CA page 33 - Dave's Blog

Search
My timeline on Mastodon

Indicating Character Encoding and Language for HTTP Header Field Parameters

2011 Nov 24, 7:45

From the document: ‘Appendix B. Implementation Report: The encoding defined in this document currently is used for two different HTTP header fields: “Content-Disposition”, defined in [RFC6266], and “Link”, defined in [RFC5988]. As the encoding is a profile/clarification of the one defined in [RFC2231] in 1997, many user agents already supported it for use in “Content-Disposition” when [RFC5987] got published.

Since the publication of [RFC5987], two more popular desktop user agents have added support for this encoding; see http://purl.org/
   NET/http/content-disposition-tests#encoding-2231-char for details. At this time, only one major desktop user agent (Safari) does not support it.

Note that the implementation in Internet Explorer 9 does not support the ISO-8859-1 encoding; this document revision acknowledges that UTF-8 is sufficient for expressing all code points, and removes the requirement to support ISO-8859-1.’

Yay for UTF-8!

PermalinkCommentstechnical http http-headers ie9 internationalization utf-8 encoding

Glimpse of the future: Fiddler and HTML5 WebSockets

2011 Nov 24, 5:00PermalinkCommentstechnical fiddler websockets html5

Evolving ECMAScript

2011 Nov 24, 4:44PermalinkCommentstechnical javascript programming

In Response to SOPA, Reddit Meshnet Project picks up steam (forbes.com)

2011 Nov 24, 4:25PermalinkCommentstechnical networking wireless mesh

Google Now Censors The Pirate Bay, isoHunt, 4Shared and More (torrentfreak.com)

2011 Nov 24, 4:06PermalinkCommentstechnical google censorship

URI Empty Path Segments Matter

2011 Nov 23, 11:00

Shortly after joining the Internet Explorer team I got a bug from a PM on a popular Microsoft web server product that I'll leave unnamed (from now on UWS). The bug said that IE was handling empty path segments incorrectly by not removing them before resolving dotted path segments. For example UWS would do the following:

A.1. http://example.com/a/b//../
A.2. http://example.com/a/b/../
A.3. http://example.com/a/
In step 1 they are given a URI with dotted path segment and an empty path segment. In step 2 they remove the empty path segment, and in step 3 they resolve the dotted path segment. Whereas, given the same initial URI, IE would do the following:
B.1. http://example.com/a/b//../
B.2. http://example.com/a/b/
IE simply resolves the dotted path segment against the empty path segment and removes them both. So, how did I resolve this bug? As "By Design" of course!

The URI RFC allows path segments of zero length and does not assign them any special meaning. So generic user agents that intend to work on the web must not treat an empty path segment any different from a path segment with some text in it. In the case above IE is doing the correct thing.

That's the case for generic user agents, however servers may decide that a URI with an empty path segment returns the same resource as a the same URI without that empty path segment. Essentially they can decide to ignore empty path segments. Both IIS and Apache work this way and thus return the same resource for the following URIs:

http://exmaple.com/foo//bar///baz
http://example.com/foo/bar/baz
The issue for UWS is that it removes empty path segments before resolving dotted path segments. It must follow normal URI procedure before applying its own additional rules for empty path segments. Not doing that means they end up violating URI equivalency rules: URIs (A.1) and (B.2) are equivalent but UWS will not return the same resource for them.
PermalinkCommentsuser agent url ie uri technical web browser

Features of image type input tags in HTML

2011 Nov 21, 11:00

A bug came up the other day involving markup containing <input type="image" src="http://example.com/.... I knew that "image" was a valid input type but it wasn't until that moment that I realized I didn't know what it did. Looking it up I found that it displays the specified image and when the user clicks on the image, the form is submitted with an additional two name value pairs: the x and y positions of the point at which the user clicked the image.

Take for example the following HTML:

<form action="http://example.com/">
<input type="image" name="foo" src="http://deletethis.net/dave/images/davebefore.jpg">
</form>
If the user clicks on the image, the browser will submit the form with a URI like the following:http://example.com/?foo.x=145&foo.y=124.

This seemed like an incredibly specific feature to be built directly into the language when this could instead be done with javascript. I looked a bit further and saw that its been in HTML since at least HTML2, which of course makes much more sense. Javascript barely existed at that point and sending off the user's click location in a form may have been the only way to do something interesting with that action.

PermalinkCommentsuri technical form history html

Replacing Delicious with Google Reader

2011 Nov 17, 11:00

I had previously replaced my use of Delicious with Google Reader. Delicious had a number of issues during their switch over from Yahoo to the new owners and I was eventually fed up enough to remove it from daily use. I used Delicious to do the following things:

  • Create a list of things to read later
  • Save things to read again in the future
  • Search through things I read and enjoyed (esp via tags)
  • Annotate and share things on my blog
I realized that since I did most of my web browsing in Google Reader now anyway I may as well make use of its features. I star things to note I want to read it later or save to read again later. I can annotate with notes in Google Reader and I can share items to my web site by way of the shared items feed. Additionally for when I'm not in Google Reader there's a bookmarklet to add an arbitrary web site as a shared item in Google Reader.

Of course I wrote this and switched over about 1 week before Google removed the sharing feature from Google Reader. I'm irritated but in practice it forced me to find a different option which has worked out mostly better. New blog post coming soon about that...

PermalinkCommentsblog delicious me technical google-reader google feed

Alex and Cadbury playing

2011 Nov 17, 8:59

PermalinkComments

"Forwarded HTTP Extension" - Andreas Petersson, Martin Nilsson

2011 Nov 17, 3:30

Describes forward HTTP headers to explicitly list proxying information that might otherwise be lost.

PermalinkCommentstechnical ietf http http-header proxy

"JSON Patch" - Paul Bryan

2011 Nov 17, 1:06

Mime-type for describing the difference between two JSON resources (in JSON using JSON paths)

PermalinkCommentstechnical mime mime-type json ietf

A shuffled deck of cards is unique in all human history (matthewweathers.com)

2011 Nov 17, 1:01

Possible combinations to shuffle a deck of cards is 8.0658X1067 compared to the number of times a deck of cards has been shuffled thus far in history 1.546X1023

PermalinkComments

(via GIF: Nose Friends!)

2011 Nov 16, 1:52


(via GIF: Nose Friends!)

PermalinkComments

Malware Signed With a Governmental Signing Key - F-Secure Weblog : News from the Lab

2011 Nov 16, 12:19

“It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government.”

PermalinkCommentstechnical ssl

Elements of Modern C++ Style (herbsutter.com)

2011 Nov 15, 11:59

Summary of some of the new C++ features with comments and suggested usage.  Not sure I agree with the take on auto.

‘“C++11 feels like a new language.” – Bjarne Stroustrup’

PermalinkCommentstechnical c++ programming

FW: This week's assortment of Alex Pics

2011 Nov 15, 3:00

PermalinkComments

"JSON Reference" - Paul Bryan, Kris Zyp

2011 Nov 14, 8:24PermalinkCommentstechnical json ietf

Things That Turbo Pascal is Smaller Than (dadgum.com)

2011 Nov 14, 7:52PermalinkCommentstechnical humor programming

"Additional HTTP Status Codes" - Mark Nottingham, Roy Fielding

2011 Nov 14, 7:51

Includes ‘511 Network Authentication Required’ for airport/hotel/coffee shop scenarios!  Am I too excited about this?

PermalinkCommentstechnical ietf http http-status-codes

"HTTP Strict Transport Security (HSTS)" - Jeff Hodges, Collin Jackson, Adam Barth

2011 Nov 14, 5:28PermalinkCommentstechnical https ietf
Older EntriesNewer Entries Creative Commons License Some rights reserved.