A Blog Post With Every HTML Element
https://www.patrickweaver.net/blog/a-blog-post-with-every-html-element/ [www.patrickweaver.net]
2023-08-04 00:16
tags:
docs
essay
html
standard
text
ux
web
I could, element by element, continue to add support (mostly by making CSS updates for each element to fit in with the rest of my style choices) as I came across specific needs for them, but not one to shy away from an exhaustive exploration, I decided to write this post and attempt to use every element.
A goal of the post, was to avoid delaying other future posts with CSS updates on a previously unused element, but in reality it took a year and a half to make all the updates for just this post! I am using the MDN Web Docs list of HTML elements as a reference which has more than 100 tags divided into a few categories, which I will also use in this post.
source: L
Regex Isn't Hard
https://timkellogg.me/blog/2023/07/11/regex [timkellogg.me]
2023-07-12 00:01
tags:
intro-programming
text
Regex gets a bad reputation for being very complex. That’s fair, but I also think that if you focus on a certain core subset of regex, it’s not that hard. Most of the complexity comes from various “shortcuts” that are hard to remember. If you ignore those, the language itself is fairly small and portable across programming languages.
It’s worth knowing regex because you can get A LOT done in very little code. If I try to replicate what my regex does using normal procedural code, it’s often very verbose, buggy and significantly slower. It often takes hours or days to do better than a couple minutes of writing regex.
source: L
Discovering one bug after another in the UTF-8 decoding logic in OpenBSD, then going on to fix other aspects of related code.
https://research.exoticsilicon.com/articles/unbreaking_utf8_on_the_console [research.exoticsilicon.com]
2023-03-10 20:32
tags:
bugfix
investigation
openbsd
programming
text
tty
Still, the debugging process we went through here to discover the cause of the problems in the first place is worth sharing from the beginning, as the code in question was particularly bad with plenty of textbook mistakes. Who knows what you might find in your own investigations elsewhere.
Email: https://marc.info/?l=openbsd-tech&m=167734639712745&w=2
source: L
The Safari bug that never was
https://obyford.com/posts/the-safari-bug-that-never-was/ [obyford.com]
2023-01-07 21:56
tags:
browser
bugfix
html
text
web
We’d managed to get from ‘some quite strange things are happening to the header, beta banner and buttons’ to ‘text wraps unnecessarily within intrinsically-sized elements when using certain fonts and the inner HTML of the element contains a new line that is not preceded by a space’.
source: HN
A Tale Of A Trailing Dot
https://daniel.haxx.se/blog/2022/05/12/a-tale-of-a-trailing-dot/ [daniel.haxx.se]
2022-05-14 00:41
tags:
networking
security
standard
text
turtles
web
Trailing dots on host names in URLs is the gift that keeps on giving. Let me take you through a dwindling story of how the dot is handled differently in different places through the stack of an Internet client. The evil trailing dot.
source: L
U+237c ⍼ Right Angle With Downwards Zigzag Arrow
https://ionathan.ch/2022/04/09/angzarr.html [ionathan.ch]
2022-04-13 20:03
tags:
retro
standard
text
Known as right angle with downwards zigzag arrow, angle with down zig-zag arrow, \rangledownzigzagarrow, and ⍼, no one knows what ⍼ is meant to represent or where it originated from. Section 22.7 Technical Symbols from the Unicode Standard on the Miscellaneous Technical block doesn’t say anything about it.
source: L
This Man Thought Opening a TXT File Is Fine, He Thought Wrong. MacOS CVE-2019-8761
https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html [www.paulosyibelo.com]
2021-04-03 00:44
tags:
exploit
html
mac
security
text
turtles
This research originated when I realized the default text reader on OSX, TextEdit is used to open files with TXT extension by default. On the interface of TextEdit, it looked like you can do basic customization to your text (you can turn text bold, italic, change color etc...), so I was wondering how a TXT file was storing and parsing this information. It seems it uses RTF format instead of TXT if we add customizations to the text.
source: HN
An Exploration of JSON Interoperability Vulnerabilities
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities [labs.bishopfox.com]
2021-02-26 22:29
tags:
format
javascript
security
standard
text
turtles
The same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks. If you prefer a hands-on approach, try the labs and when they scare you, come back and read on.
https://github.com/BishopFox/json-interop-vuln-labs/
source: HN
present - A terminal-based presentation tool with colors and effects.
https://github.com/vinayak-mehta/present [github.com]
2020-08-30 21:36
tags:
release
swtools
text
tty
Slides follow Markdown syntax.
And there’s fireworks!
source: HN
A 35-year-old bug in patch found in efforts to restore 29 year old 2.11BSD
http://bsdimp.blogspot.com/2020/08/a-35-year-old-bug-in-patch-found-in.html [bsdimp.blogspot.com]
2020-08-17 17:46
tags:
c
programming
retro
swtools
text
Larry Wall posted patch 1.3 to mod.sources on May 8, 1985. A number of versions followed over the years. It’s been a faithful alley for a long, long time. I’ve never had a problem with patch until I embarked on the 2.11BSD restoration project. In going over the logs very carefully, I’ve discovered a bug that bites this effort twice. It’s quite interesting to use 27 year old patches to find this bug while restoring a 29 year old OS...
source: HN
Implementing a Type-safe printf in Rust
https://willcrichton.net/notes/type-safe-printf/ [willcrichton.net]
2020-08-17 04:35
tags:
programming
rust
text
type-system
I show how to use heterogeneous lists and traits to implement a type-safe printf in Rust. These mechanisms can ensure that two variadic argument lists share important properties, like the number of format string holes matches the number of printf arguments.
source: HN
How can CharUpper and CharLower guarantee that the uppercase version of a string is the same length as the lowercase version?
https://devblogs.microsoft.com/oldnewthing/20200804-00/?p=104040 [devblogs.microsoft.com]
2020-08-05 00:49
tags:
c
intro-programming
text
text
windows
Let's build a Full-Text Search engine
https://artem.krylysov.com/blog/2020/07/28/lets-build-a-full-text-search-engine/ [artem.krylysov.com]
2020-07-30 16:48
tags:
go
intro-programming
text
Today we are going to build our own FTS engine. By the end of this post, we’ll be able to search across millions of documents in less than a millisecond. We’ll start with simple search queries like “give me all documents that contain the word cat” and we’ll extend the engine to support more sophisticated boolean queries.
source: L
SAT solver on top of regex matcher
https://yurichev.com/news/20200621_regex_SAT/ [yurichev.com]
2020-07-08 00:05
tags:
compsci
programming
text
A SAT problem is an NP-problem, while regex matching is not. However, a quite popular regex ‘backreferences’ extension extends regex matching to a (hard) NP-problem.
source: trivium
xi-editor retrospective
https://raphlinus.github.io/xi/2020/06/27/xi-retrospective.html [raphlinus.github.io]
2020-07-01 00:55
tags:
compsci
concurrency
development
programming
rust
swtools
text
I still believe it would be possible to build a high quality editor based on the original design. But I also believe that this would be quite a complex system, and require significantly more work than necessary.
A few good ideas and observations could be mined out of this post.
source: L
Unicode Security Considerations
https://unicode.org/reports/tr36/ [unicode.org]
2020-06-11 17:41
tags:
defense
language
security
text
turtles
Because Unicode contains such a large number of characters and incorporates the varied writing systems of the world, incorrect usage can expose programs or systems to possible security attacks. This is especially important as more and more products are internationalized. This document describes some of the security considerations that programmers, system analysts, standards developers, and users should take into account, and provides specific recommendations to reduce the risk of problems.
A large number of problems as well.
source: solar
Psychic Paper
https://siguza.github.io/psychicpaper/ [siguza.github.io]
2020-05-02 00:39
tags:
auth
exploit
hash
iphone
security
text
turtles
Yesterday Apple released iOS 13.5 beta 3 (seemingly renaming iOS 13.4.5 to 13.5 there), and that killed one of my bugs. It wasn’t just any bug though, it was the first 0day I had ever found. And it was probably also the best one. Not necessarily for how much it gives you, but certainly for how much I’ve used it for, and also for how ridiculously simple it is. So simple, in fact, that the PoC I tweeted out looks like an absolute joke. But it’s 100% real.
I dubbed it “psychic paper” because, just like the item by that name that Doctor Who likes to carry, it allows you get past security checks and make others believe you have a wide range of credentials that you shouldn’t have.
source: grugq
Notes on Parsing in Rust
https://blog.wesleyac.com/posts/rust-parsing [blog.wesleyac.com]
2020-04-30 22:37
tags:
library
programming
rust
text
I’ve recently been writing a bit of parsing code in Rust, and I’ve been jumping back and forth between a few different parsing libraries - they all have different advantages and disadvantages, so I wanted to write up some notes here to help folks who are undecided choose what libraries and techniques to consider, and also to offer some suggestions for the future of the Rust parsing ecosystem.
source: L
Hashtag of note
https://languagelog.ldc.upenn.edu/nll/?p=46455&utm_source=rss&utm_medium=rss&utm_campaign=hashtag-of-note [languagelog.ldc.upenn.edu]
2020-03-18 17:18
tags:
social
text
web
You will probably notice immediately that it contains a full-width dash, in other words a Unicode (probably Chinese-origin?) character. For some reason, this is all over Twitter in posts from Anglophone people I am almost completely sure have no input method installed that can actually produce it.
It’s not a real dash at all but a “Katakana-Hiragana prolonged sound mark“:
The unexpected Google wide domain check bypass
https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/ [bugs.xdavidhu.me]
2020-03-09 21:01
tags:
security
text
web
Let me tell you this “funny” story of me trying to bypass a domain check in a little webapp, and acidentally bypassing a URL parser that is used in (almost) every Google product.
Spoiler: it’s a regex bug.
source: HN