JSONP. Compromised in 3…2…1…
To embed a vimeo video on some page, I had a look at their different methods for embedding and the easiest one seemed to be what is basically JSONP - a workaround for the usual restriction of disallowing AJAX over domain boundaries.
But did you know, that JSONP not only works around the subdomain restriction, it basically is one huge cross site scripting exploit and there's nothing you can do about it?
You might have heard this and you might have found articles like this one thinking that using libraries like that would make you save. But that's an incorrect assumption. The solution provided in the article has it backwards and only helps to protect the originating site against itself, but it does not help at all to protect the calling site from the remote site.
You see, the idea behind JSONP is that you source the remote script using <script src="http://remote-service.example.com/script.js"> and the remote script then (after being loaded into your page and thus being part of your page) is supposed to call some callback of the original site (from a browsers standpoint it is part the original site).
The problem is that you do not get control over the loading let alone content of that remote script. Because the cross-domain restrictions prevent you from making an AJAX request to a remote server, you are using the native HTML methods for cross domain requests (which should not have been allowed in the first place) and at that moment you relinquish all control over your site as that remotely loaded script runs in the context of your page, which is how you get around the cross domain restrictions - by loading the remote script into your page and executing it in the context of your page.
Because you never see that script until it is loaded, you cannot control what it can do.
Using JSONP is basically subjecting yourself to an XSS attack by giving the remote end complete control over your page.
And I'm not just talking about malicious remote sites... what if they themselves are vulnerable to some kind of attack? What if they were the target of a successful attack? You can't know and once you do know it's too late.
This is why I would recommend you never to rely on JSONP and find other solutions for remote scripting: Use a local proxy that does sanitization (i.e. strict JSON parsing which will save you), rely on cross-domain messaging that was added in later revisions of the upcoming HTML5 standard.
Of all the hardware that can break…
... it has to be the one that's most difficult to replace.
Today, my Gefen HDMI over Cat5 adapter died. Well. It didn't die completely, it just lost its ability to produce a stable image. What is transmitted is very intermittent and in the few seconds the image is available, it's heavily distorted.
Also, it's not the obvious issue (faulty cabling) as the problems did not go away after using two very short (1m) cat 5 cables to test.
Now this is really bad for a variety of reasons:
- Only just last Saturday I bought Star Ocean and Tales of Vesperia for my 360, giving me a total play time of 1.5 hours so far.
- Yesterday I noticed that Worms: Armageddon was released for Xbox arcade and I have already invited Ebi after the huge success that was our earlier Worms evening on the 360.
- My setup is totally dependent on the two extenders as I am covering more than 20 meters of distance between receiver and projector. No extender, no Xbox, no Wii, no projector.
- Last time I waited around six weeks for the extender to arrive
Of all the hardware I'm having at home, the HDMI extender is the worst to break. Not only is it very hard to replace (see above), it's so deeply integrated into my home cinema setup that just debugging what was going on took a ladder, a screwdriver, a hex-wrench and unwinding an ungodly heap of cables.
All of that in an apartment whose temperature is currently at 30°C (86 °F) and with a hell of a headache.
I'd take anything else going down. Anything but that Gefen extender. My XBox? Sure. Shion? It'd suck, but sure if it has to be, go ahead. My reciever? That would hurt as it was very expensive, but at least it's easily replaced.
Why did it have to be that Gefen extender? Why??
Playing Worms Armageddon on a Mac
Last weekend, I had a real blast with the Xbox 360 Arcade version of worms. Even after so many years, this game still rules them all, especially (if not only) in multiplayer mode.
The only drawback of the 360 version is the lack of weapons.
While the provided set is all well, the game is just not the same without the Super Banana Bomb or the Super Sheep.
So this is why I looked for my old Worms Armageddon CD and tried to get it to work on todays hardware.
Making it work under plain Vista was easy enough (get the latest beta patch for armageddon, by the way):
Right-Click the Icon, select the compatibility tab, chose Windows XP, Disable Themes and Desktop composition and run the game with administrative privileges.
You may get away with not using one option or the other, but this one worked consistently.
To be really useful though, I wanted to make the game run under OS X as this is my main environment and I really dislike going through the lengthy booting process that is bootcamp.
I tried the various virtualization solutions around - something that should work seeing that the game doesn't really need much in terms of hardware support.
But unfortunately, this was way harder than anticipated:
- The initial try was done using VMWare Fusion which looked very good at first, but failed miserably later on: While I was able to launch (and actually use) the games frontend, the actual game was a flickery mess with no known workaround.
- Parallels failed by displaying a black menu. It was still clickable, but there was nothing on the screen but blackness and a white square border. Googling around a bit led to the idea to set SlowFrontendWorkaround in the registry to 0 which actually made the launcher work, but the game itself crashed consistenly without error message.
In the end, I've achieved success using VirtualBox. The SlowFrontendWorkaround is still needed to make the launcher work and the mouse helper of the VirtualBox guest tools needs to be disabled (on the Machine menu, the game still runs with the helper enabled, but you won't be able to actually control the mouse pointer consistently), but after that, the game runs flawlessly.
Flickerless and with a decent frame rate. And with sound, of course.
To enable the workaround I talked about, use this .reg file.
Now the slaughter of worms can begin 
The consumer loses once more
DRM strikes again. This time, apparently, the PC version of Gears of War stopped working. This time it seems to be caused by an expired certificate.
Even though I do not play Gears of War, I take issue in this because of a multitude of problems:
First, it's another reason where DRM does nothing to stop piracy but punishes the honest user for buying the original - no doubt, the cracked versions of the game will continue to work due to the stripped out certificate check.
Second, using any form of DRM with any type of media is incredibly shortsighted if it requires any external support to work correctly. Be it a central authorization server, be it a correct clock - you name it. Sooner or later you won't sell any more of your media and thus you will shut your DRM servers down, screwing the most loyal of your customers.
This is especially apparent with the games market. Like no other market, there exists a really vivid and ever growing community of retro gamers. Like no other type of media, games seem to make users to want to go back to them and see them again - even after ever so many years.
Older games are speedrunned, discussed and even utterly destroyed. Even if the count in players declines over the years, it will never reach zero.
Now imagine DRM in all those old games once you turn off the DRM server or a certificate expires: No more speedruns. No more discussion forums. Nothing. The games are devalued and you as a game producer shut out your most loyal customers (those that keep playing your game after many years).
And my last issue is with this Gears of War case in particular: A time limited certificate does not make any sense in this case. It's identity that must be checked. Let's say the AES key used to encrypt the game was encrypted with the private key of the publisher (thus the public key will be needed to decrypt it) and the public key is signed by the publishers CA, then, while you check the identity of the publishers certificate, checking the time certainly is not needed. If it was valid once, it's probably valid in the future as well.
Or better: A cracker with the ability to create certificates that look like they were signed by the publisher will highly likely also be able to make them with any timed validity.
This issue here is that Gears of War probably uses some library function to check for the certificate and this library function also checks the timestamp on the certificate. The person that issued the certificate either thought that "two years is well enough" or just used the default value in their software.
The person using the library function just uses that, not thinking about the timestamp at all.
Maybe, the game just calls some third-party DRM library which in turn calls the X.509 certificate validation routines and due to "security by obscurity" doesn't document how the DRM works, thus not even giving the developer (or certificate issuer) any chance to see that the game will stop working once the certificate runs out.
This is lazyness.
So it's not just monetary issues that would lead to DRMed stuff stop working. It's also lazyness and wrong sense of security.
DRM is doomed to fail and the industry finally needs to see that.
Dropbox
Dropbox is cloud storage on the next level: You install their little application - available for Linux, Mac OS X and Windows - which will create a folder which will automatically be kept synchronized between all the computers where you have installed that little application on.
Because it synchronizes in the background and always keeps the local copy around, the access-speed isn't different from a normal local folder - mainly because it is, after all, a local folder you are accessing. Dropbox is not one of these slow "online hard drives" it's more like rsync in the background (and rsync it is - the application is intelligent enough to only transmit deltas - even from binary files).
They do provide you with a web interface of course, but the synchronizing aspect is the most interesting.
The synchronized data ends up somewhere in Amazon's S3 service, which is fine with me.
Unfortunately, while the data stored in an encrypted fashion on S3, the key is generated by the Dropbox server and thus known to them, which makes Dropbox completely unusable for sensitive unencrypted data. They do state in the FAQ that this will maybe change sometime in the future, but for not it is as it is.
Still, I found some use for Dropbox: ~/Library/Preferences, ~/.zshrc and ~/.ssh all are now stored in ~/Dropbox/System and symlinked back to their original place. This means that a large chunk of my user profile is availalbe on all the computers I'm working on. I would even try the same trick with ~/Library/Application Support, but that seems risky due to the missing encryption and due to the fact that Application Support sometimes contains database files which get corrupted for sure when moved around while they are open - like the Firefox profile.
This naturally even works when the internet connection is down - DropBox synchronizes changes locally, so when the internet (or Dropbox) is down, I just have the most recent copy of when the service was still working - that's more than good enough.
Another use that comes to mind for Dropbox storage are game save files or addons you'd want to have access to on every computer you are using - just move your stuff to ~/Dropbox and symlink it back to the original place.
Very convenient.
Now if only they'd provide me with a way to provide my own encryption key. That way I would instantly buy the pro account with 25GB of storage and move lots and lots of data in there.
Dropbox is the answer to the ever increasing amount of computers in my life because now I don't care about setting up the same stuff over and over again. It's just there and ready. Very helpful.
Dynamic object creation in Delphi
In a quite well-known pattern, you have a certain amount of classes, all inheriting from a common base and you have a factory that creates instances of these classes. Now let's go further ahead and assume that the factory will have no knowledge of what classes will be available at run-time.
Each of this classes registers itself at run-time depending on a certain condition and then the factory will create instances depending on that registration.
This post is about how to do this in Delphi. Remember that this sample is very much abstracted and the real-world application is quite a bit more complex, but this sample should be enough to demonstrate the point.
Let's say, we have these classes:
type TJob = class(TObject) public constructor Create; end; TJobA = class(TJob) public constructor Create; end; TJobB = class(TJob) public constructor Create; end; TJobAA = class(TJobA) public constructor Create; end; |
Each of these constructors does something to initialize the instance and thus calls its parent using 'inherited'.
Now, let's further assume that we have a Job-Repository that stores a list of available jobs:
type TJobRepository = class(TObject) private FAvailableJobs: TList; public procedure registerJob(cls: TClass); function getJob(Index: Integer): TClass; end; |
Now we can register our jobs
rep = TJobRepository.Create; if condition then rep.RegisterJob(TJobAA); if condition2 then rep.RegisterJob(TJobB); |
and so on. Now at runtime, depending on some condition, we will instantiate any of these registered jobs. This is how we'd do that:
job = rep.getJob(0).Create; |
Sounds easy. But this doesn't work.
job in this example will be of type TJobAA (good), but its constructor will not be called (bad). The solution is to
- Declare the constructor of TJob as being virtual.
- Create a Meta-Class for TJob, because the Constructor of TObject is NOT virtual, to when you dynamically instantiate an object from a TClass only the constructor of TObject will be called.
- Override the inherited virtual constructor.
So in code, it looks like this:
type
TJobClass = class of TJob;
TJob = class(TObject)
public
constructor Create; virtual;
end;
TJobA = class(TJob)
public
constructor Create; override;
end;
TJobAA = class(TJobA)
public
constructor Create; override;
end;
TJobRepository = class(TObject)
private
FAvailableJobs: TList;
public
procedure registerJob(cls: TClass);
function getJob(Index: Integer): TJobClass;
end
This way, Delphi knows that when you call
job = rep.getJob(0).Create; |
that you are creating an instance of a TJobAA object which has a constructor that overrides the virtual Constructor of TJob by the virtue that the Class of TJobAA is a class of TJob.
Personally, I would have assumed that this just works without the need of declaring the Meta-Class and the trickery with the need to explicitly declare the constructor as virtual. But seeing that Delphi is a compiled static language, actually, I'm happy that this works at all.
What sucks about the Touch Diamond
Contrary to all thinking and common-sense I've displayed in my «Which phone for me?»-post, I went and bought the Touch Diamond. The perspective of having a hackable device with high resolution, GPS and voip capability and flawlessly working Exchange-Synchronization finally pushed me over - oh and of course I just like new gadgets to try out.
In my dream world, the Touch would even replace my iPod Touch as a video player and bathtub browser, so I could go back to my old Nano for podcasts.
Unfortunately, the Touch is not much more than any other Windows Mobile phone with all the suckage and half-working features they usually come with. Here's the list:
- VoIP is a no-go. The firmware of the Touch is crippled and does not provide Windows Mobile 6+ SIP support, Skype doesn't run on Windows Mobile 6.1, but all that doesn't matter anway because none of the Voip-Solutions actually use the speakerphone. You can only get VoIP sound on the amplified speaker on the back of the phone - or you use a headset at which time, the thing isn't better than any other VoIP solution at my disposal.
- GPS is a no go as the Diamond takes *ages* to find a signal and it's really fiddly to get it to work - even just in the integrated Google maps application.
- Typing anything is really hard despite HTC really trying. Whichever input method you chose, you lose: The Windows Mobile native solutions only work with the pen and the HTC keypads are too large for the applications to remain really usable. Writing SMSes takes me so much longer than every other smart phone I've tried before.
- T9 is a nice idea, but here and then, you need to enter some special chars. Like dots. Too bad that they are hidden behind another menu - especially the dot.
- This TouchFLO 3D-thingie sounds nice on the web and in all the demonstrations, but it sucks anway, mainly because it's slow as hell. The iPhone interface doesn't just look good, it's also responsive, which is where HTC fails. Writing an SMS message takes *minutes* when you combine the embarrassingly slow loading time of the SMS app with the incredibly fiddly text input system.
- You only get a German T9 with the German version of the Firmware which has probably been translated using Google Translation or Babelfish.
- The worst idea ever from a consumer perspective was that stupid ExtUSB connector. Aside of the fact that you'd practically have to buy an extra cable to sync from home and the office, you also need another extra cable if you want to plug in decent headphones. The ones coming with the device are unusable and it's impossible to plug better ones. Also, the needed adapter cable is currently not available to buy anywhere I looked.
- The screen, while having a nice DPI count is too small to be usable for earnest web browsing. Why does windows mobile have to paint everything four times as large when there are four times as many pixels available?
- Finger gestures just don't work on a touch sensitive display, no matter how much they try. At least they don't work once you are used to the responsiveness and accuracy of an iPhone (or iPod touch).
- The built-in opera browser, while looking nice and providing a much better page zoom feature than the iPod Touch also is unusable because it's much too slow.
So instead of having a possible iPhone killer in my pocket, I have a phone that provides around zero more actually usable functionality than my previous W880i and yet is much slower, crashier, larger and heavier than the old solution.
Here's the old feature comparison table listing the features I tought the touch would have as opposed to the features the touch actually has:
| assumed | actually | ||
|---|---|---|---|
| Phone usage | |||
| Quick dialing of arbitrary numbers | (the phone application takes around 20 seconds to load, the buttons are totally unresponsive) | ||
| Acceptable battery life (more than two days) | ? | yes. Actually yes. 4 days is not bad. | |
| usable as modem | yes | yes | |
| usable while not looking at the device | limited | not at all mainly because of the laggyness of the interface | |
| quick writing of SMS messages | it's much, much worse than anticipated. | ||
| Sending and receiving of MMS messages | yes | not really. Sending pictures is annoying as hell and everything is terribly slow. | |
| PIM usage | |||
| synchronizes with google calendar/contacts | |||
| synchronizes with Outlook | yes | yes | |
| usable calendar | yes | very, very slow | |
| usable todo list | yes | slow | |
| media player usage | |||
| integrates into current iTunes based podcast workflow | |||
| straight forward audio playing interface | |||
| straight forward video playing interface | |||
| acceptable video player | yes | no. No sound due to no way to plug my own headphones. | |
| hackability | |||
| ssh client | yes | not really. putty doesn't quite work right on VGA Winmob 6.1 | |
| skype client | yes | no. a) it doesn't work and b) it would require headset usage as skype is unable to use the speakerphone. | |
| OperaMini (browser usable on GSM) | yes | limited. No softkeys and touch-buttons too small to reliably hit. | |
| WLAN-Browser | yes | no. Too slow, Screen real estate too limited. | |
Now tell me how this could be called progress.
I'm giving this thing until the end of the week. Maybe I get used to its deficiencies in the matters of interface speed. If not, it's gone. As is the prospective of me buying any other Windows Mobile phone. Ever.
Sorry for the rant, but it had to be.
They just don’t want my money
Mass Effect is a wonderful game. Its story is one of the most interesting I've ever witnessed in a game. The atmosphere it brings over is very deep and impressive. It's science fiction. It contains aliens and explosions, so it's perfect for my taste.
Also, I like the role playing elements which contain just enough stats to make the leveling process interesting while not being overly complicated.
I bought Mass Effect for the XBox 360 back in December and played through it once, while being annoyed that I had to buy it in the (albeit very good) German version (it's practically impossible to get English originals here in Switzerland) and annoyed about the awful, awful equipment and inventory handling that made it impossible to really know how you should equip your characters (in fact, I went through half of the game in the starting equipment because I didn't understand how to actually put the items on).
So despite the immense replayability value of the game, I left it at that one runthrough. But I bought the Mass Effect book telling the story leading up to the events of the game.
And now, the game was re-released for the PC. Considering the fact that I actually bought the Mac Pro I'm currently using with PC-gaming in mind, I pondered with the idea of buying the game again for the PC. In English and with the fixed inventory screen (they actually fixed that in the PC version. yes. so it wasn't just my stupidity).
This may sound crazy, but as I said, the game provides incredible value to replay it: Different decisions, different choice of squad members, even choosing different classes to begin with (though I would never even have tried to play a caster in the 360 version - the interface was just too painful for that) - everything has influence on elements of the story. Playing through Mass Effect only once is clearly a waste of a very good game.
With a 25 MBit connection to the internet, I though that buying the game online would be a reasonable request too. So here's what I've tried:
- Buy the game via Direct2Drive. All seemed to go well and it even asked me for my credit card info. But then, on the final step, it told me that my cart was empty. And a little footnote informed me that Mass Effect has been removed from the cart due to country restrictions. Thanks for telling me in advance!
- On the web page of the publisher, there's a link to the EA store to buy the game online. Whatever I tried, I could only get the shop to actually provide me with the US version of the game which it refused to "ship" (hello? This is a digital download) to Switzerland - despite me trying on June 8th, two days after the official launch in Europe.
- I tried to trick the EA store to sell me the game none-the-less by using paypal to pay for it, giving a fake US-"shipping" address. No dice though as paypal refused to bill my account due to the "shipping" address being different from the address I've entered in paypal.
- Sure that electronic download will not work, I went to the local game store I usually get my games from. Unfortunately, they didn't have the English version of the game and won't be getting it.
On a world where digital goods can hop from one corner to the next in milliseconds, on a world where everyone is complaining about rampant piracy, it is impressive how hard it actually is to timely and legally get the digital goods.
Here's what I did in the end: First I began downloading the pirated version of the game and while that download was running, I went and bought the German version of the game. When I got back from the store, the download of the English version was finished. I've installed it, provided it with the serial number of my German original and then played it, using the German DVD as proof of purchase.
Why does it have to be so hard to actually buy a game these days?
git branch in ZSH prompt
Today, I came across a little trick on how to output the current git branch on your bash prompt. This is very useful, but not as much for me as I'm using ZSH. Of course, I wanted to adapt the method (and to use fewer backslashes ).
Also, in my setup, I'm making use of ZSH's prompt themes feature of which I've chosen the theme "adam1". So let's use that as a starting point.
- First, create a copy of the prompt theme into a directory of your control where you intend to store private ZSH functions (~/zshfuncs in my case).
cp /usr/share/zsh/4.3.4/functions/prompt_adam1_setup ~/zshfuncs/prompt_pilif_setup
- Tweak the file. I've adapted the prompt from the original article, but I've managed to get rid of all the backslashes (to actually make the regex readable) and to place it nicely in the adam1 prompt framework.
- Advise ZSH about the new ZSH function directory (if you haven't already done so).
fpath=(~/zshfunc $fpath)
- Load your new prompt theme.
prompt pilif
And here's the adapted adam1 prompt theme:
# pilif prompt theme prompt_pilif_help () { cat <<'EOF' This prompt is color-scheme-able. You can invoke it thus: prompt pilif [<color1> [<color2> [<color3>]]] This is heavily based on adam1 which is distributed with ZSH. In fact, the only change from adam1 is support for displaying the current branch of your git repository (if you are in one) EOF } prompt_pilif_setup () { prompt_adam1_color1=${1:-'blue'} prompt_adam1_color2=${2:-'cyan'} prompt_adam1_color3=${3:-'green'} base_prompt="%{$bg_no_bold[$prompt_adam1_color1]%}%n@%m%{$reset_color%} " post_prompt="%{$reset_color%}" base_prompt_no_color=$(echo "$base_prompt" | perl -pe "s/%{.*?%}//g") post_prompt_no_color=$(echo "$post_prompt" | perl -pe "s/%{.*?%}//g") precmd () { prompt_pilif_precmd } preexec () { } } prompt_pilif_precmd () { setopt noxtrace localoptions local base_prompt_expanded_no_color base_prompt_etc local prompt_length space_left local git_branch git_branch=`git branch 2>/dev/null | grep -e '^*' | sed -E 's/^\* (.+)$/(\1) /'` base_prompt_expanded_no_color=$(print -P "$base_prompt_no_color") base_prompt_etc=$(print -P "$base_prompt%(4~|...|)%3~") prompt_length=${#base_prompt_etc} if [[ $prompt_length -lt 40 ]]; then path_prompt="%{$fg_bold[$prompt_adam1_color2]%}%(4~|...|)%3~%{$fg_bold[white]%}$git_branch" else space_left=$(( $COLUMNS - $#base_prompt_expanded_no_color - 2 )) path_prompt="%{$fg_bold[$prompt_adam1_color3]%}%${space_left}<...<%~ %{$reset_color%}$git_branch%{$fg_bold[$prompt_adam1_color3]%} $prompt_newline%{$fg_bold_white%}" fi PS1="$base_prompt$path_prompt %# $post_prompt" PS2="$base_prompt$path_prompt %_> $post_prompt" PS3="$base_prompt$path_prompt ?# $post_prompt" } prompt_pilif_setup "$@" |
The theme file can be downloaded here
Hosted Code Repository?
Recently (yesterday), the Ruby on Rails project announced their switch to git for their revision controlling needs. Also, they announced that they will use the hosted service github as the place to host the main repository on (even though git is decentralized, there is some sense in having a "main tree" which contains what's going to be the official releases).
I didn't know github, so I had a look at their project.
What I don't understand is that they seem to also target commercial entities with their offering. Think of it: Supposing that you are a commercial entity doing commercial software development. Would you send over all your sourcecode *and* all the development history to another company?
Sure. They call themselves "Secure". But what does that mean? Sure: They have SSL and SSH support, but frankly, I'm less concerned with patches travelling over the network unencrypted than I'm concerned with trusting anybody to host my code.
Even if they don't screw up storage security (think: "accessing the code of your competition"), even if they are completely 100% trustworthy (think: "displeased employee selling out to your competition before leaving his employer"), there is still the issue of government/legal access.
When using an external hosting provider, you are storing your code (and history) in a foreign country with its own legislation. Are you prepared for that?
And finally, do you want the government of the country you've just sent your code (and history) to, to really have access to all that data? Who guarantees that the hosting provider of your choice won't cooperate as soon as the government comes knoking (it happened before, even without legal base at all)?
All that is never worth the risk for a larger company (or for smaller ones - like ours).
So what exactly are these hosting companies (github is one. Code Spaces is another) targeted at?
- Free Software developers? Their code is open to begin with, so they have to face the problems I described anyways. But they are much harder to sue. Also, I'm not sure how compelling it is for a free software project to use a non-free tool (rails being the exception, but we'll talk about that later on)
- Large companies? No way (see above)
- Smaller companies? Probably not. Smaller companies are less of a target due to lower visibility, but sueing them for anything is more likely to get you something in return quickly as they usually don't dare prolonged legal fights.
JavaScript
