Karma's Nucleus DevBlog

A while ago, I wrote about Internet Explorer security zones and dynamically created elements. Until such an element was attached to an existing document, all operations on that element were executed in the zone corresponding with about:blank.

I ran into a similar situation while making changes to automatically activate an ActiveX control.

It's a simple enough question, which you should try to solve in your head: What does the following code display, and why?

<?php
  $i = 1;
  $i += $i++ + ++$i;
  echo 'i=', $i;
?>

Bonus question: Is the result always the same in other programming languages (JavaScript, Java, C#, ...; provided the syntax is adapted to the host language :))? Why (not)?

Recently, I discovered something some interesting things about Internet Explorer:

When assigning some HTML to the innerHTML property of a DOM element, Internet Explorer performs some security text, especially if the inserted HTML contains javascript (e.g. <a href="..." onclick="javascript code">...).

If you create elements dynamically (e.g. var e = document.createElement('p');) and assign something to innerHTML before appending the created element to the DOM tree, Internet Explorer performs its security text in the zone to which about:blank belongs.

Ever since I completed college a couple of years ago, I've started reading more and more computer books. The first ones were gifts by Nucleus donators, but later on I also started buying my own. I've found these books to be a great way to learn about new areas of programming. They also greatly improved my passive knowledge.

In this article, I've compiled a list of highlights in my current, past and future reading.

I've veen playing around with the porthole and fishes example from Nick Chapman's PNG Headers article.

Some random discoveries I made recently:

Access denied: File in use

On Windows 2000/XP, it's possible to move or rename a file that is in use. Quite handy when you have a running process that needs to replace (upgrade) itself: rename the running process, put the new file in place and make the process restart itself.

XBM images

One of the security measurements Microsoft made in the Internet Explorer version that's included in Windows XP SP2, is that XBM images are blocked by default. If you don't know what these are: it's a piece of C code that renders to an image. For example:

#define test_width 16
  #define test_height 16
  static unsigned char test_bits[] = {
     0xff, 0xff, 0x01, 0x80, 0xfd, 0xbf, 0x05, 0xa0, 0xf5, 0xaf, 0x15, 0xa8,
     0xd5, 0xab, 0x55, 0xaa, 0x55, 0xaa, 0xd5, 0xab, 0x15, 0xa8, 0xf5, 0xaf,
     0x05, 0xa0, 0xfd, 0xbf, 0x01, 0x80, 0xff, 0xff};

What's cool about the format is that you can generate the code from javascript and then assign it to an image, like Wolfenstein 5K used to do. Besides this one example, the only place the format appears to be used is a chinese bank, judging from the amount of Google hits for BlockXBM, the registry entry though which the XBM blocking can be circumventend.

Anyway: it's funny to see how at the time when Wolf5K was written, only Internet Explorer had support for XBM, while Mozilla/Firefox did not. This situation is now reversed: Firefox now renders XBM images (I guess some developers wanted to play Wolf5K) while Internet Explorer blocks them because of security concerns.

The blocking by IE makes sense, in my opinion. I wouldn't want my browser to execute random C code either.

Just a stupid experiment: An image that isn't.

Last week, the dutch website Naar Voren (a site similar to A List Apart, but in dutch) published an article of which I was a co-author: Fout! - Haalt je bezoeker de eindstreep.

The article is about writing a friendly form that can deal well with errors, and guides the user to the finish line. Also, it highlights the importance of friendly error messages and of keeping forms limited to the information that's really needed. My part in the article mainly was the PHP script.

Anyway, I've put up a translated demo and the accompanying code here on this website. Maybe someone finds it interesting.

No Nucleus news today: I spent today on the Microsoft Developer Days in Brussels (Belgium), and will be going over there tomorrow also.

Obviously, this event is targetted towards developers that develop on Microsoft platforms (which is what I do in my daytime job). But I wanted to share this with you guys anyway.

If you're interested in which track I took, read on.

Updated! Added information on the sessions of day 2

Here's a bunch of random links, most of them to interesting software I discovered lately.

• Visual C# 2005 Express Edition Beta is a stripped down version of the upcoming Visual Studio 2005. Beta versions of the express editions are currently available for free in a time-limited edition (afaik it expires on march 1st, 2005).

  What I most like about this program is that it's a pleasure to work with. It has also allowed me to experience the various improvements to Intellisense and debugging, some of which are really helpfull. The downside is that there's probably no way (haven't found any so far) to generate an assembly targetted for .NET v1.x. Everything you build with Visual C# can only be used when .NET v2.0 is installed.

• XML-RPC.Net: an XML-RPC library that you can use to easily implement XML-RPC servers/clients.

• Microsoft Web Services Enhancements (WSE) 2.0 SP2: Microsofts .NET implementation for second-generation webservice standards like WS-Addressing, WS-Attachments, WS-Security, WS-Policy, ...

• .NET magazine, a dutch magazine which MSDN Belgium/Netherlands issues about 4 times a year. Subscribing is free.

• TcpTrace and ProxyTrace: little applications that help you debugging XML-RPC/SOAP communication by displaying what's going over the wire.

• The NP_BlackList plugin for Nucleus is a real timesaver. I installed it on dev.nucleuscms.org yesterday, after cleaning out 2000+ spam comments first.

• I've also been experimenting with nuSOAP and PHP. The result was the 10by10 webservice, which basically outputs the same data that 10x10 provides as a text file (developers info). Creating a web service in nuSOAP/PHP is a lot more complicated than doing so in C#. In some ways, this can be a good thing, as it forces you to learn a little more about how SOAP actually works.