Wednesday, March 04, 2009

Google Bot Got PWND!

It's a TRAP!
Every once in a while, I write a test web page for the sole purpose of crashing a browser. Almost all of them implement some sort of infinite recursion. Many of them use JavaScript to force the recursion, but about a year ago I wrote one using frames (don't worry, it's just the source code).

As you can see, it's quite a doosy right off the first step. Under the intended conditions, this page would force a browser to re-request the page an exponentially increasing number of times (4n exactly). Unlike previous variants of my browser crashing pages, this one successfully crashed every browser I tested it in (i.e. IE6/7, Firefox, Opera, Chrome), some harder than others.

It tricks any agent into thinking it's a new page it's requesting because every URL has a unique token appended to the URI's query string. So, this not only forces the browser to re-request the page, but also prevents the browser from using an existing copy of the page in the its cache. One way or another, the browser's memory will fill up and crash.

Up until now, I've all but forgotten the glorious Frames Galore! script. That is, until I was browsing my Apache web server access logs for the website and discovered something very interesting (and humorous).

Line-after-line-after-line of these:
66.249.73.85 - - [03/Mar/2009:15:35:28 -0500] "GET /test/frames.php?24a0d270ecf9e10b89780563935a4523 HTTP/1.1" 200 571 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

It seems that one of Google's children has been trapped in this script for over a month now without any signs of escape. Initially, I [arrogantly] pondered to myself, "I wonder if this will crash the bot;" by way of logic that the bot's behavior is similar to traditional browsers. But, if it's gone on for over a month now, there's probably no such thing as crash for this bot (at least not this easily). It will probably crash my web server before it does considering the raw horsepower (i.e. FLOPS, RAM, bandwidth) available to it.

Even if I can't crash the bot, it's still a funny notion that the machine doesn't know when to stop. It's like a little kid playing monkey in the middle, but doesn't realize that the big kids aren't going to let him have the ball any time soon.

Labels: , ,

Monday, February 25, 2008

Be Weary of Event.observe()

In a day when I thought I was safe from all the cross-browser incompatibilities, I've been bitten in the ass once again. If you're a bit confused as to why I would think such things, you obviously haven't used a Javascript framework like Prototype. Up to this point, the only cross-browser issues I've concerned myself with, are CSS ones--and boy, there still are many, even with IE7 around). So what's my latest beef with Microsoft's craptacular Internet browser? Before I can answer that, I have to take a brief moment to explain Event.observe().

Event.observe() abstracts element.addEventListener() and element.attachEvent() which basically allows a 1-to-many relationship between an element's event and its listeners. It's a great idea, and comes in handy for me personally for many projects I work on.

In and of itself, Event.observe() is pretty easy and works without problem; however, one would assume that when push comes to shove and the event gets triggered, the listeners would be called in the order they were registered in. Well, those making that assumption would be mostly correct. This is where the browser from Bizarro World, Internet "Motherf**king" Explorer, comes in. IE appears to do the exact opposite.

To better explain, I'll use some code for example. We'll use three files: index.html (I've omitted the doctype for brevity), first.js, and second.js.

index.html
<html>
<head>
<title>Mai File</title>
<script type="text/javascript" src="first.js"></script>
<script type="text/javascript" src="second.js"></script>
</head>

<body>
</body>
</html>


Note: first.js came before second.js.

first.js

var a = "first";
Event.observe(window, 'load', function(event)
{
alert("first:" + a);
});


And second.js is almost identical.

second.js

var a = "second";
Event.observe(window, 'load', function(event)
{
alert("second:" + a);
});


When we open up our favorite browser (if it's Internet Explorer, you should be castrated), and visit our page, two alerts will pop up: "first:second", and "second:second". Left of the colon tells us what script is calling the alert() (in a matter of speaking). On the right of the colon, it tells us which script set the variable 'a' last. So according to our results, the variable 'a' was set to "second" last, which second.js was parsed second like we expected. And the alerts came in the order we also expected them.

Now we try this very same page in IE, and what do we get? "second:second", and "first:second". The exact opposite. The files were parsed in the correct order, but the event listeners were called in the opposite order.

Why this is? I have no idea. What this means though is, you can't write event listeners that depend on other event listeners of the same event. This can be quite annoying for those of us who use the window.onload event for bootstrapping and have a desired "order of operations."

Labels: , ,

Monday, December 31, 2007

Why Blink 182 Sucks

[an excerpt from a Facebook Group Thread]

Blink 182 fans are inherently hypocrites. If there's any oxymoron here, it's "Pop-Punk." Punk is rooted in anti-establishment and anti-corporate movements. Blink's very essence contradicts this very message. You can't be a punk, and milk the very corporations you claim to detest.

At no point in Blink 182's career, did I ever get the impression that they were ever truly punk at heart. They always appeared to be MTV-cookie-cutout synthetic-punksters. In lesser terms, they were tools. Tools, who's only purpose was to make money for the corporations they represent.

Their music was mediocre at best. With the exception of a few tunes (I admit, "Adam's Song" wasn't all that bad), it was all very monotonous. Every song sounded exactly the same. So, any originality (if any) they had quickly faded. Unfortunately for many, these rhythmic and melodic boundaries are intentional, as they maximize a bands popularity (a concept well-known by the music industry). For those with limited musical taste, consistent and repetitive sounds have the musical attraction of a moth's irresistance to fly into a bug zapper. This is the exact science behind Pop music. It works. It makes money.

For those of you Blink 182 fans who are incapable of arguing with me in a civilized manner, don't bother replying to me. Calling us anti-Blink people "Emo Fags" is not acceptable. It does not fare well in your argument, nor is it at all relevant. If you're going to argue, do it right. Argue my my above points, or not at all. I'm neither a fag, or an emo. Not that it matters, but emo's aren't real punks either. They lack a certain necessary backbone.

Labels: ,

Thursday, May 03, 2007

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

That is all.

Labels:

Saturday, February 03, 2007

Wet Birthday Suits

As Martha Stewart says, "It's a good thing," as she bends over to dominate your nether region with her fist. helpless little bunnies are gathering support for their matrix theology group that meets at the local meat packing plant. Nobody ever asks about the Purple Eskimo in the corner. They kind of just let the Saudi Arabians wrestle the antelope with chicken-wire until their pants fall off from laughing at their inebriated grandmothers.

Edible crotchless pantie liners, and homeless people battling each other with broken Wii-mote straps until their brains bleed from an overdose of chicken pot pie. No, Popeye didn't enter the Olympics this trimester. He didn't have enough toilet paper to raid Game-stop's sale on dead rats and Pokemon feces.

The president is drafting up new constitution that would allow multi-gendered kindergarten basketball coaches to sell crack to underage prostitutes while singing the Canadian national anthem backwards with his or her clothes from a Jamaican sweatshop conveniently located on the border of Berlin and Moscow. Apples and Tangerines may taste good out of the sundial but the german kite makers aren't going to be very happy when they find out there highest ranking yuppie franchise isn't going to make it past it's first fiscal quarter.

If it were up to me, I wouldn't even want to dance with those hippies. They smell of whiskey and fresh-squeezed baby oil. I can't even radio it into the authorities because they don't believe in a economic system entirely dependent on Neil Patrick Harris blow-up dolls.

Labels:

Wednesday, January 24, 2007

Escape Utility

Sometimes you'll find yourself needing an escaped string. Just so you don't have to write one yourself, here's a simple PHP page to help you escape and unescape large strings.

This can also come in handy if you need to get convert large documents into xml/html friendly versions. If you take a gander of the source of a page (from a browser) after you've converted. You will find between the <textarea> tags, html friendly text. Enjoy ;)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>NiX0n's Escape Utility</title>
<style type="text/css">
<!--
table { width: 100%; }
th, td { width: 50%; }
textarea
{
display: block;
height: 500px;
width: 100%;
overflow: scroll;
}
-->
</style>
</head>

<body>
<form action="escape.php" method="post">
<table>
<tr>
<th>Unescaped</th><th>Escaped</th>
</tr>
<tr>
<td>
<textarea name="unescaped"><?php
switch(isset($_POST['escape'])?$_POST['escape']:false)
{
case "escape":
echo htmlspecialchars($_POST['unescaped']);
break;
case "unescape":
echo htmlspecialchars(stripslashes($_POST['escaped']));
case false:
default:
break;
}
?></textarea>
<input name="escape" value="escape" type="submit" style="float:right;" />
</td>
<td>
<textarea name="escaped"><?php
switch(isset($_POST['escape'])?$_POST['escape']:false)
{
case "escape":
echo htmlspecialchars(addslashes($_POST['unescaped']));
break;
case "unescape":
echo htmlspecialchars($_POST['escaped']);
case false:
default:
break;
}
?></textarea>
<input name="escape" value="unescape" type="submit" style="float:left;" />
</td>
</tr>
</table>
</form>
</body>
</html>

Labels:

Saturday, November 11, 2006

[adult swim] Fix: Now Requires ActiveX

[adult swim],
Shame on you. I thought you were one of us, "The Fix" requires ActiveX now!

What about the Linux users? What about the Mac users? What about the reluctant Windows user who refuses to install ActiveX, the one thing about Internet Explorer that makes it a heaping pile of crap, on his or her Open-Source, Standards compliant, browser. Don't sell out to Microsoft! Just because Google is kicking their ass, doesn't mean they're not threatening.

Digg!

Labels: