# Sunday, August 08, 2004

Things can only get better....

... or at least things can only feel they are getting better

Traces of the antidepressant Prozac can be found in the nation's drinking water, it has been revealed.  [via BBC NEWS | Health | Prozac 'found in drinking water']

 

#    Comments [0] |
# Saturday, August 07, 2004

iMunch passes the test.....

Security Hole?.  

Is your RSS reader secure?

WARNING: Script removed from this article.

This is a weblog post that contains an HTML script element. It tries to figure out what domain it resides in and if the domain is not "erik.eae.net" it means that it has access to the current domain and will be able to read data of that domain and post it to a malicious site. A specially dangerous scenario would be that the RSS feed is shown using the file: protocol because that would mean that any text file on the computer could be read.

 [via erik's weblog]

Something I put in a long time ago; though to claim passing this particular test implies your rss reader is secure would be misleading so I don't.

#    Comments [0] |

Telligent Open Source Forum Software

Community Server :: Forums is the most advanced, high-performance online collaborative discussions system available for adding rich discussion capabilities to any ASP.NET web application. It has been specifically designed to meet the high-performance characteristics of high-traffic web applications, and is the choice of many community and corporate discussion systems such as Microsoft's XBox Forums.  [via Community Server :: Forums]

Looks like it might well be one worth delving in to.

#    Comments [0] |

Dynamic HTML with ASP.NET

Cutting Edge: Script Callbacks in ASP.NET.  Solve your problems with scripting behind the scenes [via MSDN: .NET Framework and CLR]

Dino provides an ASP.NET 1.1 solution equivalent for the ASP.NET 2.0 script callback stuff. Or at least I think he does from reading the article, but not the code. It still amazes me that this stuff wasn't in ASP.NET 1.0.

#    Comments [0] |
# Wednesday, July 21, 2004

Yucca Year

Tim Bray says the Yuccas are flowering in Vancouver. It would seem it is Yucca year in Essex as well.....

The above has been in the ground since 1991 and after so long a surprising sight.

#    Comments [0] |
# Sunday, July 18, 2004

Why mark of the web didn't work

In trying to fix a problem it was suggested that 'mark-of-the-web' could be used; I couldn't get it to work, apparently it was broken....

Build Comment Web Pages in VS 2003 and Windows XP SP2.  ....  In Windows XP SP2, the IE team did work to tighten up the items which were permissable and http:// was accidentally excluded... [via Microsoft WebBlogs]

Dunno whether RC2 fixes the problem or RTM, I found another way round the problem.

#    Comments [0] |
# Friday, July 16, 2004

Weird - Internet Explorer the application is at fault, not the components. I don't think so.

Or so say some.... Wired News: Cool Ways to Give IE the Boot

Now according to this article there are some alternatives to IE beyond FireFox and considers 2: IRider and Deepnet Explorer. About IRider it says:

... IRider appears not to be vulnerable to most of the security exploits that plague Internet Explorer, especially if you follow the company's advice on how to configure the browser ...

and about Deepnet Explorer we have:

As far as security is concerned, Deepnet spokeswoman Anneli Ritari noted that "Deepnet Explorer does not support any third-party plug-ins. We prefer to develop and build in the features instead of enabling plug-ins, including the so-called Browser Helper Objects, so it could be argued that Deepnet is more secure than Internet Explorer or Mozilla."

Deepnet Explorer doesn't support third party plug-ins? I don't think so, it runs ActiveX objects such as ScriptX (which is perfectly safe, just using that as an example).

Both of these applications host the Microsoft Web Browser Control - this is the control that wraps MSHTML.DLL that Internet Explorer uses. You can host mshtml directly, but its more difficult than hosting the control so most go for the control. The point is, all the scripting etc etc vulnerabilities there are in "Internet Explorer" are in IRider and Deepnet as well because they are using the same underlying technology. Get one of these and think you are safe and can ignore advisories and updates and you are seriously fooling yourself.

The only thing that I can see that is true is that neither loads BHOs, which are often the route of choice for spyware, but that is all.

The article doesn't mention the Zeepe Zowser, and nor should it really, its just a sample. But, if you fancy an easy way of writing your own tabbed browser, its a good starting point. Just don't think you will be any more secure than IE -you won't and to re-iterate, you won't be anymore secure with IRider or Deepnet either.

[Update. Just seen the article go by again my news reader: 

   Cool Ways to Give IE the Boot. If you're looking for an alternative to Internet Explorer, there's more out there than just Mozilla. Here's a rundown of some popular Web browsers not written by Microsoft. By Michelle Delio.

My argument is that IRider and Deepnet Explorer are, at their heart, written by Microsoft. Nothing wrong with them, just be aware that all is not, IMHO, as implied by Michelle.

]

If someone can show me where the above is wrong and web browser control hosts are much safer than IE in the cases other than BHOs then I will be most grateful since it would apply to Zeepe as well.

#    Comments [0] |

Well that explains it.

Once more, Eric Lippert provides interesting information (some of his stuff may be in documentation somewhere but reading his blog is like reading entertaining documentation, just over a very long while)

Not Logical Is VBScript.   ... JScript has both logical (&&, ||, !, etc.) and bitwise (&, |, ~, etc) operators, but VBScript only has bitwise operators. That means that JScript can do lazy logic. In Jscript, when the first half of the and-expression evaluates to false, it knows that it should not evaluate the second half for the logical operator but it should for the bitwise operator. In VBScript, both halves are always evaluated. (ASIDE: VB.NET has added lazy logic operators, at long last. [via Microsoft WebBlogs]

VBScript only has bitwise operators just never made it into my consciousness to stop me writing the sort of stuff I'd write in other languages and then spend yonks scratch the head about why things didn't work.

#    Comments [0] |
# Thursday, July 15, 2004

Mini-Microsoft

  • Back to Basics. Win32 and C++. Bread and butter. Not everything can run in the freaking CLR.
  •  [via Mini-Microsoft]

    Interesting - not surprisingly the guy/gal keeps themselves anonymous; it is a delight to sit back, read and imagine its The Bill himself being subversive having lost control of the company.

    #    Comments [0] |
    # Wednesday, July 14, 2004

    Net curtains rather than a whitewash.

    UK Probe Finds Flaws in Pre-War Iraq Intelligence.  LONDON (Reuters) - Britain's pre-war intelligence on Iraq's armaments had "serious flaws" but Prime Minister Tony Blair was not personally responsible, an inquiry found on Wednesday. [via Reuters: Top News]

    It couldn't be another whitewash after Hutton somewhat backfired so here we have some of the smelly stuff stated and then hidden behind the net-curtains of "no-one is to blame". Some people should get their lives back, but sadly they can't.

    #    Comments [0] |