2011 Jun 21, 1:22"This document defines the concept of an "origin", which is often used
as the scope of authority or privilege by user agents. Typically,
user agents isolate content retrieved from different origins to
prevent malicious web site operators from interfering with the
operation of benign web sites. In addition to outlining the
principles that underly the origin concept, this document defines how
to determine the origin of a URI, how to serialize an origin into a
string, and an HTTP header, named "Origin", that indicates which
origins are associated with an HTTP request."ietfreferencetechnicalwebbrowseruser-agentwebbrowserorigin
2011 Jun 20, 2:36A mix of 36 YouTube videos of various people playing Radiohead's Paranoid Android. It sounds good but the video too is very compelling. Also I would be psych'ed if it were my video picked to rock out
at 2:50.
2011 Jun 20, 2:25I knew it was a game but still felt bad war-dialing and otherwise messing around in there. What if I accidentally find a way out? "Telehack is the most interesting game I've played in the last
year... a game that most users won't realize is a game at all. It's a tour de force hack — an interactive pastiche of 1980s computer history, tying together public archives of Usenet newsgroups, BBS
textfiles, software archives, and historical computer networks into a multiplayer adventure game." Also, see all the accounts of people finding their teenage selves in the game.internettechnicaldevelopmenthacktelnetwardialgame
2011 Jun 20, 2:09"Why did the hackers at Lulz Security ("LulzSec") invade Sony Pictures websites, take down cia.gov, and release 60,000+ e-mail addresses and passwords? For the lulz, of course—but what might look
lulzy to one person could certainly enrage another. In honor of its 1,000th tweet, the witty wankers of LulzSec released a manifesto of sorts, defending their actions to the angry Internets."internetsecurityprivacyhacktechnical
2011 Jun 20, 11:25A cautionary tale in chart form: lesson is make sure you can always upgrade your hashing algorithm or don't have security dependencies on hashing algorithms.referencehashencryptionsecuritytabletechnicalhumor
2011 Jun 12, 3:48Charles Stross puts parts of his new book Rule 34 on his blog: "By kind consent of the publishers, I'm able
to give you a sneak preview of the first few chapters. So I'm going to roll them out on consecutive Fridays. Here's the opening."
As it turns out the WPAD Server Fiddler Extension I made a while back actually has a non-malicious purpose. Apparently its useful for debugging HTTP on the WP7
phone (or so I'm told). Anyway I took some requests and I've fixed a few minor bugs (start button not updating correctly), changed the dialog to be a Fiddler tab so you can use it non-modally, and
the WPAD server is now always off when Fiddler starts.
I wanted to ensure that my switch statement in my implementation of IInternetSecurityManager::ProcessURLAction had a case for every possible documented URLACTION. I wrote the following short
command line sequence to see the list of all URLACTIONs in the SDK header file not found in my source file:
grep URLACTION urlmon.idl | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > allURLACTIONs.txt grep URLACTION MySecurityManager.cpp | sed 's/.*\(URLACTION[a-zA-Z0-9_]*\).*/\1/g;' | sort | uniq > myURLACTIONs.txt comm -23 allURLACTIONs.txt myURLACTIONs.txt
In
the PowerShell version I can skip the temporary files which is nice. 'diff' is mapped to 'compare-object' which seems similar to comm but with no parameters to filter out the different streams
(although this could be done more verbosely with the ?{ } filter syntax). In PowerShell uniq functionality is built into sort. The builtin -cmatch operator (c is for case sensitive) to do regexp is
nice plus the side effect of generating the $matches variable with the regexp results.
2011 May 26, 1:28This was on my todo list. I'll scratch it off knowing far more funded folks are doing this: "A startup called BlueStacks has developed an Android runtime environment for the Windows operating system.
It will enable users to run Android applications alongside conventional Windows software on Microsoft's operating system." "One example would be a convertible netbook tablet that normally runs
Windows but switches to an Android interface for greater touch-friendliness when the screen is flipped.
Such a product would offer the full power and multitasking capabilities of Windows but also benefit from having access to Android's broad touch-enabled software ecosystem."windowsprogrammingandroidjavatechnical
When you run clip.exe, whatever comes into its standard input is put onto the clipboard. So when you need to move the result of something in your command window somewhere else you can pipe the
result into clip.exe. Then you won't have to worry about the irritating way cmd.exe does block copy/pasting and you avoid having to manually fixup line breaks in wrapped lines. For instance, you
can put the contents of a script into the clipboard with:
more cdo.cmd | clip
I've got a lot of stuff dumped in my bin folder that I sync across all my PCs so I didn't realize that clip.exe is a part of standard Windows installs.
Nice for avoiding the block copy in cmd.exe but I'd prefer to have the contents sort of tee'd into the clipboard and standard output. So TeeClip.ps1:
I always have trouble remembering where the opt goes in SAL in the __deref_out case. The mnemonic is pretty simple: the
_opt at the start of the SAL is for the pointer value at the start of the function. And the _opt at the end of the SAL is for the dereferenced pointer value at the end of the function.
2011 May 23, 4:26Applying CORS to the media elements: "I've added a content attribute to <img>, <video>, and <audio> that makes the image or media resource be fetched with CORS And have the origin
of the page if CORS succeeded. The attribute is "cross-origin" and it has two allowed values, "use-credentials" and "anonymous". The latter is the default, so you can just say <img cross-origin
src="data.png">."corscrossdomainwebbrowserwebbrowserhtmltechnical
I'm trying to learn and use PowerShell more, but plenty of other folks I know don't use PowerShell. To allow them to use my scripts I use the following cmd.exe batch file to make it easy to call
PowerShell scripts. To use, just name the batch file name the same as the corresponding PowerShell script filename and put it in the same directory.
@echo off if "%1"=="/?" goto help if "%1"=="/h" goto help if "%1"=="-?" goto help if "%1"=="-h" goto help
%systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command . %~dpn0.ps1 %* goto end
:help %systemroot%\system32\windowspowershell\v1.0\powershell.exe -ExecutionPolicy RemoteSigned -Command help %~dpn0.ps1 -full goto end
:end
Additionally for PowerShell scripts that modify the current working directory I use the following batch file:
@echo off if "%1"=="/?" goto help if "%1"=="/h" goto help if "%1"=="-?" goto help if "%1"=="-h" goto help
2011 May 2, 7:33I recalled that the order of function/method parameter evaluation was not specified by C++ standard, but I didn't know the more general rule and the associated implications for the double check
locking construct. Interesting.technicalc++programming
2011 Apr 30, 4:33"The HTTP-based Memento framework bridges the present and past Web by interlinking current resources with resources that encapsulate their past. It facilitates obtaining representations of prior
states of a resource, available from archival resources in Web archives or version resources in content management systems, by leveraging the resource's URI and a preferred datetime. To this end, the
framework introduces datetime negotiation (a variation on content negotiation), and new Relation Types for the HTTP Link header aimed at interlinking resources with their archival/version resources.
It also introduces various discovery mechanisms that further support briding the present and past Web."technicalrfcreferencehttpheadertimemementoarchive
2011 Apr 30, 4:05"This document discusses our experiences from moving a small number of users to an IPv6-only network, with access to the IPv4-only parts of the Internet via a NAT64 device. The document covers
practical experiences as well as road blocks and opportunities for this type of a network setup. The document also makes some recommendations about where such networks are applicable and what should
be taken into account in the network design. The document also discusses further work that is needed to make IPv6-only networking applicable in all environments."internetipipv6ipv4nattechnicalreference
2011 Apr 29, 3:55This memo defines URI fragment identifiers for text/csv MIME entities. These fragment identifiers make it possible to refer to parts of a text/csv MIME entity, identified by cell, row, column, or
slice.csvuritechnicalmimereference
Some rights reserved