Simon Willison’s Weblog

Subscribe
Atom feed

Blogmarks

Filters: Sorted by date

Balancing One-Wheeled Scooter. Technical details of the scooter I linked to earlier.

# 12th March 2007, 1 pm / make, scooter

XSS. Sanitising HTML is an extremely hard problem. The sanitize helper that ships with Rails is completely broken; Jacques Distler provides a better alternative.

# 12th March 2007, 12:34 am / jacques-distler, rails, security, xss

Meet the one wheel balancing scooter. Home made one wheeled motorised scooter that looks like a skateboard and self-balances like a Segway.

# 11th March 2007, 9:19 pm / engadget, make, scooter

Ficlets (via) AOL’s first application to launch on Rails, and their first application to accept OpenIDs as well as AOL screen names.

# 10th March 2007, 5:41 pm / aol, ficlets, openid, openidconsumer, rails

Google Seattle conference on scalability. Google are hosting a conference on scalability in Seattle on June 23rd. They’ve just put out the CfP.

# 10th March 2007, 4:37 pm / call-for-proposals, conferences, google, scalability, seattle

OpenID Server Integrated with CAS. Case Western Reserve University now provides an OpenID for every network account holder.

# 10th March 2007, 8:48 am / openid

pg8000 (via) A pure-Python interface to PostgreSQL, using the PostgreSQL network protocol directly. Doesn’t (yet) support DB-API 2.0, but that’s promised in a future release.

# 9th March 2007, 7:35 pm / pg8000, postgresql, python

Ajax3d Demo. Really impressive Virus clone, using the canvas element.

# 9th March 2007, 7 pm / 3d, ajax, ajax3d, canvas, javascript

Web Focus Leads Newspapers to Hire Programmers for Editorial Staff. It’s great to see this trend taking off. A newsroom is an excellent place to work as a programmer.

# 8th March 2007, 12:27 am / adrian-holovaty, jacob-kaplan-moss, jobs, newspapers, programmers

Relying Party Best Practices. Proposed guidelines for OpenID consumers from Martin Atkins, currently under discussion on the mailing list.

# 7th March 2007, 11:45 pm / bestpractices, martin-atkins, openid

W3C Relaunches HTML Activity (via) “XHTML has proved valuable in other markets” == XHTML on the public Web has failed. Long live HTML!

# 7th March 2007, 10:34 pm / html, w3c, xhtml

37 Signals’ next app Highrise will support OpenID. I can’t wait to see how the 37 Signals team deal with the UI challenges involved in supporting OpenID logins.

# 7th March 2007, 9:23 am / 37signals, highrise, openid

Hacking del.icio.us with Python. Nat introduces snaflr, a Python script for republishing selected links from a number of del.icio.us users to one communal account.

# 6th March 2007, 11:11 pm / delicious, natalie-downe, python

OpenID on WordPress.com. My first project launch as a freelancer. You can now use your WordPress.com blog as an OpenID.

# 6th March 2007, 8:41 pm / freelance, openid, wordpress, wordpresscom

Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway.

# 6th March 2007, 8:06 am / json, security, xss

phpbb-openid: Your AIM screen name is your OpenID. Log in to a phpBB board with an AOL OpenID and it will try to associate your OpenID with an account that lists that AIM in the profile. This is the kind of behaviour I talked about in my FOWA talk.

# 6th March 2007, 7:57 am / aim, aol, fowa, openid, phpbb, phpbbopenid

JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor.

# 5th March 2007, 10:51 pm / csrf, joe-walker, json, security

Dashcode review. “Dashcode is quite possibly the best non-Firebug Javascript environment I’ve ever used.” High praise indeed.

# 5th March 2007, 9:06 pm / dashcode, firebug, javascript, widgets

Wrong-headed impersonation. Kim Cameron discusses user absent authentication, and emphasises the importance of delegation using delegation coupons.

# 5th March 2007, 2:38 pm / authentication, delegation, delegationcoupons, identity, kimcameron

Five things I hate about Python. By Jacob Kaplan-Moss. I didn’t know you could force eggs to install unzipped with an option in ~/.pydistutils.cfg—that’s always been my least favourite thing about them.

# 4th March 2007, 10:32 pm / eggs, jacob-kaplan-moss, python

PHP 4 phpinfo() XSS Vulnerability. Another reason not to run an open phpinfo() page on your server.

# 4th March 2007, 9:24 pm / php, phpinfo, security, xss

pear 0.8. “A libevent/pyevent-based locking session daemon for the web”. Relational databases aren’t particularly well suited to the access characteristics of session data.

# 4th March 2007, 9:19 pm / libevent, python, sessions

Scaling Python for High-Load Web Sites. Slides from a talk at PyCon. Be sure to switch to the notes view (Ø in the bottom right)—a really nice overview of scaling up from a CGIs to load balanced, memcached Python application servers.

# 4th March 2007, 9:14 pm / memcached, pycon, python, scaling

json-taglib. Because JSON just doesn’t have enough angle brackets.

# 4th March 2007, 8:52 pm / json, jsp, xml

Rack. “Rack provides an minimal interface between webservers supporting Ruby and Ruby frameworks”. Ruby’s equivalent of WSGI has just hit v0.1.

# 4th March 2007, 8:49 pm / rack, ruby, wsgi

Programming Erlang. A book on Erlang from the creator of the language himself, out in July but available to buy now as a beta PDF.

# 3rd March 2007, 8:49 am / books, erlang, joe-armstrong

WordPress 2.1.1 dangerous, Upgrade to 2.1.2. Helping to spread the word. You’re affected if you’ve downloaded WordPress 2.1.1 in the last three or four days.

# 3rd March 2007, 8:06 am / security, wordpress

Math for the Masses. WordPress.com now supports inline LaTeX. A great example of a feature that will turn a small subset of a user base in to life-long fans.

# 2nd March 2007, 2:44 pm / latex, wordpresscom

Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL.

# 2nd March 2007, 1:11 pm / json, security

Adobe wants to be the Microsoft of the Web. The base platform technology for RIAs is too important to be controlled or designed by any single party.

# 2nd March 2007, 1:01 pm / adobe, flash, flex, rias, ted-leung

Years

Tags