I though it was a thing of the past. If you use embedded flash files on your Site, you should read How Embedded Flaws in Flash Files Allow for Cross Site Scripting Attacks:

An attacker can carry out cross-site scripting (XSS) attacks on a vulnerable system through newly disclosed vulnerabilities in Shockwave Flash (SWF) files.

The flaws, which can be found by the thousand via search engine, are caused by an error in the way that input is validated when passed to embedded ActionScript and JavaScript in Flash files, according to the US-CERT, which warned about the issue in an advisory updated today.

Websites hosting vulnerable Flash files are exploitable by an XSS attack in the context of the domain hosting the vulnerable file, as well as attacks that spoof or modify online content, according to the cybersecurity division of the U.S. Department of Homeland Security.


Business
UserpicThe Recession in Perspective
Posted by Moxietype

The Federal Reserve Bank of Minneapolis compares output and employment changes between this and past recessions. It doesn't look as bad as thought, and yet:

The 10 previous postwar recessions have ranged in length from 6 months to 16 months, averaging about 10 1/2 months. The current recession has surely surpassed the postwar average, but its total length will only be known when the Business Cycle Dating Committee retrospectively determines the final month of the recession.


Porsche Type 64

Adolf Merckle, one of the world’s richest men, committed suicide last week by throwing himself under a train, reports Bloomberg:

[Merckle's company] VEM was caught in a so-called short squeeze after betting Wolfsburg, Germany-based Volkswagen’s stock would fall. Merckle lost at least 500 million euros on the bets on VW stock, people familiar said on Nov. 18. VEM lost “low three-digit million euros” on VW stock, the company said in November.

It took Porsche three years of careful maneuvering:

It was darkly brilliant, a wealth transfer ingeniously conceived like few we’ve ever seen. Betting the right way, Porsche roiled the financial markets and took the hedge funds for a fortune.

Read full story


Berlin Billboards

"Don't forget..." consists of Photoshop palettes pasted over billboards in a metro station in Berlin. Is it a street art project or clever advertising campaign? I studied advertisng in Berlin at HdK and will not be surprised if there is an advertising campaign behind it.


Firefox, Security
UserpicFirefox 3.0 SSL Certificate Error Pages
Posted by Moxietype

Firefox 3 limits usable encrypted (SSL) Web sites to those who are willing to pay money to one of their approved digital-certificate vendors. Self-signed certificates (SSC) get rejected. For example U.S. Army uses certificates are issued by the Department of Defense  and could not be trusted according to Firefox 3. Expired SSL certificates on Google and LinkedIn get affected as well.

The Mozilla.com Web site, where Firefox 3.0 can be freely downloaded, defends the new feature, saying SSL certificates not issued by a validated certificate authority -- so-called self-signed certificates (SSC) -- don't provide even basic validation; and expired certificates should not be viewed as "harmless" because they open avenues for hackers.

On the other hand expired SSL certificates are actually quite common.

According to Netcraft data, the number of SSL websites passed 600,000 in 2007. If we make a rough estimate and assume the same ratio as for the Fortune 1000 websites, that would mean that there are around 108,000 websites with expired SSL certificates. All these would get the “error page” in Firefox 3.

The lack of one industry standard when it comes to SSL and SSC creates both the security hazard and sub-prime usability issue. This is actually something that Mozilla itself seems aware of. Jonathan Nightingale, who works with usability and security at Mozilla, had this to say in his blog in regards to how Firefox 3 handles SSL certificates:

I don’t think the approach in Firefox 3 is perfect, I’m not sure any of us do. I have filed bugs, and talked about things I think we could do to continue to enhance our users’ security while at the same time reducing unnecessary annoyances.


What is the difference between:

www.moxietype.net
moxietype.net
moxietype.net/index.php
www.moxietype.net/index.php

User might expect all those pages lead to the same page. Search Engines though might store these locations separately. This might result in much lower page rank.

Solution

Decide if you want to keep www or not and make a Global Redirect at your server or write Global Redirect in htaccess file. I prefer non-www as it takes a few more strokes to type in.

Inform Google on Webmaster Dashboard Tools (under Settings) about which version they should keep in their Index. Join Google Webmaster Central if you haven't done so already.

Analyze all the pages in your Web Site and remove duplicate URLs from Google Index by using robots.txt. For example print or category in URL could lead to the same page. You might want to restrict print and category in URL from being indexed. Read about Improving on Robots Exclusion Protocol.


There is a set of simple questions to ask while planning a contribution-based project such as technological requirements, skills of the contributors and time dependancy.

Be aware of any specialized language that you are using in your instructions or in the description of the project. Words and phrases like “cache”, “ftp”, “social book-marking”, “beta”, “screengrab”, “firewall”, “tagging”, “tweet”, “proxy”, etc… may not be part of your audience’s vocabulary.


Mac Tips
UserpicHow to Reset Mac Printing Service
Posted by Moxietype

If you get the server error message such as:

  • (Mac OS X 10.2) "An error occurred while trying to add the selected printers. Error 1282"
  • (Mac OS X 10.3, 10.4) "server-error-service-unavailable."

You might need to reset the system. Follow these easy steps:

Read the rest of this story »


Tech Buzz
UserpicReverse Image Search With TinEye
Posted by Moxietype

TinEye is an image search engine. You give TinEye an image and it'll find it on the web for you. TinEye analyzes image attributes and compares fingerprints of every single image in the TinEye Search Index. However, keep in mind that TinEye is a new Web search engine and they didn't have the time to index all the images on the Web yet. I found over 500 sites containing variations of the image.

TinEye is the first image search engine on the web to use image identification technology. Given an image to search for, TinEye tells you where and how that image appears all over the web — even if it has been modified.

Just as you are familiar with entering text in a regular search engine such as Google to find web pages that contain that text, TinEye lets you submit an image to find web pages that contain that image.

Every day TinEye's spiders crawl the web for additional images. Using sophisticated pattern recognition algorithms, TinEye creates a unique and compact digital signature or 'fingerprint' for each one and adds it to the index.


Ever wanted to get rid of your Web Hosting Company? Good news! You can set up UNIX server right at your home or in your office if you have static IP address and high speed internet connection. Below are steps and links to the original instructions. I can't vouch for them as I am still looking for an old PC to pull it off.

Read the rest of this story »


Security, Social Web
UserpicPower.com is blocked from accessing Facebook
Posted by Moxietype

It appears that it is much easier to rely on the content generated by the other sites than create their own. In this case I will agree with the Facebook.

Power.com asks users to provide their user names and passwords for social networks. It then accesses those outside sites as if it were the user, and allows the user to view the other site’s pages without actually visiting it.

Facebook blocked access to its site from Power.com, which “deliberately circumvented Facebook’s technological security measures in order to continue its unlawful practice of accessing Facebook’s computer systems without authorization,” the complaint stated.

Read the article on NYT.


Tech Buzz
UserpicPassive Houses Actively Save Energy
Posted by Moxietype

Passive House
Photo: prefabricated WeberHaus

There are now about 15,000 passive houses built around the world, with the majority in German-speaking countries and Scandinavia. It costs only about 5 to 7 percent more to build than conventional houses. Passive Houses get all the heat and hot water they need from the amount of energy that would be needed to run a hair dryer.

Decades ago, attempts at creating sealed solar-heated homes failed, because of stagnant air and mold. But new passive houses use an ingenious central ventilation system. The warm air going out passes side by side with clean, cold air coming in, exchanging heat with 90 percent efficiency.

Read No Furnaces but Heat Aplenty in ‘Passive Houses’

Related  WeberHaus

1 comment 1 comment ( 1122 views )

The Google Metadata Web Authoring Statistics might be a bit outdated in a sense that Google pays more attention today to meta description element than it did when the article was written and totally disregards meta keywords element but it is still worth reading about the common mistakes.

The http-equiv values pragma and expires are attempts at bypassing caches without having to set the HTTP headers correctly. These are probably unnecessary uses; any scenario where there is a legitimate reason to limit caching, the author is going to have enough control over the server to send the appropriate headers. In addition, the meta tags can't be considered reliable (e.g. proxies and transparent caches aren't going to honour them).

The distribution value is supposedly used to control who can access the document. Search engine "optimisers" tell people to set it to "global" to ensure that search engines index their pages.


Google Tech Talks June 21, 2007

How to extent media wiki environment with semantic aspects and how to provide natural language interfaces for varying knowledge bases.


From what I can tell it is not a real bug but a regression that's part of a new feature RichResults. The browsing history does not erase RichResults anymore. If you don't want RichResults keep track of where you went, in Firefox you need to enter

about:config
and then scroll down to:
browser.urlbar.maxRichResults
and change the default.
The default setting is 12 and if you want nothing, you enter 0.

Refusal of the "RichResults" to obey the "Clear Private Data" command presents a significant privacy issue in Firefox 3. Read a message board on Ubuntu dedicated to this issue.


Did you ever wonder why WordPress out-of-the-box is not Search Engine Optimized and All in One Search Engine Optimization Plug-in is inadequate? Below is the explanation that WordPress provides:

Read the rest of this story »


Advertising, Tech Buzz
UserpicApple ditches Macworld Expo
Posted by Moxietype

This January will be Apple's last presentation at the Macworld and CEO Steve Jobs will not appear. Industry events like Macworld Expo have been losing their luster inside Apple for some time.

Read the rest of this story »


Chair with different size legs

"There's one leg shorter than the other ones; you can fix it with a few packets of sugar."

A Chair for a Talking Head

"It's very, very low so there's only your head at the table."

These are a couple of my favorites. Check out the rest of the catalog of chairs from the Secrets of Efficient Meeting Collection.

3 comments 3 comments ( 1269 views )

Gibson Research Corporation writes on Ultra High Security Password Generator:

Since there is no "output from the previous encryption" to be used during the encryption of the first block, the switch shown in the diagram above is used to supply a 128-bit "Initialization Vector" (which is just 128-bits of secret random data) for the XOR-mixing of the first counter value. Thus, the first encryption is performed on a mixture of the 128-bit counter and the "Initialization Vector" value, and subsequent encryptions are performed on the mixture of the incrementing counter and the previous encrypted result.

 The result of the combination of the 256-bit Rijndael/AES secret key, the unknowable (therefore secret) present value of the 128-bit monotonically incrementing counter, and the 128-bit secret Initialization Vector (IV) is 512-bits of secret data providing extremely high security for the generation of this page's "perfect passwords". No one is going to figure out what passwords you have just received.

Make sure to write the generated password down. Cool


Tech Buzz
UserpicMathematica 7 from Wolfram Research
Posted by Moxietype