warning - Dave's Blog

My timeline on Mastodon

Windows.Web.UI.Interop.WebViewControl localhost access

2018 Jul 25, 5:34

If you're developing with the new Windows.Web.UI.Interop.WebViewControl you may have noticed you cannot navigate to localhost HTTP servers. This is because the WebViewControl's WebView process is a UWP process. All UWP processes by default cannot use the loopback adapter as a security precaution. For development purposes you can allow localhost access using the checknetisolation command line tool on the WebViewControl's package just as you can for any other UWP app. The command should be the following:

checknetisolation loopbackexempt -a -n=Microsoft.Win32WebViewHost_cw5n1h2txyewy

As a warning checknetisolation is not good on errors. If you attempt to add a package but get its package family name wrong, checknetisolation just says OK:

C:\Users\davris>checknetisolation LoopbackExempt -a -n=Microsoft.BingWeather_4.21.2492.0_x86__8wekyb3d8bbwe
And if you then list the result of the add with the bad name you'll see the following:
[1] -----------------------------------------------------------------
Name: AppContainer NOT FOUND
SID: S-1-15-...

There's also a UI tool for modifying loopback exemption for packages available on GitHub and also one available with Fiddler.

As an additional note, I mentioned above you can try this for development. Do not do this in shipping products as this turns off the security protection for any consumer of the WebViewControl.

PermalinkCommentschecknetisolation loopback security uwp webview win32webview

Tweet from David Risney

2016 Aug 30, 1:46
Turning up @Kevecca's plug them on latest comedy bang bang http://www.earwolf.com/episode/atlantis-dire-warning/ 

Retweet of iainthomson

2016 Jan 25, 10:04
What computer users see in security warning boxes #enigma2016 Very, very true. pic.twitter.com/8V4SlGwKAV

Tweet from David_Risney

2015 Nov 8, 7:35
Dear Mario Maker makers of 'expert' levels. If your level immediately kills me with no warning, your level is bad and you should feel bad.

Retweet of __apf__

2015 Feb 11, 7:44
want to live the experience of a non-technical user? watch someone narrate what they think an ssl warning is: https://www.youtube.com/watch?v=ngCIU7b5j-M …


2013 Jun 19, 2:50




So I lost. Wah, boohoo, etc etc. It doesn’t mean I’m going to give up. I love The Last Halloween. If you also loved The Last Halloween, don’t worry, it’s happening. But first I have to Kickstart it! The Kickstarter goes up within the next few days, and I hope you guys will fund it, if you’ll have me.

I’ll do a much larger post when the Kickstarter kickstarts so you’ll all know my feelings and how great everything is and how much you will be into backing it. 

I’m one of these guys being sshhhhhsh’ed. Abby had the best comics on Strip Search and so for my continued entertainment I shall help kickstart!

PermalinkCommentskickstarter strip-search

Attention:!!!, Behold, you are reading a letter from your President Barack Obama.

2012 Sep 26, 2:43

Eric gets the most entertaining mail.

You have failed to comply with them after all the warning and instructions given to you, but since you are also among the terrorist we are facing in the country, I will personal make sure that I wipe away the crime in the state and I promise you that you will definitely pay with your life because I am here to protect the interest of my people and not to put them in shame, you suppose to support this government and not to spoil it.

PermalinkCommentshumor spam scam email eric-law

Seized shirt! For the feds, it’s not enough to simply seize...

2012 Aug 17, 8:40

Seized shirt!

For the feds, it’s not enough to simply seize domain names without warning or due process—they want to make sure everyone knows the website operators were breaking the law, even if that has yet to be proven in court. That’s why every domain that gets seized ends up redirecting to one of these dramatic warning pages, replete with the eagle-emblazoned badges of the federal agencies involved.

PermalinkCommentshumor law ip fbi legal shirt tshirt

Microsoft Surface: a gentle kick in the teeth of the OEMs | Ars Technica

2012 Jun 25, 12:59

But if Surface is aimed at the OEMs—telling them “we can do this just as well as you can, if we have to”—and setting them a challenge—”your tablets have to be at least this good”—then the limited availability isn’t necessarily such a big deal. As long as the OEMs heed the warning and raise their game, so that Redmond can be assured that bad hardware won’t jeopardized Windows 8’s success, Microsoft could safely keep Surface operating as a small-scale operation, playing the Nexus role without upsetting the PC market.

PermalinkCommentstechnical surface win8 windows windows8 business

Bookmarklet of death: Domain hijacking without 0days | GNUCITIZEN

2009 Sep 23, 7:56"I do understand that it would be annoying to warn users every time they run a bookmarklet, but I think it would be sensible to show a warning at least the first time a given bookmarklet is executed. If you work for a popular web browser vendor such as Microsoft or Mozilla, you can think of this as my wish for the day! I'd love to hear your feedback if you are reading this!"PermalinkCommentstechnical bookmarklet bookmarklets security web webbrowser javascript

Meteorology Law of the People's Republic of China -- china.org.cn

2009 Feb 4, 4:16From Sorting it all Out wrt the weather gadget in Vista's sidebar, this link to China's laws on weather forecast: "Article 22 The State applies a unified system for the issue of public meteorological forecast and severe weather warning... No other organizations or individuals may issue to the community such forecast or warning." "Article 25 When the media, including radio, television, newspaper and telecommunication, issue to the community public meteorological forecast or severe weather warning, they shall use the latest meteorological information provided by a meteorological office... Part of the revenues from the distribution of meteorological information shall be drawn to support the development of meteorological service." Whether an application is legally allowed to provide a weather forecast is not an attribute I would have imagined necessary for a localization API.PermalinkCommentsvia:michael-kaplan china law legal politics weather forecast localization

Language Log - Congress plans bailout for grammar epidemic

2008 Oct 23, 2:18I had no idea lingual prescriptivists vs descriptivists were split in a partisan manner: '... The Secretary [of the Department of Education] released a report that includes dire warnings of impending doom...The cause of this immanent catastrophe is, of course, those pesky linguists, the libertarian destroyers of good usage who claim that, well, anything goes. According to the report, "the language problem has now reached the crisis level and we are now experiencing a severe epidemic of bad grammar that will affect the very fiber of our nation." The Secretary added, "an alarming number of children are suffering from the bad advice given by those socialist, left-wing, atheistic linguists and we just gotta do something about it."'PermalinkCommentshumor language politics grammar

Kelsey Creek Farm Warning Sign

2008 Apr 13, 10:12

sequelguy posted a photo:

Kelsey Creek Farm Warning Sign

PermalinkCommentssign washington farm bellevue wilburton kelseycreekfarm

Desert Space Foundation - Universal Warning Sign Exhibition

2008 Feb 2, 5:51FTA: "The purpose of the warning sign is to deter intentional or inadvertent human intrusion or interference at the site and to effectively communicate over the course of the next 10,000 years (the projected duration of the volatility of the waste) that tPermalinkCommentsart sign warning radioactive-waste nuclear-waste

Warning Signs - a photoset on Flickr

2008 Feb 1, 9:47Those warning signs for the future (from the past). I'm actually looking for the article about creating a nuclear warning sign that can survive our society collapsingPermalinkCommentsfuture sign signs warning-sign warning image humor geek nano internet scifi science singularity technology flickr

Crocodile danger - very clear warning

2007 Oct 3, 12:17Humorous crocodile danger sign.PermalinkCommentshumor sign crocodile photo photos

Wp64 Issues

2007 Aug 6, 3:43Miladin told me about the Visual Studio compiler's promising option Wp64 that finds 64bit portability issues when compiling in 32bit. If, for instance, you cast from a (long*) to a (long) you get a W4 warning. However, the #defines are still set for 32bit builds. This means that other parts of the code can make assumptions based on the #defines that are valid on 32bit but generate 64bit errors or warnings.

For instance, in winuser.h the public published Windows header file there's the following:
#ifdef _WIN64
    __in HWND hWnd,
    __in int nIndex,
    __in LONG_PTR dwNewLong);
#else  /* _WIN64 */
#define SetWindowLongPtrA   SetWindowLongA
#endif /* _WIN64 */
In 64bit everything's normal but in 32bit SetWindowLongPtrA is #defined to SetWindowLongA which takes a LONG rather than a LONG_PTR. So take the following code snippet:
LONG_PTR inputValue = 0;
LONG_PTR error = SetWindowLongPtrA(hWnd, nIndex, inputValue);
This looks fine but generates warnings with the Wp64 flag.

In 64 bit, p is cast to (LONG_PTR) and that's great because we're actually calling SetWindowLongPtrA which takes a LONG_PTR. In 32 bit, p is cast to (LONG_PTR) which is then implicitly cast to (LONG) because we're actually calling SetWindowLongA. LONG and LONG_PTR are the same size in 32bit which is fine but if you turn on the Wp64 flag there's a W4 warning because of the implicit cast from a larger size to a smaller size if you were to compile for 64bit. So even though doing a 32bit or 64bit compile would have worked just fine, if you turn on the Wp64 flag for 32bit you'd get an error here.

It looks like I'm the most recent in a list of people to notice this issue. Well I investigated this so... I'm blogging about it too!PermalinkCommentswp64 technical 64bit compiler c++ visual-studio setwindowlongptra

Andart: Warning Signs for Tomorrow

2006 Oct 20, 4:10Warning Signs for the threats of the future.PermalinkCommentshumor design art article blog images scifi
Older Entries Creative Commons License Some rights reserved.