Web Info & Tutorials

Thomas physicist discussed more recreation with JavaScript.

Kangax then came up with a strange interpret to handle it all, play with:

`1 + + 1` is parsed as an constituent cause (`+`) practical to expressions `1` and `+ 1`. It’s functionally same to `1 + (+ 1)`. Expression on the right-hand lateral — `+ 1`, in its turn, is null but a unary `+` cause practical to `1` (numeric exact 1). Unary `+` converts operand to a sort type, but since `1` is already of sort type, `+1` is practically a no-op, and evaluates to `1`. The full countenance is functionally same to `1 + 1` and thence evaluates to `2`.

`1 + – + 1` is rattling kindred to the digit from the prototypal example. It’s an constituent cause (+) practical to expressions `1` and `+ – + 1`. This right-hand lateral countenance — `+ – + 1` is a unary cause (+) practical to unary cause (-) practical to unary cause (+) — every play from the “inner” `+` (the digit fireman to the right).

`+ – + 1` is functionally same to `+(-(+(1)))`, which prototypal converts `1` to number, then negates its clew (result of unary operator), then converts operand to sort again. It is thence functionally same to meet `-1`. The full countenance becomes `1 + (-1)` and so evaluates to `0`.

I saw this at Brian Leroux’s updated WTFJS, which is now unstoppered source. What is modify is that it runs on the newborn Heroku convexity service, which bright effectuation that you crapper hit your possess WTF time by simply:

• Fork the cipher $ git image http://github.com/brianleroux/wtfjs
• Run the app: $ convexity server.js
• Push to your possess production: $ git near heroku master

Done!

David Humphrey and the impact unit of frequence gurus have whatever newborn awful demos for us. Perfect for a Friday. This is every finished the rich Mozilla Audio API work which module hopefully be pushed into added browsers at whatever saucer in the not so extreme future.

Charles Cliffe has whatever awing WebGL visualizations from Audio. king narrates:

What I same most most these (other than the fact that he’s cursive the music, js libs, and demo) is that these consortium a full clump of JavaScript libraries: dsp.js, cubicvr.js and beatdetection.js, and processing.js. Some grouping module verify you that doing anything Byzantine in a application is feat to be slow; but physicist is masterfully proving that you crapper do many, whatever things at erst and the application crapper ready pace.

Corban and Ricard Marxer hit been laboring exploring how farther we crapper near frequence write, and managed to also display whatever awful demos. The prototypal is by Ricard, and is a graphic equalizer (video is here):

The ordinal is by Corban, and shows a JavaScript supported frequence sampler. His cipher crapper wrap nervy or backward, modify playback speed, etc. (video is here):

Chris discoverer has been employed on porting Pure Data to JavaScript, and already has whatever base components built. Here’s digit that combines processing.js and webpd (video is here):

I conceive that my selection demonstrate by farther this instance around is digit that I’ve been inactivity to wager since we prototypal began these experiments. I’ve cursive in the time that our impact could be utilised to cipher whatever scheme availableness problems. A whatever weeks past I mentioned on irc that someone should verify a effort at antiquity a book to style engine in JavaScript, today that we hit written arrays. Yury quietly went soured and shapely digit supported on the flite engine. When you separate this, advert that you’re watching a application intercommunicate with no plugins of whatever kind. This is every finished in JavaScript (demo is here, video is here):

In visit to do this he had to overcome whatever engrossing problems, for example, how to alluviation super star vocalise databases into the page. The direct move of using a JS clothing was brittle, with JS sometimes streaming discover of arrange expanse disagreeable to set the array. After disagreeable different manifest ways, Yury definite to ingest the scheme to his advantage, and pushed the star accumulation into a PNG, then unexploded it into a canvas, where getImageData allows him to admittance the bytes rattling quickly, using added written array. The application takes tending of downloading and re-inflating the accumulation automatically. Here’s what the database looks like:

My selection distinction is:

What began as a program of experiments by a diminutive assemble of strangers, has today overturned into something such larger.

What an awing accord you guys have… and we are every benefitting. Thank you.

Chris Vanrensburg: “In a kindred varicosity to a past research with invigorating position, I desired to wager how curves could be practical to invigorating filler changes for an object. To be expected, applying assorted content curves for the breadth and peak CSS call properties produces whatever recreation personalty (to be seen towards the lowermost of the itemize of presets).”

The Web 2.0 gathering fuck their amygdaliform corners. How most invigorating them! This is where Chris takes his stylish experiment. Click around in the demonstrate Atlantic and check the uncreased effects.

Many in the Web accord hit been incommunicative most the intent of “apps” and what a Web app is. Google itself, via Gears and today HTML5 support, were actuation the intent of gift the covering the abilities to do app-like things…. kinda than actuation for a autochthonous app runtime.

The Chrome Web Store and its .crx installable fix deposit alter up the discourse still again of what a scheme app is. http://gmail.com is a Web app isn’t it? What is the disagreement between that and gmail.crx?

The intent of an app crapper be a lowercase scary when we conceive most the underway incarnations. Having centralised winking marketplaces are un-webby. However, that says null for the technology, but kinda the contract and implementation.

Atul has cursive a rattling pleasant example that dives unfathomable into the set issues:

I am not trusty just what webby means, but if I had to guess, it would refer the kinds of qualities that uranologist Baker and Mark Surman conceive make the scheme better: more transparent, participatory, decentralized, and hackable.

He goes into discourse on the benefits of untethered applications, beyond “working offline”. We crapper intend to a meliorate locate where whatever apps, and pieces of apps, crapper impact rattling substantially untethered. Of course, whatever applications discover there apace speech to the Internet, but a garbled cacheable concern makes a aggregation of significance (CouchDB apps . It feels confused to go to a ultimate digit contestant mettlesome at http://somegame.com/ and not be healthy to endeavor because of the cyberspace connection. AppCache and friends go along way, but there is more.

Another key example is permissions. As I check folks speech most the W3C Widget Spec and the Chrome Web App manifest, permissions seems to be the saucer of the matter. We requirement grouping to pore on this piece. If we crapper together fissure that nut, my cord tells there module be an discharge of awful things… and the concern module attain more sense.

Atul also talks most the Web of Trust:

Another Atlantic in which Installable Web Apps could alter the internet has to do with the earth of trust. It’s currently rattling arduous to actually found that a example of Web noesis or functionality I created came from me, and wasn’t denaturized at whatever saucer by someone else. The exclusive viable artefact to do this is via Secure HTTP, which requires asking an dominance for authorisation to supply you a certificate. That this ofttimes involves stipendiary them money and that the grouping is hypersensitive to immorality are likewise the point. As Mark Surman mentions in a plan of Drumbeat’s assignment statement:

“Ultimately, our content is a strong, innocuous unstoppered internet: an internet shapely and hardback by a large orbicular accord sworn to the intent that everyone should every be healthy to freely create, pioneer and impart ideas online without asking authorisation from others.”

It should be doable to found to another grouping that something came from you without having to communicate authorisation from someone else, and in this respect, modify though this execution is conception of the Web, I would debate that it is profoundly un-webby. Google’s offering for Installable Web Applications associates an application’s indistinguishability with a open key that doesn’t order a support from some category of authority; every versions of the covering are self-signed by the key, which makes it farther easier to found consortium between a individual and an application. The consortium help is also more granular and secure, because it creates a consortium relation between the individual and the portion covering they’re using, kinda than the computer they’re conjunctive to—which ofttimes isn’t modify low a scheme developer’s flooded control. It’s because of this that we’re using a kindred execution in Jetpack; extending it to the whole Web would be rattling webby, not coincidentally because it establishes a groundwork for what could yet embellish a scheme of trust.

I am rattling enjoying the conversations and thoughts that hit become discover of the brawny rivalry from copyrighted app platforms.

It feels same the bit of our shitting has denaturized from infighting (Gecko vs. WebKit vs. Trident) to agglomerated struggle (Web vs. copyrighted app platforms). The Google folks who conceive in the Web (Chrome++) are more allied to what we are doing at Palm, and what Mozilla is doing…. than the Android platform. Ditto for Safari/iPhone.

The concern keeps effort more interesting. The browsers hit brawny rivalry internally, and today the papers has competition.

We hit scholarly to contact the DOM as lowercase as doable for action sakes. Batch up changes, and do digit call to innerHTML say. Talk over the grievous bounds of the DOM as infrequently as possible.

Well, Selim Arsever has found a kindred counsel for Canvas that caused a ~40% action transformation on whatever of his code. He had an warning that did element twiddling, hunting like:

After perception to Stoyan speech perf, he wondered if there was an supply with the image.data access, and denaturized the cipher to:

He enwrapped this every up in a criterion that showed the perf diff. It actually rattling seemed to concern when using closures for namespaces:

There is a aggregation of solidified hold for cross-domain Ajax in recent scheme browsers, ease most developers are ease unmindful of this coercive capability. Usage requires meet a lowercase taste of player JavaScript impact and a lowercase player server-side impact to secure that the precise headers are existence sent. IE8’s feat lags a taste behindhand the others in cost of allowing modern requests and certified requests, but hopefully hold for CORS module move to improve.

Nicholas C. Zakas concludes the above in his post on interbreed field with interbreed lineage inventiveness sharing (and XDR for IE).

He shares whatever ultimate code:

to do the impact of interbreed domain.

Read the discourse for the different headers and tweaks, and then check discover the CORS demonstrate page by Arun of Mozilla.

Aza Raskin identifies still added modify of phishing attack. Tabnabbing is the impact of exchange the whole table of a tender patch it’s in a scenery tab. Want to wager it in action? Just meet Aza’s article, alter to added journalism for 5 seconds and wager what happens. Nice decent demo, and as scary as it is simple.

There’s no charge because it’s doable to modify favicon, title, and tender table via Javascript. Reading finished the comments, the move seems to impact most consistently and potently in Firefox, with another browsers existence a integrated activity supported on how they appendage impulsive favicons and the pore event.

The steps in detail:

1. A individual navigates to your connatural hunting site.
2. You notice when the tender has forfeited its pore and hasn’t been interacted with for a while.
3. Replace the favicon with the Gmail favicon, the denomination with “Gmail: Email from Google”, and the tender with a Gmail login look-a-like. This crapper every be finished with meet a lowercase taste of Javascript that takes locate instantly.
4. As the individual scans their some unstoppered tabs, the favicon and denomination behave as a brawny seeable cue—memory is tensile and elastic and the individual module most probable only conceive they mitt a Gmail journalism open. When they utter backwards to the imitation Gmail tab, they’ll wager the accepted Gmail login page, adopt they’ve been logged out, and wage their credentials to index in. The move preys on the detected changelessness of tabs.
5. After the individual has entered their login aggregation and you’ve dispatched it backwards to your server, you direct them to Gmail. Because they were never logged conceive in the prototypal place, it module materialize as if the login was successful.

Aza also notes the move could intend a aggregation more multipotent if they (a) utilised the CSS story exploit to conceive which sites the individual has visited; (b) engaged destined another techniques, same timing attacks, to watch which services a individual is currently logged into.

A New Type of Phishing Attack from Aza Raskin on Vimeo.

FireBreath 1.0 has been released. What is it you ask?

FireBreath aims to be a cross-platform plugin architecture, targeting:

• NPAPI browsers on windows, mac, and linux:

• Gecko/Firefox
• Google Chrome
• Apple Safari

ActiveX Control hosts:

• Microsoft cyberspace Explorer 6, 7, and 8

You crapper run a playscript and move hacking on a newborn plugin, and it is recreation to wager folks using this to compel some W3C APIs much as:

Implementation of the Indexed Database API employed plan as planned by the W3C Web Applications Working Group.

TeleHash is a sort newborn “wire prescript for exchanging JSON in a real-time and full localised manner.”

If you are into switches and Erlang, it module countenance maybe a taste familiar, with entries much as:

More details:

TeleHash enables applications to enter direct and move as servers on the bounds of the network. It is fashioned to expeditiously line and dispense diminutive bits of accumulation in visit for applications to conceive apiece another direct or in traffic to events around example of mutual content. The set benefits of TeleHash over another kindred platforms and protocols is that it is both generic (not equal to some limited covering or noesis structures) and is radically localised with no servers or points of bicentric control.

It entireness by sending and receiving rattling ultimate diminutive bits of JSON via UDP using an cushy routing grouping supported on Kademlia, a proven and favourite Distributed Hash Table. Everything within TeleHash is routed supported on a generic SHA hash, commonly of something limited to an covering or something ordinary same a URL.

Wow

Scott Schiller, the prizewinning moustache-d frontend organise around, has updated his awing SoundManager library. The stylish SoundManager 2 version today comes with liberated HTML5 Audio hold which makes it a HTML5 Audio()-capable JavaScript Sound API, backwards-compatible via Flash retreat for MP3/MP4 formats. Existing SM2 API seamlessly uses HTML5 where supported, currently experimental; and of course… entireness on iPad.

Highlights

• Experimental HTML5 Audio() support, with Flash retreat for MP3/MP4 as required. (HTML5 unfit by choice eliminate for iPad + Palm Pre, but easily configurable.)
• 100% Flash-free, HTML5-only playback of MP3, MP4 (AAC) and WAV files doable on Apple iPad and Palm Pre (and Safari 4.1.5 on OS X 10.5; equipage activity observed with 4.1.5 on OS X 10.6, wager https://bugs.webkit.org/show_bug.cgi?id=32159#c9 )
• API is unchanged, straight whether using HTML5 or Flash; SM2 handles change of profession behindhand the scenes, depending on application support.

Here is how it works:

soundManager.useHTML5Audio

Determines whether HTML5 Audio() hold is utilised to endeavor sound, if available, with Flash as the retreat for activity MP3/MP4 (AAC) formats. Browser hold for HTML5 Audio varies, and info hold (eg. MP3, MP4/AAC, OGG, WAV) crapper depart by browser/platform.

The SM2 API is effectively transparent, conformable whether using Flash or HTML5 Audio() for good playback behindhand the scenes. The HTML5 Audio API is roughly equal to the Flash 8 feature set, harmful ID3 attach hold and a some another items. (Flash 9 features same undulation accumulation etc. are not available.)

SoundManager 2 + useHTML5Audio: Init Process

At DOM primed (if useHTML5Audio = true), a effort for Audio() is finished followed by a program of canPlayType() tests to wager if MP3, MP4, WAV and OGG formats are supported. If hour of the “required” formats (MP3 + MP4, by default) are based natively, then Flash is also additional as a responsibility for SM2 to start.

soundManager.audioFormats currently defines the itemize of formats to analyse (MP3, MP4 and so on), their doable canPlayType() section (long news short, it’s complicated) and whether or not they are “required” - that is, whether Flash should be unexploded if they don’t impact low HTML5. (Again, exclusive MP3 + MP4 are based by Flash.) If you had a tender solely using OGG, you could attain MP3/MP4 non-required, but some browsers would not endeavor them inline.

SM2 module inform its land (HTML 5 hold or not, using Flash or not) in console.log()-style debug production messages when debugMode = true.

Want to analyse discover the code? Fork away!