dans.blog


The miscellaneous ramblings and thoughts of Dan G. Switzer, II

Visual IP Locator based upon AJAX and the Google Maps JSAPI...

Matt Inman has released a little AJAX application that uses the Google Map Javascript API to visually display the location of an IP address.

Creating a visual IP address map isn't a perfect location, so don't expect to see your home address show up. Instead, they usually do a pretty good job of tracking the IP address back to your local ISP. Interesting product none the less.


FireBug - A great new Firefox Extension for Web Developers...

I find this nifty Firefox extension over on the Digital Media Minute blog. The FireBug extension is basically a combination of a DOM Inspector, JavaScript Console and XmlHttpRequest packet sniffer—all wrapped up into a Sidebar component.

I haven't played around with it very much yet, but for a "pre-pre-alpha" seems to work very well. I did notice that the keyboard shortcut to show the sidebar, does not hide it if it's already visible. That's the only thing I've found so far.


Adaptive Path releases excellent Date Slider widget

The guys over at Adaptive Path have released a Flash-based Date Slider that can be controlled via JavaScript.

The Data Slider widget is pretty darn slick. What makes this Date Slider unique is that it is design to show a bar graph of results and you use the slider to narrow down to a specific date range. You could then use the selected range to zoom in on the data, or maybe show a detailed report history from that time frame. Here's a screenshot:

mm_date_slider.gif

more…


Microsoft releases "official" WMF patch

A follow up from my blog post on Wednesday. Looks like peer pressure really got to Microsoft. An official patch to the WMF vulnerability was released late yesterday. If you don't have your PC set to automatically update, make sure to go visit the Windows Update site (make sure you're using Internet Explorer) and patch your system ASAP.

So much for Microsoft sticking to their patch release schedule. Personally, I'm glad they didn't wait. They should be releasing patches as they're available. If corporations want to wait and release things on a schedule, that's fine, but let us contractors and personal users fix our computers as quickly as possible.


WMF Hotfix for nasty Windows vulnerability

This isn't exactly breaking news, but there's a very nasty bug in Windows 2000, XP and 2003 that has just recently been revealed being called the "WMF vulnerability." The bug has to do with a vulnerable function in GDI32.DLL library that can allow a malicious hacker/web site to install a virus/spyware on your computer.

What makes this bug extremely dangerous is any program that views images (such as Internet Explorer, Firefox, etc) is vulnerable.

Microsoft is claiming that there will not be an "official" patch for this bug until next week. However, this thing is nasty enough that everyone running Windows 2000, XP or 2003 should take some kind of action now.

more…


New Version of Fiddler HTTP Debugging Proxy Available - Critical Security Update

I just noticed that there's a new version of Eric Lawrence's Fiddler HTTP debugging proxy available. This update claims to be critical security update and it's recommended you update immeditately.

For those of you who don't know, Fiddler is a great way tool for monitoring the HTTP traffic on your box. If you're doing any kind of RPC (web services, Flash remoting, AJAX) over HTTP, then this application is a must have.

Here's what's in the new version:

more…


Firefox - Upgrade JavaScript Console Extension

Jim Rutherford over at Digital Media Minute blogged about a next generation JavaScript console which is a Firefox v1.5 extension called Console².

This extension adds a lot of necessary functions to the Firefox JavaScript Console window (which is renamed "Error Console") such as: sorting errors, filtering errors by type (CSS, JS, XML) and you can even search over the errors.

One tip, the "Clear" button isn't on the toolbar by default. To add it you'll need to right-click the toolbar and choose "Customize". Not sure why they didn't add the "Clear" button by default—seems like a button that's absolutely necessary. I know it's a button I use pretty much any time I have the JavaScript console open.


Cool Firefox Extension - foXpose

The Viamatic foXpose plug-in is an extension for Firefox v1.5 that will show all your open tabs in single window with thumbnail previews of the window.I've seen this blogged about a lot recently, but finally tried it out based upon an IM from Cameron Childress.

I was worried that the plug-in would be too CPU intensive, but it does really seem to negatively affect my performance in Firefox. Plus, it's really slick being able to see thumbnails of all my open tabs.

You can activate foXpose by either pressing [CTRL]+[SHIFT]+[X] or by clicking the pane icon in the lower-right hand corner of the window.


Possible Buffer Overflow Bug in Firefox v1.5

John Dowdell posted about a possible buffer overflow bug in Firefox v1.5.

I'm not sure why you wouldn't cap the document.title object at 256 or 1024 characters. There's really no reason why you should be able to dump that many chars into that property anyway.

So, if you find Firefox v1.5 is crashing everytime you start the application, try deleting your history.dat. Actually, I'd recommend renaming it to history.bak that way you don't lose everything if it doesn't fix the problem.


TIP: Adding "Command Prompt Here" Context Menu

I often find myself needing to open up a command line on a specific directory. Since Windows Explorer is almost always open on my machine while I'm developing, it makes perfect since that I'd want to use Windows Explorer to open up a command line prompt in a specific directory via the context menu. How can you do this you ask? You edit the registry.

This is not a new tip. It's been around since Windows 95. There's even been a Microsoft PowerToy that does this for every version of Windows, but essentially all it does is create some registry entries for you. I prefer manually editing the registry, as I then have complete control over how I want the listing to appear.

  1. Open regedit
  2. Navigate to HKEY_LOCAL_MACHINE/Software/Classes/Folder/Shell
  3. Create a new key called command prompt
  4. Your default value should be Command Prompt Here
  5. Create a new key called commandunder the command prompt key
  6. Your default value should be cmd.exe /k pushd %L

more…


A FPS Shooter Example Using Firefox v1.5 Without Plug-ins!

I caught this on Blogzilla. If you have Firefox v1.5, this is very cool. The <canvas> tag looks pretty slick, but since only Firefox supports it, I can't see much use for it right now.

New in Firefox 1.5 is support of the <canvas> tag, which is a new HTML element that can be used to draw graphics using JavaScript. It's not SVG, even though it overlaps functionality with SVG.

Rafael Robayna has created a simple painter demo. A little more detailed is the first-person shooter demonstration.

While both are a little slow and not so smooth, it's still cool to see something like this is possible.

More on <canvas> tag:
Mozilla Developer entry for Canvas
Mozilla Wiki entry for Canvas


Firefox v1.5 Released

Firefox v1.5 is being released today. The website still says RC3 is the latest build, but you should see an official announcement later today (probably between 6pm-9pm EST.)

Download Firefox v1.5 (English) now.


Eyetrack III - Revealing how user's view a web page...

I actually came across this article several weeks ago, but just never came around to blogging about it. Eyetrack III has released their results from their latest testings and the results are pretty interesting, but not exactly surprising.

In a nutshell, this survey tracked users and the movement of their eyes when viewing a web page. Here is a diagram of how most users tended to first scan a web page:

User's Eye Movement Pattern

more…


Browsershots.org - Website screen capturing service

A new free, community driven, web-based Browser Screenshot tool has been introduced called Browsershots.

The concept of Browsershots it to provide you screenshots of a URL you specify in a variety of different browsers and platforms. This is so you can verify that your pages are working correctly.

Browsershots uses a community computing to do all the processing of the screenshots. Users from around the world can load a client on their PC which will grab requests from the queue, process them and then upload the static images to the Browsershots web page. Since everything works off a giant queue, processing may take awhile--they suggest to keep checking the queue for up to 24-48 hours.

more…


MD5 Collision Attack Code Released

I missed this on Slashdot (since I rarely read it anymore,) but thanks to Cameron's blog post I caught this piece of news. The first code has been released that shows how to find collisions in the MD5 algorithm. Essentially this means two completely different source files can be salted to produce the same string. In a nutshell, if you're relying on an MD5 hash to gaurentee the integrity of a file, you have problems—especially if you're relying on it producing unique, secure hash strings.

For a good layman explanation of the problem and the exploit, Magnus Daum & Stefan Lucks have published a really good article over at CITS titled Attacking Hash Functions by Poisoned Messages "The Story of Alice and her Boss".