2011 Jul 26, 10:00Opera has stats on what an 'average' web page looks like it in terms of HTML elemenets and attributes used etc.webdevelopmenthtmlstatisticstechnicalopera
2011 Jul 18, 2:38Neat idea: "When the user wants to visit a blacklisted site, the client establishes an encrypted HTTPS connection to a non-blacklisted web server outside the censor’s network, which could be a normal
site that the user regularly visits... The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers. We construct this tag using a mechanism called
public-key steganography... As the connection travels over the Internet en route to the non-blacklisted site, it passes through routers at various ISPs in the core of the network. We envision that
some of these ISPs would deploy equipment we call Telex stations."internetsecuritytoolscensorshiptechnical
2011 Jul 13, 5:48Like the big red button that doesn't do anything but better "because it is slightly cheaper, and because it has the words "DON'T PANIC" in large, friendly letters on the cover"humorinternetweb
2011 Jul 6, 7:28"Over this past Fourth Of July weekend, we neglected to note that it was the 15th anniversary of Roland Emmerich’s 1996 blockbuster Independence Day. New York comedian Sean Kleier remembered, and
decided to make his own tribute, going to various locations around New York City—Times Square, the Brooklyn Bridge, the subway, and inside a Victoria’s Secret—reciting Bill Pullman’s rousing speech
before the movie's final battle sequence, megaphone and all." humorvideobill-pullmanindependence-daynew-york
2011 Jun 20, 2:25I knew it was a game but still felt bad war-dialing and otherwise messing around in there. What if I accidentally find a way out? "Telehack is the most interesting game I've played in the last
year... a game that most users won't realize is a game at all. It's a tour de force hack — an interactive pastiche of 1980s computer history, tying together public archives of Usenet newsgroups, BBS
textfiles, software archives, and historical computer networks into a multiplayer adventure game." Also, see all the accounts of people finding their teenage selves in the game.internettechnicaldevelopmenthacktelnetwardialgame
2011 Jun 20, 2:09"Why did the hackers at Lulz Security ("LulzSec") invade Sony Pictures websites, take down cia.gov, and release 60,000+ e-mail addresses and passwords? For the lulz, of course—but what might look
lulzy to one person could certainly enrage another. In honor of its 1,000th tweet, the witty wankers of LulzSec released a manifesto of sorts, defending their actions to the angry Internets."internetsecurityprivacyhacktechnical
As it turns out the WPAD Server Fiddler Extension I made a while back actually has a non-malicious purpose. Apparently its useful for debugging HTTP on the WP7
phone (or so I'm told). Anyway I took some requests and I've fixed a few minor bugs (start button not updating correctly), changed the dialog to be a Fiddler tab so you can use it non-modally, and
the WPAD server is now always off when Fiddler starts.
2011 Jun 5, 4:57"ViewText.org is a service provided to make reading content on the web easier, faster, and safer by extracting the main article content from news items, blog posts, RSS feeds, and PDF's." Includes
API to extract the article text!internetwebarticlehtmltextapitechnical
2011 May 30, 3:13"We covered the Newstweek, a wall-wart sized box that injects fake news stories over public WiFi connections last February, but now there’s a great walk through and it seems our doubts about this
project were disproved."securityjournalismwifihacktechnical
I wanted to ensure that my switch statement in my implementation of IInternetSecurityManager::ProcessURLAction had a case for every possible documented URLACTION. I wrote the following short
command line sequence to see the list of all URLACTIONs in the SDK header file not found in my source file:
grep URLACTION urlmon.idl | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > allURLACTIONs.txt grep URLACTION MySecurityManager.cpp | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > myURLACTIONs.txt comm -23 allURLACTIONs.txt myURLACTIONs.txt
In
the PowerShell version I can skip the temporary files which is nice. 'diff' is mapped to 'compare-object' which seems similar to comm but with no parameters to filter out the different streams
(although this could be done more verbosely with the ?{ } filter syntax). In PowerShell uniq functionality is built into sort. The builtin -cmatch operator (c is for case sensitive) to do regexp is
nice plus the side effect of generating the $matches variable with the regexp results.
2011 May 26, 1:28This was on my todo list. I'll scratch it off knowing far more funded folks are doing this: "A startup called BlueStacks has developed an Android runtime environment for the Windows operating system.
It will enable users to run Android applications alongside conventional Windows software on Microsoft's operating system." "One example would be a convertible netbook tablet that normally runs
Windows but switches to an Android interface for greater touch-friendliness when the screen is flipped.
Such a product would offer the full power and multitasking capabilities of Windows but also benefit from having access to Android's broad touch-enabled software ecosystem."windowsprogrammingandroidjavatechnical
2011 Apr 30, 4:05"This document discusses our experiences from moving a small number of users to an IPv6-only network, with access to the IPv4-only parts of the Internet via a NAT64 device. The document covers
practical experiences as well as road blocks and opportunities for this type of a network setup. The document also makes some recommendations about where such networks are applicable and what should
be taken into account in the network design. The document also discusses further work that is needed to make IPv6-only networking applicable in all environments."internetipipv6ipv4nattechnicalreference
2011 Apr 27, 2:23"The gradual disappearance of open wireless networks is a tragedy of the commons, with a confusing twist of privacy and security debate. This essay explains why the progressive locking of wireless
networks is harmful — for convenience, for privacy and for efficient use of the electromagnetic spectrum."laweffwirelessinternettechnicalprivacysecurity
2011 Apr 27, 2:21Competing price setting algorithms create a very high priced book. "But Peter Lawrence can now comfortably boast that one of the biggest and most respected companies on Earth valued his great book at
$23,698,655.93 (plus $3.99 shipping)."humorinternetblogsciencebookcommercead
2011 Apr 8, 2:07"On average their method gets to within 690 metres of the target and can be as close as 100 metres – good enough to identify the target computer's location to within a few streets.", "When a landmark
machine and the target computer have shared a router, the researchers can compare how long a packet takes to reach each machine from the router; converted into an estimate of distance, this time
difference narrows the search down further."technicalinternetprivacygeogeolocationsecurity
2011 Apr 6, 3:52Humorous quote from the doc: "While we readily agree that the naming of IPv6 address parts is not the most pressing concern the Internet is facing today, a common nomenclature is important for
efficient communication."humortechnicalipv6namedocumentationietfrfc
I used FiddlerCore in GeolocMock to edit HTTPS responses and ran into two stumbling
blocks that I'll document here. The first is that I didn't check if the Fiddler root cert existed or was installed, which of course is necessary to edit HTTPS traffic. The following is my code
where I check for the certs.
if (!Fiddler.CertMaker.rootCertExists()) { if (!Fiddler.CertMaker.createRootCert()) { throw new Exception("Unable to create cert for FiddlerCore."); } }
if (!Fiddler.CertMaker.rootCertIsTrusted()) { if (!Fiddler.CertMaker.trustRootCert()) { throw new Exception("Unable to install FiddlerCore's cert."); } }
The second problem I had (which would have been solved had I read all the sample code first) was that my changes weren't being applied. In my app I only need the BeforeResponse but in order to
modify the response I must also sign up for the BeforeRequest event and mark the bBufferResponse flag on the session before the response comes back. For example:
Fiddler.FiddlerApplication.BeforeRequest += new SessionStateHandler(FiddlerApplication_BeforeRequest); Fiddler.FiddlerApplication.BeforeResponse += new SessionStateHandler(FiddlerApplication_BeforeResponse); ... private void FiddlerApplication_BeforeRequest(Session oSession) { if (IsInterestingSession(oSession)) { oSession.bBufferResponse = true; } }
For my GeolocMock weekend project I intended to use the Bing Maps API to display a map in a WebBrowser control and allow the user to
interact with that to select a location to be consumed by my application. Getting my .NET code to talk to the JavaScript in the WebBrowser control was surprisingly easy.
To have .NET execute JavaScript code you can use the InvokeScript method passing the name of the JavaScript function to execute and an object array of parameters to pass:
this.webBrowser2.Document.InvokeScript("onLocationStateChanged", new object[] { latitudeTextBoxText, longitudeTextBoxText, altitudeTextBoxText, uncertaintyTextBoxText });
The other direction, having JavaScript call into .NET is slightly more complicated but still pretty easy as far as language interop goes. The first step is to mark your assembly as ComVisible so
that it can interact with JavaScript via COM. VS had already added a ComVisible declaration to my project I just had to change the value to true.
[assembly: ComVisible(true)]
Next set ObjectForScripting attribute to the object you want to expose to JavaScript.
Now that object is exposed as window.external in JavaScript and you can call methods on it.
window.external.Set(lat, long, alt, gUncert);
However you don't seem to be able to test for the existence of methods off of it. For example the following JavaScript generates an exception for me even though I have a Set method:
Working on GeolocMock it took me a bit to realize why my HTML could use the W3C Geolocation API in IE9 but not in my WebBrowser control in
my .NET application. Eventually I realized that I was getting the wrong IE doc mode. Reading this old More IE8 Extensibility Improvements IE blog post from the IE blog I found the issue is that for app
compat the WebOC picks older doc modes but an app hosting the WebOC can set a regkey to get different doc modes. The IE9 mode isn't listed in that article but I took a guess based on the values
there and the decimal value 9999 gets my app IE9 mode. The following is the code I run in my application to set its regkey so that my app can get the IE9 doc mode and use the geolocation API.
Some rights reserved