May 22, 9:25
The DOM location interface
exposes the HTML document's URI parsed into its properties. However, it is
ancient and has problems that bug me but otherwise rarely show up in the real world. Complaining about mostly theoretical issues is why blogging exists, so here goes:
- The location object's search, hash, and protocol properties are all misnomers that lead to confusion about the correct terms:
- The 'search' property returns the URI's query property. The query property isn't limited to containing search terms.
- The 'hash' property returns the URI's fragment property. This one is just named after its delimiter. It should be called the fragment.
- The 'protocol' property returns the URI's scheme property. A URI's scheme isn't necessarily a protocol. The http URI scheme of course uses the HTTP protocol, but the https URI scheme is
the HTTP protocol over SSL/TLS - there is no HTTPS protocol. Similarly for something like mailto - there is no mailto wire protocol.
- The 'hash' and 'search' location properties both return null in the case that their corresponding URI property doesn't exist or if its the
empty string. A URI with no query property and a URI with an empty string query property that are otherwise the same, are not equal URIs and are allowed by HTTP to return different content.
Similarly for the fragment. Unless the specific URI scheme defines otherwise, an empty query or hash isn't the same as no query or
But like complaining about the number of minutes in an hour
none of this can ever change without huge compat issues on the web.
Accordingly I can only give my thanks to Anne van Kesteren and the awesome work on the URL standard
moving towards a more sane (but still working
practically within the constraints of compat) location object and URI parsing in the browser.
May 21, 2:30
The original open source Wifi Hotpot for Windows 7, Windows 8 and Windows Server 2012!
Free open source software based router you can run on Windows to wirelessly share your Internet connection with other devices
Apr 8, 6:36
Just a quick tutorial on exploiting heartbleed for session hijacking. Is it worse to use https than http today?
2011 Dec 7, 12:48
“Serious Sam 3′s DRM is brilliantly cruel, punishing only those who pirated it. By relentlessly pursuing them with a giant invincible armoured scorpion.”
2011 Nov 16, 12:19
“It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government.”
2011 Sep 23, 4:37 2011 May 22, 10:44
Links to the IETF draft document of and describes the perf benefits of SSL False Start.
2010 Aug 13, 11:46
RESTful machine learning API from Google... "The Prediction API implements supervised learning algorithms as a RESTful web service to let you leverage patterns in your data, providing more relevant
information to your users. Run your predictions on Google's infrastructure and scale effortlessly as your data grows in size and complexity."
2009 Sep 3, 7:17
"This specification defines a lossless compressed data format that compresses data using a combination of the LZ77 algorithm and Huffman coding." Also see RFC 1950 zlib, a wrapper compression format
that can use deflate, and RFC 1952 gzip, a compressed file format that can use deflate.
2009 Jul 31, 5:57
"Is it worth the sensationalism and scaremongering? The endlessly inaccurate and dangerous science reporting? The pointless and news-free lifestyle articles? Do newspapers that prioritise stories
based on celebrities and spectacle rather than importance to the world deserve to exist?"
2009 Jul 14, 8:26
"...the zombie trumps all by personifying our deepest fear: death. Zombies are our destiny writ large. Slow and steady in their approach, weak, clumsy, often absurd, the zombie relentlessly closes
in, unstoppable, intractable."
2009 Mar 10, 9:22
Justin Frankel (Previously Winamp/Nullsoft guy) makes a designated graffiti box on his garage with the note: "All are welcome to express themselves in the box below. Printing within the above box is
hereby expressly permitted and shall not be considered 'graffiti' in accordance with article #23 of the San Francico Municipal Code." Before graffiti: , And with graffiti:
2008 Nov 19, 4:28
"A binary birthday candle. It consists of a single candle with seven wicks, where the wicks that are lit represent the birthday individual's age in binary. This single candle design works flawlessly
to represent any age from 1 to 127, never requiring anyone below the age of 127 to blow out more than a mere six candles at a time."
2008 Oct 23, 10:34
Geoffrey K. Pullum of Language Log defines 'nerdview': "It is a simple problem that afflicts us all: people with any kind of technical knowledge of a domain tend to get hopelessly (and unwittingly)
stuck in a frame of reference that relates to their view of the issue, and their trade's technical parlance, not that of the ordinary humans with whom they so signally fail to engage... The
phenomenon - we could call it nerdview - is widespread." Woo, go year-month-day, go!
2008 Oct 14, 11:14
Similar in concept to the Pirate Bay suggestion of encrypting all TCP/IP connections if both server and client support it: "Obfuscated TCP is a transport layer protocol that adds opportunistic
encryption. It's designed to hamper and detect large-scale wiretapping and corruption of TCP traffic on the Internet."
2008 Aug 26, 10:03
"A new system devised by Carnegie Mellon University researchers aims to thwart man-in-the-middle (MitM) attacks by providing a way to verify the authenticity of self-signed certificates. The system,
which is called Perspectives, uses a distributed network of "notary" servers to evaluate the public key of a target destination so that its validity can be ascertained."
2008 Jun 16, 12:51
Salvador Dali's appearance on the 1950's game show "What's My Line" in which a panel must determine the occupation of a mystery guest using only yes/no questions. "...Watch the shamelessly
self-promotional proto-Warhol's 1952 appearance on What's M
2008 Mar 23, 1:25
I ordered a ThinkGeek Bluetooth Retro Handset to use at home. When I come home I plug my phone in to charge in my room, but then I can't hear it ring
elsewhere in the hosue. The idea was to take this handset which wirelessly connects to cellphones via bluetooth and place it in another part of the house so that I can tell I'm getting an incoming
call. The only issue I have with that setup is that it ringing isn't any louder than conversations held over the phone, that is, the ringing is a little quiet.
The handset pairs with cellphones in the same manner as any other handset over bluetooth. It has an internal rechargeable battery which is charged via a standard USB port built into the base of the
handset and it comes with a USB cable. Next to the USB port is the only button on the phone which is pressed to answer a call, hang up a call, or begin voice dial, held down to turn the handset on
and off, and held down longer to begin pairing with a cellphone. There's a blue LED in one of the holes in the microphone portion of the phone which blinks to indicate if its on or trying to pair.
Transitioning between on, off, and pairing produces a cute sound and a change to the LED.
Overal I'm pleased with its simplicity and use of common parts although I wish there was a way to adjust the volume of the ring.
2008 Mar 17, 1:25
I've switched from using my own home web server of which one of the harddrives died, to using NearlyFreeSpeech.NET, an actual real live web hosting
service. So far I'm very happy with them and they give me almost exactly what I had on my own home server: ssh access, vim, php, java, etc. etc. The only notable things they don't do are (1) cron
jobs which I use currently and (2) SSL which I don't use currently. I can replace my cron job usage and I suppose I'll have to reevaluate my web hosting if I ever need SSL. At the moment many of
the server side things like Vizicious will be unavailable. I'll work on getting those working again at some point.
2008 Feb 11, 5:50
The story of South Korea's ActiveX web encryption scheme.