I know that there're lots of topics on how js's date() works but I miss one bit. I'm working on a small web app which has a server and clients. Each client may run on Windows or Linux (mac... etc.). The problem is that afaik, if you are a Windows user then, your PC's date will be fetched through a worldclock server, somewhere, it's pbly Microsoft's BUT if you're running Linux, then your date/time are being computed on your computer.
So, does js's date() fetch a date (or time) requesting to a server, just like windows does, or it just looks at a given pc's date, reads it and displays it?
To me this is of great importance as I've a dual-bootable computer and every switch from linux to windows causes time inaccuracy, meaning that I've to take into account clients' wrong date/time if JavaScript reads it from one's pc. Put in other words, does JS's date() fetch the date and time information requesting separate server by giving it location information for the user based on say, IP?
The Date function in the browser just uses the system clock. This is true regardless of operating system.
The system clock may be set manually, via an NTP server, via GPS or mobile phone signal. This is true regardless of operating system.
I've a dual-bootable computer and each switch from linux to windows causes time inaccuracy
This is likely caused by the time zone being incorrectly configured on one or both of your operating system configurations. There is no realistic way to account for that sort of misconfiguration when writing software.
Related
In an HTML5 web app, I'm building a feature that relies on client-to-client communication (with pusher). It's made of PHP on the server-side and Javascript with Vue on the client side.
The typical scenario is: a window popup is opened, and from there it communicates directly with some other windows opened into any another browser on the same computer. Let's say you have 2 browsers installed, you open the web app popup with Firefox and it communicates with its web app sister page you did open previously into Chrome.
The only (half-)way we have found so far is to use the public IP address to build a private channel named with the IP address… It's basic and efficient.
However, if there is more than 1 computer connected to the same router, all of them will share the same public IP, and that's where things become difficult!
A solution could be to add the computer's local IP to the channel name (that was already built with the public IP), but despite a few nice workarounds I found to get this info from an initiated RTC Connection, this looks quite unreliable and often goes against browsers privacy rules…
Obviously, I cannot use session information with PHP on the server-side, nor cookies / local storage on the client-side, as all those solutions are tightly coupled with the browser itself (thank God Chrome won't share its cookies with Firefox on your computer). Those solutions would be perfect (and no need for a pusher) if we were using 1 single browser, but we need to handle multiple browsers on the same machine.
That's where I'm wondering if anyone would have already dealt with this design challenge and shared some tips, it would be awesome! Thanks for reading so far!
You can check the user agent of the browser.
You can check a combination of the request headers coming from different browsers.
You can explicitly throw and catch an error in the user's browser and send it in the request header/body to determine what browser they're using.
You can do canvas drawings to see the user's GPU/CPU information (since you're already using html5 that's a bonus).
You can directly use webgl to do the same with perhaps different metrics (since canvas uses webgl anyways).
You can check their typing speed or even build up a profile of their vocabulary and use of language.
If you ask for permissions you can see all of their connected media devices like headphones, even just asking for audio permissions will show you all of them.
You can benchmark their CPU with things like the time it takes to find primes or encrypt a key.
You can use audio fingerprinting, which is almost as unique as your voice, since each browser and CPU architecture slightly differ in the digital pattern and oscillations created from audio, which can be captured.
You can check their window size and screen size and screen resolution.
There's probably even more I didn't think of now, you can also use any of them in combination to fingerprint a device.
For more information research browser sniffing and digital fingerprinting. What's more is that you can uniquely identify the user across their own browsers on the same computer and also different users from different devices using a combination of browser sniffing/digital fingerprinting.
In your specific case you can't use all the browser sniffing techniques but you can still use some of them, like the user agent since it will still give you the user device information even if they're using a different browser.
The idea with digital fingerprinting is that you want to build up a probability high enough that you can be fairly certain it's the same user, you can't ever be truly sure, but sure enough. Something like screen size doesn't mean much by itself, there's millions of devices using i.e. a size 1600 screen, however consider the following hypothetical example:
User's device has screen size of 1600, that's i.e. ~1/8 users.
User's device took 20ms to encrypt a 4096 key, that's i.e. ~1/8 users.
User's device took 40ms to draw a canvas image, that's i.e. 1/8 users.
Now you already have a 8 * 8 * 8 = 1/512 probability of knowing what user it is and that value goes up way higher very quickly, based on 3 fundamentally unidentifiable things.
However it should be noted that using any browser sniffing or digital finger printing techniques like above fall under privacy regulations (at least in some countries). A lot of things like the user agent is being deprecated and if you do things like this on a site you'll get into trouble with things like GDPR. I believe you can get around that if you explicitly ask the user for their permission and let them know that i.e. their browser is being fingerprinted. However you have to be careful because doing this can get you in trouble if it's malicious, doing things like this without a user's knowledge is unethical.
We currently have a web browser application that runs only under Internet explorer that we are trying to make cross browser. The main reason for using IE is that we can access the hardware information from an ActiveX control. We would like to get away from this methodology for obvious reasons.
If we forget about the way things are currently being done and go back to the security requirements and look for other ways to accomplish the same thing. The user of the application must be on a known computer that must be in a secure location. I am at a loss on how to do this.
We currently use Protect/unprotect to encrypt the data we need and guarantee that the file can only be decrypted on the same machine. This keeps the user from finding the file and copying it to another machine and running. The file is put on the computer by a separate installation process that can only be run by authorized personnel.
So how do I get a machine specific key of some type that allows me to identify the computer with no chance of being replicated to another computer?
====================================
We are trying to do exactly what the web is trying to keep us from doing, so this may not be doable without specific browser extensions, such as a ActiveXControl.
The USB response is interesting but it does not guarantee location. We do use USB devices for terminals that require 2 factor authentication.
The other possibility is a user or machine certificate installed in the computer. The problem I see with that is the certificate can be exported. We had tried this years ago and the operational overhead was too high.
Is there a way to detect a wake from hibernation? I am developing an extension that displays information when the user turns on the computer and logs in to the system. I can do that easily by setting the extension to run when the system starts and execute the codes instantly.
background.js
function displayInfo(){ /*...*/ }
displayInfo();
However, some users might not turn off their computer, rather, they would hibernate for faster wake time. Hibernate should still be considered that the user is "turning on" the computer, but currently I have no way of detecting that.
Is there anyway I can achieve that?
No "perfect/foolproof" method, but some an idea:
Record the system time every 5 minutes or so. If the current time is much larger than the expected time, assume it slept/hibernated.
I was build a Web system which is running on Windows and Linux too. It's running through Xampp. In this situation who using this System changing the time simply and add missed data into the system. So i want to track those. For that i was plan to get the real time using a time server. But if that PC doesn't have Internet that will gonna be a problem to get real time. So i need something execute behind of the System which doesn't interact with Windows Time. So i can get the real time. IS there anyway to do it using VB OR Any scripting language ?
If the system in question doesn't have an internet connection, I don't believe there's any way to get the "real" time, just the system time.
So... you want to get an accurate count of 'real time', not system time, without being connected to the internet?
The only thing I can think of is a radio frequency controlled device to correct the time - e.g. http://www.galsys.co.uk/time-receivers/
Normally, if it was connected to the internet, you could get it to read the time off of the internet - e.g. from here http://tycho.usno.navy.mil/timer.html - that could be done on a Linux system by using a bash script, curl or wget, and the date command.
I am building a Time clock application for my employer to use with his employees. One of the requirements is to have it take a photo from a webcam every time a user clocks in and out of the system.
Thankfully this is possible using HTML5 and JavaScript and no longer requires Flash or Silverlight.
The problem however, is in this image below....
Since this application will be used on 1 PC and accessed by a large number of users everyday, this is a real problem for my application.
I hope there is a way to permanently authorize permission to use the camera for certain pages maybe or another alternative?
If your app is running from SSL (https://), this permission will be
persistent. That is, users won't have to grant/deny access every time.
http://www.html5rocks.com/en/tutorials/getusermedia/intro/#toc-security
Note, this only applies in Chrome. Each browser may implement the security prompts differently.