IP page 10 - Dave's Blog

Search
My timeline on Mastodon

Raising the bar on web uploads

2012 Apr 25, 5:00

Flickr’s new HTML5-ish photo upload feature technical overview.

PermalinkCommentstechnical html html5 javascript css3 css flickr file-upload

(via Descriptive Camera) A digital camera sends photos to...

2012 Apr 25, 4:23


(via Descriptive Camera)

A digital camera sends photos to Mechanical Turk service to generate a textual description and print the result on a thermal printer.  Thus a camera that prints out a textual description of what you photographed.

PermalinkCommentshumor camera photo mechanical-turk

Diagramly

2012 Apr 20, 3:38

Web app for making diagrams like Visio.  Export your results as SVG, PNG, PDF and others.

PermalinkCommentstechnical diagram web-app javascript web visio svg

JavaScript in JavaScript (js.js): smaller, faster, and with demos (princeton.edu)

2012 Apr 19, 3:36

Unlike Inception, running a JS engine in a JS engine does not make the inner JS engine go faster.

PermalinkCommentstechnical javascript programming interpretter

EFF White Paper Outlines How Businesses Can Avoid Assisting Repressive Regimes

2012 Apr 18, 6:24

A House subcommittee has passed the Global Online Freedom Act (GOFA), which would require disclosure from companies about their human rights practices and limit the export of technologies that “serve the primary purpose of” facilitating government surveillance or censorship to countries designated as “Internet-restricting.”

PermalinkCommentstechnical human-rights eff software government law surveillance

A VC: The Twitter "Patent Hack"

2012 Apr 18, 6:19

Specifically Twitter has said that they will only used these assigned patent rights defensively to protect themselves against hostile actions. And further that any company that acquires these patent rights from Twitter will need the inventor’s consent to use them in an offensive action. Twitter has also provided the inventor with certain rights to license the patent to others for defensive purposes. You can read the entire set of provisions on GitHub.

PermalinkCommentstechnical twitter ip patent software-patent

Another Comedy Bang Bang preview clip this time with Zach...

2012 Apr 18, 6:02


Another Comedy Bang Bang preview clip this time with Zach Galifianakis.

PermalinkCommentszach-galifianakis comedy-bang-bang video humor preview scott-aukerman tv clip

Image Error Level Analysis with HTML5

2012 Apr 16, 1:59

Javascript tool says if a photo is shopped. It can tell by looking at the pixels. Seriously. Links to cool presentation on the theory behind the algorithm behind the tool: http://www.wired.com/images_blogs/threatlevel/files/bh-usa-07-krawetz.pdf

PermalinkCommentstechnical javascript jpeg photoshop

Hotel Wifi JavaScript Injection (justinsomnia.org)

2012 Apr 5, 3:23

In short, Marriott is injecting JavaScript into the HTML of every webpage its hotel customers view for the purpose of injecting ads (and in the meantime, breaking YouTube).

PermalinkCommentstechnical css html security web internet javascript injection

RB 196: The Rally Cry of SOPA

2012 Apr 2, 8:28

Field producer Melissa Galvez speaks to Susan Crawford, Micah Sifry, Nicco Mele, and others to find out how the grassroots campaign to bring down SOPA/PIPA was built, and what it says about organizing on the internet.

PermalinkCommentstechnical sopa politics internet legal

How to collect JavaScript performance data for Windows Metro apps on a device that does not have Visual Studio installed

2012 Mar 16, 2:27

Documentation for the VS JS profiler for Win8 HTML Metro Apps on profiling apps running on remote machines. 

PermalinkCommentswin8 programming technical js vs

Rob Reid: The $8 billion iPod.  5min TED talk on copyright math

2012 Mar 15, 6:25
an>
PermalinkCommentshumor video ipod music mpaa riaa ted copyright

Dave Weston on security best practices in Win8 HTML Metro Apps.

2012 Mar 14, 9:29PermalinkCommentssecurity technical video david-weston wwa win8 programming html javascript

Alternate IPv4 Forms - URI Host Syntax Notes

2012 Mar 14, 4:30

By the URI RFC there is only one way to represent a particular IPv4 address in the host of a URI. This is the standard dotted decimal notation of four bytes in decimal with no leading zeroes delimited by periods. And no leading zeros are allowed which means there's only one textual representation of a particular IPv4 address.

However as discussed in the URI RFC, there are other forms of IPv4 addresses that although not officially allowed are generally accepted. Many implementations used inet_aton to parse the address from the URI which accepts more than just dotted decimal. Instead of dotted decimal, each dot delimited part can be in decimal, octal (if preceded by a '0') or hex (if preceded by '0x' or '0X'). And that's each section individually - they don't have to match. And there need not be 4 parts: there can be between 1 and 4 (inclusive). In case of less than 4, the last part in the string represents all of the left over bytes, not just one.

For example the following are all equivalent:

192.168.1.1
Standard dotted decimal form
0300.0250.01.01
Octal
0xC0.0XA8.0x1.0X1
Hex
192.168.257
Fewer parts
0300.0XA8.257
All of the above

The bread and butter of URI related security issues is when one part of the system disagrees with another about the interpretation of the URI. So this non-standard, non-normal form syntax has been been a great source of security issues in the past. Its mostly well known now (CreateUri normalizes these non-normal forms to dotted decimal), but occasionally a good tool for bypassing naive URI blocking systems.

PermalinkCommentsurl inet_aton uri technical host programming ipv4

A Dad’s Plea To Developers Of iPad Apps For Children (smashingmagazine.com)

2012 Mar 12, 7:02

Set of issues run into by children using iPad apps.  Should be generally appropriate though:

Designing apps for children is extremely hard. Not only is quality, age-appropriate content hard to create, but designing the flow and interaction of these apps is made more difficult because designers must refrain from implementing advanced gestures, which would only confuse and frustrate kids (and, by extension, their parents). Yet all apps can and should adhere to certain basics. Hopefully, the four guidelines discussed here can become fixtures of all children’s apps.

PermalinkCommentstechnical ui ipad design children programming

Cursor:none abuse (trick users into clicking Facebook 'like') (co.uk)

2012 Mar 6, 7:19

Cursor spoofing. Great job!

PermalinkCommentstechnical javascript css html cursor security

Star Trek: TNG Season 8 illustration has us longing for more [Star Trek]

2012 Mar 5, 3:17

Fictional plot summaries of TNG S8 episodes.    Like:

  • Q’s back: he’s wearing scuba gear and needs Picard’s help dumping his girlfriend. Barclay accidentally locks himself outside the ship.
  • Geordie and Data nurse a space bird back to health, and are sad when they have to release it. Picard is trapped in a turbolift with a baby.
  • Starfleet sends a cantankerous admiral to boss around Picard during delicate peace talks. Data seems to have mastered bragging.
  • Riker’s ex-girlfriend arrives and dies, leaving behind a pile of glowing dust and a mystery. Picard is trapped on a turbolift with a horse.
  • A planet of suspicious docents abduct Riker for their museum of amazing men. Geordi and Data are too excited to sleep at their sleepover.
  • Picard is trapped inside a sentient turbolift. A clip show highlights the most memorable “Picard is trapped on a turbolift” moments.
PermalinkCommentshumor twitter tng tv

HTML5 Table Flipper Experiment

2012 Mar 2, 1:02

The goal of this experiment was to combine the flipping tables emoticons with the Threw It On The Ground video using shiny new HTML5-ish features and the end result is the table flipper flipping the Threw It On the Ground video.

The table flipper emoticon is CSS before content that changes on hover. Additionally on hover a CSS transform is applied to flip the video upside down several times and move it to the right and there's a CSS transition to animate the flipping. The only issue I ran into is that (at least on Windows) Flash doesn't like to have CSS transform rotations applied to it. So to get the most out of the flip experiment you must opt-in to HTML5 video on YouTube. And of course you must use a browser that supports the various things I just mentioned, like the latest Chrome (or not yet released IE10).

PermalinkCommentscss-transform flipping-tables css-transition html5-video technical threw-it-on-the-ground

paulftompkins: shahruz: Promo on IFC for the upcoming Comedy...

2012 Feb 29, 10:13
[Flash 10 is required to watch video.]

paulftompkins:

shahruz:

Promo on IFC for the upcoming Comedy Bang Bang TV show!!!

BE EXCITED.

I am excited Paul.

PermalinkCommentshumor video comedy-bang-bang

Client Side Cross Domain Data YQL Hack

2012 Feb 27, 2:28

One of the more limiting issues of writing client side script in the browser is the same origin limitations of XMLHttpRequest. The latest version of all browsers support a subset of CORS to allow servers to opt-in particular resources for cross-domain access. Since IE8 there's XDomainRequest and in all other browsers (including IE10) there's XHR L2's cross-origin request features. But the vast majority of resources out on the web do not opt-in using CORS headers and so client side only web apps like a podcast player or a feed reader aren't doable.

One hack-y way around this I've found is to use YQL as a CORS proxy. YQL applies the CORS header to all its responses and among its features it allows a caller to request an arbitrary XML, HTML, or JSON resource. So my network helper script first attempts to access a URI directly using XDomainRequest if that exists and XMLHttpRequest otherwise. If that fails it then tries to use XDR or XHR to access the URI via YQL. I wrap my URIs in the following manner, where type is either "html", "xml", or "json":

        yqlRequest = function(uri, method, type, onComplete, onError) {
var yqlUri = "http://query.yahooapis.com/v1/public/yql?q=" +
encodeURIComponent("SELECT * FROM " + type + ' where url="' + encodeURIComponent(uri) + '"');

if (type == "html") {
yqlUri += encodeURIComponent(" and xpath='/*'");
}
else if (type == "json") {
yqlUri += "&callback=&format=json";
}
...

This also means I can get JSON data itself without having to go through JSONP.
PermalinkCommentsxhr javascript yql client-side technical yahoo xdr cors
Older EntriesNewer Entries Creative Commons License Some rights reserved.