plugin - Dave's Blog

Search
My timeline on Mastodon

Application Content URI Rule effects

2017 Jun 30, 3:01

Previously I described Application Content URI Rules (ACUR) parsing and ACUR ordering. This post describes what you get from putting a URI in ACUR.

URIs in the ACUR gain the following which is otherwise unavailable:

  • Geoloc API usage
  • Audio and video capture API usage
  • Pointer lock API usage
  • Web notifications API usage
  • IndexedDB API usage
  • Clipboard API usage
  • window.external.notify access from within webview
  • window.close the primary window
  • Top level navigation in the primary window
  • Cross origin XHR and fetch to ms-appx(-web) scheme URIs
  • Cross origin dirtied canvas read access if dirtied by ms-appx(-web) scheme URIs
  • Cross origin text track for video element for tracks from ms-appx(-web) scheme URIs

URIs in the ACUR that also have full WinRT access additionally gain the following:

  • Cross origin XHR and fetch
  • Cross origin dirtied canvas read access
  • Cross origin text track for video element
  • Local audio and video WinRT plugins work with media elements
PermalinkCommentsapplication-content-uri-rules coding javascript programming windows-store

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

Internet Archive lets you play one of the earliest computer...

2014 Apr 28, 9:39


Internet Archive lets you play one of the earliest computer games Space War! emulated in JavaScript in the browser.

This entry covers the historical context of Space War!, and instructions for working with our in-browser emulator. The system doesn’t require installed plugins (although a more powerful machine and recent browser version is suggested).

The JSMESS emulator (a conversion of the larger MESS project) also contains a real-time portrayal of the lights and switches of a Digital PDP-1, as well as links to documentation and manuals for this $800,000 (2014 dollars) minicomputer.

PermalinkCommentscomputer-game game video-game history internet-archive

Ben Goldacre’s TED talk on publication bias, drug...

2012 Sep 28, 3:55


drug companies hiding the results of clinical trials.

(via I did a new talk at TED, on drug companies and hidden data.)

PermalinkCommentsscience video ted

ifc: This week on Comedy Bang! Bang! - Michael Cera!

2012 Jun 27, 3:38


ifc:

This week on Comedy Bang! Bang! - Michael Cera!

PermalinkCommentshumor comedy-bang-bang michael-cera video

FuckItJS

2012 Jun 22, 9:19

jQuery plugin that blindly removes lines with errors and recompiles until it works  

PermalinkCommentstechnical humor javascript programming coding jquery

Another Comedy Bang Bang preview clip this time with Zach...

2012 Apr 18, 6:02


Another Comedy Bang Bang preview clip this time with Zach Galifianakis.

PermalinkCommentszach-galifianakis comedy-bang-bang video humor preview scott-aukerman tv clip

(via Defend our freedom to share (or why SOPA is a bad idea):...

2012 Jan 18, 3:21


(via Defend our freedom to share (or why SOPA is a bad idea): Clay Shirky on TED.com)

PermalinkCommentsvideo copyright clay-shirky sopa pipa legal politics mpaa ted

Ajaxian » FireBreath: Cross platform plugin framework

2010 May 24, 6:25FireBreath is a cross-platform web browser developement framework supporting ActiveX (for IE) and NPAPI (for everyone else).PermalinkCommentstechnical web browser plugin activex

Getting started with Google Calendar Sync - Google Calendar Help

2010 Mar 21, 3:22Google Calendar Sync is an Outlook plugin that syncs your Google and Outlook calendars (you get to pick 1way and direction or 2way sync'ing). This almost looks like what I want but perhaps my feature requests are too obscure for someone to have already implemented them:
Events marked personal added on my Outlook calendar should get full 2-way sync'ing with my Google calendar.
All other events added on my Outlook calendar should be assumed to have private company information and should get 1-way sync'ing with just the time and location - no attendees or subject or desceiption.
All events added on my Google calendar should get full 2-way sync'ing with Outlook and there should be marked personal.

I doubt I'm going to find a pre-made app to do this so I guess I should get coding. Otoh, if they ever bring the updated Android OS that has Exchange support to my G1 maybe none of this would be necessary...PermalinkCommentsgoogle calendar outlook microsoft tool free technical

Protecting Browsers from Extension Vulnerabilities

2010 Feb 27, 10:06A web browser add-on security research paper that describes the Google Chrome security model. "We propose a new browser extension system that improves security by using least privilege, privilege separation,
and strong isolation. Our system limits the misdeeds an attacker can perform through an extension vulnerability.
Our design has been adopted as the Google Chrome extension system."PermalinkCommentssecurity design google chrome firefox addon plugin web browser technical research adam-barth system:filetype:pdf system:media:document

HTML 5 Video Element for Internet Explorer

2010 Feb 22, 3:19Cristian Adam has created a HTML5 Video plugin for IE. Cool!PermalinkCommentshtml html5 video plugin ie7 ie8 ie technical web browser cristian-adam

Panopticlick

2010 Jan 29, 10:28"Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies." Examines HTTP headers and browser features and reports if your configuration is unique (mine is). Good info for anyone looking at creating an anonymous browsing plugin or servicePermalinkCommentsweb security privacy eff education identity surveillance cookies cookie anonymity anonymous technical

Recap Firefox Extension | "turning PACER around"

2009 Aug 14, 3:55The government program PACER is an online archive of court records and even though the documents are public domain, PACER charges access to them ostensibly to pay for PACER. This plugin uses the Internet Archive as a kind of free intermediate cache, rewriting the PACER HTML to reference the free Internet Archive versions of the documents when available and uploading PACER documents to the IA cache when you download one it doesn't yet have.PermalinkCommentsvia:waxy firefox government politics research reference legal law plugin technical

The Hyperwords Company

2009 May 3, 4:23"With Hyperwords for Firefox you can select any word on any web page and do useful things." That sounds useful -- he thought using his Delicious Accelerator in IE8 to bookmark the webpage. This has existed since 2005?PermalinkCommentsmozilla firefox browser plugin extension via:ethan_t_hein

WebGuide - Streaming TV, Remote Scheduling and Media Sharing for Windows Vista and Media Center

2009 Apr 20, 6:15Remotely set shows to record, watch recorded shows, etc etc for Windows Media Center. Lots of cool looking stuff I need to try it out. The old MSN Remote Record service is gone and in its place Microsoft has struck some sort of deal with the author of WebGuide such that its free!PermalinkCommentsmicrosoft windows tv mce plugin pvr cellphone remote free

Gravatar - Globally Recognized Avatars

2009 Apr 20, 3:37Web service that hosts avatar images for things like blog comments. The image is ID'ed by a hash of the user's email address. Auto generated or if the user signs up, the image can be whatever they upload. Lots of plugins for different blogging platforms.PermalinkCommentsblog web photo avatar image authentication identity icon hash

Investigation of a Few Application Protocols (Updated)

2008 Oct 25, 6:51

Windows allows for application protocols in which, through the registry, you specify a URL scheme and a command line to have that URL passed to your application. Its an easy way to hook a webbrowser up to your application. Anyone can read the doc above and then walk through the registry and pick out the application protocols but just from that info you can't tell what the application expects these URLs to look like. I did a bit of research on some of the application protocols I've seen which is listed below. Good places to look for information on URI schemes: Wikipedia URI scheme, and ESW Wiki UriSchemes.

Some Application Protocols and associated documentation.
Scheme Name Notes
search-ms Windows Search Protocol The search-ms application protocol is a convention for querying the Windows Search index. The protocol enables applications, like Microsoft Windows Explorer, to query the index with parameter-value arguments, including property arguments, previously saved searches, Advanced Query Syntax, Natural Query Syntax, and language code identifiers (LCIDs) for both the Indexer and the query itself. See the MSDN docs for search-ms for more info.
Example: search-ms:query=food
Explorer.AssocProtocol.search-ms
OneNote OneNote Protocol From the OneNote help: /hyperlink "pagetarget" - Starts OneNote and opens the page specified by the pagetarget parameter. To obtain the hyperlink for any page in a OneNote notebook, right-click its page tab and then click Copy Hyperlink to this Page.
Example: onenote:///\\GUMMO\Users\davris\Documents\OneNote%20Notebooks\OneNote%202007%20Guide\Getting%20Started%20with%20OneNote.one#section-id={692F45F5-A42A-415B-8C0D-39A10E88A30F}&end
callto Callto Protocol ESW Wiki Info on callto
Skype callto info
NetMeeting callto info
Example: callto://+12125551234
itpc iTunes Podcast Tells iTunes to subscribe to an indicated podcast. iTunes documentation.
C:\Program Files\iTunes\iTunes.exe /url "%1"
Example: itpc:http://www.npr.org/rss/podcast.php?id=35
iTunes.AssocProtocol.itpc
pcast
iTunes.AssocProtocol.pcast
Magnet Magnet URI Magnet URL scheme described by Wikipedia. Magnet URLs identify a resource by a hash of that resource so that when used in P2P scenarios no central authority is necessary to create URIs for a resource.
mailto Mail Protocol RFC 2368 - Mailto URL Scheme.
Mailto Syntax
Opens mail programs with new message with some parameters filled in, such as the to, from, subject, and body.
Example: mailto:?to=david.risney@gmail.com&subject=test&body=Test of mailto syntax
WindowsMail.Url.Mailto
MMS mms Protocol MSDN describes associated protocols.
Wikipedia describes MMS.
"C:\Program Files\Windows Media Player\wmplayer.exe" "%L"
Also appears to be related to MMS cellphone messages: MMS IETF Draft.
WMP11.AssocProtocol.MMS
secondlife [SecondLife] Opens SecondLife to the specified location, user, etc.
SecondLife Wiki description of the URL scheme.
"C:\Program Files\SecondLife\SecondLife.exe" -set SystemLanguage en-us -url "%1"
Example: secondlife://ahern/128/128/128
skype Skype Protocol Open Skype to call a user or phone number.
Skype's documentation
Wikipedia summary of skype URL scheme
"C:\Program Files\Skype\Phone\Skype.exe" "/uri:%l"
Example: skype:+14035551111?call
skype-plugin Skype Plugin Protocol Handler Something to do with adding plugins to skype? Maybe.
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" "/uri:%1"
svn SVN Protocol Opens TortoiseSVN to browse the repository URL specified in the URL.
C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe /command:repobrowser /path:"%1"
svn+ssh
tsvn
webcal Webcal Protocol Wikipedia describes webcal URL scheme.
Webcal URL scheme description.
A URL that starts with webcal:// points to an Internet location that contains a calendar in iCalendar format.
"C:\Program Files\Windows Calendar\wincal.exe" /webcal "%1"
Example: webcal://www.lightstalkers.org/LS.ics
WindowsCalendar.UrlWebcal.1
zune Zune Protocol Provides access to some Zune operations such as podcast subscription (via Zune Insider).
"c:\Program Files\Zune\Zune.exe" -link:"%1"
Example: zune://subscribe/?name=http://feeds.feedburner.com/wallstrip.
feed Outlook Add RSS Feed Identify a resource that is a feed such as Atom or RSS. Implemented by Outlook to add the indicated feed to Outlook.
Feed URI scheme pre-draft document
"C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE" /share "%1"
im IM Protocol RFC 3860 IM URI scheme description
Like mailto but for instant messaging clients.
Registered by Office Communicator but I was unable to get it to work as described in RFC 3860.
"C:\Program Files (x86)\Microsoft Office Communicator\Communicator.exe" "%1"
tel Tel Protocol RFC 5341 - tel URI scheme IANA assignment
RFC 3966 - tel URI scheme description
Call phone numbers via the tel URI scheme. Implemented by Office Communicator.
"C:\Program Files (x86)\Microsoft Office Communicator\Communicator.exe" "%1"
(Updated 2008-10-27: Added feed, im, and tel from Office Communicator)PermalinkCommentstechnical application protocol shell url windows

QuickBase Formula Pretty Printer and Syntax Highlighter

2008 Oct 5, 9:17

Sarah asked me if I knew of a syntax highlighter for the QuickBase formula language which she uses at work. I couldn't find one but thought it might be fun to make a QuickBase Formula syntax highlighter based on the QuickBase help's description of the formula syntax. Thankfully the language is relatively simple since my skills with ANTLR, the parser generator, are rusty now and I've only used it previously for personal projects (like Javaish, the ridiculous Java based shell idea I had).

With the help of some great ANTLR examples and an ANTLR cheat sheet I was able to come up with the grammar that parses the QuickBase Formula syntax and prints out the same formula marked up with HTML SPAN tags and various CSS classes. ANTLR produces the parser in Java which I wrapped up in an applet, put in a jar, and embedded in an HTML page. The script in that page runs user input through the applet's parser and sticks the output at the bottom of the page with appropriate CSS rules to highlight and print the formula in a pretty fashion.

What I learned:

PermalinkCommentsjava technical programming quickbase language antlr antlrworks

Deriving a Non-Recursive Fibonacci Function Using Linear Algebra

2008 Aug 20, 10:51

In my Intro to Algorithms course in college the Fibonacci sequence was used as the example algorithm to which various types of algorithm creation methods were applied. As the course went on we made better and better performing algorithms to find the nth Fibonacci number. In another course we were told about a matrix that when multiplied successively produced Fibonacci numbers. In my linear algebra courses I realized I could diagonalize the matrix to find a non-recursive Fibonacci function. To my surprise this worked and I found a function.
The Nth Fibonacci value is (1 + sqrt(5))^N - (1 - sqrt(5))^N all over sqrt(5) * 2^N
Looking online I found that of course this same function was already well known. Mostly I was irritated that after all the algorithms we created for faster and faster Fibonacci functions we were never told about a constant time function like this.

I recently found my paper depicting this and thought it would be a good thing to use to try out MathML, a markup language for displaying math. I went to the MathML implementations page and installed a plugin for IE to display MathML and then began writing up my paper in MathML. I wrote the MathML by hand and must say that's not how its intended to be created. The language is very verbose and it took me a long time to get the page of equations transcribed.

MathML has presentation elements and content elements that can be used separately or together. I stuck to content elements and while it looked great in IE with my extension when I tried it in FireFox which has builtin MathML support it didn't render. As it turns out FireFox doesn't support MathML content elements. I had already finished creating this page by hand and wasn't about to switch to content elements. Also, in order to get IE to render a MathML document, the document needs directives at the top for specific IE extensions which is a pain. Thankfully, the W3C has a MathML cross platform stylesheet. You just include this XSL at the top of your XHTML page and it turns content elements into appropriate presentation elements, and inserts all the known IE extension goo required for you. So now my page can look lovely and all the ickiness to get it to render is contained in the W3C's XSL.

PermalinkCommentstechnical mathml fibonacci math
Older Entries Creative Commons License Some rights reserved.