Add a ‘Go to Parent Folder’ button to the toolbar
One detail that I’m actually missing from Windows is a Finder toolbar button to jump one folder up in the hierarchy, ie to the parent folder. So I came up with the following ugly but still functionally work-around. First create an AppleScript app with just this line of code:
tell application "Finder" to set target of window 1 to the container ¬
of target of window 1
Then save it as an application, and quit Script Editor. Now show the contents of the application package you just created by control-clicking on the folder and then choosing Show Package Contents from the pop-up menu. Open the Contents folder and edit the info.plist file in your editor of choice. Adding the following will make the program faceless, so that it does not appear in the Dock when launched:
<key>NSUIElement</key>
<string>1</string>Finally create a nice i…
(Via MacOSXHints.com.)
Control.Modal: Unobtrusive CSS Modal Windows and Lightboxes for
Ryan Johnson is up to his tricks again. This time he has created Control.Modal, an unobtrussive CSS modal window based on the Prototype library.
It weighs in at around 8K and hit a sweet spot for some functionality. The Prototype
window class was overkill, and he needed more than just a lightbox).
(Via Ajaxian.)
ForkLift: Two Pane File Manager
I suspect this will be of most interest to recent switchers and/or old timers with fond memories of Norton Commander. Binarynight’s ForkLift is a new “dual paned file manager the Mac way.” As you can see from my screenshot above it is more or less exactly what you’d expect from a two-paned file manager, with support for Mac technologies like Spotlight, Smart Folders, etc. Personally, I think I’ll stick with Path Finder, but if this is the kind of thing to float your boat, it is available for download as a time limited beta.
Adium 1.0.2 is now available!
What could possibly make this beautiful Sunday any better? How about a new version of Adium? Adium 1.0.2 is now available. This bugfix release fixes several “favorite” crashes, improves AIM file transfer (again!), speeds up the Chat Transcript Viewer, improves interactions with iTunes and the OS X keychain, and more – a total of 25 significant improvements.
As always, thanks to our site and support host Network Redux and our download host CacheFly. Want to help out with development? See Contributing to Adium for information on bug hunting, coding, and donating.
Are you a student interested in getting paid to participate in open source development this summer? Read about the Google Summer of Code and apply immediately; only 33 hours are remaining before the deadline!
(Via Adium News.)
Xbox 360 with HDMI confirmed by Microsoft… sorta
If you weren’t already a believer in the HDMI toting black Xbox 360 Elite then perhaps this bit of titillating tattle will sway you: a Microsoft XNA framework developer has unintentionally (we presume) confirmed the long awaited HDMI in Microsoft’s official XNA Game Studio Express forum. When asked if HDMI output on the “revised 360″ will require any code changes, the developer responded “No changes required.” Hah, good to know.
(Via Engadget.)
Inquisitor 3 emerges from beta, still free
Inquisitor 3 has reached release status, dropping the infamous “beta” from its version description. It only works with Safari, but it’s the slickest search bar modification I’ve seen, surpassing my old favorite AcidSearch. It gives a live updating drop down of top search results from the search engine of your choice as well as letting you choose alternate search engines.
I’m also pleased as punch to report that Mr. David Watanabe has chosen to keep it free. I’ve seen his apps start free and suddenly go pay to trust that it would happen this time, but he’s delivering honest to goodness freeware. I highly recommend this for any Safari user. Now if only it supported Camino or OmniWeb. If it still works in Leopard, I may just have to switch back to Safari.
(Via MacUser.)
Operator overloading in Javascript 2 and a potential monster CSRF hole
I noticed that Javascript 2 might include operator overloading, including (at least) the ability to overload the < and > operators.
Operator overloading is really useful if you want to write a Complex number class, and really annoying when someone else wants to flex a newly learn skill and uses it for something totally inappropriate. Since authors of Complex number classes are less common than inexperienced programmers, I'm not keen on the idea in general purpose languages.
However, opinions about programming languages aside, I think that operator overloading in Javascript could turn out to be a really bad idea for a totally different reason.
The ultimate CSRF hack, when Javascript 2 comes out, might just be to redefine operators to make XML (or even HTML) a valid language.
You could then steal fairly much steal any cross-domain data by doing a script-tag include on an XML/HTML data source.
I really hope someone has thought of this…
Update: I can see that I didn't explain myself very well, so a quick update might be needed.
If you can overload the < and > operators then it might be possible to do so in such a way that HTML or XML becomes a valid bit of Javascript. This is more likely to be possible with known schema like HTML.
So how would this create a huge security hole? Simply because it would allow an attacker to use a script tag to include some HTML and then read the data using a combination of overloaded < and > operators and the Array/Object data stealing methods.
Currently CSRF is restricted to write-only exploits, and the standard way of protecting yourself includes using authentication data in a hidden form field. If an attacker could read this data too, then the standard protection against CSRF would fail. Also you could use this to steal data from intranets and, I'm sure, there are many other options.
The real worry here is that the designers of the language will, in one spec, have to out-smart crackers for a long time to come. Once websites start using the feature, it can't be easily removed.
(Via Joe Walker’s Blog.)
Gran Paradiso Alpha 3 Available for Download
Gran Paradiso Alpha 3 is an early developer milestone for the next generation of Mozilla’s layout engine, Gecko 1.9. Gran Paradiso Alpha 3 is being made available for testing purposes only, and is intended for web application developers and our testing community. Current users of Mozilla Firefox should not use Gran Paradiso Alpha 3. There are no significant user interface changes in Gran Paradiso Alpha 3, however there are many core layout and rendering improvements.
Gran Paradiso Alpha 3 is available for the following platforms:
Microsoft Windows 2000 or later
MacOS X 10.3.9 or later
Linux
Please see the release notes for additional information and a list of known issues with this release.
(Via Mozilla Developer News.)
Mac OS X Leopard pushed back for Vista support?
Given that the last Leopard rumor we heard was that it’d actually be shipping early (like, this month), we’re not sure how much stock should be put in this latest one, but according to DigiTimes, the word from “industry sources” is that the OS has now been postponed, all the way ’till October. Supposedly, the delay is necessary in order to add support for Vista to the integrated version of Boot Camp, which those same sources say Apple wants so it can increase its chances of grabbing more of that coveted PC market share. While we can’t say if that’s true or not, we are fairly confident that this won’t be the last Leopard rumor we hear before its release, whenever that may be.
(Via Engadget.)
Eclipse 3.3M6 is out
It looks like 3.3M6 was finally published. The New and Noteworthy is out for all to digest ;) Here are my biased favorites:
- SWT Gone Wild (WPF support. JavaXPCOM support, OLE Improvements)
- Equinox HTTP Service is now in SDK (thank you Simon / Curtis)
- Categorized Help Search
- Platform Proxy/SSH support (yay)
- Custom splash screen templates
(Via Planet Eclipse.)
leave a comment