recentpopularlog in

mcherm : internet   235

« earlier  
Less than Half of Google Searches Now Result in a Click | SparkToro
Google doesn't exist to send people to other sites. 50% of "searches" do NOT result in any next click. (And many others lead or other Google-owned sites.)
google  search  internet  via:HackerNews 
5 weeks ago by mcherm
I can see your local web servers
Yipes! Local stuff accessable via http (but ONLY on your local machine) is vulnerable to probing by malicious web pages.
security  web  internet  via:HackerNews 
may 2019 by mcherm
FIDO2 Project - FIDO Alliance
An overall approach to web authentication. WehAuthn (part of it) was just approved as a W3C standard. I should read up on this and learn it.
security  programming  authentication  web  internet  standards  via:HackerNews 
march 2019 by mcherm
How Many .com Domain Names Are Unused? - Singapore Data Company Pte Ltd
Analysis (beginning of 2019) of what the issued .com domain names are doing. 1/3 have websites, the rest are ads, for sale, not working, or various other junk.
internet  dns  via:HackerNews 
february 2019 by mcherm
DNS flag day
A coordinated attempt to stop accommodating some badly-behaving DNS implementations.
dns  internet  personal_net  via:slashdot 
january 2019 by mcherm
World's Oldest Torrent Still Alive After 15 Years - TorrentFreak
The best possible way to distribute a movie that turns out to be popular.
internet  bittorrent  via:HackerNews 
december 2018 by mcherm
Troy Hunt: Extended Validation Certificates are Dead
Unless you are a bank there is no reason to use Extended Validation SSL certificates.
web  security  ssl  internet  via:HackerNews 
december 2018 by mcherm
Goodbye, EdgeHTML - The Mozilla Blog
Microsoft is going to base their browser on Chrome. That really reduces the number of browsers in wide use and is unhealthy for the web (in my opinion).
browsers  microsoft  google  internet  webdevelopment  via:HackerNews 
december 2018 by mcherm
The Illustrated TLS 1.3 Connection: Every Byte Explained
Every byte of a TLS 1.3 connection explained. Look at the amount of backward-compatible cruft. This is what it is like to live in reality.
internet  ssl  via:HackerNews 
november 2018 by mcherm
A timing attack with CSS selectors and Javascript
A way to use JQuery to execute a timing attack that can extract fields from another webpage running in the same browser.
security  browsers  internet  javascript  hacking  via:HackerNews 
october 2018 by mcherm
Beaker | Peer-to-peer Web browser. No blockchain required.
A sort of distributed file system designed to be something like a P2P version of the World Wide Web.
p2p  web  via:HackerNews  internet 
march 2018 by mcherm
BAD TRAFFIC: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
Some governments are intercepting download requests for popular programs like 7zip and injecting them with spyware.
security  internet  via:EdwardSnowden 
march 2018 by mcherm
Now sites can fingerprint you online even when you use multiple browsers | Ars Technica
Sites can now fingerprint, not just a browser, but a specific *machine* (across browsers!) by using a bunch of "compiled JavaScript" features.
via:reddit  ArsTechnica  security  privacy  browsers  internet 
january 2018 by mcherm
WebAssembly support now shipping in all major browsers - The Mozilla Blog
This is a big deal: we can now write native apps for the browser in most any language (with a cross-compiler).
internet  javascript  webdevelopment 
november 2017 by mcherm
The End of the Road -
Dreamhost got a judge to cut back the overly broad demand for information on anyone who visited the site that organized a political march.
law  4thAmmendment  privacy  internet  Dreamhost  via:HackerNews 
october 2017 by mcherm
Understanding the prevalence of web traffic interception
Around 4% - 10% of web traffic is man-in-the-middle attacked (mostly by virus checkers and corporate firewalls).
via:boingboing  security  internet  encryption 
september 2017 by mcherm
The world in which IPv6 was a good design
A very good explanation of some of the details of ethernet and internet networking explained via historical context.
internet  networking  ipv6  history  via:HackerNews 
august 2017 by mcherm
The “Million Dollar Homepage” as a Decaying Digital Artifact
12 years later, most of the links on the "million dollar homepage" (where they sold pixels) are dead.
history  internet  via:HackerNews 
july 2017 by mcherm
I decided to disable AMP on my site
This explains why Google's "AMP" program isn't good for publishers and is only of dubious use to readers.
internet  AMP  google  via:HackerNews 
june 2017 by mcherm
Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates - Google Groups
Google Chrome is going to gradually give less trust to SSL certs issued by Symantec because they've really abused and misused the system (but can't be cut off because they have 30% of all certificates).
internet  ssl  chrome 
march 2017 by mcherm
Annotation is now a web standard – Hypothesis
The W3C approves a standard for annotations (leaving notes or comments on web pages that are collected and managed by a third party).
web  internet  w3c  via:HackerNews 
february 2017 by mcherm
A battle rages for the future of the Web | Ars Technica UK
EFF pushed W3C saying "if you MUST standardize DRM, at least require that security researchers still be allowed to do research". Corporations in W3C push back.
w3c  drm  copyright  law  ip-law  security  internet  eff  CoryDoctorow  via:boingboing 
february 2017 by mcherm
Certified Malice – text/plain
Let's encrypt allows phishing sites to have SSH certs. How best to solve this? Maybe use several different signals for site reputation?
security  browsers  ssl  internet  lets_encrypt  phishing  via:HackerNews 
january 2017 by mcherm
How Stack Overflow plans to survive the next DNS attack - Server Fault Blog
Using multiple DNS providers: a good idea, and AWS + Google worked well world-wide. Includes actual performance numbers.
dns  internet  networking  via:HackerNews 
january 2017 by mcherm
A map of the entire internet as of May 1973 | Hacker News
Every machine on the internet listed on a single sheet of paper.
internet  history  via:HackerNews 
december 2016 by mcherm
Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Ars Technica
Unsecured or buggy internet-capable devices are now the source of truly massive (so big no company will defend against them and it may threaten internet traffic in general) DDOS attacks (for hire).
security  internet  ddos  ArsTechnica  via:ArsTechnica 
september 2016 by mcherm
Netlify: This Weekend's DDoS attack and What's in a (C)Name?
This is why my domain name should be "" not "".
internet  dns  via:HackerNews 
january 2016 by mcherm
HTTPS provides more than just privacy
A list of good reasons why your site you should use https instead of just HTTP.
internet  ssl  cryptography  via:HackerNews 
january 2016 by mcherm
The HTTP 451 Error Code for Censorship Is Now an Internet Standard | Motherboard
Yes, there is now an OFFICIAL http error code for use when you have been legally required to censor some material.
http  standards  censorship  internet  via:boingboing 
december 2015 by mcherm
Choosing an HTTP Status Code — Stop Making It Hard | Racksburg
This article recommends a certain policy on the use of http response codes, and I think it actually has really good advice.
REST  http  internet  webdevelopment  via:HackerNews 
december 2015 by mcherm
Welcome to The Internet of Compromised Things
Routers can compromise your system. Here's how to avoid it.
security  internet  codinghorror  via:CodingHorror  wifi 
november 2015 by mcherm
How I Ended Up Purchasing & Owning via Google Domains | Sanmay Ved | LinkedIn
He found Google offering "" on their domain sale site. He was even able to make the purchase go through although Google then reverted it a few minutes later.
google  security  internet  via:reddit 
october 2015 by mcherm
Give Google Contributor a try
There's a way you can pay Google to replace ads for yourself with something else of your choice; the money still flows to the websites. I should try it (and look at the report afterward).
google  advertising  internet 
september 2015 by mcherm
Why is Windows lying about what root certificates it trusts? · HA
Windows (and internet explorer) has a list of root certs it trusts. But it also trusts OTHER root certs that are not made visible.
windows  security  internet  via:HackerNews 
august 2015 by mcherm
We're heading Straight for AOL 2.0 · Jacques Mattheij
They don't make standard anymore everything is done in a proprietary fashion layered on top of HTTP and JavaScript.
internet  standards  via:HackerNews 
august 2015 by mcherm
dpr » udp and me
How UDP got "invented" and some of the compromises made in TCP because they knew the network "would never get that big". Also no end-to-end crypto because the NSA said not to.
history  internet  networking  via:HackerNews  security  cryptography  nsa 
may 2015 by mcherm
Unfortunately, we have renewed our ICANN Accreditation -
All registrars are now required to implement a policy that requires the owner of a domain to respond within a few days to a request or else their domain gets disabled.
may 2015 by mcherm
Filter all ICMP and watch the world burn
Things break if you block networking control messages.
internet  networking  via:HackerNews 
may 2015 by mcherm
Improving compression with a preset DEFLATE dictionary
We could improve file sizes by 5% if we used a common internet-wide list of known strings in our compression algorithms.
zip  algorithm  internet  via:HackerNews  programming 
march 2015 by mcherm
draft-vandergaast-edns-client-subnet-02 - Client Subnet in DNS Requests
Amazon's Route53 DNS services use this (experimental) RFC for geo-location of endpoints in DNS.
dns  internet 
december 2014 by mcherm
Swimming against the stream | Jon Udell
So many people decided to follow twitter and facebook instead of RSS feeds that now people aren't producing RSS feeds. But that is giving up a measure of control, and an important one. So we should work to restore the RSS feed as a tool. I fully agree.
rss  socialcomputing  JonUdell  via:JonUdell  internet 
november 2014 by mcherm
How Microsoft Appointed Itself Sheriff of the Internet | WIRED
Some background on the case where Microsoft just took over the domain names of a legitimate company with information on the legal tactics they used. Which apparently have not been repudiated.
law  internet  via:HackerNews 
october 2014 by mcherm
Google Online Security Blog: HTTPS as a ranking signal
Probably nothing there is could have created as strong a push toward the use of TLS than Google agreeing that it will boost your search ranking.
google  search  security  internet  https  via:reddit 
august 2014 by mcherm
How to take over the computer of any Java (or Clojure or Scala) developer - Ontoillogical
Maven does not use SSL by default for connecting to the central repo. It should.
java  security  internet  maven  via:reddit 
july 2014 by mcherm
Verizon’s Accidental Mea Culpa | Beyond Bandwidth
Level 3 points out that Verizon's own numbers show that the slowdown of Netflix is Verizon's fault (on purpose).
netneutrality  via:reddit  netflix  internet 
july 2014 by mcherm
Google Online Security Blog: Maintaining digital certificate security
At least Google is raising this publicly... someone used an Indian root cert to sign a fake Google certificate.
security  internet  via:HackerNews 
july 2014 by mcherm
Order restored to universe as Microsoft surrenders confiscated No-IP domains | Ars Technica
Microsoft told a court to let it take over some DNS names (in a hearing where the other side wasn't invited to participate) to take down some malware. They did so and it was a fiasco (they broke lots of legitimate stuff).
law  internet  dns  microsoft  ArsTechnica  via:ArsTechnica 
july 2014 by mcherm
Why use www? | www. is not deprecated
So you can set up a CNAME. Needed only if you get big enough to want to separate static from non-static resources or to dynamically redirect traffic.
web  internet  dns  blogging  via:HackerNews 
june 2014 by mcherm
Global Deletion Orders? B.C. Court Orders Google To Remove Websites From its Worldwide Index
Poor law in Canada: court orders Google to remove a site, not from the Canadian search results, but from ALL search results, WORLD WIDE. I hope the absurd results of such a decision are obvious.
law  internet  via:boingboing 
june 2014 by mcherm
The Several Million Dollar Bug - Jacques Mattheij
He says a server can send the HTTP response BEFORE receiving the request.
http  internet 
june 2014 by mcherm
Copyright Holders Cannot Prevent Links to Freely-Available Content from Being Posted Online | White & Case LLP - JDSupra
European high court rules that links communicate but not to a new audience ( that couldn't reach it before) and so don't violate copyright.
law  ip-law  internet  copyright 
may 2014 by mcherm
ongoing by Tim Bray · Pervasive Monitoring Is an Attack
The IETF (they write RFCs) just declared that pervasive monitoring is a threat to the internet and that future standards need to include comments on how they address it.
privacy  surveillance  internet  RFC  nsa  snowden  via:HackerNews 
may 2014 by mcherm
Protecting Net Neutrality and the Open Internet | Open Policy
A really good proposal from Mozilla for how the FCC could require net neutrality without actually changing the rules for cable providers.
netneutrality  internet  mozilla  via:slashdot 
may 2014 by mcherm
ImperialViolet - No, don't enable revocation checking
SSL cert revocation lists are too big to store with every browser. Checking every time is so unreliable that browsers don't treat failures as fails.
security  ssl  cryptography  internet  via:HackerNews 
april 2014 by mcherm
My Website Was Stolen By A Hacker. And I Got It Back. | Ramshackle Glam
Some things that actually happen when a website is stolen to be sold or held for ransom. She found the domain registrars refused to help despite knowing that it was stolen; the FBI was helpful but the problem was resolved only by paying off the criminal.
internet  hosting  security  via:HackerNews 
april 2014 by mcherm
Lauren Weinstein's Blog: No, I Don't Trust You! -- One of the Most Alarming Internet Proposals I've Ever Seen
Proposal for SSL 2 to build in the ability to spy on people's "secure" connections. Commentators say it isn't so bad because in SSL2 *all* connections are encrypted and this applies only to those that were formerly http.
internet  security  via:HackerNews  ssl 
february 2014 by mcherm
Someone Forced World Internet Traffic Through Belarus and Iceland - Arik Hesseldahl - News - AllThingsD
Someone is intentionally advertising false routes to suck in traffic for brief periods of time. And they're probably (this part is just speculation) doing it on purpose.
security  internet  via:HackerNews 
november 2013 by mcherm
Security Dialogs for unsigned applets in Java
Well, that's the FINAL nail in the coffin of the Java Applet.
via:slashdot  java  internet  webdev 
september 2013 by mcherm
Inventing Favicon.ico | Take the First
When you have an idea, sometimes you should just do it!
internet  history  via:reddit 
september 2013 by mcherm
Newest YouTube user to fight a takedown is copyright guru Lawrence Lessig | Ars Technica
Lawrence Lessig posted a video which clearly had fair use of a snippet of music. The copyright owner issued a takedown notice and LL is suing them under an almost-never-used DMCA provision for overzealous takedown notices.
eff  copyright  copyrightabuse  censorship  DMCA  LawrenceLessig  via:ArsTechnica  ArsTechnica  law  ip-law  internet 
august 2013 by mcherm
How secure is HTTPS today? How often is it attacked? | Electronic Frontier Foundation
There are several productive ways to attack SSL today and it appears that several of them are in use. Here is some data on the rate at which they are used.
security  ssl  cryptography  internet  via:HackerNews  eff 
june 2013 by mcherm
Internet Census 2012
Guy figures out how to build a botnet of thousands of machines. He used it to portscan the entire internet, then (anonymously) publishes a scientific paper on the results.
internet  science  research  security  via:reddit 
march 2013 by mcherm
IRC is dead, long live IRC
IRC usage is going down (dramatically) over the past several years, but usage of freenode (mostly technical help on open source) continues to rise.
internet  irc  via:HackerNews 
january 2013 by mcherm
« earlier      
per page:    204080120160

Copy this bookmark:

to read