Tomorrow. Tour de force presentation on Web Hooks by Jeff Lindsay. Tons of really good ideas—provided your application isn’t Flickr sized, there’s a good chance you could implement web hooks pretty cheaply and unleash a huge flurry of creativity from your users. GitHub makes a great case study here.

# 9 pm / webhooks, github, jeff-lindsay, apis

Write to a Google Spreadsheet from a Python script. I didn’t know Google Spreadsheets could directly serve dynamic images that automatically update when the underlying data changes.

# 9:02 pm / googlespreadsheets, google-docs, google, python

“Recover my account” link on the login page. For the record, collecting and verifying e-mail addresses is a VERY good idea, even (especially?) if you accept OpenID. A verified e-mail address is still absolutely the best way to deal with lost passwords or “my OpenID isn’t working”.

# 10:22 pm / email, accounts, identity, openid

Dulwich. A pure Python implementation of the Git file format and protocols. Reinforces my impression that a key to Git’s success is stable, well designed and documented on-disk formats.

# 10:27 pm / git, python, dulwich

CloudMade: A Summary of the Future of Mapping. CloudMade are now offering commercially supported APIs on top of OpenStreetMap, including geocoding, routing and tile access libraries in Python/Ruby/Java and a very neat theming tool that lets you design your own map styles. This is really going to kick innovation around OpenStreetMap up a notch.

# 11:25 am / openstreetmap, cloudmade, mapping, python, ruby, java, geocoding, routing, tiles

Announcing django-viewtools. A really excellent idea—run ./manage.py viewtools --pdb /path/on/site/ to debug a view in your Django project that is raising an error using the Python debugger, or use --profile to run the full request cycle for that URL through the profiler.

# 9:35 pm / django, debugging, eric-moritz, python, profiler, pdb, djangoviewtools

Found in space. The Astrometry bot on Flickr (which detects which part of the night sky is contained within your photo and adds notes to some of the more interesting stars) is the most delightful use of the Flickr API I’ve ever seen. This interview provides some background, including a link to a paper on the “scale and rotation invariant hashing algorithm” that is used to build the index.

# 10:52 pm / flickr, astronomy, astrometry

DB2 support for Django is coming. From IBM, under the Apache 2.0 License. I’m not sure if this makes it hard to bundle it with the rest of Django, which uses the BSD license.

# 10:58 pm / bsd, open-source, licenses, ibm, db2, django, python, databases, orm, antonio-cangiano

The History of Python: Adding Support for User-defined Classes. Guido designed the run-time representation first, and tried to design the syntax to include as few new parsing concepts as possible. The origins of explicit self are also explained.

# 11 pm / guido-van-rossum, python, classes

Map Maker for Developers. Tiles from Google’s Map Maker crowdsourcing effort are now available in the JS and static maps APIs on an opt-in basis. Maybe I’m misunderstanding something here, but Google Map Maker seems like a big step backwards for open geographic data. People donate their mapping efforts to Google, who keep them—unlike OpenStreetMap, where the donated efforts are made available under a Creative Commons license.

# 9:05 am / openstreetmap, googlemapmaker, google, creativecommons, crowdsourcing, google-maps-api, staticmaps

Mapping with Isotype (via) I hadn’t heard of Isotype (International System of Typographic Picture Education), a beautiful pictographic language created in the 1930s. This Isotype-inspired atlas is pretty spectacular.

# 11:09 am / isotype, design, mapping

jQuery 1.3.2 release notes. Not just a bug fix—there are a number of subtle behaviour changes, including to the :visible/:hidden selectors and the appendTo/prependTo/*To family of methods. I strongly recommend testing and reviewing those changes before upgrading.

# 4:42 pm / jquery, javascript

Introducing the Karmic Koala, our mascot for Ubuntu 9.10 (via) Ubuntu 9.10 will have a strong focus on cloud computing, including tools for easily creating EC2 AMIs and Eucalyptus, an open-source system for running an EC2-compatible cloud in your own data centre.

# 5:19 pm / ubuntu, ec2, cloud-computing, eucalyptus, mark-shuttleworth, linux, karmickoala

jQuery.Rule (via) jQuery plugin for manipulating stylesheet rules. For me, this is the single most important piece of functionality currently missing from the core jQuery API. The ability to add new CSS rules makes an excellent complement to the .live() method added in jQuery 1.3.

# 5:53 pm / jquery, plugins, css, javascript, arielflesler

Oscars 2009: the interactive results | guardian.co.uk. My latest project for the Guardian, put together on very short notice. Updates live as the results are announced, and allows Twitter users to vote on their favourite for each category by sending a specially formatted message to @guardianfilm—jQuery and Ajax polling against S3 under the hood.

# 2:19 am / twitter, projects, guardian, oscars, javascript, jquery, s3

Building and Scaling a Startup on Rails: 12 Things We Learned the Hard Way. Lessons learned from Posterous. Some good advice in here, in particular “Memcache later: If you memcache first, you will never feel the pain and never learn how bad your database indexes and Rails queries are”. Also recommends using job queues for offline processing of anything that takes more than 200ms.

# 8:28 am / message-queues, rails, scaling, posterous, memcache

FAPWS3-0.2 (WSGI server based on libev). Another strong contender for Python’s answer to Mongrel—3500 requests/s for static files, 43 for a simple dynamic (Django powered) pages and 4.8 for a heavy SQL query—all benchmarked with 300 concurrent requests.

# 10:21 pm / mongrel, fapws, django, python, webservers, wsgi

django-springsteen and Distributed Search. Will Larson’s Django search library currently just talks to Yahoo! BOSS, but is designed to be extensible for other external search services. Interestingly, it uses threads to fire off several HTTP requests in parallel from within the Django view.

# 10:28 pm / django, python, will-larson, djangospringsteen, yahooboss, search, http, threads, concurrency