wikipedia - Dave's Blog


Tweet from Chris Heilmann

2016 Nov 2, 4:57
The static on TV is referred to as “hangyafoci” by Hungarians, which translates to “ant soccer” 

Tweet from David Risney

2016 Oct 8, 4:21
Various voting systems as covered by Wikipedia: 

Tweet from David Risney

2016 Apr 8, 4:52
@_lance_leonard @ericlaw First thought was confusion as to why Logo was getting used in production 

Retweet of creativecommons

2015 Nov 24, 12:13
Why is a museum suing Wikipedia for sharing? … via @communia_eu

Retweet of WaPoSean

2015 Aug 13, 12:04
.@JebBush has now mentioned the "Wikipedia leaks" twice in his remarks.

location.hash and are bad and they should feel bad

2014 May 22, 9:25
The DOM location interface exposes the HTML document's URI parsed into its properties. However, it is ancient and has problems that bug me but otherwise rarely show up in the real world. Complaining about mostly theoretical issues is why blogging exists, so here goes:
  • The location object's search, hash, and protocol properties are all misnomers that lead to confusion about the correct terms:
    • The 'search' property returns the URI's query property. The query property isn't limited to containing search terms.
    • The 'hash' property returns the URI's fragment property. This one is just named after its delimiter. It should be called the fragment.
    • The 'protocol' property returns the URI's scheme property. A URI's scheme isn't necessarily a protocol. The http URI scheme of course uses the HTTP protocol, but the https URI scheme is the HTTP protocol over SSL/TLS - there is no HTTPS protocol. Similarly for something like mailto - there is no mailto wire protocol.
  • The 'hash' and 'search' location properties both return null in the case that their corresponding URI property doesn't exist or if its the empty string. A URI with no query property and a URI with an empty string query property that are otherwise the same, are not equal URIs and are allowed by HTTP to return different content. Similarly for the fragment. Unless the specific URI scheme defines otherwise, an empty query or hash isn't the same as no query or hash.
But like complaining about the number of minutes in an hour none of this can ever change without huge compat issues on the web. Accordingly I can only give my thanks to Anne van Kesteren and the awesome work on the URL standard moving towards a more sane (but still working practically within the constraints of compat) location object and URI parsing in the browser.

honeysweetsugaricklepie: Uhh has anyone notice Garry Marshall’s...

2014 Feb 24, 11:57


Uhh has anyone notice Garry Marshall’s Wikipedia page?


Wiki user ‘Gillian Marshal’ ( updated his page yesterday. Nice and subtle only editing the summary section on the right.

PermalinkCommentsgary-marshal humor wikipedia gillian-jacobs gillian-marshal comedy-bang-bang

Words with Hints Windows 8 App Development Notes

2013 Jul 4, 1:00

My second completed app for the Windows Store was Words with Hints a companion to Words with Friends or other Scrabble like games that gives you *ahem* hints. You provide your tiles and optionally letters placed in a line on the board and Words with Hints gives you word options.

I wrote this the first time by building a regular expression to check against my dictionary of words which made for a slow app on the Surface. In subsequent release of the app I now spawn four web workers (one for each of the Surface's cores) each with its own fourth of my dictionary. Each fourth of the dictionary is a trie which makes it easy for me to discard whole chunks of possible combinations of Scrabble letters as I walk the tree of possibilities.

The dictionaries are large and takes a noticeable amount of time to load on the Surface. The best performing mechanism I found to load them is as JavaScript source files that simply define their portion of the dictionary on the global object and synchronously (only on the worker so not blocking the UI thread). Putting them into .js files means they take advantage of bytecode caching making them load faster. However because the data is mostly strings and not code there is a dramatic size increase when the app is installed. The total size of the four dictionary .js files is about 44Mb. The bytecode cache for the dictionary files is about double that 88Mb meaning the dictionary plus the bytecode cache is 132Mb.

To handle the bother of postMessage communication and web workers this was the first app in which I used my promise MessagePort project which I'll discuss more in the future.

This is the first app in which I used the Microsoft Ad SDK. It was difficult to find the install for the SDK and difficult to use their website, but once setup, the Ad SDK was easy to import into VS and easy to use in my app.

PermalinkCommentsdevelopment technical windows windows-store words-with-hints

Stripe CTF - Level 7

2012 Sep 13, 5:00

Level 7 of the Stripe CTF involved running a length extension attack on the level 7 server's custom crypto code.


def logs(id):
rows = get_logs(id)
return render_template('logs.html', logs=rows)


def verify_signature(user_id, sig, raw_params):
# get secret token for user_id
row = g.db.select_one('users', {'id': user_id})
except db.NotFound:
raise BadSignature('no such user_id')
secret = str(row['secret'])

h = hashlib.sha1()
h.update(secret + raw_params)
print 'computed signature', h.hexdigest(), 'for body', repr(raw_params)
if h.hexdigest() != sig:
raise BadSignature('signature does not match')
return True


The level 7 web app is a web API in which clients submit signed RESTful requests and some actions are restricted to particular clients. The goal is to view the response to one of the restricted actions. The first issue is that there is a logs path to display the previous requests for a user and although the logs path requires the client to be authenticatd, it doesn't restrict the logs you view to be for the user for which you are authenticated. So you can manually change the number in the '/logs/[#]' to '/logs/1' to view the logs for the user ID 1 who can make restricted requests. The level 7 web app can be exploited with replay attacks but you won't find in the logs any of the restricted requests we need to run for our goal. And we can't just modify the requests because they are signed.

However they are signed using their own custom signing code which can be exploited by a length extension attack. All Merkle–Damgård hash algorithms (which includes MD5, and SHA) have the property that if you hash data of the form (secret + data) where data is known and the length but not content of secret is known you can construct the hash for a new message (secret + data + padding + newdata) where newdata is whatever you like and padding is determined using newdata, data, and the length of secret. You can find a script on VNSecurity blog that will tell you the new hash and padding per the above. With that I produced my new restricted request based on another user's previous request. The original request was the following.

The new request with padding and my new content was the following.
My new data in the new request is able to overwrite the waffle parameter because their parser fills in a map without checking if the parameter existed previously.


Code review red flags included custom crypto looking code. However I am not a crypto expert and it was difficult for me to find the solution to this level.

PermalinkCommentshash internet length-extension security sha1 stripe-ctf technical web

A New Species Discovered ... On Flickr (

2012 Aug 11, 9:17

Winterton, a senior entomologist at the California Department of Food and Agriculture, has seen a lot of bugs. But he hadn’t seen this species before.

There’s no off switch when you’re the senior entomologist. If you’re browsing the web you find your way to Flickr photos of insects or start correcting Wikipedia articles on insects.

PermalinkCommentsflickr insect science photos

Reddit explains Obamacare

2012 Jul 1, 5:16

PPACA (aka Obamacare) broken down into its main subsections with brief explinations and citations linking into the actual PPACA document (why is it always PDF?).

Its interesting to see the very small number of parts folks are complaining about versus the rest which mostly strikes me as “how could this not already be the case?”

I’m no expert, and everything I posted here I attribute mostly to Wikipedia or the actual bill itself, with an occasional Google search to clarify stuff. I am absolutely not a difinitive source or expert. I was just trying to simplify things as best I can without dumbing them down. I’m glad that many of you found this helpful.”

PermalinkCommentshealth-care politics PPACA obama obamacare law legal

HTTP Compression Documentation Reference

2012 Jun 13, 3:08
There's a lot of name reuse in HTTP compression so I've made the following to help myself keep it straight.
HTTP Content Coding Token gzip deflate compress
An encoding format produced by the file compression program "gzip" (GNU zip) The "zlib" format as described in RFC 1950. The encoding format produced by the common UNIX file compression program "compress".
Data Format GZIP file format ZLIB Compressed Data Format The compress program's file format
Compression Method Deflate compression method LZW
Deflate consists of LZ77 and Huffman coding

Compress doesn't seem to be supported by popular current browsers, possibly due to its past with patents.

Deflate isn't done correctly all the time. Some servers would send the deflate data format instead of the zlib data format and at least some versions of Internet Explorer expect deflate data format instead of zlib data format.

PermalinkCommentscompress compression deflate gzip http http-header technical zlib

Slash (punctuation) - Wikipedia, the free encyclopedia

2012 May 8, 5:36

Wikipedia’s alternate names for the slash include stroke, solidus, and separatrix.

PermalinkCommentshumor wikipedia typography slash

Timeline of the far future (

2012 May 6, 3:01

Answers those questions like “When will the Sun boil away the Earth’s oceans?” and “When will the Sun burn out?”, but brings up new questions like which supercontinent configuration will win? I’m hoping for Pangea Ultima as it has the best name.

PermalinkCommentshistory future astronomy sun earth universe

Prime HTTP Status Codes

2012 Feb 22, 4:00
These are the prime HTTP status codes:
PermalinkCommentshttp prime technical useless

The 'Undue Weight' of Truth on Wikipedia (

2012 Feb 15, 5:13

Interesting article on an expert attempting to modify an article on Wikipedia.  Sounds like an issue when presented in this fashion, but looking at it from Wikipedia’s perspective, I don’t know how they could do better.

PermalinkCommentstruth wikipedia internet

Herpderpedia, A Collection of Tweets by People Freaking Out About Wikipedia’s SOPA & PIPA Blackout

2012 Jan 18, 4:28PermalinkCommentshumor sopa pipa wikipedia law legal

Notabilia – Visualizing Deletion Discussions on Wikipedia

2011 Jan 10, 9:41PermalinkCommentswikipedia visualization infographics design analysis humor

Ratatat Rocks

2010 Dec 28, 10:42
I just found out that I like the group Ratatat. I'd first heard them way back when the Zune was first released as the backing for Los Corazones on the website.

But I didn't know who they were until today when I watched this Filmography 2010 video (via Kottke)

Until about 1:16 in, the music is Ratatat's Nostrand. On the first viewing it drove me crazy because I could only vaguely recall hearing something like that music before. I tracked it down via the zune-arts thing above and eventually found my way to the Nostrand video. Funny, all the recent comments on that one are from people who also just watched the Filmography video.

Berners Street Hoax - Wikipedia, the free encyclopedia

2010 Dec 6, 12:17Ye olde DoS: "The Berners Street Hoax was perpetrated by Theodore Hook in the City of Westminster, London, in 1809. Hook had made a bet with his friend, Samuel Beazley, that he could transform any house in London into the most talked-about address in a week, which he achieved by sending out thousands of letters in the name of Mrs Tottenham, who lived at 54 Berners Street, requesting deliveries, visitors, and assistance."PermalinkCommentshumor history prank
Older Entries Creative Commons License Some rights reserved.