Monthly Archives: January 2012

More Content Security Policy work

Firefox seems to be the only browser strictly enforcing the X-Content-Security-Policy header at the moment. This is both good and bad: good because it doesn’t adversely effect me here in my Chrome bubble, and bad because it seems to effect some of my readers. I installed Firefox 9 to debug the issue, and ended up with this policy:

The only problem with this is I had to whitelist all of github. This is a problem, because provided one could post script tags in comments on here, they could just link to a raw script in their repository and the policy is meaningless. Without path support in the standard grammar, I can’t properly integrate with github. I hope they add this support so I can do something like the following:

That would at least make it a little harder to do XSS. Of course, they offer subdomains, so this still doesn’t fix the problem. The only way to fix it is to whitelist explicit paths without wildcards. This is more verbose, but it would be better.

In closing, I like CSP, and I think it’s a good idea, but it’s still in early stages after a couple years, and needs a bit of work.

The Smashrun Fusion Mashup: Part 2

So, I finished the first version of my FusionRunner script mentioned in the previous post. Currently, it takes all the runs from Google Fusion Tables and imports them into Smashrun after massaging the data. You can see a list of my “runs” (they’re really walks so far) Click a run to see more details. The following features are currently supported:

  • Caching of Google OAuth tokens/secrets on the filesystem
  • Ability to convert terribly formatted Fusion Table rows from My Tracks into something usable
  • Importing of all runs into Smashrun with tags based on activities

The following features are the next steps:

  • Tracking which runs have already been imported to Smashrun (probably using another Fusion Table!)
  • Contacting Smashrun and asking about including elevation data and maybe map data

I’ve emailed Smashrun, so let’s hope they get back to me. Here’s a current version of the program for your perusal:

FusionRunner: A Google Fusion Tables prototype

The other day, I kinda sorta got excited about running, mainly prompted by a friend telling me about a half-marathon in May. I’ve been needing to find an exercise outlet for a while, and this may be it. Throughout this experiment, I’d like to track my progress with some level of detail, and mapping/distance measurement seems to be a component of this. There are various services for this, like Nike+, and there’s a really neat one called Smashrun that I’d like to use. The only problem is getting data into it, which is either manual entry or through Nike+, which basically requires you to buy their stuff.

A couple days ago, I found out about My Tracks from Google, an Android app that’s free. I installed it, and successfully tracked my walk back to our house. It was amazing. Once you’re done tracking, you can click a couple buttons and export to a couple different Google services, including something I’d never heard of: Google Fusion Tables.

You can access Fusion Tables here. So far, I’ve got it authenticating with OAuth (which is awesome), and doing a select on the first table, which is the export of my walk data. Here’s what the current output looks like:

As you can see, there’s a LOT of data here. The meat for this application is the last line, which when formatted a little nicer, looks like this:

Ruby walk around school

Created by My Tracks on Android.

Total distance: 1.83 km (1.1 mi)
Total time: 30:06
Moving time: 18:41
Average speed: 3.65 km/h (2.3 mi/h)
Average moving speed: 5.88 km/h (3.7 mi/h)
Max speed: 9.00 km/h (5.6 mi/h)
Min elevation: 29 m (96 ft)
Max elevation: 65 m (214 ft)
Elevation gain: 81 m (264 ft)
Max grade: 0 %
Min grade: 0 %
Recorded: 1/16/12 7:08 PM
Activity type: walking

Holy crap! That’s a lot of data in one row! And I have all of the geometry data too!? Sweet! Anyway, here’s a little program that dumps this to the screen. Soon, I’ll make it do the required stuff to log into Smashrun and input a new run with the stats filled in (of course, only if the activity is running).

Toggling Hidden File Visibility with Applescript

I wrote a quick little applescript today that allows one to show or hide hidden files on demand, since this doesn’t seem to be an option in Finder. ¬†Applescript is a terribly designed language, but it does allow you to easily get crap done in OSX. ¬†I have it in github here, and it’s so concise, I figured I’d just paste the current version here:

set Status to do shell script "defaults read AppleShowAllFiles"
if Status = "OFF" then
	do shell script "defaults write AppleShowAllFiles ON"
	do shell script "defaults write AppleShowAllFiles OFF"
end if
do shell script "killall Finder"

Just download it, open it in the Script Editor (I can double click it), and do Save As. Then, select Application as the type, and do Run Only and save it. Then, hide it away and make an alias to it, and drop that on the desktop. Here’s what mine looks like:

And after I double click that Alias:

I like this – it makes basing things on system configuration really easy.