Simon Willison’s Weblog

Blogmarks tagged urls

Filters: Type: blogmark × urls ×


Microbrowsers are Everywhere (via) Colin Bendell introduces a new-to-me term, “microbrowsers”, to describe the user-agents which hit websites to generate unfurled link previews in messenger apps. Twitter and Facebook first popularized them, but today you’re likely getting far more preview-generating traffic from chat clients such as iMessage, WhatsApp and Slack (which won’t execute script and ignore cookies, and hence won’t show up in Google Analytics). Lots of great tips here—one example: if you provide three og:image meta tags iMessage will render them as a collage. # 18th December 2019, 8:32 am

Removing MediaWiki from SPA: Cool URIs don’t change (via) Detailed write-up from Anna Shipman describing how she archived an old MediaWiki as static content using recursive wget and some cunning application of mod_rewrite. # 8th October 2017, 7:54 pm

Going Postel. Jeremy points out that one of the many disadvantages of publishing JavaScript dependent content on the Web is that a single typo can render your entire site unusable. # 9th February 2011, 2:18 am

Breaking the Web with hash-bangs. Mike Davies explains why Gawker’s new Ajax fragment-tastic redesign is a web architecture error of colossal proportions. # 9th February 2011, 2:17 am

Getting Started—Google URL Shortener API. The API for the goo.gl URL shortener is really nice—no API key required, easy to create a short URL and you can retrieve detailed stats breakdowns (similar to bit.ly) as JSON for any URL. # 13th January 2011, 3:49 am

URL Design. Thoughtful tips on modern URL design, from GitHub designer Kyle Neath. GitHub has the best designed URLs of any application I can think of. # 31st December 2010, 10:03 am

Spacelog: space exploration stories from the original transcripts. The product of the most recent /dev/fort outing—a beautiful, web-native interface for browsing the NASA transcripts from the Apollo 13 and Mercury 6 missions (more to come). Every key moment has a URL. # 10th December 2010, 10:07 am

Porting Flickr to YUI 3: Lessons in Performance (at YUIConf 2010). Some very interesting tips here. The new Flickr photo pages suffered from what I’ve been calling “Flash of Un-Behavioured Content”, where slow loading JavaScript results in poor behaviour from some UI controls. They started using “Action Queueing”, where a small JS stub ensures a loading indicator is shown for clicks on features that have not yet fully loaded. Also, it turns out some corporate firewalls (Sonicwall in particular) dislike URLs over 1600 characters, and filter out any URL with xxx in it. # 10th November 2010, 6:33 pm

apache.org incident report for 04/09/2010. An issue was posted to the Apache JIRA containing an XSS attack (disguised using TinyURL), which stole the user’s session cookie. Several admin users clicked the link, so JIRA admin credentials were compromised. The attackers then changed the JIRA attachment upload path setting to point to an executable directory, and uploaded JSPs that gave them backdoor access to the file system. They modified JIRA to collect entered passwords, then sent password reset e-mails to team members and captured the new passwords that they set through the online form. One of those passwords happened to be the same as the user’s shell account with sudo access, leading to a full root compromise of the machine. # 14th April 2010, 9:08 am

RFC5785: Defining Well-Known Uniform Resource Identifiers (via) Sounds like a very good idea to me: defining a common prefix of /.well-known/ for well-known URLs (common metadata like robots.txt) and establishing a registry for all such files. OAuth, OpenID and other decentralised identity systems can all benefit from this. # 11th April 2010, 7:32 pm

Introduction to Surlex. A neat drop-in alternative for Django’s regular expression based URL parsing, providing simpler syntax for common path patterns. # 11th April 2010, 7:23 pm

Some People Can’t Read URLs. Commentary on the recent “facebook login” incident from Jono at Mozilla Labs. I’d guess that most people can’t read URLs, and it worries me more than any other aspect of today’s web. If you want to stay safe from phishing and other forms of online fraud you need at least a basic understanding of a bewildering array of technologies—URLs, paths, domains, subdomains, ports, DNS, SSL as well as fundamental concepts like browsers, web sites and web servers. Misunderstand any of those concepts and you’ll be an easy target for even the most basic phishing attempts. It almost makes me uncomfortable encouraging regular people to use the web because I know they’ll be at massive risk to online fraud. # 2nd March 2010, 10:16 am

tr.im is “discontinuing service”. “However, all tr.im links will continue to redirect, and will do so until at least December 31, 2009.Your tweets with tr.im URLs in them will not be affected.”—these statements seem to contradict themselves. Will tr.im URLs in tweets stop working after December 31st or not? Any chance they could hand the domain over to the Internet Archive? At any rate, this is exactly why centralised URL shorteners are a harmful trend. # 10th August 2009, 11:06 am

Exclusive: The Future of Facebook Usernames. I have to admit I was planning to just let Facebook get on with it, assuming that the OpenID provider part would show up of its own accord—but maybe I should write a thoughtful and persuasive essay about it after all. # 11th June 2009, 9:46 am

(Yet) Another DiggBar Update. Digg are responding in exactly the right way in my opinion—the DiggBar will start returning 301 redirects for anonymous users, while users who are logged in to Digg can opt-out of the feature if they want to (usage statistics show that most Digg users are fine with the feature). # 16th April 2009, 12:50 am

Counting the ways that rev=“canonical” hurts the Web. Mark Nottingham complains about misapplied trust (a page can falsely claim to be the canonical URL for another page), the easy confusion between rev and rel and the lack of discussion with relevant communities. # 14th April 2009, 2:11 pm

tinyarchive.org. Blaine Cook’s archive of 301 and 302 redirects—needs to be automatically updated by a crawler for it to be really useful though. # 13th April 2009, 9:57 pm

I like rev=“canonical”. Les Orchard summarises the current debate over what colour to paint the rev=“canonical” bikeshed. # 13th April 2009, 10:41 am

Specify your canonical. You can now use a link rel=“canonical” to tell Google that a page has a canonical URL elsewhere. I’ve run in to this problem a bunch of times—in some sites it really does make sense to have the same content shown in two different places—and this seems like a neat solution that could apply to much more than just metadata for external search engines. # 14th February 2009, 11:28 am

YouTube Enables Deep Linking Within Videos. Add #t=1m45s to the end of a YouTube URL to jump to that spot. I’d be a lot more impressed by this if visiting a YouTube link in the UK didn’t use IP geo targetting to redirect me to uk.youtube.com, losing the fragment identifier and hence the #t specifier in the process. # 26th October 2008, 8:28 am

Versioning REST Web Services. Peter Williams suggests using a vendor MIME media type in the Accept header to specify a required API version, because embedding the API version in the URL itself leads to a single resource ending up with many different URLs, one for each API version. # 13th October 2008, 12:45 pm

[REDACTED]. Now that the iPhone NDA has been lifted be prepared for a flood of useful tips about the platform. Here’s Craig Hockenberry explaining how iPhone URL schemes work (used to great effect in the Pownce app for returning to the right place post-OAuth authentication in Safari). # 1st October 2008, 10:34 pm

Django snippets: Sign a string using SHA1, then shrink it using url-safe base65. I needed a way to create tamper-proof URLs and cookies by signing them, but didn’t want the overhead of a full 40 character SHA1 hash. After some experimentation, it turns out you can knock a 40 char hash down to 27 characters by encoding it using a custom base65 encoding which only uses URL-safe characters. # 27th August 2008, 10:18 pm

The Python Property Builtin. The always-educational Adam Gomaa explains the Python property built-in and shows how it can be used to improve Django’s model-based URL generation. # 23rd August 2008, 1:08 pm

“Simon Willison’s Weblog” on the redesigned Delicious. The new search feature is extremely impressive; I can see myself coming here before hitting Google for some things. I’m not too keen on the way they’re adding ’www’ to the beginning of my URL when they display it though. # 31st July 2008, 8:34 pm

Email Address to URL Transformation (EAUT) specification now available! Allows OpenID users to login using their E-mail address, which is converted in to an OpenID URL based on rules specified in an XRDS document attached to the root domain. Seems like a good idea to me. # 22nd July 2008, 7:30 pm

MySpace To Join OpenID, Bringing Total Enabled Accounts to Over A Half Billion. Another 200 million OpenIDs—but the important difference between this and the Yahoo! and AOL announcements is that MySpace users know what their profile URL is. Whenever people have told me OpenID is flawed because people don’t understand URLs I’ve answered “sure they don’t, but they know their MySpace page”. # 21st July 2008, 7:42 pm

i am near (via) Inspired by wikinear.com and powered by FireEagle, currently just showing nearby pubs from OpenStreetMap but with more stuff planned. I love the URL scheme—pubs.iamnear.net. # 4th April 2008, 7:53 am

A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy. # 8th February 2008, 11:39 am