Another beneficial side effect of adopting CSP is that it will force organizations to take stock of everything that their site is doing, and perhaps even make some smart some design changes in the process (like removing and disabling all in-line JavaScript). For developers, Mozilla has some great references, like this overview and this detailed list of policy directives.

I look forward to seeing CSP adopted more widely and supported by every major browser. If anyone has some practical experience with deploying CSP, please share some of your lessons learned.

Well, today he has a new reason to worry: evercookie. Evercookie is a small bit of evil/genius JavaScript code that allows a website to create ultra-persistent cookies on its users’ computers. Currently, it uses eight different methods of cookie storage, with plans to develop at least four more. Not only are some of these difficult to remove, but evercookie will attempt to recreate them all, if even one of its stored cookies is still present the next time you visit the site.

Some of the methods evercookie takes advantage of are typical and considered more or less legitimate, like using Local Shared Object cookies through the Flash plug-in. Other are pretty bizarre, such as creating web history entries in the browser that point to nonexistent URLs under the google.com domain. These weird entries are actually the Base64 encoded über-cookie, which it can recover later using a simple brute forcing algorithm and a CSS history hack. Yes, I said it was bizarre.

To some people, evercookie might seem like a strange, pointless, or downright malicious project. After all, no user wants to be tracked across the web with some new, intrusive type of cookie. But in my mind, releasing this functionality in an easy-to-use and open source package is a good thing. Most of the cookie storage mechanisms it uses are not all that new, and are being used already anyway.

To me, the real point of evercookie is to raise awareness among everyday web users, the IT crowd, privacy advocates, and hopefully web browser companies. Yes, there are a million ways for shady or malicious websites to track you across the Internet, and your browser just wasn’t designed to properly protect you. Things like evercookie remind me that we need to do a lot more work on improving the security and privacy features for web clients, so that users don’t need to be worried or paranoid about visiting any web sites – including new ones that they don’t necessarily trust.

>>> from collections import defaultdict
>>> double_dict = defaultdict(dict)
>>> double_dict['foo']['bar'] = 42
>>> double_dict['fun']['ball'] = 77
>>> double_dict['fun']
{'ball': 77}

What if you want an unlimited number of dicts within a dict? Well, all you need is a simple function to create a defaultdict(dict) object on the fly, like this:

>>> def make_infinite_dict():
 return defaultdict(make_infinite_dict)

>>> inf_dict = make_infinite_dict()
>>> inf_dict[1][2][3][4][5] = 100
>>> inf_dict[1][2][3][4][5]
100

Like I said, nothing magical, but it could come in handy!

Green text. Black background. I’ll tell you why right now. I’m an old school DOS guy. My first word processor was Wordstar and that’s the word processing program I came to associate with the fugue-like state of maximum productivity: the Zone. This is why I continue to favor colored text on a black background in my current favorite editor, Textmate. The coloring reminds me of an primal safe place where the tool is serving its purpose — to get the hell out of the way so I can go be exponentially more productive.

This is why, as engineers, we stick with something that works for us. This is why the ancient likes of vi and Emacs continue to flourish. Once we find a tool that works for us, once we’ve chosen that tool, it becomes ours and remains ours. It allows us to get foamy.

I’ve had similar experiences with Dreamweaver and other WYSIWYG tools, where they are just too helpful and end up jumbling up my carefully formatted code. To be honest, I never even really liked working in Eclipse, either. It’s just too distracting, and again, too “helpful” for my taste. But like Rands says, to each his own.

via Rands In Repose

This leads us to the odd conclusion that strict control is something that matters a lot on relatively useless projects and much less on useful projects.

That might not sound intuitive at first, but it makes sense after reading what he has to say.

The article (PDF) is available here: http://www2.computer.org/cms/Computer.org/ComputingNow/homepage/2009/0709/rW_SO_Viewpoints.pdf.