technical page 2 - Dave's Blog


MotherJones - Meet the people behind the Wayback Machine, one of...

2014 Jun 1, 4:16

MotherJones - Meet the people behind the Wayback Machine, one of our favorite things about the internet

PermalinkCommentstechnical internet-archive

XSS game

2014 May 29, 1:10

Google’s XSS training game. Learn how to find XSS issues for fun and profit.

PermalinkCommentstechnical web security xss google

So You Want To Write Your Own CSV code? · TBurette

2014 May 25, 1:46

Additional considerations beyond the naïve implementation of a CSV parser.

PermalinkCommentscsv technical

ios - Capture image via captureStillImageAsynchronouslyFromConnection with no shutter sound - Stack Overflow

2014 May 24, 2:42

The best hack I’ve seen in a while. With no way to disable the shutter sound from the capture photo API, the developer creates the inverse waveform of the shutter sound and plays it at the same time to cancel out the shutter sound.

PermalinkCommentstechnical humor ios photo sound

Cloud Share - New App

2014 May 23, 4:06

I've put a new app on the Windows Store: Cloud Share. It connects the web to your Windows 8 share charm.

I did the development on GitHub and quite enjoyed myself. I wasn't sure I liked the game-ification of development in GitHub's dashboard showing you your longest development streak in days. However I realized that it encourages me to do work on my personal project and anything that aids in holding my attention on and helping me finish these projects is a good thing.

PermalinkCommentsdevelopment github javascript JS technical windows

Debugging anecdote - the color transparent black breaks accessibility

2014 May 22, 10:36

Some time back while I was working on getting the Javascript Windows Store app platform running on Windows Phone (now available on the last Windows Phone release!) I had an interesting bug that in retrospect is amusing.

I had just finished a work item to get accessibility working for JS WinPhone apps when I got a new bug: With some set of JS apps, accessibility appeared to be totally broken. At that time in development the only mechanism we had to test accessibility was a test tool that runs on the PC, connects to the phone, and dumps out the accessibility tree of whatever app is running on the phone. In this bug, the tool would spin for a while and then timeout with an error and no accessibility information.

My first thought was this was an issue in my new accessibility code. However, debugging with breakpoints on my code I could see none of my code was run nor the code that should call it. The code that called that code was a more generic messaging system that hit my breakpoints constantly.

Rather than trying to work backward from the failure point, I decided to try and narrow down the repro and work forwards from there. One thing all the apps with the bug had in common was their usage of WinJS, but not all WinJS apps demonstrated the issue. Using a binary search approach on one such app I removed unrelated app code until all that was left was the app's usage of the WinJS AppBar and the bug still occurred. I replaced the WinJS AppBar usage with direct usage of the underlying AppBar WinRT APIs and continued.

Only some calls to the AppBar WinRT object produced the issue:

        var appBar = Windows.UI.WebUI.Core.WebUICommandBar.getForCurrentView(); 
// appBar.opacity = 1;
// appBar.closeDisplayMode = Windows.UI.WebUI.Core.WebUICommandBarClosedDisplayMode.default;
appBar.backgroundColor = Windows.UI.Colors.white; // Bug!
Just setting the background color appeared to cause the issue and I didn't even have to display the AppBar. Through additional trial and error I was blown away to discover that some colors I would set caused the issue and other colors did not. Black wouldn't cause the issue but transparent black would. So would aqua but not white.

I eventually realized that predefined WinRT color values like Windows.UI.Colors.aqua would cause the issue while JS literal based colors didn't cause the issue (Windows.UI.Color is a WinRT struct which projects in JS as a JS literal object with the struct members as JS object properties so its easy to write something like {r: 0, g: 0, b: 0, a: 0} to make a color) and I had been mixing both in my tests without realizing there would be a difference. I debugged into the backgroundColor property setter that consumed the WinRT color struct to see what was different between and {a: 1, r: 0, g: 0, b: 0} and found the two structs to be byte wise exactly the same.

On a hunch I tried my test app with only a reference to the color and otherwise no interaction with the AppBar and not doing anything with the actual reference to the color:;. This too caused the issue. I knew that the implementation for these WinRT const values live in a DLL and guessed that something in the code to create these predefined colors was causing the issue. I debugged in and no luck. Now I also have experienced crusty code that would do exciting things in its DllMain, the function that's called when a DLL is loaded into the process so I tried modifying my C++ code to simply LoadLibrary the DLL containing the WinRT color definition, windows.ui.xaml.dll and found the bug still occurred! A short lived moment of relief as the world seemed to make sense again.

Debugging into DllMain nothing interesting happened. There were interesting calls in there to be sure, but all of them behind conditions that were false. I was again stumped. On another hunch I tried renaming the DLL and only LoadLibrary'ing it and the bug went away. I took a different DLL renamed it windows.ui.xaml.dll and tried LoadLibrary'ing that and the bug came back. Just the name of the DLL was causing the issue.

I searched for the DLL name in our source code index and found hits in the accessibility tool. Grinning I opened the source to find that the accessibility tool's phone side service was trying to determine if a process belonged to a XAML app or not because XAML apps had a different accessibility contract. It did this by checking to see if windows.ui.xaml.dll was loaded in the target process.

At this point I got to fix my main issue and open several new bugs for the variety of problems I had just run into. This is a how to on writing software that is difficult to debug.

PermalinkCommentsbug debug javascript JS technical windows winrt

A Complete Guide to Flexbox | CSS-Tricks

2014 May 22, 1:02

"The Flexbox Layout (Flexible Box) module (currently a W3C Candidate Recommendation) aims at providing a more efficient way to lay out, align and…"

Great diagrams showing the use of the various flex css properties. I can never keep them straight so this is perfect for me.

PermalinkCommentstechnical css flex

CodePlex - Virtual Router - Wifi Hot Spot for Windows 8, Windows 7 and 2008 R2

2014 May 21, 2:30

The original open source Wifi Hotpot for Windows 7, Windows 8 and Windows Server 2012!

Free open source software based router you can run on Windows to wirelessly share your Internet connection with other devices

PermalinkCommentstechnical tool wifi router free open-source windows

Guardian - Secrets, lies and Snowden’s email: why I was...

2014 May 21, 2:11

Guardian - Secrets, lies and Snowden’s email: why I was forced to shut down Lavabit

"For the first time, the founder of an encrypted email startup that was supposed to insure privacy for all reveals how the FBI and the US legal system made sure we don’t have the right to much privacy in the first place"

PermalinkCommentslaw legal encryption technical

URI Design and Ownership - IETF Draft

2014 May 21, 2:06

URI Design & Ownership - On the issues with and alternatives to requiring well known filenames and extensions in URIs. You must love the draft’s URI.

PermalinkCommentstechnical uri

GitHub - asciimoo/drawille

2014 May 21, 1:54

drawille - Drawing in terminal with unicode braille characters

Uses the Unicode Braille characters to make advanced (non-)ASCII art.

PermalinkCommentshumor technical art

Encrypted Web Traffic More Than Doubles

2014 May 18, 1:20

RT @PeerProd In Europe, encrypted traffic went from 1.47% to 6.10%, and in Latin America, it increased from 1.8% to 10.37% #NSA

PermalinkCommentstechnical security nsa encryption

Creating type-safe properties with ECMAScript 6 proxies | NCZOnline

2014 Apr 30, 9:12

Clearly the one JS feature we all agree on is ubiquity.

After some experimentation, I discovered that it’s possible to add type safety to JavaScript objects [via ES6 proxies] with just a few lines of code.

PermalinkCommentstechnical javascript es6 proxies


2014 Apr 29, 8:27

Does it betray my innocence that I’m shocked by the amount of exec($_GET you can easily find on github? Hilarious comment thread on hacker news: 

This is awful. Shell commands are not guaranteed to be idempotent, people! These should all be of the form exec($_POST, not exec($_GET.


PermalinkCommentshumor security http php technical

Bank robbers use KVM switch and 3G router to steal money

2014 Apr 28, 10:01

Using social engineering to install a remote-controlled keyboard-video-mouse (KVM) switch on bank PCs, the gang managed to transfer millions to outside accounts in two separate jobs in April and July of 2013. They were caught attempting to rob a third bank in September.

PermalinkCommentstechnical bank-robbery

FCC planning new Internet rules that will gut Net Neutrality. Get ready to pay more for the stuff you love online.

2014 Apr 24, 3:29
PermalinkCommentstechnical net-neutrality fcc bullshit

CSS Vocabulary

2014 Apr 17, 4:05

Lovely visualization for learning the names of CSS parts. Great concept and would like to see it applied to other languages.

PermalinkCommentstechnical css visualization

2014 Apr 14, 7:22
PermalinkCommentshumor technical ietf atlanteans

The 5 Things To Do About the New Heartbleed Bug

2014 Apr 9, 9:06

Its time to get a password manager.

PermalinkCommentssecurity password technical

Untrusted - a user javascript adventure game

2014 Apr 8, 6:53

The game is to figure out what constrained modifications you must make to beat the game.

PermalinkCommentstechnical programming javascript game
Older EntriesNewer Entries Creative Commons License Some rights reserved.