networking - Dave's Blog


Windows Store App WebView Cross Origin XMLHttpRequest Behavior

2016 Jun 2, 6:45

TL;DR: Web content in a JavaScript Windows Store app or WebView in a Windows Store app that has full access to WinRT also gets to use XHR unrestricted by cross origin checks.

By default web content in a WebView control in a Windows Store App has the same sort of limitations as that web content in a web browser. However, if you give the URI of that web content full access to WinRT, then the web content also gains the ability to use XMLHttpRequest unrestricted by cross origin checks. This means no CORS checks and no OPTIONS requests. This only works if the web content's URI matches a Rule in the ApplicationContentUriRules of your app's manifest and that Rule declares WindowsRuntimeAccess="all". If it declares WinRT access as 'None' or 'AllowForWebOnly' then XHR acts as it normally does.

In terms of security, if you've already given a page access to all of WinRT which includes the HttpRequest class and other networking classes that don't perform cross origin checks, then allowing XHR to skip CORS doesn't make things worse.

PermalinkCommentsjavascript uwa uwp web webview windows winrt xhr

Jet Set Radio HD coming soon with awesome soundtrack...

2012 Jun 1, 2:55

Jet Set Radio HD coming soon with awesome soundtrack promised. Exciting!

PermalinkCommentsjet-set-radio video-game game video music xbox

Recommendations for the Remediation of Bots in ISP Networks

2012 Mar 19, 3:11

recommendations on how Internet Service
   Providers can use various remediation techniques to manage the
   effects of malicious bot infestations on computers used by their

Detection and notification recommendations.

PermalinkCommentstechnical isp ietf networking

(via The Many Samples and Sound-Alikes of Earthbound [Video])

2012 Feb 24, 5:35

(via The Many Samples and Sound-Alikes of Earthbound [Video])

PermalinkCommentsvideo-game music earthbound

In Response to SOPA, Reddit Meshnet Project picks up steam (

2011 Nov 24, 4:25PermalinkCommentstechnical networking wireless mesh

Experiences from an IPv6-Only Network

2011 Apr 30, 4:05"This document discusses our experiences from moving a small number of users to an IPv6-only network, with access to the IPv4-only parts of the Internet via a NAT64 device. The document covers practical experiences as well as road blocks and opportunities for this type of a network setup. The document also makes some recommendations about where such networks are applicable and what should be taken into account in the network design. The document also discusses further work that is needed to make IPv6-only networking applicable in all environments."PermalinkCommentsinternet ip ipv6 ipv4 nat technical reference

lcamtuf's blog: HTTP cookies, or how not to design protocols

2010 Nov 8, 3:34On crappy aspects of HTTP cookie design.PermalinkCommentshttp web browser history technical cookie header networking protocol security programming via:mattb

Peer-to-peer tech now powers Wikipedia's videos

2010 Sep 27, 3:15This is awesome and similar to something I got a cube for. Wikipedia runs its videos through a service that sets up torrents for arbitrary URLs. So awesome! Now if only this were built into the user agent rather than requiring hardcoding the sites to use it...PermalinkCommentstechnical p2p wikipedia network networking torrent web

What every programmer needs to know about game networking « Gaffer on Games

2010 Jul 5, 8:38"This way the player appears to control their own character without any latency, and provided that the client and server character simulation code is deterministic – giving exactly the same result for the same inputs on the client and server – it is rarely corrected."PermalinkCommentsnetwork programming game technical quake history

A Practical Attack to De-Anonymize Social Network Users

2010 Mar 8, 1:50Paper suggests history stealing to find what popular social networking site groups a visitor to your web site belongs to and stats on how easy it is to then uniquely identify the visitor on the popular social networking site.PermalinkCommentssecurity privacy social social-network paper research web browser css technical system:filetype:pdf system:media:document

Bits Up!: DNS Prefetching for Firefox

2009 Jun 22, 3:28Details on Firefox's DNS prefetching: "The Firefox implementation takes this approach one step further than just pre-resolving anchor href hostnames. It uses the prefetch logic on URLs that are being included in the current document. By this I mean that it uses the prefetch logic on things like images, css, and jscript that are being loaded right away, in addition to anchor links which might be clicked on at a slightly later time."PermalinkCommentsdns dns-prefetching html performance networking firefox mozilla technical

Chromium Blog: DNS Prefetching (or Pre-Resolving)

2009 Jun 22, 2:55"To speed up browsing, Google Chrome resolves domain names before the user navigates, typically while the user is viewing a web page." In addition to noting what and how they do it, and how web devs can control it, they give a few stats on how much it helps.PermalinkCommentsgoogle dns chrome dns-prefetching browser networking performance technical

Controlling DNS prefetching - MDC

2009 Jun 22, 2:53"Firefox 3.5 performs DNS prefetching. This is a feature by which Firefox proactively performs domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth."PermalinkCommentsdns firefox mozilla networking performance dns-prefetching technical

EricLaw's IEInternals

2009 Jun 19, 5:36Eric Lawrence (yes, THE Eric Lawrence) has a blog on IE networking, security and other stuff.PermalinkCommentseric-lawrence blog technical ie ie8 network security

The Grid, Our Cars and the Net: One Idea to Link Them All | Autopia |

2009 May 13, 11:04To summarize: build the smart grid on top of the Internet, and put wireless mesh routers in power meters and cars.PermalinkCommentsdavid-weinberger network wifi mesh-networking wired article robin-chase car smart-grid

The Sims 3 gets social network, microtransactions - Ars Technica

2009 May 3, 9:38"The online features for The Sims 3 have been detailed, and it will include a new in-game store for purchasing items as well as a heap of social networking features."PermalinkCommentsfor:hellosarah

Internet Explorer 8 Released

2009 Mar 20, 6:18

Our Fearless Leader reveals IE8 at MIX09. Photo by DBegley.IE8, the software I've been working on for some time now, has finally been released at MIX09.

As I mentioned previously, I worked on accelerators (previously named Activities) in IE8. Looking at the kinds of things I blog about on the IE Blog, you might also correctly guess that I work on the networking stack. Ask me about what else I worked on during IE8 development. The past few months were very busy for me and I'm happy this is finally out.PermalinkCommentstechnical internet explorer ie8

The 'Is It UTF-8?' Quick and Dirty Test

2009 Mar 6, 5:16

I've found while debugging networking in IE its often useful to quickly tell if a string is encoded in UTF-8. You can check for the Byte Order Mark (EF BB BF in UTF-8) but, I rarely see the BOM on UTF-8 strings. Instead I apply a quick and dirty UTF-8 test that takes advantage of the well-formed UTF-8 restrictions.

Unlike other multibyte character encoding forms (see Windows supported character sets or IANA's list of character sets), for example Big5, where sticking together any two bytes is more likely than not to give a valid byte sequence, UTF-8 is more restrictive. And unlike other multibyte character encodings, UTF-8 bytes may be taken out of context and one can still know that its a single byte character, the starting byte of a three byte sequence, etc.

The full rules for well-formed UTF-8 are a little too complicated for me to commit to memory. Instead I've got my own simpler (this is the quick part) set of rules that will be mostly correct (this is the dirty part). For as many bytes in the string as you care to examine, check the most significant digit of the byte:

This is byte 1 of a 4 byte encoded codepoint and must be followed by 3 trail bytes.
This is byte 1 of a 3 byte encoded codepoint and must be followed by 2 trail bytes.
This is byte 1 of a 2 byte encoded codepoint and must be followed by 1 trail byte.
This is a trail byte.
This is a single byte encoded codepoint.
The simpler rules can produce false positives in some cases: that is, they'll say a string is UTF-8 when in fact it might not be. But it won't produce false negatives. The following is table from the Unicode spec. that actually describes well-formed UTF-8.
Code Points 1st Byte 2nd Byte 3rd Byte 4th Byte
U+0000..U+007F 00..7F
U+0080..U+07FF C2..DF 80..BF
U+0800..U+0FFF E0 A0..BF 80..BF
U+1000..U+CFFF E1..EC 80..BF 80..BF
U+D000..U+D7FF ED 80..9F 80..BF
U+E000..U+FFFF EE..EF 80..BF 80..BF
U+10000..U+3FFFF F0 90..BF 80..BF 80..BF
U+40000..U+FFFFF F1..F3 80..BF 80..BF 80..BF
U+100000..U+10FFFF F4 80..8F 80..BF 80..BF

PermalinkCommentstest technical unicode boring charset utf8 encoding

Revealed: The Internet's Biggest Security Hole | Threat Level from

2008 Aug 29, 8:37"Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency." Described fixes all require significant changes to the software and probably hardware doing the routing. UghPermalinkCommentswired article security internet bgp hack networking defcon

DoxPara Research

2008 Jul 14, 10:32Dan Kaminsky's blog.PermalinkCommentsdan-kaminsky blog security dns ip networking browser windows unix microsoft hack
Older Entries Creative Commons License Some rights reserved.