TL;DR: Web content in a JavaScript Windows Store app or WebView in a Windows Store app that has full access to WinRT also gets to use XHR unrestricted by cross origin checks.
By default web content in a WebView control in a Windows Store App has the same sort of limitations as that web content in a web browser. However, if you give the URI of that web content full
access to WinRT, then the web content also gains the ability to use XMLHttpRequest unrestricted by cross origin checks. This means no CORS checks and no OPTIONS requests. This only works if the
web content's URI matches a Rule in the ApplicationContentUriRules of your app's manifest and that Rule declares WindowsRuntimeAccess="all". If it declares WinRT access as 'None' or
'AllowForWebOnly' then XHR acts as it normally does.
In terms of security, if you've already given a page access to all of WinRT which includes the HttpRequest class and other networking classes that don't perform cross origin checks, then allowing
XHR to skip CORS doesn't make things worse.
recommendations on how Internet Service
Providers can use various remediation techniques to manage the
effects of malicious bot infestations on computers used by their
subscribers.
2011 Apr 30, 4:05"This document discusses our experiences from moving a small number of users to an IPv6-only network, with access to the IPv4-only parts of the Internet via a NAT64 device. The document covers
practical experiences as well as road blocks and opportunities for this type of a network setup. The document also makes some recommendations about where such networks are applicable and what should
be taken into account in the network design. The document also discusses further work that is needed to make IPv6-only networking applicable in all environments."internetipipv6ipv4nattechnicalreference
2010 Sep 27, 3:15This is awesome and similar to something I got a cube for. Wikipedia runs its videos through a service that sets up torrents for arbitrary URLs. So awesome! Now if only this were built into the user
agent rather than requiring hardcoding the sites to use it...technicalp2pwikipedianetworknetworkingtorrentweb
2010 Jul 5, 8:38"This way the player appears to control their own character without any latency, and provided that the client and server character simulation code is deterministic – giving exactly the same result
for the same inputs on the client and server – it is rarely corrected."networkprogramminggametechnicalquakehistory
2009 Jun 22, 3:28Details on Firefox's DNS prefetching: "The Firefox implementation takes this approach one step further than just pre-resolving anchor href hostnames. It uses the prefetch logic on URLs that are being
included in the current document. By this I mean that it uses the prefetch logic on things like images, css, and jscript that are being loaded right away, in addition to anchor links which might be
clicked on at a slightly later time."dnsdns-prefetchinghtmlperformancenetworkingfirefoxmozillatechnical
2009 Jun 22, 2:55"To speed up browsing, Google Chrome resolves domain names before the user navigates, typically while the user is viewing a web page." In addition to noting what and how they do it, and how web devs
can control it, they give a few stats on how much it helps.googlednschromedns-prefetchingbrowsernetworkingperformancetechnical
2009 Jun 22, 2:53"Firefox 3.5 performs DNS prefetching. This is a feature by which Firefox proactively performs domain name resolution on both links that the user may choose to follow as well as URLs for items
referenced by the document, including images, CSS, JavaScript, and so forth."dnsfirefoxmozillanetworkingperformancedns-prefetchingtechnical
2009 May 3, 9:38"The online features for The Sims 3 have been detailed, and it will include a new in-game store for purchasing items as well as a heap of social networking features."for:hellosarah
Louis pointed me to this humorous IE8 advertising that doesn't make me cringe. On the contrary it
has Ask a Ninja, Janeane Garofalo, and several comedians I recall collectively from either 'I Love the [decade]' or 'Best Week Ever'.
As I mentioned previously, I worked on accelerators (previously named
Activities) in IE8. Looking at the kindsofthingsIblog about on the IE Blog, you might also
correctly guess that I work on the networking stack. Ask me about what else I worked on during IE8 development. The past few months were very busy for me and I'm happy this is finally out.technicalinternetexplorerie8
I've found while debugging networking in IE its often useful to quickly tell if a string is encoded in UTF-8. You can check for the Byte Order Mark (EF BB BF in UTF-8) but, I rarely see the BOM on
UTF-8 strings. Instead I apply a quick and dirty UTF-8 test that takes advantage of the well-formed UTF-8 restrictions.
Unlike other multibyte character encoding forms (see Windows supported character sets or IANA's list of character sets), for example Big5, where sticking together any two bytes is more likely than not to give a valid byte sequence, UTF-8 is more restrictive. And unlike
other multibyte character encodings, UTF-8 bytes may be taken out of context and one can still know that its a single byte character, the starting byte of a three byte sequence, etc.
The full rules for well-formed UTF-8 are a little too complicated for me to commit to memory. Instead I've got my own simpler (this is the quick part) set of rules that will be mostly correct (this
is the dirty part). For as many bytes in the string as you care to examine, check the most significant digit of the byte:
F:
This is byte 1 of a 4 byte encoded codepoint and must be followed by 3 trail bytes.
E:
This is byte 1 of a 3 byte encoded codepoint and must be followed by 2 trail bytes.
C..D:
This is byte 1 of a 2 byte encoded codepoint and must be followed by 1 trail byte.
8..B:
This is a trail byte.
0..7:
This is a single byte encoded codepoint.
The simpler rules can produce false positives in some cases: that is, they'll say a string is UTF-8 when in fact it might not be. But it won't produce false negatives. The following is table
from the Unicode spec. that actually describes well-formed UTF-8.
2008 Aug 29, 8:37"Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like
the National Security Agency." Described fixes all require significant changes to the software and probably hardware doing the routing. Ughwiredarticlesecurityinternetbgphacknetworkingdefcon
IE8, the software I've been working on for some time now, has finally been released at MIX09.
Some rights reserved