web - Dave's Blog


Search

Tweet from David_Risney

Mar 25, 12:15
Cool Creative Commons limited edition shirt made of Noun Project images - http://creativecommons.org/weblog/entry/45224 … @creativecommons. Just ordered mine!
PermalinkComments

Tweet from David_Risney

Mar 19, 11:31
Push messaging and notifications are landing in Chrome 42. http://updates.html5rocks.com/2015/03/push-notificatons-on-the-open-web … via @ChromiumDev
PermalinkComments

Retweet of stshank

Mar 14, 10:42
Mobile developers flocked to iOS and Android, but @dontcallmeDOM says the Web is fighting back with new standards. http://cnet.co/1MDx2vh 
PermalinkComments

Tweet from David_Risney

Mar 13, 8:43
Self driving cars, or remotely driven cars. Which will catch on first and how will you tell? http://www.openwebrtc.io/blog/2015/3/12/driving-an-excavator-using-openwebrtc-and-oculus-rift-video …
PermalinkComments

Retweet of zoltandulac

Mar 4, 5:21
Great resource. I always wondered what was "animatable" via CSS and what wasn't. Now I know. https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_animated_properties …
PermalinkComments

Tweet from David_Risney

Mar 3, 4:06
How do you conditionally sprite/concat/shard based on http version? https://mattwilcox.net/web-development/http2-for-front-end-web-developers …
PermalinkComments

Retweet of JustRogDigiTec

Feb 13, 6:54
Still on the fence if this is good for the web. Love the progress!! “@shanselman: Flash isn't dead. It's undead. http://www.hanselman.com/blog/JavaScriptHasWonRunFlashWithMozillaShumwayAndDevelopSilverlightInJSWithFayde.aspx …
PermalinkComments

Retweet of textfiles

Feb 12, 9:15
My boss came out and spoke for five minutes in NYC and mentioning locking the web.... open. https://archive.org/details/bresterkahlenetgain …
PermalinkComments

Tweet from David_Risney

Feb 12, 8:35
Unicode encoding holy wars via Mark Pilgrim / Emo Philips http://web.archive.org/web/20080209154953/http://diveintomark.org/archives/2004/07/06/nfc …
PermalinkComments

Retweet of bai0

Feb 7, 12:49
@textfiles @jwz I added some more turtles. VRML in NS2 in WebGL on Chrome on an Oculus Rift. Achievement unlocked. pic.twitter.com/Imy4UWPG2w
PermalinkComments

Retweet of davemethvin

Feb 5, 9:34
When when the defenders of synchronous AJAX appear for the 14th time https://lists.w3.org/Archives/Public/public-webapps/2015JanMar/0523.html … http://i.imgur.com/k4Y5Uhh.png 
PermalinkComments

David_Risney: Just put up CSP Fiddler extension to help figure out minimum required CSP rules for web pages.

Jan 24, 5:32
David Risney @David_Risney :
Just put up CSP Fiddler extension https://github.com/david-risney/CSP-Fiddler-Extension … to help figure out minimum required CSP rules for web pages.
PermalinkComments

Live coding in VR with the Oculus Rift, Firefox WebVR,...

2014 Oct 6, 2:45


Live coding in VR with the Oculus Rift, Firefox WebVR, JavaScript and Three.js

"I built a live-coding web app for the Oculus Rift where you code in JavaScript using Three.js and watch the world change around you in real-time."

PermalinkCommentsvideo programming javascript 3d vr oculus-rift technical

Detect login with CSP - When Security Generates Insecurity

2014 Jul 8, 1:13

An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.

PermalinkCommentstechnical security csp web

On exploiting security issues in botnet C&C...

2014 Jun 23, 4:26


On exploiting security issues in botnet C&C software:

Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”

FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.

PermalinkCommentstechnical security

Netflix API : Retiring the Netflix Public API

2014 Jun 15, 3:02

First they came for our RSS feeds and I said nothing…

PermalinkCommentstechnical Netflix web api api

A high-profile fork: one year of Blink and Webkit Some stats...

2014 Jun 3, 9:10


A high-profile fork: one year of Blink and Webkit

Some stats and analysis at a very high level of the Blink fork from Webkit.

PermalinkCommentstechnology browser webkit blink apple google

XSS game

2014 May 29, 1:10

Google’s XSS training game. Learn how to find XSS issues for fun and profit.

PermalinkCommentstechnical web security xss google

Cloud Share - New App

2014 May 23, 4:06

I've put a new app on the Windows Store: Cloud Share. It connects the web to your Windows 8 share charm.

I did the development on GitHub and quite enjoyed myself. I wasn't sure I liked the game-ification of development in GitHub's dashboard showing you your longest development streak in days. However I realized that it encourages me to do work on my personal project and anything that aids in holding my attention on and helping me finish these projects is a good thing.

PermalinkCommentsdevelopment github javascript JS technical windows

Debugging anecdote - the color transparent black breaks accessibility

2014 May 22, 10:36

Some time back while I was working on getting the Javascript Windows Store app platform running on Windows Phone (now available on the last Windows Phone release!) I had an interesting bug that in retrospect is amusing.

I had just finished a work item to get accessibility working for JS WinPhone apps when I got a new bug: With some set of JS apps, accessibility appeared to be totally broken. At that time in development the only mechanism we had to test accessibility was a test tool that runs on the PC, connects to the phone, and dumps out the accessibility tree of whatever app is running on the phone. In this bug, the tool would spin for a while and then timeout with an error and no accessibility information.

My first thought was this was an issue in my new accessibility code. However, debugging with breakpoints on my code I could see none of my code was run nor the code that should call it. The code that called that code was a more generic messaging system that hit my breakpoints constantly.

Rather than trying to work backward from the failure point, I decided to try and narrow down the repro and work forwards from there. One thing all the apps with the bug had in common was their usage of WinJS, but not all WinJS apps demonstrated the issue. Using a binary search approach on one such app I removed unrelated app code until all that was left was the app's usage of the WinJS AppBar and the bug still occurred. I replaced the WinJS AppBar usage with direct usage of the underlying AppBar WinRT APIs and continued.

Only some calls to the AppBar WinRT object produced the issue:

        var appBar = Windows.UI.WebUI.Core.WebUICommandBar.getForCurrentView(); 
// appBar.opacity = 1;
// appBar.closeDisplayMode = Windows.UI.WebUI.Core.WebUICommandBarClosedDisplayMode.default;
appBar.backgroundColor = Windows.UI.Colors.white; // Bug!
Just setting the background color appeared to cause the issue and I didn't even have to display the AppBar. Through additional trial and error I was blown away to discover that some colors I would set caused the issue and other colors did not. Black wouldn't cause the issue but transparent black would. So would aqua but not white.

I eventually realized that predefined WinRT color values like Windows.UI.Colors.aqua would cause the issue while JS literal based colors didn't cause the issue (Windows.UI.Color is a WinRT struct which projects in JS as a JS literal object with the struct members as JS object properties so its easy to write something like {r: 0, g: 0, b: 0, a: 0} to make a color) and I had been mixing both in my tests without realizing there would be a difference. I debugged into the backgroundColor property setter that consumed the WinRT color struct to see what was different between Windows.UI.Colors.black and {a: 1, r: 0, g: 0, b: 0} and found the two structs to be byte wise exactly the same.

On a hunch I tried my test app with only a reference to the color and otherwise no interaction with the AppBar and not doing anything with the actual reference to the color: Windows.UI.Colors.black;. This too caused the issue. I knew that the implementation for these WinRT const values live in a DLL and guessed that something in the code to create these predefined colors was causing the issue. I debugged in and no luck. Now I also have experienced crusty code that would do exciting things in its DllMain, the function that's called when a DLL is loaded into the process so I tried modifying my C++ code to simply LoadLibrary the DLL containing the WinRT color definition, windows.ui.xaml.dll and found the bug still occurred! A short lived moment of relief as the world seemed to make sense again.

Debugging into DllMain nothing interesting happened. There were interesting calls in there to be sure, but all of them behind conditions that were false. I was again stumped. On another hunch I tried renaming the DLL and only LoadLibrary'ing it and the bug went away. I took a different DLL renamed it windows.ui.xaml.dll and tried LoadLibrary'ing that and the bug came back. Just the name of the DLL was causing the issue.

I searched for the DLL name in our source code index and found hits in the accessibility tool. Grinning I opened the source to find that the accessibility tool's phone side service was trying to determine if a process belonged to a XAML app or not because XAML apps had a different accessibility contract. It did this by checking to see if windows.ui.xaml.dll was loaded in the target process.

At this point I got to fix my main issue and open several new bugs for the variety of problems I had just run into. This is a how to on writing software that is difficult to debug.

PermalinkCommentsbug debug javascript JS technical windows winrt
Older Entries Creative Commons License Some rights reserved.