I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.
Firefox: I like that you made hyperlink in "View source" clickable links in 3.5. But you stopped short! Now why can't I have the standard hyperlink context menu?
Where's my copy location, open in new window, etc? That would rock.
Also:
-Show me a copyable representation of the URL of the source code I'm currently looking at.
-Have a new "Close all open view source windows" feature. I commonly have a dozen or more "View Source" windows open and its a pain managing them.
-For that matter, show me "when" the source snap shot that the view source window shows was taken. When I'm doing a manual XSS demo Its annoying trying to find the most recent view source window for the audience.
Looks like putting munging logic in a separate .js is a workaround... for now.
Email munging failing is only a mildly cool side effect of a much more fundamental issue. If this is true (and it might not be), its a sign that Google is toying with JavaScript execution, most likely in an effort to crawler the deeper, JavaScript-focus web apps of today.
As someone who has spend 4 years or so writing tokenizers, parsers, interpreters, machine controlled dynamic execution logic, and static analysis frameworks for JavaScript, this is extremely interesting. There's an enormous amount of IP in that space, things that all fall in that stuff I love but cannot chat about box. I'd like to see how the PhD stud field that is Google R&D tackled some of these issues.
This is a very cool use of shimming native functions. So far I've only seen malicious uses of function shimming. We discussed shimming Ajax calls to man-in-the-middle browser traffic in Chapter 7 in Ajax Security and Jeremiah had the very cool Array() constructor attack against Google before that.
Here MooTools is shimming document.write() to prevent its blocking behavior. 3rd party advertisers and others use document.write()'s and it can harm page performance quite a bit. Typically web developers cannot do anything because since these commands come from 3rd party components they do not control. Now a developer can shim document.write(), still have ads, and not kill page load performance.
We're speaking, of course, of the first-ever guidance system baked into the US Minuteman 1 nuclear missile. Maximum portability: about 9,700 km (6,000 mi). Target demographic: Commies.
[snip]
Atomic explosions in the atmosphere can disrupt radio communications. Missiles at the time were controlled by ground-based computers, so huge amounts of radio interference made America's ability to direct a second volley of fission sandwiches unreasonably hard. And on the other side of such an exchange, not being able to control your rockets can make mutual assured destruction up to 50 per cent less mutual. What's the fun in that?
The solution developed was to put a digital guidance computer right dab on the missile. (Somewhere in the multiverse, Skynet cackles maliciously in anticipation). Easier said than done at the time, as a computer with dimensions less than that of a family sedan was considered slim and chic.
Earlier on IRC today someone mentioned that they had bought some SQL Injection Bumper Stickers. This led me to the the idea for the following. I think I'll have to get some made up and hand out at PN.
My child is an '; update GradeBook set Grade=A where StudentID=423867;
