Simon Willison’s Weblog

Thursday, 2nd August 2007

A nice example of when to use reduce in python. As a shortcut for assembling a large OR query using the Django ORM. # 11:51 pm

Professional Contractors Group. “PCG is the only cross-sector, not-for-profit trade association for freelance consultants and contractors.”—based in the UK. # 11:27 pm

(somewhat) breaking the same-origin policy by undermining dns-pinning. This is the best technical explanation of the DNS rebinding attack I’ve seen. The linked demo worked for me in Safari but not in Camino. # 12:53 pm

Your browser is a tcp/ip relay. Thoroughly nasty new(ish) attack that breaks the same-domain policy and allows intranet content to be stolen by a malicious site. Using virtual hosts (hence requiring the Host: header) is the best known protection. # 12:53 pm

Side-Channel Attacks and Security Theatre. “In order to mount most of these attacks the attacker must be local [...] every good security person knows that if your attacker has the ability to run stuff on your machine, it is game over, so why are we even caring about these attacks?” # 12:30 pm

Cabochon event server. Written in Python (on top of SQLObject and Paste), uses JSON for messages, allows event consumers to subscribe with a callback URL. # 8:36 am