Kissaki Blog

October 31, 2011

Embedding Remote Buttons

Filed under: English,Web,Webmaster — Tags: , , , — Kissaki @ 23:46

So, aware web users and webmasters/webdevs know that by embedding remote images or even any file you essentially set up your page to direct visitors to other servers as well, sending along a lot of information. With big services like Google and Facebook this opens a lot of data mining possibilities for them. Facebook and Google with their Like and +1 Buttons can track visitors across websites. Track visitors browsers, OS, etc. And if the visitor has an account, can associate all the data to an account. Which websites did the user visit? When did he? Etc. And all that with visitors not even clicking the Like/+1 Buttons.

Some weeks ago heise.de published an anonymous version of a Facebook Like button, which would use a locally hosted image and only if you would want to click it it would load remote content. Facebook threatened them. After all, they were using Facebooks image. Now they still have an anonymous Like button with an altered image so anonymity and privacy is not dropped.

Google with their +1 Buttons states in their +1 button policy:

Publishers may not alter or obfuscate the +1 Button

So we have the same problem there … Now, how much would you have to alter the image so it is no longer trademarked? (if it is at all) And would hosting it locally fall under fair use? Would altering it slightly, so much you can tell the difference, be enough for it to fall under fair use? Greying it out maybe?

October 30, 2011

Google ist schnell beim indexieren

Filed under: Deutsch,Web,Webmaster — Tags: , — Kissaki @ 09:45

Nachdem ich gerade den Artikel zum Thesenanschlag geschrieben hatte wollte ich noch etwas mehr über die Interessengesellschaft erfahren und habe danach mit Google gesucht. Und dann zeigt der mir als eines der Ergebnisse auf der ersten Seite doch tatsächlich folgendes an: (more…)

August 17, 2011

Google Search over HTTP Beta – Implications to Website User-Stats Tracking

Filed under: English,Web,Webmaster — Tags: , , , , , , , , , — Kissaki @ 23:50

Now that Google rolled out a beta for searching via HTTPS, interesting fact to note:

When you use SSL search, the browser typically does not send referrer information to any HTTP links you visit

This means the more people use encrypted Google, the less information you will get about search engine and keywords searched in your websites stats tools, about people coming to your website. Unfortunately, the majority of users will probably not use it anyway. Let’s see how long it will stay in beta. On the other hand this may also get website hosters/owners to switch to HTTPS as well, as the primary means, as those will still get referrer information.

July 23, 2011

Joomla Update Mechanism – Works Flawlessly

Filed under: English,Webmaster — Tags: , , , , , — Kissaki @ 09:08

Since Joomla 1.6 updating it goes flawless, with a button click. Now it’s easy to stay up-to-date and secure.

Keep up the good work!

June 7, 2011

Nginx configuration with includes

Filed under: Administration,English,post-to-identi.ca,Webmaster — Tags: , , , , , — Kissaki @ 17:05

If you’re setting up a server with both HTTP and HTTPS access you will have to define 2 server directives in your nginx configuration. Then you will define pretty much the same in both, and just add the SSL options like cert and port in your HTTPS-server. However, there is a better way. In this blog post I will explain how to efficiently use include statements in your nginx configuration to use a better configuration file structure.

A second feasible way of using includes it for redirects. Did you change (some) of your URI-structure? Did you move a file resulting in a new URI? Put them in a separate file and include it in your hosts configuration file to keep it clean. (more…)

May 19, 2011

How to disable P3P in Joomla

Filed under: Administration,English,post-to-identi.ca,Webmaster — Tags: , , , — Kissaki @ 01:51

P3P is a protocol to publish your intent of your websites privacy policy. Now, letting the websites themselves provide the information and users trusting, or not trusting, into that brings the entire thing ad-absurdum. If you set the tool up to not accept cookies from a “bad”-policied website and it just does not provide P3P, or the wrong or incomplete P3P tags your tool will not help anything.

Anyway, Joomla implemented it and by default provides contradicting P3P tags (which may even be dangerous and put you at risk, as you publish wrong (summary) policy information – people, and lawyers, may actually take you by your word/P3P tags) [as discussed here]. (more…)

April 27, 2011

Nginx Einrichtung

Filed under: Administration,Deutsch,Software,Webmaster — Kissaki @ 23:20

Nachdem ich den Webserver-Wechsel zunächst auf Cherokee vollziehen wollte gab es für diesen zunächst einmal kein aktuelles deb-Paket / Repo und außerdem schien er (in der älteren Version die verfügbar war) auf dem Server massive Probleme zu bereiten, die nach dem Beenden nicht mehr auftraten. Die zweite Wahl war Nginx, welches kürzlich erst in der Version 1.0 veröffentlicht wurde und nach Apache httpd und Lighttpd jener Webserver mit dem größten Marktanteil ist, und vor allem auch sehr große Webseiten hostet. Für Debian und Ubuntu-versionierte Systeme gibt es auch aktuelle Pakete von Nginx, etwa GetDeb für Debian. Der Umstieg ist nun jedenfalls vollzogen. (more…)

March 17, 2011

History of Internet Explorer

Filed under: Deutsch,English,Extern,Webmaster — Tags: , , , — Kissaki @ 14:09

TheRasteri der/die schon ein wunderbares Video davon gemacht haben, wie sie ein Windows 1.0 über jede Version geupgraded haben, bis zum aktuellen Windows 7, haben ein neues Video veröffentlicht:

History of Internet Explorer, bei dem ebenfalls jede Hauptversion des IE installiert wird und geschaut wird, wie gut er läuft und rendert.

February 16, 2011

Anonymous vs HBGary – Standard-Fehler der „Experten”

Filed under: Deutsch,English,Extern,Webmaster — Tags: , , — Kissaki @ 21:47

Wie Anonymous die „Security Experten” gehackt hat (ich hatte darüber geschrieben).

Letztlich hatten die Security Experten zahlreiche Fehler begangen die schon mit den Standard Best-Practices verhindert worden wären.

So what do we have in total? A Web application with SQL injection flaws and insecure passwords. Passwords that were badly chosen. Passwords that were reused. Servers that allowed password-based authentication. Systems that weren’t patched. And an astonishing willingness to hand out credentials over e-mail, even when the person being asked for them should have realized something was up.

The thing is, none of this is unusual. Quite the opposite. The Anonymous hack was not exceptional: the hackers used standard, widely known techniques to break into systems, find as much information as possible, and use that information to compromise further systems.

February 15, 2011

Almost all E-Mail validation algorithms are wrong

Filed under: development,English,Webmaster — Tags: , , — Kissaki @ 08:12

Almost all E-Mail validation algorithms on the web are wrong. And why are they too strict?
Because the RFC allows way more characters but allows hosters to restrict their own mail addresses more ofc.
And most hosters will go for alpha-numeric with the most basic special characters like underline and minus.

With a de-facto standard of all mail hosters going a restricted way, it seems people implementing email addresses validation algorithms will not check the RFC.
And write way too strict checkers.

With quotation or escaping even another @ is allowed in your mail address. Although not very readable and very uncommon this allows for further hierarchical email addresses on one host for example.

How long is your regexp?
Probably not long enough.

Valid [via]:

  • !def!xyz%abc@example.com
  • “Abc\@def”@example.com
  • customer/department=shipping@example.com
Older Posts »