Zope discovers a browser security hole
Zope.Org posts a security alert of concern to users of all Web applications, including Manila. We're studying it now.
We believe there is a way to work around it using the Referer attribute of an HTTP request. If you want to be safe, and you have a Manila site, either log off the site, or don't visit any sites that might not be friendly. I know that's not very helpful. We'll post more advice here as we figure it out.
Second line of defense, in your Manila site, in the Editors Only menu, click on Prefs, then Legal Tags. Make sure the <script> tag is turned off. This prevents someone from using your site to compromise your site.
Another way to defend. Use Pike to edit your site. If your home page gets overwritten, you will have a copy of the content on your workstation. Make a minor change and Save. Maybe the (so far imaginary) hacker will give up in frustration.
To EditThisPage.Com editors
Bulletin: "It's clear to me that people in the EditThisPage community would prefer if we continue to host the site, so that's what we'll do."
Honoring the excellence of EditThisPage.Com
StackFrame: Serving up information, opinion and hot-links about hard-core software development.
May snow in Teller County, Colorado.
What did you have for lunch?
Pulldowns for Manila.
UserLand's third press release
Press release: UserLand Submits SOAP 1.1 to W3C.
Of course it made it onto Yahoo too. Where else?
Oooh they're poppin up: CBS MarketWatch, CNBC.
Full quotes from Tim Bray, Paul Everitt, Fredrik Lundh, Jakob Nielsen, Tod Nielsen, Tim O'Reilly, Doc Searls, Kevin Werbach and myself.
Interesting, all the stocks listed in the press release are going down today. Hmmm. I wonder if this was a sell signal?
SOAP mail lists
On the SOAP weblog, now there's a page of mail lists that discuss XML over HTTP protocols.
On the XML-RPC mail list, Sun's Mark Baker asks why we want a spell-checker as an Internet service.
"The answer is easy," said UserLand CEO Dave Winer. "User interface matters."
(I gotta get out of press-release writing mode!)
Tom Scola: "This convinces me even more that SOAP is a protocol designed for marketing purposes rather than technical reasons."
My response: "Tom, it definitely *is* marketing."
A soldier of peace
© Copyright 1997-2005 Dave Winer. The picture at the top of the page may change from time to time. Previous graphics are archived.