Home >  Archive >  2011 >  December >  17

Previous / Next

Christmas Tree
This site contributes to the scripting.com community river.

Scripting News -- It's Even Worse Than It Appears.

About the author

A picture named daveTiny.jpgDave Winer, 56, is a visiting scholar at NYU's Arthur L. Carter Journalism Institute and editor of the Scripting News weblog. He pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in New York City.

"The protoblogger." - NY Times.

"The father of modern-day content distribution." - PC World.

"Dave was in a hurry. He had big ideas." -- Harvard.

"Dave Winer is one of the most important figures in the evolution of online media." -- Nieman Journalism Lab.

10 inventors of Internet technologies you may not have heard of. -- Royal Pingdom.

One of BusinessWeek's 25 Most Influential People on the Web.

"Helped popularize blogging, podcasting and RSS." - Time.

"The father of blogging and RSS." - BBC.

"RSS was born in 1997 out of the confluence of Dave Winer's 'Really Simple Syndication' technology, used to push out blog updates, and Netscape's 'Rich Site Summary', which allowed users to create custom Netscape home pages with regularly updated data flows." - Tim O'Reilly.

8/2/11: Who I Am.

Contact me

scriptingnews1mail at gmail dot com.




My sites
Recent stories

Recent links

My 40 most-recent links, ranked by number of clicks.

My bike

People are always asking about my bike.

A picture named bikesmall.jpg

Here's a picture.


December 2011

Nov   Jan


A picture named warning.gif

FYI: You're soaking in it. :-)

A picture named xmlMini.gif
Dave Winer's weblog, started in April 1997, bootstrapped the blogging revolution.

The best tech city in the US Permalink.

The best tech city in the US is not New York. For one very simple reason.

The Internet service in NY, for the average home, on average, sucks.

A picture named speedtest.gif

I'm using Time-Warner now. It's the only option for most NYers (or something like it).

NY has internet for consumers. It's no good for creators.

RSS auto-discovery Permalink.

If you want to tell an application where the RSS feed for the site is, include a <link> element in the <head> section of the HTML document with the following attributes:

1. rel = "alternate"

2. type = "application/rss+xml"

3. title = "RSS"

4. href = the address of the feed.

For example, this is the link element, which is included in the head section of every page in this blog, that helps you discover the feed.

<link rel="alternate" type="application/rss+xml" title="RSS" href="http://scripting.com/rss.xml" />

Note: This feature has been around since 2002, but I didn't have a current page that explains it. The original page is on the Radio UserLand site.

Conclusions about oEmbed Permalink.

0. Disclaimer. Rather than hold my conclusions to myself, it's better to put them out there and let them be debugged publicly. None of this is personal, so I hope people don't take it personally.

1. The oEmbed spec documents two ways to get from the HTML source of a page to the content it contains. One method is simple, let's call it the link method. I could implement it in an afternoon for the Scripting2 blogging software. I have something very much like it, already working. Each story on this site, including this one, has a link to an OPML document. From there, any kind of rendering is possible. The key thing is I'm getting to all the content of the page, with none of the overhead/template stuff. One link element in the HTML is all it takes to make this work.

2. No one implements the simple way. They all do the complicated way.

3. There's a short list of service providers included in the doc. Pragmatically, if you want to be part of the oEmbed club, you have to get them to list your service in the implementations section of the spec. Otherwise how would people find out about your service?

A picture named joeMontana.gif4. The simple way of doing it has ample prior art and works well. We use it in RSS for connecting feeds to HTML pages. And for RSD, which tells editing software who to call to edit the source of the page (which seems fairly related to oEmbed).

5. I think the security argument is bogus. The oEmbed spec has a section that explains how to keep a bad actor from doing a XSS exploit or accessing cookies they have no right to access.

6. The security argument is no different from the argument against embeds in general. We embed tweets from Twitter or videos from YouTube without questioning what they might inject into our reader's browsers. Why does WordPress trust them more than they trust me? I think this problem has to be addressed in some other way.

7. I would deal with the security issue differently. Strip all markup. And use a structural format like OPML so the way the page is arranged can be transmitted without taking any risks that something nefarious is coming along for the ride.

8. If I implement it I will only use the simple method. I don't see any upside in using the complex method. I will listen to what the oEmbed spec says to do from a security standpoint.

9. I also include a link to the OPML in my RSS feed. Screen shot. I want you to find it, so I leave little hints around everywhere I can think of. :-)

Anyway, that's my thinking on this for now.

© Copyright 1997-2011 Dave Winer. Last build: 12/17/2011; 6:29:22 PM. "It's even worse than it appears."

RSS feed for Scripting News

Previous / Next