2009 Aug 24, 9:52Notes on how bin diff'ing tools work and thoughts on defeating them. "We call the threat "1-day exploits". Just few minutes after the release of patches, binary diffing technique can be used to
identify the vulnerabilities that the security patches are remedying."
exploit security binary diff tool research technical system:filetype:pdf system:media:document 2009 Aug 24, 4:57"This specification defines the features and syntax for Scalable Vector Graphics (SVG) Version 1.1, a modularized language for describing two-dimensional vector and mixed vector/raster graphics in
XML."
svg graphic web xml reference w3c technical 2009 Aug 21, 3:26"Dive Into HTML 5 seeks to elaborate on a hand-picked Selection of features from the HTML 5 specification and other fine Standards. I shall publish Drafts periodically, as time permits." Lovely
design.
via:waxy reference programming howto design html5 typography mark-pilgrim html web development technical 2009 Aug 21, 3:13"At Black Hat USA 2009 and Defcon 17 Nathan Hamiel and Shawn Moyer introduced an attack called Dynamic Cross-Site Request Forgery (CSRF). This white paper discusses the attack and discusses several
Dynamic CSRF attack vectors." Seems to require sites trying to secure CSRF scenarios using session IDs in their URLs.
security csrf research browser web technical 2009 Aug 18, 4:19
Before we shipped IE8 there were no Accelerators, so we had some fun making our own for our favorite web services. I've got a small set of tips for creating Accelerators for other people's web
services. I was planning on writing this up as an IE blog post, but Jon wrote a post covering a
similar area so rather than write a full and coherent blog post I'll just list a few points:
- The first thing to try is looking for developer help for the web service, specifically if there's a REST-ful URL based API. For example, Bing Maps has great URL API documentation that would
be enough to create an Accelerator.
- The Accelerator XML is very similar to HTML forms. If you can find an HTML form for the web service for which you want to create an Accelerator, you can view the HTML source and create an
Accelerator based on that.
- I created the FormToAccelerator extension based on the previous idea. You can
use the extension to create an Accelerator from an HTML form, or just use it to create the start of one and edit it manually after.
- If the page doesn't use an HTML form, you can start up an HTTP debugger like Fiddler, use the web service from the normal web
page, and then in Fiddler see if you can find a REST-ful looking URL you can use.
- When looking to create a preview for your Accelerator, see if the web page for the web service has a mobile version or a version that's intended to embed in other web pages via an iframe. On
this same line, iPhone apps make great Accelerators usually with lovely previews.
- If there's no mobile or embeddable version and the only thing wrong with the normal web page for the web service is that the useful information doesn't fit in the preview window then see if you
can find an HTML tag with a name or id near the useful information, and stick a '#' fragment pointing to that tag onto the preview URL template.
- Without a reasonable REST-ful API you can use a combination of Google's "site:" and "I'm Feeling Lucky" to find the most relevant page on a particular site.
- The value of a name and value pair need not consist of only a single Accelerator variable. You can get creative and put other text in there. For instance, I implemented a Google currency conversion by setting the query to "{selection} in US Dollars".
technical accelerator ie8 ie 2009 Aug 17, 8:37Info on Flash cookies, US Govt websites cookie use, possible US Govt regulations on privacy/tracking users, plus a great zombie photo.
zombie flash cookie wired privacy internet web browser politics government advertising google technical 2009 Aug 14, 6:20"This paper presents efficient off-line anonymous e-cash schemes where a user can withdraw a wallet containing coins each of which she can spend unlinkably."
money future reference research economics cryptography technical system:filetype:pdf system:media:document 2009 Aug 14, 3:55The government program PACER is an online archive of court records and even though the documents are public domain, PACER charges access to them ostensibly to pay for PACER. This plugin uses the
Internet Archive as a kind of free intermediate cache, rewriting the PACER HTML to reference the free Internet Archive versions of the documents when available and uploading PACER documents to the IA
cache when you download one it doesn't yet have.
via:waxy firefox government politics research reference legal law plugin technical 2009 Aug 12, 5:02W3C File API makes it to first published working draft. Like the use of data URLs, don't like the new filedata URLs.
html5 w3c file upload script url data-scheme technical 2009 Aug 12, 4:55"As a browser supplier, we want people to switch to the latest version of IE...", "Dropping support for IE6 is not an option because we committed to supporting the IE included with Windows for the
lifespan of the product.", followed by a large number of comments from irate webdevs who missed the point.
blog microsoft ie ie6 dean-hachamovitch technical 2009 Aug 11, 7:35Lovely Dandella looks like an electric scallion and it "... works with GPS enabled mobile phones to track physical locations. Dandella bends and points toward the targeted location."
design technology cool wishlist shopping cellphone gps 2009 Aug 6, 3:01Tutorial on using the google maps api on android
android tutorial google java map maps programming mobile technical 2009 Aug 5, 7:57"Ten times smaller than barcodes, Bokodes’ low-cost optical design can be read from as far as 4 meters away, much farther than barcodes, by taking an out-of-focus photo with any off-the-shelf
camera." Love for stuff like this to catch on, however compared to QR codes, these are much more difficult to produce than barcodes in that you can't just print them out and they require changes to
the photography technique (must be out of focus) rather than just analyzing any photograph of a barcode. They seem to be solving slightly different problems.
qrcode qr barcode camera information design bokode augmented-reality technical 2009 Jul 29, 5:48The new draft IRI spec to replace RFC 3987. "To accomodate widespread current practice, additional derivative protocol elements are defined, and current practice for resolving IRI-based hypertext
references in HTML are outlined."
iri uri rfc html reference technical 2009 Jul 28, 3:39Linus Torvalds: "I'm a big believer in "technology over politics"...I may make jokes about Microsoft at times, but at the same time, I think the Microsoft hatred is a disease." This goes well with
his previous quote calling Slashdot a "big public wanking session".
linux linus-torvalds microsoft politics technical 2009 Jul 27, 7:28Includes the text/uri-list mime type!
technical url uri mime reference ietf
Some rights reserved