Some Bits: Nelson's weblog
I hide under my computer while the world falls down around me.

Mastodon
@nelson@tech.lgbt
Linkblog
Wed 2024-04-24

TreeLink.us

SunPower big problems

Intel's new NPU

Tue 2024-04-23

Awesome Balatro

Tracker Beeper

Android Biometrics

Fri 2024-04-19

Balatro Immolate

Turning Point voting fraud

Thu 2024-04-18

Bicycles of World War II

AI-ese

Mon 2024-04-15

Butterick’s Practical Typography

Wicked Bible

Sat 2024-04-13

Normalization of Jan 6

Followgraph for Mastodon

South Yuba Canal

Fri 2024-04-12

Waffle House order marking

Wed 2024-04-10

Boy Meets Boy Meets Boys’ Love

Termux

Tue 2024-04-09

Netflitwitter

Nigeria’s Scrabble King

Search

Archives
2023
12 11 10 09 08 07
06 05 04 03 02 01

2022
12 11 10 09 08 07
06 05 04 03 02 01

2021
12 11 10 09 08 07
06 05 04 03 02 01

2020
12 11 10 09 08 07
06 05 04 03 02 01

2019
12 11 10 09 08 07
06 05 04 03 02 01

2018
12 11 10 09 08 07
06 05 04 03 02 01

2017
12 11 10 09 08 07
06 05 04 03 02 01

2016
12 11 10 09 08 07
06 05 04 03 02 01

2015
12 11 10 09 08 07
06 05 04 03 02 01

2014
12 11 10 09 08 07
06 05 04 03 02 01

2013
12 11 10 09 08 07
06 05 04 03 02 01

2012
12 11 10 09 08 07
06 05 04 03 02 01

2011
12 11 10 09 08 07
06 05 04 03 02 01

2010
12 11 10 09 08 07
06 05 04 03 02 01

2009
12 11 10 09 08 07
06 05 04 03 02 01

2008
12 11 10 09 08 07
06 05 04 03 02 01

2007
12 11 10 09 08 07
06 05 04 03 02 01

2006
12 11 10 09 08 07
06 05 04 03 02 01

2005
12 11 10 09 08 07
06 05 04 03 02 01

2004
12 11 10 09 08 07
06 05 04 03 02 01

2003
12 11 10 09 08 07
06 05 04 03 02 01

2002
12 11 10 09 08 07
06 05 04 03 02 01

2001
12 11 10 09 08 07


One good site
MDN

 

Nelson

Nelson Minar
nelson@monkey.org

Creative Commons License

Blog licensed under a Creative Commons License

Powered by Blosxom

Parsing XML can still open files

Seven years ago I wrote about XML security problems, the XXE vulnerability. This flaw is the gift that keeps on giving: someone exploited Google with it this month.

XML is a ridiculously complicated data format. And XML parsers implement all the features, including the obviously dangerous and useless ones. And engineers keep forgetting to turn those features off. It’s just terrible.

techbad
  2014-04-11 18:29 Z
Nelson's Weblogtechbad