Last Update: Mar 22, 2023 Previously, I’ve written about Chromium’s Native Messaging functionality that allows a browser extension to talk to a process running outside of the browser’s sandbox, and I shared a Native Messaging Debugger I wrote that allows you to monitor (and even tamper with) the communication channels between the browser extension andContinue reading “Improving Native Message Host Reliability on Windows”
Category Archives: dev
A New Era: PM -> SWE
tl;dr: As of last week, I am now a Software Engineer at Microsoft. My path to becoming a Program Manager at Microsoft was both unforeseen (by me) and entirely conventional. Until my early teens, my plan was to be this guy: I went to Space Camp and Space Academy, and spent years devouring endless booksContinue reading “A New Era: PM -> SWE”
SlickRun
While I’m best known for creating Fiddler two decades ago, eight years before Fiddler’s debut I started work on what became SlickRun. SlickRun is a floating command line that provides nearly instant access to almost any app or website. Originally written in Visual Basic 3 and released as QuickRun for Windows 3.1, it was soonContinue reading “SlickRun”
Mark-of-the-Web: Additional Guidance
I’ve been writing about the Mark-of-the-Web (MotW) security primitive in Windows for decades now, with 2016’s Downloads and MoTW being one of my longer posts that I’ve updated intermittently over the last few years. If you haven’t read that post already, you should start there. Advice for Implementers At this point, MotW is old enoughContinue reading “Mark-of-the-Web: Additional Guidance”
HTTPS Goofs: Forgetting the Bare Domain
As I mentioned, the top failure of HTTPS is failing to use it, and that’s particularly common in in-bound links sent via email, in newsletters, and the like. Unfortunately, there’s another common case, whereby the user simply types your bare domain name (example.com) in the browser’s address bar without specifying https:// first. For decades, manyContinue reading “HTTPS Goofs: Forgetting the Bare Domain”
Best Practice: Post-Mortems
I’ve written a bit about working at Google in the past. Google does a lot of things right, and other companies would benefit by following their example. At Google, one of the technical practices that I thought was both essential and very well done was the “post-mortem”– whenever they hit a significant problem, after puttingContinue reading “Best Practice: Post-Mortems”
Chromium Internals: PAK Files
Web browsers are made up of much more than the native code (mostly compiled C++) that makes up their .exe and .dll files. A significant portion of the browser’s functionality (and bulk) is what we’d call “resources”, which include things like: Images (at two resolutions, regular and “high-DPI”) Localized UI Strings HTML, JavaScript, and CSSContinue reading “Chromium Internals: PAK Files”
The “Magical” Back Button
From the mailbag: Eric, when I am on bing.com in Edge or Chrome and I type https://portal.microsoft.com in the address bar, I go through some authentication redirections and end up on the Office website. If I then click the browser’s Back button, I go back to bing.com. But if I try the same thing inContinue reading “The “Magical” Back Button”
Debugging Compatibility in Edge
Background By moving from our old codebase to Chromium, the Microsoft Edge team significantly modernized our codebase and improved our compatibility with websites. As we now share the vast majority of our web platform code with the market-leading browser, it’s rare to find websites that behave differently in Edge when compared to Chrome, Brave, Opera,Continue reading “Debugging Compatibility in Edge”
Recognizing Edge Windows
Yesterday, we had a customer reach out to us for help on an issue they’d encountered while writing code to interact with Microsoft Edge windows. Their script enumerated every window in the system, looking for those with Microsoft Edge in the titlebar. They were surprised to discover that the script didn’t recognize any of theirContinue reading “Recognizing Edge Windows”
text/plain 