Eric Lawrence

GZip uses [two](https://en.wikipedia.org/wiki/Gzip#File_format) checksums, a CRC-32 for the header, and one for the full file in its footer. If the header checksum is incorrect, this can be determined before any...

Yeah, I think it makes the most sense to match HTTP Content-Encoding and have 'deflate' mean Zlib-wrapped DEFLATE ([RFC1950](https://www.ietf.org/rfc/rfc1950.txt)) Node uses '[deflateRaw](https://nodejs.org/api/zlib.html#zlib_class_zlib_deflateraw)' for the bare format and this sounds reasonable.

My recollection is that we (Microsoft) do use a version of zlib under the covers, but it is an older version which has been slightly modified/recompiled in such a way...

Similar issue if the client requests an unqualified hostname (no dots)?

Regex's are hard to read. :) ^((?!-)[A-Za-z0-9-]{1,63}(?

FWIW, when I got this message, it might have possibly happened when I had two installations of GHDesktop installing in parallel (because Edge's UI doesn't make it clear when you've...

- It's not a Windows "bug" that an application can leave registry entries behind on uninstall, that's just how it works. - /Arguably/ a browser could do work to verify...

>I think streaming while the pointer is down is the most capable implementation, Streaming seems like a huge security hole if it enables gesture-jacking. An attacking website entices the user...

@BoCupp-Microsoft - Yeah, "gesture-jacking" would be a super-set of clickjacking, encompassing user actions that aren't just a simple click (e.g. user holding down enter key, user dragging mousedown, etc). Using...

@BoCupp-Microsoft: RE the 60hz limit, my original attack was the naïve/simple one. In a more realistic attack, an attacker could read a 10 digit security code or account number in...