Monday, November 15, 2010

Coding Horror: Breaking the Web's Cookie Jar

Coding Horror: Breaking the Web's Cookie Jar

"The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works:

  • Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn't require a password before you can connect to it.
  • Install Firefox and the Firesheep add-in.
  • Wait. Maybe have a latte while you're waiting.
  • Click on the user / website icons that appear over time in Firesheep to instantly log in as that user on that website.
    ...

    what Firesheep does is relatively straightforward:

    1. Listen to all HTTP traffic.
    2. Wait for HTTP headers from a known website.
    3. Isolate the part of the cookie header that identifies the user.
    4. Launch a new browser session with that cookie. Bam! As far as the target webserver is concerned, you are that user!

    All Firesheep has to do, really, is listen. That's pretty much all there is to this "hack". Scary, right? Well, then you should be positively quaking in your boots, because this is the way the entire internet has worked since 1994, when cookies were invented.
  • Open Data Protocol (OData)

    Open Data Protocol (OData)

    "The Open Data Protocol (OData) is a Web protocol for querying and updating data that provides a way to unlock your data and free it from silos that exist in applications today. OData does this by applying and building upon Web technologies such as HTTP, Atom Publishing Protocol (AtomPub) and JSON to provide access to information from a variety of applications, services, and stores. The protocol emerged from experiences implementing AtomPub clients and servers in a variety of products over the past several years. OData is being used to expose and access information from a variety of sources including, but not limited to, relational databases, file systems, content management systems and traditional Web sites."

    InfoQ: Silverlight Is for the Client, HTML5 for the Web

    InfoQ: Silverlight Is for the Client, HTML5 for the Web

    When we started Silverlight, the number of unique/different Internet-connected devices in the world was relatively small, and our goal was to provide the most consistent, richest experience across those devices. But the world has changed. As a result, getting a single runtime implementation installed on every potential device is practically impossible.

    As a result, Microsoft has embraced HTML5:

    We think HTML will provide the broadest, cross-platform reach across all these devices. At Microsoft, we’re committed to building the world’s best implementation of HTML 5 for devices running Windows, and at the PDC, we showed the great progress we’re making on this with IE 9.

    China Officially Overtakes U.S. in Supercomputer Performance | News & Opinion | PCMag.com

    China Officially Overtakes U.S. in Supercomputer Performance | News & Opinion | PCMag.com

    The Chinese Tianhe-1A system at the National Supercomputer Center in Tianjin has achieved a performance level of 2.57 petaflop/s (quadrillions of calculations per second). This puts it in the number one spot on the 36th edition of the TOP500's world's most powerful supercomputer list