Put your message here! Contact me for more information
 
 







 

Archive for the ‘oops’ Category


 

It’s a mouthful for the title, but it is true.  I just installed IE8 Beta 2 to try out the new features and see if IE’s javascipt engine gets any speed bump.  So far IE8 is running only as fast as IE7 in my tests, while Firefox 3 runs screamingly fast (read 500% faster, seriously).

I’m impressed with IE8b2’s new Developer tool, a Firebug-like tool.  Surprisingly, the JavaScript debugger actually WORKS!  And it feels much smoother to debug JavaScript than Firebug (Firebug still suffers from some reading/refreshing glitches and doesn’t feel as responsive).

ie8b2 debugging

I was able to step into an object created using prototype’s Class.create() with no problem using F10 step over, F11 step-in keys work as expected.  Nice!  There is also a Profiler which would be totally awesome and for sure I’ll be using it extensively to optimize the JavaScript for my upcoming application.   Finally there’s some light at the end of the tunnel, which Microsoft actually give us developers what we’ve been dreaming for:  making IE sucks less.

I also managed to crash IE8b2.

I was actually running the debugger and stepping in my code.  Then I noticed and clicked clicked on “Browser Mode IE7″.  The entire application froze up.  My explanation is that the main browser process or thread is attached to the debugger, which is running in line-debugging.  Switching “Browser Mode” to a different setting requires the main browser to switch to a different view.  However, since the main process is stuck with the debugger, and the debugger is waiting for the main process to switch browsing mode, we have a deadlock situation.

I had to end-task the sucker.

And suddenly, my Firefox 3.1 started to constantly crash, even in safe-mode (running Firefox.exe using -safe-mode flag).  I chose to permanently disable all add-ons and Firefox managed to get to my favorite homepage, the about:blank page.   However, whenever I went to Yahoo Mail, the browser just crashed without even a trace in the Windows Event Application log.  All I got is the Mozilla Crash Reporter to play with.   With all my add-ons disabled, I was determined to find out what was killing Firefox, in safemode.  Apparently, something was almost as determined as I to come get Firefox, even when it’s waving the “-safe-mode” flag.

First, I went to Firefox Options, trying to find out what happened.  Clicking on the “Applications” tab would automatically crashed Firefox, weird. I went into Options, then Managed Add-ons.  I disabled all plugins, then restarted Firefox and try Yahoo Mail.  It worked.

Since IE8 was the only application I installed before Firefox started to crash, I proceed to enable all plugins but Microsoft’s.  Yahoo Mail worked still.  I then enabled the Windows Presentation Foundation (WPF) plugin and, bam, Firefox crashed again.  The culprit is the new WPF plugin that IE8 beta 2 secretly installed into Firefox.  It’s very nice of you, IE8 installer.  Should I call you mal-ware now since you just make one of my main application mal-functioned?  You just make me almost lose anything trust (left) that I have for installing Microsoft’s stuff.  Good thing trying out the new IE8 (which proves IE7 is that horrible for developer still!) is compelling enough so I let you go easy this time.

So IE8 Beta 2 testers, disable Windows Presentation Foundation plug-in for Firefox will help you stop IE8 from sabotaging your Firefox browsing experience with blazingly fast javascript execution, which IE can only cry foul by crashing itself.

view comments
 

Light Reading logoSo LightReading is a news portal for coprorate computer stuff, like networking, networking security, etc. They sometimes send out invitations for subscribers for extra info, web-minars.

I have come to know about Light Reading a while ago, and I randomly signed up for their newsletter. But I decide this is the day I unsubscribe from their list, so I clicked on the Unsubscribed linke at the footer area of the email.

Here’s is the link that I was taken to..

http://www.lightreading.com/unsubscribe.asp?subscriberid=6xx7xxx ( I masked out my ID # for privacy)

So I unsubscribed myself, but also changed the subscriberID to something else, just to see how the page works … oh uh, I got the “Unusubscribe Page” for someone else who is subscribing to 11 other newsletters from Light Reading. Phew. Too little work and I already discover a vulnerability.

I know portals like Light Reading can sell their services because they collect a huge database of emails of supposingly “C?O”, “Networking Engineers”, etc., so the commercial contents and products can be sold directly to these important corporate figures. Well, not if one day, LR find out that their newsletter has no reader because someone has conveniently (or mischievously) unsubscribed everyone else using the previous link. Of course noone will do that manually, but s/he can write some script that loop through any possible IDs (may take a while, I know, mine is in the upper 6 millions, LR has a pretty big colection of users), then request the page, and make a POST submit to the form. Or just make a page that continuously submitting POST requests to unsubscribe everyone (PHP CURL would make this an easy task). This method is faster, since I doubt that LR do any double checking for “unsubscribe request”. I mean something in the light reading of …

POST to unsubscribe.asp with subscriberID = #####

Humh … If I were Light Reading, I would seriously rewrite the unsubscribe mechanism.

(Disclaimer: I did accidentally unsubscribe someone else other than myself from the list while experiment with the site, so oops, sorry, don’t sue me. I did point out where you guys did wrong, so go fix it and thanks me later)

view comments