The Certificate Authority model does not work for LAN devices

HTTPS is the future and the future is (finally) here. Secure HTTP requests that provide end-to-end encryption between the client making the request and the server providing it with the requested content is finally making some headway, with almost a third of the top one million sites on the internet serving content over SSL, as of August 2017:1

But what this chart doesn’t show is an important subsection of HTTP traffic that is unfortunately infamous for a general lack of security: IoT. The “internet of things,” as it is called, is famous for fiascoes that have allowed hackers to break into the privacy of homes, spying on consumers via internet-enabled nanny cams, gaining access to so-called “smart locks” to break into houses, obtaining sensitive information, and exposing private content and data thanks to insecurely designed consumer products and services that live on the local network.

Continue reading

  1. Source: BuiltWith SSL trends 

Beware of this new Chrome “font wasn’t found” hack!

Today while browsing a (compromised) WordPress site that shall remain unnamed, I came across a very interesting “hack” that was pulled off with a bit more finesse than most of the drive-by-infection attempts. This one relies on using JavaScript to change the text rendering, causing it to resemble mis-encoded text with symbols and rubbish in place of the content, then prompts the user to update “Chrome’s language pack” to fix the problem.

Continue reading

QuickSubmit for Chrome, Redux

Quick, if you had to pick one thing Internet Explorer has that Chrome doesn’t, what would it be?1 For us, it has been a dearth of common navigation shortcuts that can make life filling forms online much less painful. IE users have long been spoiled by the alt+shift+s keyboard combination to submit the currently active form – a luxury Chrome users have long had to live without.

Continue reading

  1. I’m truly, genuinely sorry if you voted “better battery life” and I wish I had better news for you, but alas… 

How to downgrade Chrome from Beta or Dev to Stable on OS X without losing profile data

As the years go by, I find that I growingly have less and less patience for dealing with experimental or beta software, and have come to appreciate more and more the value of having stable, reliable, and consistent products that get their job done and keep out of the way. I find it hard to fathom that only a few short years ago, during the days of Longhorn beta, I would derive immense pleasure from formatting and reinstalling up to three or four times a day — these days, I find setting up a PC for use after a format to be a task I shy away from even once every two or three years.

When Chrome first came out, I was quick to switch to the beta channel and later, the dev/canary channels too. Now, I just want to go back to having a browser that I can actually expect to load pages correctly, keep my keyboard shortcuts intact, and not suddenly put my data at risk due to broken back button behavior.

Switching to a more unstable build with Chrome is ridiculously easy: just download the installer for either the beta, dev, or canary Chrome channel releases and it’ll automatically upgrade your profile to the latest version and pull updates on a more-frequent schedule, on Mac, Windows, and Linux alike.

Continue reading

Updating Flash Player Manually on Chrome for OS X

Recently (late November), Adobe finally got around to releasing an update to Flash Player for OS X that comes with the long-awaited hardware-based rendering of H.264-encoded videos. However, for those of us that use Chrome, there is no way to updated to the latest 10.2 beta of Flash; Chrome uses its own copy of Flash that comes built-in and cannot be externally updated. These steps below will guide you through the process of using Flash Player 10.2 with Google Chrome on OS X:

Continue reading

Chrome’s Coolest Feature: File Upload Progress Indicator

Google Chrome 4.0 went live a couple of weeks ago, and it has a feature that’s been missing in most mainstream browsers ever since the Web was invented: a progress bar that actually shows, well, the progress of uploads. It’s really frustrating to be uploading a large file to a website or as an attachment to an email or forum post and not know whether or not it’s taking this long because it’s just slow or because it’s really stuck.

Chrome 4.0 now shows the status of file uploads as a percentage, making it very clear just how quickly (or not) your uploads are progressing – and it’s something that all browsers should add ASAP. Many social websites rely heavily on uploads of photos, videos, music, and other files and are forced to implement nasty workarounds (such as using Flash upload forms) to present a more user-friendly upload system.

Continue reading

Does it GTK/QT/Win32 Really Matter for Chrome?

128px-GoogleChromeLogo.pngA recent article on OSNews highlights the changes expected to come in Google’s Chrome 2.0 for Windows and the progress being made on the Linux and OS X fronts for Google’s new browser.

In the article, Ben Goodger, lead Chrome UI developer, states

[Google avoids] cross platform UI toolkits because while they may offer what superficially appears to be a quick path to native looking UI on a variety of target platforms, once you go a bit deeper it turns out to be a bit more problematic.” [… Your applications end up] speaking with a foreign accent.

But there’s something we’re not getting here. Obviously given enough brilliant programmers and a good team lead to keep the different codebases in sync, going with native APIs is the better approach. But the reasons Goodger is offering aren’t very convincing.

Continue reading