FeedCity

Research: Can JavaScript Escape a CSP Meta Tag Inside an Iframe?

In trying to build my own version of Claude Artifacts I got curious about options for applying CSP headers to content in sandboxed iframes without using a separate domain to host the files. Turns out you can inject <meta http-equiv="Content-Security-Policy"...> tags at the top of the iframe content and they'll be obeyed even if subsequent untrusted JavaScript tries to manipulate them.

Tags: iframes, security, javascript, content-security-policy, sandboxing

Iran says it has shot down a US fighter jet over the west of the country. Iranian state media has published pictures and videos purporting to show parts of the downed plane and one of the ejector seats. American aircraft and reconnaissance drones are said to be involved in t...

Tracker dashboard for the Artemis II mission using real-time data from JPL.

The commander of NASA’s Artemis II mission to the Moon, Reid Wiseman, took this photo of the Earth as the spacecraft speeds away our planet.

There are two auroras (top right and bottom left) and zodiacal light (bottom right) is visible as the Earth eclipses the Sun.

That is so cool. Worth clicking through to see the high-resolution image.

Tags: artemis · Earth · NASA · photography · science · space

Two weeks ago I set aside my M4 MacBook Air and picked up a nine-year-old ThinkPad. It's one of an estimated 200 to 400 million Windows 10 PCs that don't meet Microsoft's requirements for Windows 11. When Microsoft officially ended support for Windows 10 in October, it became "obsolete." The solution, according to Microsoft, is […]

The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved a sophisticated social engineering campaign targeting one of their maintainers directly. Here's Jason Saaym...

Does what it says on the tin: acid techno mix in Japanese sake brewery.

This week, in an episode we first aired in 2022, we flip the Disney story of life on its head thanks to a barrel of seawater, a 1970s era computer, and underwater geysers. It’s the chaos of life. Latif, Lulu, and our Senior Producer Matt Kielty were all sitting on their own ...

The Artemis II mission has completed a critical engine burn that's propelling the Orion spacecraft and its four astronauts on a journey to the far side of the Moon. It's the first time in over 50 years that humans have left Earth's orbit. Also in this podcast: Iranians descr...

“If Artemis II is successful, the astronauts will be the first humans to reach the moon’s orbit in more than 50 years, and their path around its far side will take them farther into the universe than any human being has previously traveled.”

I was a guest on Lenny Rachitsky's podcast, in a new episode titled An AI state of the union: We've passed the inflection point, dark factories are coming, and automation timelines. It's available on YouTube, Spotify, and Apple Podcasts. Here are my highlights from our conve...

John Buck at The Verge (gift link), excerpted from his great book, Inventing the Future: Steve Perlman: Almost everyone at Apple, and definitely everywhere else, assumed that multimedia would always require specialized hardware — and be expensive. A few of us thought oth...

Great roundup of links from Stephen Hackett:

The crew is made up of Reid Wiseman, Victor Glover, Christina Koch, and CSA (Canadian Space Agency) astronaut Jeremy Hansen. They are now on their way to the moon, set to return in 10 days. Their rocket may be the product of a hugely-flawed program, but right now, that doesn’t matter. They are getting us closer to returning to the lunar surface than we’ve been in 50 years. That’s worth celebrating.

Link: 512pixels.net/2026/04/artemis-ii-crew-on-way-to-moon/

It was late January, and Pinterest engineer Teddy Martin was on edge about recent layoffs at the company. Martin had just survived a round of cuts, but he and other employees were confused about who was being let go and why, and explanations from top executives including CEO Bill Ready had done little to quell […]

Gemma 4: Byte for byte, the most capable open models Four new vision-capable Apache 2.0 licensed reasoning LLMs from Google DeepMind, sized at 2B, 4B, 31B, plus a 26B-A4B Mixture-of-Experts. Google emphasize "unprecedented level of intelligence-per-parameter", providing yet ...

Release: llm-gemini 0.30

New models gemini-3.1-flash-lite-preview, gemma-4-26b-a4b-it and gemma-4-31b-it. See my notes on Gemma 4.

Tags: gemini, llm, gemma

Katie Deighton, reporting for The Wall Street Journal (main link is a gift link; also on News+): OpenAI bought TBPN to encourage constructive conversation around the changes AI creates by helping the show grow, according to a memo sent by Fidji Simo, the OpenAI’s CEO of ...

StepSecurity: If you have installed axios@1.14.1 or axios@0.30.4, assume your system is compromised. There are zero lines of malicious code inside axios itself, and that’s exactly what makes this attack so dangerous. Both poisoned releases inject a fake dependency, plai...

Back in March 1991, Saturday Night Live ran what I consider the best Apple parody ad ever made: “McIntosh Jr.” Siracusa and I talked about it on The Talk Show this week, celebrating Apple’s 50th anniversary, so I looked it up for the show notes. Alas, this appallingly low-re...