DOCSLIB.ORG

Ldap Injection

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ldap Injection HITB Magazine Keeping Knowledge Free Volume 1, Issue 1, January 2010 www.hackinthebox.org Cover Story LDAP Injection 09 Attack and Defence Techniques HITB Magazine Volume 1, Issue 1, January 2010 Editorial Editor Zarul Shahrin Dear Reader, Editorial Advisor Welcome to 2010 and to our newly ‘reborn’ HITB ezine! As Dhillon Andrew Kannabhiran some of you may know, we’ve previously had an ezine that used to be published monthly, however the birth of the HIT- Design BSecConf conference series has kept us too busy to continue working on it. Until now that is... Cognitive Designs As with our conference series, the main purpose of this new [email protected] format ezine is to provide security researchers a technical Contributing Authors outlet for them to share their knowledge with the security community. We want these researchers to gain further recog- Gynvael Coldwind nition for their hard work and we have no doubt the security Christian Wojner community will find the material beneficial to them. Esteban Guillardoy We have decided to make the ezine available for free in the Facundo de Guzman continued spirit of HITB in “Keeping Knowledge Free”. In addi- Hernan Abbamonte tion to the freely available PDF downloads, combined editions Fedor V. Yarochkin of the magazine will be printed in limited quantities for distri- bution at the various HITBSecConf’s around the world - Dubai, Ofir Arkin Amsterdam and Malaysia. We aim to only print somewhere Meder Kydyraliev between 100 or 200 copies (maybe less) per conference so be Shih-Yao Dai sure to grab a copy when they come out! Yennun Huang As always we are constantly looking for new material as well Sy-Yen Kuo as suggestions and ideas on how to improve the ezine, so if Wayne Huang you would like to contribute or if you have a suggestion to send over, we’re all ears :) Aditya K Sood Happy New Year once again and we hope you enjoy the zine! Marc Schönefeld Hack in The Box – Keeping Knowledge Free Zarul Shahrin http://www.hackinthebox.org Editor-in-Chief, http://forum.hackinthebox.org [email protected] http://conference.hackinthebox.org Cover Story Xprobe2-NG LDAP Injection Low Volume Remote Network Information 09 Attack and Defence Techniques 18 Gathering Tool Exception Detection Malware Obfuscation 03 on Windows 25 Tricks and Traps Reconstructing Dalvik Contents 07 The Art of DLL Injection 39 Applications Using UNDX 02 JANUARY 2010 Keeping Knowledge Free HITB Magazine www.hackinthebox.org Exception Detection on Windows By Gynvael Coldwind, HISPASEC ulnerability researchers use various techniques in case the application does not handle the exception for finding vulnerabilities, including source code after having a chance to do so). Vanalysis, machine code reverse engineering and A big advantage of this method, is that it uses the analysis, input data protocol or format analysis, input official API, which makes it compatible with most, if data fuzzing, etc. In case the researcher passes input not all, Windows versions. Additionally, the API is well data to the analyzed product, he needs to observe documented and rather trivial to use - a simple excep- the execution flow in search of potential anomalies. In tion monitor requires only a small debugger loop with some cases, such anomalies can lead to a fault, conse- only a few debug events handled. quently throwing an exception. This makes exceptions However, some closed-source, mostly proprietary, the most observable symptoms of unexpected, caused software contains anti reverse-engineering tricks2, by malformed input, program behavior, especially if which quite often include denial of execution tech- the exception is not handled by the application, and a niques, in case an attached debugger is detected, JIT-debugger or Dr. Watson1 is launched. which makes this approach loose it’s simplicity, Acknowledging this behavior, the researcher might hence anti-debugger-detection methods must be want to monitor exceptions in a given application. implemented. This is easy if the exceptions are not handled, but it Additionally, a debugger is attached to either a run- gets more complicated if the application handles the ning process, or a process that it spawns. To achieve exception quietly, especially if anti-debugging meth- ease of usage, the monitor should probably monitor ods are involved. any spawned process of a given class (that is, from This article covers several possible ways of detect- a given executable file), which requires additional ing exceptions, and briefly describes an open source methods to be implemented to monitor the process kernel-level exception detection tool called ExcpHook. creation3, which decreases the simplicity by yet an- other degree. Exception detection methods Several exception detection methods are available on Remote exception handler Windows, including the usage of user-mode debug- A more invasive method – however, still using only ger API, as well as some more invasive methods like documented API - is to create an exception handler in registering an exception handler in the context of the the context of the monitored process. The easiest way monitored process, hooking the user-mode exception to achieve this, is loading a DLL into the context of the dispatcher, or using kernel-mode methods, such as monitored process (a common method of doing this interrupt service routine hooks or kernel-mode excep- includes calling OpenProcess and CreateRemoteTh- tion dispatcher hooks. Each method has its pros and read with LoadLibrary as the thread procedure, and cons, and each method is implemented in a different the DLL name, placed in the remote process memory, way. The rest of this article is focused on describing as the thread procedure parameter), and setting up the selected methods. different kind of exception handlers. On Microsoft Windows, there are two different Debugger API exception handling mechanisms: Structured Excep- The most straightforward method of exception de- tion Handling4,5 with the Unhandled Exception Filter6, tection relies on the Windows debugger API and it’s and Vectored Exception Handling7 (introduced in architecture, which ensures that a debugger attached Windows XP). to a process will receive information about every Structured Exception Handling, commonly abbrevi- exception thrown in its context (once or even twice, ated to SEH, is used mostly as a stack-frame member JANUARY 2010 03 HITB Magazine Keeping Knowledge Free www.hackinthebox.org (which makes it a great way to exploit buffer over- routine with an arbitrary jump, and eventually, return- flows by the way8) and if used, is commonly changed ing to the original KiUserExceptionDispatcher (leaving (since every function sets its own exception handler). the environment in an unchanged form, of course). At the architectural level, SEH is an one-way list of This method is quite easy to implement, and quite exception handlers. If non of the exception handlers powerful at the same time. However, it is still easy from the list manages to handle the exception, then to detect, hence inline-hooking leaves a very visible an unhandled exception filter routine (which may be mark. Also, as stated before, creating a remote thread set using the SetUnhandledExceptionFilter function) and loading a DLL is a noisy task, which could alert is called. To allow stack-frame integration, the SEH was anti-debugging mechanisms. designed to be per-thread. Additionally, just like both previous methods, this The other mechanism is Vectored Exception Han- still has to be done per-process, which is not really dling, which is a global (affects all threads present comfortable if one wants to monitor a whole class of in the process) array of exception handlers, always processes. But, if compared to the previous method, called prior to the SEH handlers. When adding a VEH it’s a step forward. handler, the caller can decide whether to add it at the beginning or the end of the vector. Interrupt handler hooking There are two downfalls of this method. First of all, Another approach to exception monitoring is to creating a new thread and loading a new module monitor CPU interrupts in kernel mode. in the context of another application is a very noisy As one may know, after an exception condition event, which is easily detected by the anti-debugging is met, an interrupt is generated, which causes a methods, if such are implied. As for the second thing, handler registered in the Interrupt Descriptor Table keeping the exception handlers both registered and to be called. The handler can be either an interrupt placed first in a row might be a very hard task to gate, trap gate or task gate11, but in case of Windows achieve, especially since SEH handlers are registered exceptions it’s typically an interrupt gate which points per-thread and tend to change quite often, and if a to a specific Interrupt Service Routine, that routes the VEH handler is registered, it could jump in front of the execution to the exception dispatcher. handler registered by the monitor. Additionally, this An exception monitor could hook the exceptions’ may change the flow of the process execution, mak- ISR by overwriting entries in the IDT12. This approach ing the measurements inaccurate. allows the monitor to remain undetected by standard To summarize, this method is neither easy to code, methods used for debugger detection in user land, nor quiet. and at the same time is system-wide, making it pos- sible to monitor all processes of a given class (includ- KiUserExceptionDispatcher ing kernel-mode exceptions, if desired). Additionally, The previous method sounded quite promising, the author can decide which exceptions are worth but the high-level exception API was not good for monitoring, and which not. monitoring purposes. Let’s take a look at a lower, but However, at ISR level, the function does not have still user mode, level of the exception mechanisms on any easily accessible information about the processes Microsoft Windows.
Load more

Recommended publications
  • Apple Software Design Guidelines
    Apple Software Design Guidelines May 27, 2004 Java and all Java-based trademarks are Apple Computer, Inc. trademarks or registered trademarks of Sun © 2004 Apple Computer, Inc. Microsystems, Inc. in the U.S. and other All rights reserved. countries. OpenGL is a trademark of Silicon Graphics, No part of this publication may be Inc. reproduced, stored in a retrieval system, or transmitted, in any form or by any means, PowerPC and and the PowerPC logo are mechanical, electronic, photocopying, trademarks of International Business recording, or otherwise, without prior Machines Corporation, used under license written permission of Apple Computer, Inc., therefrom. with the following exceptions: Any person Simultaneously published in the United is hereby authorized to store documentation States and Canada. on a single computer for personal use only Even though Apple has reviewed this manual, and to print copies of documentation for APPLE MAKES NO WARRANTY OR personal use provided that the REPRESENTATION, EITHER EXPRESS OR IMPLIED, WITH RESPECT TO THIS MANUAL, documentation contains Apple's copyright ITS QUALITY, ACCURACY, notice. MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE. AS A RESULT, THIS The Apple logo is a trademark of Apple MANUAL IS SOLD ªAS IS,º AND YOU, THE PURCHASER, ARE ASSUMING THE ENTIRE Computer, Inc. RISK AS TO ITS QUALITY AND ACCURACY. Use of the ªkeyboardº Apple logo IN NO EVENT WILL APPLE BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, (Option-Shift-K) for commercial purposes OR CONSEQUENTIAL DAMAGES without the prior written consent of Apple RESULTING FROM ANY DEFECT OR may constitute trademark infringement and INACCURACY IN THIS MANUAL, even if advised of the possibility of such damages.
    [Show full text]
  • Comprehensive Support for Developing Graphical Highly
    AN ABSTRACT OF THE THESIS OF J-Iuan -Chao Keh for the degree of Doctor of Philosophy in Computer Science presented on July 29. 1991 Title:Comprehensive Support for Developing Graphical. Highly Interactive User Interface Systems A Redacted for Privacy Abstract approved: ed G. Lewis The general problem of application development of interactive GUI applications has been addressed by toolkits, libraries, user interface management systems, and more recently domain-specific application frameworks. However, the most sophisticated solution offered by frameworks still lacks a number of features which are addressed by this research: 1) limited functionality -- the framework does little to help the developer implement the application's functionality. 2) weak model of the application -- the framework does not incorporate a strong model of the overall architecture of the application program. 3) representation of control sequences is difficult to understand, edit, and reuse -- higher-level, direct-manipulation tools are needed. We address these problems with a new framework design calledOregon Speedcode Universe version 3.0 (OSU v3.0) which is shown, by demonstration,to overcome the limitations above: 1) functionality is provided by a rich set of built-in functions organizedas a class hierarchy, 2) a strong model is provided by OSU v3.0 in the form ofa modified MVC paradigm, and a Petri net based sequencing language which together form the architectural structure of all applications produced by OSU v3.0. 3) representation of control sequences is easily constructed within OSU v3.0 using a Petri net editor, and other direct manipulation tools builton top of the framework. In ddition: 1) applications developed in OSU v3.0 are partially portable because the framework can be moved to another platform, and applicationsare dependent on the class hierarchy of OSU v3.0 rather than the operating system of a particular platform, 2) the functionality of OSU v3.0 is extendable through addition of classes, subclassing, and overriding of existing methods.
    [Show full text]
  • 51. Graphical User Interface Programming
    Brad A. Myers Graphical User Interface Programming - 1 51. Graphical User Interface Programming Brad A. Myers* Human Computer Interaction Institute Carnegie Mellon University 5000 Forbes Avenue Pittsburgh, PA 15213 [email protected] http://www.cs.cmu.edu/~bam (412) 268-5150 FAX: (412) 268-1266 *This paper is revised from an earlier version that appeared as: Brad A. Myers. “User Interface Software Tools,” ACM Transactions on Computer-Human Interaction. vol. 2, no. 1, March, 1995. pp. 64-103. Draft of: January 27, 2003 To appear in: CRC HANDBOOK OF COMPUTER SCIENCE AND ENGINEERING – 2nd Edition, 2003. Allen B. Tucker, Editor-in-chief Brad A. Myers Graphical User Interface Programming - 2 51.1. Introduction Almost as long as there have been user interfaces, there have been special software systems and tools to help design and implement the user interface software. Many of these tools have demonstrated significant productivity gains for programmers, and have become important commercial products. Others have proven less successful at supporting the kinds of user interfaces people want to build. Virtually all applications today are built using some form of user interface tool [Myers 2000]. User interface (UI) software is often large, complex and difficult to implement, debug, and modify. As interfaces become easier to use, they become harder to create [Myers 1994]. Today, direct manipulation interfaces (also called “GUIs” for Graphical User Interfaces) are almost universal. These interfaces require that the programmer deal with elaborate graphics, multiple ways for giving the same command, multiple asynchronous input devices (usually a keyboard and a pointing device such as a mouse), a “mode free” interface where the user can give any command at virtually any time, and rapid “semantic feedback” where determining the appropriate response to user actions requires specialized information about the objects in the program.
    [Show full text]
  • Comparative Studies of 10 Programming Languages Within 10 Diverse Criteria Revision 1.0
    Comparative Studies of 10 Programming Languages within 10 Diverse Criteria Revision 1.0 Rana Naim∗ Mohammad Fahim Nizam† Concordia University Montreal, Concordia University Montreal, Quebec, Canada Quebec, Canada [email protected] [email protected] Sheetal Hanamasagar‡ Jalal Noureddine§ Concordia University Montreal, Concordia University Montreal, Quebec, Canada Quebec, Canada [email protected] [email protected] Marinela Miladinova¶ Concordia University Montreal, Quebec, Canada [email protected] Abstract This is a survey on the programming languages: C++, JavaScript, AspectJ, C#, Haskell, Java, PHP, Scala, Scheme, and BPEL. Our survey work involves a comparative study of these ten programming languages with respect to the following criteria: secure programming practices, web application development, web service composition, OOP-based abstractions, reflection, aspect orientation, functional programming, declarative programming, batch scripting, and UI prototyping. We study these languages in the context of the above mentioned criteria and the level of support they provide for each one of them. Keywords: programming languages, programming paradigms, language features, language design and implementation 1 Introduction Choosing the best language that would satisfy all requirements for the given problem domain can be a difficult task. Some languages are better suited for specific applications than others. In order to select the proper one for the specific problem domain, one has to know what features it provides to support the requirements. Different languages support different paradigms, provide different abstractions, and have different levels of expressive power. Some are better suited to express algorithms and others are targeting the non-technical users. The question is then what is the best tool for a particular problem.
    [Show full text]
  • A/UX® Toolbox: Macintosh® ROM Interface
    A/UX®Toolbox: Macintosh®ROM Interface .® A/UX® Toolbox: Macintosh® ROM Interface 030-0787-A • APPLE COMPUTER, INC. © 1990, Apple Computer, Inc. POSTSCRIPT is a registered trademark, All rights reserved. and Illustrator is a trademark of Adobe No part of this publication may be Systems, Incorporated. reproduced, stored in a retrieval UNIX is a registered trademark of system, or transmitted, in any form or AT&T. by any means, mechanical, electronic, Simultaneously published in the photocopying, recording, or United States and Canada. otherwise, without prior written permission of Apple Computer, Inc. Printed in the United States of America. The Apple logo is a registered trademark of Apple Computer, Inc. Use of the "keyboard" logo (Option­ Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple Computer, Inc. 20525 Mariani Ave. Cupertino, California 95014 (408) 996-1010 Apple, the Apple logo, AppleLink, AppleShare, AppleTalk, A!UX, LaserWriter, LocalTalk, Macintosh, MacTCP, MPW, MultiFinder and SANE are registered trademarks of Apple Computer, Inc. APDA, Finder, MacX, QuickDraw, ResEdit and SuperDrive are trademarks of Apple Computer, Inc. Ethernet is a registered trademark of Xerox Corporation. ITC Garamond and ITC Zapf Dingbats are registered trademarks of International Typeface Corporation. Microsoft is a registered trademark of ¥icrosoft Corporation. NuBus is a trademark of Texas Instruments. 030-0787-A LIMITED WARRAN1Y ON MEDIA Even though Apple has reviewed this AND REPLACEMENT manual, APPLE MAKES NO WARRANTY OR REPRESENTATION, If you discover physical defects in the EITHER EXPRESS OR IMPLIED, manual or in the media on which a WITH RESPECT TO THIS MANUAL, software product is distributed, Apple ITS QUALITY, ACCURACY, will replace the media or manual at MERCHANTABIllTY, OR FITNESS no charge to you provided you return FOR A PARTICULAR PURPOSE.
    [Show full text]
  • User Interface Software Tools
    User Interface Software Tools Brad A. Myers August 1994 CMU-CS-94-182 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Also appears as Human-Computer Interaction Institute Technical Report CMU-HCII-94-107 This report supersedes CMU-CS-92-114 from February, 1992, published as: Brad A. Myers. ‘‘State of the Art in User Interface Software Tools,’’ Advances in Human- Computer Interaction, Volume 4. Edited by H. Rex Hartson and Deborah Hix. Norwood, NJ: Ablex Publishing, 1993. pp. 110-150. Abstract Almost as long as there have been user interfaces, there have been special software systems and tools to help design and implement the user interface software. Many of these tools have demonstrated significant productivity gains for programmers, and have become important commercial products. Others have proven less successful at supporting the kinds of user interfaces people want to build. This article discusses the different kinds of user interface software tools, and investigates why some approaches have worked and others have not. Many examples of commercial and research systems are included. Finally, current research directions and open issues in the field are discussed. This research was sponsored by NCCOSC under Contract No. N66001-94-C-6037, ARPA Order No. B326. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of NCCOSC or the U.S. Government. CR CATEGORIES AND SUBJECT DESCRIPTORS: D.2.2 [Software Engineering]: Tools and Techniques-User Interfaces; H.1.2 [Models and Principles]: User/Machine Systems-Human Factors; H.5.2 [Information Interfaces and Presentation]: User Interfaces-User Interface Management Systems; I.2.2 [Artificial Intelligence]: Automatic Programming-Program Synthesis; ADDITIONAL KEYWORDS AND PHRASES: User Interface Software, Toolkits, Interface Builders, User Interface Development Environments.
    [Show full text]
  • Appendix a Setting up a Local Web Server
    Appendix A Setting Up a Local Web Server It’ll be much easier for you to run the examples in this book if you run them on a local web server. One reason for this is because of a security sandboxing feature that Internet Explorer has for running HTML files that contain JavaScript in them; the other is to replicate the manner in which you will be using Dojo for a real website or web application. Although the Mac OS X operating system includes a built-in web server as do some versions of Windows, I will be going through, step-by-step, how to install a local web server that will serve HTML, JavaScript, and PHP files. You won’t be using the included web servers built into your operating system because of the complex configurations. Instead, you will be using a turnkey solution, one for the Mac called MAMP (which stands for Macintosh, Apache, MySQL, and PHP) or one for Windows known as XAMPP (the X is for the four operating systems it supports; the other letters stand for Apache, MySQL, PHP, and Perl). These two products are great because they give you an extremely easy and straightforward method for quickly setting up a local web server that not only supports serving static files such as HTML and JavaScript files but also supports PHP and database connectivity. The best thing about both of these tools is that they are completely free to download and use. If you are on Windows, you’ll want to skip the next section and jump to “XAMPP on Windows.” MAMP on Mac OS X The latest version of MAMP supports Snow Leopard (OS X 10.6) and older.
    [Show full text]
  • Are Central to Operating Systems As They Provide an Efficient Way for the Operating System to Interact and React to Its Environment
    1 www.onlineeducation.bharatsevaksamaj.net www.bssskillmission.in OPERATING SYSTEMS DESIGN Topic Objective: At the end of this topic student will be able to understand: Understand the operating system Understand the Program execution Understand the Interrupts Understand the Supervisor mode Understand the Memory management Understand the Virtual memory Understand the Multitasking Definition/Overview: An operating system: An operating system (commonly abbreviated to either OS or O/S) is an interface between hardware and applications; it is responsible for the management and coordination of activities and the sharing of the limited resources of the computer. The operating system acts as a host for applications that are run on the machine. Program execution: The operating system acts as an interface between an application and the hardware. Interrupts: InterruptsWWW.BSSVE.IN are central to operating systems as they provide an efficient way for the operating system to interact and react to its environment. Supervisor mode: Modern CPUs support something called dual mode operation. CPUs with this capability use two modes: protected mode and supervisor mode, which allow certain CPU functions to be controlled and affected only by the operating system kernel. Here, protected mode does not refer specifically to the 80286 (Intel's x86 16-bit microprocessor) CPU feature, although its protected mode is very similar to it. Memory management: Among other things, a multiprogramming operating system kernel must be responsible for managing all system memory which is currently in use by programs. www.bsscommunitycollege.in www.bssnewgeneration.in www.bsslifeskillscollege.in 2 www.onlineeducation.bharatsevaksamaj.net www.bssskillmission.in Key Points: 1.
    [Show full text]
  • Learning Jquery 1.3.Pdf
    Learning jQuery 1.3 Better Interaction Design and Web Development with Simple JavaScript Techniques Jonathan Chaffer Karl Swedberg BIRMINGHAM - MUMBAI Learning jQuery 1.3 Copyright © 2009 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: February 2009 Production Reference: 1040209 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847196-70-5 www.packtpub.com Cover Image by Karl Swedberg ([email protected]) Credits Authors Production Editorial Manager Jonathan Chaffer Abhijeet Deobhakta Karl Swedberg Project Team Leader Reviewers Lata Basantani Akash Mehta Dave Methvin Project Coordinator Mike Alsup Leena Purkait The Gigapedia Team Senior Acquisition Editor Indexer Douglas Paterson Rekha Nair Development Editor Proofreader Usha Iyer Jeff Orloff Technical Editor Production Coordinator John Antony Aparna Bhagat Editorial Team Leader Cover Work Akshara Aware Aparna Bhagata Foreword I feel honored knowing that Karl Swedberg and Jonathan Chaffer undertook the task of writing Learning jQuery.
    [Show full text]
  • Why Are Human-Computer Interfaces Difficult to Design and Implement?
    Why are Human-Computer Interfaces Difficult to Design and Implement? Brad A. Myers July 1993 CMU-CS-93-183 Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213 Abstract Everyone knows that designing and implementing human-computer interfaces is difficult and time-consuming. However, there is little discussion of why this is true. Should we expect that a new method is around the corner that will make the design easier? Will the next generation of user interface toolkits make the implementation trivial? No. This article discusses reasons why user interface design and implementation are inherently difficult tasks and will remain so for the foreseeable future. Copyright © 1993 - Carnegie Mellon University This research was sponsored by the Avionics Lab, Wright Research and Development Center, Aeronautical Systems Division (AFSC), U. S. Air Force, Wright-Patterson AFB, OH 45433-6543 under Contract F33615-90-C-1465, Arpa Order No. 7597. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Government. Keywords: User Interface Software, User Interfaces, Human-Computer Interaction, Software Engineering, User Interface Design, User Interface Implementation. Why are User Interfaces Difficult to Design and Implement? - 1 1. Introduction Most articles about design of human-computer interfaces (HCI) start off with a comment like "Because user interfaces are hard to design...." and then propose a method or tool to help. Similarly, articles about user interface implementation tools such as toolkits and user interface management systems (UIMSs) will start "Because user interfaces are hard to implement...." But why are human-computer interfaces so hard to design and implement, and can we expect this problem to be solved? Like software in general, there is no ‘‘silver bullet’’ [Brooks 87] to make user interface design and implementation easier.
    [Show full text]
  • Robust Trait Composition for Javascript$
    Robust Trait Composition for JavascriptI Tom Van Cutsema, Mark S. Millerb aSoftware Languages Lab, Vrije Universiteit Brussel, Belgium bGoogle, USA Abstract We introduce traits.js, a small, portable trait composition library for Javascript. Traits are a more robust alternative to multiple inheritance and enable object composition and reuse. traits.js is motivated by two goals: first, it is an ex- periment in using and extending Javascript's recently added meta-level object description format. By reusing this standard description format, traits.js can be made more interoperable with similar libraries, and even with built-in primitives. Second, traits.js makes it convenient to create \high-integrity" objects whose integrity cannot be violated by clients, an important property when web content is composed from mutually suspicious scripts. We describe the design of traits.js and provide an operational semantics for traits-js, a minimal calculus that models the core functionality of the library. Keywords: Traits, Mixins, Javascript, ECMAScript 5 1. Introduction We introduce traits.js, a small, standards-compliant trait composition library for ECMAScript 5, the latest standard of Javascript. Traits are a more robust alternative to classes with multiple inheritance. A common pattern in Javascript is to add (\mixin") the properties of one ob- ject to another object. traits.js provides a few simple functions for performing this pattern safely as it will detect, propagate and report conflicts (name clashes) created during a composition. While such a library is certainly useful, it is by no means novel. Because of Javascript's flexible yet low-level object model, libraries that add class-like abstractions with mixin- or trait-like capabilities abound (e.g.
    [Show full text]
  • Javascript (HTML5, CSS3) Toolkits for Infovis (Graphics)
    JavaScript (HTML5, CSS3) Toolkits for InfoVis (Graphics) Group 2 Amir Kanuric, Raoul Rubien, Jorg¨ Schlager 706.057 Information Visualisation SS 2012 Graz University of Technology 2 May 2012 Abstract Graphical data visualization is used to display data in a comprehensive way in form of various types of graphs. There are a number of technologies used for graph generation. In this survey reader can get an overview over some most popular JavaScript information visualization libraries that are available today. Such libraries sim- plify the development process of custom visualization tools or provide ready to use functionalities which can be used for rendering of basic types of graphs like: Pie charts, Line charts, Area charts or to render special graphs like: Sunburst (with Highcharts), Gauges (with RGraph), Stepped plots (with Flot) or BoxPlot (with Sparklines). The libraries listed below use JavaScript, HTML5, CSS, CSS3, canvas, SVG, and VML as tech- nique for rendering. The purpose of information visualization is to amplify cognitive performance, not just to create interesting pictures. Information visualizations should do for the mind what automobiles do for the feet. Contents 1 Motivation 1 1.1 Motivation . .1 2 Low Level Graphics Toolkits3 2.1 mxGraph . .3 2.1.1 What is mxGraph? . .3 2.1.2 How to begin using mxGraph: Hello World example . .3 2.1.3 Technology . .4 2.1.4 Documentation and examples . .4 2.2 Raphael..............................................¨ 4 2.2.1 Technology . .5 2.2.2 Browser Compatibility . .5 2.2.3 Usage Examples . .5 2.3 Comparison of Low-Level Toolkits . .6 3 Chart Toolkits 9 3.1 Highcharts .
    [Show full text]