helion-prime
home about us blogs contacts

Archive for the ‘internet’ Category

Use https securely

Thursday, June 7th, 2012

preamble

Nowadays everyone understands how easy to hijack unsecured http session. So, https is the key for secure web. Sometime people don’t use https for small project due to price of certificates, http://www.startssl.com/ solves this problem, they give (Class 1) certificates for free, and verified (Class 2) have ridiculous cost. Therefore the only problem is errors of https usage.

keep cookie safe

The cookie can be stolen before redirect to https, to avoid cookie theft you need to use ‘Secure’ flag. It instructs browser to send cookie only thru https connection.

Set-Cookie: mycookie=somevalue; path=/securesite/; Expires=12/12/2345; Secure;

make correct redirect

When certificate is adjusted for usage with application server you need to redirect users from http://mysite.com to https://mysite.com. The redirect opens vulnerability as an attack can be performed before redirect.

The HTTP/1.1 specification (rfc2616) informs us that http responsе codes 301 (“moved permanently”) и 302 (“found”/”moved temporarily”) can be cashed by browser. So by using of Expires or Cache-Control max-age with big expiration dates we can avoid redirects.

Expires: Mon, 01 Jan 2099 00:00:00 GMT

Another idea is usage of Strict-Transport-Security header. It informs browser that website accessible only thru https. All http quires will be rewritten on client-side by browser.

Strict-Transport-Security: max-age=31556926;

It tells browser that support Strict-Transport-Securityto use only https for particular site during 1 year. At this time Firefox and Chrome support it, Opera waits till this standard change type to ‘agreed’ or ‘established’.

don’t mix content

You should ensure that you don’t use content from http sites. Often people forget that they use CDN to load libraries or Google analytics. So check for each http entry on your site and change it to https.

How to finish with differences in renders of HTML in browsers

Thursday, August 18th, 2011

preamble

When there is no standard there is no same approach for same things and we have chaos.
But we have standards for HTML and CSS, we can find them all on W3C pages http://www.w3.org/MarkUp/ and http://www.w3.org/Style/CSS/.
And still we hear from users “Why does my website look different on different browsers?” or “I want to kill developers of Internet explorer” from web-developers.

complexity of standards

First problem is the complexity of standards that should take into account many different things. It’s hard for developers to understand and develop products appropriately.
As W3C can’t simplify standards it should put special effort to develop and provide special set of test-cases like famous set of Acid tests but it should provides not just set of randomly picked features but complete cover of specifications – XHTML, CSS, DOM, SVG. There will be standard way to test browsers and someday we will finally have same picture on all browsers.

human nature

The problem not only in the standards but in human nature that incite some people to use evolving versions of HTML/CSS to get fantastic features. But I believe when W3C begins to provide tests it will be evident for anyone that developer is guilty for bugs or using of experimental features.

Improvement of Google Ads

Friday, June 24th, 2011

We all know that Google generates profit primarily from its advertising programs. So keeping them effective is very important but difficult task as users tend to ignore advertisement and use special plug-ins for browsers to block it.

The key here is to make Ads more attractive using information about users, as people say today make them more social. It’s clear that for Social networks like Facebook it is much easier to collect such data then for search engine that can only remember history of your searches and detect your current location.

the straightforward solution

Ask users to provide data and setup Ads they want to see!
google search with customization feature

After users click “Select Ads you want to see” they see simple Ads dashboard:
google dashboard
When users can select useful content there are no reasons for them to block it or ignore, Google can reduce amount places for Ads (like recent bottom place in Gmail) and decries distraction even more. Additionally Google can add Google offers here and turn Ads into some kind of fun.

WebP – 39% more compression than JPEG

Wednesday, June 1st, 2011

WebP is a lossy compression method proposed by Google. The degree of compression is adjustable so a user can choose between file size and image quality. WebP typically achieves an average of 39% more compression than JPEG without loss of image quality.

You can check gallery that compares JPEG and WEBP (The WebP images are more than 30% smaller than the JPEG ones): http://code.google.com/speed/webp/gallery.html. The only problem with this method is bad browser support. At this time it’s just Google Chrome 9+ and Opera 11.10 beta.

You can create WebP images in ImageMagick, and XnConvert. You can also use WebP command line utility to convert.

Find more information about WebP: http://code.google.com/speed/webp/

Google voice versus skype

Thursday, August 26th, 2010

Yes, it’s finally happened, we can call regular phones with Google voice. That Google Voice VoIP functionality based on Gizmo5 technology [http://www.google.com/gizmo5/]. Also good news are: Google agreed to trial free calling booths at an airport and a pair of universities!

Now, all that we need is to compare prices and test quality.

Prices comparison

Country Google voice Skype
United States free 2.4 ¢/min (incl. VAT)
Canada free 2.4 ¢/min (incl. VAT)
India 6 ¢/min 10.6 ¢/min (incl. VAT)
UK landline 2 ¢/min 2.4 ¢/min (incl. VAT)
UK mobile 18 ¢/min 29.10 ¢/min (incl. VAT)
Mexico landline 10 ¢/min 11.4 ¢/min (incl. VAT)
Mexico mobile 19 ¢/min 38.6 ¢/min (incl. VAT)
France landline 2 ¢/min 2.4 ¢/min (incl. VAT)
France mobile 15 ¢/min 23.3 ¢/min (incl. VAT)
Russia landline 4 ¢/min 5.5 ¢/min (incl. VAT)
Russia mobile 6 ¢/min 8.2 ¢/min (incl. VAT)
Russia Moscow 2 ¢/min 2.4 ¢/min (incl. VAT)
Russia Saint-Petersburg 2 ¢/min 2.4 ¢/min (incl. VAT)



As you see Google set lower prices for all cases, even if it’s few cents. You can make own comparisons for your local places:
Skype rates [http://www.skype.com/intl/en-us/prices/payg-rates/]
Google rates [https://www.google.com/voice/b/0/rates].

Quality testing

We have compared quality of sound in the same places with same computer configuration. For most cases they show almost same results.

Here we need to mention only 2 things:
Gmail Voice has clearer sound in most cases.
Skype provides better noise cancellation.

©2010 Helion-Prime Solutions Ltd.
Custom Software Development Agile Company.