Halfabee.net
Talk nerdy to me.
Google Chrome Extension Sync
Jun 21st
Google is planing to add the ability to sync extensions to its Chrome browser. This itself is noteworthy, but also interesting connotations if you consider the Chrome OS platform.
Support for third party add-ons or extensions is compulsory for any browser competing in today’s market. The ability to synchronize these plug-ins is simply the next logical step. Just as it is a boon to have bookmarks synchronized across browsers on different computers, wouldn’t it be convenient for all of the browsers that you use to have the same add-ons installed and enabled? (Why yes… yes it would.)
The problem of browser data synchronization echos the challenges faced by anyone who has upgraded to a new computer or tries to use more than one PC. How do you make sure that you have all of your stuff? How can you avoid having fragmenting your documents and data across multiple computers? What’s the easiest way to customize your computer so that it’s just the way you like it?
Now consider Chrome OS. You boot up, log in with your Gmail or Google Apps credentials and you get a browser. That’s it, just a browser.
But wait…
Bookmark synchronization is built-in.
Google Docs… File sync done.
Now add extensions sync to the mix. If extensions are the Chrome OS equivalent of apps, then application sync is in the bag. Any Chrome OS computers you use would take advantage of your hand-picked extensions, thus giving you consistent functionality.
If Google actually does launch a music service this fall, that’s just one more feature that elevates Chrome OS from a mere novelty to something that’s actually quite compelling. Simply log on to a Chrome OS computer and you have all of your stuff. Now THAT’S cloud computing.
Stay Safe in 2010: Uncheck This Box in Adobe Acrobat and Adobe Reader
Jan 26th
Keeping your computer free from viruses, malware, and trojans could be as simple as one check box.
Uncheck "Enable Acrobat JavaScript"
If you’re a trusting soul and just want to take my word for it, open up Adobe Reader (and/or Adobe Acrobat), go to Edit -> Preferences -> Javascript, and uncheck “Enable Acrobat JavaScript”.
Why?
Experts are saying (and I believe them) that Adobe products such as Acrobat, Adobe Reader, and Flash will be the biggest targets for hackers in 2010. With Microsoft doing a much better job at security, hackers are turning their attention to poking at the holes in Adobe’s software. For the hackers, it just makes good sense to reach for this low-hanging fruit.
Over the course of 2009, many warnings were issued concerning vulnerabilities in Adobe’s core PDF creation and viewing products. The common thread in many of these warnings is that the vulnerabilities exploit the JavaScript functionality in PDF documents.
When I state that JavaScript is the key security hole in “many of these warnings”, I really mean “every single one that I can remember”. Users who have disabled JavaScript are not at risk.
Adobe’s security chief defends JavaScript in Acrobat. I have no qualms with JavaScript being available in PDF files, but the simple fact of the matter is that the overwhelming majority of users don’t need it, don’t use it, and wouldn’t even notice if it were turned off. Instead of choosing to make their product secure by default, Adobe has made their product the number one target for hackers.
UPDATE: Rogue PDFs account for 80% of all exploits [in Q4 of 2009], says researcher
Misleading Domain Offers
Dec 16th
As the owner of a few Internet domain names, I have become accustomed to getting domain-related scam mail. These scam mailings are crafted to look like invoices, but are in fact merely a ploy to get you to sign up for their “search engine optimization” service. Like most of my junk mail, this stuff gets ripped up and tossed in the recycle bin.
Earlier this year, I received a new but similarly misleading set of emails. The emails were related to a couple of my domain names (we’ll call them example.org and example.net). The messages seemed to be crafted to imply that the sender was the owner of the example.com domain and that the domain was for sale. Here’s an example:
Domain Sale Notice:
example.com is coming available for sale in a few days.
Since you own the domain example.net, we thought you’d be interested in example.com.
If you do have interest in acquiring example.com, please fill up priority notice form availble
here: <LINK REMOVED>
and we will contact you as soon as the domain is available for purchase.
We look forward to hearing back from you.
Kind regards,
John Timmers
InTrust Domains
4845 A Pearl East Circle
Boulder, CO 80301No more please: http://<DomainRemoved>/store/unsub/<etc…>
[NOTE: Above text edited for privacy and readability only.]
My initial reaction was one of excitement. “It would be nice,” I thought, “to have the whole matched set of domain names.” A few days later, though, I received the following email:
Our company specializes in acquiring expired domain names to help individuals and businesses protect their brand online.
The domain name EXAMPLE.COM expired recently and we were able to secure it.
We noticed that you own EXAMPLE.ORG and felt that you may be interested in acquiring the .COM version of your existing domain name.
It is available for a one-time fee of only $49.00 USD.
To purchase or learn more, please visit http://<DomainRemoved>/buy.php?domain=example.com
–
Trader Domains, LLC
sales@<DomainRemoved>
I was not pleased about the prospect of spending $50 on a domain. But wait a minute… how can two different parties be offering me the same domain name?
A few days later, I received yet another email from Trader Domains. It was identical to the first except that the price was lowered from $50 to $30.
It turns out that neither company owned the “example.com” domain. I was able to register it directly from a reputable domain registrar. That being the case, we can come to the following conclusions
- InTrust Domain’s statement that the domain would be available for purchase “in a few days” was false.
- Trader Domain’s implication that they had “secured” (or procured) the domain name was false.
The claims made by these companies are crafted to mislead consumers. Buyer beware.