Category Archives: Code

Is Facebook Fingerprinting Chrome extensions?

This morning I noticed something new in my Chrome Console while working on a Chrome Extension. It looks like Facebook is now looking to see if you have a set of Chrome extensions installed in your browser. Most of the extensions I looked up on Google’s web store and via their search engine and they look like they are Malware of some sort, but a few of them look like they are much less harmless. It’s hard to see what the extensions actually do because they have been pulled from the Chrome Web Store, but some of these look like they modified the appearance of Facebook intentionally.

Some users don’t like being forced to see walmart colors all over the web and have used various tactics to customize the web to their liking. Some other users might do it for usability reasons or just plain augmentation of the web.

Does Facebook have the right to do this? It feels like an invasion of my privacy. I think the latest version of Chrome protects us from this sort of attack but that does not mean that Facebook won’t invest in other ways to discover this information or that they won’t lobby google to discover it. Some extensions also have the ability to open up channels to other extensions so if facebook had it’s own extension it might still try to fingerprint which extensions are there.

This isn’t all bad, in fact it really depends on how it’s being used. If it’s only used to defend our privacy and security then it seems fine, but if this little trick is being abused this could really sour things.

I guess I am mostly just surprised that Facebook is doing this.

Screen Shot 2012-09-05 at 10.30.49 AM

To get this to occur in your own browser you will need to be a bit sneaky and use a private session. Once Facebook runs the finger print they don’t do it all of the time, I think they only do it on auth and then they cache the result in some way. In fact since some extensions have access to the cookies I wonder if one could ‘skip’ the finger printing by setting the proper cookies or localstorage setting.

Finger Printed Extension IDs

kjafndplmofcedgddaoceenkcbfankem
kincjchfokkeneeofpeefomkikfkiedl
iejbljbhhoclgfiapmomcpkpkcmihfib
lkfhadffdnjnogmgjfihlcmmjhcfchaj
afnnkheojlgkipfabekmdkngocfhegck
hkpibllecmidllaojdmkcmfnoinmejco
gpllafflnmgjjcakjloknldkndnkmcpi
pkhidkonipdjidjglnkfcfhnkfnlefbk
kjafndplmofcedgddaoceenkcbfankem
kincjchfokkeneeofpeefomkikfkiedl
iejbljbhhoclgfiapmomcpkpkcmihfib
lkfhadffdnjnogmgjfihlcmmjhcfchaj
afnnkheojlgkipfabekmdkngocfhegck
hkpibllecmidllaojdmkcmfnoinmejco
gpllafflnmgjjcakjloknldkndnkmcpi

JSLint-Feature – Error Severity

Hi Douglas,
I have been to a good number of your talks, and I love the idea behind JSLint. I even don’t mind it when JSLint makes me cry every now and then, however, I feel like the priority of JSLint should be around launch successful code early and often.

Here at Kabam we build games that run as HMTL5 apps, and recently we have started to use JSLint as part of our build process. In a few cases it has caught some minor errors and we were later able to resolve them.

Our build process uses Jenkins, which is an open source version of Hanson. These continuous build automation tools make use of another wrapper library you might be familiar with. http://code.google.com/p/jslint4java/

So in this sense let’s say a develop wants to add a new piece of code, and this code causes a problem.

JSLint reacts in the following ways,
– it has a an error limit and stops reporting erros after a certain amount
– errors are not prioritized based on ‘newness’ – because that would be hard
– errors are not prioritized based on priority.

The end result is that a team must fix all errors to get the maximum value out of JSLint.

I propose a 2 part solution.
1. JSLint should not set error priority, unless it sets sensible defaults
2. JSLint should report an error code so that a wrapper like jslint4java could use a config file set an error priority.

This would allow teams to triage error types as part of their build/ development process.

On line 1326 you have a function warn() defined I propose it’s written something like so, including a new warning property, defining an error.type property using the bundle[] accessor name as the error code.

If you think of some other change that could get to the spirit of what I am looking for that would be great too. If I get the time I might try to implement a prototype. Hudson and Jenkins have 3 levels of errors, High, Medium, and Low.

Would you have some suggestions as to what would make good defaults for each of the error.types?

I feel like this change would better support agile development and continuous integration, and would allow teams to prioritize their development efforts.

Thank you for being a beacon and leader in the community.

function warn(message, offender, a, b, c, d) {

        var character, line, warning;

        offender  = offender || next_token;  // `~
        line      = offender.line || 0;
        character = offender.from || 0;

        warning = {
            id: '(error)',
            raw: bundle[message] || message,
            type: message,
            evidence: lines[line - 1] || '',
            line: line,
            character: character,
            a: a || (offender.id === '(number)'
                ? String(offender.number)
                : offender.string),
            b: b,
            c: c,
            d: d
        };

        warning.reason = warning.raw.supplant(warning);

        JSLINT.errors.push(warning);

        if (option.passfail) {
            quit(bundle.stopping, line, character);
        }

        warnings += 1;

        if (warnings >= option.maxerr) {
            quit(bundle.too_many, line, character);
        }

        return warning;
    }

Using Cellular Atomata as a Design Principal for ‘Natural Design’

I read this really thought provoking article using Cellular Atomata, prime numbers, and layered images to create seemingly random backgrounds for web pages. Yes, backgrounds for web pages.

The problem is that on so many web pages, load time is an issue and so is screen size, so it’s really hard to avoid those lines or patterns that seem to repeat and distract from the content on a variety of devices.

It’s actually a great design principal to accommodate randomness, so the eye can focus on the structured content. It’s kinda like having a great forest in the background to an architectural monument. If done right the monument and surrounding garden will really pop against the scene.

In any case the author, Alex Walker, discusses how to uses geometric patterns based on prime numbers to create a sort of randomness in the background. The examples he gives are a much more understandable explanation than say Stephan Wolfram gives about the value of cellular automata in creating natural systems.

I think this better illustrates what Stephan Wolfram was talking about with cellular automata.

It’s clearly brilliant to use it as a graphic design principle.

Maybe Cellular Atomata (CA) rules could be used to generate layout width & height rather than typical asymmetrical patterns? An app like Flipbook could benefit from it, to keep the page layouts feeling designed and fresh.

I think Alex is on to something here using CA (Cellular Atomata) as a design pattern.

I would love to see it in designing UX and Architecture. I would love to see CA being used as a way to generate dynamic, but structured design.

It’s brilliant. Imagine what Santiago Calatrava could do with such a pattern.

Paypal IPN Validation Fails with Adaptive Payments and PHP query/ post parameters

If you are looking for a solution you can find it here.
Thank you Gleb ( http://www.memberwing.com/ )

https://www.x.com/message/158509#158509

The problem comes in how the API is designed, and it takes advantage of a little known feature of query parameters and their allowed characters. Paypal uses array’ed parameters like:

&transaction[0].status=value

The problem is that PHP does not know how to parse the query parameter and either skips it or stops processing the list. ( i can’t remember which ).

Paypal’s Adaptive Payments API is neat and freshens up their functionality, and additionally uses JSON as a communication layer, so I think it’s clearly their future, however, there are a number of little problems like this as you walk through getting up to speed on the API. I hope this helps anyone in the future by saving them an hour to day.

It kinda reminds me of some of the problems we had getting the MySpaceID API up and polished so I guess this is a nod to all of those APIs that do it right the first time.

Cheers.

Getting VerifyStatus API working in Sandbox

There are a few caviots to getting the API working.
I hope this saves someone a few hours/ days.

  • CallerServices.php has a small bug
  • Only Sandbox email accounts work in the sandbox. Thanks for confiming @ppalavilli
  • ALL Sandbox accounts have the First Name: Test Thanks @ppalavilli
  • ALL Sandbox accounts have the Last Name: User Thanks @ppalavilli

If you get a

PHP Warning: Missing argument 3 for CallerServices::callWebService()

On line 101 of CallerServices.php you have:

function callWebService($request,$serviceName,$simpleXML)

It should read: //(most of the calls that use callWebService are parent::callWebService( $request,$serviceName ) anyways.

function callWebService($request,$serviceName,$simpleXML=NULL)
{
$response = null;
try {
    $endpoint=API_BASE_ENDPOINT.$serviceName;
    $response = call($request, $endpoint, $this->sandBoxEmailAddress,$simpleXML);
}
catch(Exception $ex) {
throw new FatalException('Error occurred in call method');
}
   return $response;
}

Here is the code I used. Replace {email} with one of your sandbox email addresses.

public function verify_email($params){
$VstatusRequest = new GetVerifiedStatusRequest();
 
$VstatusRequest->emailAddress = '{email}';
$VstatusRequest->matchCriteria = 'NAME';
$VstatusRequest->firstName = 'Test';
$VstatusRequest->lastName = 'User';
 
$rEnvelope = new RequestEnvelope();
$rEnvelope->errorLanguage = "en_US";
$VstatusRequest->requestEnvelope = $rEnvelope ;
 
$aa = new AdaptiveAccounts();
$response = $aa->GetVerifiedStatus($VstatusRequest);
 
echo json_encode($response);
  }

The JSON encoded object looks like such:

{"responseEnvelope":{
    "timestamp":"2011-03-25T15:37:32.44307:00",
    "ack":"Success",
    "correlationId":"42bce847aebc9",
    "build":"1772158"
},
"accountStatus":"VERIFIED"
}

@jdavid

Paypal X Adaptive Pay FundingConstraint for PHP

The following code is an example of adding the FundingConstraint objects for a payRequest with Paypals new Adaptive Payments. I hope this helps.

$payRequest->fundingConstraint = new FundingConstraint();

//$payRequest
//    ->fundingConstraint
//    ->allowedFundingType
//    ->fundingTypeInfo
//    ->fundingType = "BALANCE";

$payRequest
    ->fundingConstraint
    ->allowedFundingType
    ->fundingTypeInfo
    ->fundingType = "ECHECK";

Vid.ly Beta IE size bug work around

        var n = document.getElementById('vidly-wrapper');
        if( n != null && vidjs.prototype.isIe() ){
            vidjs.prototype.flashMarkup =
                        '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="{width}" height="{height}">' +
                        '<param name="movie" value="http://vidly.dev.jentek.net/templates/js/player.swf"/>' +
                        '<param name="FlashVars" value="src={file}&skin=http://vidly.dev.jentek.net/skin.xml&scaleMode=none"><param name="AllowFullscreen" value="true"/>' +
                        '<param name="allowscriptaccess" value="always"></param>'+
                            '</object>';
           vidjs.prototype.flashMarkup = vidjs.prototype.flashMarkup.replace("{width}", '610');
           vidjs.prototype.flashMarkup = vidjs.prototype.flashMarkup.replace("{height}", '360');
       
           n.parentNode.removeChild(n);
           new vidjs();
       }
       

A few XPath links to make YQL and HTML scraping easier.

quick and basic
http://www.w3schools.com/XPath/xpath_syntax.asp

great resource for detailed string functions
http://oreilly.com/catalog/xmlnut/chapter/ch09.html

quick list of all of the functions in xpath
http://www.w3schools.com/xpath/xpath_functions.asp

great example of more sophisticated function selectors
http://www.eggheadcafe.com/articles/20030627d.asp

multiple attribute
http://www.coderanch.com/t/128329/XML/XPATH-selection-based-multiple-attribute

fun with concat
http://blogs.sun.com/rajeshthekkadath/entry/xpath_searching_for_a_text

http://www.xml.com/pub/a/2002/08/14/xpath_tips.html?page=3

Large Binary Numbers in Javascript

Have you ever wondered what the largest number is?  At one point it was a googolplex, but unless you write a custom class to deal with really large numbers, your dev environment will never count to a googolplex.

For http://loc.is I am reworking a geohash encoding algorithm today, and I wanted to see what Javascript could handle.  Strongly typed languages like Java have known upper limits, but languages like javascript are a bit more mysterious, so the only way to know is to find out.  I wrote this function to test it, and I ran it in the firebug console on a random webpage ( firebug won’t work unless the DOM is ready ).

for( i = 0 ; i &lt; 500 ; i++){
    var value = Math.pow(2,i) +1;
    console.log (   i + "n" +
    value + "n" +  
    value.toString(2));
}

The output finally looks like this, and reveals that 2^52 is the largest number you can add 1 to and still represent it as an integer. Any larger and javascript will just use it as a float, and you will not have a sufficient number of bits to represent it.  I wonder if this is the same in all browser/ os combination pairs?

51
2251799813685249
1000000000000000000000000000000000000000000000000001

52
4503599627370497
10000000000000000000000000000000000000000000000000001

53
9007199254740992
100000000000000000000000000000000000000000000000000000

54
18014398509481984
1000000000000000000000000000000000000000000000000000000

So in this circumstance, javascript seems to have 54 bits of integer accuracy, a few short of a LONG 64 bit int, or IEEE 80 bit notation.


Test it yourself, and let me know.

New jEdit Syntax Edit Modes for Perl+HTML & XML+CDATA + HTML

I love my syntax highlighting in jEdit, and why shouldn’t I?  Good Syntax Highlighting helps you catch code errors early.  So about 2 years ago, I created a custom jEdit “Edit Mode” so that HTML buried in your XML CDATA tags would be Syntax Highlighted.  Here is the original post on Google Groups ( http://groups.google.com/group/opensocial-api/browse_thread/thread/12e250246ab64054/343c858695e8eb12 ).

Here is the custom Edit Mode for XML->CDATA->HTML c-xml.xml

It uses a simple trick to identify the CDATA with HTML with a special CDATA tag like the one below

<![CDATA[ <!--HTML-->
   <html>
       <!-- friendly neighborhood web page -->
   </html>
]]>

The perl version is here perl-html.xml

So for the perl version i use the structure of Perl’s HEREDOCS and use the following java capable regex

<<p{Space}*(['"])([p{Space}p{Alnum}]*)1;?s*<!--.*HTML.*-->

Which will HTML Syntax highlight any perl HEREDOC as HTML if it has <!– HTML –> in it so the following should syntax highlight.  There is however, one bug.  If your HEREDOC is not well formed, meaning you have an unclosed tag css object, or  javascript call, then the syntax highlighting gets stuck.  Maybe I will figure out how to make this work for non well-formed HTML.  any ideas?

<<< EOT <!-- HTML -->
    <html>
        <!-- friendly neighborhood web page -->
    </html>
EOT