Simon Willison’s Weblog

World Government Data. Launched last week, this is the Guardian’s meta-search engine for searching and browsing through data from four different government data sites (with more sites planned). Under the hood it’s Django, Solr, Haystack and the Scrapy crawling library. The application was built by Ben Firshman during an internship over Christmas. # 27th January 2010, 12:27 pm

For the Love of Ponies. Bryan Veloso, the discoverer of the Django Pony, makes contact with the artist who released the original drawing on iStockPhoto. # 14th January 2010, 12:05 pm

What’s new in Django 1.2 alpha 1 (via) Multiple database support, improved CSRF prevention, a messages framework (similar to the Rails “flash” feature), model validation, custom e-mail backends, template caching for much faster handling of the include and extends tags, read only fields in the admin, a better if tag and more. Very exciting release. # 7th January 2010, 7:31 pm

Timing attack in Google Keyczar library. An issue I also need to fix in the proposed Django signing code. If you’re comparing two strings in crypto (e.g. seeing if the provided signature matches the expected signature) you need to use a timing independent string comparison function or you risk leaking information. This kind of thing is exactly why I want an audited signing module in Django rather than leaving developers to figure it out on their own. # 4th January 2010, 3:23 pm

Design and code review requested for Django string signing / signed cookies. Do you know your way around web app security and cryptography (in particular signing things using hmac and sha1)? We’d appreciate your help reviewing the usage of these concepts in Django’s proposed string signing and signed cookie implementations. # 4th January 2010, 1:24 pm

Videos from DjangoCon 2009. The videos from September’s DjangoCon are now available, including my “Cowboy development with Django” talk. # 3rd January 2010, 11:02 am