product - Dave's Blog

Search

Windows.Web.UI.Interop.WebViewControl localhost access

2018 Jul 25, 5:34

If you're developing with the new Windows.Web.UI.Interop.WebViewControl you may have noticed you cannot navigate to localhost HTTP servers. This is because the WebViewControl's WebView process is a UWP process. All UWP processes by default cannot use the loopback adapter as a security precaution. For development purposes you can allow localhost access using the checknetisolation command line tool on the WebViewControl's package just as you can for any other UWP app. The command should be the following:

checknetisolation loopbackexempt -a -n=Microsoft.Win32WebViewHost_cw5n1h2txyewy

As a warning checknetisolation is not good on errors. If you attempt to add a package but get its package family name wrong, checknetisolation just says OK:

C:\Users\davris>checknetisolation LoopbackExempt -a -n=Microsoft.BingWeather_4.21.2492.0_x86__8wekyb3d8bbwe
OK.
And if you then list the result of the add with the bad name you'll see the following:
[1] -----------------------------------------------------------------
Name: AppContainer NOT FOUND
SID: S-1-15-...

There's also a UI tool for modifying loopback exemption for packages available on GitHub and also one available with Fiddler.

As an additional note, I mentioned above you can try this for development. Do not do this in shipping products as this turns off the security protection for any consumer of the WebViewControl.

PermalinkCommentschecknetisolation loopback security uwp webview win32webview

Tweet from Keeper of Lore

2016 Oct 5, 12:08
There's just no hope for infosec pressures if literal exploding products don't kill a company. https://twitter.com/mattblaze/status/783851371858657280 
PermalinkComments

Tweet from David Risney

2016 Apr 8, 4:52
@_lance_leonard @ericlaw First thought was confusion as to why Logo was getting used in production https://en.wikipedia.org/wiki/Logo_(programming_language) 
PermalinkComments

Retweet of dakami

2015 Sep 20, 11:49
How long would it take to stand up a generic Daraprim production line? Pretty sure we could literally crowdfund one from F*** That Guy rage
PermalinkComments

fuckyeahpeeweeherman:Pee-wee Herman’s next adventure is coming...

2015 Mar 17, 3:28


fuckyeahpeeweeherman:

Pee-wee Herman’s next adventure is coming to Netflix.

Netflix says the film will be called “Pee-wee’s Big Holiday” and will feature Pee-wee taking his first-ever vacation after meeting a mysterious stranger.

Reubens created the quirky character in the 1980s when he was a member of the Groundlings improv group.

Netflix currently streams the Pee-wee films “Pee-wee’s Big Adventure” and “Big Top Pee-wee,” as well as the TV show “The Pee-wee Herman Show” and “Pee-wee’s Playhouse.”

“Pee-wee’s Big Holiday” is being produced by Judd Apatow and directed by John Lee. Reubens is writing the movie’s script with Paul Rust.

Netflix says production will begin this year.

PermalinkComments

fuckyeahpeeweeherman:Pee-wee Herman’s next adventure is coming...

2015 Mar 17, 3:28


fuckyeahpeeweeherman:

Pee-wee Herman’s next adventure is coming to Netflix.

Netflix says the film will be called “Pee-wee’s Big Holiday” and will feature Pee-wee taking his first-ever vacation after meeting a mysterious stranger.

Reubens created the quirky character in the 1980s when he was a member of the Groundlings improv group.

Netflix currently streams the Pee-wee films “Pee-wee’s Big Adventure” and “Big Top Pee-wee,” as well as the TV show “The Pee-wee Herman Show” and “Pee-wee’s Playhouse.”

“Pee-wee’s Big Holiday” is being produced by Judd Apatow and directed by John Lee. Reubens is writing the movie’s script with Paul Rust.

Netflix says production will begin this year.

PermalinkComments

On exploiting security issues in botnet C&C...

2014 Jun 23, 4:26


On exploiting security issues in botnet C&C software:

Hackers “are learning that it’s not so easy to write secure code,” Toro says. “Most of us in the business of securing our applications and systems know that bulletproofing software is an extremely expensive and exhaustive undertaking. Malware creators who have to look to their own defences would have to slow down the production of new attacks.”

FYI, if you want to know what it looks like when you hack a hacker, look no further than the seminal 1995 film Hackers.

PermalinkCommentstechnical security

The Doritos origin story: Repurposed garbage from Disneyland

2014 May 6, 7:16

shortformblog:

A reminder that those Doritos you love are trash:

Shortly after Disneyland opened in 1955, the founder of Frito-Lay got permission from Walt Disney to open a restaurant in Frontierland with a Mexican-ish theme. “Casa de Fritos” was, unsurprisingly, all about the Fritos. Customers got free Fritos, and Fritos were incorporated into many of the dishes. Fritos were dispensed by an animatronic vending machine that featured the terrifying “Frito Kid”asking his assistant “Klondike” to bring the bag up from a mineshaft. I guess the conceit is that Fritos were mined by Forty-Niners?

Casa de Fritos contracted their tortilla production to a company called Alex Foods. One of the salesmen from Alex Foods, making a delivery to Casa de Fritos, noticed stale tortillas in the garbage and gave the cook a little tip: fry them and sell them as chips instead of throwing them away. Casa de Fritos began making these fried, seasoned chips to enormous success, but didn’t report this new menu item to the Frito-Lay company.

Eventually Frito-Lay found out what they were doing with the chips, packaged them, and sold them by the truckload. See, dumpster diving works out sometimes!

PermalinkComments

Windows Store on Windows 8 Fun For Independent Developers

2013 Jun 24, 1:00
Having worked on Windows 8 I'm not in a neutral position to review aspects of it, however I'll say from a high level I love taking the following various positives from smart phone apps and app stores and applying it to the desktop:
  • Independent developers can easily publish apps.
  • One trusted place for a user to find apps.
  • User can trust apps are limited to a declared set of capabilities.
  • One common and easy way for users to buy and try apps.
  • Easy mechanism for independent developers to collect revenue.
Relieving the independent developer of software development overhead, in this case Windows taking care of distribution and sales infrastructure is wonderful for me with my third party developer hat on. This combined with my new found fun of developing in JavaScript and the new Windows Runtime APIs means I've been implementing and finishing various ideas I've had - some for fun and some for productivity on my Surface. Development notes to follow.
PermalinkCommentsstore technical windows windows-store

A Slower Speed of Light Official Trailer — MIT Game Lab (by...

2012 Nov 13, 7:41


A Slower Speed of Light Official Trailer — MIT Game Lab (by Steven Schirra)

“A Slower Speed of Light is a first-person game in which players navigate a 3D space while picking up orbs that reduce the speed of light in increments. A custom-built, open-source relativistic graphics engine allows the speed of light in the game to approach the player’s own maximum walking speed. Visual effects of special relativity gradually become apparent to the player, increasing the challenge of gameplay. These effects, rendered in realtime to vertex accuracy, include the Doppler effect; the searchlight effect; time dilation; Lorentz transformation; and the runtime effect.

A production of the MIT Game Lab.

Play now for Mac and PC! http://gamelab.mit.edu/games/a-slower-speed-of-light/

PermalinkCommentsscience game video-game mit 3d light-speed

(via GIF: Purrductivity »> Productivity!)

2011 Nov 26, 6:41


(via GIF: Purrductivity »> Productivity!)

PermalinkCommentshumor cat animation

URI Empty Path Segments Matter

2011 Nov 23, 11:00

Shortly after joining the Internet Explorer team I got a bug from a PM on a popular Microsoft web server product that I'll leave unnamed (from now on UWS). The bug said that IE was handling empty path segments incorrectly by not removing them before resolving dotted path segments. For example UWS would do the following:

A.1. http://example.com/a/b//../
A.2. http://example.com/a/b/../
A.3. http://example.com/a/
In step 1 they are given a URI with dotted path segment and an empty path segment. In step 2 they remove the empty path segment, and in step 3 they resolve the dotted path segment. Whereas, given the same initial URI, IE would do the following:
B.1. http://example.com/a/b//../
B.2. http://example.com/a/b/
IE simply resolves the dotted path segment against the empty path segment and removes them both. So, how did I resolve this bug? As "By Design" of course!

The URI RFC allows path segments of zero length and does not assign them any special meaning. So generic user agents that intend to work on the web must not treat an empty path segment any different from a path segment with some text in it. In the case above IE is doing the correct thing.

That's the case for generic user agents, however servers may decide that a URI with an empty path segment returns the same resource as a the same URI without that empty path segment. Essentially they can decide to ignore empty path segments. Both IIS and Apache work this way and thus return the same resource for the following URIs:

http://exmaple.com/foo//bar///baz
http://example.com/foo/bar/baz
The issue for UWS is that it removes empty path segments before resolving dotted path segments. It must follow normal URI procedure before applying its own additional rules for empty path segments. Not doing that means they end up violating URI equivalency rules: URIs (A.1) and (B.2) are equivalent but UWS will not return the same resource for them.
PermalinkCommentsuser agent url ie uri technical web browser

iPod Godfather Tony Fadell Finally Reveals His New Product: A Thermostat. No, Really. | TechCrunch

2011 Oct 25, 5:37
An original iPod guy has a new company that makes... wait for it... thermostats. Weird. Well they look cool anyway.
PermalinkCommentstechnical

Native x86 Android runtime will enable Android apps on Windows

2011 May 26, 1:28This was on my todo list. I'll scratch it off knowing far more funded folks are doing this: "A startup called BlueStacks has developed an Android runtime environment for the Windows operating system. It will enable users to run Android applications alongside conventional Windows software on Microsoft's operating system." "One example would be a convertible netbook tablet that normally runs Windows but switches to an Android interface for greater touch-friendliness when the screen is flipped.
Such a product would offer the full power and multitasking capabilities of Windows but also benefit from having access to Android's broad touch-enabled software ecosystem."PermalinkCommentswindows programming android java technical

I get better spam than you - Boing Boing

2010 Dec 30, 6:42"Posted here, verbatim, is an example of the sort of spam I get. 'hello I am China dinosaur factory .Hope that you know our product more .Also hope that we can establish long-term cooperative relation.'"PermalinkCommentshumor spam robot dino

ASRock > Products > ION 330Pro

2010 Jul 26, 1:13PermalinkCommentstechnical purchase product

File-sharing has weakened copyright - and helped society

2010 Jul 1, 3:33"By charting the production of new books, new music albums, and new feature films over the last decade, the authors tried to see whether creative output went up or down in correlation with file-sharing." They find that creative output is going up while piracy also increases. But this is correlation not causation. They can't say there wouldn't be more creative output with less piracy. Regardless, still an interesting statistic.PermalinkCommentsarstechnica copyright law economics ip piracy music technical

Flavorwire » Re-assembly Required: Artists on IKEA

2010 Feb 22, 7:34Art created from IKEA products.PermalinkCommentsart design ikea hack

Wired Magazine Goes Digital - Video - Wired

2010 Feb 22, 4:25Wired's concept for a digital version of their magazine to run on tablets. Looks pretty but of course its running on Flash or somesuch Adobe product.PermalinkCommentsvideo wired web adobe magazine

Tetris Guideline - Tetris Wiki

2010 Jan 20, 8:56I had no idea of the amount of variation: "The Tetris Guideline is the current specification that The Tetris Company enforces for making all new (2001 and later) Tetris game products alike in form." Covers things like piece color, vocabulary, speeds, rotation system etc etc etc. I'll be adopting some of this in Polytope Tetris...PermalinkCommentstetris wiki reference game videogame
Older Entries Creative Commons License Some rights reserved.