Strict-Transport-Security for *.dev, *.app and more

Some web developers host their pre-production development sites by configuring their DNS such that hostnames ending in .dev point to local servers. Such configurations were not meaningfully impacted when .dev became an official Generic Top Level Domain a few years back, because even as smart people warned that developers should stop squatting on it, Google (the owner of theContinue reading “Strict-Transport-Security for *.dev, *.app and more”

Working with “Big Data” in .NET

For simplicity (and because I didn’t know any better at the time), Fiddler uses plain public byte[] array fields to represent the request and response bodies. This makes working with the body data trivial for authors of extensions and FiddlerScript, but it also creates significant shortcomings. Using fields rather than properties improves performance in some scenarios,Continue reading “Working with “Big Data” in .NET”

Finding Image Bloat In Binary Files

I’ve previously talked about using PNGDistill to optimize batches of images, but in today’s quick post, I’d like to show how you can use the tool to check whether images in your software binaries are well optimized. For instance, consider Chrome. Chrome uses a lot of PNGs, all mashed together a single resources.pak file. Tip:Continue reading “Finding Image Bloat In Binary Files”

Chrome Deprecates Subject CN Matching

If you’re using a Self-Signed certificate for your HTTPS server, a deprecation coming to Chrome may affect your workflow. Chrome 58 will require [why?] that certificates specify the hostname(s) to which they apply in the SubjectAltName field; values in the Subject field will be ignored. This follows a similar change in Firefox 48. If impacted,Continue reading “Chrome Deprecates Subject CN Matching”

The Trouble with Magic

“Magic” is great… except when it isn’t. Software Design is largely about tradeoffs, and one of the more interesting tradeoffs is between user experience and predictability. This has come up repeatedly throughout my career and in two independent contexts yesterday that I’ll describe in this post. Developer Magic I’m working on a tiny UX changeContinue reading “The Trouble with Magic”

Useful Resources when Developing Chrome Extensions

I’ve built a handful of Chrome extensions this year, and I wrote up some of what I learned in a post back in March. Since then, I’ve found two more tricks that have proved useful. First, the Chrome Canary channel includes a handy extension error console to quickly expose extension errors. Update: This feature is nowContinue reading “Useful Resources when Developing Chrome Extensions”

Compression Context

ZIP is a great format—it’s extremely broadly deployed, relatively simple, and supports a wide variety of use-cases pretty well. ZIP is the underlying format beneath Java (.jar) Archives, Office (docx/xlsx/pptx) files, Fiddler (.saz) Session Archive ZIP files, and many more. Even though some features (Unicode filenames, AES encryption, advanced compression engines) aren’t supported by allContinue reading “Compression Context”