This line is as good as/better than the
“Yes, I am serious and don’t called me shirley.” line thing.
Specifically Twitter has said that they will only used these assigned patent rights defensively to protect themselves against hostile actions. And further that any company that acquires these patent rights from Twitter will need the inventor’s consent to use them in an offensive action. Twitter has also provided the inventor with certain rights to license the patent to others for defensive purposes. You can read the entire set of provisions on GitHub.
Astronaut endorses destroying the moon!
The best exchange on the IAmA:
Ghostshirts it’s been a dream for a long time now, do you think that we’ll actually be able to blow up the moon in our lifetime?
RonGaran I truly believe that we can accomplish anything we set our minds on. We only need the will to do it
By the URI RFC there is only one way to represent a particular IPv4 address in the host of a URI. This is the standard dotted decimal notation of four bytes in decimal with no leading zeroes delimited by periods. And no leading zeros are allowed which means there's only one textual representation of a particular IPv4 address.
However as discussed in the URI RFC, there are other forms of IPv4 addresses that although not officially allowed are generally accepted. Many implementations used inet_aton to parse the address from the URI which accepts more than just dotted decimal. Instead of dotted decimal, each dot delimited part can be in decimal, octal (if preceded by a '0') or hex (if preceded by '0x' or '0X'). And that's each section individually - they don't have to match. And there need not be 4 parts: there can be between 1 and 4 (inclusive). In case of less than 4, the last part in the string represents all of the left over bytes, not just one.
For example the following are all equivalent:
The bread and butter of URI related security issues is when one part of the system disagrees with another about the interpretation of the URI. So this non-standard, non-normal form syntax has been been a great source of security issues in the past. Its mostly well known now (CreateUri normalizes these non-normal forms to dotted decimal), but occasionally a good tool for bypassing naive URI blocking systems.
Cool, although I was hoping this would be done in HTML and JS. Now that would be impressive.
CreateIUriBuilder(resolvedUri, 0, 0, &builder);
builder->SetHost(host);
builder->CreateUri(0xFFFFFFFF, 0, 0, &resolvedUri); ResolveHost(resolvedUri, &resolvedUri); operator T**()
{
T *ptrValue = mPtrValue;
mPtrValue->Release();
mPtrValue = NULL;
return &ptrValue;
}
Working on GeolocMock it took me a bit to realize why my HTML could use the W3C Geolocation API in IE9 but not in my WebBrowser control in my .NET application. Eventually I realized that I was getting the wrong IE doc mode. Reading this old More IE8 Extensibility Improvements IE blog post from the IE blog I found the issue is that for app compat the WebOC picks older doc modes but an app hosting the WebOC can set a regkey to get different doc modes. The IE9 mode isn't listed in that article but I took a guess based on the values there and the decimal value 9999 gets my app IE9 mode. The following is the code I run in my application to set its regkey so that my app can get the IE9 doc mode and use the geolocation API.
static private void UseIE9DocMode()
{
RegistryKey key = null;
try
{
key = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION", true);
}
catch (Exception)
{
key = Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BROWSER_EMULATION");
}
key.SetValue(System.Diagnostics.Process.GetCurrentProcess().MainModule.ModuleName, 9999, RegistryValueKind.DWord);
key.Close();
}
I've made GeolocMock. If your PC has no geolocation devices, IE9 uses a webservice to determine your location. GeolocMock uses FiddlerCore to intercept the response from the webservice and allows the user to replace the location in the response with another. This was a fun weekend project in order to play with FiddlerCore, the W3C Geoloc APIs in IE9, hosting the IE9 WebOC in a .NET app, and the Bing Maps APIs.
Sarah and I had Thanksgiving dinner at our house the Sunday before.
Sarah's parents and siblings came as well as my parents who came up for the a handful of days. It was our first time hosting Thanksgiving so I was a little nervous, but my parents helped us setup
and get ready so of course it went well! I cheated a bit: I ordered a turkey online from Whole Foods where you can just tell them when you want to pick it up, they have it cooked and ready
including garnish and you just need to warm it up. When we moved in together Sarah and I each had slightly different small dining room tables. Thankfully they're roughly the same height and width
and we could put them together end to end and seat everybody with no room to spare. On actual Thanksgiving day we went over to Rachel & Anson's lovely new place for Thanksgiving and the annual
game of Trivial Pursuit.
QFC, the grocery store closest to me, has those irritating shoppers cards. They try to motivate me to use it with
discounts, but that just makes me want to use a card, I don't care whose card and
I don't care if the data is accurate. They should let me have my data or make it useful to me so that I actually care.
I can imagine several useful tools based on this: automatic grocery lists, recipes using the food you purchased, cheaper alternatives to your purchases, other things you might like based on what you purchased, or integration with dieting websites or software. At any rate, right now all I care about is getting the discount from using a card, but if they made the data available to me then the grocery store could align our interests and I'd want to ensure the data's accuracy.
Some rights reserved