presentation - Dave's Blog


Tweet from David Risney

2016 Nov 3, 3:59
@FakeUnicode Spaces are technically not allowed in a URI so the only reasonable representation is percent encoded.

JavaScript Types and WinRT Types

2016 Jan 21, 5:35

MSDN covers the topic of JavaScript and WinRT type conversions provided by Chakra (JavaScript Representation of Windows Runtime Types and Considerations when Using the Windows Runtime API), but for the questions I get about it I’ll try to lay out some specifics of that discussion more plainly. I’ve made a TL;DR JavaScript types and WinRT types summary table.

WinRT Conversion JavaScript
Struct ↔️ JavaScript object with matching property names
Class or interface instance JavaScript object with matching property names
Windows.Foundation.Collections.IPropertySet JavaScript object with arbitrary property names
Any DOM object

Chakra, the JavaScript engine powering the Edge browser and JavaScript Windows Store apps, does the work to project WinRT into JavaScript. It is responsible for, among other things, converting back and forth between JavaScript types and WinRT types. Some basics are intuitive, like a JavaScript string is converted back and forth with WinRT’s string representation. For other basic types check out the MSDN links at the top of the page. For structs, interface instances, class instances, and objects things are more complicated.

A struct, class instance, or interface instance in WinRT is projected into JavaScript as a JavaScript object with corresponding property names and values. This JavaScript object representation of a WinRT type can be passed into other WinRT APIs that take the same underlying type as a parameter. This JavaScript object is special in that Chakra keeps a reference to the underlying WinRT object and so it can be reused with other WinRT APIs.

However, if you start with plain JavaScript objects and want to interact with WinRT APIs that take non-basic WinRT types, your options are less plentiful. You can use a plain JavaScript object as a WinRT struct, so long as the property names on the JavaScript object match the WinRT struct’s. Chakra will implicitly create an instance of the WinRT struct for you when you call a WinRT method that takes that WinRT struct as a parameter and fill in the WinRT struct’s values with the values from the corresponding properties on your JavaScript object.

// C# WinRT component
public struct ExampleStruct
public string String;
public int Int;

public sealed class ExampleStructContainer
ExampleStruct value;
public void Set(ExampleStruct value)
this.value = value;

public ExampleStruct Get()
return this.value;

// JS code
var structContainer = new ExampleWinRTComponent.ExampleNamespace.ExampleStructContainer();
structContainer.set({ string: "abc", int: 123 });
console.log("structContainer.get(): " + JSON.stringify(structContainer.get()));
// structContainer.get(): {"string":"abc","int":123}

You cannot have a plain JavaScript object and use it as a WinRT class instance or WinRT interface instance. Chakra does not provide such a conversion even with ES6 classes.

You cannot take a JavaScript object with arbitrary property names that are unknown at compile time and don’t correspond to a specific WinRT struct and pass that into a WinRT method. If you need to do this, you have to write additional JavaScript code to explicitly convert your arbitrary JavaScript object into an array of property name and value pairs or something else that could be represented in WinRT.

However, the other direction you can do. An instance of a Windows.Foundation.Collections.IPropertySet implementation in WinRT is projected into JavaScript as a JavaScript object with property names and values corresponding to the key and value pairs in the IPropertySet. In this way you can project a WinRT object as a JavaScript object with arbitrary property names and types. But again, the reverse is not possible. Chakra will not convert an arbitrary JavaScript object into an IPropertySet.

// C# WinRT component
public sealed class PropertySetContainer
private Windows.Foundation.Collections.IPropertySet otherValue = null;

public Windows.Foundation.Collections.IPropertySet other
return otherValue;
otherValue = value;

public sealed class PropertySet : Windows.Foundation.Collections.IPropertySet
private IDictionary map = new Dictionary();

public PropertySet()
map.Add("abc", "def");
map.Add("ghi", "jkl");
map.Add("mno", "pqr");
// ... rest of PropertySet implementation is simple wrapper around the map member.

// JS code
var propertySet = new ExampleWinRTComponent.ExampleNamespace.PropertySet();
console.log("propertySet: " + JSON.stringify(propertySet));
// propertySet: {"abc":"def","ghi":"jkl","mno":"pqr"}

var propertySetContainer = new ExampleWinRTComponent.ExampleNamespace.PropertySetContainer();
propertySetContainer.other = propertySet;
console.log("propertySetContainer.other: " + JSON.stringify(propertySetContainer.other));
// propertySetContainer.other: {"abc":"def","ghi":"jkl","mno":"pqr"}

try {
propertySetContainer.other = { "123": "456", "789": "012" };
catch (e) {
console.error("Error setting propertySetContainer.other: " + e);
// Error setting propertySetContainer.other: TypeError: Type mismatch

There’s also no way to implicitly convert a DOM object into a WinRT type. If you want to write third party WinRT code that interacts with the DOM, you must do so indirectly and explicitly in JavaScript code that is interacting with your third party WinRT. You’ll have to extract the information you want from your DOM objects to pass into WinRT methods and similarly have to pass messages out from WinRT that say what actions the JavaScript should perform on the DOM.

PermalinkCommentschakra development javascript winrt

Retweet of SwiftOnSecurity

2015 Dec 23, 7:28
Does the NSA actually hack anybody, or do they just make PowerPoint presentations

Image Error Level Analysis with HTML5

2012 Apr 16, 1:59

Javascript tool says if a photo is shopped. It can tell by looking at the pixels. Seriously. Links to cool presentation on the theory behind the algorithm behind the tool:

PermalinkCommentstechnical javascript jpeg photoshop

Primer - Full Movie (by mvjstrikesagain).  This movie is great. ...

2012 Apr 16, 1:46

Primer - Full Movie (by mvjstrikesagain). 

This movie is great.  There’s really no excuse now - Primer is on YouTube for free.  Best representation and exploration of time travel in a movie.

PermalinkCommentsmovie youtube primer time-travel scifi

Alternate IPv4 Forms - URI Host Syntax Notes

2012 Mar 14, 4:30

By the URI RFC there is only one way to represent a particular IPv4 address in the host of a URI. This is the standard dotted decimal notation of four bytes in decimal with no leading zeroes delimited by periods. And no leading zeros are allowed which means there's only one textual representation of a particular IPv4 address.

However as discussed in the URI RFC, there are other forms of IPv4 addresses that although not officially allowed are generally accepted. Many implementations used inet_aton to parse the address from the URI which accepts more than just dotted decimal. Instead of dotted decimal, each dot delimited part can be in decimal, octal (if preceded by a '0') or hex (if preceded by '0x' or '0X'). And that's each section individually - they don't have to match. And there need not be 4 parts: there can be between 1 and 4 (inclusive). In case of less than 4, the last part in the string represents all of the left over bytes, not just one.

For example the following are all equivalent:
Standard dotted decimal form
Fewer parts
All of the above

The bread and butter of URI related security issues is when one part of the system disagrees with another about the interpretation of the URI. So this non-standard, non-normal form syntax has been been a great source of security issues in the past. Its mostly well known now (CreateUri normalizes these non-normal forms to dotted decimal), but occasionally a good tool for bypassing naive URI blocking systems.

PermalinkCommentsurl inet_aton uri technical host programming ipv4

John Hodgman's presentation at Maker Faire New York (Video)

2011 Sep 23, 10:13PermalinkCommentsPost technical

HTTP framework for time-based access to resource states -- Memento

2011 Apr 30, 4:33"The HTTP-based Memento framework bridges the present and past Web by interlinking current resources with resources that encapsulate their past. It facilitates obtaining representations of prior states of a resource, available from archival resources in Web archives or version resources in content management systems, by leveraging the resource's URI and a preferred datetime. To this end, the framework introduces datetime negotiation (a variation on content negotiation), and new Relation Types for the HTTP Link header aimed at interlinking resources with their archival/version resources. It also introduces various discovery mechanisms that further support briding the present and past Web."PermalinkCommentstechnical rfc reference http header time memento archive

CommonJS, I Promise by Kris Kowal - ☠ 2010

2010 Dec 14, 3:06"Join Kris for a pointed presentation on the state of CommonJS: what's done, what's being debated, and what needs to be done."PermalinkCommentsjavascript video commonjs technical kris-kowal

JavaScript - The Evil Parts

2010 Oct 4, 2:10Billy Hoffman on web securityPermalinkCommentsbilly-hoffman javascript web technical security video presentation

Presentation Zen: A long time ago, before death by PowerPoint

2010 Aug 23, 10:48What if the death star briefing in Star Wars IV had Power Point?
PermalinkCommentshumor powerpoint office starwars presentation communication

Schneier on Security: Alerting Users that Applications are Using Cameras, Microphones, Etc.

2010 May 24, 6:26"What You See is What They Get: Protecting users from unwanted use of microphones, cameras, and other sensors," by Jon Howell and Stuart Schechter.

"We introduce the sensor-access widget, a graphical user interface element that resides within an application's display. The widget provides an animated representation of the personal data being collected by its corresponding sensor, calling attention to the application's attempt to collect the data."

Not sure how well that scales...PermalinkCommentstechnical security privacy research

RFC 5843 - Additional Hash Algorithms for HTTP Instance Digests

2010 Apr 21, 6:51Adds SHA 256 & 512 to HTTP instance digest: 'The IANA registry named "Hypertext Transfer Protocol (HTTP) Digest Algorithm Values" defines values for digest algorithms used by Instance Digests in HTTP. Instance Digests in HTTP provide a digest, also known as a checksum or hash, of an entire representation of the current state of a resource. This document adds new values to the registry and updates previous values.'PermalinkCommentshash cryptography http instance-digest sha security technical ietf rfc standard

Extreme JavaScript Performance

2009 Nov 12, 3:35Presentation comparing the performance of different JavaScript operations on different web browsers. Suggestions cover full range of good to know to common sense to ugly ugly ugly.PermalinkCommentsvia:thefangmonster performance javascript browser web technical tips presentation

It's 1975 And This Man Is About To Show You The Future

2009 Nov 9, 11:26Awesome tital and design.PermalinkCommentsart design technology ibm future typography retro vintage internet via:ethan_t_hein presentation

YouTube - JavaScript: The Good Parts

2009 Oct 28, 11:02"This session will expose the goodness in JavaScript, an outstanding dynamic programming language. Within the language is an elegant subset that is vastly superior to the language as a whole, being more reliable, readable and maintainable." Zeke recommended listening to his talks.PermalinkCommentsgoogle video technical douglas-crockford javascript programming presentation jslint web browser

YouTube - The Web That Wasn't

2009 Oct 28, 8:31"The presentation will focus on the pioneering work of Paul Otlet, Vannevar Bush, and Doug Engelbart, forebears of the 1960s and 1970s like Ted Nelson, Andries van Dam, and the Xerox PARC team, and more recent forays like Brown's Intermedia system." Covers things like As We May Think and others who could have made the Web. Would love to have this as a summary with links to everything rather than a video =)PermalinkCommentsvia:connolly technical google video internet web information technology memex

Presentation - Integrating Web Innovations into Museums - "Going Analog"

2009 May 3, 4:36Besides being an interesting presentation with real world examples off Web ideas applied to museums, the presentation itself (although its all icky flash) is lovely.PermalinkCommentsvia:mattb museum flash presentation visualization

InfoQ: HTTP Status Report

2009 Apr 29, 12:34"In this presentation, recorded at QCon San Francisco 2008, HTTPbis WG chair Mark Nottingham gives an update on the current status of the HTTP protocol in the wild, and the ongoing work to clarify the HTTP specification."PermalinkCommentshttp httpbis protocol ietf reference video authentication cookie uri url tcp sctp mark-nottingham via:ericlaw

Everything you know about ARGs is WRONG

2008 Dec 29, 1:48"That's that sorted then. No more "alternate reality" bullshit. We can use the word "fiction" or "story" instead, so normal people can understand us."PermalinkCommentshumor fiction arg story presentation slideshow talk marketing game via:mattb
Older Entries Creative Commons License Some rights reserved.