Monday, October 29, 2012

designMode and window events in HTML5

One thing I noticed, working on HTML5 editable documents is that designMode will turn off window events in Firefox (16 and 17). So, if there is a line
document.designMode = "On";
in your document code, the timers, before-unload, and similar events will not fire in Firefox.
One way out of that is not to use designMode and stick to contenteditable attributes only.

This is a part of the spec. See here.
Even more important issue is that, when the browsers implement the HTML5 specification completely, designMode should block the scripts. As the above specification states:
Enabling designMode causes scripts in general to be disabled and the document to become editable.
and also
Thus, for instance, enabling designMode will disable any event handler attributes, event listeners, timeouts, etc, that were set by scripts in the document. 

Saturday, October 27, 2012

Skype 4 on Fedora 18

The magic command is

sudo yum install alsa-plugins-pulseaudio.i686

This will install all the required dependencies to remove "Problem with Audio Capture". Other than that, the installation is pretty good in that it installs all the other dependency libraries. No need to install them separately any more. 

Monday, October 22, 2012

Cryptography with JavaScript

JavaScript has become a full-blown object-oriented language with decent performance both on the server- and client-side. It can run with Node.js or inside a browser sandbox. This makes it a valid candidate for multi-platform development of commont tasks. One of which is cryptography.

Crypto Libraries

  • Stanford Javascript Crypto Library (link)
  • CryptoJS (link)

Password Managers

Some popular crypto implementations include online password managers. Some of these are Clipperz, LastPass, 1Password, etc. 
All of them can work offline but under different conditions. 

Steganography in Javascript

Steganography is the art of hiding the message in a way that is not suspected. Below there are a few examples of steganography with images.

  • The article with the same name (link)
  • Information Hiding: Steganography done with JavaScript (link)

Practical Steps

I am starting a project of creating a password manager implementation purely in JavaScript. The code is available here. The purpose is to gather and expand knowledge on the topic.

Additional Links

  • Cryptography with Javascript (link)

Sunday, October 21, 2012

Importing CAcert Client Certificate into Chrome

Client Certificate import from CAcert does not work in current Chrome Dev. After generating the certificate, click "Import Certificate" will result in a message stating "Server sent an invalid certificate."
The way I made it work in Chrome is by using Firefox. The process works fine in Firefox. Firefox has its own certificate store so, after importing the certificate, go to Firefox Settings and export the certificate, including the private key. Then, in Chrome Settings, go to Manage Certificates and click Import button. Select the previously exported certificate and you're good to go.
Then go to to test logging in with the certificate.

As certificates build upon public-key infrastructure (PKI), I assume this should become the standard way for authentication. The important push ahead comes from CAcert (, the organization that offers free certificates.

Tuesday, October 16, 2012

Minimalist Web Server

As modern browsers are restricting access from HTML pages to local files, it is becoming necessary to serve them from a web server. For this purpose it is an overkill to install or even just set up a site in Apache or IIS. In the past I've used Tiny Web Server (link) but nowadays there are better options.
Currently, my preferred option is using Node.js with node-static (link).
See the code below or click here to see it on Github.Gist.

This requires node-static to be installed. The most convenient way is to add it as a dependency to the package.json, like this:
and run "npm install".
Then, simply add index.html or other static files and the server is up and running.