Lately, I have been implementing the server logic for Content Security Policy in WordPress. Today, I posted my first patch to WordPress, still a work in progress, which adds an administration panel for configuring CSP. One of the features I’m rather happy with is “Suggest Policy”, which analyzes the content in the user’s blog and recommends a policy based on the content types and sources it finds.
No, Walter, it did NOT look like Larry was about to crack!
WordPress and Content Security Policy
April 12th, 2010Growing Veggies at Home
April 10th, 2010Last year, I built some sub-irrigated planters (SIP) using the excellent 2-bucket design from Green Roof Growers. The concept is based on the commercial product, Earthbox, but costs far less to build at home.
A-Star (A*) Algorithm in Python – Update
January 25th, 2010Since there have been many requests over the years for the source code referenced in my A-Star (A*) Algorithm post, I decided to share it. I did a bit of refactoring too, as I have learned some neat things about Python in the years since I wrote that post, like list comprehensions.
A cautionary note to undergrad CS students (who I can only assume are the requestors): CS professors are pretty good at catching cheaters, so learn from others’ code, but write your own.
Source: astar.py
Content Security Policy – Preview Builds
October 1st, 2009I am excited to report that Content Security Policy is available for testing! We’ve been working hard on implementing the CSP spec and now the new features are ready to be put to the test. I would like to encourage any interested parties, whether web security researchers or website administrators, to grab a preview build of Firefox with CSP enabled and head over to the demo page to see it in action.
Content Security Policy – Update
April 7th, 2009I published another set of changes to the Content Security Policy proposal. We are getting very close to the implementation phase now, and I’ve made a final call for feedback. Sid and I are in the process of moving the documentation to the Mozilla Wiki, where the final specification will live.
Python AES Implementation – Update
April 4th, 2009I fixed two bugs in my AES implementation. The first was a padding bug which resulted in the loss of up to a block of data when decrypting certain ciphertexts. The second bug was a more serious security problem caused by the use of a static initialization vector.
Content Security Policy (was Site Security Policy)
September 5th, 2008I updated my web security proposal with a fairly large set of changes. I removed Cross Site Request Forgery from the scope of the proposal and instead will focus on the implementation of the Origin header. The syntax has also been expanded to allow policy creation for a larger set of content types, e.g. not just JavaScript.
Site Security Policy
June 4th, 2008I published a proposal for a set of browser security features that I hope to get turned into an open web standard and implemented in a future version of Firefox. The goal is create a mechanism that allows websites to communicate security policies to the browser which dictate how web content should behave.
Python CIDR Block Converter
December 14th, 2007I wrote a Python script that converts a CIDR Block into a list of individual IP addresses, one-per-line.
Play Dark Castle in Windows
December 13th, 2007Eager to play the classic Mac game, Dark Castle, and unsatisfied with the majority of the tutorials I could find, I put together a consolidated tutorial for running Dark Castle in Windows with all the requisite files included.