Blogmarks
Filters: Sorted by date
Relying Party Best Practices. Proposed guidelines for OpenID consumers from Martin Atkins, currently under discussion on the mailing list.
W3C Relaunches HTML Activity (via) “XHTML has proved valuable in other markets” == XHTML on the public Web has failed. Long live HTML!
37 Signals’ next app Highrise will support OpenID. I can’t wait to see how the 37 Signals team deal with the UI challenges involved in supporting OpenID logins.
Hacking del.icio.us with Python. Nat introduces snaflr, a Python script for republishing selected links from a number of del.icio.us users to one communal account.
OpenID on WordPress.com. My first project launch as a freelancer. You can now use your WordPress.com blog as an OpenID.
Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway.
phpbb-openid: Your AIM screen name is your OpenID. Log in to a phpBB board with an AOL OpenID and it will try to associate your OpenID with an account that lists that AIM in the profile. This is the kind of behaviour I talked about in my FOWA talk.
JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.
Dashcode review. “Dashcode is quite possibly the best non-Firebug Javascript environment I’ve ever used.” High praise indeed.
Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.
Five things I hate about Python. By Jacob Kaplan-Moss. I didn’t know you could force eggs to install unzipped with an option in ~/.pydistutils.cfg—that’s always been my least favourite thing about them.
PHP 4 phpinfo() XSS Vulnerability. Another reason not to run an open phpinfo() page on your server.
pear 0.8. “A libevent/pyevent-based locking session daemon for the web”. Relational databases aren’t particularly well suited to the access characteristics of session data.
Scaling Python for High-Load Web Sites. Slides from a talk at PyCon. Be sure to switch to the notes view (Ø in the bottom right)—a really nice overview of scaling up from a CGIs to load balanced, memcached Python application servers.
json-taglib. Because JSON just doesn’t have enough angle brackets.
Rack. “Rack provides an minimal interface between webservers supporting Ruby and Ruby frameworks”. Ruby’s equivalent of WSGI has just hit v0.1.
Programming Erlang. A book on Erlang from the creator of the language himself, out in July but available to buy now as a beta PDF.
WordPress 2.1.1 dangerous, Upgrade to 2.1.2. Helping to spread the word. You’re affected if you’ve downloaded WordPress 2.1.1 in the last three or four days.
Math for the Masses. WordPress.com now supports inline LaTeX. A great example of a feature that will turn a small subset of a user base in to life-long fans.
Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL.
Adobe wants to be the Microsoft of the Web. The base platform technology for RIAs is too important to be controlled or designed by any single party.
Brian Cox at LIFT07. An accessible 20 minute explanation of particle physics and the Large Hadron Collider.
i’m Home. “Every time you start a conversation using i’m, Microsoft shares a portion of the program’s advertising revenue with some of the world’s most effective organisations dedicated to social causes.” Microsoft are now getting their marketing ideas from spam e-mail forwards.
Steampunk Star Wars (via) Beautiful illustrations of Star Wars re-imagined in a steampunk context.
Permalink Redirect WordPress Plugin (via) Neat WordPress plugin that forces a redirect to an item’s permalink if the URL has any extra crud in it.
More Django (likely more than is healthy). Jacob’s advanced Django tutorial from PyCon. I really like the template he’s using to present the slides and notes.
The Beauty Of The Diffie-Hellman Protocol. Some useful explanations here. Diffie-Hellman is used by OpenID to establish a shared secret between the provider and the consumer.
soupselect. My simple extension to BeautifulSoup that allows you to grab elements using CSS selectors; should be useful for parsing microformats.
A Review of a Book That Should Be Read Much More Widely Than It Will Be. Greg reviews “Why Aren’t More Women in Science?”, a collection of 15 articles that make their arguments based on scientific research.
Microformats Bookmarklet. Microformats bookmarklet, targetted at Safari. Uses jQuery CSS selectors for parsing, and generates .vcf vCard files using data: uris.