January 29, 2003
@ 11:58 PM
Sam Ruby has a great pic of Joshua and I huddled around Miguel while he he demos some kick ass application using Gtk#. He showed us some sort of photo album application that handled dozens of thumbnails with zoom functionality that was quite impressive. I kept wondering to myself "Is this even easy to do with Winforms and even if I could would the perf match what I saw on his laptop?". It was a rather impressive demo and it's made me begin to think it's time for me to upgrade my RedHat 6.2 machine to some recent bits and start playing around with Mono.

Sam Ruby showed me Syndirella in action while Don showed us his RSS Reader up close and personal. Sam liked Don's reader and mentioned wanting to see if something similar was possible for Mozilla. I thought it was cool that Don posted a comment to Sam's blog while sitting right next to him.

I preached the XML infoset religion to Joe Bork and Ted Leung who got it although Ted may already have had religion before we talked. We three also talked about checked vs. unchecked exceptions with Ted and I letting Joe in on why checked exceptions are so useful and he seemed to get it when we were done talking.

It seems like Don likes XQuery and kept asking me when we'd update the downloadable bits on our public XQuery demo site with a version that wasn't based on a year old draft of the spec. He's going to have to wait for a little bit more but it's going to be worth waiting for.

Harry Pierson asked about whether we currently provide or plan to provide finer grained control of security in XSLT specifically if there was a flag to disable processing msxsl:script blocks. The only thing that came to mind was running the stylesheet through a pre-processor step that checked if any msxsl:script elements where in the target stylesheet and erroring if that was the case but that doesn't handle included stylesheets. Harry wants to be able to run arbitrary stylesheets from various sources but wants to do so without running malicious scripts but even without script blocks a malicious stylesheet could still attempt a DOS via an infinite recursive loop or the billion laughs entity trick. Hmmmm, stuff to think about.