Archive for May, 2005

Next Entries »

Security in Mac Dashboard Widgets?

Published May 5, 2005 Technology Leave a Comment

Apple’s new Dashboard in the Tiger version of OS X allows you to place lots of handy little applications, called widgets, on a translucent layer over your main desktop, making it easy to call up the weather forecast, current time, measurement conversion utilities, etc.

It’s a very nice addition to the OS, and I foresee lots of use of it.

Widgets are built using simple html, javascript, and stylesheets – all pretty easy and widely known technologies.

I was wondering what the security model for Dashboard widgets is. In Apple’s Dashboard Programming Guide says, in its Security section:

sing certain resources within your widget may pose a security risk for users. In these circumstances, the widget security model provides a method for Dashboard to be aware that your widget may perform insecure tasks. If your widget is working with resources that pose a security threat to the user, the user must approve before access is granted.

Dashboard allows you to “declare your intentions” when you:

09-28-08.MP3 13775-KmailNotify-0.1.theme.bz2 20080923-earthDEV.sql 27503-iKmailNotify16.tar.gz 28165-cm81.skz 32434-justmail.tar.gz 47469-glassartamarok2.tar.gz 78061-plasma-applet-quicklauncher-0.4.tar.gz 78494-prettytasks-0.0.0.3.tar.gz 80.248.217.41.sql.zip 84618-qalculate_applet-0.3.tar.gz Abel Herrero.zip addcommentmacro(2).zip addcommentmacro.zip adobeair_linux_b1_091508.bin adsense-manager.zip ajaxContact.zip ajax_jquery_form.zip ajax-validation.php alps_problem.png arrow1.6.jpg ati-driver-installer-8-8-x86.x86_64.run autoboss_v2_pc_m7shsh_com.rar automattic_latex_fix.diff avatar.jpeg bbctransmission(2).diff bbctransmission.diff boundaries.png Brief for Copy of Specialoffers – Paperdeals.co.uk.ppt btn_donateCC_LG.gif carp_le_4.zip casey-anthony.png cenew(2).sql cenew(3).sql cenew.sql cenew.sql.zip Change to SpecialOffers.org.uk – 18th Sept 2008.ppt chrisfer_peakstocksdev.sql chrisfer_wrdp1.sql col_cats.tgz Contractor Agreement.zip dbKalendar.skz delic_news_source.zip domains thorsten.ods earth.1.png earth_new.png Earth.org Tech Architecture.pdf earth.png earth_user.png edu-best-moments-03-07.iso emailnotify_v0.3.1.tar embed_code.diff error_log export_recent_to_flickr.phps Fax_5804327e9_071618086384_20081021_1053.pdf Fax_5804327e9_071618086384_20081021105525.pdf FirePHPLibrary-FirePHPCore-0.1.2.tar.gz footer_blank.png fseidels-btsco-05a.tar.bz2 game.html game_manager_db.png get-custom.zip Harvest.wdgt.zip index(2).php index.php JanBorsodi.zip jquery-1.2.6.min.js KARTA.jpg kathynida.com.wordpress.2008-10-03.xml kde3to4-0.0.4.tar.gz keys live-search-popup.1.4.7.zip logo.png logo-small.png lwp-15.0.skz MailWidget209.zip multipage.zip munin.conf onenews.zip oren_converted.txt oren_sreebnys_weblog_keywords_konverted1.txt oren_sreebnys_weblog_keywords_konverted.txt oren_sreebnys_weblog.txt pages.rar Paper-Deals-colour-header.jpg paper-deals-content.jpg Paper-Deals.jpg PaperDeals-Logo.jpg Paper-Deals-white-header.jpg pd_banner.jpg pd_content_banner.jpg peerreviewplugin.zip php_mailing.pdf php.zip pmh2421a_080824 pmh2421a_080824.txt Products.CacheSetup-1.2.tar.gz prologue_internal.tar.gz promotionalcodes.rar promotio_promotionalcodes(2).sql promotio_promotionalcodes.sql publickey r3r_lydd(2).zip r3r_lydd.zip r3r.rar R3R.rar r3rwordpress.sql Rogon — Videoportal — Table Template — 080915 1725 — SR.rar sampleetdom.zip sample PDF for Thorsten.pdf Sample PDF( Page 58).pdf sandbox_comments.diff Sandbox.zip sandpress.zip screenie.jpeg screen.png screenshot35.png search_with_embedded_video.png site-lisp.zip snapshot1.png specialoffers(2).sql special_offers_button_anim2.rar specialoffers.org.uk_2008.10.07_04.42 special_offers.rar specialoffers.sql SQL – Joe Celko’s Trees And Hierarchies in SQL for Smarties.pdf tmp.txt To Do 2.1.zip transmission_cache.diff twit3.gif twit5.gif types.rar validation.warnings.fixes.8841.patch widgetbox.diff WIP.jpg wordpress.2008-09-19.xml wordpress.2008-09-25.xml wordpress.2008-09-28.xml wordpress.2008-09-29.xml wordpress.2008-09-30(2).xml wordpress.2008-09-30(3).xml wordpress.2008-09-30.xml wordpress.2008-10-01(2).xml wordpress.2008-10-01(3).xml wordpress.2008-10-01.xml wordpress.2008-10-02.xml wordpress.2008-10-06.xml wordpress.2008-10-11.xml wordpress.2008-10-16.xml wordpress.2008-10-16.zip wordpress.2008-10-19.xml wordpress.2008-10-21.xml wordpress.2008-10-23.xml wordpress-2.6.2(2).tar.gz wordpress-2.6.2.tar.gz wordpress-mu-2.6.1.tar.gz wordpress-stats.sql wordpress-test(2).sql wordpress-test.sql wordpress_wxr.xml wp-1.xml wp-2.xml wp-3.xml wp-4.xml wp-5.xml wp-6.xml wp-7.xml wp-8.xml wp-content wp-includes_update.patch wp-maclean.tgz wp-tag-a-e.xml wp-tag-f-i.xml wp-tag-j-m.xml wp-tag-m-q.xml wp-tag-r-t.xml wp-tag-u-z.xml wp-wbx-widget.php xmlrpc-2.2.1.tar.gz Access files outside of your widget bundle
09-28-08.MP3 13775-KmailNotify-0.1.theme.bz2 20080923-earthDEV.sql 27503-iKmailNotify16.tar.gz 28165-cm81.skz 32434-justmail.tar.gz 47469-glassartamarok2.tar.gz 78061-plasma-applet-quicklauncher-0.4.tar.gz 78494-prettytasks-0.0.0.3.tar.gz 80.248.217.41.sql.zip 84618-qalculate_applet-0.3.tar.gz Abel Herrero.zip addcommentmacro(2).zip addcommentmacro.zip adobeair_linux_b1_091508.bin adsense-manager.zip ajaxContact.zip ajax_jquery_form.zip ajax-validation.php alps_problem.png arrow1.6.jpg ati-driver-installer-8-8-x86.x86_64.run autoboss_v2_pc_m7shsh_com.rar automattic_latex_fix.diff avatar.jpeg bbctransmission(2).diff bbctransmission.diff boundaries.png Brief for Copy of Specialoffers – Paperdeals.co.uk.ppt btn_donateCC_LG.gif carp_le_4.zip casey-anthony.png cenew(2).sql cenew(3).sql cenew.sql cenew.sql.zip Change to SpecialOffers.org.uk – 18th Sept 2008.ppt chrisfer_peakstocksdev.sql chrisfer_wrdp1.sql col_cats.tgz Contractor Agreement.zip dbKalendar.skz delic_news_source.zip domains thorsten.ods earth.1.png earth_new.png Earth.org Tech Architecture.pdf earth.png earth_user.png edu-best-moments-03-07.iso emailnotify_v0.3.1.tar embed_code.diff error_log export_recent_to_flickr.phps Fax_5804327e9_071618086384_20081021_1053.pdf Fax_5804327e9_071618086384_20081021105525.pdf FirePHPLibrary-FirePHPCore-0.1.2.tar.gz footer_blank.png fseidels-btsco-05a.tar.bz2 game.html game_manager_db.png get-custom.zip Harvest.wdgt.zip index(2).php index.php JanBorsodi.zip jquery-1.2.6.min.js KARTA.jpg kathynida.com.wordpress.2008-10-03.xml kde3to4-0.0.4.tar.gz keys live-search-popup.1.4.7.zip logo.png logo-small.png lwp-15.0.skz MailWidget209.zip multipage.zip munin.conf onenews.zip oren_converted.txt oren_sreebnys_weblog_keywords_konverted1.txt oren_sreebnys_weblog_keywords_konverted.txt oren_sreebnys_weblog.txt pages.rar Paper-Deals-colour-header.jpg paper-deals-content.jpg Paper-Deals.jpg PaperDeals-Logo.jpg Paper-Deals-white-header.jpg pd_banner.jpg pd_content_banner.jpg peerreviewplugin.zip php_mailing.pdf php.zip pmh2421a_080824 pmh2421a_080824.txt Products.CacheSetup-1.2.tar.gz prologue_internal.tar.gz promotionalcodes.rar promotio_promotionalcodes(2).sql promotio_promotionalcodes.sql publickey r3r_lydd(2).zip r3r_lydd.zip r3r.rar R3R.rar r3rwordpress.sql Rogon — Videoportal — Table Template — 080915 1725 — SR.rar sampleetdom.zip sample PDF for Thorsten.pdf Sample PDF( Page 58).pdf sandbox_comments.diff Sandbox.zip sandpress.zip screenie.jpeg screen.png screenshot35.png search_with_embedded_video.png site-lisp.zip snapshot1.png specialoffers(2).sql special_offers_button_anim2.rar specialoffers.org.uk_2008.10.07_04.42 special_offers.rar specialoffers.sql SQL – Joe Celko’s Trees And Hierarchies in SQL for Smarties.pdf tmp.txt To Do 2.1.zip transmission_cache.diff twit3.gif twit5.gif types.rar validation.warnings.fixes.8841.patch widgetbox.diff WIP.jpg wordpress.2008-09-19.xml wordpress.2008-09-25.xml wordpress.2008-09-28.xml wordpress.2008-09-29.xml wordpress.2008-09-30(2).xml wordpress.2008-09-30(3).xml wordpress.2008-09-30.xml wordpress.2008-10-01(2).xml wordpress.2008-10-01(3).xml wordpress.2008-10-01.xml wordpress.2008-10-02.xml wordpress.2008-10-06.xml wordpress.2008-10-11.xml wordpress.2008-10-16.xml wordpress.2008-10-16.zip wordpress.2008-10-19.xml wordpress.2008-10-21.xml wordpress.2008-10-23.xml wordpress-2.6.2(2).tar.gz wordpress-2.6.2.tar.gz wordpress-mu-2.6.1.tar.gz wordpress-stats.sql wordpress-test(2).sql wordpress-test.sql wordpress_wxr.xml wp-1.xml wp-2.xml wp-3.xml wp-4.xml wp-5.xml wp-6.xml wp-7.xml wp-8.xml wp-content wp-includes_update.patch wp-maclean.tgz wp-tag-a-e.xml wp-tag-f-i.xml wp-tag-j-m.xml wp-tag-m-q.xml wp-tag-r-t.xml wp-tag-u-z.xml wp-wbx-widget.php xmlrpc-2.2.1.tar.gz Use a Web Kit or standard browser plug-in
09-28-08.MP3 13775-KmailNotify-0.1.theme.bz2 20080923-earthDEV.sql 27503-iKmailNotify16.tar.gz 28165-cm81.skz 32434-justmail.tar.gz 47469-glassartamarok2.tar.gz 78061-plasma-applet-quicklauncher-0.4.tar.gz 78494-prettytasks-0.0.0.3.tar.gz 80.248.217.41.sql.zip 84618-qalculate_applet-0.3.tar.gz Abel Herrero.zip addcommentmacro(2).zip addcommentmacro.zip adobeair_linux_b1_091508.bin adsense-manager.zip ajaxContact.zip ajax_jquery_form.zip ajax-validation.php alps_problem.png arrow1.6.jpg ati-driver-installer-8-8-x86.x86_64.run autoboss_v2_pc_m7shsh_com.rar automattic_latex_fix.diff avatar.jpeg bbctransmission(2).diff bbctransmission.diff boundaries.png Brief for Copy of Specialoffers – Paperdeals.co.uk.ppt btn_donateCC_LG.gif carp_le_4.zip casey-anthony.png cenew(2).sql cenew(3).sql cenew.sql cenew.sql.zip Change to SpecialOffers.org.uk – 18th Sept 2008.ppt chrisfer_peakstocksdev.sql chrisfer_wrdp1.sql col_cats.tgz Contractor Agreement.zip dbKalendar.skz delic_news_source.zip domains thorsten.ods earth.1.png earth_new.png Earth.org Tech Architecture.pdf earth.png earth_user.png edu-best-moments-03-07.iso emailnotify_v0.3.1.tar embed_code.diff error_log export_recent_to_flickr.phps Fax_5804327e9_071618086384_20081021_1053.pdf Fax_5804327e9_071618086384_20081021105525.pdf FirePHPLibrary-FirePHPCore-0.1.2.tar.gz footer_blank.png fseidels-btsco-05a.tar.bz2 game.html game_manager_db.png get-custom.zip Harvest.wdgt.zip index(2).php index.php JanBorsodi.zip jquery-1.2.6.min.js KARTA.jpg kathynida.com.wordpress.2008-10-03.xml kde3to4-0.0.4.tar.gz keys live-search-popup.1.4.7.zip logo.png logo-small.png lwp-15.0.skz MailWidget209.zip multipage.zip munin.conf onenews.zip oren_converted.txt oren_sreebnys_weblog_keywords_konverted1.txt oren_sreebnys_weblog_keywords_konverted.txt oren_sreebnys_weblog.txt pages.rar Paper-Deals-colour-header.jpg paper-deals-content.jpg Paper-Deals.jpg PaperDeals-Logo.jpg Paper-Deals-white-header.jpg pd_banner.jpg pd_content_banner.jpg peerreviewplugin.zip php_mailing.pdf php.zip pmh2421a_080824 pmh2421a_080824.txt Products.CacheSetup-1.2.tar.gz prologue_internal.tar.gz promotionalcodes.rar promotio_promotionalcodes(2).sql promotio_promotionalcodes.sql publickey r3r_lydd(2).zip r3r_lydd.zip r3r.rar R3R.rar r3rwordpress.sql Rogon — Videoportal — Table Template — 080915 1725 — SR.rar sampleetdom.zip sample PDF for Thorsten.pdf Sample PDF( Page 58).pdf sandbox_comments.diff Sandbox.zip sandpress.zip screenie.jpeg screen.png screenshot35.png search_with_embedded_video.png site-lisp.zip snapshot1.png specialoffers(2).sql special_offers_button_anim2.rar specialoffers.org.uk_2008.10.07_04.42 special_offers.rar specialoffers.sql SQL – Joe Celko’s Trees And Hierarchies in SQL for Smarties.pdf tmp.txt To Do 2.1.zip transmission_cache.diff twit3.gif twit5.gif types.rar validation.warnings.fixes.8841.patch widgetbox.diff WIP.jpg wordpress.2008-09-19.xml wordpress.2008-09-25.xml wordpress.2008-09-28.xml wordpress.2008-09-29.xml wordpress.2008-09-30(2).xml wordpress.2008-09-30(3).xml wordpress.2008-09-30.xml wordpress.2008-10-01(2).xml wordpress.2008-10-01(3).xml wordpress.2008-10-01.xml wordpress.2008-10-02.xml wordpress.2008-10-06.xml wordpress.2008-10-11.xml wordpress.2008-10-16.xml wordpress.2008-10-16.zip wordpress.2008-10-19.xml wordpress.2008-10-21.xml wordpress.2008-10-23.xml wordpress-2.6.2(2).tar.gz wordpress-2.6.2.tar.gz wordpress-mu-2.6.1.tar.gz wordpress-stats.sql wordpress-test(2).sql wordpress-test.sql wordpress_wxr.xml wp-1.xml wp-2.xml wp-3.xml wp-4.xml wp-5.xml wp-6.xml wp-7.xml wp-8.xml wp-content wp-includes_update.patch wp-maclean.tgz wp-tag-a-e.xml wp-tag-f-i.xml wp-tag-j-m.xml wp-tag-m-q.xml wp-tag-r-t.xml wp-tag-u-z.xml wp-wbx-widget.php xmlrpc-2.2.1.tar.gz Access network resources
09-28-08.MP3 13775-KmailNotify-0.1.theme.bz2 20080923-earthDEV.sql 27503-iKmailNotify16.tar.gz 28165-cm81.skz 32434-justmail.tar.gz 47469-glassartamarok2.tar.gz 78061-plasma-applet-quicklauncher-0.4.tar.gz 78494-prettytasks-0.0.0.3.tar.gz 80.248.217.41.sql.zip 84618-qalculate_applet-0.3.tar.gz Abel Herrero.zip addcommentmacro(2).zip addcommentmacro.zip adobeair_linux_b1_091508.bin adsense-manager.zip ajaxContact.zip ajax_jquery_form.zip ajax-validation.php alps_problem.png arrow1.6.jpg ati-driver-installer-8-8-x86.x86_64.run autoboss_v2_pc_m7shsh_com.rar automattic_latex_fix.diff avatar.jpeg bbctransmission(2).diff bbctransmission.diff boundaries.png Brief for Copy of Specialoffers – Paperdeals.co.uk.ppt btn_donateCC_LG.gif carp_le_4.zip casey-anthony.png cenew(2).sql cenew(3).sql cenew.sql cenew.sql.zip Change to SpecialOffers.org.uk – 18th Sept 2008.ppt chrisfer_peakstocksdev.sql chrisfer_wrdp1.sql col_cats.tgz Contractor Agreement.zip dbKalendar.skz delic_news_source.zip domains thorsten.ods earth.1.png earth_new.png Earth.org Tech Architecture.pdf earth.png earth_user.png edu-best-moments-03-07.iso emailnotify_v0.3.1.tar embed_code.diff error_log export_recent_to_flickr.phps Fax_5804327e9_071618086384_20081021_1053.pdf Fax_5804327e9_071618086384_20081021105525.pdf FirePHPLibrary-FirePHPCore-0.1.2.tar.gz footer_blank.png fseidels-btsco-05a.tar.bz2 game.html game_manager_db.png get-custom.zip Harvest.wdgt.zip index(2).php index.php JanBorsodi.zip jquery-1.2.6.min.js KARTA.jpg kathynida.com.wordpress.2008-10-03.xml kde3to4-0.0.4.tar.gz keys live-search-popup.1.4.7.zip logo.png logo-small.png lwp-15.0.skz MailWidget209.zip multipage.zip munin.conf onenews.zip oren_converted.txt oren_sreebnys_weblog_keywords_konverted1.txt oren_sreebnys_weblog_keywords_konverted.txt oren_sreebnys_weblog.txt pages.rar Paper-Deals-colour-header.jpg paper-deals-content.jpg Paper-Deals.jpg PaperDeals-Logo.jpg Paper-Deals-white-header.jpg pd_banner.jpg pd_content_banner.jpg peerreviewplugin.zip php_mailing.pdf php.zip pmh2421a_080824 pmh2421a_080824.txt Products.CacheSetup-1.2.tar.gz prologue_internal.tar.gz promotionalcodes.rar promotio_promotionalcodes(2).sql promotio_promotionalcodes.sql publickey r3r_lydd(2).zip r3r_lydd.zip r3r.rar R3R.rar r3rwordpress.sql Rogon — Videoportal — Table Template — 080915 1725 — SR.rar sampleetdom.zip sample PDF for Thorsten.pdf Sample PDF( Page 58).pdf sandbox_comments.diff Sandbox.zip sandpress.zip screenie.jpeg screen.png screenshot35.png search_with_embedded_video.png site-lisp.zip snapshot1.png specialoffers(2).sql special_offers_button_anim2.rar specialoffers.org.uk_2008.10.07_04.42 special_offers.rar specialoffers.sql SQL – Joe Celko’s Trees And Hierarchies in SQL for Smarties.pdf tmp.txt To Do 2.1.zip transmission_cache.diff twit3.gif twit5.gif types.rar validation.warnings.fixes.8841.patch widgetbox.diff WIP.jpg wordpress.2008-09-19.xml wordpress.2008-09-25.xml wordpress.2008-09-28.xml wordpress.2008-09-29.xml wordpress.2008-09-30(2).xml wordpress.2008-09-30(3).xml wordpress.2008-09-30.xml wordpress.2008-10-01(2).xml wordpress.2008-10-01(3).xml wordpress.2008-10-01.xml wordpress.2008-10-02.xml wordpress.2008-10-06.xml wordpress.2008-10-11.xml wordpress.2008-10-16.xml wordpress.2008-10-16.zip wordpress.2008-10-19.xml wordpress.2008-10-21.xml wordpress.2008-10-23.xml wordpress-2.6.2(2).tar.gz wordpress-2.6.2.tar.gz wordpress-mu-2.6.1.tar.gz wordpress-stats.sql wordpress-test(2).sql wordpress-test.sql wordpress_wxr.xml wp-1.xml wp-2.xml wp-3.xml wp-4.xml wp-5.xml wp-6.xml wp-7.xml wp-8.xml wp-content wp-includes_update.patch wp-maclean.tgz wp-tag-a-e.xml wp-tag-f-i.xml wp-tag-j-m.xml wp-tag-m-q.xml wp-tag-r-t.xml wp-tag-u-z.xml wp-wbx-widget.php xmlrpc-2.2.1.tar.gz Run a Java applet
09-28-08.MP3 13775-KmailNotify-0.1.theme.bz2 20080923-earthDEV.sql 27503-iKmailNotify16.tar.gz 28165-cm81.skz 32434-justmail.tar.gz 47469-glassartamarok2.tar.gz 78061-plasma-applet-quicklauncher-0.4.tar.gz 78494-prettytasks-0.0.0.3.tar.gz 80.248.217.41.sql.zip 84618-qalculate_applet-0.3.tar.gz Abel Herrero.zip addcommentmacro(2).zip addcommentmacro.zip adobeair_linux_b1_091508.bin adsense-manager.zip ajaxContact.zip ajax_jquery_form.zip ajax-validation.php alps_problem.png arrow1.6.jpg ati-driver-installer-8-8-x86.x86_64.run autoboss_v2_pc_m7shsh_com.rar automattic_latex_fix.diff avatar.jpeg bbctransmission(2).diff bbctransmission.diff boundaries.png Brief for Copy of Specialoffers – Paperdeals.co.uk.ppt btn_donateCC_LG.gif carp_le_4.zip casey-anthony.png cenew(2).sql cenew(3).sql cenew.sql cenew.sql.zip Change to SpecialOffers.org.uk – 18th Sept 2008.ppt chrisfer_peakstocksdev.sql chrisfer_wrdp1.sql col_cats.tgz Contractor Agreement.zip dbKalendar.skz delic_news_source.zip domains thorsten.ods earth.1.png earth_new.png Earth.org Tech Architecture.pdf earth.png earth_user.png edu-best-moments-03-07.iso emailnotify_v0.3.1.tar embed_code.diff error_log export_recent_to_flickr.phps Fax_5804327e9_071618086384_20081021_1053.pdf Fax_5804327e9_071618086384_20081021105525.pdf FirePHPLibrary-FirePHPCore-0.1.2.tar.gz footer_blank.png fseidels-btsco-05a.tar.bz2 game.html game_manager_db.png get-custom.zip Harvest.wdgt.zip index(2).php index.php JanBorsodi.zip jquery-1.2.6.min.js KARTA.jpg kathynida.com.wordpress.2008-10-03.xml kde3to4-0.0.4.tar.gz keys live-search-popup.1.4.7.zip logo.png logo-small.png lwp-15.0.skz MailWidget209.zip multipage.zip munin.conf onenews.zip oren_converted.txt oren_sreebnys_weblog_keywords_konverted1.txt oren_sreebnys_weblog_keywords_konverted.txt oren_sreebnys_weblog.txt pages.rar Paper-Deals-colour-header.jpg paper-deals-content.jpg Paper-Deals.jpg PaperDeals-Logo.jpg Paper-Deals-white-header.jpg pd_banner.jpg pd_content_banner.jpg peerreviewplugin.zip php_mailing.pdf php.zip pmh2421a_080824 pmh2421a_080824.txt Products.CacheSetup-1.2.tar.gz prologue_internal.tar.gz promotionalcodes.rar promotio_promotionalcodes(2).sql promotio_promotionalcodes.sql publickey r3r_lydd(2).zip r3r_lydd.zip r3r.rar R3R.rar r3rwordpress.sql Rogon — Videoportal — Table Template — 080915 1725 — SR.rar sampleetdom.zip sample PDF for Thorsten.pdf Sample PDF( Page 58).pdf sandbox_comments.diff Sandbox.zip sandpress.zip screenie.jpeg screen.png screenshot35.png search_with_embedded_video.png site-lisp.zip snapshot1.png specialoffers(2).sql special_offers_button_anim2.rar specialoffers.org.uk_2008.10.07_04.42 special_offers.rar specialoffers.sql SQL – Joe Celko’s Trees And Hierarchies in SQL for Smarties.pdf tmp.txt To Do 2.1.zip transmission_cache.diff twit3.gif twit5.gif types.rar validation.warnings.fixes.8841.patch widgetbox.diff WIP.jpg wordpress.2008-09-19.xml wordpress.2008-09-25.xml wordpress.2008-09-28.xml wordpress.2008-09-29.xml wordpress.2008-09-30(2).xml wordpress.2008-09-30(3).xml wordpress.2008-09-30.xml wordpress.2008-10-01(2).xml wordpress.2008-10-01(3).xml wordpress.2008-10-01.xml wordpress.2008-10-02.xml wordpress.2008-10-06.xml wordpress.2008-10-11.xml wordpress.2008-10-16.xml wordpress.2008-10-16.zip wordpress.2008-10-19.xml wordpress.2008-10-21.xml wordpress.2008-10-23.xml wordpress-2.6.2(2).tar.gz wordpress-2.6.2.tar.gz wordpress-mu-2.6.1.tar.gz wordpress-stats.sql wordpress-test(2).sql wordpress-test.sql wordpress_wxr.xml wp-1.xml wp-2.xml wp-3.xml wp-4.xml wp-5.xml wp-6.xml wp-7.xml wp-8.xml wp-content wp-includes_update.patch wp-maclean.tgz wp-tag-a-e.xml wp-tag-f-i.xml wp-tag-j-m.xml wp-tag-m-q.xml wp-tag-r-t.xml wp-tag-u-z.xml wp-wbx-widget.php xmlrpc-2.2.1.tar.gz Run a command-line utility
09-28-08.MP3 13775-KmailNotify-0.1.theme.bz2 20080923-earthDEV.sql 27503-iKmailNotify16.tar.gz 28165-cm81.skz 32434-justmail.tar.gz 47469-glassartamarok2.tar.gz 78061-plasma-applet-quicklauncher-0.4.tar.gz 78494-prettytasks-0.0.0.3.tar.gz 80.248.217.41.sql.zip 84618-qalculate_applet-0.3.tar.gz Abel Herrero.zip addcommentmacro(2).zip addcommentmacro.zip adobeair_linux_b1_091508.bin adsense-manager.zip ajaxContact.zip ajax_jquery_form.zip ajax-validation.php alps_problem.png arrow1.6.jpg ati-driver-installer-8-8-x86.x86_64.run autoboss_v2_pc_m7shsh_com.rar automattic_latex_fix.diff avatar.jpeg bbctransmission(2).diff bbctransmission.diff boundaries.png Brief for Copy of Specialoffers – Paperdeals.co.uk.ppt btn_donateCC_LG.gif carp_le_4.zip casey-anthony.png cenew(2).sql cenew(3).sql cenew.sql cenew.sql.zip Change to SpecialOffers.org.uk – 18th Sept 2008.ppt chrisfer_peakstocksdev.sql chrisfer_wrdp1.sql col_cats.tgz Contractor Agreement.zip dbKalendar.skz delic_news_source.zip domains thorsten.ods earth.1.png earth_new.png Earth.org Tech Architecture.pdf earth.png earth_user.png edu-best-moments-03-07.iso emailnotify_v0.3.1.tar embed_code.diff error_log export_recent_to_flickr.phps Fax_5804327e9_071618086384_20081021_1053.pdf Fax_5804327e9_071618086384_20081021105525.pdf FirePHPLibrary-FirePHPCore-0.1.2.tar.gz footer_blank.png fseidels-btsco-05a.tar.bz2 game.html game_manager_db.png get-custom.zip Harvest.wdgt.zip index(2).php index.php JanBorsodi.zip jquery-1.2.6.min.js KARTA.jpg kathynida.com.wordpress.2008-10-03.xml kde3to4-0.0.4.tar.gz keys live-search-popup.1.4.7.zip logo.png logo-small.png lwp-15.0.skz MailWidget209.zip multipage.zip munin.conf onenews.zip oren_converted.txt oren_sreebnys_weblog_keywords_konverted1.txt oren_sreebnys_weblog_keywords_konverted.txt oren_sreebnys_weblog.txt pages.rar Paper-Deals-colour-header.jpg paper-deals-content.jpg Paper-Deals.jpg PaperDeals-Logo.jpg Paper-Deals-white-header.jpg pd_banner.jpg pd_content_banner.jpg peerreviewplugin.zip php_mailing.pdf php.zip pmh2421a_080824 pmh2421a_080824.txt Products.CacheSetup-1.2.tar.gz prologue_internal.tar.gz promotionalcodes.rar promotio_promotionalcodes(2).sql promotio_promotionalcodes.sql publickey r3r_lydd(2).zip r3r_lydd.zip r3r.rar R3R.rar r3rwordpress.sql Rogon — Videoportal — Table Template — 080915 1725 — SR.rar sampleetdom.zip sample PDF for Thorsten.pdf Sample PDF( Page 58).pdf sandbox_comments.diff Sandbox.zip sandpress.zip screenie.jpeg screen.png screenshot35.png search_with_embedded_video.png site-lisp.zip snapshot1.png specialoffers(2).sql special_offers_button_anim2.rar specialoffers.org.uk_2008.10.07_04.42 special_offers.rar specialoffers.sql SQL – Joe Celko’s Trees And Hierarchies in SQL for Smarties.pdf tmp.txt To Do 2.1.zip transmission_cache.diff twit3.gif twit5.gif types.rar validation.warnings.fixes.8841.patch widgetbox.diff WIP.jpg wordpress.2008-09-19.xml wordpress.2008-09-25.xml wordpress.2008-09-28.xml wordpress.2008-09-29.xml wordpress.2008-09-30(2).xml wordpress.2008-09-30(3).xml wordpress.2008-09-30.xml wordpress.2008-10-01(2).xml wordpress.2008-10-01(3).xml wordpress.2008-10-01.xml wordpress.2008-10-02.xml wordpress.2008-10-06.xml wordpress.2008-10-11.xml wordpress.2008-10-16.xml wordpress.2008-10-16.zip wordpress.2008-10-19.xml wordpress.2008-10-21.xml wordpress.2008-10-23.xml wordpress-2.6.2(2).tar.gz wordpress-2.6.2.tar.gz wordpress-mu-2.6.1.tar.gz wordpress-stats.sql wordpress-test(2).sql wordpress-test.sql wordpress_wxr.xml wp-1.xml wp-2.xml wp-3.xml wp-4.xml wp-5.xml wp-6.xml wp-7.xml wp-8.xml wp-content wp-includes_update.patch wp-maclean.tgz wp-tag-a-e.xml wp-tag-f-i.xml wp-tag-j-m.xml wp-tag-m-q.xml wp-tag-r-t.xml wp-tag-u-z.xml wp-wbx-widget.php xmlrpc-2.2.1.tar.gz Using a widget plug-in

It also says:

If any of these keys are present in your information property list file and it’s located outside of /Library/Widgets/, a dialog is presented to users upon your widget’s first load. The dialog asks them whether or not they want to use your widget. If the request is approved, your widget is loaded and granted access to the resources that it requested. The request is not repeated on subsequent loads if approved. If the request is denied, your widget is not allowed to load. If your widget is loaded again, the request is made to the user again.

If you attempt to use any of these resources without first specifying them in your widget’s information property list file, your attempt fails.

So I loaded a sample widget from Apple’s Developer tools called Which – it gives you a little box that calls the command line which utility (a unix command that shows you where a given program resides in your file system).

I installed it on both my Powerbook and my iMac – and got no warning whatsoever.

Dan who sits in a cubicle outside my office, tried installing a widget called QuickCommand, which gives you a basic terminal environment in the Dashboard and allows you to store four basic unix commands to execute in that terminal. Dan reported getting a message on installation that said:

QuickCmd is being run for the first time. Are you sure you want to run this widget?”
[Decline] [Accept]

I tried downloading the widget and again, got no such message.

But even if everybody saw the warning, there is no wording in there about the fact that this widget contains commands that could cause security risks, nor anything about what the risks of installing a random widget might be.

It would be trivial to write a widget that appeared to do something useful while executing all sorts of unix commands – like searching your disk for credit card numbers and passwords and forwarding them on to random email addresses.

Am I the only one who’s worried about the security implications of Dashboard? I expect it’s entirely possible that we’ll see the kinds of widespread exploits on the Mac platform that we’ve been fighting for years on Windows.

Sigh.

Latest listening

Published May 5, 2005 Music Leave a Comment

Some music that’s been getting regular rotations in my life lately:


“Petra Haden Sings: The Who Sell Out” (Petra Haden)

“Petra Haden Sings: The Who Sell Out” (Petra Haden) Petra, daughter of one of my favorite bassists Charlie Haden, recreates the old Who album from my youth using only her voice for all the parts. Who ever thought they’d hear I Can See For Miles sung acappella? Great fun!

Richard Thompson – 1000 Years of Popular Music

The idea for this project came from Playboy Magazine – I was asked by submit a list, in late 1999, of the ten greatest songs of the Millenium. Hah! I thought, hypocrites – they don’t mean millennium, they mean twenty years – I’ll call their bluff and do a real thousand-year selection. My list was similar to the choices here on this CD, starting in about 1068, and winding slowly up to 2001. That they failed to print my list among others submitted by rock’s luminaries, is but a slight wound – it gave me the idea for this show, which has been performed occasionally, and will hopefully receive a few more airings. The idea is that Popular Music comes in many forms, through many ages, and as older forms get superceded, sometimes the baby is thrown out with the bathwater – great ideas, tunes, rhythms, styles, get left in the dust of history, so let’s have a look at what’s back there, and see if still does the trick. I am unqualified to sing 98% of the material here, but me having a go could be considered part of the fun. Also, trying to render an Arthur Sullivan orchestration with acoustic guitar and snare drum is pretty desperate stuff, but may, at a stretch, be thought “charming.” What appears on this CD is a performance, rather than a chronological, distillation of several different shows – hence some gaps in the 17th and 18th centuries, and too much weight on Music Hall and Rock & Roll – we just felt that some performances weren’t quite captured – perhaps on Part Two?”
- Richard Thompson

Richard Thompson Band – More Guitar

A ferocious recording of RT with (arguably) his best electric band – with Clive Gregson, Christine Collister, John Kirkpatrick, and Kenny Aronoff on drums. All the notes say is that it was recorded live, direct to digital 2-track in 1988. I’m pretty sure that this is a show I saw at the Bayou in Washington, DC that was broadcast live on WHFS. RT at his most wildly chromatic and inventive and the band rocks unbelievably hard.

Safari on Tiger – not my favorite so far

Published May 4, 2005 Technology Leave a Comment

The new version of Safari that comes with Mac OS 10.4 has been giving me (and lots of other people) problems when trying to use it with pages authenticated by UW NetID (via our use of the PubCookie web authentication software).

Because of that I switched back to Firefox as my main browser, and I also notice that FF seems much faster than Safari.

I don’t find having a built-in RSS reader in the browser enough of a compelling reason to use a browser that breaks on lots of pages. I’m plenty happy using Bloglines to read my RSS feeds.

I know the C&C security middleware team is busy trying to resolve the problems with Safari and PubCookie – maybe this will get better over time.

Safari on Tiger – not my favorite so far

Published May 4, 2005 Technology Leave a Comment

The new version of Safari that comes with Mac OS 10.4 has been giving me (and lots of other people) problems when trying to use it with pages authenticated by UW NetID (via our use of the PubCookie web authentication software).

Because of that I switched back to Firefox as my main browser, and I also notice that FF seems much faster than Safari.

I don’t find having a built-in RSS reader in the browser enough of a compelling reason to use a browser that breaks on lots of pages. I’m plenty happy using Bloglines to read my RSS feeds.

I know the C&C security middleware team is busy trying to resolve the problems with Safari and PubCookie – maybe this will get better over time.

Desktop pricing

Published May 4, 2005 Technology Leave a Comment

I’m getting ready to order a new desktop computer, so I was pleased to hear that Apple yesterday bumped up the G5 iMac processor speeds a notch, included gigabit Ethernet, 802.11g, Bluetooth and bigger hard drives. No FireWire 800 yet, though.

Still, I thought I’d do a bit of comparison shopping, and here’s what I found out.

The 20 inch G5 iMac, with a 2GHz G5 processor (fastest available), 2 gigabytes of memory, 250 GB disk, and a wireless keyboard and mouse, prices out at $2,180 (that’s without AppleCare).

A Dell OptiPlex 170L (which I figured is conceptually similar to the iMac, not being the top high-tech performer of their line), with a 3.2 GHz P4 processor (fastest available), Windows XP Pro, 2 GB of memory, a 16X DVD+/-RW, a 160 GB disk (largest available on this model), and a 19 inch digital flat panel comes out to be $2,017.

That’s pretty close. But the Dell doesn’t come with a wide format screen, has slower networking, no wireless keyboard, less disk, no wireless networking or Bluetooth or a firewire interface.

I don’t think I buy the argument that Apple is more expensive these days. While it’s true that you can’t get Macs for the complete bargain basement rates that you can buy Intel boxes for (except the Mac Mini), by the time you get all the add-ons you need to be really functional the iMac looks like the clear value winner here.

Desktop pricing

Published May 4, 2005 Technology Comment

I’m getting ready to order a new desktop computer, so I was pleased to hear that Apple yesterday bumped up the G5 iMac processor speeds a notch, included gigabit Ethernet, 802.11g, Bluetooth and bigger hard drives. No FireWire 800 yet, though.

Still, I thought I’d do a bit of comparison shopping, and here’s what I found out.

The 20 inch G5 iMac, with a 2GHz G5 processor (fastest available), 2 gigabytes of memory, 250 GB disk, and a wireless keyboard and mouse, prices out at $2,180 (that’s without AppleCare).

A Dell OptiPlex 170L (which I figured is conceptually similar to the iMac, not being the top high-tech performer of their line), with a 3.2 GHz P4 processor (fastest available), Windows XP Pro, 2 GB of memory, a 16X DVD+/-RW, a 160 GB disk (largest available on this model), and a 19 inch digital flat panel comes out to be $2,017.

That’s pretty close. But the Dell doesn’t come with a wide format screen, has slower networking, no wireless keyboard, less disk, no wireless networking or Bluetooth or a firewire interface.

I don’t think I buy the argument that Apple is more expensive these days. While it’s true that you can’t get Macs for the complete bargain basement rates that you can buy Intel boxes for (except the Mac Mini), by the time you get all the add-ons you need to be really functional the iMac looks like the clear value winner here.

Why do they (Apple) do this?

Published May 3, 2005 Technology Leave a Comment

I just upgraded my work iMac to Tiger. Lo and behold, not only was the default browser reset from Firefox to Safari, but the association for .doc files was reset from Word to Appleworks. What’s up with that?

Gruber on Adobe – jerks wearing suits

Published May 2, 2005 Technology Leave a Comment

John Gruber has an interesting article in Daring Fireball about the evolution of Adobe from a company run by passionate engineers, focused on producing great software for creative production, to one focused on sales for their own sake.

Rather than expand into untapped creative markets, Adobe seems hell-bent on expanding into the jerks-wearing-suits market, a market that’s completely at odds with the creative market they’ve dominated for nearly two decades.

Adobe’s best and core products are their oldest, and they are graphics products: PostScript, the Adobe Type Library, Illustrator, and Photoshop. InDesign is relatively new but genuinely fits alongside these products. This is why Adobe’s core customers — who still use and love many of their products — are dismayed and confused by the company’s direction in recent years. But is it any surprise that a company that is run by jerks-wearing-suits is now targeting the jerks-wearing-suits software market?

Oldies but goodies – Joel on Software

Published May 1, 2005 Technology Leave a Comment

The dog having gotten me up twice to go outside between 3:30 and 5:00 this morning (a Sunday, no less) I’ve been up for hours.

Somehow, in trying to catch up on various readings in that time I got started reading old entries from Joel on Software that I never read before – and there is some terrific reading there!

Some favorites:

The Joel Test

I’ve come up with my own, highly irresponsible, sloppy test to rate the quality of a software team. The great part about it is that it takes about 3 minutes. With all the time you save, you can go to medical school.

Painless Software Scheduling

When you start with a schedule with rough tasks and then break it down into smaller tasks, you will find that you get a different result, not just a more precise one. It is a completely different number. Why does this happen?

When you have to pick fine grained tasks, you are forcing yourself to actually figure out what steps you are going to have to take. Write subroutine foo. Create dialog such and such. Read the wawa file. These steps are easy to estimate, because you’ve written subroutines, created dialogs, and read wawa files before.

If you are sloppy, and pick big “chunky” tasks (“implement grammar correction”), then you haven’t really thought about what you are going to do. And when you haven’t thought about what you’re going to do, you just can’t know how long it will take.

Painless Functional Specifications – Part 1: Why Bother?

Programmers and software engineers who dive into code without writing a spec tend to think they’re cool gunslingers, shooting from the hip. They’re not. They are terribly unproductive. They write bad code and produce shoddy software, and they threaten their projects by taking giant risks which are completely uncalled for.

When you write a spec, you only have to communicate how the program is supposed to work once. Everybody on the team can just read the spec. The QA people read it so that they know how the program is supposed to work and they know what to test for. The marketing people use it to write their vague vaporware white papers to throw up on the web site about products that haven’t been created yet. The business development people misread it to spin weird fantasies about how the product will cure baldness and warts and stuff, but it gets investors, so that’s OK. The developers read it so that they know what code to write. The customers read it to make sure the developers are building a product that they would want to pay for. The technical writers read it and write a nice manual (that gets lost or thrown away, but that’s a different story). The managers read it so that they can look like they know what’s going on in management meetings. And so on.

Writing a spec is a great way to nail down all those irritating design decisions, large and small, that get covered up if you don’t have a spec.

Painless Functional Specifications – Part 2: What’s a Spec?

Nongoals. When you’re building a product with a team, everybody tends to have their favorite, real or imagined pet features that they just can’t live without. If you do them all, it will take infinite time and cost too much money. You have to start culling features right away, and the best way to do this is with a “nongoals” section of the spec. Things we are just not going to do. A nongoal might be a feature you won’t have (“no telepathic user interface!”) or it might be something more general (“We don’t care about performance in this release. The product can be slow, as long as it works. If we have time in version 2, we’ll optimize the slow bits.”) These nongoals are likely to cause some debate, but it’s important to get it out in the open as soon as possible.

Painless Functional Specifications – Part 3: But… How?

program managers at Microsoft gather requirements, figure out what the code is supposed to do, and write the specs. There are usually about 5 programmers for every program manager; these programmers are responsible for implementing in code what the program manager has implemented in the form of a spec. A program manager also needs to coordinate marketing, documentation, testing, localization, and all the other annoying details that programmers shouldn’t spend time on. Finally, program managers at Microsoft are supposed to have the “big picture” of the company in mind, while programmers are free to concentrate on getting their bits of code exactly right.

Program managers are invaluable. If you’ve ever complained about how programmers are more concerned with technical elegance than with marketability, you need a program manager. If you’ve ever complained about how people who can write good code never do a good job of writing good English, you need a program manager. If you’ve ever complained about how your product seems to drift without any clear direction, you need a program manager.

Painless Functional Specifications – Part 4: Tips

Rule 1: Be Funny

Yep, rule number one in tricking people into reading your spec is to make the experience enjoyable.

Every time you need to tell a story about how a feature works, instead of saying:

• The user types Ctrl+N to create a new Employee table and starts entering the names of the employees.

write something like:

• Miss Piggy, poking at the keyboard with a eyeliner stick because her chubby little fingers are too fat to press individual keys, types Ctrl+N to create a new Boyfriend table and types in the single record “Kermit.”

Top Five (Wrong) Reasons You Don’t Have Testers

Software has bugs. CPUs are outrageously finicky. They absolutely refuse to deal with things that they weren’t taught to deal with explicitly, and they tend to refuse in the most childish of ways. When my laptop is away from home, it tends to crash a lot because it can’t find the network printer it’s used to finding. What a baby. It probably comes down to a single line of code somewhere with a teensy tiny almost insignificant bug in it.

Which is why you positively, absolutely, need to have a QA department. You are going to need 1 tester for every 2 programmers (more if your software needs to work under a lot of complicated configurations or operating systems). Each programmer should work closely with a single tester, throwing them private builds as often as necessary.  

The QA department should be independent and powerful, it must not report to the development team, in fact, the head of QA should have veto power over releasing any software that doesn’t meet muster.

The Guerrilla Guide to Interviewing

First of all, the #1 cardinal criteria for getting hired at Fog Creek:

Smart, and
Gets Things Done.

That’s it. That’s all we’re looking for. Memorize that. Recite it to yourself before you go to bed every night. Our goal is to hire people with aptitude, not a particular skill set. Any skill set that people can bring to the job will be technologically obsolete in a couple of years, anyway, so it’s better to hire people that are going to be able to learn any new technology rather than people who happen to know SQL programming right this minute.

At the conclusion of the interview, you have to be ready to make a sharp decision about the candidate. There are only two possible outcomes to this decision: Hire or No Hire. Turn to your computer and send immediate feedback to the recruiter. The subject line should be the name of the candidate. The first line of the email should be Hire or No Hire. Then you should spend about 2 paragraphs backing up your decision.

There is no other possible answer. Never say, “Hire, but not in my group.” This is rude and implies that the candidate is not smart enough to work with you, but maybe he’s smart enough for those losers over in that other group. If you find yourself tempted to say “Hire, but not in my group,” simply translate that mechanically to “No Hire” and you’ll be OK. Even if you have a candidate that would be brilliant at doing 1 particular thing, but wouldn’t be very good in another group, that’s a No Hire. Things change so often and so rapidly that we need people that can succeed anywhere. If for some reason you find an idiot savant that is really, really, really good at SQL but completely incapable of ever learning any other topic, No Hire. They don’t have a future at Fog Creek.
Never say “Maybe, I can’t tell.” If you can’t tell, that means No Hire. It’s really easier than you’d think. Can’t tell? Just say no! Similarly, if you are on the fence, that means No Hire. Never say, “Well, Hire, I guess, but I’m a little bit concerned about…” That’s a No Hire as well.

An important thing to remember about interviewing is this: it is much better to reject a good candidate than to accept a bad candidate. A bad candidate will cost a lot of money and effort and waste other people’s time fixing all their bugs. If you have any doubts whatsoever, No Hire.

This is great stuff – I also look forward to reading Joel’s book on UI design.

« Previous Page

subscribe

xml

Pages

Latest tweets

interesting links

What I’m listening to

 

May 2005
M T W T F S S
« Apr   Jun »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
Follow

Get every new post delivered to your Inbox.