I’ve been writing about Windows Security Zones and the Mark-of-the-Web (MotW) security primitive in Windows for decades now, with 2016’s Downloads and MoTW being one of my longer posts that I’ve updated intermittently over the last few years. If you haven’t read that post already, you should start there. Advice for Implementers At this point,Continue reading “Mark-of-the-Web: Additional Guidance”
Tag Archives: dev
Simply Making Simple Fixes Simple for Chromium
Google recently introduced a cool web-based editing tool for Chromium source code, a very stripped down version of the Willy Wonka tooling Googlers get to use for non-Chromium projects. I’ve used this tool to submit two trivial change lists (CLs, aka PRs) to Chromium, but I was curious about whether this new feature would workContinue reading “Simply Making Simple Fixes Simple for Chromium”
Web-to-App Communication: The Native Messaging API
Note: This post is part of a series about Web-to-App Communication techniques. One of the most powerful mechanisms for Web-to-App and App-To-Web communication is to use an extension that utilizes the NativeMessaging API. The NativeMessaging API allows an extension running inside the browser to exchange messages with a native-code “Host” executable running outside of the browserContinue reading “Web-to-App Communication: The Native Messaging API”
Demystifying Browsers
Last update: Sept 20, 2023 Web browsers are conceptually pretty simple, but their code and the ecosystems that arise around the platforms they expose are immensely complicated. I started building browser extensions more than 22 years ago, and I started building browsers directly just over 16 years ago. At this point, I think it’s fairContinue reading “Demystifying Browsers”
My New Chromium Build PC
While I do most of my work in an office, from time to time I work on code changes to Chromium at home. With the recent deprecation of Jumbo Builds, building the browser on my cheap 2016-era Dell XPS 8900 (i7-6700K) went from unpleasant to impractical. While I pondered buying a high-end Threadripper, I couldn’tContinue reading “My New Chromium Build PC”
Browser Architecture: Web-to-App Communication Overview
This is an introduction/summary post which will link to individual articles about browser mechanisms for communicating directly between web content and native apps on the local computer (and vice-versa). This series aims to provide, for each mechanism, information about: Application Protocols Read my Blog post. tl;dr: Apps can register url protocol schemes (e.g. myapp://mydata). Browsers willContinue reading “Browser Architecture: Web-to-App Communication Overview”
Strict-Transport-Security for *.dev, *.app and more
Some web developers host their pre-production development sites by configuring their DNS such that hostnames ending in .dev point to local servers. Such configurations were not meaningfully impacted when .dev became an official Generic Top Level Domain a few years back, because even as smart people warned that developers should stop squatting on it, Google (the owner of theContinue reading “Strict-Transport-Security for *.dev, *.app and more”
The Trouble with Magic
“Magic” is great… except when it isn’t. Software Design is largely about tradeoffs, and one of the more interesting tradeoffs is between user experience and predictability. This has come up repeatedly throughout my career and in two independent contexts yesterday that I’ll describe in this post. Developer Magic I’m working on a tiny UX changeContinue reading “The Trouble with Magic”
Working on Google Chrome – Year One
Four weeks ago, emailed notice of a free massage credit revealed that I’ve been at Google for a year. Time flies when you’re drinking from a firehose. When I mentioned my anniversary, friends and colleagues from other companies asked what I’ve learned while working on Chrome over the last year. This rambling post is anContinue reading “Working on Google Chrome – Year One”
text/plain 