Yahoo! Video: Advanced JavaScript Part I, Part II, Part III. A lecture by Douglas Crockford.

IEBlog: Jscript Inefficiencies Part I, Part II, Part III.

Rick Strahl: "FireBug 1.0 Beta Rocks". FireBug is a JavaScript debugger with some remarkable features.

Rick again: "HREF links and javascript : Navigation".

Jason Diamond: "Not Delegates".

Jim Ley: "JavaScript Closures".

Sergio Pereira: Quick Guide To Somewhat Advanced JavaScript.

Pathfinder: JsUnit – Agile AJAX Development

Mike West: Scope In JavaScript

Some things to check for JavaScript analysis.

Some JavaScript Links To Chew On

Bask in the awesomeness that is the infosec sell out blog.

Information Security Sell Out

I saw a rather interesting dirty trick today on a phishing site today. The Favicon for the site was the exact same padlock image that is normally shown for a secure website. While the site couldn't turn the address bar green, it is certainly praying on the habit people are developing with IE7 and Firefox to look for security info in the address bar.

Closing Windows and Confirmation Boxes
Ever notice how a script that attempts to close a window will at times generate a confirmation and other times not?

Here's why: IE for windows and NN 4.x browsers do not allow a non-JavaScript-generated window with more than one page in its history to be closed without asking the user for permission via a confirmation box. In other words, scripts cannot close a main window unconditionally.

The MSIE Work Around
To determine whether or not a window is a main window, Internet Explorer checks to see if the window has an opener. Since windows that have openers can be closed unconditionally, the solution is to make Explorer think a main window has an opener. That is accomplished by giving a phantom opener a value, in this case, an empty string:

Something I didn't even know to go looking for before I read the IE7 release notes.

Unconditionally closing the browser with IE

Functionality Removed and Changed

Functionality Removed and Changed in Internet Explorer 7

Looking at whats been removed from IE7 is a good way to find problems in IE6. I'm looking at you XBM...

Release Notes for Internet Explorer 7

With the release of kernel 2.6.17, there’s new functioanlity to add a device (dpartition) to a RAID 5 array and make this new device part of the actual array rather than a spare.

My HOME directory is mounted on a 3×70gb SCSI RAID5 array. so I tried adding a further drive.

Although with the release of mdadm > 2.4 the only real critical part of the process is safer (it backs up some live data that is being copied), I didn;t fancy risking growing a mounted array. So I did plenty of backups, then switched to single user run level.

Basically the step includes adding a disc to the array as a spare, then growing the array onto this device.

mdadm --add /dev/md1 /dev/sdf1
mdadm --grow /dev/md1 --raid-devices=4

This then took about 3 hours to reshape the array. The filesystem the needs to be expanded to fill up the new space.

fsck.ext3 /dev/md1
resize2fs /dev/md1

I then remounted the drive and wahey. Lots extra space….! Cool or what

Growing a RAID5 array

http://www.daimlerchrysler.com/dccom/0-5-470119-1-470125-1-0-0-0-0-0-7751-0-0-0-0-0-0-0-0.html

http://www.daimlerchrysler.com/dccom/0-5-470119-1-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0.html

Behold URL aliasing: Same page, different URLs. Normally this is the bane of automated web crawlers. Until I just found a O(1) solution that detects this and drops the dupe before any processing is done! :-)

[victory dance that is HR inappropriate]

I'm going home now.

This document attempts to describe what's currently known of the FastTrack protocol.

Storing this for later...

FastTrack Protocol Details

When asked to clarify that statement, she acknowledged Microsoft won't classify the flaws as security problems. Rather, the behavior of Word 2007 is a feature, not a bug. "In fact, the behavior observed in Microsoft Word 2007 in this instance is a by-design behavior that improves security and stability by exiting Microsoft Word when it has run out of options to try and reliably display a malformed Word document," the spokeswoman said.

... [sigh]... [deep breath]... ITS F#@&ING INPUT VALIDATION! [Smack] WHERE's MY MONEY? [smack]

Your first problem is to continue rendering something you know is corrupted! Recovery is different from rendering. At first error, the program should stop rendering, shell the file out to a external recovery program which attempts to extract valid data structures and chunks. Any recovered data should be written to a new file and loaded into Word. Worst case is the recovery program crashes, in which case you don't lose Word.

She went on to suggest that it is no big deal if Word 2007 did crash under those circumstances, a scenario that could lead to the loss of any unsaved data. "The sample code in [Aharoni's] postings cause Microsoft Word to crash, and users can restart the application to resume normal operations."

And users can just reboot the box when a blue screen happens, so I guess thats not a DoS either. Jackass.

I'm really surprised the MSRC made an official statement that is to utterly retarded. One things for sure: Kymberlee Price wouldn't have tried to pull this crap. She respects the security community too much to try and keep a straight face when saying something as fucked up as "a crash isn't a DoS."

I think Frank Hayes of Computer World says it best:

If your application code is in control, it can gracefully reject bad input.

If your app code ISN'T in control, you crash. You're already owned.

This suicide-before-capture approach isn't "by-design" behavior. It's lack-of-design behavior.

And a "code guru" of any kind who thinks that's not a security and stability problem that needs fixing doesn't belong in this business.

Microsoft: Word 2007 crashes aren't a bug, they're a feature

Fuck test driven development