2009 Mar 23, 12:58Details on a particular browser exploit and how its been resolved in IE8. "One approach they presented allowed attackers to use .NET framework DLL's to allocate executable pages of memory at
predictable locations within the iexplore.exe process. They were then able to demonstrate how .NET behavior could be combined with a separate exploitable memory corruption vulnerability to run
arbitrary code."
security ie8 ie browser hack via:ericlaw 2009 Mar 23, 11:06The HTML5 spec tells us how it is in the real world for URLs: "This specification defines various algorithms for dealing with Web addresses intended for use by HTML user agents. For historical
reaons, in order to be compatible with existing Web content HTML user agents need to implement a number of processes not defined by the URI and IRI specifications [RFC3986], [RFC3987]."
html html5 url uri reference w3c 2009 Mar 23, 9:41"So heres my trip to Chernobyl in pictures." Nice photo of the tree growing through the floor next to the chair. The whole set is like Fallout 3 but there's plants. Didn't realize plants could do
well in such a situation.
via:swannman photo history science nuclear russia chernobyl 2009 Mar 22, 10:35Graphic designer's awesome resume.
resume internet art design portfolio 2009 Mar 20, 4:51
Working on Internet Explorer extensions in C++ & COM, I had to relearn or rediscover how to do several totally basic and important things. To save myself and possibly others trouble in the
future, here's some pertinent links and tips.
First you must choose your IE extensibility point. Here's a very short list of the few I've used:
Once you've created your COM object that implements IObjectWithSite and whatever other interfaces your extensibility point requires as described in the above links you'll see your SetSite method
get called by IE. You might want to know how to get the top level browser object from the IUnknown site object passed in via that method.
After that you may also want to listen for some events from the browser. To do this you'll need to:
- Implement the dispinterface that has the event you want. For instance DWebBrowserEvents2, or HTMLDocumentEvents, or HTMLWindowEvents2. You'll have
to search around in that area of the documentation to find the event you're looking for.
- Register for events using AtlAdvise. The object you need to subscribe to depends on the events you want. For example, DWebBrowserEvents2 come from the webbrowser object, HTMLDocumentEvents come
from the document object assuming its an HTML document (I obtained via get_Document method on the webbrowser), and
HTMLWindowEvents2 come from the window object (which oddly I obtained via calling the get_script method on the document object).
Note that depending on when your SetSite method is called the document may not exist yet. For my extension I signed up for browser events immediately and then listened for events like NavigateComplete before signing up for document and window events.
- Implement IDispatch. The Invoke method will get called with event notifications from the dispinterfaces you sign up for in AtlAdvise. Implementing Invoke manually is a slight pain as all the
parameters come in as VARIANTs and are in reverse order. There's some ATL macros that may make this easier but I didn't bother.
- Call AtlUnadvise at some point -- at the latest when SetSite is called again and your site object changes.
If you want to check if an IHTMLElement is not visible on screen due how the page is scrolled, try comparing the Body or
Document Element's client height and width,
which appears to be the dimensions of the visible document area, to the element's bounding client rect which appears to be
its position relative to the upper left corner of the visible document area. I've found this to be working for me so far, but I'm not positive that frames, iframes, zooming, editable document
areas, etc won't mess this up.
Be sure to use pointers you get from the IWebBrowser/IHTMLDocument/etc. only on the thread on which you obtained the pointer or correctly marshal the pointers to other threads to avoid weird crashes and hangs.
Obtaining the HTML document of a subframe is slightly more complicated then you might hope. On the other hand this might
be resolved by the new to IE8 method IHTMLFrameElement3::get_contentDocument
Check out Eric's IE blog post on IE extensibility which has some great links on this topic as well.
technical boring internet explorer com c++ ihtmlelement extension 2009 Mar 16, 4:23The underwhelming answer to the question of "What are the commonest five-word sequences on the Web?"
languagelog culture internet web research language english 2009 Mar 16, 4:22"This data set, contributed by Google Inc., contains English word n-grams and their observed frequency counts. The length of the n-grams ranges from unigrams (single words) to five-grams. We expect
this data will be useful for statistical language modeling, e.g., for machine translation or speech recognition, as well as for other uses." 6 DVDs for only $150 with licensing restri... ok nm.
language google statistics database text 2009 Mar 12, 2:17
I've made an extension for Internet Explorer 8, FormToAccelerator which turns HTML forms on a web page into either an accelerator or a search
provider. In the design of the accelerators format we intentionally had HTML forms in mind so that it would be easy to create accelerators for existing web services. Consequently, creating an
accelerator from an HTML form is a natural concept and an extension I've been meaning to finish for many months now.
This is similar in concept to the Opera feature that lets you add a form as a search provider. The user experience is very rough and requires some knowledge of accelerator variables. If I can come
up with a better interaction model I may update this in the future, but at the moment all the designs I can come up with require way too much effort. Install IE8 RC1 and then try out FormToAccelerator.
activity html accelerator ie8 internet-explorer activities formtoaccelerator extension 2009 Mar 12, 12:04Google's chart API can generate QR codes. Just specify in the URL the chart type as 'qr', and the data you want encoded and the returned resource is a QR code image for that data. Just installed a QR
code reader on my phone.
qr barcode google api chart mobile web cellphone qrcode 2009 Mar 10, 9:22Justin Frankel (Previously Winamp/Nullsoft guy) makes a designated graffiti box on his garage with the note: "All are welcome to express themselves in the box below. Printing within the above box is
hereby expressly permitted and shall not be considered 'graffiti' in accordance with article #23 of the San Francico Municipal Code." Before graffiti: , And with graffiti:
graffiti cultural-disobediance legal san-francisco nullsoft justin-frankel blog 2009 Mar 10, 5:15"We built this ... (many people wished we hadn't) ... the Rainbow Vomiting Panda of Awesomeness as an experiment (which used Ling Ling fwiw)." WTF? "It's a stream of, on average, more interesting
photos then you'd generally get from polling Everyone's photos. The quality is pretty good, the best thing to do is watch The Panda for a while and figure out if a) you want to build something with a
live stream of photos b) you can build something more better than a vomiting panda (which lets face it, it pretty hard to top!)."
humor panda flickr reference api photos 2009 Mar 6, 5:02Reminds me of the guy from the Jose Chung episode of the X-Files that would repeatedly yell 'Roswell!' whenever he felt he was the subject of government oppression. The more time passes I only end up
remembering the awesome episodes of the X-Files.
comic cory-doctorow sheep humor censorship 2009 Mar 6, 1:21"BE IT FURTHER RESOLVED, That the Washington State Senate honor Jerry Holkins and Mike Krahulik for their hard work and dedication to improving the lives of hospitalized children worldwide through
their creation and continued work with Child's Play Charity"
comic charity videogames penny-arcade goverment washington senate 2009 Mar 6, 5:16
I've found while debugging networking in IE its often useful to quickly tell if a string is encoded in UTF-8. You can check for the Byte Order Mark (EF BB BF in UTF-8) but, I rarely see the BOM on
UTF-8 strings. Instead I apply a quick and dirty UTF-8 test that takes advantage of the well-formed UTF-8 restrictions.
Unlike other multibyte character encoding forms (see Windows supported character sets or IANA's list of character sets), for example Big5, where sticking together any two bytes is more likely than not to give a valid byte sequence, UTF-8 is more restrictive. And unlike
other multibyte character encodings, UTF-8 bytes may be taken out of context and one can still know that its a single byte character, the starting byte of a three byte sequence, etc.
The full rules for well-formed UTF-8 are a little too complicated for me to commit to memory. Instead I've got my own simpler (this is the quick part) set of rules that will be mostly correct (this
is the dirty part). For as many bytes in the string as you care to examine, check the most significant digit of the byte:
-
F:
-
This is byte 1 of a 4 byte encoded codepoint and must be followed by 3 trail bytes.
-
E:
-
This is byte 1 of a 3 byte encoded codepoint and must be followed by 2 trail bytes.
-
C..D:
-
This is byte 1 of a 2 byte encoded codepoint and must be followed by 1 trail byte.
-
8..B:
-
This is a trail byte.
-
0..7:
-
This is a single byte encoded codepoint.
The simpler rules can produce false positives in some cases: that is, they'll say a string is UTF-8 when in fact it might not be. But it won't produce false negatives. The following is table
from the
Unicode spec. that actually describes well-formed UTF-8.
|
Code Points
|
1st Byte
|
2nd Byte
|
3rd Byte
|
4th Byte
|
|
U+0000..U+007F
|
00..7F
|
|
U+0080..U+07FF
|
C2..DF
|
80..BF
|
|
U+0800..U+0FFF
|
E0
|
A0..BF
|
80..BF
|
|
U+1000..U+CFFF
|
E1..EC
|
80..BF
|
80..BF
|
|
U+D000..U+D7FF
|
ED
|
80..9F
|
80..BF
|
|
U+E000..U+FFFF
|
EE..EF
|
80..BF
|
80..BF
|
|
U+10000..U+3FFFF
|
F0
|
90..BF
|
80..BF
|
80..BF
|
|
U+40000..U+FFFFF
|
F1..F3
|
80..BF
|
80..BF
|
80..BF
|
|
U+100000..U+10FFFF
|
F4
|
80..8F
|
80..BF
|
80..BF
|
test technical unicode boring charset utf8 encoding 2009 Feb 27, 11:00Raymond Chen has a years worth of blog content written and scheduled! "To give you an idea of how far in advance I write my blog entries, I wrote this particular entry on February 13, 2008. ... this
particular entry ended up on February 27, 2009 because that was the next available open day. ... Now, with a buffer of over a year, I do have quite a bit of leeway in choosing when any particular
article is published." Humorous commentor John writes in response: "If you were to disappear off the face of the Earth, how long would it be before we knew?"
blog raymond-chen writing humor 2009 Feb 26, 11:52This is what I'd like in a newspaper: "1: Focus on original content, do not rewrite wire stories or press releases." and "2: Focus on hyper-local coverage, newspapers should "own" their regional beat
because they have the best contacts and the best understanding of local companies and issues."
via:sambrook newspaper advertising business journalism internet 2009 Feb 26, 11:41"Aerosmith has reportedly earned more from 'Guitar Hero : Aerosmith' than from any single album in the band's history." Games are usually more expensive than albums but still impressive stat.
via:ethan_t_hein music guitar-hero videogames copyright art media rock-band ip riaa 2009 Feb 23, 10:34Lots of neat web APIs. Added to Delicious network. "Over the past year, I've been tagging interesting data I find on the web in del.icio.us. I wrote a quick python script to pull the relevant links
from my del.icio.us export and list them at the bottom of this post. Most of these datasets are related to machine learning, but there are a lot of government, finance, and search datasets as well."
api data semanticweb information reference 2009 Feb 23, 10:31"This is an experimental service that makes the Library of Congress Subject Headings available as linked-data using the SKOS vocabulary. The goal of lcsh.info is to encourage experimentation and use
of LCSH on the web with the hopes of informing a similar effort at the Library of Congress to make a continually updated version available. More information about the Linked Data effort can be found
on the W3C Wiki."
library-of-congress loc semanticweb web rdf metadata library api 2009 Feb 10, 11:22Game theory analysis of the opening scene of Dark Knight.
game-theory analysis economics movie batman
Some rights reserved