Excellent reading for web engineers: How to consume RSS safely.
Mark lists 10 HTML elements that must be stripped to safely display HTML from an RSS feed. He mentions stripping
Sure, you’ll want to leave
<img> tags in the RSS feed, but what about those nasty
I had a chuckle when I read these two bullet points in the Mozilla Firebird 0.6 Known Issues release notes:
- Form auto-complete is still an unstable feature and may lead to crashes.
Followed immediately by:
- Disabling of form auto-completion is not working.
Makes me wonder why I’d ever consider using something other than the World’s Most Popular Browser.
Those wacky virus people have done it again. The email@example.com virus (W32.Sobig.A@mm) has mutated into the firstname.lastname@example.org virus (W32.Sobig.B@mm).
Ariella and I were chatting about this over lunch. She suggested that if the government simply bought the rights to distribute Norton Antivirus and legislated that it be installed on all computers, we could do the economy some good. Congress would probably be a little reluctant to write a check for $8 billion (back-of-the envelope calculation: ~200 million Windows PCs times $40 a copy), but it would probably pay off over the long term. The Slammer virus alone apparently cost $1.2 billion in lost productivity. And that was just in the first 5 days alone!
Think about it. The US Postal Service checks our snail mail for Anthrax. Why shouldn’t the government check our e-mail for viruses?
In the meantime, perhaps we should invest in some SYMC.
A superb idea today from Yahoo! alumnus Mikel Maron:
Reactive Links. Anytime someone click-thrus on these redirect links, the service records that action… more active links could be big and red and quiet links could small and blue, or whatever you like. These links change their character depending on their usage. [Brain Off]
It reminds me of a little bit of internal visualization our data mining group did where a modified version of the Yahoo! homepage showed a click-percentage count next to each hyperlink on the page. You could pretty easily see that people were always interested in clicking on certain elements on the page (such as the word “Free”) and that you could also induce users to try different Yahoo! services by occasionally highlighting one of them (by displaying them in bold or with a background color).
Changing the size of the links is another interesting visualization technique, but it can throw off the page layout so much that it becomes distracting and less helpful.
We’re thinking about buying a Mac.
One of the things that has been holding us up is lack of support for Hebrew software. Until Mac OS X 10.2 was released, the operating system didn’t even offer native support for Hebrew. However, we’re still waiting for some important applications (such as NisusWriter) to come out with OS X native releases.
Last week I saw an email to the hebrewcomputing Y! group which listed off a list of some good Hebrew software for “real Hebrew computing” on Mac OS X.
- Mellel for word processing (full Hebrew support)
- OS X Mail app for Hebrew email
- Safari and Camino for Hebrew web browsing
- iChat and icy juice for instant messaging in Hebrew
- iCal for calendar with Hebrew support
- OS X address book with it’s built in Hebrew support
- Keynote with the Hebrew template and direction services for Hebrew presentations
Now all we need are OS X editions of the Gemara and Tanach.
I’ve gotten about 5 or 6 copies of this spam message today:
Date: Mon, 5 May 2003 20:28:48 -0700
From: Administrator <Admin@CorporateKiller.com>
Subject: Corporate Killer COOL
you must invest money in http://www.corporatekiller.com/
After such a persuasive argument, I’d be intersted in making an investment. Corporate Killer, I’ve got my checkbook ready!
I wrote back in March about the fact that Yahoo! is hiring and wondered aloud if that means that the tech economy is starting to recover.
I just got an email from a headhunter looking to hire a Senior Software Engineer in Menlo Park, CA.
We are seeking an experienced software engineer to build web based applications and backend services. The ideal candidate combines expertise in object oriented software development using C++ and Perl along with a strong background in web based technologies like XML, XSLT, etc.
Hey, if headhunters are starting to make cold-calls (or cold-emails), I guess this is a good sign…
I got this email today, and I almost believed it. It’s a typical http://user:password@hostname/ trick. In this case, the user is tricked into thinking that http://www.paypal.com:email@example.com/ is a PayPal URL when in fact it’s actually a website served up by http://p9.da.ru/
Here’s the full source of the email message:
Received: from m1.netfirms.com (m1.netfirms.com [188.8.131.52])
by netspace.org (8.11.6/8.11.6) with SMTP id h410rTR11497
for <firstname.lastname@example.org>; Wed, 30 Apr 2003 20:53:29 -0400
Received: (qmail 48211 invoked from network); 1 May 2003 00:53:51 -0000
Received: from unknown (@192.168.60.10)
by m1.netfirms.com with QMQP; 1 May 2003 00:53:51 -0000
Date: 1 May 2003 00:53:51 -0000
To: "" <email@example.com>
From: "PayPal Staff" <firstname.lastname@example.org>
Subject: PayPal System Update *Urgent Please Read*
X-Spam-Status: No, hits=3.7 required=5.0
<P>Dear PayPal User,</P>
<P>Today we had some trouble with one of our computer systems. While
the trouble appears to be minor, we are not taking any chances. We decided to
take the troubled system offline and replace it with a new system. Unfortunately
this caused us to lose some member data. Please follow the link below and log
into your account to make sure your information is not affected. Account
balances have not been affected.</P>
<P>Because of the inconvenience this causes we are giving all users that
repair their missing data their next two incoming transfers for free! You will pay
no fees for your next two incoming transfers*. </P>
Thank you for using PayPal!</P>
<P><BR>* - If fees would normally apply, you will not pay anything
for the next two incoming transfers you receive. </P>
<P>PROTECT YOUR PASSWORD<BR>NEVER give your password to
anyone and ONLY log in at PayPal's website. If anyone asks for your
password, please follow the Security Tips instructions on the PayPal
I don’t know who has the power to do this, but p9.da.ru should be shut down ASAP.
In the meantime, I’m going to crank up the score for HTTP_USERNAME_USED in my SpamAssassin user_prefs file.
Got this email from Tellme today:
Date: Thu, 3 Apr 2003 01:10:11 -0800 (PST)
From: Tellme Studio <email@example.com>
Subject: Tellme Studio program change
Tellme has made many investments in VoiceXML over the past four years.
One of these investments was in the Extensions program, with the goal
of making VoiceXML a more utilized public standard. Now with VoiceXML
well on its way to standardization in the W3C and with hundreds of
thousands of VoiceXML applications in production, it is clear that
investment has paid off. It is time for us to retire the Extensions
program and invest in other areas. As of Wednesday, April 9th we will
no longer host Extensions on 1-800-555-TELL or
http://studio.tellme.com. Developers can continue to build VoiceXML
applications on Tellme Studio.
Thank you for your individual contribution in making VoiceXML the most
widely-used and successful voice standard in the world.
The Tellme Development Team
Damn, that sucks.
For sale on eBay: UN Security Council Vote On Gulf War Redux
I wonder if the Chilean government will petition eBay to pull this from the site.