Search
Blog Entries
Facebook Mangles Unicode URLs Retweet of TimHarford
2 days ago
Does using Facebook make you sad? The answer: yes, if you use it in certain ways...
http://dlvr.it/8lzYyS
Retweet of theharmonyguy
3 days ago
2014 highlights from Facebook's bug bounty program: https://www.facebook.com/notes/1026610350686524/ …
Retweet of shaver
8 days ago
Facebook Security published a note with some info on Superfish: https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339 …
Retweet of latest_is
17 days ago
Automating Tinder with Eigenfaces http://crockpotveggies.com/2015/02/09/automating-tinder-with-eigenfaces.html …
intoosteep: She died as she lived: walking down stairs checking Facebook statuses.
Jan 17, 6:59
Claire Ayoub
@intoosteep :She died as she lived: walking down stairs checking Facebook statuses.
How I Pranked My Roommate With Eerily Targeted Facebook Ads
2014 Sep 18, 2:27"This is the chronicle of the most epic retaliation and how I pranked my roommate with targeted Facebook Ads to the point of complete paranoia and delusion."
Funny anecdote but also a how-to on creating a Facebook ad campaign that targets a single person.
Detect login with CSP - When Security Generates Insecurity
2014 Jul 8, 1:13An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.
Nieman Journalism Lab - Who’s behind that tweet? Here’s how 7...
2014 May 29, 4:03
Nieman Journalism Lab - Who’s behind that tweet? Here’s how 7 news orgs manage their Twitter and Facebook accounts
location.hash and location.search are bad and they should feel bad
2014 May 22, 9:25
The DOM location interface exposes the HTML document's URI parsed into its properties. However, it is
ancient and has problems that bug me but otherwise rarely show up in the real world. Complaining about mostly theoretical issues is why blogging exists, so here goes:
- The location object's search, hash, and protocol properties are all misnomers that lead to confusion about the correct terms:
- The 'search' property returns the URI's query property. The query property isn't limited to containing search terms.
- The 'hash' property returns the URI's fragment property. This one is just named after its delimiter. It should be called the fragment.
- The 'protocol' property returns the URI's scheme property. A URI's scheme isn't necessarily a protocol. The http URI scheme of course uses the HTTP protocol, but the https URI scheme is the HTTP protocol over SSL/TLS - there is no HTTPS protocol. Similarly for something like mailto - there is no mailto wire protocol.
- The 'hash' and 'search' location properties both return null in the case that their corresponding URI property doesn't exist or if its the empty string. A URI with no query property and a URI with an empty string query property that are otherwise the same, are not equal URIs and are allowed by HTTP to return different content. Similarly for the fragment. Unless the specific URI scheme defines otherwise, an empty query or hash isn't the same as no query or hash.
Considerate MessagePort Usage
2013 Aug 7, 7:14
When writing a JavaScript library that uses postMessage and the message event, I must be considerate of other JS code that will be
running along side my library. I shouldn't assume I'm the only sender and receiver on a caller provided MessagePort object. This means obviously I should use addEventListener("message" rather than
the onmessage property (see related What if two programs did this?). But considering the actual messages traveling
over the message channel I have the issue of accidentally processing another libraries messages and having another library accidentally process my own message. I have a few options for playing nice
in this regard:- Require a caller provided unique MessagePort
- This solves the problem but puts a lot of work on the caller who may not notice nor follow this requirement.
- Uniquely mark my messages
- To ensure I'm acting upon my own messages and not messages that happen to have similar properties as my own, I place a 'type' property on my postMessage data with a value of a URN unique to me and my JS library. Usually because its easy I use a UUID URN. There's no way someone will coincidentally produce this same URN. With this I can be sure I'm not processing someone else's messages. Of course there's no way to modify my postMessage data to prevent another library from accidentally processing my messages as their own. I can only hope they take similar steps as this and see that my messages are not their own.
- Use caller provided MessagePort only to upgrade to new unique MessagePort
- I can also make my own unique MessagePort for which only my library will have the end points. This does still require the caller to provide an initial message channel over which I can communicate my new unique MessagePort which means I still have the problems above. However it clearly reduces the surface area of the problem since I only need once message to communicate the new MessagePort.
Photo is Sharing by leezie5. Two squirrels sharing food hanging from a bird feeder. Used under Creative Commons license Attribution-NonCommercial-NoDerivs 2.0 Generic.
Words with Hints Windows 8 App Development Notes
2013 Jul 4, 1:00My second completed app for the Windows Store was Words with Hints a companion to Words with Friends or other Scrabble like games that gives you *ahem* hints. You provide your tiles and optionally letters placed in a line on the board and Words with Hints gives you word options.
I wrote this the first time by building a regular expression to check against my dictionary of words which made for a slow app on the Surface. In subsequent release of the app I now spawn four web workers (one for each of the Surface's cores) each with its own fourth of my dictionary. Each fourth of the dictionary is a trie which makes it easy for me to discard whole chunks of possible combinations of Scrabble letters as I walk the tree of possibilities.
The dictionaries are large and takes a noticeable amount of time to load on the Surface. The best performing mechanism I found to load them is as JavaScript source files that simply define their portion of the dictionary on the global object and synchronously (only on the worker so not blocking the UI thread). Putting them into .js files means they take advantage of bytecode caching making them load faster. However because the data is mostly strings and not code there is a dramatic size increase when the app is installed. The total size of the four dictionary .js files is about 44Mb. The bytecode cache for the dictionary files is about double that 88Mb meaning the dictionary plus the bytecode cache is 132Mb.
To handle the bother of postMessage communication and web workers this was the first app in which I used my promise MessagePort project which I'll discuss more in the future.
This is the first app in which I used the Microsoft Ad SDK. It was difficult to find the install for the SDK and difficult to use their website, but once setup, the Ad SDK was easy to import into VS and easy to use in my app.
Windows Store on Windows 8 Fun For Independent Developers
2013 Jun 24, 1:00
Having worked on Windows 8 I'm not in a neutral position to review aspects of it, however I'll say from a high level I love taking the following various positives from smart phone apps and app
stores and applying it to the desktop:
- Independent developers can easily publish apps.
- One trusted place for a user to find apps.
- User can trust apps are limited to a declared set of capabilities.
- One common and easy way for users to buy and try apps.
- Easy mechanism for independent developers to collect revenue.
laughingsquid: The Ultimate Spaceship Face-off, Interactive...
2013 May 22, 3:10
Will Arnett Explains the Origins of His Arrested Development Chicken Dance
2013 May 8, 11:26To decide what Gob’s bad impression of a chicken might be, Arnett consulted on set in 2003 with series executive producers Mitch Hurwitz and James Vallely. They all tried out different versions for each other. “Jimmy started doing a little bit, then Mitch got up and did some, and then I began trying things,” remembers Arnett. “Picture three grown men hopping around, working out what it would be … They were pitching this really taunting dance, but I wanted to give it this very sharp, almost roosterlike, chest-sticking-out mannerism, like a real macho bravado dance.” And how did clapping get introduced to the move? “Because I wanted it to be only sort of threatening.”
The Making of Pulp Fiction: Quentin Tarantino’s and the Cast’s Retelling | Vanity Fair
2013 Feb 28, 3:03The first independent film to gross more than $200 million, Pulp Fiction was a shot of adrenaline to Hollywood’s heart, reviving John Travolta’s career, making stars of Samuel L. Jackson and Uma Thurman, and turning Bob and Harvey Weinstein into giants. How did Quentin Tarantino, a high-school dropout and former video-store clerk, change the face of modern cinema? Mark Seal takes the director, his producers, and his cast back in time, to 1993.
How To Screen Capture on the Microsoft Surface RT - Surface...
2013 Jan 7, 11:44
How To Screen Capture on the Microsoft Surface RT - Surface Geeks Surface Geeks
tl;dr: hold windows logo on the surface (not keyboard) and press volume down button on the surface
Welcome to TypeScript
2012 Oct 1, 6:41TypeScript is a typed superset of JavaScript that adds interfaces, and type safety and compiles to JavaScript. In VS this means you get much better auto completion suggestions. Watch the Channel9 video.
Some rights reserved