Simon Willison’s Weblog

Blogmarks in Mar, 2007

Filters: Type: blogmark × Year: 2007 × Month: Mar ×

OmniTI_OpenID. OmniTI’s PHP OpenID 1.1 consumer library. Much less full featured than the JanRain library, but it’s good to have more than one. # 18th March 2007, 1:15 am

Chris Shiflett: My Amazon Anniversary. Chris Shiflett discloses an unfixed CSRF vulnerability in Amazon’s 1-Click feature that lets an attacker add items to your shopping basket—after reporting the vulnerability to Amazon a year ago! # 16th March 2007, 10:16 am

What is OpenID Good For? Dare Obasanjo provides some smart responses to Tim Bray’s criticisms of OpenID, including a good angle on the phishing problem. # 14th March 2007, 10:12 am

pg8000 v1.02. The pure Python PostgreSQL library now supports DB-API 2.0 (and SSL too). That didn’t take long! # 13th March 2007, 9:18 pm

Improve your forms using HTML5! (via) Anne Van Kesteren demonstrates the Web Forms 2 support in Opera 9—new form attributes include autofocus, required and type=email. # 13th March 2007, 2:08 pm

WaSP Street Team. A new Web Standards Project initiative to encourage the promotion of Web standards in local communities. Your help needed! # 13th March 2007, 1:40 pm

SXSW: Web App Autopsy. Conversion rates and revenue per customer for RegOnline, FeedBurner, Wufoo, and Blinksale. # 13th March 2007, 12:39 am

The Figures Behind The Top Web Apps. makes $100,000 profit a year, before tax. Ryan’s slides also have cost-to-build data for Freshbooks, Maya’s Mom, Mobissimo and Wesabe. # 13th March 2007, 12:37 am

You vs. the Real World. The lengths programming libraries go to to be liberal in what they accept. # 12th March 2007, 10:48 pm

Google Video: How do I enter transcripts? Neat feature of Google Video I hadn’t seen before: you can upload timestamped transcripts of your videos. Anyone seen a video that uses these? # 12th March 2007, 10:44 pm

wii.js (via) A JavaScript library that lets you detect the Wii browser, and provides easy hooks for reacting to keys pressed on the Wiimote. # 12th March 2007, 10:23 pm

opensource @ Joost. Joost is built on top of Mozilla, Redland, SQLite and a bunch of other bits and pieces of Open Source infrastructure. # 12th March 2007, 1:29 pm

Balancing One-Wheeled Scooter. Technical details of the scooter I linked to earlier. # 12th March 2007, 1 pm

XSS. Sanitising HTML is an extremely hard problem. The sanitize helper that ships with Rails is completely broken; Jacques Distler provides a better alternative. # 12th March 2007, 12:34 am

Meet the one wheel balancing scooter. Home made one wheeled motorised scooter that looks like a skateboard and self-balances like a Segway. # 11th March 2007, 9:19 pm

Ficlets (via) AOL’s first application to launch on Rails, and their first application to accept OpenIDs as well as AOL screen names. # 10th March 2007, 5:41 pm

Google Seattle conference on scalability. Google are hosting a conference on scalability in Seattle on June 23rd. They’ve just put out the CfP. # 10th March 2007, 4:37 pm

OpenID Server Integrated with CAS. Case Western Reserve University now provides an OpenID for every network account holder. # 10th March 2007, 8:48 am

pg8000 (via) A pure-Python interface to PostgreSQL, using the PostgreSQL network protocol directly. Doesn’t (yet) support DB-API 2.0, but that’s promised in a future release. # 9th March 2007, 7:35 pm

Ajax3d Demo. Really impressive Virus clone, using the canvas element. # 9th March 2007, 7 pm

Web Focus Leads Newspapers to Hire Programmers for Editorial Staff. It’s great to see this trend taking off. A newsroom is an excellent place to work as a programmer. # 8th March 2007, 12:27 am

Relying Party Best Practices. Proposed guidelines for OpenID consumers from Martin Atkins, currently under discussion on the mailing list. # 7th March 2007, 11:45 pm

W3C Relaunches HTML Activity (via) “XHTML has proved valuable in other markets” == XHTML on the public Web has failed. Long live HTML! # 7th March 2007, 10:34 pm

37 Signals’ next app Highrise will support OpenID. I can’t wait to see how the 37 Signals team deal with the UI challenges involved in supporting OpenID logins. # 7th March 2007, 9:23 am

Hacking with Python. Nat introduces snaflr, a Python script for republishing selected links from a number of users to one communal account. # 6th March 2007, 11:11 pm

OpenID on My first project launch as a freelancer. You can now use your blog as an OpenID. # 6th March 2007, 8:41 pm

Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway. # 6th March 2007, 8:06 am

phpbb-openid: Your AIM screen name is your OpenID. Log in to a phpBB board with an AOL OpenID and it will try to associate your OpenID with an account that lists that AIM in the profile. This is the kind of behaviour I talked about in my FOWA talk. # 6th March 2007, 7:57 am

JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor. # 5th March 2007, 10:51 pm

Dashcode review. “Dashcode is quite possibly the best non-Firebug Javascript environment I’ve ever used.” High praise indeed. # 5th March 2007, 9:06 pm