Simon Willison’s Weblog

mmalone’s django-caching. Mike Malone shares code used by Pownce to add QuerySet level caching to Django. It’s a smart implementation—a CachingQuerySet class inspects the arguments passed to get(), and if they’re just a straight forward exact PK lookup hits memcache for the object before hitting the database. Signals are used to invalidate the cache.

# 7th May 2009, 7:36 am / caching, django, mike-malone, pownce, querysets, signals

[REDACTED]. Now that the iPhone NDA has been lifted be prepared for a flood of useful tips about the platform. Here’s Craig Hockenberry explaining how iPhone URL schemes work (used to great effect in the Pownce app for returning to the right place post-OAuth authentication in Safari).

# 1st October 2008, 10:34 pm / craig-hockenberry, iphone, nda, oauth, pownce, urls, urlschemes

OAuth on the iPhone. Mike from Pownce explains their superbly implemented OAuth flow for the Pownce iPhone app, and how much push-back they got on it from regular users. One interesting point is that an iPhone application could “fake” a transition to mobile safari using core animation as part of a sophisticated phishing attack. This is a flaw in the iPhone OS itself—it does not offer a phishing-proof chrome as part of the OS.

# 12th September 2008, 9:47 pm / iphone, mike-malone, oauth, phishing, pownce, security

Reviews of the Pownce app on the iPhone app store on Flickr. I had to stitch together a screenshot because you can’t actually link to content in the App Store (unless you don’t care that people without iTunes won’t be able to follow your link). Three out of the four reviews complain about the OAuth browser authentication step, which is frustrating because Pownce have implemented it so well.

# 12th August 2008, 11:05 am / appstore, iphone, itunes, oauth, phishing, pownce, security, usability

Exposure (iPhone app) behaves suspiciously. Exposure on the iPhone does OAuth-style authentication incorrectly—it asks the user to authenticate in an embedded, chromeless browser which provides no way of confirming that the site being interacted with is not a phishing attack. Ben Ward explains how the Pownce iPhone app gets it right in the comments. Exposure author Fraser Spiers also responds.

# 12th August 2008, 7:47 am / ben-ward, exposure, flickr, iphone, oauth, phishing, pownce, security

James B. on Pownce (via) James Bennett has started using Pownce for sort of medium-format blog entries, longer than a tweet but shorter than a blog essay and delivered with a healthy dose of snark.

# 2nd May 2008, 9:15 pm / blogging, james-bennett, pownce, snark

PownceFS. Not a joke: it’s a Fuse filesystem (written in Python, using OAuth for authentication) which exposes a directory for each of your friends on Pownce containing the files that they have uploaded.

# 22nd March 2008, 11:18 pm / fuse, oauth, pownce, powncefs, python, richard-crowley

Cashing in the Bling. Pownce is open to the public, and Leah has written up some neat friend importing tricks that take advantage of the pre-existing “profile bling” links to profiles on other sites. I hope to do something smart with the profile links on Django People in the future, although I’m not convinced the site would benefit from a “friends” mechanism.

# 23rd January 2008, 3:17 pm / bling, django-people, portablesocialnetworks, pownce

Interview with Leah Culver: The Making of Pownce. Django + Perlbal + S3 + AIR.

# 7th July 2007, 10:05 pm / air, django, leah-culver, perlbal, pownce, python, s3