I’ve been working on web security for a long time at this point, and spending most of my time looking at all of the bad stuff happening on the web can get pretty demoralizing. Fortunately, there’s also a lot of amazing stuff on the web that periodically reminds me of what an amazing tool it can be. For instance,Continue reading “I Still ❤ The Web”
Category Archives: tech
FiddlerCore and Brotli compression
Recently, a developer asked me how to enable Brotli content-compression support in FiddlerCore applications, so that APIs like oSession.GetResponseBodyAsString() work properly when the entity body has been compressed using brotli. Right now, support requires two steps: Put brotli.exe (installed by Fiddler or off Github) into a Tools subfolder of the folder containing your application’s executable. Ensure that theContinue reading “FiddlerCore and Brotli compression”
For a Lark
“Happy Holidays” David said as he poked his head into my office, handing me an unwrapped holiday card featuring a kitten in a Santa hat. As I took it, I nearly dropped a small white envelope that dropped out from inside. The inscription in the card read simply “Best wishes, David – 2010.” “Uh, thanks,Continue reading “For a Lark”
Working on Google Chrome – Year One
Four weeks ago, emailed notice of a free massage credit revealed that I’ve been at Google for a year. Time flies when you’re drinking from a firehose. When I mentioned my anniversary, friends and colleagues from other companies asked what I’ve learned while working on Chrome over the last year. This rambling post is anContinue reading “Working on Google Chrome – Year One”
HTTPS Only Works If You Use It – Tipster Edition
It’s recently become fashionable for news organizations to build “anonymous tip” sites that permit members of the public to confidentially submit tips about stories of public interest. Unfortunately, would-be tipsters need to take great care when exploring such options, because many organizations aren’t using HTTPS properly to ensure that the user’s traffic to the newsContinue reading “HTTPS Only Works If You Use It – Tipster Edition”
Do Not Lie to Users
Multiple people working on Outlook.com thought this was a reasonable design. After a user deletes an email, then manually goes into the Deleted Items folder, then clicks Delete again, then acknowledges that they wish to Permanently Delete the deleted item: … the item is still not deleted. You can “Recover deleted items” from your Deleted items folder:Continue reading “Do Not Lie to Users”
Troubleshooting Windows 10 Bluescreens
I recently bought a Dell XPS 8900 desktop system with Windows 10. It ran okay for a while, but after enabling Hyper-V, every few minutes the system would freeze for a few seconds and then reboot with no explanation. Looking at the Event Viewer’s Windows Logs > System revealed that the system had bugchecked (blueContinue reading “Troubleshooting Windows 10 Bluescreens”
File the Bug
Two experiences this week reminded me of a very important principle for improving the quality of software… if you see something, say something. And the best way to do that is to file a bug. Something Weird? File a bug! The first case was last Thursday, when a user filed a bug in Chrome’s trackerContinue reading “File the Bug”
Downloads and the Mark-of-the-Web
Last update: June 21, 2022 Background Windows uses a simple technique to keep track of which binary files were downloaded from the Internet (or a network share). Each downloaded file is is tagged with a hidden NTFS Alternate Data Stream file named Zone.Identifier. You can check for the presence of this “Mark of the Web”Continue reading “Downloads and the Mark-of-the-Web”
Repairing Corrupt ZIP Files
Fiddler’s default file format is the SAZ Format, which is just a ZIP file with a particular structure. Unfortunately, sometimes users’ SAZ files get corrupted due to failing disks or incomplete downloads, and when this happens, Fiddler can no longer open them. Because Fiddler uses a standard ZIP file, surely a good ZIP reader willContinue reading “Repairing Corrupt ZIP Files”
text/plain 