Tom's corner of the internet

Gravatar for tom@tomforb.es

Written by Tom Forbes who lives and works in London building useful things with Python and Django. I usually blog about security, my projects and random experiments

How not to make an april fools joke

08 April, 2018

Picture the scene. You’ve recently installed the awesome Lineage OS on your android device and are enjoying it so far. You install an…

Suggestions added to Django manage.py

24 February, 2018 - Under:

My recently merged PR for ticket #28398 adds very simple ‘did you mean’ suggestions to Django’s command, which is the primary way of…

Goodby Simple, hello Gatsby

16 January, 2018

Many years ago, inspired by a blogging platform called Svbtle , I built a clone called Simple . It was pretty simple - just a minimal…

Counting Pizza with Python

28 July, 2016 - Under:

I’m a full time nerd, even when I’m ordering pizza online I can’t stop myself from investigating how the websites I’m ordering from work. My…

Syntax highlighting and CSS support added to wordinserter

26 July, 2016 - Under:

I recently added syntax highlighting and support for CSS stylesheets to wordinserter , and the implementation was satisfying enough that I…

Segfaulting Python with afl-fuzz

06 March, 2016 - Under:

American Fuzzy Lop is both a really cool tool for fuzzing programs and an adorable breed of bunny . In this post I’m going to show you…

Scraping websites with Cyborg

04 January, 2016 - Under:

I often find myself creating one-off scripts to scrape data off websites for various reasons. My go-to approach for this is to hack…

HtmlToWord is now WordInserter

24 May, 2015 - Under:

I’ve released a redesign of my HtmlToWord library, specifically it now supports Markdown and multiple different ways to interact with Word…

HP Support Solutions Framework Security Issue

11 April, 2015 - Under:

After discovering the flaw in Dell’s System Detect software I looked into other similar software for issues. This post details two issues…

Dell System Detect RCE vulnerability

23 March, 2015 - Under:

I recently discovered a serious flaw with Dell System Detect that allowed an attacker to trigger the program to download and execute an…

Simple 2

13 December, 2014 - Under:

I’ve just about finished the next version of Simple , the markdown based blog that powers this site. When I first made Simple it was…

Exploiting XPath injection vulnerabilities with XCat

25 July, 2014 - Under:

I just released XCat 0.7 , the companion tool to this paper . XCat is a command line tool to automate the exploitation of Blind XPath…

A test RSS feed service

01 April, 2014 - Under:

The coursework set for my Distributed Systems involves reading new items from RSS feeds (such as the BBC News feed or the UK traffic…

2 years of blogging

06 March, 2014 - Under:

When I first came to University lots of people (like Rob Miles ) were trying to get undergraduates to start blogging. On the 6th of March…

Opera is really nice

13 February, 2014

I really like the Opera browser. A couple of months ago I got a bit tired of using Google Chrome, it was just a bit sluggish sometimes and I…

Submitting a patch to Python’s lxml library

09 January, 2014 - Under:

While working on a system for work I ran into a bug with Python’s lxml library and decided to fix it. I thought I would document how easy…

How much code is there in the Python Package Index?

21 December, 2013 - Under:

Sometimes python related questions pop into my head, like how slow are Django templates or how hard would it be to inline Python function…

University Presentation

27 November, 2013

So I did a presentation on Information Security at University today. I think it went rather well, however I couldn’t show a couple of the…

Hack things, acquire clothing.

22 November, 2013 - Under:

I discovered an XSS flaw in a website a month ago and reported it to the owners. As a thank you they sent me a hat, a rather large american…

Restricting Thrift clients to specific IP addresses with Twisted

11 November, 2013

Apache Thrift is pretty awesome - you can build Twisted bindings for your Thrift interface file that work fantastically. There is one…

Adding tail-call optimization to Python

15 October, 2013 - Under:

Tail-call optimization is a trick many languages and compilers use to avoid creating excess stack frames when dealing with recursive code…

My Uni's timetable system sucks, so I built a better one.

11 October, 2013 - Under:

tl;dr The timetable system sucks, so I made one that works Getting your timetable sorted at Uni has never been fun. In years 1 and 2 of my…

Purchasing a £30,000 numberplate for the price of a bus ticket

07 October, 2013 - Under:

Regtransfers.co.uk is a website that allows you to purchase customized numberplates for your car or motorbike. They boast a large number of…

Breaking out of secured Python environments

25 September, 2013 - Under:

A week or so ago I was browsing /r/Python and I saw a link to a website called rise4fun.com , which is a Microsoft Research project that…

Inspecting .NET applications with ILSpy

19 September, 2013 - Under:

Every once in a while I come across an application that is so comically insecure that I feel the urge to blog about it. The application in…

Automatically inline Python function calls

01 August, 2013 - Under:

Edit: Code is here on GitHub Calling functions in Python can be expensive. Consider this example: there are two statements that are being…

SSDs are awesome, buy one.

25 July, 2013

I recently brought a Samsung 840 Series Pro 256GB 2.5 inch SATA Solid State Drive and its easily the best PC hardware purchase I have ever…

Displaying a processes output on a web page with Websockets and Python

15 July, 2013 - Under:

A few days ago a colleague of mine asked me how you would pipe the standard output of a process into a browser. I hacked around for a few…

Profiling Django templates with Django-Debug-Toolbar

18 April, 2013 - Under:

My last post about the speed of Django’s templating language caused a bit of a stir and it was clear that people didn’t really have a clue…

More holes than swiss cheese

11 April, 2013 - Under:

tl;dr Never trust user input. Note: Before I published this I contacted the owner of the site and he has since replaced it with a new and…

Just how slow are Django templates?

13 March, 2013 - Under:

Edit 2: I made a Django debug toolbar panel that profiles your Django templates and all their components. You can find it here: https…

Finding fried chicken with C#, Mono and ServiceStack

02 March, 2013 - Under:

I think I just solved a very first world problem - Where to find the nearest takeaway that sells fried chicken. When you are stumbling out…

HtmlToWord

18 February, 2013 - Under:

You can find the code here on github and the package here on PyPi I have written and continue to maintain a reporting system for a group…

Adding mobile support to Simple

22 September, 2012 - Under:

Last week I finally got round to adding support for mobile devices to Simple (the software that powers this blog). I thought I would write…

Parsing Wikipedia database dumps with C# and Postgres (6 degrees of Wikipedia)

12 September, 2012 - Under:

tl;dr C# and Postgres are pretty damn fast. View code on github Recently I began working on a little experiment after I saw that Wikipedia…

Transplanting/Replacing Django child instances without deleting the parent

31 August, 2012

Django has a very neat feature called Multi Table Inheritance which allows you to create a ‘parent’ model with common fields and a variety…

Using Python metaclasses to make awesome Django model field choices

13 August, 2012 - Under:

Edit: This code is now on PyPi: https://pypi.python.org/pypi/django-choice-object tl;dr Metaclasses are awesome When using Django’s Model…

In favour of ORM's

14 May, 2012

I recently read this post entitled “(Some) ORM Haters Do Get It” and I wanted to make a few points in favour of ORM’s. The author of the…

Making a film recommendation site by cheating

08 May, 2012 - Under:

View the site here: https://movies.tomforb.es or the code here To distract me from my ever approaching 1st year exams I decided to create…

Creating a URL shortening service with Django

20 April, 2012 - Under:

View it live here or get the code here The first URL shortening site I saw was several years ago and was called TinyURL . Soon after…

Using a custom SQLAlchemy Users model with Django

13 April, 2012

I really dislike Django’s ORM. For my job I have written (and continue to maintain) a large internal project that uses Django’s ORM…

Draconian internet filters

12 April, 2012

My universities student network is pretty restricted. I just finished coding a few changes to Simple and realised I couldn’t push any…

Simple.

29 March, 2012 - Under:

I like things to be simple. So I wrote my own blog software to replace the rather un-simple WordPress. Its not that WordPress its hard to…