face page 2 - Dave's Blog

Retweet of mikeyface

2015 Oct 26, 9:03

Posting again because I seriously can’t get over how insanely well executed @krisstraub’s new short is: https://www.youtube.com/watch?v=mw_HKzo9Ync …

Retweet of SwiftOnSecurity

2015 Aug 16, 1:09

.@realnzall Don't worry, Tay has a physical hard drive wiper with verification pass and optional label printer

pic.twitter.com/PgAqBKXgCH

Retweet of kylealden

2015 Apr 6, 8:51

Unlimited power forever. RT @NeowinFeed: what happens when you plug Surface 3 into itself http://neow.in/1Gi3ZPj pic.twitter.com/R5kAduccqn

Retweet of ericlaw

2015 Mar 30, 12:19

For the second time today, I've added a new feature to Fiddler only to discover it was already there.

Retweet of codepo8

2015 Mar 8, 9:44

Facemoji - face detection and overlay - http://facemoji.me/ - excellent user interface, too.

Retweet of edent

2015 Feb 26, 3:16

Facebook Mangles Unicode URLs https://shkspr.mobi/blog/?p=20643

Retweet of TimHarford

2015 Feb 26, 2:01

Does using Facebook make you sad? The answer: yes, if you use it in certain ways... http://dlvr.it/8lzYyS

Retweet of theharmonyguy

2015 Feb 24, 7:41

2014 highlights from Facebook's bug bounty program: https://www.facebook.com/notes/1026610350686524/ …

Retweet of shaver

2015 Feb 20, 4:19

Facebook Security published a note with some info on Superfish: https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339 …

Retweet of latest_is

2015 Feb 10, 6:35

Automating Tinder with Eigenfaces http://crockpotveggies.com/2015/02/09/automating-tinder-with-eigenfaces.html …

intoosteep: She died as she lived: walking down stairs checking Facebook statuses.

2015 Jan 17, 6:59

Claire Ayoub @intoosteep :
She died as she lived: walking down stairs checking Facebook statuses.

How I Pranked My Roommate With Eerily Targeted Facebook Ads

2014 Sep 18, 2:27

“This is the chronicle of the most epic retaliation and how I pranked my roommate with targeted Facebook Ads to the point of complete paranoia and delusion.”

Funny anecdote but also a how-to on creating a Facebook ad campaign that targets a single person.

Detect login with CSP - When Security Generates Insecurity

2014 Jul 8, 1:13

An interesting way to use the report-uri feature of CSP to detect if a user is logged into Google, Facebook etc.

technical security csp web

Nieman Journalism Lab - Who’s behind that tweet? Here’s how 7...

2014 May 29, 4:03

Nieman Journalism Lab - Who’s behind that tweet? Here’s how 7 news orgs manage their Twitter and Facebook accounts

news twitter

location.hash and location.search are bad and they should feel bad

2014 May 22, 9:25

The DOM location interface exposes the HTML document's URI parsed into its properties. However, it is ancient and has problems that bug me but otherwise rarely show up in the real world. Complaining about mostly theoretical issues is why blogging exists, so here goes:

The location object's search, hash, and protocol properties are all misnomers that lead to confusion about the correct terms:
- The 'search' property returns the URI's query property. The query property isn't limited to containing search terms.
- The 'hash' property returns the URI's fragment property. This one is just named after its delimiter. It should be called the fragment.
- The 'protocol' property returns the URI's scheme property. A URI's scheme isn't necessarily a protocol. The http URI scheme of course uses the HTTP protocol, but the https URI scheme is the HTTP protocol over SSL/TLS - there is no HTTPS protocol. Similarly for something like mailto - there is no mailto wire protocol.
The 'hash' and 'search' location properties both return null in the case that their corresponding URI property doesn't exist or if its the empty string. A URI with no query property and a URI with an empty string query property that are otherwise the same, are not equal URIs and are allowed by HTTP to return different content. Similarly for the fragment. Unless the specific URI scheme defines otherwise, an empty query or hash isn't the same as no query or hash.

But like complaining about the number of minutes in an hour none of this can ever change without huge compat issues on the web. Accordingly I can only give my thanks to Anne van Kesteren and the awesome work on the URL standard moving towards a more sane (but still working practically within the constraints of compat) location object and URI parsing in the browser.

thefrogman: Poorly Drawn Lines by Reza...

2013 Oct 15, 7:47

thefrogman:

Poorly Drawn Lines by Reza Farazmand
[website | tumblr | twitter | facebook]

humor comic robot

Considerate MessagePort Usage

2013 Aug 7, 7:14

Sharing by leezie5. Two squirrels sharing food hanging from a bird feeder. Used under Creative Commons license Attribution-NonCommercial-NoDerivs 2.0 Generic.

When writing a JavaScript library that uses postMessage and the message event, I must be considerate of other JS code that will be running along side my library. I shouldn't assume I'm the only sender and receiver on a caller provided MessagePort object. This means obviously I should use addEventListener("message" rather than the onmessage property (see related What if two programs did this?). But considering the actual messages traveling over the message channel I have the issue of accidentally processing another libraries messages and having another library accidentally process my own message. I have a few options for playing nice in this regard:

Require a caller provided unique MessagePort: This solves the problem but puts a lot of work on the caller who may not notice nor follow this requirement.
Uniquely mark my messages: To ensure I'm acting upon my own messages and not messages that happen to have similar properties as my own, I place a 'type' property on my postMessage data with a value of a URN unique to me and my JS library. Usually because its easy I use a UUID URN. There's no way someone will coincidentally produce this same URN. With this I can be sure I'm not processing someone else's messages. Of course there's no way to modify my postMessage data to prevent another library from accidentally processing my messages as their own. I can only hope they take similar steps as this and see that my messages are not their own.
Use caller provided MessagePort only to upgrade to new unique MessagePort: I can also make my own unique MessagePort for which only my library will have the end points. This does still require the caller to provide an initial message channel over which I can communicate my new unique MessagePort which means I still have the problems above. However it clearly reduces the surface area of the problem since I only need once message to communicate the new MessagePort.

The best solution is likely all of the above.
Photo is Sharing by leezie5. Two squirrels sharing food hanging from a bird feeder. Used under Creative Commons license Attribution-NonCommercial-NoDerivs 2.0 Generic.

DOM html javascript messagechannel postMessage programming technical

Words with Hints Windows 8 App Development Notes

2013 Jul 4, 1:00

My second completed app for the Windows Store was Words with Hints a companion to Words with Friends or other Scrabble like games that gives you *ahem* hints. You provide your tiles and optionally letters placed in a line on the board and Words with Hints gives you word options.

I wrote this the first time by building a regular expression to check against my dictionary of words which made for a slow app on the Surface. In subsequent release of the app I now spawn four web workers (one for each of the Surface's cores) each with its own fourth of my dictionary. Each fourth of the dictionary is a trie which makes it easy for me to discard whole chunks of possible combinations of Scrabble letters as I walk the tree of possibilities.

The dictionaries are large and takes a noticeable amount of time to load on the Surface. The best performing mechanism I found to load them is as JavaScript source files that simply define their portion of the dictionary on the global object and synchronously (only on the worker so not blocking the UI thread). Putting them into .js files means they take advantage of bytecode caching making them load faster. However because the data is mostly strings and not code there is a dramatic size increase when the app is installed. The total size of the four dictionary .js files is about 44Mb. The bytecode cache for the dictionary files is about double that 88Mb meaning the dictionary plus the bytecode cache is 132Mb.

To handle the bother of postMessage communication and web workers this was the first app in which I used my promise MessagePort project which I'll discuss more in the future.

This is the first app in which I used the Microsoft Ad SDK. It was difficult to find the install for the SDK and difficult to use their website, but once setup, the Ad SDK was easy to import into VS and easy to use in my app.

development technical windows windows-store words-with-hints

Windows Store on Windows 8 Fun For Independent Developers

2013 Jun 24, 1:00

Having worked on Windows 8 I'm not in a neutral position to review aspects of it, however I'll say from a high level I love taking the following various positives from smart phone apps and app stores and applying it to the desktop:

Independent developers can easily publish apps.
One trusted place for a user to find apps.
User can trust apps are limited to a declared set of capabilities.
One common and easy way for users to buy and try apps.
Easy mechanism for independent developers to collect revenue.

Relieving the independent developer of software development overhead, in this case Windows taking care of distribution and sales infrastructure is wonderful for me with my third party developer hat on. This combined with my new found fun of developing in JavaScript and the new Windows Runtime APIs means I've been implementing and finishing various ideas I've had - some for fun and some for productivity on my Surface. Development notes to follow.

store technical windows windows-store