2009 Mar 25, 11:03Mario blows the warp whistle and finds himself in Chicago.
mario video videogames warp-whistle matthew-dominick via:boingboing 2009 Mar 23, 12:58Details on a particular browser exploit and how its been resolved in IE8. "One approach they presented allowed attackers to use .NET framework DLL's to allocate executable pages of memory at
predictable locations within the iexplore.exe process. They were then able to demonstrate how .NET behavior could be combined with a separate exploitable memory corruption vulnerability to run
arbitrary code."
security ie8 ie browser hack via:ericlaw 2009 Mar 23, 8:13
I've made another extension for IE8,
Outline View, which gives you a side bar in IE that displays an outline of the current page and lets you make intrapage bookmarks.
The outline is generated based on the heading tags in the document (e.g. h1, h2, etc), kind of like what W3C's Semantic data extractor
tool displays for an outline. So if the page doesn't use heading tags the way the HTML spec intended or just sticks img tags in them, then the outline doesn't look so hot. On a page that does
use headings as intended though it looks really good. For instance a section from the HTML 4 spec shows up quite nicely and I find its
actually useful to be able to jump around to the different sections. Actually, I've been surprised going to various blogs how well the outline view is actually working -- I thought a lot more
webdevs would be abusing their heading tags.
I've also added intrapage bookmarks. When you make a text selection and clear it, that selected text is added as a temporary intrapage bookmark which shows up in the correct place in the outline.
You can navigate to the bookmark or right click to make it permanent. Right now I'm storing the permanent intrapage bookmarks in IE8's new per-domain DOM storage because I wanted to avoid writing
code to synchronize a cross process store of bookmarks, it allowed me to play with the DOM storage a bit, and the bookmarks will get cleared appropriately when the user clears their history via the
control panel.
technical intrapage bookmark boring html ie8 ie extension 2009 Mar 20, 5:03"This package contains header files and libraries to help you develop Windows applications that use Windows Internet Explorer."
ie8 ie msdn microsoft development C++ com visual-studio windows 2009 Mar 20, 6:18
IE8, the software I've been working on for some time now, has finally been released at MIX09.
As I mentioned previously, I worked on
accelerators (previously named
Activities) in IE8. Looking at the
kinds of things I blog about on the IE Blog, you might also
correctly guess that I work on the networking stack. Ask me about what else I worked on during IE8 development. The past few months were very busy for me and I'm happy this is finally out.
technical internet explorer ie8 2009 Mar 20, 4:51
Working on Internet Explorer extensions in C++ & COM, I had to relearn or rediscover how to do several totally basic and important things. To save myself and possibly others trouble in the
future, here's some pertinent links and tips.
First you must choose your IE extensibility point. Here's a very short list of the few I've used:
Once you've created your COM object that implements IObjectWithSite and whatever other interfaces your extensibility point requires as described in the above links you'll see your SetSite method
get called by IE. You might want to know how to get the top level browser object from the IUnknown site object passed in via that method.
After that you may also want to listen for some events from the browser. To do this you'll need to:
- Implement the dispinterface that has the event you want. For instance DWebBrowserEvents2, or HTMLDocumentEvents, or HTMLWindowEvents2. You'll have
to search around in that area of the documentation to find the event you're looking for.
- Register for events using AtlAdvise. The object you need to subscribe to depends on the events you want. For example, DWebBrowserEvents2 come from the webbrowser object, HTMLDocumentEvents come
from the document object assuming its an HTML document (I obtained via get_Document method on the webbrowser), and
HTMLWindowEvents2 come from the window object (which oddly I obtained via calling the get_script method on the document object).
Note that depending on when your SetSite method is called the document may not exist yet. For my extension I signed up for browser events immediately and then listened for events like NavigateComplete before signing up for document and window events.
- Implement IDispatch. The Invoke method will get called with event notifications from the dispinterfaces you sign up for in AtlAdvise. Implementing Invoke manually is a slight pain as all the
parameters come in as VARIANTs and are in reverse order. There's some ATL macros that may make this easier but I didn't bother.
- Call AtlUnadvise at some point -- at the latest when SetSite is called again and your site object changes.
If you want to check if an IHTMLElement is not visible on screen due how the page is scrolled, try comparing the Body or
Document Element's client height and width,
which appears to be the dimensions of the visible document area, to the element's bounding client rect which appears to be
its position relative to the upper left corner of the visible document area. I've found this to be working for me so far, but I'm not positive that frames, iframes, zooming, editable document
areas, etc won't mess this up.
Be sure to use pointers you get from the IWebBrowser/IHTMLDocument/etc. only on the thread on which you obtained the pointer or correctly marshal the pointers to other threads to avoid weird crashes and hangs.
Obtaining the HTML document of a subframe is slightly more complicated then you might hope. On the other hand this might
be resolved by the new to IE8 method IHTMLFrameElement3::get_contentDocument
Check out Eric's IE blog post on IE extensibility which has some great links on this topic as well.
technical boring internet explorer com c++ ihtmlelement extension 2009 Mar 16, 2:35"Society doesn't need newspapers. What we need is journalism. For a century, the imperatives to strengthen journalism and to strengthen newspapers have been so tightly wound as to be
indistinguishable. That's been a fine accident to have, but when that accident stops, as it is stopping before our eyes, we're going to need lots of other ways to strengthen journalism instead."
internet clay-shirky newspaper copyright history journalism via:ethan_t_hein 2009 Mar 6, 5:16
I've found while debugging networking in IE its often useful to quickly tell if a string is encoded in UTF-8. You can check for the Byte Order Mark (EF BB BF in UTF-8) but, I rarely see the BOM on
UTF-8 strings. Instead I apply a quick and dirty UTF-8 test that takes advantage of the well-formed UTF-8 restrictions.
Unlike other multibyte character encoding forms (see Windows supported character sets or IANA's list of character sets), for example Big5, where sticking together any two bytes is more likely than not to give a valid byte sequence, UTF-8 is more restrictive. And unlike
other multibyte character encodings, UTF-8 bytes may be taken out of context and one can still know that its a single byte character, the starting byte of a three byte sequence, etc.
The full rules for well-formed UTF-8 are a little too complicated for me to commit to memory. Instead I've got my own simpler (this is the quick part) set of rules that will be mostly correct (this
is the dirty part). For as many bytes in the string as you care to examine, check the most significant digit of the byte:
-
F:
-
This is byte 1 of a 4 byte encoded codepoint and must be followed by 3 trail bytes.
-
E:
-
This is byte 1 of a 3 byte encoded codepoint and must be followed by 2 trail bytes.
-
C..D:
-
This is byte 1 of a 2 byte encoded codepoint and must be followed by 1 trail byte.
-
8..B:
-
This is a trail byte.
-
0..7:
-
This is a single byte encoded codepoint.
The simpler rules can produce false positives in some cases: that is, they'll say a string is UTF-8 when in fact it might not be. But it won't produce false negatives. The following is table
from the
Unicode spec. that actually describes well-formed UTF-8.
|
Code Points
|
1st Byte
|
2nd Byte
|
3rd Byte
|
4th Byte
|
|
U+0000..U+007F
|
00..7F
|
|
U+0080..U+07FF
|
C2..DF
|
80..BF
|
|
U+0800..U+0FFF
|
E0
|
A0..BF
|
80..BF
|
|
U+1000..U+CFFF
|
E1..EC
|
80..BF
|
80..BF
|
|
U+D000..U+D7FF
|
ED
|
80..9F
|
80..BF
|
|
U+E000..U+FFFF
|
EE..EF
|
80..BF
|
80..BF
|
|
U+10000..U+3FFFF
|
F0
|
90..BF
|
80..BF
|
80..BF
|
|
U+40000..U+FFFFF
|
F1..F3
|
80..BF
|
80..BF
|
80..BF
|
|
U+100000..U+10FFFF
|
F4
|
80..8F
|
80..BF
|
80..BF
|
test technical unicode boring charset utf8 encoding 2009 Mar 4, 2:39
I knew that the command line tool subst would create virtual drives that map to existing directories but I didn't know that subst lets you name the virtual drives with characters that aren't
US-ASCII letters. For instance you can run 'subst 4: C:\windows' and then 'more 4:\win.ini' to dump C:\windows\win.ini. This also works for non-US-ASCII characters like, "C" (aka U+FF23, Fullwidth Latin Capital Letter C), which when displayed by cmd.exe via some best fit style character conversions looks just like the regular US-ASCII 'C'. None of Explorer, IE, or the common file
dialogs allow the use of these odd virtual drives -- just cmd.exe, so I'm not sure how this would ever be useful but I thought it was odd and I wanted to share.
cli technical boring subst windows 2009 Feb 27, 10:49Finally, you can play solitare on your phone while waiting for Android to boot with VMWare's mobile phone OS: "VMware has demoed its mobile virtualisation platform, which could potentially let users
simultaneously run two different operating systems."
video vmware mobile phone cellphone os android google microsoft windows windows-ce 2009 Feb 26, 11:52This is what I'd like in a newspaper: "1: Focus on original content, do not rewrite wire stories or press releases." and "2: Focus on hyper-local coverage, newspapers should "own" their regional beat
because they have the best contacts and the best understanding of local companies and issues."
via:sambrook newspaper advertising business journalism internet 2009 Feb 24, 9:32Of course Netflix is already available on the 360, but PlayOn lets you watch Hulu on the 360. So far so good with the trial software. "Windows only: Previously mentioned Windows utility PlayOn-which
streams popular online video to your PS3, Xbox 360, and HP MediaSmart TV-has officially left its beta phase in the dust"
hulu video xbox xbox360 mediacenter dvr windows tv 2009 Feb 10, 6:34Real time stats on folks cursing on Twitter. Shows percentage change in usage by curse word.
twitter humor language swearing mashup 2009 Feb 5, 8:47Copy of the Netscape Navigator document (the original's long gone) describing the Proxy Auto-Config (PAC) file format and mime-type. Its a javascript file with at least one well known function that,
given a host, returns a string describing which methods are appropriate for a web browser to connect to that host.
javascript pac proxy http reference netscape navigator 2009 Feb 5, 8:39The long expired draft of the Web Proxy Autodiscovery Protocol (WPAD). To summarize, use DHCP and failing that DNS to find the name of a web server and on that web server find a Proxy Auto-Config
file at a well known localtion.
wpad proxy internet reference browser dns dhcp 2009 Feb 4, 4:30New URN schemes with no central minting authority. duri allows you to name a resource that was identified by the specified URI at the specified date (e.g. refers to the IETF's homepage at the end of
the year 2001). tdb allows you to name a physical object or entity that was described by a resource that was identified by a specified URI at the specified date (e.g. refers to IETF the orginization
as referenced by their homepage at the end of the year 2001). Date format is concise but I'd prefer RFC3339 rather than roping in another date format.
duri tdb uri url scheme reference ietf date datetime rfc 2009 Feb 4, 4:16From Sorting it all Out wrt the weather gadget in Vista's sidebar, this link to China's laws on weather forecast: "Article 22 The State applies a unified system for the issue of public meteorological
forecast and severe weather warning... No other organizations or individuals may issue to the community such forecast or warning." "Article 25 When the media, including radio, television, newspaper
and telecommunication, issue to the community public meteorological forecast or severe weather warning, they shall use the latest meteorological information provided by a meteorological office...
Part of the revenues from the distribution of meteorological information shall be drawn to support the development of meteorological service." Whether an application is legally allowed to provide a
weather forecast is not an attribute I would have imagined necessary for a localization API.
via:michael-kaplan china law legal politics weather forecast localization 2009 Feb 3, 11:15"r2719 specifies that browsers should not allow scripts to set document.domain to anything on the Public Suffix List, such as "com" or "co.jp". Essential background reading on why this is dangerous:
Untraceable XSS Attacks. Most browsers already block this attack, e.g. Firefox since 3.0. [Background: Re: Setting document.domain]"
html5 tld publicsuffix dns security html internet web reference w3c 2009 Feb 2, 11:52"Chessboxing: Created in 2003 by Dutch artist Iepe Rubingh, chess boxing has 11 rounds of alternated boxing and chess. In first round, which lasts four minutes, contestants initiate the chess match.
A two-minute boxing round follows. Rounds alternate until one of the players gets a checkmate or a knockout."
humor art chess boxing sport via:boingboing video youtube
Some rights reserved