The Web

URL Shorteners Should be Banished

Aug 21st

Posted by Ace in Opinion

Comments

In response to social networking sites like Twitter, URL shortening services have been springing up on the web like unsavory fungus on a cheese sandwich, without the prospect of slowing down any time soon. Services like Bit.ly were inspired by the need for compact links when sharing websites in character-limited status updates on Twitter and its Laconica-like counterparts.

While short URLs are extremely useful in these specific contexts, they also pose a serious security threat and are a bad omen of exploits to come. As Twitter-like social networks become more mainstream, regular folk will become (and presumably already are) conditioned to click on any link they come across, with the risk of landing on malicious websites that take advantage of web-based exploits like XSS (Cross-site Scripting).

In my opinion, links should be treated more like e-mail attachments. They are only to be opened when from a trusted domain. While everyone knows random link-clicking is bad web-behavior, it is being encouraged by the uprising of short-form social networks.

Unarguably, something has to change, as the bad guys have already taken the opportunity to start exploiting this phenomenon. Of course, who am I to suggest that services like Bit.ly and compatriots should be yanked from the interwebs if 140-character status updates gain traction on the net.

So, we can’t banish them. But there are things we can do to make URL shortening safer.

Site Specific Shortening URLs

Bit.ly in particular has proven its immense usefulness because of its way-advanced statistical capabilities. So it is in our own interest to keep such services alive. But..

A safer way to go about URL shortening would be to create a federated system. A possible architecture for this could be accomplished by means of a small web application (possibly coming from a third party like TinyURL or Bit.ly) installed onto the sites to which the short URLs will be linking, which in turn would do the redirecting.

For example:

http://arstechnica.com/Do5s would link to an article on Ars Technica.
http://aceontech.com/f5g would link to a post on this blog.

If the shortening app on the given site would only allow short URLs within its own domain, individual networks of short URLs would be created and doing so would allow the user to exactly know where he’s being led to, thus eliminating the risk of contracting WTDs entirely (Web Transmittable Disease :-P ).

Increasingly, I’ve been seeing site which have started doing something similar, but I don’t think they’re actively limiting their URLs to their own domains only. Also, I’m of the opinion that there is a need for a standard in this space. Such a standard could consolidate the matter entirely, making it safer and more uniform in the process.

The technical side of this shouldn’t be too hard, either. It’s just a matter of realizing the danger of having hyperlinks to arbitrary sites and getting some shortening providers assembled to work together to create a standard process for issuing short URLs.

Current third-party URL shorteners could integrate with the federated system to provide a higher user-friendliness. One could still use a service like Bit.ly, but it would go out and check with the domain’s URL-shortener first and return that to the requesting user, first. If not supported or available it could go ahead and generate it anyway.

Click confirmation

Another thought would be to enforce confirmation upon the clicking of a shortened URL. The hyperlink would be intercepted by a page showing information about the domain buried below. It could surface the name, the full URL and other important identifying information. Maybe a database of certified domains could even be established.

Additionally, blacklists like those behind Phishing filters could be employed to heed visitors of suspicious sites. Naturally, these databases would need some kind of governing. Perhaps a web authority like VeriSign could take this responsibility on and possibly wire it to its current SSL-verification process/database…

It’s hard to imagine for me that we’ll all just keep on clicking on links left and right without considering the significant hazard it implies. The web browser is becoming the primary vector for exploits against Internet users. No longer does the the stress lie on the avoidance of e-mail attachments. The threat actually lies within the chrome around each web page you visit.

Security-conscious users [like me] would undoubtedly like to be more cautious with short URLs, but for the lacking of a secure alternative there is nothing else to do but go with the flow for now.

Help. Someone?

, , ,

Ushering Total Ad-Silence with Firefox

Aug 17th

Posted by Ace in Firefox

Comments

Display-ads are the money makers of the world wide web. While I encourage everyone to support his or her favorite website by allowing ads and perhaps even clicking on them if interesting enough, online advertisements are often over-used with the clear intent of baiting visitors. If you’re also the type to easily get annoyed with online ads constantly prodding at you wherever you go, there is a non-laborious way to make them a thing of the past.

You may have guessed it: Firefox can infer ad-silence if loaded up with the right extensions. In this post I would like to discuss two of my most beloved ad fighters: AdBlock Plus and FlashBlock. And interestingly, they will work in tandem to eliminate ~90% of ads encountered on the web so you can surf clutter-free.

AdBlock Plus

AdBlock Plus on addons.mozilla.org

AdBlock Plus has to be my favorite extension. It’s probably one of the most popular add-ons for Firefox, too. Nonetheless, it still pays off to discuss some of its most important features that help combat unwanted Internet ads.

Upon installation and after the compulsory Firefox reboot you’re presented with a dialog urging you to make a selection from of the list of available blocking-filters. I generally pick the first one off the top of the list, because I don’t believe it makes a substantial difference which one you pick.

AdBlock Plus blocks ads based on a set of filters which are pulled from the list you’ve just chosen. Because it’s list-based, it has to be maintained by someone, so be aware of the fact that it isn’t always up-to-date. As a result, ads sometimes crop up on websites anyway from time to time. Although the aforementioned event is an oddity, you’re able to add additional filters by simply right-clicking the trespassing ad and selecting ‘AdBlock Plus: Block Image’. From then on the disturbance won’t be able to pierce through AdBlock’s armor any longer.

FlashBlock

FlashBlock at addons.mozilla.org

Most unsurprisingly, there are ways for advertisers to get around add-ons like AdBlock Plus (of which they’re undoubtedly very aware ). One of the most popular ways of doing this is to make use of Flash animations instead of conventional HTML and/or images.

To counteract Flash, FlashBlock was born. When run in conjunction with AdBlock it stomps on advertisers specifically circumventing browser-based blocking mechanisms like AdBlock by employing Flash. Additionally, Adobe Flash has become a serious security-threat and with Adobe’s track-record in this field there’s little hope for change in the near future.

FlashBlock’s original use wasn’t necessarily to block Flash-based ads, in fact, it was designed to block all Flash-content in a convenient way. Coincidentally, it can also be applied to the disposing of ads.

When activated, Flash content will be replaced by a placeholder graphic featuring a familiar play-button. Pressing this button will evidently load up the animation of your choosing. This does away with flashy animations (no pun intended ;-) ) and disturbing music starting at will upon visiting a website. I’m sure you’ll receive the silence well, as did I.

Blacklisting vs. whitelisting

There’s a fundamental operational difference between the extensions I just talked about: AdBlock relies on blacklisting, while FlashBlock opts for explicit whitelisting. In the case of FlashBlock, all Flash is expelled, except for the exemptions you enter into the whitelist by using the pull-down menu, incorporated in the toolbar button installed into Firefox along with the add-on.

Adversely, AdBlock Plus can be configured to whitelist a site you’d like to see ads on. You can easily do so by selecting ‘Disable on www.somesite.com’ – once more by using the drop-down in the toolbar.

Closing Note

FlashBlock and AdBlock Plus are great tools for getting rid of most of the unwanted advertising that plague the Internet and its users. That said, I’d like to add a little disclaimer to this article:

It’s not because I wrote this article that I condemn all forms of online advertising.

Quite to the contrary, I feel it is our duty as good netizens to support the sites/blogs we really like by disabling these tools selectively. You’ll be doing the site/person in question a favor, in most cases, since this is how people monetize their sites. This, in turn, keeps them running.

So if you particularly like an online venue, please allow ads, by all means. And while you’re at it, you may want to consider whitelisting mine :-) .

* Promo image courtesy of Steve Rhodes on Flickr. Creative Commons License applies: Attribution-Noncommercial-Share Alike 2.0 Generic

Screenshots: Windows Live Wave 3.0 Beta Leaked

Sep 17th

Posted by Ace in Cloud Computing

Comments

The third wave of Microsoft’s online services called Windows Live has leaked to the internet today. Grab the combines installer at Softpedia. Some screenshots:

WL 3.0 Setup-1

More >

, ,

What is Live Mesh?

Aug 15th

Posted by Ace in Cloud Computing

Comments

image‘Cloud Computing’ is the next big thing that’s eminently happening on the Internet. It’s unclear who coined the term initially, but I’m sure most are aware of its meaning. While its current implementation is patchy, Microsoft is making a first leap at delivering it in an integrated form.

More >

, ,

Use Google's "I'm feeling lucky" from Firefox' address bar [OpenDNS]

Jul 23rd

Posted by Ace in Firefox

Comments

This trick enables you to regain the ability to use Google’s “I’m feeling lucky”-functionality on the fly from Firefox 3’s address bar, as was natively possible in Firefox 2. To accommodate this, we’ll use OpenDNS’ network shortcuts. Once configured, you’ll be able to type stuff like “goto drupal” and be taken to drupal.org right away.

image Note: As advertised, you need to be using OpenDNS for this hack to work. If you don’t know what OpenDNS is, you may want to read up on it, since it’s a great thing to have.

More >

Sync iPhone/iPod Touch with Google Calendar

Mar 13th

Posted by Ace in Apple

Comments

Update: Over-the-air synchronization available

You can seamlessly synchronize your Google Calendar and Contacts with a free service called NuevaSync, as discussed by me in this article. Google has also recently implemented its own version of OTA sync by licensing Microsoft ActiveSync technology. I’ll have a writeup on this soon. OggSync is still a viable alternative though, if you already incorporate MS Outlook in your workflow and don’t  mind the limitations this application causes.

Continued…

Synchronize multiple (primary and secondary) Google Calendars to Outlook and your iPhone/iPod Touch for free with OggSync.

The iPhone and iPod Touch don’t support calendaring very well out of the box. Apple provides some rudimentary implementation for Microsoft Outlook on the Windows side (the majority of the user base is Windows-users – after all). And that’s pretty much where it stops. Most likely, when the iPhone SDK makes its debut the tables will turn once the third-party developers get their foot behind the door, but for now we’re stuck with Outlook.

The only way to get your Google Calendar(s) onto the iPhone* (i.e. without hacking) is to go through Microsoft Outlook. This means you’ll have to subsequently synchronize your calendars with Outlook and then with the iPhone. Furthermore, the latest version of the ‘Home & Student’ edition of Office [2007] doesn’t come equipped with Outlook anymore, like previous iterations used to. If you’re a Windows user and want calendaring on the iPhone, you’ll have to acquire Outlook first.

Lame, I know.

The secondary calendars dilemma

The problem with Google’s own syncing app for Outlook is that it only supports 1 calendar, the primary calendar. If you like a certain structure in your events, like I do, this will rapidly become a problem. If you want, it is possible to merge all your calendars into one. In that case, you can go ahead and sync to Outlook with Google’s own app.

In order to accomplish a merged primary calendar, you can:

  • Move the events to your primary calendar, or
  • Export your entire secondary calendar and import them into your primary calendar

Google Calendar Sync

(Google promises to make the multi-calendar feature available in the future, but doesn’t specify a date)

OggSync (Google-Outlook Sync) to the rescue

image For those who refuse to make such a sacrifice (hell, I do) there’s a free app out there called OggSync. It’s an Outlook Add-In that supports primary and secondary calendars seamlessly and best of all, it’s free. It docks right into the standard Calendar view as a toolbar and provides you with a few options. Once you’re set, all you need to do is hit the ‘Sync’-button. Magically, GCal events will start to trickle into your Outlook Calendar…

After that, plug in your iPhone and sync away.

Pros:

  • Full support for all your calendars
  • Support for both Outlook 2003 AND 2007
  • Pro version available, but optional
  • Free!

Cons:

  • A bit of a hassle, but heck, it’s better than nothing, no?
  • No calendar coloring support [yet] in Outlook 2007
  • An occasional freeze, but they don’t usually linger for long

Download OggSync 3.22 for Outlook (direct link)

Notes

*: You can also access your Google Calendars via the Safari browser on the iPhone. However, this is a static view and means you cannot add or edit events. Furthermore, you will need WiFi availability in order for this work. Experience has shown you don’t usually have wireless around when you need that desperate peek at your calendar.

, , , , , , , ,

$400 Cloudbook won't dent eeePC's reign

Feb 26th

Posted by Ace in Cloud Computing

Comments

The Everex Cloudbook is a new sub-notebook which will be sold by Walmart for $399. Despite its comparable configuration, it supposedly won’t pose a threat to the leader in the ultra-tiny laptop market, the Asus eeePC.

The specs:

  • Display: 7″ 800*480px
  • CPU: 1.2 GHz Via C7 chip
  • RAM: 512MB
  • HDD: 30GB
  • Connectivity: 2xUSB, Ethernet & WiFi
  • Extra: webcam

CloudbookThis thing’s design isn’t in any way impressive, neither is it blazing fast, but unlike the eeePC it does feature a workable 30 gig hard drive. That’s a lot more than the eeePC’s puny solid state drive (4GB if I’m not mistaken). It runs a modified version of gOS (which, in turn, is actually a modified version of Ubuntu) and comes factory installed with Firefox, Skype, OpenOffice 2.3 and a bunch of links to Google’s web-based services like GMail, Blogger, YouTube, etc.

Wired reports bad WiFi support and slow performance. And a clunky Mac OSX ‘inspired’  launcher. If not for the eeePC, the Cloudbook would have been a great sub-notebook, despite its quaint design.

, , , , ,

links for 2008-02-10

Feb 10th

Posted by Ace in Links

Comments

links for 2008-01-31

Jan 31st

Posted by Ace in Links

Comments

links for 2008-01-29

Jan 29th

Posted by Ace in Links

Comments

« Older Entries