Don't bother reading unless you give at least a quarter of a shit about XMLHttpRequest and HTTP authentication.

Here's a stupid geek trick. The correct login information for this is user="user", password="password". Give it the wrong password [it will say something like 401 Unauthorized, user="user", password="bogus"]. Then give it the right password and try again - it will keep sending the wrong password. This happens in both Firefox and IE; Safari has a slightly different bug.

Here's the sitch: I have an XMLHttpRequest going out to a password-protected resource. The credentials are supplied by the user and thus they are likely to be wrong some of the time. The script is designed to gracefully handle authentication failure - specifically, I want to avoid the crappy infinite HTTP authentication dialog box loop. I'd think that this issue would come up from time to time, but I guess it doesn't because this is really hairy:

XMLHttpRequest states "If authentication fails, user agents SHOULD prompt the users for credentials."

To work around this, Paul James suggests returning 401 Unauthorized without the mandatory WWW-Authenticate header. In theory, this tells the browser to stop trying and forget the password. The browser does, in fact, stop trying, but it also goes into a weird undefined state where it continues to issue the old [incorrect] password despite instruction to the contrary. [Safari instead puts up the dialog on the next request, even if credentials are provided.]

HTTP/1.1 states "If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information." - ie, reissue the same challenge to indicate to the browser that it should give up. As near as I can tell, not a single browser has ever done that.

HTTP/1.1 also gives us 403 Forbidden: "Authorization will not help and the request SHOULD NOT be repeated." This response has the same bizarre effects as 401 without WWW-Authenticate.

I'm actually kind of an AJAX newb, so ... does anyone have any recommendations?

- Z

OK I admit it, I'm too cool for school. I don't like getting dressed up for Halloween. I think costume parties are lame. One year we sat at home with all the lights out so nobody would try to trickortreat us. And secretly I always thought that people who professed to like Halloween better than Christmas were just trying to fit in with the kids who don't fit in.

But this year it seems like there's a lot of fun stuff happening. Consider this, first off, a bump for "Nosferatu," below.

At the other end of the film spectrum, Regal Transit is going to be screening The Nightmare Before Christmas in 3-D this year. [I was initially surprised that they'd taken the expense of shooting in 3-D if they weren't going to distribute as 3-D ... but alas, this is yet another film digitally altered by ILM. Thank you George Lucas!]

::Download Flash Video::

[Woah, rerecompression. I hear Flash 9 is going to have native support for H.264?]

Is everyone familiar with fundamentalist Christian haunted houses? Alleyway Theatre bought a copy of the 'official' script and is presenting "Hell House Buffalo" upstairs of the costume store/bike shop at 745 Main. Todd Warfield (Reefer Madness), director: "I've changed very, very little of it. The challenge for us is to perform it sincerely." I've always been sort of morbidly curious of the spectacle, and now that I know the money is going to a good cause and I won't get evangelized at too much, I think we're going to go check it out. With local celebrities as Guest Satans, how can you go wrong?



- Z

On January 16, 1926, the brand-new Shea's theater opened to great fanfare with a screening of "The King on Main Street." The baroque-decorated movie theater, seating 4,000 and incorporating imported Czech crystal chandeliers, was erected at a cost of $3 million [approximately $30 million today].

Five months later, the German silent film 'Nosferatu, eine Symphonie des Grauens [a Symphony of Horror]' made its American debut. Nosferatu paved new ground, being one of the first German Expressionist films and the first [albeit unauthorized] screen adaptation of Dracula. It's still pretty fucking creepy.

On Tue 30 Oct at 7:30p, Shea's will once again screen Nosferatu, with a musical accompaniment by the Devil Music Ensemble [admission $15.50]. I am going and so should you. That goes double for the non-(e:peeps) who read this, and triple for the Buffalo n00bz who have never been to Shea's.



Let me know who's in [non-peeps can email me], I'll run down to the box office & pick up tix.

- Z

There's no way I'm the only person here who thinks this is super funny.

[(e:dragonlady7)'s previous place of employment made a database system for nursing homes. They released an update and started getting complaints from their clients that they couldn't enter Irish patients. It took them a little while to figure out that the backend was tripping over O'Malley.]

- Z

- Z