Content negotiation, AJAX, and APIs

September 24th, 2007

I thought I was being so clever when I put a content-negotiated API into, my web development playground. To put it simply, a page can return the same information in different formats, depending upon the HTTP Accept: header. For example, this profile page (view only in Firefox for now) responds to a standard browser request with an HTML document, but returns JSON when it sees Accept: application/json as a header. In this case, a script on the page calls the same URL (/user/admin) again to get the map data in javascript-friendly format. That's where the weirdness starts.

Read full entry »

Force Firefox extensions to work in the latest version

November 19th, 2006

When Firefox updates to a new version, some extensions are disabled. However, you can easily edit the extensions to make Firefox re-enable them -- no particular expertise required.

Read full entry »

Using Tor correctly: Anonymous browsing edition

October 21st, 2006

Tor is a popular system for sending Internet traffic anonymously. It is mainly used for three purposes: hiding one's identity, hiding the identity of the site one is visiting, and hiding the data that one is sending and receiving. However, using Tor without some basic precautions is worse than not using Tor at all, leading to privacy violations, data theft, and security concerns. Here, I cover browser security with respect to preventing identity and data leakage when using the Tor network. If you are only using it to defeat web filtering, feel free to read only the section called "Locking yourself down".

At the end is an executive summary. Use it as a guideline, but make sure to read this entire post first -- it contains important instructions on how to change your browsing habits.

Read full entry »

Turn off domain guessing and keyword search in Firefox

September 1st, 2006

For security and ease of troubleshooting, turn off Firefox's automatic keyword search and domain guessing features.

Read full entry »


June 13th, 2006

As I watch my browser fill with extensions which enhance web pages by adding scripts (Greasemonkey, Platypus, Cocomment, ), I wonder whether some sites may start fighting back. Perhaps Google may detect Platypus removing a text ad, and add a page script to re-insert the ad. Will scripts begin to battle, wage wars of privilege, namespace, obfuscation, and timing? Will the javascript sandbox become a bloody battlefield, littered with object literals, new troops parachuting in via JSON headers and asynchronous XML HTTP requests? Will the DOM tree be hung with broken and battered functions? I envision closures spawning closures, surveiling the digital landscape, emerging from their window.setTimeout bunkers to strike again...