I'm moving over to Tumblr for no particular reason... (http://frumioj.tumblr.com/)
First post is here (http://frumioj.tumblr.com/post/9922282217/anonymity-vs-accountability)
Wednesday, September 07, 2011
Friday, April 22, 2011
Markup Language Family Tree
RUNOFF "Generic Coding" "Editorial Structure Tags"
(Jerome Saltzer, 1964) (William Tunnicliffe, 1967) (Stanley Rice, pre-1970)
| | |
| | |
TeX roff - nroff - troff |-------------------------------------|
(Don Knuth, 1977) (Josef Osanna, 1973) |
GML
(Charles Goldfarb, 1969)
| SCRIBE
| (Brian Reid, 1980)
| |
|--------------------------|
SGML
(Standard, 1980)
| |
| |
HTML XML
(Berners-Lee, 1990) (Standard, 1998)
Updated to show the contributions of Stanley Rice and William Tunnicliffe, see:
http://en.wikipedia.org/wiki/Markup_language and
http://www.digitalhumanities.org/companion/view?docId=blackwell/9781405103213/9781405103213.xml&chunk.id=ss1-3-5
Thursday, March 03, 2011
Simple HTML Form parsing in node.js
I'm new to Node.js, but already having fun with it. I was trying to grab form POST data and couldn't find a simple example to learn from (using a multipart MIME parser seemed a little like overkill) so I wrote the following code.
The code registers two callbacks - one for the 'data' event which is called when a chunk of body data arrives (there may be more than one such call depending on the size of the body) and the other for the 'end' event when the request has "ended".
Of course, this example is too simple to use in most real systems (caveat lector) - no checks on the content are made, and the parsing takes place only after the whole body is read. Not ideal.
var http = require('http');
var url = require('url') ;
http.createServer(
function (request, response) {
var full_url = url.parse( request.url, true ) ;
var pathname = full_url.pathname ;
var q_params = full_url.query ;
var body = "" ;
response.writeHead(200, {'Content-Type': 'text/plain'});
if ( request.method === "POST" &&
request.headers['content-type'] === "application/x-www-form-urlencoded"){
request.on('data', function( chunk ) {// append the chunk to the growing message body
body += chunk ;
}) ;
request.on('end', function(){
var params = body.split('&') ;
for ( param in params ){
var pair = params[param].split('=') ;
response.write("Name: " + pair[0] + " = " + pair[1] + "\n") ;
}
response.end() ;
}) ;
}
}
).listen(8124);
console.log('Server running at http://127.0.0.1:8124/');
Monday, February 21, 2011
HTML frames and security
Introduction
Frames were introduced into HTML (via the 'frameset' and 'iframe' elements) in order to provide an element of modularity to navigable websites [1] - one or more HTML documents could include a separate menu document directly so that navigation links didn't need to be
edited in each individual document. This found particular favour in online magazines.
Using frames for such modularity became popular because many website hosting companies initially disabled, by default, other mechanisms which could be used to provide this functionality (such as CGI scripts, server-side includes, and other server-side scripting
alternatives).
Frame security
There are, broadly-speaking, two security issues with HTML frames:
1. A developer including content from another site in an iFrame is taking a risk that this content will not do anything harmful (where 'harmful' includes manipulating parent document resources (via the DOM), running malware (a malicious 3rd-party plugin, for example) or
running scripts that consume inordinate amounts of client resources such as CPU or memory.
2. A malicious developer might include content from a victim site in a frame in order to either confuse the user into performing some action at the victim site (a kind of phishing) or simply use the user's resources (browser cookies, for example) to perform an attack on the victim server (such attacks include but are not limited to, XSS).
HTML 5 'sandbox' attribute
HTML5 has added a new attribute to the iframe element, and defined a new MIME media type to indicate such sandboxed content [3]. The sandbox attribute and related work is intended to deal with security issue 1 (see above).
Multi-process Web browsing
Microsoft's Gazelle and Google's Chromium are two browser projects which attempt to limit the access by individual Web components to browser resources, by allocatng browser resources on a per-origin basis. An individual browser tab displaying content from a particular
URL renders content via a separate OS-level process from the main browser process, and from processes associated with other Web origins.
Recommendations for Web Developers
References
Frames were introduced into HTML (via the 'frameset' and 'iframe' elements) in order to provide an element of modularity to navigable websites [1] - one or more HTML documents could include a separate menu document directly so that navigation links didn't need to be
edited in each individual document. This found particular favour in online magazines.
Using frames for such modularity became popular because many website hosting companies initially disabled, by default, other mechanisms which could be used to provide this functionality (such as CGI scripts, server-side includes, and other server-side scripting
alternatives).
Frame security
There are, broadly-speaking, two security issues with HTML frames:
1. A developer including content from another site in an iFrame is taking a risk that this content will not do anything harmful (where 'harmful' includes manipulating parent document resources (via the DOM), running malware (a malicious 3rd-party plugin, for example) or
running scripts that consume inordinate amounts of client resources such as CPU or memory.
2. A malicious developer might include content from a victim site in a frame in order to either confuse the user into performing some action at the victim site (a kind of phishing) or simply use the user's resources (browser cookies, for example) to perform an attack on the victim server (such attacks include but are not limited to, XSS).
HTML 5 'sandbox' attribute
HTML5 has added a new attribute to the iframe element, and defined a new MIME media type to indicate such sandboxed content [3]. The sandbox attribute and related work is intended to deal with security issue 1 (see above).
Multi-process Web browsing
Microsoft's Gazelle and Google's Chromium are two browser projects which attempt to limit the access by individual Web components to browser resources, by allocatng browser resources on a per-origin basis. An individual browser tab displaying content from a particular
URL renders content via a separate OS-level process from the main browser process, and from processes associated with other Web origins.
The Facebook 'Like' Button - iframes taking advantage of a security hole
Facebook's Like button functionality takes advantage of a security vulnerability to allow Facebook to display user content (some of my friends' faces, for example) in an iframe.
If you include the code Facebook generates for you, you get an iframe:
<iframe src=\"http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fexample.com%2Fpage%2Fto%2Flike&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80\" scrolling=\"no\" frameborder=\"0\" style=\"border:none; overflow:hidden; width:450px; height:80px;\" allowTransparency=\"true\"></iframe>
And of course, this iframe uses the Facebook cookie that you have because yes, you're logged into Facebook right now (right?) to display your friends' faces in the rendered like button, even when that like button appears on your own site.
It'll also use that logged in session to display the fact that you (the user at that website) like the content.
You *can't* include Facebook's like button content on the server-side if you want it to work as intended - because that content needs the user session cookie, which is only available on the client-side. So you can't follow my first or second recommendations below.
The other implication here is that it is possible for a malicious website to make the user 'like' some content hosted by someone other than the the website hosting the like button (just set the href attribute of the iframe src call to some other value than your own content). Arnab Nandi has written some excellent posts about this issue at [8] and [9].
- Include potentially untrusted content on the server-side (rather than by using iframes), and use solutions such as Google Caja [6] to sanitize all of your content prior to delivery over the Web.
- Reduce or remove the reliance on Web browser cookies in order to prevent misuse of those cookies by a malicious Website. If user confirmation of an action is important, then offer a confirmation page for the user in addition to a cookie-based session identifier when confirming something that appears to be a user action.
- Properly validate or sanitize (by encoding) input delivered via HTTP headers, HTML POSTed data, and URL query parameters, in order to prevent cross-site scripting vulnerabilities. Review the OWASP website regarding untrusted user input [7].
- Ensure that an HTTP GET to a resource under your control does not perform an action with side-effects (such as immediately confirming a subscription or other action), since an HTTP GET which takes place via a redirect may be sent from a malicious site without requiring additional user confirmation for the redirect to occur.
References
- [1] WWW Framing (http://en.wikipedia.org/wiki/Framing_(World_Wide_Web))
- [2] Server-side include security in Apache (http://httpd.apache.org/docs/current/misc/security_tips.html#ssi)
- [3] The HTML5 iframe sandbox (http://blog.whatwg.org/whats-next-in-html-episode-2-sandbox)
- [4] Chromium multi-process architecture (http://www.chromium.org/developers/design-documents/multi-process-architecture)
- [5] Microsoft Gazelle (http://research.microsoft.com/apps/pubs/default.aspx?id=79655)
- [6] Google Caja (http://code.google.com/p/google-caja/)
- [7] OWASP Injection and XSS Prevention (http://www.owasp.org/index.php/Top_10_2010-A1), (http://www.owasp.org/index.php/Top_10_2010-A2)
- [8] Deceiving Users with the FB Like Button(http://arnab.org/blog/deceiving-users-facebook-button)
- [9] Reputation Misrepresentation(http://arnab.org/blog/reputation-misrepresentation)
Saturday, January 01, 2011
New Year's Hoppin' John
(adapted from John Thorne's 'Serious Pig' version)
1 cup black-eyed peas, soaked for ~5 hours
1 onion, chopped
1 cup raw rice
1 tablespoon of chipotle pepper in adobo (more if you don't mind scaring off small children!)
1 clove garlic, minced
1 bay leaf
Olive oil
Salt, pepper to taste
Bring 5 cups of water to a boil and put the beans and bay leaf in. Turn the heat down low and simmer the beans for about 30 minutes (if using brown rice) or 45 (if using white rice). While the beans are cooking, put oil in a pan and fry the onions very gently for 20 minutes, making sure they don't burn or turn too brown (sprinkle them with salt if you can tolerate it). Add garlic and chili pepper. After 30 minutes check your beans. If using brown rice add it now, and after 15 more minutes pour the contents of your onion fry-up into the pot too. If using white rice, wait the extra 15 minutes and add it all together. After that, just cook gently until the rice and beans are done. Let the pot rest for 10 minutes after you're turned off the heat.
Serve with cornbread and onion salad (both taken directly from Thorne's 'Serious Pig') for serious enjoyment.
1 cup black-eyed peas, soaked for ~5 hours
1 onion, chopped
1 cup raw rice
1 tablespoon of chipotle pepper in adobo (more if you don't mind scaring off small children!)
1 clove garlic, minced
1 bay leaf
Olive oil
Salt, pepper to taste
Bring 5 cups of water to a boil and put the beans and bay leaf in. Turn the heat down low and simmer the beans for about 30 minutes (if using brown rice) or 45 (if using white rice). While the beans are cooking, put oil in a pan and fry the onions very gently for 20 minutes, making sure they don't burn or turn too brown (sprinkle them with salt if you can tolerate it). Add garlic and chili pepper. After 30 minutes check your beans. If using brown rice add it now, and after 15 more minutes pour the contents of your onion fry-up into the pot too. If using white rice, wait the extra 15 minutes and add it all together. After that, just cook gently until the rice and beans are done. Let the pot rest for 10 minutes after you're turned off the heat.
Serve with cornbread and onion salad (both taken directly from Thorne's 'Serious Pig') for serious enjoyment.
Saturday, November 20, 2010
Same-origin policy
I took part in a Nokia Web security panel last week. My talk was about the browser same-origin policy (PDF).
Never trust a client!
Never trust a client!
Saturday, September 25, 2010
Marathon for my family
Almost eight years ago, my twin daughters were born at Albany Medical Center, in Albany, NY. They insisted on arriving very early -- and born at 27 weeks (normal pregnancy is more like 38-42 weeks), had only a middling chance of surviving without some permanent disability. We didn't know whether they would even make it - when they were born, they needed to be kept very warm -- in an incubator, and they couldn't breathe very well without additional oxygen given to them via a ventilator. They both weighed less than 2lbs each.
They shared a room with more than 40 other children, in incubators, with ventilators, and some with other special equipment needed to keep those babies alive and help them grow.
Without Albany Medical Center's Neonatal Intensive Care Unit (NICU), my daughters would be unable to learn to read, or ride a bicycle. They might be unable to see, or maybe couldn't process food properly. They could have had any one of a number of disabilities. And yet, here they are, falling off bikes and getting scrapes on their knees. They're learning math at school, and writing... drawing, science. In short, they're doing all the things you'd expect an 8-year old child to do.
But this story is about more than my daughters. Our premature babies were not alone. Albany's NICU accepts babies from the entire range of New York State, and also from rural Vermont and Massachusetts. They simply don't have enough room to accept all the premature babies who are born each year, or enough money to maintain all of the sophisticated equipment needed to keep these children alive, or have enough doctors and nurses looking after the babies.
I'm running the Hudson/Mohawk marathon on the 10th October this year (I'll be just back from Finland two days earlier so will no doubt feel wonderful).
I celebrate that I can do such a thing at all, and I celebrate that my children are alive. But I can sit here and celebrate my family, and some parents cannot.
So please join me in helping all those whose families are affected by premature birth by donating to Albany Medical Centre's Neonatal Intensive Care Unit, and it'll feel like you're running the marathon with me (I promise you that you won't have to feel the pain!)
There are two ways to donate:
1) Web/credit-card
* go to Albany Medical Center Donation (if you don't trust this URL, go to http://www.amc.edu/foundation/make_a_gift/cash_check_credit.html and click the link to 'give today').
* When you enter the donation details please set:
Designation: Neonatal Intensive Care Unit (NICU)
In Honor of: A & I Kemp
(If you figure out how to do a company match, go ahead!
2) By check/cheque payable to "Neonatal Intensive Care Unit at Albany Medical Center" - which you can give me in person, or send to Albany Medical Center at the following address:
Albany Medical Center Foundation
Attn: Nicole Lindell
Re: A & I Kemp
43 New Scotland Ave., MC-119
Albany, NY 12208
Thank you!
They shared a room with more than 40 other children, in incubators, with ventilators, and some with other special equipment needed to keep those babies alive and help them grow.
Without Albany Medical Center's Neonatal Intensive Care Unit (NICU), my daughters would be unable to learn to read, or ride a bicycle. They might be unable to see, or maybe couldn't process food properly. They could have had any one of a number of disabilities. And yet, here they are, falling off bikes and getting scrapes on their knees. They're learning math at school, and writing... drawing, science. In short, they're doing all the things you'd expect an 8-year old child to do.
But this story is about more than my daughters. Our premature babies were not alone. Albany's NICU accepts babies from the entire range of New York State, and also from rural Vermont and Massachusetts. They simply don't have enough room to accept all the premature babies who are born each year, or enough money to maintain all of the sophisticated equipment needed to keep these children alive, or have enough doctors and nurses looking after the babies.
I'm running the Hudson/Mohawk marathon on the 10th October this year (I'll be just back from Finland two days earlier so will no doubt feel wonderful).
I celebrate that I can do such a thing at all, and I celebrate that my children are alive. But I can sit here and celebrate my family, and some parents cannot.
So please join me in helping all those whose families are affected by premature birth by donating to Albany Medical Centre's Neonatal Intensive Care Unit, and it'll feel like you're running the marathon with me (I promise you that you won't have to feel the pain!)
There are two ways to donate:
1) Web/credit-card
* go to Albany Medical Center Donation (if you don't trust this URL, go to http://www.amc.edu/foundation/make_a_gift/cash_check_credit.html and click the link to 'give today').
* When you enter the donation details please set:
Designation: Neonatal Intensive Care Unit (NICU)
In Honor of: A & I Kemp
(If you figure out how to do a company match, go ahead!
2) By check/cheque payable to "Neonatal Intensive Care Unit at Albany Medical Center" - which you can give me in person, or send to Albany Medical Center at the following address:
Albany Medical Center Foundation
Attn: Nicole Lindell
Re: A & I Kemp
43 New Scotland Ave., MC-119
Albany, NY 12208
Thank you!
Subscribe to:
Posts (Atom)