2009 Jun 25, 1:53"The document provides practical best practices related to specifying the language of content that HTML content authors can use to ensure that their HTML is easily adaptable for an international
audience. These are best practices that are best addressed from the start of content development if unnecessary costs and resource issues are to be avoided later on."languagei18ninternationalizationhtmlw3cxmlreferencexhtmltechnical
2009 Jun 22, 3:28Details on Firefox's DNS prefetching: "The Firefox implementation takes this approach one step further than just pre-resolving anchor href hostnames. It uses the prefetch logic on URLs that are being
included in the current document. By this I mean that it uses the prefetch logic on things like images, css, and jscript that are being loaded right away, in addition to anchor links which might be
clicked on at a slightly later time."dnsdns-prefetchinghtmlperformancenetworkingfirefoxmozillatechnical
2009 Jun 22, 3:12HTML5's mime-sniffing is getting moved to an IETF doc: "Many web servers supply incorrect Content-Type headers with their HTTP responses. In order to be compatible with these servers, user agents
must consider the content of HTTP responses as well as the Content-Type header when determining the effective media type of the response. This document describes an algorithm for determining the
effective media type of HTTP responses that balances security and compatibility considerations."mimemime-sniffingietfhttpw3chtml5technical
2009 Jun 22, 3:09"Web/browser-security maven and coder Adam Barth has been working on implementing a content sniffer in WebKit, based on a content-sniffing algorithm that was originally specified in the HTML5 draft,
but that's now specified as a separate IETF draft that Adam is editing and that's titled, Content-Type Processing Model."mimemime-sniffingwebkithttptechnical
However, until that work is embraced by browsers, embedding portions of videos will continue to require work specific to the site from which you are embedding the video. On the YouTube blog they
wrote about how to "link to the best parts in your videos", using a fragment syntax like '#t=1m15s' to start playback of the associated
video at 1 minute and 15 seconds. Of course if you want to embed part of a Hulu video it will be different. Although I haven't found an authoritative source describing the URL syntax to use, you
can follow Hulu's video guide on linking to part of a video and note how the URL changes as you adjust the
slider on the time-line. It looks like their syntax for linking to a Hulu page is to add '?c=[start time in seconds](:[end time in seconds])' with the colon and end time optional in order to link
to a portion of a video. And the syntax for embedding appears to be "http://www.hulu.com/embed/.../[start time in seconds](/[end time in
seconds])" again with the end time optional.
The weekend before the previous, Sarah and I moved our belongings into the
new house and spent a lot of time packing and unpacking, and now we're officially living there (interested Facebook friends can find my
new address or just ask me). The Saturday of the previous weekend Sarah's family came over for a half house warming and half Sarah's birthday celebration which was fun and served to force us to do
more unpacking and forced me to take trips to Home Depot, Bed Bath and Beyond, etc. On Sunday, Sarah and I went out to her favorite restaurant and she opened her gifts that I had to hide to keep
her from opening before her birthday. Happy Birthday Sarah!
While at Home Depot I had trouble finding what I was actually looking for, but I did find everything I needed to terminate the Cat5e cables that are wired in the house. Each room has a wall plate
with two RJ45 sockets, both sockets wired to Cat5e cable. One of the cables per plate was already hooked up to a standard phone service punchdown board and the other cables per plate were all
hanging unterminated next to the punchdown board. So now I've terminated them all with RJ45 connectors and hooked them up to my hub, wireless router, cable modem, etc. I had the same sort of fun
setting all that up as I did playing with model train sets as a child. Hopefully no therapy will be required to figure out why that is.
I had just created an OpenSearch description for WolframAlpha at work and was going about the process of adding another install link to my search provider
page so that I could install it. Thinking about it, I realized I could apply an XSLT to the OpenSearch description XML to produce the HTML automatically so I wouldn't have to modify additional
documents everytime I create and want to install a new OpenSearch description. While I was in there writing the XSLT I figure why not let the user try out searching with the OpenSearch description
file too. And lastly I made the XSLT apply to itself to produce HTML describing its own usage.
Incidentally, I added WolframAlpha at work to replace my FileInfo search provider for the purposes of searching for information about
particular Unicode characters. For instance, look at WolframAlpha's lovely output for this search for "Bopomofo zh".
2009 Jun 8, 3:58"Everyone can file bugs against HTML5, including you. To be clear, that something is filed in the W3C bug database does not mean it is likely it will be included."html5blogbughtmlw3c
2009 Jun 3, 9:55"A "via" link is simply a link back to the site where you found the article you're linking to. Atom has a link tag for this scenario:
." Is there an HTML version?atomrssxmllinksyndicationvia
I like the idea of QR codes, encoding URLs and placing them
on real world objects, but the QR codes themselves are kind of ugly. To make them less obvious I thought I could spray QR codes on to an object with an infrared reflective paint and shine infrared
light on the QR codes, since most cameras, for instance the camera in my G1 phone, pick up infrared that our eyes do not.
In looking for this paint I've found that it comes up a lot in relation to the military for things like paint markers that are visible at
night with proper equipment, and paint that absorbs IR light to make vehicles less obvious to night vision goggles. Even though the first
reflects infrared light and the second absorbs it websites end up refering to both as infrared paint which made it difficult to search.
Additionally I found links to some other geeky infrared projects:
Infrared goggles that block out all light except for the edge of infrared light that humans can perceive.
2009 May 27, 3:01"The Microsoft Connect service is a web-platform for communication between Microsoft Software Engineers and their developer community... Unfortunately the sign-up and feature request process is a
little confusing, and long-winded, so I have put together a guide to help people get to the right place."microsoftinternetieie8ie9html5canvashumorreferencescreenshot
2009 May 4, 12:06"The following table summarizes the link types that are defined by this specification. This table is non-normative; the actual definitions for the link types are given in the next few sections."htmlhtml5w3clinkreferencestandardurluri
2009 May 3, 10:26Seems very similar to that ShellExecute/Firefox app URL protocol handler exploit last year. "A vulnerability in the ChromeHTML URI handler allows an attacker to bypass the Same Origin Policy for any
site and also enumerate victims files and directories. When loaded in Internet Explorer, a specially crafted HTML page can launch Google Chrome with an arbitrary URI without requiring any user
interaction."exploitsecuritygooglechromebrowserweburlprotocol
Looking at the HTTP traffic of Netflix under Fiddler I could see the HTTP request that added a movie to my queue and didn't see anything obvious that would
prevent a CSRF. Sure enough its pretty easy to create a page that, if the user has set Netflix to auto-login, will add movies to the user's queue without their knowledge. I thought this was pretty
neat, because I could finally get people to watch Primer. However, when I searched for Netflix CSRF I found that this issue has been known and reported to Netflix since 2006. Again my thoughts stolen from me and the
theif doesn't even have the common decency to let me have the thought first!
With this issue known for nearly three years its hard to continue calling it an issue. Really they should just document it in their API docs and be
done with it. Who knows what Netflix based web sites and services they'll break if they try to change this behavior? For instance, follow this link to add my Netflix recommended movies to your queue.
Netflix lets you watch a subset of their movies online via their website and a subset of those movies are available to watch on the Xbox 360's Netflix app. so its not always easy to find movies to
watch on Xbox 360. Yet, I regularly see my Xbox friends using the Netflix app and its a shame they didn't make an easy way to share movie recommendations with your friends. Instead we must share
movie recommendations the old fashioned way. Here's the movies I've found and enjoyed on my 360.
If you enjoyed Paranoia Agent you'll enjoy this movie in the same animation style and by the same director and
writer, Satoshi Kon. Its like a feature length version of a Paranoia Agent episode in which a dream machine lets outsiders view one's dreams but eventually leads to blurring the dreams and
reality.
I didn't see either of the Grindhouse movies when they first came out, but of the two, Planet Terror is the more humorous and exciting gore filled parody.
A hilarious documentary on the struggle between the reigning champ hot-sauce salesman and the underdog Washington state high school science teacher to obtain the Donkey Kong world record high
score. After watching, checkout this interview with the creators of the movie and the
villain.
2009 Apr 23, 2:22Review of mime sniffing based XSS attacks with recommended protections for both web sites and browsers. Also, surprising to me since I rarely see it in this sort of a paper, thought and stats on the
compat. affects of their recommended changes for browsers. Very happy to see that in there!websecurityiebrowserxsssniffmimefirefoxchromesafarihtmlhtml5
2009 Apr 23, 1:35"This e-mail is an attempt to give a relatively concise yet reasonably complete overview of non-Unicode character sets and encodings for 'Chinese characters', excluding those which are not supported
by at least one of the four browsers IE, Safari, Firefox and Opera (henceforth 'all browsers'), and tentatively avoiding technical details which are out of scope for HTML5 unless they are important
to gain a general understanding of the relevant issues."htmlhtml5iso-2022charsetencodingcharacterunicodecjk
The weekend before the previous, Sarah and I moved our belongings into the
new house and spent a lot of time packing and unpacking, and now we're officially living there (interested Facebook friends can find my
new address or just ask me). The Saturday of the previous weekend Sarah's family came over for a half house warming and half Sarah's birthday celebration which was fun and served to force us to do
more unpacking and forced me to take trips to Home Depot, Bed Bath and Beyond, etc. On Sunday, Sarah and I went out to her favorite restaurant and she opened her gifts that I had to hide to keep
her from opening before her birthday. Happy Birthday Sarah!
Some rights reserved