Archive for January, 2011

The Haphazard Creation of the HTTP Cookie Standard

Monday, January 31st, 2011

InternetThe World Wide Web was originally designed to be state-less. That is, information is not remembered between visits to various web pages, or even to the same web page. Today, of course, that is not the case, and the main mechanism for communicating between visits is the cookie, also known as a browser cookie or an HTTP cookie. Cookies contain a small amount of text data that your browser stores and sends back to the web server whenever you request a web page from that server. This permits many things, such as keeping you logged in, remembering your settings, or tracking which items you’ve looked at in an online store.

As a web developer, I know that the rules governing HTTP cookies are pretty loose. There have been some efforts to make a concrete standard, but nothing has been formally approved, and the existing IETF RFCs are taken as suggestions by browser manufacturers rather than rules. I didn’t know just how bad it was, however, until I read the linked article. Cookies were defined in a haphazard manner and have stayed that way ever since. Each browser implements cookies in a slightly different manner, and don’t even ask me about the limits on the size of individual cookies, the number of cookies per domain, the total number of cookies, and the total size of all cookies combined. The linked article says, “there is simply no accurate, official account of cookie behavior in modern browsers.” As a web developer, unfortunately, you have to go with the lowest common denominator when working with cookies. Definitely not the way to specify such an important part of the internet.

Link: http://lcamtuf.blogspot.com/…
(via Slashdot)

Unbelievable Death Star Cake

Monday, January 31st, 2011

Darth VaderA cake designer in England made a Death Star cake for her 4-year old son, and it’s just flat-out amazing. I’ve seen plastic toys that didn’t look as good. The linked article has a detailed picture of the final product. And the neat thing is that you can purchase a similar cake (although no price is listed).

Link: http://betweenthepagesblog.typepad.com/…
(via TheForce.net)

Thinkpad W701ds is a Dual-Screen Laptop

Saturday, January 29th, 2011

Thinkpad W701dsLenovo has released a new Thinkpad, the W701ds, which has a retractable, 10.6″ display augmenting the main 17″ screen. It’s good to see that the Thinkpad line is still a source of innovation after the move from IBM to Lenovo, and I can envision this feature becoming popular.

Thanks to Josh for this topic.

Link: http://shop.lenovo.com/…

Google Chrome Tips and News

Thursday, January 27th, 2011

Google LogoHere at the Chad’s News network command center, Firefox is still the browser of choice. Google Chrome, however, is still improving and trying to become a contender for that top spot. There is the useful Chrome Toolbox extension, which adds functionality and configuration options that have been needed for a long time. Also, Chrome now has a built-in PDF viewer, which appears to be in the latest release version. Lifehacker has a tip on how to refresh the thumbnails shown for your “most visited” sites on the new tab page. Another tip from Lifehacker explains how to configure Chrome such that embedded Flash content is played on demand (versus the default auto play). This change has not yet made it to the release version. And finally, the linked article discusses Google’s decision to drop direct browser support for the popular H.264 video codec. This only affects HTML5 videos—Flash content will still play with no problem.

Link: http://www.sfgate.com/…
(via Kim Komando)

The “Cloud” Makes Small Steps Towards Ubiquity

Monday, January 24th, 2011

The CloudMany past efforts to promote cloud computing have failed miserably, but it’s become more popular over the last few years, even here at Chad’s News. The linked articles detail two more steps in the long road towards universal acceptance. The first is Neverware, a way to run a powerful Windows system from a low-end computer. The second is Google’s cloud print, which allows a user to print a document from portable devices such as smartphones.

Thanks to Josh for the cloud print link.

Link #1 (Neverware): http://www.observer.com/…
(via Kim Komando)

Link #2 (cloud print): http://googlemobile.blogspot.com/…
(via MacRumors.com)

Google Interview Questions, With Answers

Friday, January 21st, 2011

Google LogoGoogle is known for the unusual questions it asks job applicants, the most famous of which is “Why are manhole covers round?” The linked articles answer 15 of the actual questions, from a list of 140 collected by a professional interview coach. I was flying high when I knew the answer to “Explain the significance of ‘dead beef’?”, but felt pretty stupid for not getting “How much should you charge to wash all the windows in Seattle?”

Link #1 (questions): http://www.businessinsider.com/…
(via Lifehacker)

Link #2 (answers): http://www.businessinsider.com/…

Link #3 (main article): http://www.businessinsider.com/…

Psychopaths Consistently Identify Victims With Just a Look

Tuesday, January 18th, 2011

From the article: “[P]sychologists have long been known that the more psychopathic a person is, the more easily they can identify potential victims. Indeed, they can do so just by watching the way a person moves. In one study, test subjects watched videos of twelve individuals walking, shot from behind, and rated how easily they could be mugged. As it happened, some of the people in the videotapes really had been mugged—and the most psychopathic of the subjects were able to tell which was which.”

Link: http://www.psychologytoday.com/…
(via Lifehacker)

Exploits and Backdoors Via Malicious Hardware

Sunday, January 16th, 2011

Computer SecurityThe authors at Ksplice are pretty good at digging into the low-level guts of modern computer systems—it’s not too unusual to see them posting assembler code to illustrate a point. In the linked article, they demonstrate how to use a PCI expansion card to hijack a computer in a manner that’s quite hard to detect, and which defies standard methods to recover a compromised system. The malicious hardware gets control of the system at boot time and intercepts the BIOS call that loads the operating system. This gives it the ability to then modify the OS to include an exploit.

For the normal computer user, this is a non-issue. But for those who deal with ultra-classified national security issues, you can never be too careful (maybe that peripheral manufactured in China is not as trustworthy as you think…). The example given in the Ksplice article is more of a proof of concept, because it only works on a single, specific release of the Linux kernel, but it wouldn’t be too difficult to come up with something more versatile.

The linked article is quite technical in nature, so you’ve been warned.

Link: http://blog.ksplice.com/…
(via Slashdot)