Simon Willison’s Weblog

Subscribe
Atom feed

Blogmarks

Filters: Sorted by date

The Adobe PDF XSS Vulnerability. If you host a PDF file anywhere on your site, you’re vulnerable to an XSS attack due to a bug in Acrobat Reader versions below 8. The fix is to serve PDFs as application/octet-stream to avoid them being displayed inline.

# 11th January 2007, 4:23 pm / adobe, pdf, security, vulnerability, xss

OpenID Speech at Webtuesday Zurich. Good set of slides, along with the tidbit that local.ch (which had slippy maps years before Google) is implementing OpenID.

# 11th January 2007, 3:27 pm / maps, openid, slides

Choosing Secure Passwords. Bruce Schneier describes the state of the art in password cracking software.

# 11th January 2007, 2:55 pm / bruce-schneier, passwords, security

Ubuntu sugar cookies (via) Different coloured dough is used to bake the Ubuntu logo in to the cookies themselves, kind of like making sushi rolls.

# 11th January 2007, 2:49 pm / cookies, cooking, ubuntu

Design Comics Templates 1.0 (via) Free OpenOffice slides with cartoons suitable for use in technical storyboards.

# 10th January 2007, 11:31 pm / openoffice, slides

What Python looks like naked. Michal Wallace has been doing some really interesting work writing purely functional code in Python. His latest experiment replaces all of the basic Python statements with equivalent functions.

# 10th January 2007, 11:22 pm / functional, michal-wallace, python

Atom API for AOL Journals. AOL are doing some really cool things with the Atom Publishing Protocol.

# 10th January 2007, 11:06 pm / aol, app, atom

AACS: Extracting and Using Keys. Another DRM system bites the dust, this time when it’s only just made it out of the gate.

# 10th January 2007, 11:05 pm / aacs, drm, futility

Offline Gmail and Blogger Using the Dojo Offline Toolkit. These are just mockups at the moment, but they’re a useful illustration of how offline browsing modes for Web applications could work.

# 10th January 2007, 12:40 pm / blogger, dojo, gmail, javascript, offline, sitepen

Nginx vs. Lighttpd for a small VPS. My VPS is still running nginx with no problems at all.

# 10th January 2007, 11:31 am / hosting, lighttpd, nginx, vps

Microsoft Breaks HTML Email Rendering in Outlook 2007. They’ve dropped the IE renderer and replaced it with... Microsoft Word! No CSS background images, no floats, no CSS positioning, no forms. Wow.

# 10th January 2007, 8:18 am / css, htmlemail, microsoft, outlook, outrageous

AirPort Extreme. New today, but didn’t make the keynote. You can plug a USB hard drive in to it and access it over the network.

# 9th January 2007, 7:22 pm / airportextreme, apple

macrumorslive.com. The MacRumors ajax keynote coverage gets better every time—now they have live photos in addition to the text updates. Simple but effective.

# 9th January 2007, 5:11 pm / ajax, apple, javascript, keynote, macos, macrumors, simplicity, steve-jobs

IE JScript Performance Recommendations Part 3. Once again, Microsoft’s official advice is to avoid closures entirely rather than learn how to use them safely. Sigh.

# 9th January 2007, 11:48 am / closures, internet-explorer, javascript, microsoft

OpenID Questions. I’ve attempted to provide answers in the comments.

# 9th January 2007, 11:46 am / jrconlin, openid

Shelves in Subversion (via) Useful revision control concept that I haven’t seen before.

# 9th January 2007, 11:41 am / revisioncontrol, subversion

Guide to the Dabble DB Plugin API (via) This is really nice—Dabble POSTs your plugin script a bunch of CSV values, your script returns CSV for the derived fields. Doesn’t seem to state which flavour of CSV though.

# 9th January 2007, 11:37 am / api, chad-fowler, csv, dabbledb, plugins

Apple’s Next-Generation Themes. Cabel’s spotted an Apple patent with screenshots of their in-house tool for creating resolution independent user interface themes.

# 8th January 2007, 11 pm / apple, cabel-sasser, design, macos, patent, ui

The Second Life Viewer is now open-source (via) I’d heard that the biggest barrier to this was the need to protect the SL economy from malicious disruption. The FAQ is fascinating, and a real tribute to open-source principles.

# 8th January 2007, 6:47 pm / open-source, secondlife

mimeparse.py (via) Parsing mime-types is harder than you might think.

# 8th January 2007, 6:43 pm / james-bennett, mimetypes, python

Buggy Saints Row: The Musical. An inspired musical piss-take from Cabel Sasser.

# 8th January 2007, 6:08 pm / cabel-sasser, funny, musical, saintsrow

rathergood Plush Toys product demos. The ones that weren’t eventually manufactured include a Rock Otter and a Northern Kitten.

# 8th January 2007, 1:30 pm / joel-veitch, otters, rathergood

rathergood.com toys. Ninja and Viking kittens, a Blode and even a Spongmonkey!

# 8th January 2007, 12:11 pm / kittens, rathergood, spongmonkeys, toys

supervisor2. I haven’t tried this yet, but looks like a decent process monitoring tool. It even has an XML-RPC interface.

# 8th January 2007, 1:19 am / python, supervisor, xml-rpc

Why doesn’t Python have more data format readers in the stdlib? I for one would love to see simplejson included in the standard library, with or without a C implementation.

# 8th January 2007, 1:03 am / json, python, stdlib

ephemeral profiles (cuz losing passwords is common amongst teens). Lost your password? Create a new profile; you had too many friends you didn’t know anyway.

# 7th January 2007, 10:37 pm / danah-boyd, myspace, passwords, teens

MoneySavingExpert. Don’t let the cheesy design fool you; this site actually has some really useful (apparently trustworthy) UK personal finance advice.

# 7th January 2007, 10:32 pm / personal-finance, uk

Writing a Jokosher extension. I like the way API calls are made through an API object passed to the extension’s startup function.

# 7th January 2007, 10:25 pm / api, jokosher, python, stuart-langridge

The Dojo Offline Toolkit. The Dojo Offline Toolkit will be a small, cross-platform, generic download that enables web applications to work offline.

# 7th January 2007, 10:24 pm / dojo, javascript, offline

Years

Tags