SEARCH KEYWORD -- signed request
The Problem With Client-Side Analytics
Client-side analytics is broken. The numbers produced by it are trivially spoofable by competitors and nefarious characters. Most websites use client-side analytics of one type or another and the only way to get numbers you can trust is to compare numbers from multiple providers and to take an average of the closest two.This post highlights the problem and proposes a partial solution that substantially mitigates the issues with minimal effort. Our proposed solution is simply to include a digital...
Client side,Analysis,Problem,Tricks,ASP.NET,spoof 2011-10-22 12:58:51
JavaScript's Two Zeros
JavaScript has two zeros: -0 and +0. This post explains why that is and where it matters in practice. The signed zero Numbers always need to be encoded to be stored digitally. Why do some encodings have two zeros? As an example, let’s look at encoding integers as 4-digit binary numbers, via the sign-and-magnitude method. There, one uses one bit for the sign (0 if positive, 1 if negative) and the remaining bits for the magnitude (absolute value). Therefore, -2 and +2 are encoded as f...
JavaScript,zeros 2012-03-24 05:21:49
PHP Multithreading – Faking It
PHP doesn’t really support multi-threading per se but there are ways to do “fake†multithreading. Here’s one I saw in the PHPClasses.org newsletter – Multi-thread Simulation. Note that this class is intedend for use on a webserver, as opposed to running PHP scripts from a command line (or similar). Check the end of this post for some alternatives you can try if you’re using PHP as a stand-alone scripting language. Now, I’m going to be lazy and just ...
PHP,Multithreading,Possible,CURL,Fake,Si 2011-09-04 23:07:22
HeartBleed: Inside the heart, what causes the bleeding?
Just after a few weeks since Apple's famous goto fail bug, there is one bug in OpenSSL which catches the attention from the world again. The bug is named HeartBleed, found in OpenSSL library, a famous open source library supporting lots of SSL/TLS communication among server/client applications. The reason why this bug catches the attentions from the world is it affects almost all sites which are using the affected OpenSSL library, these includes many applications like Nginx server, some v...
OpenSSL,HeartBleed 2014-04-09 05:47:30
Integer overflow
You may be familiar with integer overflow, but what you may not be familiar with is how gcc handles signed integer overflow. First let's look at the standard, for unsigned integer, the standard says : A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type. In other words, unsigned integer ov...
Integer overflow,gcc,Linux 2012-10-20 13:33:10
UIWebView Secrets - Part1 - Memory Leaks on Xmlhttprequest
My first blog post on iphone subject reveal a big memory bug when using UIWebView component. This is the (only one) component to display some HTML content in an iphone interface. UIWebView object has a lot of differents issues and I’m going to highlight the biggest of them. Actually, all XMLHttpRequests used in javascript code are fully leaking!!! I mean when you do a request that retrieve 100ko of data, your memory used grow up for 100ko! This bug is not always active, but almost always....
XMLHttpRequest,Memory leak,Mobile device,UIWebView 2011-11-25 13:46:30
The war with spam comment
Spam comments are annoying and notorious. They are either malicious data from hackers to exploit the loopholes of the site or advertisements posted by robots. These kinds of comments have their own features and patterns, if we are careful enough, we can find ways to block most of them although it's not so easy. To block the comment with malicious executable codes such as JavaScript, we should remember one rule : never trust user input. So wherever there are user inputs, we need to check the vali...
Spam comment,Block,Filter 2013-11-29 20:29:43
SameSite attribute in cookie
Starting from Chrome 51, a new attribute SameSite has been introduced for browser cookie. This attribute is to prevent CSRF attack. Cookie is normally used to store data exchanged between client and server. It frequently stores user login information. If a malicious website can forge a HTTP request with the valid third party website cookie, it may be called a CSRF attack. For example, if a user logins to a bank website your-bank.com, the bank server responds a cookie: Set-Cookie:id=a3fWa; L...
JAVASCRIPT,COOKIE,SAMESITE,CHROME,CSRF 2019-09-14 04:57:51
Use Java ThreadLocal with caution
According to Oracle documentation, ThreadLocal is a class provides thread-local variables. These variables differ from their normal counterparts in that each thread that accesses one (via its get or set method) has its own, independently initialized copy of the variable. ThreadLocal instances are typically private static fields in classes that wish to associate state with a thread. In short, ThreadLocal variables are variables belong to a thread, not a class or an instance of a class. One common...
JAVA,MEMORY LEAK, THREADLOCAL 2015-11-03 07:31:57
A mini post on GoLang context
In a GoLang web server, every request coming in will be handled by a goroutine. In the request handler, the logic may also need to create new goroutine to handle other tasks like RPC call. When the request is processed and response is returned, these goroutines created need to be exited so that no goroutine leak should happen. package main import ( "fmt" "log" "net/http" ) func main() { http.HandleFunc("/echo", func(w http.ResponseWriter, r *http.Request) { fmt.Println(&r) w.Write(...
RECENT
- Tips for Socializing With Friends During College
- Proximity Cards Do More Than Just Open Doors
- How to choose quality painted auto parts
- Oval engagement rings from MoonOcean: Elegance of form and individual approach
- Hologres vs AWS Redshift
- GoLand connect to Hologres
- A journey to investigate a goroutine leakage case
- Understanding Slice Behavior in Go
- Breaking Barriers: How 3D Printing is Democratizing Product Development
- The Power of Efficiency: 10 Practical Energy-Saving Tips for Tech Startups
- more>>