Brian Mastenbrook has discovered a really bad security hole in Safari RSS:
I have discovered that Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. This can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites. The vulnerability has been acknowledged by Apple.
All users of Mac OS X 10.5 Leopard who have not who have not performed the workaround steps listed below are affected, regardless of whether they use any RSS feeds. Users of previous versions of Mac OS X are not affected.
He hasn’t released details yet, presumably to give Apple time to release a patch, so I don’t know what the bug is. But it’s my fault, since I either wrote the bad code myself, or at least didn’t notice a mistake a co-worker made. And since I’m not at Apple anymore I can’t help fix it.
Shit. I’m sorry, everyone.
FYI, I ended up taking the position at Google. I started two weeks ago, and it’s been quite exciting, despite (or because of) the “drinking from a fire-hose” aspect of learning my way around the big G.
I’m on the Google Sites team. I’ve been interested in wikis for years, and now I get to actually work on one. (Although Sites, née JotSpot, is not a typical wiki.)
I could write a lot about my experience of Google so far. It’s quite an interesting place. Merely learning about how some of their internal systems operate has been jaw-dropping. (Do you have any idea how much hard disk space Google has? Or how many CPUs? Or how many search queries they handle? Unfortunately I don’t think I’m allowed to tell…)
For now I just wanted to say that I’m not in the job market anymore. Also, that I really like all the free food :-d
I’m fooling around with Soup, a newish micro-blogging service I just discovered. I’ve never signed up for tumblr or its other clones, but I’m kind of smitten with Soup, so I set up my own:
beautiful snej soup, yum
I’ve got it aggregating stuff from my del.icio.us, flickr and last.fm accounts, as well as this blog. And I’m directly posting some things I’ve run across today, via its very nice bookmarklet.
Part of the reason I got sucked in is that Soup has the single best new-user experience I’ve ever seen on the web. You just click the “try it” button on the home page, and you get your own soup blog. No signup, no registration, just instant gratification. Then you can slide open the control panel (that slider itself is a beautiful piece of UI), import from your other social sites, and fool with the settings, all in privacy. Only after you’re hooked do you need to press the Create button and choose a username and password, whereupon your soup goes live. It’s brilliant — the web equivalent of the “untitled document” UI introduced in the ‘70s by the Xerox Star.
Anyway, please take a look and join me! (It’s not obvious from the untitled-blog experience, but Soup has friends and groups like other social networks.)
I need a few brave people to test a pre-beta app for me. No, this is not Cloudy; it’s another app I’ve been working on in parallel. It’s called Your Move, and it’s the expanded version of my GeekGameBoard sample code. It lets you play board games against a human opponent; either at the same machine, over a local network, or by sending moves via email or iChat.
To test Your Move you need to
If you’re interested, please
Thanks!
(This is more or less to the tune of Rock’n’Roll High School, or any other Ramones song for that matter. You have to imagine Joey Ramone singing it. Johnny, you just switch between C and F every couple of lines, got it?)
Well, back in March I got my feelins hurt When Apple wouldn’t gimme no developer cert The SDK they gave me had a “simulator” — Fooled around with it, then said “see you lator!”
(iPhone, iPhone, iPhone developer)
Don’t care about iPhones on my screen ‘Cause that’s not where I wanna been I just wanna run on the Device I just wanna make it look nice
(I wanna be, an iPhone developer)
On Friday all the lucky devs they got paid But my real cert came in the email today Got my key set up, my device provisioned Got my noob questions sent to the cocoa-dev list
Now I R a l33t iPhone developx0r Gonna sell my app at the iPhone App Store I’m gonna price it at 99 cents In a couple weeks, it’ll be payin’ my rent!
(L33t, l33t, l33t, l33t iPhone developx0r)
My app’s so rad, it’s got things to-do When you go to White Castle it’ll get your tip too Gonna raise it to a buck ninety-nine When all of you buy it, I’ll be doin’ fine!
Now I finished my app, I put old books in it too, Plus some Texas Hold’em and a sudoku It’ll even tell you ‘bout the stars at night And a bright white screen makes a bitchen flashlight!
I put it on the store for twenty-nine bucks, But the reviews are all “D00D, UR APP IS TEH SUX! ! ! !”
(L33t, l33t, l33t, l33t iPhone developx0r…)
Stickies and I hadn’t spoken in a while, but it called me this morning to announce it’s made its acting debut in a music video! That was unexpected, to say the least, but it’s an exciting career move, and I had to congratulate it; it does a great job:
Stickies makes its entrance at 0:53, if you want to skip directly to it, but really the entire video (and song) are excellent. I just wish they’d used Stickies in the opening scenes instead of Word—face it, Word is over the hill, especially that old Office 2004 version. (Did you see the bags under the Office Assistant’s eyes? Stickies told me they dragged it straight out of the Betty Ford Center to shoot those scenes, and it couldn’t remember any of its lines even though they were right up on the screen next to it in giant print. It’s sad, really. At least it hasn’t OD’d yet like that pathetic paperclip.)
This seems to be a fan-made video, by the way; but I think it’s better than the official one. Now the question is: will Apple use this in a commercial? I think they should!
[via 37signals]
Speaking of my projects, here’s a different one that’s actually finished: a new mix entitled The Fall Of The Towers.
I finished it four days ago and I’m still very pleased with it. Several of the overlays and transitions feel like they’ve become more than the sum of their parts—that’s what I aim for, but don’t always attain.
I got about 14 minutes of fame back in January with a blog post, wherein I grumbled about (among other things) how I disliked Apple’s culture of secrecy, and announced that I’d left Apple to work on my own, unspecified, project. In the intervening three months, I haven’t said anything about what that project is, almost as though it were … secret.
The irony of this is not lost on me.
Admittedly, there are things about my app that I do want to keep under my hat until they’re ready to show off in their full glory. I want to spend my one minute of remaining fame wisely; ideally accompanied by a large friendly “BUY NOW” button on my website.
But the main reason I haven’t been talking is just that I’ve been lazy. Well, not lazy, but focused on coding rather than talking. I’m mindful of a quote by (I think) John Crowley, which goes something like:
—There are two kinds of poems: the ones you write, and the ones you talk about writing. They’re both important, but never get mixed up about which kind you have.
I feel like I’ve been talking about writing this type of app (if only to myself) for a decade now, so it’s really been time to buckle down and make it happen.
But now I’ve got a lot of stuff up and running, and I’m excited about it, and feeling annoyed that I can’t just blab about my progress. Oh wait, but I can! So starting now, I’ll be writing about my project here — I want to post high-level overviews, geekier details of the innards, and progress notes. Sort of like those “developer diaries” the videogame sites love to run.
The catch is that I’m going to talk about the architecture of the app, and its core functionality … but not the primary user-level feature, the selling point. Not yet. Even without that, I hope this will still be interesting to some of you.
Cloudy is a comic-strip character my son Jed started drawing two years ago, when he was ten.
I’ve already appropriated Cloudy in the past for a mix CD and a t-shirt, so it was a no-brainer to make her the mascot of my new project as well.
I suspect the app itself will have a more descriptive name by the time it ships, but Cloudy’s a good name to keep for the underlying architecture. And what’s that?
Next: What Cloudy Is.
Arthur C. Clarke’s death hit me harder than other recent obituaries, even though it’s been decades since I read much by him. His were some of the first science fiction stories I read, at the age of ten or eleven; and for several years after that he was my favorite author.
I remember, during one of our long summer trips visiting the extended family in Germany, finding one of his story collections in the small English-language section of a public library. I read it over and over and over. I don’t remember which book it was, but it had some of his classic stories like “The Sentinel”, which became the inspiration of the film “2001”.
A bit later, it became my life’s highest priority to see that film. I had the novelization, and the making-of book The Lost Worlds Of 2001, and the soundtrack record (which itself was a big influence on me musically). But this was before video rentals, when you had to wait patiently for a movie to show up in a theater. Fortunately there were correspondingly a lot of theaters that showed older movies; but it still took months of poring over the newspaper theater listings before I finally found a showing of “2001” and dragged my dad to take me to see it. And it was worth the effort: I’d never seen anything like it. (This must have been 1976 or early ‘77, since it was before “Star Wars” came out.)
Clarke wrote a lot about space travel, but when I think back, what really blew my mind about his fiction wasn’t space but time. He was good at portraying far distant, alien futures, as in the book The City And The Stars, set on an Earth turned desert, lit by a burning-out Sun, with only one city left (thanks to its “eternity circuits” that defeat entropy and keep everything the same.) I also remember a story from that book I read in Germany, in which a future dictator has himself put into suspended animation in a sealed vault, and Clarke describes the infinitely slow processes of geological change taking place outside as millions of years pass, before he awakens.
It’s fourth-dimensional vertigo, staring dizzily into time, and I’m forever in his debt for acquainting me with it.
I had lost this historical document for a long time, but finally found it the other day on an old backup CD. It’s the original 1997 sketch I made of a chat user interface based on speech balloons. Read the rest of this entry »
