102KB ought to be enough for any email

by @edent | # # # # | 9 comments | Read ~4,081 times.
Raw HTML in the middle of an email.

Another day, another Gmail bug which won't get fixed. The original Android phone - HTC Dream - had 192MB of RAM. The latest Android phones tend to have 6GB. A 32 times increase in a decade. Laptops have also leapt forwards in speed and memory. Sadly, no one on the Gmail team has noticed. It's…

Continue reading →

Invisible Pink Unicorns - a Firefox emoji rendering bug

by @edent | # # # # # | 7 comments | Read ~150 times.
The upper image is partially transparent. The lower image is completely opaque.

Here's a curious bug I just discovered in Firefox 67 for Linux. Can you see this unicorn: →🦄 ← What happens if you use CSS to change the opacity of an emoji? Here's a unicorn, with a pink font colour: 🦄 Unicorn Let's wrap that in this scrap of CSS to make it 50% opaque.…

Continue reading →

Amazon Prime Video's weird Unicode problems

by @edent | # # # | 1 comment | Read ~168 times.
Description with an error in it.

It's 2019 and high-tech devices are still plagued by text encoding bugs. I recently bought the new 4K Amazon Fire Stick. It's a little Android dongle which plays videos. It's neat - but quite often displays weird text errors. Take the kids' TV show House of Anubis, the Fire displays the description like this: Looking…

Continue reading →

Virgin Media don't understand Unicode

by @edent | # # | 1 comment | Read ~496 times.
HTML code from Virgin.

More adventures with Unicode. I logged in to my Virgin Media account to see when my promotional discount would end. Here's what their billing PDF said. Let'S Ignore The Weird Capitalisation Virgin'S System Uses. What's that  doing there? Their website says: No  symbol, but also no £ sign. Ah, but let's look at…

Continue reading →

A curious way to break Twitter's search results

by @edent | # # # | Read ~173 times.
Screenshot of a tweet. The HTML is malformed.

(This isn't really a security issue, although I've disclosed it to the Twitter team.) "Fuzzing" is a computer science term which means "sending weird data into a program and seeing what happens." It's a useful way to see how your code can break in new and unexpected ways. It's particularly good at showing what a…

Continue reading →

textarea placeholder bug in Firefox

by @edent | # # # # | Read ~283 times.
Screenshot - the text is rendered on a single line

The new Firefox is out! Powered by the ludicrous-speed quantum engine - it really is a marvel to behold. Unfortunately, there's a rather annoying bug in the way it renders placeholder text. Consider the following HTML: <textarea placeholder="In loving memory of Buffy Anne Summers She saved the world A lot..."></textarea> This should render a textarea…

Continue reading →

Bug with Google Pay and Amex

by @edent | # # # # # | Read ~117 times.

It is impossible to contact large companies to report a bug in their software. So I'm reduced to writing snarky blog posts about it in the vague hope that a Social Media Manager will see the issue and raise it with the appropriate team. Welcome to 2017! Google Pay now supports American Express cards in…

Continue reading →

Google's AMP is a gilded cage

by @edent | # # # # # | 47 comments | Read ~73,671 times.

AMP is Google's attempt to re-fight the transcoding wars of the early 2000s. It is actively dangerous to the web ecosystem, helps disseminate propaganda, and is disliked by many users. If, like me, you made the mistake of trying out AMP on your website - you're in a tricky position if you try to remove…

Continue reading →

Full Disclosure - This Bluetooth tag is leaking your personal data

by @edent | # # # # # | 3 comments | Read ~552 times.

If you have a TingTag, your location is being broadcast without encryption! Earlier this year I purchased and reviewed the TinTag. I've spent the last month trying to get hold of the company to report a serious privacy problem with their Android app. I've not received an adequate response, so I'm publishing this post to…

Continue reading →

Disclosed - Lifx Security Issue

by @edent | # # # # # | Read ~1,138 times.

I love my Lifx Bulbs. They're a quick and easy way to retrofit Internet connected goodies into a smart-home. One of the best things about them is their open API. Sure, you can use IFTTT if you want something easy - but us 1337 hax0rs want an API and Lifx provides it. The API is…

Continue reading →