Simon Willison’s Weblog

Subscribe

Thursday, 27th September 2007

Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge.

# 10:29 am / csrf, gmail, google, security, vulnerability

WebRunner 0.7—New and Improved. A simple application for running a site-specific browser for a service (e.g. Twitter, Gmail etc). This is a great idea: it isolates your other browser windows from crashes and also isolates your cookies, helping guard against CSRF attacks.

# 1:55 pm / browsers, csrf, gmail, security, sitespecificbrowsers, twitter, webrunner, xulrunner

WordPress 2.3: Canonical URLs. Fantastic to hear that WordPress 2.3 supports this, and that they picked the right terminology for it (I’ve called the same thing “disambiguated URLs” in the past).

# 2:03 pm / canonicalurls, disambiguatedurls, mark-jaquith, urls, wordpress

Halo 3 Site Demonstrates Flaws in SilverLight. The Halo 3 “interactive manual” is like a throwback to Flash in the late 90s—“skip intro”, pointless transitions, text you can’t select or enlarge, links that aren’t links—all wrapped up in an ugly blob (only this time it’s XML instead of binary data).

# 2:38 pm / flash, halo3, microsoft, silverlight, usability

DbMigration—a schema migration tool for Django. Nice and simple tool for adding schema migrations to a Django application.

# 3:04 pm / django, djangoorm, migrations, orm, python, sql

Large codebases are the problem, not the language they're written in. Find a way to break/decompose big codebases into little ones.

Bill de hÓra

# 3:11 pm / bill-de-hora, programming, complexity, lesscode

CSS Sprite Generator (via) Upload a zip file of images and get back a CSS sprite plus a set of pre-calculated background image rules. Tool built by Ed Eliot and Stuart Colville for their forthcoming book “High Performance Web Site Techniques”.

# 10:59 pm / css, csssprites, edeliot, performance, spritegenerator, stuart-colville