ericlaw

Mouse Gestures in Edge

Over twenty years ago, the Opera browser got me hooked on mouse gestures, a way for you to perform common browser actions quickly. After I joined the IE team in 2004, I fell in love with a browser extension written by Ralph Hare and I later blogged about it on the IEBlog and helped RalphContinue reading “Mouse Gestures in Edge”

Going Electric – Solar 1 Year Later

In March of 2023, I had an 8kw solar array installed and I was finally permitted to turn it on starting April 21, 2023. My pessimistic/optimistic assumption that my buying an expensive solar array was going to be the trigger for technological breakthroughs in solar technology that rendered my panels obsolete wasn’t entirely unfounded. SureContinue reading “Going Electric – Solar 1 Year Later”

Browser Security Bugs that Aren’t: JavaScript in PDF

A fairly common security bug report is of the form: “I can put JavaScript inside a PDF file and it runs!” For example, open this PDF file with Chrome, and you can see the alert(1) message displayed: Support for JavaScript within PDFs is by-design and expected by the developers of PDF rendering software, including commonContinue reading “Browser Security Bugs that Aren’t: JavaScript in PDF”

A Slow 10K

I “ran” the Capitol 10K for a third time on Sunday. It did not go well, but not for any of the reasons I worried about. The rain stopped hours before the race, and the course wasn’t wet. My knees and feet didn’t complain. My heart rate felt pretty much under control. I had foundContinue reading “A Slow 10K”

Attacker Techniques: Gesture Jacking

A few years back, I wrote a short explainer about User Gestures, a web platform concept whereby certain sensitive operations (e.g. opening a popup window) will first attempt to confirm whether the user intentionally requested the action. As noted in that post, gestures are a weak primitive — while checking whether the user clicked orContinue reading “Attacker Techniques: Gesture Jacking”