Simon Willison’s Weblog


Blogmarks in Apr, 2010

Filters: Type: blogmark × Year: 2010 × Month: Apr × Sorted by date

Breakfast Instapaper. Handy tool for selecting and bulk-submitting stories from today’s Guardian and NYTimes to your Instapaper account, by Daniel Vydra. # 29th April 2010, 11:49 am

A HTTP Proxy Server in 20 Lines of node.js. Proxying is definitely a sweet spot for Node.js. Peteris Krummins takes it a step further, adding host blacklists and an IP whitelist as configuration files and using Node’s watchFile method to automatically reload changes to them. # 28th April 2010, 1:24 pm

Google Charts release notes, February 2010. More new Google Charts Image API features I hadn’t noticed before: charts of large data sets can now be generated using a POST request, but the killer feature is the ability to add ?chof=validate to see useful error messages. ?chof=json is interesting too—it gives you back a JSON object detailing the coordinates of various interesting shapes on the associated chart, which you can then use to create your own image maps or JavaScript tooltips. It’s a shame it doesn’t support JSON-P. # 27th April 2010, 12:07 pm

Facebook’s Open Graph Protocol from a Web Developer’s Perspective. Best explanation I’ve seen yet of what the Open Graph protocol actually does. Add the RDFa-inspired metadata and a Like button to a standard web page representing a place, group, product, website or one of another limited set of object types and people can “Like” it just like they might join a fan page within Facebook itself. You can then send news feed updates to all of that page’s subscribers. The bootstrapped metadata can then benefit other services as well. # 26th April 2010, 1:21 pm

The new Facebook API exposes the events you attend to anyone on the Internet. I’m generally impressed by the new set of Facebook APIs—they’re a whole lot easier to work with than the older stuff—but they’re also clearly a bit half-baked and the privacy model needs some urgent work. The Graph API allows to to see all “open” events that any user has attended or is attending, which can exposes things like their friend’s home addresses. Yes, this means you can stalk Mark Zuckerberg. # 26th April 2010, 12:08 pm

Lazy Load Plugin for jQuery. I’m using this jQuery plugin to save some bandwidth when people first view my Redis tutorial slides. It unobtrusively replaces images on a page with a placeholder graphic, then sets them to load automatically as the user scrolls down the page. # 26th April 2010, 12:02 am development diary (via) is a e-mail forwarding service that lets you create an address that will only work for a few days (or a limited number of messages) and will forward messages on to your real account. It’s implemented using Node.js and Redis and the code is released under an MIT license. Philip Hofstetter, the developer, maintained a detailed development diary throughout which is worth reading if you’re interested in Node.js. # 23rd April 2010, 7:36 pm

Ruby-style Blocks in Python. Yes, yes, yes, yes. A proposal for muli-line lambda support in Python that doesn’t trip up on significant whitespace. If this gets in before the proposed feature freeze I’ll be a very happy Pythonista. UPDATE: This is a post from over a year ago, and it looks like the proposal has since stalled. # 23rd April 2010, 11:19 am

Introduction to nginx.conf scripting. Slideshow—hit left arrow to navigate through the slides. The nginx community is officially nuts. Starts out with a simple “Hello world” using the echo module, then rapidly descends down the rabbit hole in to array operations, sub-requests, memcached connection pooling and eventually non-blocking Drizzle SQL execution against a sharded cluster—all implemented in the nginx.conf configuration file. # 21st April 2010, 11:40 pm

The MessagePack Project. A cross-language efficient binary-based serialization library—“It’s like JSON, but very fast and small”. Claims to outperform protocol buffers for at least some benchmarks. # 21st April 2010, 10:55 pm

Blowing up HTML5 video and mapping it into 3D space. The canvas drawImage() method can take an HTML video element as its source, making all kinds of interesting effects possible. The author notes that performance was dramatically improved by copying the video frame in to a separate canvas element and then copying regions out of that element rather than grabbing regions from the video directly. # 21st April 2010, 9:30 am

RAIC? What’s that? (via) “Redundant Array of Independent Cloud providers”. Solve the cloud lock-in problem by storing data with multiple different providers from the start. # 20th April 2010, 8:43 am

jQuery special events. Ben Alman’s comprehensive guide to jQuery’s special events API, which allows you to register new kinds of events that can then be attached and detached using jQuery’s bind and unbind methods. Ben’s clickoutside event is a particularly useful example. # 17th April 2010, 9:08 pm

Flask 0.1 Released. Armin’s Flask (a Python microframework built around Werkzeug and Jinja2) is looking pretty solid for a two week old project—extensive documentation, comprehensive unit test support (and example applications with unit tests) and some very tidy API design. # 16th April 2010, 5:12 pm

Stack Overflow Blog: OpenID, One Year Later. Google’s support is a huge deal—61% of Stack Overflow accounts use Google. Google’s implementation of directed identity has caused problems though, since Google provide a different OpenID for each domain making it hard for Stack Overflow, Server Fault and Super User to correlate accounts. Their solution is to require a (verified) e-mail address from Google OpenID users using sreg and use that as a key for the accounts. # 14th April 2010, 8:46 pm incident report for 04/09/2010. An issue was posted to the Apache JIRA containing an XSS attack (disguised using TinyURL), which stole the user’s session cookie. Several admin users clicked the link, so JIRA admin credentials were compromised. The attackers then changed the JIRA attachment upload path setting to point to an executable directory, and uploaded JSPs that gave them backdoor access to the file system. They modified JIRA to collect entered passwords, then sent password reset e-mails to team members and captured the new passwords that they set through the online form. One of those passwords happened to be the same as the user’s shell account with sudo access, leading to a full root compromise of the machine. # 14th April 2010, 9:08 am

Step for Node.js. A further iteration on the attempts to make callback-based programming in Node.js easier to manage, this time making clever use of the ’this’ keyword to represent the next callback in the chain. # 13th April 2010, 11:02 am

Popular Science+. Matt Webb’s write-up of the Mag+ project, the platform behind the highly praised Popular Science+ iPad application. # 12th April 2010, 1:06 pm

What’s wrong with extending the DOM. Detailed explanation of the problems that crop up from extending built-in DOM objects using JavaScript, from Prototype developer kangax. Prototype 2.0 will be dropping this technique entirely—will MooTools follow suit? # 11th April 2010, 10:03 pm

jQuery UI: Trying to manipulate the position of a draggable mid-drag doesn’t seem to work. This has bitten me on two separate projects now—it’s the only problem I’ve had with jQuery UI’s draggables, which have otherwise been fantastic. # 11th April 2010, 9:59 pm

Of Building Blocks, Rosetta Stones and Geographic Identifiers. Yahoo! GeoPlanet is now mapped to identifiers from other gazetteers such as GeoNames, FIPS and IATA—and those identifiers are available via the GeoPlanet API. # 11th April 2010, 9:53 pm

twitter’s gizzard (via) Intriguing new open source project from Twitter. Gizzard is a sharding framework which provides a network service for partitioning data across arbitrary backend datastores, managing its own forwarding table to map key ranges to partitions and adding support for tree-based replication. # 11th April 2010, 9:39 pm

RFC5785: Defining Well-Known Uniform Resource Identifiers (via) Sounds like a very good idea to me: defining a common prefix of /.well-known/ for well-known URLs (common metadata like robots.txt) and establishing a registry for all such files. OAuth, OpenID and other decentralised identity systems can all benefit from this. # 11th April 2010, 7:32 pm

This is an outrage. Phil Gyford’s reaction to the reaction to the Digital Economy Bill. Ends on a positive note hoping that the online furor will result in more technology-minded people paying more attention to the UK political process. # 11th April 2010, 7:25 pm

Introduction to Surlex. A neat drop-in alternative for Django’s regular expression based URL parsing, providing simpler syntax for common path patterns. # 11th April 2010, 7:23 pm

Flash CS5 will export to HTML5 Canvas. This looks pretty awesome—Illustrator CS5 and Flash CS5 can export to a new “FXG” format, and Adobe are providing a JavaScript library to load that format via Ajax and render the contents (including Flash animations) in a canvas element. Could be great for displaying newspaper infographics on the iPad. # 11th April 2010, 6:33 pm

Copyright is hard. Dan Catt spots Adam Liversage (Director of Communications for the BPI, and hence right in the middle of the DEBill) suggesting his wife violate copyright on Twitter. # 11th April 2010, 2:26 pm

GitHub: Announcing SVN Support. The best kind of April Fool’s joke: one that works. It’s read-only, but that’s good enough to support referencing GitHub repositories from SVN externals. # 1st April 2010, 11:33 am