tech page 14 - Dave's Blog

Search
My timeline on Mastodon

Bug Spotting: Ctors with default parameters

2011 Dec 1, 4:59

The following code compiled just fine but did not at all act in the manner I expected:

BOOL CheckForThing(__in CObj *pObj, __in IFigMgr* pFigMgr, __in_opt LPCWSTR url)
{
BOOL fCheck = FALSE;
if (SubCheck(pObj))
{
...
I’m calling SubCheck which looks like:
bool SubCheck(const CObj& obj);

Did you spot the bug? As you can see I should be passing in *pObj not pObj since the method takes a const CObj& not a CObj*. But then why does it compile?

It works because CObj has a constructor with all but one param with default values and CObj is derived from IUnknown:

CObj(__in_opt IUnknown * pUnkOuter, __in_opt LPCWSTR pszUrl = NULL);
Accordingly C++ uses this constructor as an implicit conversion operator. So instead of passing in my CObj, I end up creating a new CObj on the stack passing in the CObj I wanted as the outer object which has a number of issues.

The lesson is unless you really want this behavior, don't make constructors with all but 1 or 0 default parameters. If you need to do that consider using the 'explicit' keyword on the constructor.

More info about forcing single argument constructors to be explicit is available on stack overflow.

PermalinkCommentsc++ technical bug programming

Sprint loaded spyware on its Android phones

2011 Nov 30, 4:22

“TechCrunch and others are reporting that a program called “Carrier IQ” that comes pre-installed on Sprint phones has some pretty amazing spyware capabilities, right down to keylogging everything you do on the phone.”

PermalinkCommentstechnical cell-phone privacy security

Replacing Google Reader Shared Feeds with Tumblr

2011 Nov 28, 7:36

Last time I wrote about how I switched from Delicious to Google Reader's shared links feature only to find out that week that Google was removing the Google Reader shared links feature in favor of Google Plus social features (I'll save my Google Plus rant for another day).

Forced to find something new again, I'm now very pleased with Tumblr. Google Reader has Tumblr in its preset list of Send To sites which makes it relatively easy to add articles. And Tumblr's UX for adding things lets me easily pick a photo or video to display from the article - something which I had put together with a less convenient UX on my bespoke blogging system. For adding things outside of Google Reader I made a Tumblr accelerator to hookup to the Tumblr Add UX.

Of course they have an RSS feed which I hooked up to my blog. The only issue I had there is that when you add a link (and not a video or photo) to Tumblr, the RSS feed entry title for that link is repeated in the entry description as a link followed by a colon and then the actual description entered into Tumblr. I want my title separate so I can apply my own markup so I did a bit of parsing of the description to remove the repeated title from the description.

PermalinkCommentsblog tumblr me technical google-reader

Indicating Character Encoding and Language for HTTP Header Field Parameters

2011 Nov 24, 7:45

From the document: ‘Appendix B. Implementation Report: The encoding defined in this document currently is used for two different HTTP header fields: “Content-Disposition”, defined in [RFC6266], and “Link”, defined in [RFC5988]. As the encoding is a profile/clarification of the one defined in [RFC2231] in 1997, many user agents already supported it for use in “Content-Disposition” when [RFC5987] got published.

Since the publication of [RFC5987], two more popular desktop user agents have added support for this encoding; see http://purl.org/
   NET/http/content-disposition-tests#encoding-2231-char for details. At this time, only one major desktop user agent (Safari) does not support it.

Note that the implementation in Internet Explorer 9 does not support the ISO-8859-1 encoding; this document revision acknowledges that UTF-8 is sufficient for expressing all code points, and removes the requirement to support ISO-8859-1.’

Yay for UTF-8!

PermalinkCommentstechnical http http-headers ie9 internationalization utf-8 encoding

Glimpse of the future: Fiddler and HTML5 WebSockets

2011 Nov 24, 5:00PermalinkCommentstechnical fiddler websockets html5

Evolving ECMAScript

2011 Nov 24, 4:44PermalinkCommentstechnical javascript programming

In Response to SOPA, Reddit Meshnet Project picks up steam (forbes.com)

2011 Nov 24, 4:25PermalinkCommentstechnical networking wireless mesh

Google Now Censors The Pirate Bay, isoHunt, 4Shared and More (torrentfreak.com)

2011 Nov 24, 4:06PermalinkCommentstechnical google censorship

URI Empty Path Segments Matter

2011 Nov 23, 11:00

Shortly after joining the Internet Explorer team I got a bug from a PM on a popular Microsoft web server product that I'll leave unnamed (from now on UWS). The bug said that IE was handling empty path segments incorrectly by not removing them before resolving dotted path segments. For example UWS would do the following:

A.1. http://example.com/a/b//../
A.2. http://example.com/a/b/../
A.3. http://example.com/a/
In step 1 they are given a URI with dotted path segment and an empty path segment. In step 2 they remove the empty path segment, and in step 3 they resolve the dotted path segment. Whereas, given the same initial URI, IE would do the following:
B.1. http://example.com/a/b//../
B.2. http://example.com/a/b/
IE simply resolves the dotted path segment against the empty path segment and removes them both. So, how did I resolve this bug? As "By Design" of course!

The URI RFC allows path segments of zero length and does not assign them any special meaning. So generic user agents that intend to work on the web must not treat an empty path segment any different from a path segment with some text in it. In the case above IE is doing the correct thing.

That's the case for generic user agents, however servers may decide that a URI with an empty path segment returns the same resource as a the same URI without that empty path segment. Essentially they can decide to ignore empty path segments. Both IIS and Apache work this way and thus return the same resource for the following URIs:

http://exmaple.com/foo//bar///baz
http://example.com/foo/bar/baz
The issue for UWS is that it removes empty path segments before resolving dotted path segments. It must follow normal URI procedure before applying its own additional rules for empty path segments. Not doing that means they end up violating URI equivalency rules: URIs (A.1) and (B.2) are equivalent but UWS will not return the same resource for them.
PermalinkCommentsuser agent url ie uri technical web browser

Features of image type input tags in HTML

2011 Nov 21, 11:00

A bug came up the other day involving markup containing <input type="image" src="http://example.com/.... I knew that "image" was a valid input type but it wasn't until that moment that I realized I didn't know what it did. Looking it up I found that it displays the specified image and when the user clicks on the image, the form is submitted with an additional two name value pairs: the x and y positions of the point at which the user clicked the image.

Take for example the following HTML:

<form action="http://example.com/">
<input type="image" name="foo" src="http://deletethis.net/dave/images/davebefore.jpg">
</form>
If the user clicks on the image, the browser will submit the form with a URI like the following:http://example.com/?foo.x=145&foo.y=124.

This seemed like an incredibly specific feature to be built directly into the language when this could instead be done with javascript. I looked a bit further and saw that its been in HTML since at least HTML2, which of course makes much more sense. Javascript barely existed at that point and sending off the user's click location in a form may have been the only way to do something interesting with that action.

PermalinkCommentsuri technical form history html

Replacing Delicious with Google Reader

2011 Nov 17, 11:00

I had previously replaced my use of Delicious with Google Reader. Delicious had a number of issues during their switch over from Yahoo to the new owners and I was eventually fed up enough to remove it from daily use. I used Delicious to do the following things:

  • Create a list of things to read later
  • Save things to read again in the future
  • Search through things I read and enjoyed (esp via tags)
  • Annotate and share things on my blog
I realized that since I did most of my web browsing in Google Reader now anyway I may as well make use of its features. I star things to note I want to read it later or save to read again later. I can annotate with notes in Google Reader and I can share items to my web site by way of the shared items feed. Additionally for when I'm not in Google Reader there's a bookmarklet to add an arbitrary web site as a shared item in Google Reader.

Of course I wrote this and switched over about 1 week before Google removed the sharing feature from Google Reader. I'm irritated but in practice it forced me to find a different option which has worked out mostly better. New blog post coming soon about that...

PermalinkCommentsblog delicious me technical google-reader google feed

(via Eve’s Wireless, Silent Film About The World’s First Mobile...

2011 Nov 17, 3:48


(via Eve’s Wireless, Silent Film About The World’s First Mobile Phone (1922))

PermalinkCommentshistory technology phone cell-phone video

"Forwarded HTTP Extension" - Andreas Petersson, Martin Nilsson

2011 Nov 17, 3:30

Describes forward HTTP headers to explicitly list proxying information that might otherwise be lost.

PermalinkCommentstechnical ietf http http-header proxy

"JSON Patch" - Paul Bryan

2011 Nov 17, 1:06

Mime-type for describing the difference between two JSON resources (in JSON using JSON paths)

PermalinkCommentstechnical mime mime-type json ietf

Malware Signed With a Governmental Signing Key - F-Secure Weblog : News from the Lab

2011 Nov 16, 12:19

“It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government.”

PermalinkCommentstechnical ssl

Elements of Modern C++ Style (herbsutter.com)

2011 Nov 15, 11:59

Summary of some of the new C++ features with comments and suggested usage.  Not sure I agree with the take on auto.

‘“C++11 feels like a new language.” – Bjarne Stroustrup’

PermalinkCommentstechnical c++ programming

"JSON Reference" - Paul Bryan, Kris Zyp

2011 Nov 14, 8:24PermalinkCommentstechnical json ietf

Things That Turbo Pascal is Smaller Than (dadgum.com)

2011 Nov 14, 7:52PermalinkCommentstechnical humor programming

"Additional HTTP Status Codes" - Mark Nottingham, Roy Fielding

2011 Nov 14, 7:51

Includes ‘511 Network Authentication Required’ for airport/hotel/coffee shop scenarios!  Am I too excited about this?

PermalinkCommentstechnical ietf http http-status-codes

"HTTP Strict Transport Security (HSTS)" - Jeff Hodges, Collin Jackson, Adam Barth

2011 Nov 14, 5:28PermalinkCommentstechnical https ietf
Older EntriesNewer Entries Creative Commons License Some rights reserved.