of page 45 - Dave's Blog

Search
My timeline on Mastodon

URI Percent Encoding Ignorance Level 2 - There is no Unencoded URI

2012 Feb 20, 4:00

As a professional URI aficionado I deal with various levels of ignorance on URI percent-encoding (aka URI encoding, or URL escaping).

Getting into the more subtle levels of URI percent-encoding ignorance, folks try to apply their knowledge of percent-encoding to URIs as a whole producing the concepts escaped URIs and unescaped URIs. However there are no such things - URIs themselves aren't percent-encoded or decoded but rather contain characters that are percent-encoded or decoded. Applying percent-encoding or decoding to a URI as a whole produces a new and non-equivalent URI.

Instead of lingering on the incorrect concepts we'll just cover the correct ones: there's raw unencoded data, non-normal form URIs and normal form URIs. For example:

  1. http://example.com/%74%68%65%3F%70%61%74%68?query
  2. http://example.com/the%3Fpath?query
  3. "http", "example.com", "the?path", "query"

In the above (A) is not an 'encoded URI' but rather a non-normal form URI. The characters of 'the' and 'path' are percent-encoded but as unreserved characters specific in the RFC should not be encoded. In the normal form of the URI (B) the characters are decoded. But (B) is not a 'decoded URI' -- it still has an encoded '?' in it because that's a reserved character which by the RFC holds different meaning when appearing decoded versus encoded. Specifically in this case, it appears encoded which means it is data -- a literal '?' that appears as part of the path segment. This is as opposed to the decoded '?' that appears in the URI which is not part of the path but rather the delimiter to the query.

Usually when developers talk about decoding the URI what they really want is the raw data from the URI. The raw decoded data is (C) above. The only thing to note beyond what's covered already is that to obtain the decoded data one must parse the URI before percent decoding all percent-encoded octets.

Of course the exception here is when a URI is the raw data. In this case you must percent-encode the URI to have it appear in another URI. More on percent-encoding while constructing URIs later.

PermalinkCommentsurl encoding uri technical percent-encoding

Why I Like Glitch

2012 Feb 17, 4:00

Sarah and I have been enjoying Glitch for a while now. Reviews are usually positive although occasionally biting (but mostly accurate).

I enjoy Glitch as a game of exploration: exploring the game's lands with hidden and secret rooms, and exploring the games skills and game mechanics. The issue with my enjoyment coming from exploration is that after I've explored all streets and learned all skills I've got nothing left to do. But I've found that even after that I can have fun writing client side JavaScript against Glitch's web APIs making tools (I work on the Glitch Helperator) for use in Glitch. And on a semi-regular basis they add new features reviving my interest in the game itself.

PermalinkCommentsvideo-game glitch glitch-helperator me project game

The 'Undue Weight' of Truth on Wikipedia (chronicle.com)

2012 Feb 15, 5:13

Interesting article on an expert attempting to modify an article on Wikipedia.  Sounds like an issue when presented in this fashion, but looking at it from Wikipedia’s perspective, I don’t know how they could do better.

PermalinkCommentstruth wikipedia internet

URI Percent-Encoding Ignorance Level 1 - Purpose

2012 Feb 15, 4:00

As a professional URI aficionado I deal with various levels of ignorance on URI percent-encoding (aka URI encoding, or URL escaping).

Worse than the lame blog comments hating on percent-encoding is the shipping code which can do actual damage. In one very large project I won't name, I've fixed code that decodes all percent-encoded octets in a URI in order to get rid of pesky percents before calling ShellExecute. An unnamed developer with similar intent but clearly much craftier did the same thing in a loop until the string's length stopped changing. As it turns out percent-encoding serves a purpose and can't just be removed arbitrarily.

Percent-encoding exists so that one can represent data in a URI that would otherwise not be allowed or would be interpretted as a delimiter instead of data. For example, the space character (U+0020) is not allowed in a URI and so must be percent-encoded in order to appear in a URI:

  1. http://example.com/the%20path/
  2. http://example.com/the path/
In the above the first is a valid URI while the second is not valid since a space appears directly in the URI. Depending on the context and the code through which the wannabe URI is run one may get unexpected failure.

For an additional example, the question mark delimits the path from the query. If one wanted the question mark to appear as part of the path rather than delimit the path from the query, it must be percent-encoded:

  1. http://example.com/foo%3Fbar
  2. http://example.com/foo?bar
In the second, the question mark appears plainly and so delimits the path "/foo" from the query "bar". And in the first, the querstion mark is percent-encoded and so the path is "/foo%3Fbar".
PermalinkCommentsencoding uri technical ietf percent-encoding

Awesome faux trailer for Psychonauts as Inception. Wish I had...

2012 Feb 14, 8:58


Awesome faux trailer for Psychonauts as Inception. Wish I had made the connection before - there’s a ton of overlap.

INCEPTIONAUTS (by FineLeatherJackets)

PermalinkCommentshumor video inception video-game psychonauts tim-schafer

Blackmail DRM - Stolen Thoughts

2012 Feb 13, 4:00

Most existing DRM attempts to only allow the user to access the DRM'ed content with particular applications or with particular credentials so that if the file is shared it won't be useful to others. A better solution is to encode any of the user's horrible secrets into unique versions of the DRM'ed content so that the user won't want to share it. Entangle the users and the content provider's secrets together in one document and accordingly their interests. I call this Blackmail DRM. For an implementation it is important to point out that the user's horrible secret doesn't need to be verified as accurate, but merely verified as believable.

Apparently I need to get these blog posts written faster because only recently I read about Social DRM which is a light weight version of my idea but with a misleading name. Instead of horrible secrets, they say they'll use personal information like the user's name in the DRM'ed content. More of my thoughts stolen and before I even had a chance to think of it first!

PermalinkCommentsdrm blackmail blackmail-drm technical humor social-drm

Kickstarter's exciting 24 hours

2012 Feb 10, 8:51

“Two million-dollar projects, a major political speech involving Kickstarter, an amazing band launching a project for a comeback 20 years in the making… the list goes on. Here’s a minute-by-minute breakdown of the day’s events.”

PermalinkCommentskickstarter video humor game video-game

URI Percent Encoding Ignorance Level 0 - Existence

2012 Feb 10, 4:00

As a professional URI aficionado I deal with various levels of ignorance on URI percent-encoding (aka URI encoding, or URL escaping). The basest ignorance is with respect to the mere existence of percent-encoding. Percents in URIs are special: they always represent the start of a percent-encoded octet. That is to say, a percent is always followed by two hex digits that represents a value between 0 and 255 and doesn't show up in a URI otherwise.

The IPv6 textual syntax for scoped addresses uses the '%' to delimit the zone ID from the rest of the address. When it came time to define how to represent scoped IPv6 addresses in URIs there were two camps: Folks who wanted to use the IPv6 format as is in the URI, and those who wanted to encode or replace the '%' with a different character. The resulting thread was more lively than what shows up on the IETF URI discussion mailing list. Ultimately we went with a percent-encoded '%' which means the percent maintains its special status and singular purpose.

PermalinkCommentsencoding uri technical ietf percent-encoding ipv6

English plainclothes police officer follows himself for 20 minutes

2012 Feb 8, 2:58PermalinkCommentshumor surveillance

Coding in Marble - Rico Mariani's Performance Tidbits - Site Home - MSDN Blogs

2012 Feb 6, 8:47

In short: excessive use of promises leads to a ton of short lived objects and resulting poorer pref.

PermalinkCommentsperf technical javascript promise async

(via Portlandia: The Dream of the 1890s is Alive in Portland)

2012 Feb 6, 4:26


(via Portlandia: The Dream of the 1890s is Alive in Portland)

PermalinkCommentshumor video portland portlandia tv

Remember when they killed off Superman?  One of the guys behind...

2012 Feb 5, 12:37


Remember when they killed off Superman?  One of the guys behind Chronicle has made this video explaining that whole thing.  Kind of like Drunk History but less drunk and more nerdy (via Death and Return of Superman)

PermalinkCommentssuperman hero comic-book humor video

GLYPHICONS - icon library

2012 Feb 1, 9:30

Library of simple and lovely icons available in smaller form for free under CC BY.

PermalinkCommentstechnical icon cc creative-commons

DRM is to publishing as science was to Stalinism

2012 Jan 30, 9:11

I hadn’t heard of “Social DRM” (described in this article). Sounds like my blackmail DRM idea.

PermalinkCommentsdrm publishing

"Unified User-Agent String (UUAS)" - Mateusz Karcz

2012 Jan 27, 7:29

IETF draft on the contents of the User Agent HTTP header.

PermalinkCommentstechnical ietf http user-agent http-header

Crushable has the video from the Cinefamily Pete and Pete...

2012 Jan 26, 12:03


Crushable has the video from the Cinefamily Pete and Pete tribute and panel. Also, AV Club is now inspired to have a Pete and Pete cast and crew reunion.

PermalinkComments

Herpderpedia, A Collection of Tweets by People Freaking Out About Wikipedia’s SOPA & PIPA Blackout

2012 Jan 18, 4:28PermalinkCommentshumor sopa pipa wikipedia law legal

(via Hello, A Remix of Lionel Richie’s “Hello” Made Using Film...

2012 Jan 17, 9:51


(via Hello, A Remix of Lionel Richie’s “Hello” Made Using Film Clips)

PermalinkCommentshumor music video film remix mashup hello

Copyright King: Why the "I Have a Dream" Speech Still Isn't Free (vice.com)

2012 Jan 17, 9:37

There’s weird stuff you’d think is public domain but isn’t including Martin Luther King Jr.‘s “I Have a Dream” speech. FTA: ”If you want to watch the whole thing, legally, you’ll need to get the $20 DVD.

That’s because the King estate, and, as of 2009, the British music publishing conglomerate EMI Publishing, owns the copyright of the speech and its recorded performance.”

PermalinkCommentscopyright mlk speech public-domain

Where the top 100 box office films of 2011 are streaming

2012 Jan 15, 10:44PermalinkCommentsmovies netflix streaming amazon
Older EntriesNewer Entries Creative Commons License Some rights reserved.