Passwords have lousy security properties, and if you try to use them securely (long, complicated, and different for every site), they often have horrible usability as well. Over the decades, the industry has slowly tried to shore up passwords’ security with multi-factor authentication (e.g. one-time codes via SMS, ToTP authenticators, etc) and usability improvements (e.g.Continue reading “Passkeys – Syncable WebAuthN credentials”
Author Archives: ericlaw
Understanding Browser Channels
Microsoft Edge (and upstream Chrome) is available in four different Channels: Stable, Beta, Dev, and Canary. The vast majority of Edge users run on the Stable Channel, but the three pre-Stable channels can be downloaded easily from microsoftedgeinsider.com. You can keep them around for testing if you like, or join the cool kids and setContinue reading “Understanding Browser Channels”
Certificate Revocation in Microsoft Edge
When you visit a HTTPS site, the server must present a certificate, signed by a trusted third-party (a Certificate Authority, aka CA), vouching for the identity of the bearer. The certificate contains an expiration date, and is considered valid until that date arrives. But what if the CA later realizes that it issued the certificateContinue reading “Certificate Revocation in Microsoft Edge”
New Recipes for 3rd Party Cookies
For privacy reasons, the web platform is moving away from supporting 3rd-party cookies, first with lockdowns, and eventually with removal of support in late 2023 the second half of 2024. Background: What Does “3rd-Party” Mean? A 3rd-party cookie is one that is set or sent from a 3rd-party context on a web page. A 3rd-partyContinue reading “New Recipes for 3rd Party Cookies”
My Next Opportunity
This is the farewell email I sent to my Edge teammates yesterday. IWebBrowser3::BeforeNavigate() When I left the Internet Explorer team in 2012 to work on Fiddler full-time, I did so with a measure of heartbreak, absolutely certain that I would never be quite as good at anything else. When I came back to the EdgeContinue reading “My Next Opportunity”
Edge URL Schemes
The microsoft-edge: Application Protocol Microsoft Edge implements an Application Protocol with the scheme microsoft-edge: that is designed to launch Microsoft Edge and pass along a web-schemed URL and/or additional arguments. A basic invocation might be as simple as: microsoft-edge:http://example.com/ However, as is often the case with things I choose to write about, there’s a bitContinue reading “Edge URL Schemes”
End of Q2 Check-in
Back in January, I wrote about my New Years’ Resolutions. I’m now 177 days in, and things are continuing to go well. Health and Finance: A dry January. Exceeded. I went from 2 or 3 drinks a night six times a week to around 6 drinks per month, mostly while on vacations. Health: Track my weight andContinue reading “End of Q2 Check-in”
Captive Portals
When you join a public WiFi network, sometimes you’ll notice that you have to accept “Terms of Use” or provide a password or payment to use the network. Your browser opens or navigates to a page that shows the network’s legal terms or web log on form, you fill it out, and you’re on yourContinue reading “Captive Portals”
Extending Fiddler’s ImageView
Fiddler’s ImageView Inspector offers a lot of powerful functionality for inspecting images and discovering ways to shrink an image’s byte-weight without impacting its quality. Less well-known is the fact that the ImageView Inspector is very extensible, such that you can add new tools to it very simply. To do so, simply download any required executablesContinue reading “Extending Fiddler’s ImageView”
“Batteries-Included” vs “Bloated”
Fundamentals are invisible. Features are controversial. One of the few common complaints against Microsoft Edge is that “It’s bloated– there’s too much stuff in it!” A big philosophical question for designers of popular software concerns whether the product should include features that might not be useful for everyone or even a majority of users. ThereContinue reading ““Batteries-Included” vs “Bloated””
text/plain 