comm - Dave's Blog


Retweet of troyhunt

Aug 2, 10:14
Just gave the CSP Rule Collector Fiddler extension from @David_Risney a run. This is excellent, highly recommended! …

Tweet from David_Risney

Jul 16, 9:39
Adblock Plus forum user has a feature request: block commercials on smart TVs. …

Retweet of ChromiumDev

Apr 14, 7:29
Now in Chrome 43, document.execCommand() gives you programmatic access to copy and cut content to the clipboard! …

Eminem meets Beatles:

Apr 14, 8:08

Eminem meets Beatles:


Retweet of ncardozo

Apr 11, 10:58
The NSA does not have "an absolute right to gain access to every way in which two people may choose to communicate." …

Tweet from David_Risney

Mar 25, 12:15
Cool Creative Commons limited edition shirt made of Noun Project images - … @creativecommons. Just ordered mine!

Retweet of latest_is

Mar 23, 8:01
OK Go - Red Star Macalline Commercial - YouTube …

Retweet of 18F

Mar 16, 9:48
Today the White House is proposing an HTTPS-only standard for the entire federal government:  Public comment welcome!

Retweet of FioraAeterna

Mar 7, 3:51
"This assert would've saved me hours of debugging. Why was it off?" *git blame* commit: "disable assert that caused test failures" *sobs*

Retweet of TheOnion

Feb 8, 9:00
New Premium Uber Service Lets Users Commandeer Any Car

npr:The jobs picture has changed profoundly since the 1970s....

Feb 6, 10:50


The jobs picture has changed profoundly since the 1970s. This map shows how that has played out across the country.

Map: The Most Common Job In Every State

Source: IPUMS-CPS/ University Of Minnesota
Credit: Quoctrung Bui/NPR


Retweet of panzer

Feb 1, 3:01
Call me old fashioned but I want Superbowl commercials to hypersexualize food and trucks not make me want to double check my childproofing

jacobrossi: now uses HSTS, which "coincidentally" is in EdgeHTML engine rolling out to the tech preview

Jan 22, 11:45
Jacob Rossi @jacobrossi :
http://status.modern.IE  now uses HSTS, which "coincidentally" is in EdgeHTML engine rolling out to the tech preview …

Gamers Messed With The Steam Sale, Then Valve Changed The Rules

2014 Jun 24, 3:51

Applied game theory 101: Valve’s Steam Summer Sale involves a meta game with teams of Steam users competing for daily prizes. On Reddit the players join together to take turns winning daily. Valve gets wise and performs an existential attack, changing the rules to make it harder for players to want to coordinate.

Still, that all the players joined together to game the system gives me hope for humanity. Its a self organized solution to a tragedy of the commons problem. Only in this case the tragedy is by design and is updated to be more tragic.

PermalinkCommentsgame video-game game-theory valve

via Gore at Southland on Snowden

2014 Jun 10, 3:14

via Gore at Southland on Snowden

PermalinkCommentsvideo law snowden gore

gitfiti - github contributions pane pixel art

2014 Jun 2, 8:07

gitfiti - abusing github commit history for the lulz

A script that abuses github submissions to draw pixel art in your github contributions pane.

PermalinkCommentstechnical humor github pixel art

Debugging anecdote - the color transparent black breaks accessibility

2014 May 22, 10:36

Some time back while I was working on getting the Javascript Windows Store app platform running on Windows Phone (now available on the last Windows Phone release!) I had an interesting bug that in retrospect is amusing.

I had just finished a work item to get accessibility working for JS WinPhone apps when I got a new bug: With some set of JS apps, accessibility appeared to be totally broken. At that time in development the only mechanism we had to test accessibility was a test tool that runs on the PC, connects to the phone, and dumps out the accessibility tree of whatever app is running on the phone. In this bug, the tool would spin for a while and then timeout with an error and no accessibility information.

My first thought was this was an issue in my new accessibility code. However, debugging with breakpoints on my code I could see none of my code was run nor the code that should call it. The code that called that code was a more generic messaging system that hit my breakpoints constantly.

Rather than trying to work backward from the failure point, I decided to try and narrow down the repro and work forwards from there. One thing all the apps with the bug had in common was their usage of WinJS, but not all WinJS apps demonstrated the issue. Using a binary search approach on one such app I removed unrelated app code until all that was left was the app's usage of the WinJS AppBar and the bug still occurred. I replaced the WinJS AppBar usage with direct usage of the underlying AppBar WinRT APIs and continued.

Only some calls to the AppBar WinRT object produced the issue:

        var appBar = Windows.UI.WebUI.Core.WebUICommandBar.getForCurrentView(); 
// appBar.opacity = 1;
// appBar.closeDisplayMode = Windows.UI.WebUI.Core.WebUICommandBarClosedDisplayMode.default;
appBar.backgroundColor = Windows.UI.Colors.white; // Bug!
Just setting the background color appeared to cause the issue and I didn't even have to display the AppBar. Through additional trial and error I was blown away to discover that some colors I would set caused the issue and other colors did not. Black wouldn't cause the issue but transparent black would. So would aqua but not white.

I eventually realized that predefined WinRT color values like Windows.UI.Colors.aqua would cause the issue while JS literal based colors didn't cause the issue (Windows.UI.Color is a WinRT struct which projects in JS as a JS literal object with the struct members as JS object properties so its easy to write something like {r: 0, g: 0, b: 0, a: 0} to make a color) and I had been mixing both in my tests without realizing there would be a difference. I debugged into the backgroundColor property setter that consumed the WinRT color struct to see what was different between and {a: 1, r: 0, g: 0, b: 0} and found the two structs to be byte wise exactly the same.

On a hunch I tried my test app with only a reference to the color and otherwise no interaction with the AppBar and not doing anything with the actual reference to the color:;. This too caused the issue. I knew that the implementation for these WinRT const values live in a DLL and guessed that something in the code to create these predefined colors was causing the issue. I debugged in and no luck. Now I also have experienced crusty code that would do exciting things in its DllMain, the function that's called when a DLL is loaded into the process so I tried modifying my C++ code to simply LoadLibrary the DLL containing the WinRT color definition, windows.ui.xaml.dll and found the bug still occurred! A short lived moment of relief as the world seemed to make sense again.

Debugging into DllMain nothing interesting happened. There were interesting calls in there to be sure, but all of them behind conditions that were false. I was again stumped. On another hunch I tried renaming the DLL and only LoadLibrary'ing it and the bug went away. I took a different DLL renamed it windows.ui.xaml.dll and tried LoadLibrary'ing that and the bug came back. Just the name of the DLL was causing the issue.

I searched for the DLL name in our source code index and found hits in the accessibility tool. Grinning I opened the source to find that the accessibility tool's phone side service was trying to determine if a process belonged to a XAML app or not because XAML apps had a different accessibility contract. It did this by checking to see if windows.ui.xaml.dll was loaded in the target process.

At this point I got to fix my main issue and open several new bugs for the variety of problems I had just run into. This is a how to on writing software that is difficult to debug.

PermalinkCommentsbug debug javascript JS technical windows winrt

A Complete Guide to Flexbox | CSS-Tricks

2014 May 22, 1:02

"The Flexbox Layout (Flexible Box) module (currently a W3C Candidate Recommendation) aims at providing a more efficient way to lay out, align and…"

Great diagrams showing the use of the various flex css properties. I can never keep them straight so this is perfect for me.

PermalinkCommentstechnical css flex


2014 Apr 29, 8:27

Does it betray my innocence that I’m shocked by the amount of exec($_GET you can easily find on github? Hilarious comment thread on hacker news: 

This is awful. Shell commands are not guaranteed to be idempotent, people! These should all be of the form exec($_POST, not exec($_GET.


PermalinkCommentshumor security http php technical

FCC planning new Internet rules that will gut Net Neutrality. Get ready to pay more for the stuff you love online.

2014 Apr 24, 3:29
PermalinkCommentstechnical net-neutrality fcc bullshit
Older Entries Creative Commons License Some rights reserved.