technica page 10 - Dave's Blog

Search
My timeline on Mastodon

Dark Patterns are UI patterns used to trick users into doing...

2012 Mar 12, 7:05


Dark Patterns are UI patterns used to trick users into doing things they’d otherwise rather not: buy traveler’s insurance, click on ads, etc.  Covers the anti-patterns and how we as technical folk can help stop this.

PermalinkCommentstechnical ui programming dark-pattern

A Dad’s Plea To Developers Of iPad Apps For Children (smashingmagazine.com)

2012 Mar 12, 7:02

Set of issues run into by children using iPad apps.  Should be generally appropriate though:

Designing apps for children is extremely hard. Not only is quality, age-appropriate content hard to create, but designing the flow and interaction of these apps is made more difficult because designers must refrain from implementing advanced gestures, which would only confuse and frustrate kids (and, by extension, their parents). Yet all apps can and should adhere to certain basics. Hopefully, the four guidelines discussed here can become fixtures of all children’s apps.

PermalinkCommentstechnical ui ipad design children programming

Privacy through Obscurity

2012 Mar 9, 3:30

With Facebook changing its privacy policy and settings so frequently and just generally the huge amount of social sites out there, for many of us it is far too late to ensure our name doesn't show up with unfortunate results in web searches. Information is too easily copyable and archive-able to make removing these results a viable option, so clearly the solution is to create more data.

Create fake profiles on Facebook using your name but with a different photo, different date of birth, and different hometown. Create enough doppelgangers to add noise to the search results for your name. And have them share embarrassing stories on their blogs. The goal is to ensure that the din of your alternates drowns out anything embarrassing showing up for you.

Although it will look suspicious if you're the only name on Google with such chaff. So clearly you must also do this for your friends and family. Really you'll be doing them a favor.

PermalinkCommentstechnical facebook stupid internet privacy

WHATWG Weekly: http+aes URL scheme, control Referer, …

2012 Mar 7, 8:08

Seems generally bad to embed sensitive info in the URI (the http+aes URI scheme’s decryption key) similar to the now deprecated password field.

Use case is covered here: http://lists.w3.org/Archives/Public/ietf-http-wg/2012JanMar/0811.html.  Also discussion including someone mentioning the issue above.

PermalinkCommentstechnical html5 html uri uri-scheme http http+aes

"A More Granular Web Origin Concept" - Yoav Nir

2012 Mar 7, 8:01PermalinkCommentstechnical web origin

"A context mechanism for controlling caching of HTTP responses" - Yngve Pettersen

2012 Mar 7, 8:00PermalinkCommentstechnical http caching

Sometimes the bug isn't in your code, it's in the CPU (dragonflybsd.org)

2012 Mar 7, 8:00

Fascinating, but really most of the time it is in your code.  Really you should look there first.  Usually not the compiler’s fault, or the OS’s fault, or a loose wire in the CPU…

PermalinkCommentstechnical programming cpu

Cursor:none abuse (trick users into clicking Facebook 'like') (co.uk)

2012 Mar 6, 7:19

Cursor spoofing. Great job!

PermalinkCommentstechnical javascript css html cursor security

HTML5 Table Flipper Experiment

2012 Mar 2, 1:02

The goal of this experiment was to combine the flipping tables emoticons with the Threw It On The Ground video using shiny new HTML5-ish features and the end result is the table flipper flipping the Threw It On the Ground video.

The table flipper emoticon is CSS before content that changes on hover. Additionally on hover a CSS transform is applied to flip the video upside down several times and move it to the right and there's a CSS transition to animate the flipping. The only issue I ran into is that (at least on Windows) Flash doesn't like to have CSS transform rotations applied to it. So to get the most out of the flip experiment you must opt-in to HTML5 video on YouTube. And of course you must use a browser that supports the various things I just mentioned, like the latest Chrome (or not yet released IE10).

PermalinkCommentscss-transform flipping-tables css-transition html5-video technical threw-it-on-the-ground

Minimal Mac: TV Is Broken

2012 Feb 27, 1:58

minimalmac:

I say all of this to set up the fact that Beatrix has little idea of how traditional TV works and seeing her first real exposure to it was enlightening to say the least.

PermalinkCommentshumor technical tv netflix

Client Side Cross Domain Data YQL Hack

2012 Feb 27, 2:28

One of the more limiting issues of writing client side script in the browser is the same origin limitations of XMLHttpRequest. The latest version of all browsers support a subset of CORS to allow servers to opt-in particular resources for cross-domain access. Since IE8 there's XDomainRequest and in all other browsers (including IE10) there's XHR L2's cross-origin request features. But the vast majority of resources out on the web do not opt-in using CORS headers and so client side only web apps like a podcast player or a feed reader aren't doable.

One hack-y way around this I've found is to use YQL as a CORS proxy. YQL applies the CORS header to all its responses and among its features it allows a caller to request an arbitrary XML, HTML, or JSON resource. So my network helper script first attempts to access a URI directly using XDomainRequest if that exists and XMLHttpRequest otherwise. If that fails it then tries to use XDR or XHR to access the URI via YQL. I wrap my URIs in the following manner, where type is either "html", "xml", or "json":

        yqlRequest = function(uri, method, type, onComplete, onError) {
var yqlUri = "http://query.yahooapis.com/v1/public/yql?q=" +
encodeURIComponent("SELECT * FROM " + type + ' where url="' + encodeURIComponent(uri) + '"');

if (type == "html") {
yqlUri += encodeURIComponent(" and xpath='/*'");
}
else if (type == "json") {
yqlUri += "&callback=&format=json";
}
...

This also means I can get JSON data itself without having to go through JSONP.
PermalinkCommentsxhr javascript yql client-side technical yahoo xdr cors

Anecdote on software usability. FTA: “… and suddenly...

2012 Feb 24, 5:24


Anecdote on software usability. FTA: “… and suddenly realized that it was a perfectly ordinary whiteboard felt-tip pen. The headwaiter just draw an ”X” over their booking, directly on the computer screen!”

(via “What’s the waiter doing with the computer screen?” (javlaskitsystem.se))

PermalinkCommentshumor software technical ux

(via School of Fail: Technically Not Inaccurate.)

2012 Feb 24, 5:22


(via School of Fail: Technically Not Inaccurate.)

PermalinkCommentshumor harry-potter school

Web Worker Initialization Race

2012 Feb 24, 1:44

Elaborating on a previous brief post on the topic of Web Worker initialization race conditions, there's two important points to avoid a race condition when setting up a Worker:

  1. The parent starts the communication posting to the worker.
  2. The worker sets up its message handler in its first synchronous block of execution.

For example the following has no race becaues the spec guarentees that messages posted to a worker during its first synchronous block of execution will be queued and handled after that block. So the worker gets a chance to setup its onmessage handler. No race:

'parent.js':
var worker = new Worker();
worker.postMessage("initialize");

'worker.js':
onmessage = function(e) {
// ...
}

The following has a race because there's no guarentee that the parent's onmessage handler is setup before the worker executes postMessage. Race (violates 1):

'parent.js':
var worker = new Worker();
worker.onmessage = function(e) {
// ...
};

'worker.js':
postMessage("initialize");

The following has a race because the worker has no onmessage handler set in its first synchronous execution block and so the parent's postMessage may be sent before the worker sets its onmessage handler. Race (violates 2):

'parent.js':
var worker = new Worker();
worker.postMessage("initialize");

'worker.js':
setTimeout(
function() {
onmessage = function(e) {
// ...
}
},
0);
PermalinkCommentstechnical programming worker web-worker html script

How Bots Seized Control of My Pricing Strategy (bueno.org)

2012 Feb 22, 6:54

Automated authors writing books and automated middle men trying to sell over priced books at a profit. The author of the blog post claims to be human, but I’m not so sure.

PermalinkCommentshumor technical amazon economics bots

Prime HTTP Status Codes

2012 Feb 22, 4:00
These are the prime HTTP status codes:
PermalinkCommentshttp prime technical useless

Learn from Haskell - Functional, Reusable JavaScript (github.com)

2012 Feb 21, 3:32PermalinkCommentstechnical programming functional haskell javascript

Using CSS without HTML (mathiasbynens.be)

2012 Feb 20, 6:11

Implied HTML elements, CSS before/after content, and the link HTTP header combines to make a document that displays something despite having a 0 byte HTML file.  Demo only in Opera/FireFox due to link HTTP header support.

PermalinkCommentstechnical humor hack css http html

URI Percent Encoding Ignorance Level 2 - There is no Unencoded URI

2012 Feb 20, 4:00

As a professional URI aficionado I deal with various levels of ignorance on URI percent-encoding (aka URI encoding, or URL escaping).

Getting into the more subtle levels of URI percent-encoding ignorance, folks try to apply their knowledge of percent-encoding to URIs as a whole producing the concepts escaped URIs and unescaped URIs. However there are no such things - URIs themselves aren't percent-encoded or decoded but rather contain characters that are percent-encoded or decoded. Applying percent-encoding or decoding to a URI as a whole produces a new and non-equivalent URI.

Instead of lingering on the incorrect concepts we'll just cover the correct ones: there's raw unencoded data, non-normal form URIs and normal form URIs. For example:

  1. http://example.com/%74%68%65%3F%70%61%74%68?query
  2. http://example.com/the%3Fpath?query
  3. "http", "example.com", "the?path", "query"

In the above (A) is not an 'encoded URI' but rather a non-normal form URI. The characters of 'the' and 'path' are percent-encoded but as unreserved characters specific in the RFC should not be encoded. In the normal form of the URI (B) the characters are decoded. But (B) is not a 'decoded URI' -- it still has an encoded '?' in it because that's a reserved character which by the RFC holds different meaning when appearing decoded versus encoded. Specifically in this case, it appears encoded which means it is data -- a literal '?' that appears as part of the path segment. This is as opposed to the decoded '?' that appears in the URI which is not part of the path but rather the delimiter to the query.

Usually when developers talk about decoding the URI what they really want is the raw data from the URI. The raw decoded data is (C) above. The only thing to note beyond what's covered already is that to obtain the decoded data one must parse the URI before percent decoding all percent-encoded octets.

Of course the exception here is when a URI is the raw data. In this case you must percent-encode the URI to have it appear in another URI. More on percent-encoding while constructing URIs later.

PermalinkCommentsurl encoding uri technical percent-encoding

Mothereffing animated gif

2012 Feb 17, 7:31

Client side animated GIF creator web app.

PermalinkCommentstechnical javascript gif animated compression html5
Older EntriesNewer Entries Creative Commons License Some rights reserved.