Hashemian Blog
Web, Finance, Technology, Running

HTTP to HTTPS Migration

by @ 10:26 pm
Filed under: google,internet,web — Tags:

https-ssl-tlsA universally secure internet may have its defenders and detractors but like it or not, Google is going to force site encryption (https) across the board.

First it was the SEO penalty threat, supposedly giving higher scores to secure sites but it doesn't seem like that worked out great. I think Google recognized that just giving prominence to secure sites over plain ones might lead to low quality sites stealing rankings from reputable ones simply by going encrypted. That would have meant poor search results pages, possibly alienating users and driving them to competitors such a Bing.

Now Google is coming at this from another angle, the Chrome browser and this one may stick. As Chrome has the biggest browser market share on the market, they can shame non-encrypted sites right from the browser rather than jeopardizing the Google search engine money machine.

Beginning January 2017 Chrome will print a timid 'Not secure' next to a plain page's URL indicating it is not encrypted. But that is just the start. The plan is to make the label bolder and more colorful with the future versions of Chrome. I suspect that at some future point Chrome may require users to jump through warning messages to show a plain page. That would be much like the cumbersome steps needed today to show a page when browsing to a secure page with a broken or invalid certificate.

The process of migration from a plain site to an encrypted site starts with obtaining a site certificate. This used to be an expensive proposition but nowadays a basic one can be had for free. In terms of the web server there are 3 ways to migrate a site from plain to secure:

1- In-place migration of the web server application - Just about any web server on the market today can handle secure connections as well as plain ones. The process generally involves installing the certificate, making some configuration changes and the site goes encrypted. Servers with multiple domains may however need an upgrade. For that, check for SNI support. For example Microsoft's IIS below version 8 does not support SNI. And if you have users that are still on Windows XP, good luck. SNI isn't supported on that platform at all.

2- Using an https appliance - Here the web server infrastructure is left intact but instead it is fronted by another server or service known as an https appliance or SSL termination. There are many such appliances on the market that are relatively easy to set up. There are also open source products such a Nginx or HAProxy that require a bit more tech know-how. In both cases they are deployed by installing the corresponding domain certificates and exposing them to the internet traffic. Internally they access the actual web server via plain http and return the page to the users encrypted over https.

3- Using a CDN - This is similar to the 2nd method, except that the appliance is actually managed by another company, like CloudFlare (free), Akamai or  CloudFront among others, in the cloud. The benefit is that little administration is required and in some  cases, like CloudFlare, even the certificate is pre-handled. The downside is giving up a certain level control and trust which a business may not be comfortable with.

Going https is not a trivial task, specially for the less tech savvy. But at least there are a number of available migration choices, each with a number of product options. They have various degrees of convenience, efficiency, and precision but eventually one must be chosen as the https migration seems inevitable. How would this site migrate to https? Remains to be seen.

YouTube Sleep Aid

by @ 7:12 pm
Filed under: google — Tags:

youtube sleep aid

I was reading about interesting winter apps in a magazine and one mentioned was a fireplace app, so I wondered if there was a fireplace video on YouTube.

That was the proverbial Pandora's box. The search led to dozens of fireplace videos of varying lengths but then it further expanded to thousands of videos of other sounds, many of which claimed to be soothing enough to sleep to. Surprisingly many had millions of views, suggesting that many people actually use these videos as sleep aids.

The genres are countless, there are videos of fireplaces, of course, but also sounds of ocean waves, wind, trains, crickets, cicadas, rain, wheat fields, rivers, streams, fans, frogs, cars, soothing music, Tibetan chimes, people whispering, birds chirping, owls hooting, sheep bleating, cows mooing, and the ever-present YouTube staple, cats meowing for hours. They're endless with hundreds of millions in combined views.

Of course it's not like I'm new to being lulled by YouTube. Many times I have fallen asleep watching a video on my smartphone. In my case it's mostly a preacher spewing nonsense or a suspect droning on during an interrogation.

 

Google Voice Gets More MMS

by @ 3:21 pm
Filed under: google — Tags: ,

google-voiceI have been a Google Voice (GV) user for years. It's been an indispensible product for me. I have the app on my Android phone, the plugin on my Chrome browser, and text/voicemail forwarding on Gmail. I don't even know my own cell phone number by heart because GV is my main number.

The only problem over the years has been the inability to send or receive MMS messages. MMS is like SMS, only much richer. It's used to send photos or carry on group texting. In case of GV most MMS messages to/from a variety of carriers would just go into a black hole without even a warning. That's been an annoying fact over the years and I have never known who is at fault there. My assumption is that carriers have refused to work with GV because of some competitive paranoia.

There have always been some rumors that GV is relegated to some corner office, perhaps much like Google Reader before its eventual demise or Feedburner. Although the latter product is still very much alive, albeit unloved.

Now comes the news that GV has been given MMS capability with pretty much all carriers, save unfortunately the biggest one, Verizon. Still, it's a shot of confidence for people like me who appreciate GV and have been long-time users.

I tested GV MMS via AT&T and indeed it works well. And yes, the Verizon test failed. Think it's time for Verizon to shake the irrational fear and get on with this.

Bait and Switch Google Adwords

by @ 12:37 pm
Filed under: google,hacking,web — Tags: ,

We're all familiar with targeted banners these days. Visit a shoe site and suddenly all banners in various web sites are shoe-related.

It seems the banner scammers/hijackers have figured this out too. Recently I noticed suspicious Adwords banners originating from a site called adnxs.com.

My guess is that the malware authors use Adwords or similar networks or sub-networks to target users with certain keywords, for example shoes. They may upload legitimate ads in the beginning and may even run them for a while to gain the network's trust. But then the switch happens and malware ads such as below are displayed.

malware banner

To a lay user, a banner such as above may look legitimate enough to click which will inevitably lead to a malware download and it's game-over for that user. The banner obviously has the tell tale look of being a scam, with the "importent" update it purports to install.

Hard to say if adnxs.com or similar sub-networks are in on the scam or just look the other way as long as the money keeps coming. Whatever the case, browsers and anti-virus programs seem unable to stop these annoying and harmful banners.

Facebook Like, The Big Fake

by @ 6:25 pm
Filed under: google,web — Tags: ,

facebook fake likeEarlier this year this insightful article delved into the business of click farming where people and businesses (and apparently even the US government) pay shady companies a modest fee for thousands of Facebook likes, or Twitter followers, or YouTube views. Only that these likes and clicks are generated by click farms, either malware robots and zombies, or zombie-like people clicking mindlessly, essentially producing inflated popularity through fraud.

I am not much a social media expert or even user, yet I knew about click farming. I just didn't know how extensive the practice was until recently.

At this point we must assume that the vast majority of likes, views and followers are fake. Certainly not everyone is involved, but faced with such overwhelming and obvious scam, one must conclude that digital popularity is now but fiction and holds no credibility. And it doesn't matter who they are, even governments, legitimate companies and celebrities can not be ruled out.

Online scamming is not new. When link farming became a popular method to attain high ranking in Google results pages, Google fought back by changing the rules because SEO scamming was becoming an existential threat to its business. Once users' trust is lost, it is difficult, if not impossible, to gain it back.

Popular social sites such as Facebook, Twitter, LinkedIn, and YouTube are now faced with the same credibility issue and they are fully aware of the problem and have the means to correct it. But it's business as usual because most users haven't woken up to the reality of click farming, yet.

Just like now when everybody immediately dismisses an email purportedly sent by a Nigerian prince, an increasing number of users are glossing over the stats on social sites. When the majority of these stats are fake, the whole system becomes useless and irrelevant.

The Web (Google) Fear

by @ 1:53 pm
Filed under: google — Tags:

Gmail is having intermittent outages today but when i saw the below page my heart sank thinking they had suspended my account. The message is so personal:

We're sorry but your Gmail account is temporarily unavailable.

Seems innocent enough until you start thinking, what if it is my account only? Have I been banned, am I being penalized for some unknown behaviour, or just my technical issue number was up? What then, who'll help me?

Pretty scary when most of life is lived online where it can be yanked away from one in a moment with no recourse.

Fortunately, judging by the tweets, I wasn't a lone target today. I still belong 🙂

gmail-outage

YouTube Disable-Annotation Broken

by @ 9:59 pm
Filed under: google — Tags: ,

I've never liked annotations on YouTube videos. They are more annoying than useful, so I had my account configured to never show them by unchecking the box as shown below.

But recently YouTube has been ignoring this setting and the only way to shut off annotations is from the Settings icon on every playback, Quite annoying!

youtube permanent annotation setting

Outlook is Private - Really!

by @ 12:12 pm
Filed under: email,google,microsoft — Tags: ,

Logging into my Hotmail/Outlook account this morning I was greeted with this message touting the benefits of Outlook. They saved the best for last, claiming that "Outlook is private". Talk about false advertising.

outlook is private?

 

It was barely a week ago when news leaked that Microsoft had snooped on an employee's Hotmail account while investigating a hacking incident. And before that there were news of Hotmail snooping on inboxes on behalf of the NSA.

If you are going to make a false statement, at least wait for a period of time for the negative news to fade. Taking veiled pot-shots at Google for showing related advertising on Gmail is easy enough. But I'd much rather have a computer algorithm display related ads while reading emails, than have a forensic team at Microsoft read and analyze my emails or send them to some government agency to be collected and mined unconstitutionally. And then to have the gall to make the phony privacy-abiding statement in the face of their blatant disregard for privacy?

NCAA basketball Brackets on Google

by @ 6:04 pm
Filed under: google — Tags: , ,

Kind of late to mention this as we get close to the end of the 2014 NCAA men's college basketball championship games, but Google has made it easy to check on the games in progress and their results. Just type in bracket in Google and get the info at the top of the results page.

Best wishes to my alma mater, University of Connecticut. Go UConn Huskies !

uconn-ncaa-bracket

 

IP Address on Google

by @ 6:14 pm
Filed under: google — Tags:

Google Search seems to always be adding new features. From measurement conversions to calculator to word definitions, users can get answers to many of their questions without clicking on any results at all.

That's good news for users, but not so for sites who rely on search results for users to click on. One example is getting one's IP address online. There are plenty of services including whoami on this very site that help users with that. Most of these services also provide additional information, but if all the user wants is to know their IP address, a simple Google search for ip will bring up the answer right away.

 

google ip

 

 

Older Posts »

Powered by


Read Financial Markets  |   Home  |   Blog  |   Web Tools  |   News  |   Articles  |   FAQ  |   About  |   Contact
Bitcoin: 1K9TzBvQ2oaEb4tX9t2vKDtZouMcpfV6QF
© 2001-2017 Robert Hashemian   Powered by Hashemian.com