Weekly Update 61

A bit of a "business as usual" week this one, but then this business is never really "usual"! I start out with a talk at McAfee's MPOWER conference in Sydney and a bit of chatter about some upcoming ones (including the one I still can't talk about... but will next week!)

In terms of new things, I've now got my hands on an iPhone X so I spend a bunch of time talking about that. It only arrived yesterday so I'm still learning and forming opinions, but early feedback is that I love this phone! Well actually, in the video I talk about stuff I love, stuff I'm not real happy about and a bunch of things in between but even since recording that video this morning (I'm half a day on now which has basically doubled my iPhone X experience!) I've found other stuff to like. The real biggy is having all the screen real estate of my old 7 Plus in a phone that's physically near identical in size to a non-Plus phone. Just on that, I speak in pretty generic terms in the video but a quick check on Apple's iPhone comparison page shows that the 7 Plus (and 8 Plus, for that matter) has a screen size of 5.5" with 401ppi whilst the X's screen is 5.8" and 458ppi. Yeah, I do actually love this phone :)

In other news, I wrote a big piece on CSPs this week, namely around the different ways they can handle scripts. There's a few really cool options that give you middle grounds between the "run anything" state that you're in without a CSP and "run nothing" default state when a CSP is in place. I talk about hashes and nonces which are cool, but then there's browser flakiness to deal with too (which is not cool). All that and more in this week's update. Enjoy!

iTunes podcast | Google Play Music podcast | RSS podcast


  1. Ars is calling "bullshit" on claims of FaceID hacking (it's an interesting read and there's certainly some questions that need answering, such as the ones Dan Goodin tweeted earlier today)
  2. Getting to grips with content security policies and scripts (I talk about no CSP, nonces, hashes and outright banning of unsafe inline scripts)
  3. Terbium Labs is back sponsoring my blog this week (big thanks to those guys and their Matchlight product, they've been regularly supporting this blog for a year now)
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals