article - Dave's Blog


Search

Subtleties of postMessage

2013 Jul 15, 1:00

In IE10 and other new browsers one may create MessageChannel objects that have two MessagePorts each connected (w3c spec calls it entangled) to one another such that postMessage on one port results in the message event firing on the other. You can pass an array of ports as the last parameter to postMessage and they show up in the ports property of the message event arg.

Origin

The postMessage here is like the worker postMessage and unlike the window and iframe postMessage in that it applies no origin checking:

  1. No origin postMessage in workers and MessagePorts: postMessage(messageData, ports)
  2. Origin postMessage in windows and iframes: postMessage(messageData, targetOrigin, ports)

Unfortunately the origin isn't an optional parameter at the end to make the two postMessages have the same signature.

On the event handler side, the event arg always has an origin property. But in the no origin case it is always the empty string.

Source

There is also a source property on the message event arg which if set is an object that has a postMessage property allowing you to post back to your caller. It is set for the origin case, however, in the no origin case this property is null. This is somewhat reasonable because in the case of MessagePort and Workers there are only two endpoints so you always know the source of a message implicitly. Unlike the origin case in which any iframe or window can be calling postMessage on any other iframe or window and the caller is unknown. So not unreasonable but it would be nice if the source property was always set for consistency.

MessageChannel start

When a MessageChannel is created it has two MessagePorts, but until those ports are started they will queue up any messages they receive. Once started they will dispatch all queued messages. Ports don't have to be started to send messages.

A port may be started in two ways, either by explicitly calling the start method on the port, or by setting the onmessage callback property on the port. However, adding an event listener via addEventListener("message", does not start the port. It works this way in IE and Chrome and the spec states this as well.

The justification is that since you can have only one callback via onmessage that once set you must implicitly be ready to receive messages and its fine to start the port. As opposed to the addEventListener in which case the user agent cannot start implicitly because it doesn't know how many event listeners will be added.� I found Hixie stating this justification in geoloc meeting notes.

Links

W3C Spec

Opera introduction

PermalinkCommentsDOM html javascript postMessage technical web-worker worker

The Making of Pulp Fiction: Quentin Tarantino’s and the Cast’s Retelling | Vanity Fair

2013 Feb 28, 3:03

The first independent film to gross more than $200 million, Pulp Fiction was a shot of adrenaline to Hollywood’s heart, reviving John Travolta’s career, making stars of Samuel L. Jackson and Uma Thurman, and turning Bob and Harvey Weinstein into giants. How did Quentin Tarantino, a high-school dropout and former video-store clerk, change the face of modern cinema? Mark Seal takes the director, his producers, and his cast back in time, to 1993.

PermalinkCommentsarticle movie film interview pulp-fiction

Sadly, this is not The Onion

2013 Feb 28, 3:02

Not The Onion subreddit is for real stories that sound like The Onion articles. This is a compilation of those stories into a page that looks like The Onion.

PermalinkCommentshumor news

NOAA FAQ - "Why don't we try to destroy tropical cyclones by nuking them?"

2012 Nov 5, 5:28

This sounds like an Onion article but is actually a real article on NOAA’s website describing why we can’t use nukes to destroy tropical storms. This in the frequently asked questions.

PermalinkCommentshumor storm nuke noaa

DSL modem hack used to infect millions with banking fraud malware | Ars Technica

2012 Oct 1, 6:33

According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.

The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.

PermalinkCommentstechnical security html router web dns csrf

A New Species Discovered ... On Flickr (npr.org)

2012 Aug 11, 9:17

Winterton, a senior entomologist at the California Department of Food and Agriculture, has seen a lot of bugs. But he hadn’t seen this species before.

There’s no off switch when you’re the senior entomologist. If you’re browsing the web you find your way to Flickr photos of insects or start correcting Wikipedia articles on insects.

PermalinkCommentsflickr insect science photos

I'm an American and I want to watch the Olympics. What do I do? (iamnotaprogrammer.com)

2012 Jul 28, 12:05

One persons quest to watch the Olympics online.

The location requirements (guessed at via IP address) are irritating. The requirement that you have a particular cable subscription to view video online seems like not network neutrality.

Also this related article:

http://techcrunch.com/2012/07/27/nbc-olympic-opening-ceremony/

PermalinkCommentsolympics video internet web

wired: [via motherjones]: theweekmagazine: Sticking to an...

2012 Jun 7, 3:29


wired:

[via motherjones]:

theweekmagazine:

Sticking to an exercise routine takes dedication, and many fitness junkies swear that a running companion can be a huge help. That’s why researchers have developed “Joggobot,” a quad-rotor helicopter drone designed to motivate joggers by flying in front of them. 

The aerial robot uses its camera to spot a colorful pattern on a T-shirt worn by the jogger, and flies at a safe distance ahead. The runner can control Joggobot using a smartphone: In “companion mode,” the drone simply maintains the jogger’s pace; in “coach mode,” it pushes its human trainee a little faster.

Don’t worry, there’s a video

Science!

Maybe it should chase you instead?

PermalinkCommentshumor exercise robot future video

BoingBoing reposts this great Cyberpunk parody photo from 12...

2012 Jun 5, 4:17


BoingBoing reposts this great Cyberpunk parody photo from 12 years ago, and Motherboard has a What happened to cyberpunk article.

PermalinkCommentshumor cyberpunk history

Stuxnet Explained - Obama Order Sped Up Wave of Cyberattacks Against Iran

2012 Jun 1, 4:57

From his first months in office, President Obamasecretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

PermalinkCommentssecurity politics iran nuclear virus

(via Feature: Google gets license to test drive autonomous cars...

2012 May 7, 8:18


(via Feature: Google gets license to test drive autonomous cars on Nevada roads)

The coolest part of this article is that Nevada now has an autonomous vehicle license plate that’s red background and infinity on the left.

PermalinkCommentscar nevada google self-driving-car

The Blowholes - Summerbaby (Pete & Pete Reunion 2-24-12) (by...

2012 Mar 2, 4:48


The Blowholes - Summerbaby (Pete & Pete Reunion 2-24-12) (by matt00092)

Via http://www.avclub.com/articles/inside-the-adventures-of-pete-and-pete-reunion,70177/

PermalinkCommentsmusic pete-and-pete video

The 'Undue Weight' of Truth on Wikipedia (chronicle.com)

2012 Feb 15, 5:13

Interesting article on an expert attempting to modify an article on Wikipedia.  Sounds like an issue when presented in this fashion, but looking at it from Wikipedia’s perspective, I don’t know how they could do better.

PermalinkCommentstruth wikipedia internet

Blackmail DRM - Stolen Thoughts

2012 Feb 13, 4:00

Most existing DRM attempts to only allow the user to access the DRM'ed content with particular applications or with particular credentials so that if the file is shared it won't be useful to others. A better solution is to encode any of the user's horrible secrets into unique versions of the DRM'ed content so that the user won't want to share it. Entangle the users and the content provider's secrets together in one document and accordingly their interests. I call this Blackmail DRM. For an implementation it is important to point out that the user's horrible secret doesn't need to be verified as accurate, but merely verified as believable.

Apparently I need to get these blog posts written faster because only recently I read about Social DRM which is a light weight version of my idea but with a misleading name. Instead of horrible secrets, they say they'll use personal information like the user's name in the DRM'ed content. More of my thoughts stolen and before I even had a chance to think of it first!

PermalinkCommentsdrm blackmail blackmail-drm technical humor social-drm

DRM is to publishing as science was to Stalinism

2012 Jan 30, 9:11

I hadn’t heard of “Social DRM” (described in this article). Sounds like my blackmail DRM idea.

PermalinkCommentsdrm publishing

Crushable has the video from the Cinefamily Pete and Pete...

2012 Jan 26, 12:03


Crushable has the video from the Cinefamily Pete and Pete tribute and panel. Also, AV Club is now inspired to have a Pete and Pete cast and crew reunion.

PermalinkComments

Copyright King: Why the "I Have a Dream" Speech Still Isn't Free (vice.com)

2012 Jan 17, 9:37

There’s weird stuff you’d think is public domain but isn’t including Martin Luther King Jr.‘s “I Have a Dream” speech. FTA: ”If you want to watch the whole thing, legally, you’ll need to get the $20 DVD.

That’s because the King estate, and, as of 2009, the British music publishing conglomerate EMI Publishing, owns the copyright of the speech and its recorded performance.”

PermalinkCommentscopyright mlk speech public-domain

They Might Be Giants 2012 tour across the US! | When Will You...

2012 Jan 11, 4:02


They Might Be Giants 2012 tour across the US! | When Will You Die? (OFFICIAL VIDEO) (by ParticleMen)

PermalinkCommentsvideo humor music they-might-be-giants

MPAA Boss: If The Chinese Censor The Internet, Why Can't The US? (techdirt.com)

2011 Dec 10, 8:31

FTA:

The MPAA is getting pretty desperate, it seems. MPAA boss Chris Dodd was out trying to defend censoring the internet this week by using China as an example of why censorship isn’t a problem. It’s kind of shocking, really.

“When the Chinese told Google that they had to block sites or they couldn’t do [business] in their country, they managed to figure out how to block sites.”

PermalinkCommentsmpaa technical censorship

JavaScript Array methods in the latest browsers

2011 Dec 3, 6:46

Cool and (relatively) new methods on the JavaScript Array object are here in the most recent versions of your favorite browser! More about them on ECMAScript5, MSDN, the IE blog, or Mozilla's documentation. Here's the list that's got me excited:

some & every
Does your callback function return true for any (some) or all (every) of the array's elements?
filter
Filters out elements for which your callback function returns false (in a new copy of the Array).
map
Each element is replaced with the result of it run through your callback function (in a new copy of the Array).
reduce & reduceRight
Your callback is called on each element in the array in sequence (from start to finish in reduce and from finish to start in reduceRight) with the result of the previous callback call passed to the next. Reduce your array to a single value aggregated in any manner you like via your callback function.
forEach
Simply calls your callback passing in each element of your array in turn. I have vague performance concerns as compared to using a normal for loop.
indexOf & lastIndexOf
Finds the first or last (respectively) element in the array that matches the provided value via strict equality operator and returns the index of that element or -1 if there is no such element. Surprisingly, no custom comparison callback method mechanism is provided.
PermalinkCommentsjavascript array technical programming
Older Entries Creative Commons License Some rights reserved.