Tom's corner of the internet

Gravatar for tom@tomforb.es

Written by Tom Forbes who lives and works in London building useful things with Python and Django. I usually blog about security, my projects and random experiments

Suggestions added to Django manage.py

24 February, 2018 - Under:

My recently merged PR for ticket #28398 adds very simple ‘did you mean’ suggestions to Django’s manage.py command, which is the primary…

Goodby Simple, hello Gatsby

16 January, 2018

Many years ago, inspired by a blogging platform called Svbtle , I built a clone called Simple . It was pretty simple - just a minimal…

Counting Pizza with Python

28 July, 2016 - Under:

I’m a full time nerd, even when I’m ordering pizza online I can’t stop myself from investigating how the websites I’m ordering from work. My…

Syntax highlighting and CSS support added to wordinserter

26 July, 2016 - Under:

I recently added syntax highlighting and support for CSS stylesheets to wordinserter , and the implementation was satisfying enough that I…

Segfaulting Python with afl-fuzz

06 March, 2016 - Under:

American Fuzzy Lop is both a really cool tool for fuzzing programs and an adorable breed of bunny . In this post I’m going to show you…

Scraping websites with Cyborg

04 January, 2016 - Under:

I often find myself creating one-off scripts to scrape data off websites for various reasons. My go-to approach for this is to hack…

HtmlToWord is now WordInserter

24 May, 2015 - Under:

I’ve released a redesign of my HtmlToWord library, specifically it now supports Markdown and multiple different ways to interact with Word…

HP Support Solutions Framework Security Issue

11 April, 2015 - Under:

After discovering the flaw in Dell’s System Detect software I looked into other similar software for issues. This post details two issues…

Dell System Detect RCE vulnerability

23 March, 2015 - Under:

I recently discovered a serious flaw with Dell System Detect that allowed an attacker to trigger the program to download and execute an…

Simple 2

13 December, 2014 - Under:

I’ve just about finished the next version of Simple , the markdown based blog that powers this site. When I first made Simple it was…

Exploiting XPath injection vulnerabilities with XCat

25 July, 2014 - Under:

I just released XCat 0.7 , the companion tool to this paper . XCat is a command line tool to automate the exploitation of Blind XPath…

A test RSS feed service

01 April, 2014 - Under:

The coursework set for my Distributed Systems involves reading new items from RSS feeds (such as the BBC News feed or the UK traffic…

2 years of blogging

06 March, 2014 - Under:

When I first came to University lots of people (like Rob Miles ) were trying to get undergraduates to start blogging. On the 6th of March…

Opera is really nice

13 February, 2014

I really like the Opera browser. A couple of months ago I got a bit tired of using Google Chrome, it was just a bit sluggish sometimes and I…

Submitting a patch to Python’s lxml library

09 January, 2014 - Under:

While working on a system for work I ran into a bug with Python’s lxml library and decided to fix it. I thought I would document how easy…

How much code is there in the Python Package Index?

21 December, 2013 - Under:

Sometimes python related questions pop into my head, like how slow are Django templates or how hard would it be to inline Python function…

University Presentation

27 November, 2013

So I did a presentation on Information Security at University today. I think it went rather well, however I couldn’t show a couple of the…

Hack things, acquire clothing.

22 November, 2013 - Under:

I discovered an XSS flaw in a website a month ago and reported it to the owners. As a thank you they sent me a hat, a rather large american…

Restricting Thrift clients to specific IP addresses with Twisted

11 November, 2013

Apache Thrift is pretty awesome - you can build Twisted bindings for your Thrift interface file that work fantastically. There is one…

Adding tail-call optimization to Python

15 October, 2013 - Under:

Tail-call optimization is a trick many languages and compilers use to avoid creating excess stack frames when dealing with recursive code…

My Uni's timetable system sucks, so I built a better one.

11 October, 2013 - Under:

tl;dr The timetable system sucks, so I made one that works Getting your timetable sorted at Uni has never been fun. In years 1 and 2 of my…

Purchasing a £30,000 numberplate for the price of a bus ticket

07 October, 2013 - Under:

Regtransfers.co.uk is a website that allows you to purchase customized numberplates for your car or motorbike. They boast a large number of…

Breaking out of secured Python environments

25 September, 2013 - Under:

A week or so ago I was browsing /r/Python and I saw a link to a website called rise4fun.com , which is a Microsoft Research project that…

Inspecting .NET applications with ILSpy

19 September, 2013 - Under:

Every once in a while I come across an application that is so comically insecure that I feel the urge to blog about it. The application in…

Automatically inline Python function calls

01 August, 2013 - Under:

Edit: Code is here on GitHub Calling functions in Python can be expensive. Consider this example: there are two statements that are being…

SSDs are awesome, buy one.

25 July, 2013

I recently brought a Samsung 840 Series Pro 256GB 2.5 inch SATA Solid State Drive and its easily the best PC hardware purchase I have ever…

Displaying a processes output on a web page with Websockets and Python

15 July, 2013 - Under:

A few days ago a colleague of mine asked me how you would pipe the standard output of a process into a browser. I hacked around for a few…

Profiling Django templates with Django-Debug-Toolbar

18 April, 2013 - Under:

My last post about the speed of Django’s templating language caused a bit of a stir and it was clear that people didn’t really have a clue…

More holes than swiss cheese

11 April, 2013 - Under:

tl;dr Never trust user input. Note: Before I published this I contacted the owner of the site and he has since replaced it with a new and…

Just how slow are Django templates?

13 March, 2013 - Under:

Edit 2: I made a Django debug toolbar panel that profiles your Django templates and all their components. You can find it here: https…

Finding fried chicken with C#, Mono and ServiceStack

02 March, 2013 - Under:

I think I just solved a very first world problem - Where to find the nearest takeaway that sells fried chicken. When you are stumbling out…

HtmlToWord

18 February, 2013 - Under:

You can find the code here on github and the package here on PyPi I have written and continue to maintain a reporting system for a group…

Adding mobile support to Simple

22 September, 2012 - Under:

Last week I finally got round to adding support for mobile devices to Simple (the software that powers this blog). I thought I would write…

Parsing Wikipedia database dumps with C# and Postgres (6 degrees of Wikipedia)

12 September, 2012 - Under:

tl;dr C# and Postgres are pretty damn fast. View code on github Recently I began working on a little experiment after I saw that Wikipedia…

Transplanting/Replacing Django child instances without deleting the parent

31 August, 2012

Django has a very neat feature called Multi Table Inheritance which allows you to create a ‘parent’ model with common fields and a variety…

Using Python metaclasses to make awesome Django model field choices

13 August, 2012 - Under:

Edit: This code is now on PyPi: https://pypi.python.org/pypi/django-choice-object tl;dr Metaclasses are awesome When using Django’s Model…

In favour of ORM's

14 May, 2012

I recently read this post entitled “(Some) ORM Haters Do Get It” and I wanted to make a few points in favour of ORM’s. The author of the…

Making a film recommendation site by cheating

08 May, 2012 - Under:

View the site here: http://movies.tomforb.es or the code here To distract me from my ever approaching 1st year exams I decided to create…

Creating a URL shortening service with Django

20 April, 2012 - Under:

View it live here or get the code here The first URL shortening site I saw was several years ago and was called TinyURL . Soon after…

Using a custom SQLAlchemy Users model with Django

13 April, 2012

I really dislike Django’s ORM. For my job I have written (and continue to maintain) a large internal project that uses Django’s ORM…

Draconian internet filters

12 April, 2012

My universities student network is pretty restricted. I just finished coding a few changes to Simple and realised I couldn’t push any…

Simple.

29 March, 2012 - Under:

I like things to be simple. So I wrote my own blog software to replace the rather un-simple WordPress. Its not that WordPress its hard to…