I just made a demo on how to produce infinite nested iframes: http://infinite-frame.herokuapp.com/
When I tested this, Chrome 21 and IE 9 are both susceptible to fetching and rendering all nested frames which could crash the browsers, i.e. a denial of service attack. (I set a limit on the demo to 100 frames as not to harm your browser or waste resource on my server but it can go on forever.)
The app is deployed on Heroku, a lovely deployment service for development/small projects.
9/23/2012
8/02/2012
用代理服务器翻墙体验墙内网络生活
Labels:
proxy server,
tech,
watch Olympics,
看国内视频,
看奥运,
翻墙
背景
很多人都发现很多以前能在国内网站上观看的视频现在都不能看了:显示的解释为你所在地区不能观看该视频。让人很有翻回墙内享受“受限制的幸福”:这样的状况实在讽刺。最近的一个热点是2012年伦敦奥运,转播权管制比较严,在海外不付费一般只能看到照片,很没劲(我觉得视频与照片的差别很少如此明显)。反观国内则有多个网站如cntv.cn大量进行免费网络转播(当然,视频前广告不少),而且其关注的赛事也更符合国人的观看偏好(海外的转播会更关注本国运动员参与的赛事)。
原理
因为所谓的“你所在的地区”是简单地通过检查IP地址区段来实现的,所以只要使用在中国境内的代理服务器(proxy server,一个在你与访问网站之间充当信息中转的角色),就能让访问网站看到一个中国区段内的IP,通过检测。(VPN,Virtual Private Network,也能实现这样的效果但这些服务需要收费——当然了,因此它们也相对更可靠。)
方法
如何找到这些代理服务器呢?我的办法是用过Hide My Ass这个网站(呵呵呵,这个站名够逗的),它提供一个实时更新的可用公共(=免费)代理服务器的列表:http://hidemyass.com/proxy-list
找到位于中国的代理服务器后,只需要把IP和Port的信息填入浏览器的代理设置里,之后浏览器的对外通讯就会经过你填入的代理服务器。在具体的浏览器里如何设置代理可参照(推荐使用Firefox,设置不需要改动系统设定而且很细节化,网上有带图片的说明):
安全
因为设置代理后该浏览器的所有对外通讯(除了设置为例外的目标地址)都会经过代理服务器,有隐私上的隐患(比如登录人人这种只用HTTP协议的网站):代理服务器会不会偷看你发送给访问网站的信息我们无法控制。所以我的建议是:
很多人都发现很多以前能在国内网站上观看的视频现在都不能看了:显示的解释为你所在地区不能观看该视频。让人很有翻回墙内享受“受限制的幸福”:这样的状况实在讽刺。最近的一个热点是2012年伦敦奥运,转播权管制比较严,在海外不付费一般只能看到照片,很没劲(我觉得视频与照片的差别很少如此明显)。反观国内则有多个网站如cntv.cn大量进行免费网络转播(当然,视频前广告不少),而且其关注的赛事也更符合国人的观看偏好(海外的转播会更关注本国运动员参与的赛事)。
原理
因为所谓的“你所在的地区”是简单地通过检查IP地址区段来实现的,所以只要使用在中国境内的代理服务器(proxy server,一个在你与访问网站之间充当信息中转的角色),就能让访问网站看到一个中国区段内的IP,通过检测。(VPN,Virtual Private Network,也能实现这样的效果但这些服务需要收费——当然了,因此它们也相对更可靠。)
方法
如何找到这些代理服务器呢?我的办法是用过Hide My Ass这个网站(呵呵呵,这个站名够逗的),它提供一个实时更新的可用公共(=免费)代理服务器的列表:http://hidemyass.com/proxy-list
 |
| 地区为中国的代理服务器列表截图 |
Web browser instructions
- Mozilla Firefox: Tools > Options > Advanced > Settings > Manual proxy configuration.
- Google Chrome: Options > Under the hood > Network > Change proxy settings > LAN settings > Use a proxy server > Advanced > HTTP.
- Internet Explorer: Tools > Internet options > Connections > LAN settings > Use a proxy server > Advanced > HTTP.
- Opera: Tools > Preferences > Advanced > Network.
(instructions from hidemyass.com)
因为设置代理后该浏览器的所有对外通讯(除了设置为例外的目标地址)都会经过代理服务器,有隐私上的隐患(比如登录人人这种只用HTTP协议的网站):代理服务器会不会偷看你发送给访问网站的信息我们无法控制。所以我的建议是:
- 使用两个浏览器 :Firefox加上Chrome/IE/Opera/others其一,并通过Firefox来使用代理服务器,因为它不需要改动系统设置,这样只有Firefox的对外通讯通过代理服务器,另一个浏览器能如常使用(保持原IP,通讯不经过代理服务器)。
- 不要在使用代理服务器的浏览器里登录你在任何网站上的帐号,以免man-in-the-middle attack以其登录信息、隐私数据的泄漏。只用来浏览网页,看看视频就好。
结语
除了用于体验“墙”内的网络生活,其实使用这些代理服务器还能干很多别的,比如躲过某些网站对同一IP注册账户数的限制,测试某个网站在某个地区具体的浏览效果,当然了除了回中国还可以去体验其他国家的网络生活。
7/10/2012
Donation Buttons Gadget
Labels:
donation gadget,
Google checkout,
Google wallet,
PayPal,
tech
I spent some time today to put two popular payment processing services' -- Google Wallet/Checkout and PayPal -- donation buttons together: this will hopefully capture a wider stream of donation by providing more convenience to my readers.
The gadget validates the donation amount (with friendly responses to errors) before submitting them to respective services. It also tracks button clicks with Google analytics event tracking (with the two payment services differentiated by labels).
The HTML/Javascript source code is hosted at https://gist.github.com/3082002. The gadget looks like the one here in the sidebar. You can copy and paste it into your blog or website (the instruction is given in comments). Before you can accept Google checkout donation from the gadget, you also need to uncheck "My company will only post digitally signed carts." at your Google merchant account's settings>integration setup page.
If you like it, you can always buy me a coffee. Leave me a comment if you have a question or suggestion.
(Check out the error messages by typing in "abc", "0.5", and "999" in the donation gadget before you go. Let me know if you have better ideas for the messages.)
The gadget validates the donation amount (with friendly responses to errors) before submitting them to respective services. It also tracks button clicks with Google analytics event tracking (with the two payment services differentiated by labels).
The HTML/Javascript source code is hosted at https://gist.github.com/3082002. The gadget looks like the one here in the sidebar. You can copy and paste it into your blog or website (the instruction is given in comments). Before you can accept Google checkout donation from the gadget, you also need to uncheck "My company will only post digitally signed carts." at your Google merchant account's settings>integration setup page.
 |
| The donation gadget should look like this. |
(Check out the error messages by typing in "abc", "0.5", and "999" in the donation gadget before you go. Let me know if you have better ideas for the messages.)
Subscribe to:
Posts (Atom)