DateSunday 12 December 2004

G4 perform ‘Creep’ on the X-Factor: is there a tree high enough to hang them from?

I’ve watched part of one episode – the last – of “The X-Factor”, the latest in the music business’s attempt to totally destroy its mystique and push itself into a spiral in which short-term artists pop up, are famous for as long as it takes a match to burn out (remember Michelle watsername, winner of the last Pop Idol? What is she doing now?) and then vanish.

And then they came on, four blokes in suits, and do Radiohead’s ‘Creep’ – an anthem of disaffected rage and alienation. In cod-opera voices. Sure, pop will eat itself, but it would be nice if it weren’t force-fed.

As for G4, folk mebbe considerin’ one of them necktie parties for them. Good grief. I can bear some of the lounge-style covers of Radiohead (they’re the only ones on the iTunes Music Store, as the band won’t let their stuff go on it). But this was beneath irony.

Developing Dashboard Widgets… looks like fun but has security implications

Apple has put up a new page, Developing Dashboard Widgets, which makes the process look like a doddle. Unless, like me, you’ve never wrestled with Javascript, and find CSS a maze, and HTML isn’t always as simple as it ought to be.

Even so, one can see that before long people will be offering basic “Widget kits” with a selection of background images (you need a background image for the Widget to load) and basic stylesheets, plus some Javascript you can hack around. The interesting thing is when you can start to get at the Unix base of the machine (to monitor processes, say). I can imagine having a custom Widget to let me eject a particular disk (to save a trip to the Finder) or, oof, I dunno. It’s one of those things where the possibilities only open up when you’ve had a play.

Although that could go horribly wrong if someone finds a way to include vicious Unix commands like “cd ~ | rm -rf” which will wipe your home directory. It’s not clear quite how high the sides of the “sandbox” are in which Widget processes will run; and a cleverly written (in soccial engineering temrs) Widget could find a way to capture your administrator password (by saying it needed it to load, or to run properly). Hmm. I’d like clarification on this from Apple, really.

Unfortunately the examples given on the page won’t work on 10.3 – Webkit apparently doesn’t support the Widget “canvas” class yet. Any Tiger developers tried writing malicious Widgets? What happens?