Simon Willison’s Weblog

Items in 2008

Filters: Year: 2008 ×

Researchers Show How to Forge Site Certificates. Use an MD5 collision to create two certificates with the same hash, one for a domain you own and another for Get Equifax CA to sign your domain’s certificate using the outdated “MD5 with RSA” signing method. Copy that signature on to your home-made certificate to create a fake certificate for Amazon that will be accepted by any browser. # 30th December 2008, 3:27 pm

Oakland crime maps XI: how close, and how bad? Michal Migurski’s experiments with heat maps for Oakland Crimespotting, using OpenStreetMap data as that allows him to position his heat map layer underneath the street labels, keeping them legible. # 30th December 2008, 10:16 am

Represent. Andrei Scheinkman and Derek Willis describe how they built the NYTimes Represent feature using GeoDjango and PostGIS. # 29th December 2008, 10:10 pm

Blocks in Objective-C. Closures are coming soon to Objective-C—interesting syntax, a regular curly brace block preceded by a caret ^{ ... }. # 29th December 2008, 7:38 pm

I seem to have lost the battle to define Web 2.0 as “the use of the network as platform to build systems that get better the more people use them.”

Tim O'Reilly # 29th December 2008, 7:29 pm

ReferenceError: console is not defined. Since Firebug 1.2 you need to call window.loadFirebugConsole() in order for console.log and friends to work. # 23rd December 2008, 10:22 pm

Merb gets merged into Rails 3! Huge news. Of particular interest is the new focus on “framework agnosticism”, whereby Rails will aim to play well with people wishing to use alternative ORMs, template mechanisms and so forth. Rails has previously suffered from a reputation for getting in your way if you deviate from its opinions. # 23rd December 2008, 8:32 pm

How to launch a new product. Jason Calacanis explains how they launched Mahalo Answers, including tips or running your own PR (Jason used to be a reporter so he’s played both sides of that fence). # 23rd December 2008, 1:10 pm

Using SVG on the Web. I’ve been having a lot of fun playing with SVG recently. Here are some useful tips for including SVG images in HTML and XHTML documents. # 23rd December 2008, 1 pm

Quickchoice—a Speed Dial clone (via) Lovely demonstration of the CSS transform property, as supported by modern browsers. The magic is all in the “iframe { transform: scale(0.25, 0.25) translate(-1200px, -900px) }”. # 23rd December 2008, 12:49 pm

jQuery: Changeset 5990. “Added a new liveQuery/event delegation hybrid method”. Lets you add events that continue to work as new elements are dynamically appended to the DOM, e.g. $(’div’).live(’click’, fn). Works by adding an event handler to the root document element itself and relying on event bubbling. I have to admit I preferred the earlier proposal of $(’div’).delegate(’’..), which feels like it should have much better performance—anyone know of a good plugin that supports this? # 23rd December 2008, 12:22 pm

Sam Vilain converted Perl’s history from Perforce to Git. [..] He spent more than a year building custom tools to transform 21 years of Perl history into the first ever unified repository of every single change to Perl. In addition to changes from Perforce, Sam patched together a comprehensive view of Perl’s history incorporating publicly available snapshot releases, changes from historical mailing list archives and patch sets recovered from the hard drives of previous Perl release engineers.

The Perl Foundation # 22nd December 2008, 6:06 pm

pygooglechart. I tried a bunch of Python wrappers for Google Charts and liked this one best. # 22nd December 2008, 11:43 am

Motorway map of England, Scotland and Wales (via) In the style of Harry Beck’s London Tube map. # 22nd December 2008, 11:36 am

jQuery changeset 5985 (via) jQuery trunk has ditched browser sniffing in favour of feature testing, where a small suite of unit-test-like code blocks is used to detect whether a browser supports specific idioms. If the tests fail jQuery still makes assumptions about what the fix is, but it’s not hard to imagine the library eventually using code tests to ensure the fix will work as well. # 22nd December 2008, 10:58 am

Represent and GeoDjango. The NYTimes new Represent application is built on GeoDjango. # 20th December 2008, 9:07 pm

Represent— Superb new application from the NYTimes—a sort of cross between TheyWorkForYou and a news archive search. Enter your address in New York and it tells you your local representatives and shows both their votes and their mentions in the newspaper. # 19th December 2008, 4:22 pm

Someone asked for onbeforeunload, so I started fixing it. Then I found that there was some rot in the drywall. So I took down the drywall. Then I found a rat infestation. So I killed all the rats. Then I found that the reason for the rot was a slow leak in the plumbing. So I tried fixing the plumbing, but it turned out the whole building used lead pipes. So I had to redo all the plumbing. But then I found that the town’s water system wasn’t quite compatible with modern plumbing techniques, and I had to dig up the entire town. And that’s basically it.

Ian Hickson # 19th December 2008, 1:58 pm

Simple Update Protocol: Update. Already implemented by more than five services, each of which now have near-real-time updates in to the FriendFeed syndication engine. # 18th December 2008, 11:33 pm

Amazon SimpleDB—Now With Select. So now all three of Yahoo!, Amazon and Google have invented their own SQL-like languages (YQL, SimpleDB and GQL)—though it looks like Yahoo!’s is the only one that attempts to provide joins. # 18th December 2008, 8:59 am

Integrating Facebook Connect with Django in 15 minutes. Django authentication middleware that calls the Facebook REST API using a cookie set by Facebook Connect and checks if that person is your Facebook friend. Despite most of the magic happening on the server you still need Facebook’s JavaScript to set that cookie in the first place. # 17th December 2008, 1:18 pm

Microsoft: Big Security Hole in All IE Versions. Looks like a 0-day that’s being actively exploited. # 16th December 2008, 8:26 pm

Yahoo! yesterday launched their new development platform for My Yahoo! and Yahoo! Mail, which uses Caja to protect users from malicious gadgets. This means Caja suddenly got 275,000,000 users. Wow! I guess this makes Caja the most widely used capability language ever.

Ben Laurie # 16th December 2008, 4:33 pm

Adobe: Akamai Download Manager FAQ. Tip for Adobe: if the bizarre, buggy custom Java applet you force people to use to download your software requires an FAQ this long, maybe you should provide a “just do it the way everyone else does” option. # 16th December 2008, 10:13 am a flickr machine tag browser (via) Flickr recently added API methods for exploring the machine tags used by the community. Paul Mison has built a neat OS X Finder style interface for exploring them, using JSONP and jQuery. # 15th December 2008, 11:24 pm

Now You Can Sign Into Friend Connect Sites With Your Twitter ID. Great. Now even Google is asking me for my Twitter password. Slow clap. How’s that Twitter OAuth beta coming along? # 15th December 2008, 5:20 pm

How to install lxml python module on mac os 10.5 (leopard). Instructions that work! Finally, I can find out what all the fuss is about. # 15th December 2008, 12:05 am

How Tarsnap uses Amazon Web Services (via) Useful case study, including some thoughts on SimpleDB. # 14th December 2008, 7:35 pm

On packaging. James Bennett discusses the problems with setuptools (and ruby gems), and recommends Ian Bicking’s pip as a setuptools replacement. # 14th December 2008, 4:57 pm