Simon Willison’s Weblog

[Release] CouchDB 0.7.0. This is a huge milestone for the project—it’s the first official release to include the JSON REST API instead of XML, and it’s also the first release that is “intended for widespread use”. # 17th November 2007, 12:25 am

CouchDB first impressions. Jacob’s been poking at CouchDB. Inserting data is slow, but everything else looks pretty slick considering how recently the JSON / JavaScript views functionality was added. # 19th October 2007, 11:43 am

hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order. # 28th September 2007, 9:10 am

How should JSON strings be represented in Erlang? Erlang’s poor support for strings makes this a surprisingly tricky question. # 14th September 2007, 8:17 am

CouchDB: Thinking beyond the RDBMS. CouchDB is a fascinating project—an Erlang powered non-relational database with a JSON API that lets you define “views” (really computed tables) based on JavaScript functions that execute using map/reduce. Damien Katz, the main developer currently works for MySQL and used to work on Lotus Notes. # 3rd September 2007, 9:48 am

Freebase developer documentation. The JSON API and particularly the query language are fascinating. # 3rd September 2007, 2:38 am

Cabochon event server. Written in Python (on top of SQLObject and Paste), uses JSON for messages, allows event consumers to subscribe with a callback URL. # 2nd August 2007, 8:36 am

JSON and Browser Security. Douglas Crockford suggests using secret tokens to protect JSON content, and avoiding wrapper hacks to protect unauthorised JSON delivery as they may fall foul of undiscovered browser bugs in the future. # 11th April 2007, 12:52 am

XML and JSON. James Clark on JSON’s strengths and weaknesses compared to XML. # 9th April 2007, 8:57 pm

Fortify JavaScript Hijacking FUD. Bob Ippolito points out the flaws in the recent widely disseminated JavaScript Hijacking paper. While the paper does miss some important details, it’s good that more people are now aware of the security implications involved in serving JSON up wrapped in an array. # 5th April 2007, 10:51 pm

Triplr. Ultra simple GET-based web service for converting RSS / Atom / RDF / Microformats+GRDDL to HTML / ntriples / RDF / RSS / JSON / Turtle. Small pieces, loosely joined. # 30th March 2007, 3:30 pm

JSON and JSON-RPC for Erlang. Nice example of using lists:reverse and an accumulator to efficiently build a string in reverse order. # 25th March 2007, 4:29 pm

Security; AJAX; JSON; Satisfaction. The JSON attack I linked to earlier only works against raw arrays, which technically aren’t valid JSON anyway. # 6th March 2007, 8:06 am

JSON is not as safe as people think it is. Joe Walker reminds us that even authenticated JSON served without a callback or variable assignment is vulnerable to CSRF in Firefox, thanks to that browser letting you redefine the Array constructor. # 5th March 2007, 10:51 pm

json-taglib. Because JSON just doesn’t have enough angle brackets. # 4th March 2007, 8:52 pm

Safe JSON (via) Subtle but important point about JSON APIs: you shouldn’t use a callback or variable assignment for JSON incorporating private user data, especially if it’s at a predictable URL. # 2nd March 2007, 1:11 pm

Badge Any RSS Feed With Yahoo! Pipes. Smart hack from Kent Brewster. Uses Yahoo! Pipes’ JSON output plus a few lines of JavaScript to create a badge from any RSS feed. # 16th February 2007, 8:21 am

Apache Solr 1.1. Solr is the search Web Service built on top of Lucene. The latest release introduces JSON, Python and Ruby response formats in addition to XML. # 13th January 2007, 1:16 am

Why doesn’t Python have more data format readers in the stdlib? I for one would love to see simplejson included in the standard library, with or without a C implementation. # 8th January 2007, 1:03 am