A bit of a “business as usual” week this one, but then this business is never really “usual”! I start out with a talk at McAfee’s MPOWER conference in Sydney and a bit of chatter about some upcoming ones (including the one I still can’t talk about… but will next week!)
In terms of new things, I’ve now got my hands on an iPhone X so I spend a bunch of time talking about that. It only arrived yesterday so I’m still learning and forming opinions, but early feedback is that I love this phone! Well actually, in the video I talk about stuff I love, stuff I’m not real happy about and a bunch of things in between but even since recording that video this morning (I’m half a day on now which has basically doubled my iPhone X experience!) I’ve found other stuff to like. The real biggy is having all the screen real estate of my old 7 Plus in a phone that’s physically near identical in size to a non-Plus phone. Just on that, I speak in pretty generic terms in the video but a quick check on Apple’s iPhone comparison page shows that the 7 Plus (and 8 Plus, for that matter) has a screen size of 5.5″ with 401ppi whilst the X’s screen is 5.8″ and 458ppi. Yeah, I do actually love this phone 🙂
In other news, I wrote a big piece on CSPs this week, namely around the different ways they can candle scripts. There’s a few really cool options that give you middle grounds between the “run anything” state that you’re in without a CSP and “run nothing” default state when a CSP is in place. I talk about hashes and nonces which are cool, but then there’s browser flakiness to deal with too (which is not cool). All that and more in this week’s update. Enjoy!
- Ars is calling “bullshit” on claims of FaceID hacking (it’s an interesting read and there’s certainly some questions that need answering, such as the ones Dan Goodin tweeted earlier today)
- Getting to grips with content security policies and scripts (I talk about no CSP, nonces, hashes and outright banning of unsafe inline scripts)
- Terbium Labs is back sponsoring my blog this week (big thanks to those guys and their Matchlight product, they’ve been regularly supporting this blog for a year now)