Flickr’s new HTML5-ish photo upload feature technical overview.
The Metro Developer Show is the first podcast exclusively for Metro developers and enthusiasts.
Each week Ryan and Travis Lowdermilk traverse the exciting world of Metro (phone, tablet, desktop and Xbox); covering the latest news and exploring what it means for the developer community and everyday users.
Web app for making diagrams like Visio. Export your results as SVG, PNG, PDF and others.
Unlike Inception, running a JS engine in a JS engine does not make the inner JS engine go faster.
A House subcommittee has passed the Global Online Freedom Act (GOFA), which would require disclosure from companies about their human rights practices and limit the export of technologies that “serve the primary purpose of” facilitating government surveillance or censorship to countries designated as “Internet-restricting.”
Specifically Twitter has said that they will only used these assigned patent rights defensively to protect themselves against hostile actions. And further that any company that acquires these patent rights from Twitter will need the inventor’s consent to use them in an offensive action. Twitter has also provided the inventor with certain rights to license the patent to others for defensive purposes. You can read the entire set of provisions on GitHub.
Windows RT is the name of the Win8 ARM SKU? That’s funny because its also the Windows Runtime: http://msdn.microsoft.com/en-us/library/windows/apps/br211377
Javascript tool says if a photo is shopped. It can tell by looking at the pixels. Seriously. Links to cool presentation on the theory behind the algorithm behind the tool: http://www.wired.com/images_blogs/threatlevel/files/bh-usa-07-krawetz.pdf
In short, Marriott is injecting JavaScript into the HTML of every webpage its hotel customers view for the purpose of injecting ads (and in the meantime, breaking YouTube).
Field producer Melissa Galvez speaks to Susan Crawford, Micah Sifry, Nicco Mele, and others to find out how the grassroots campaign to bring down SOPA/PIPA was built, and what it says about organizing on the internet.
Intro to the world of the 0day exploit market.
First tier of their service is free. Supports age, gender, glasses, and mood as well as where the face is in an image all over a REST-ful web API.
Eric Lawrence describes the new security features of IE10.
Do we have a word or phrase to describe the following situation: You code up something complicated and it compiles and works on the first try. You then spend the next ten minutes trying to figure out what's actually broken because it shouldn't be this easy.
Or in meme form:
recommendations on how Internet Service
Providers can use various remediation techniques to manage the
effects of malicious bot infestations on computers used by their
subscribers.
Detection and notification recommendations.
Is this really the right way to do this? Feels icky:
To programmatically add or modify system environment variables, add them to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment registry key, then broadcast a WM_SETTINGCHANGE message with lParam set to the string “Environment”.
Documentation for the VS JS profiler for Win8 HTML Metro Apps on profiling apps running on remote machines.
By the URI RFC there is only one way to represent a particular IPv4 address in the host of a URI. This is the standard dotted decimal notation of four bytes in decimal with no leading zeroes delimited by periods. And no leading zeros are allowed which means there's only one textual representation of a particular IPv4 address.
However as discussed in the URI RFC, there are other forms of IPv4 addresses that although not officially allowed are generally accepted. Many implementations used inet_aton to parse the address from the URI which accepts more than just dotted decimal. Instead of dotted decimal, each dot delimited part can be in decimal, octal (if preceded by a '0') or hex (if preceded by '0x' or '0X'). And that's each section individually - they don't have to match. And there need not be 4 parts: there can be between 1 and 4 (inclusive). In case of less than 4, the last part in the string represents all of the left over bytes, not just one.
For example the following are all equivalent:
The bread and butter of URI related security issues is when one part of the system disagrees with another about the interpretation of the URI. So this non-standard, non-normal form syntax has been been a great source of security issues in the past. Its mostly well known now (CreateUri normalizes these non-normal forms to dotted decimal), but occasionally a good tool for bypassing naive URI blocking systems.
Some rights reserved