Comments

Tube; Security; Worrying

Posted by sh1mmer on Dec 31, 2006 in General

Security is good, right, but when you can hear This station is closed due to a suspect package. Please evacuate immediately. it is pretty worrying.

That said, in the time it took me to go in the living room and open my blog, the police turned up sirens blaring, lights blazing. If you don’t hear from me in the new year Boston Manor has exploded!

 
Comments

Apologies for the weirdocity

Posted by sh1mmer on Dec 31, 2006 in General

I’m currently doing a lot of experimentation with WordPress in an effort to improve this site. I have also updated the feeds to use FeedBurner. So if you get any duplicate posts or other weirdness I can only apologise.

Thank you for your patience.

 
Comments

Mystery Lift

Posted by sh1mmer on Dec 29, 2006 in Photos


It’s the mystery lift, where it stops nobody knows!

Russell P Preston presents the crazy world of Yahoo! Europe

 
Comments

Quicksilver; Agile Scruming; Laziness

Posted by sh1mmer on Dec 28, 2006 in Mac

At Yahoo! we use Scrum as part of our development process. While I really like Scrum, what it means for me personally is that I have to write a daily report of what I have been working on counted to the half hour.

Since I like to do everything with Quicksilver I've written a custom action which logs text to a daily log file. This allows me to leave myself time-stamped notes about what I have been doing throughout the day.

Installation:

  1. Open script editor and paste in the the script below.
  2. Change filePath to refer to where you want your logs to be kept note the use of the POSIX path and the trailing ":".
  3. Save the script to "~/Library/Application Support/Quicksilver/Actions/" with the name of whatever you want your text action to be with the extension .scpt. Mine is "log.scpt".

Usage:

  1. Load the Quicksilver panel (ctl+space normally)
  2. Press . to get a text pane
  3. Enter a note about the current task
  4. Press tab to switch to the actions pane
  5. Select log (or whatever you named your action)

The logs will appear in the directory you specified during installation in files named by date. By default they will open in console.app.

PLAIN TEXT
APPLESCRIPT:
  1. using terms from application "Quicksilver"
  2.     on process text theText
  3.         -- This is the directory your files live in. Don't forget the trailing :
  4.         set filePath to "Macintosh HD:Users:croucher:Documents:DailyLogs:"
  5.        
  6.         --Get today's date and time
  7.         set theDate to current date
  8.         set timeString to (time string of theDate)
  9.         set dateString to getNumericalDate(theDate)
  10.        
  11.         --set the target file to todays log in the log directory
  12.         set target_file to filePath & dateString & ".log"
  13.         --set the data to the time plus the message
  14.         set this_data to timeString & " " & theText & "
  15. "
  16.        
  17.         --open log file for writing
  18.         set the open_target_file to ¬
  19.             open for access file target_file with write permission
  20.         --write the data to the file
  21.         write this_data to the open_target_file starting at eof
  22.         --close the file
  23.         close access the open_target_file
  24.        
  25.     end process text
  26. end using terms from
  27.  
  28. to getNumericalDate(myDate)
  29.     if the month of myDate is January then
  30.         set numericalMonth to "01"
  31.     else if the month of myDate is February then
  32.         set numericalMonth to "02"
  33.     else if the month of myDate is March then
  34.         set numericalMonth to "03"
  35.     else if the month of myDate is April then
  36.         set numericalMonth to "04"
  37.     else if the month of myDate is May then
  38.         set numericalMonth to "05"
  39.     else if the month of myDate is June then
  40.         set numericalMonth to "06"
  41.     else if the month of myDate is July then
  42.         set numericalMonth to "07"
  43.     else if the month of myDate is August then
  44.         set numericalMonth to "08"
  45.     else if the month of myDate is September then
  46.         set numericalMonth to "09"
  47.     else if the month of myDate is October then
  48.         set numericalMonth to "10"
  49.     else if the month of myDate is November then
  50.         set numericalMonth to "11"
  51.     else if the month of myDate is December then
  52.         set numericalMonth to "12"
  53.     end if
  54.     return year of myDate & numericalMonth & day of myDate
  55. end getNumericalDate

Technorati Tags:
, , ,

 
Comments

Santa with his pants down

Posted by sh1mmer on Dec 27, 2006 in Photos

Someone wanted to humiliate Santa in the pound store. I guess they have a whole year to be good to make up for it now though.

Technorati Tags:
,

 
Comments

Universal tubbiness be gone

Posted by sh1mmer on Dec 26, 2006 in Mac

In the post Christmas period while we are all loosening our belts you can reduce the size of those universal apps you've downloaded using Trim The Fat. Simply drag and drop universal binaries to remove the unwanted PPC/Intel part. I saved around a gigabyte, which is a pretty decent amount on my laptop.

Trim The Fat is less fully featured and shiny than Xslimmer but it does the job and it is free, which is a definite bonus. I would like to see Trim The Fat ramp up to compete with the Xslimmer feature set but I doubt that's going to happen.

N.B. You should close down any apps before you trim them because forgot and it seemed to create duplicates.

Technorati Tags:
,

 
Comments

Merry Christmas!

Posted by sh1mmer on Dec 25, 2006 in General

Go look at some random Christmas joy!

 
Comments

Costa; Suckage; Web 0.9

Posted by sh1mmer on Dec 24, 2006 in General

Dear Costa Co,

Your web site could use a little touch up. However I'm unable to write. Please see the attached photo for details.

Yours sincerely,
Tom

www.costa.co.uk contact us page, which simply shows the text "Coming Soon"

 
Comments

Security; AJAX; JSON; Satisfaction

Posted by sh1mmer on Dec 23, 2006 in JavaScript

Well, for a while I've been trying to prove that either it is, or isn't, possible to XSS a JSON return which is wrapped in { }.

While it is well known that it is possible to exploit the return of a JavaScript array, I've been trying to establish if it is also possible with generic objects conforming to the JSON standard.

PLAIN TEXT
JAVASCRIPT:
  1. {
  2.     "glossary": {
  3.         "title": "example glossary",
  4.         "GlossDiv": {
  5.             "title": "S",
  6.             "GlossList": {
  7.                 "GlossEntry": {
  8.                     "ID": "SGML",
  9.                     "SortAs": "SGML",
  10.                     "GlossTerm": "Standard Generalized Markup Language",
  11.                     "Acronym": "SGML",
  12.                     "Abbrev": "ISO 8879:1986",
  13.                     "GlossDef": {
  14.                         "para": "A meta-markup language, used to create markup languages such as DocBook.",
  15.                         "GlossSeeAlso": ["GML", "XML"]
  16.                     },
  17.                     "GlossSee": "markup"
  18.                 }
  19.             }
  20.         }
  21.     }
  22. }

This is the example JSON provided by json.org. If you encapsulate this directly in <script> tags then browsers will throw an error.

I have tried to overwrite the object constructor in all the major browsers. None of Yahoo's A-grade browsers will call the constructor for these object returns, because of the object exception.

I have come to the conclusion that browsers parse { } because as a script block not an object, but will not parse an actual object without a label. Tim and I were talking about this and agreed that the parser allows [] without a label for the construction of anonymous arrays to make multi-dimensional arrays. Good thinking Batman Tim!

What does all this mean? In effect that means that using a JSON return in as per the example wrapped in { } means it can't be used for XSS. Using a simple array return is still as vulnerable as ever.

Technorati Tags:
, , ,

 
Comments

Applescript glue; dropplet magic

Posted by sh1mmer on Dec 21, 2006 in Mac

Norm wrote a super perl script to ensure that when you open iCal files sent to a mailing lists it uses the correct to address. This avoids having to have all the mailing list addresses in your own card in your address book. However he did note that OS X doesn't allow you to set a perl script as a file action. So it is impossible to open ics files with the perl by default.

After some googling I came up with this Applescript. It's a small 'droplet' which takes a file input and then calls the perl function after translating the path into POSIX for it. This script is great to act as glue between the GUI and CLI applications.

PLAIN TEXT
APPLESCRIPT:
  1. on open icsFileRef
  2.     set icsPath to quoted form of POSIX path of icsFileRef
  3.     do shell script "perl /Applications/AppleScript/Scripts/fixics.pl " & icsPath
  4. end open

Apple have a more complete description of how to write out dropplets to handle things like multiple file types and folders and nested folders etc. I like the idea that you could make a launcher droplet in applescript which would then exectute whatever else you wanted for each file type, context, etc.

Technorati Tags:
, ,

Copyright © 2012 Kid666 Blog All rights reserved. Base theme by Laptop Geek.