Comments for IONCANNON

Comment on Bluetooth 4.0 LE on Raspberry Pi with Bluez 5.x by Pawel

Pawel — Wed, 27 Mar 2013 14:59:58 +0000

Hi,
It looks that LE is exposed by DBus. I managed to connect to my Bluetooth LE 4.0 vtag using DBus (2013-02-09-wheezy and bluez 5.3)

Comment on Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs by Thiago

Thiago — Wed, 05 Sep 2012 20:17:14 +0000

It seems that its really a amazon bug ( a aws developer posted there ). Thanks !!!

Comment on Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs by carson

carson — Wed, 05 Sep 2012 00:38:34 +0000

@Thiago @Thomas it turns out that S3 is currently authenticating the OPTION call that is made in "preflight" for CORS and that fails (probably because the auth has been signed with for a PUT request not an OPTION request) see https://forums.aws.amazon.com/thread.jspa?messageID=378235 for more.

It looks like there was some debate by the browser devs on if this is actually correct or not, see https://bugzilla.mozilla.org/show_bug.cgi?id=778548 and https://bugs.webkit.org/show_bug.cgi?id=92755 There was no consensus on ignoring the non-200 response status even though the spec says not to ignore it. However it does seem like there was consensus that the server side should not attempt to authenticate an OPTION request since it is not made to be part of the auth. The main issue they hung on was legacy IIS web server not being able to authenticate only certain requests.

Hopefully because the request already returns the correct information outside of the status code it will be fixed by just returning a 200 regardless of the authentication working or not.

Comment on Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs by Thiago

Thiago — Tue, 04 Sep 2012 20:18:08 +0000

Hi. Thanks for the code. But Im trying to make a CORS PUT using your very same code and always getting a "403 forbiden" in the options request by the browser. Do you have any hints? ( my CORS rule on the bucket is exactly the same as yours )

Comment on Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs by carson

carson — Tue, 04 Sep 2012 16:56:44 +0000

Yeah IE doesn't support CORS (details), XHR2 (details) or the FileAPI (details) yet. I'll have to look into the issues with Firefox because the latest version should be working.

Comment on Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs by Thomas

Thomas — Tue, 04 Sep 2012 15:00:56 +0000

Unfortunately doesn't seem to work in Firefox & IE .. greetz

Comment on Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs by carson

carson — Sun, 02 Sep 2012 13:58:14 +0000

@ChrisHF You wouldn't want to keep your S3 secret in Javascript or anyone could grab it and have full control of your S3 account. You could certainly do it for personal use and I did think about a version that would let the user enter their own S3 information but I didn't know how useful that would be. So there shouldn't be any technical limitation but only a security limitation.

Comment on Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs by ChrisHF

ChrisHF — Sun, 02 Sep 2012 09:13:10 +0000

You say "there still needs to be some server side code that signs the URL used by the PUT call". I don't understand why that is. Is it to avoid putting your credentials in the JS? What if the page is for personal use only? What if the credentials are entered by the user? Then can you sign in the client? Or is there still some technical limitation?

Comment on Creating S3 URLs that expire using PHP by Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs

Direct Browser Uploading – Amazon S3, CORS, FileAPI, XHR2 and Signed PUTs — Sun, 02 Sep 2012 05:01:22 +0000

[...] have an old way of creating signed URLs using PHP that hasn't been updated in forever. With the more recent versions of PHP there is [...]

Comment on Heroku Tips for the Cheap by Dave Aronson

Dave Aronson — Sun, 15 Jul 2012 19:17:22 +0000

@Tim, doesn't that still require signing up for a worker dyno? Since those are priced based on wall-clock time rather than CPU time, I'd prefer to avoid buying one for as long as I can.