x22i Treadmill Review
I love my treadmill, but two years in, I cannot recommend it. On New Year’s Day 2022 I bought a NordicTrack x22i Incline Trainer (a treadmill that supports 40% incline and 6% decline) with the aim of...
View ArticleCloaking, Detonation, and Client-side Phishing Detection
Today, most browsers integrate security services that attempt to protect users from phishing attacks: for Microsoft’s Edge, the service is Defender SmartScreen, and for Chrome, Firefox, and many...
View ArticleThe Importance of Feedback Loops
This morning, I found myself once again thinking about the critical importance of feedback loops. I thought about obvious examples where small bad things can so easily grow into large bad things: – A...
View ArticleSecond Seaside Half
I ran my second Galveston Half Marathon on Sunday, February 25th. The course was identical to last year’s race, starting at Stewart beach heading north before looping back down to the Pleasure Pier...
View ArticleBrowser Extensions: Powerful and Potentially Dangerous
Regular readers of my blogs know that I love browser extensions. Extensions can make using your browser more convenient, fun, and secure. Unfortunately, extensions can also break websites in bizarre...
View ArticlepushState and URL Blocking
The Web Platform offers a handy API called pushState that allows a website’s JavaScript to change the URL displayed in the address bar to another URL within the same origin without sending a network...
View ArticleAttacker Techniques: Gesture Jacking
A few years back, I wrote a short explainer about User Gestures, a web platform concept whereby certain sensitive operations (e.g. opening a popup window) will first attempt to confirm whether the...
View ArticleA Slow 10K
I “ran” the Capitol 10K for a third time on Sunday. It did not go well, but not for any of the reasons I worried about. The rain stopped hours before the race, and the course wasn’t wet. My knees and...
View ArticleBrowser Security Bugs that Aren’t: JavaScript in PDF
A fairly common security bug report is of the form: “I can put JavaScript inside a PDF file and it runs!” For example, open this PDF file with Chrome, and you can see the alert(1) message displayed:...
View ArticleGoing Electric – Solar 1 Year Later
In March of 2023, I had an 8kw solar array installed and I was finally permitted to turn it on starting April 21, 2023. My pessimistic/optimistic assumption that my buying an expensive solar array was...
View Article