Simon Willison’s Weblog

Items in Sep, 2007

Filters: Year: 2007 × Month: Sep ×


Email addresses your OpenID via DNS. Sam Ruby has warmed to the idea of making e-mail addresses usable as OpenIDs via a DNS SRV record. # 30th September 2007, 9:36 pm

Idea: The Histogram as the Image. How to hide the New York City skyline in the histogram of an image. # 30th September 2007, 9:34 pm

Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

[... 545 words]

Currently WebRunner applications share cookies with other WebRunner applications, but not with Firefox. WebRunner uses its own profile, not Firefox’s profile. There is a plan to allow WebRunner applications to create their own, private profiles as well.

Mark Finkle # 30th September 2007, 4:08 pm

OLPC Peru/Arahuay. A fascinating case study of the introduction of the XO to a school in Peru. It’s really exciting to see the project starting to make an impact. # 28th September 2007, 11:56 pm

Kosmos Distributed File System (via) New open source distributed filesystem similar to Google’s GFS. # 28th September 2007, 9:12 am

hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order. # 28th September 2007, 9:10 am

CSS Sprite Generator (via) Upload a zip file of images and get back a CSS sprite plus a set of pre-calculated background image rules. Tool built by Ed Eliot and Stuart Colville for their forthcoming book “High Performance Web Site Techniques”. # 27th September 2007, 10:59 pm

Large codebases are the problem, not the language they’re written in. Find a way to break/decompose big codebases into little ones.

Bill de hÓra # 27th September 2007, 3:11 pm

DbMigration—a schema migration tool for Django. Nice and simple tool for adding schema migrations to a Django application. # 27th September 2007, 3:04 pm

Halo 3 Site Demonstrates Flaws in SilverLight. The Halo 3 “interactive manual” is like a throwback to Flash in the late 90s—“skip intro”, pointless transitions, text you can’t select or enlarge, links that aren’t links—all wrapped up in an ugly blob (only this time it’s XML instead of binary data). # 27th September 2007, 2:38 pm

WordPress 2.3: Canonical URLs. Fantastic to hear that WordPress 2.3 supports this, and that they picked the right terminology for it (I’ve called the same thing “disambiguated URLs” in the past). # 27th September 2007, 2:03 pm

WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks. # 27th September 2007, 1:55 pm

Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge. # 27th September 2007, 10:29 am

djangogigs.com—from idea to release in 6 hours. Now that’s what I call rapid development. # 26th September 2007, 4:53 pm

Announcing the Dopplr 100. Similar to how Facebook used to only allow college e-mail addresses, Dopplr is now open to holders of e-mail accounts from 100 large corporations. The blog release doesn’t specify if each corporation gets its own special “group” within the application; that would be a neat touch. # 26th September 2007, 4:34 pm

I have another technique [...] that I’ll be switching jQuery to. If you attempt to insert into the document.body before the document is fully loaded, an exception is thrown. I take advantage of that to determine when the document is fully loaded.

John Resig # 26th September 2007, 12:21 pm

DOMContentLoaded for IE, Safari, everything, without document.write. Stuart has taken Hedger’s recent IE technique, combined it with the others and compressed it in to a short-as-possible code snippet that you can paste in to your scripts without having to include the whole of jQuery/YUI/Dojo/Prototype. # 26th September 2007, 12:19 pm

Firefox 3 Antiphishing Sends Your URLs To Google. Stories like this crop up every now and then, but no one ever seems to mention that the Google Toolbar has been doing this since it was released (more than five years ago) provided you have PageRank display turned on. # 25th September 2007, 11:04 pm

Sun’s OpenID IdP: Real vs Fake. The thinking behind Sun’s decision to allow users of their OpenID provider to pick fake names and assign personal e-mail addresses. # 25th September 2007, 10:39 pm

DRM-free MP3 downloads from Amazon. The good: they have what looks like the entire Universal and EMI catalogues in DRM-free 256bit MP3s. The bad: you need a US billing address! So close... # 25th September 2007, 4:30 pm

Zimki is to shut down. I guess they were just too revolutionary for Canon Europe, the corporate mothership, to understand. # 25th September 2007, 12:17 pm

Your telco knows who you are, where you live and even your credit card number or bank account. It’s their business to provide you physical access from a real location and identify you as a customer by sending you invoices and receiving money from you. This means that Orange OpenIDs are verified IDs of real people as a matter of principle.

Thomas Huhn # 25th September 2007, 12:03 pm

France Telecom Supports OpenID! France Telecom is the parent company of Orange. Apparently all 40 million France Telecom subscribers now have an OpenID. # 25th September 2007, 12:49 am

lxml.cssselect (via) lxml includes an implementation of CSS 3 selectors, which compiles them to XPath expressions. Should be a useful tool for parsing Microformats from Python. # 24th September 2007, 11:57 pm

mySociety Disruptive Technology Talks. Four great talks coming up in London this Autumn, courtesy of the lovely folk at mySociety. # 24th September 2007, 5:51 pm

Becoming PHP 6 Compatible. According to this article, I’ve been writing PHP 6 compatible code since about 2002. # 24th September 2007, 12:13 pm

IEContentLoaded. An alternative method of detecting DOMContentLoaded on IE; works by polling until the doScroll() method on an unattached element stops throwing errors. # 24th September 2007, 12:10 pm

OLPC: Give 1 Get 1. The long rumoured “buy two OLPCs, donate one to the third world” scheme is actually happening. I plan to get one; the robustness, battery life and WiFi range should make for an excellent conference / outdoor machine. # 24th September 2007, 11:07 am

gefingerpoken. Michal Migurski shows how to implement the algorithm for two-finger deforming drag using affine transformation matrices in Flash. # 24th September 2007, 8:50 am