Most Creative 404 HTTP Response Ever? - DotTechnologies

Monday, 26 March 2012

The HTTP 404 Status Code is one of the HTTP status codes that all web developers and nearly all web users are all too familiar with. It is an HTTP response indicating that an HTTP request was received by the intended server, but that the exact resource specified in the request URI cannot be found on the server. In the early days of the World Wide Web, it seemed like many sites did not bother doing anything in particular about this page. This meant that a pretty useless and nearly blank page would show up in the user's browser. Some browsers, such as Internet Explorer, attempted to provide more general details in a "user friendly" format.

These browser attempts at providing more details about the cause of a 404 response status were still not very helpful because there is no good general way to handle a 404 error response. Instead, it is preferable for a site to provides its own custom 404 response page. The advantages of a custom 404 are discussed in more detail in Importance of Custom 404 Error Pages.

In recent years, there has been a dramatic increase in the percentage of sites providing a custom 404 error response. This is especially true for sites that want to do whatever that can to retain the user's business and/or traffic to their site. These sites attempt to do their best to provide a search or suggestions for what the user can do next. Some sites don't try to fix the situation, but instead automatically redirect to the site's main page. Other sites perform a combination, providing a search box and acknowledgement of an unfound page for a few seconds and then automatically redirecting to their main page.

After seeing the reference on reddit Programming to Github's Star Wars Themed 404 Page, I wondered if there are any 404 error responses more clever than this one. The Github 404 page may not be the best at helping the user find what he or she was looking for, but it is funny and does provide links to other actions that might be taken.

I tried some intentionally unavailable URIs on some of my most-accessed sites to see how their 404 responses are handled. In the rest of this post, I look briefly at some of them and analyze the value each provides. Mostly though, I was simply looking for the most interesting 404 page I could find and so far I haven't found any more funny than Github's.

http://marxsoftware.blogspot.in

Adobe Launches Sandboxed Flash Player For Firefox, Hopes For Fewer Exploits - DotTechnologies

Tuesday, 7 February 2012

The design is similar to that of Adobe Reader X Protected Mode

Adobe has released a beta version of Flash Player for Firefox, which has better protection against vulnerability exploits because of a new sandboxed architecture.

"The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach," said Peleus Uhley, platform security strategist at Adobe, in a blog post on Monday. "Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities."

In secure software development, sandboxing refers to the practice of isolating a process from the operating system in order to minimize the fallout of a potential exploit. This type of technology has gained popularity in recent years, primarily because of its use in Google Chrome, a browser that has never experienced a successful remote code execution attack so far.

Adobe decided to implement sandboxing in Adobe Reader back in 2010 in order to counter the large number of exploits that targeted the product and its users. The technology was built into Adobe Reader X (10.0) and is based on the same sandboxing principles that Google used when developing Chrome.

Later that same year Adobe also launched a sandboxed version of Flash Player for Chrome and promised to explore the possibility of doing the same for other browsers. The new sandboxed Flash Player for Firefox, which works with Windows Vista and Windows 7, is the result of those efforts.

Critical Flash Player vulnerabilities have regularly been exploited to infect computers with malware during the past several years. Along with Java and Adobe Reader, Flash Player is one of the most attacked software applications because its vulnerabilities can usually be exploited by simply visiting a malicious website.

"Since its launch in November 2010, we have not seen a single successful exploit in the wild against Adobe Reader X," Uhley said. "We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year."

However, the success of this version at deterring cybercriminals from writing Flash Player exploits in the future will largely depend on how quickly it gets adopted. In order to speed up the process, Adobe is working on a new update mechanism, the company's senior manager for corporate communications, Wiebke Lips, said.

Having a sandboxed version of Flash Player for every major browser, not just Chrome and Firefox, is also important, if Adobe wants cybercriminals to lose interest in its product. "We are currently in the process of researching the best path to provide Flash Player sandbox protection for Internet Explorer," Lips said.

However, because Internet Explorer has a completely different plug-in architecture than Chrome and Firefox, namely ActiveX, developing a sandboxed Flash Player version for it requires a different approach, Lips said. Nevertheless, the current version of Flash Player supports Protected Mode in Internet Explorer 7 or later on Windows Vista and Windows 7.

Article Source: http://www.infoworld.com/

PHP 5.3.10 Fixes Critical Remote Code Execution Vulnerability - DotTechnologies

Monday, 6 February 2012

The vulnerability was introduced by the fix for a hash collision denial-of-service flaw.

The PHP Group released PHP 5.3.10 on Thursday in order to address a critical security flaw that can be exploited to execute arbitrary code on servers running an older version of the Web development platform.

The vulnerability is identified as CVE-2012-0830 and was discovered by Stefan Esser, an independent security consultant and creator of the popular Suhosin security extension for PHP.

SecurityFocus classifies the issue as a design error because it was accidentally introduced while fixing a separate denial-of-service (DoS) vulnerability in early January.

That vulnerability is known as CVE-2011-4885 and was disclosed in December 2011 at the Chaos Communication Congress by security researchers Alexander Klink and Julian Wälde.

It affects a number of Web development platforms including PHP, ASP.NET, Java and Python and can be exploited in a so-called hash collision attack. The PHP development team addressed CVE-2011-4885 in PHP 5.3.9, which was released on Jan. 10.

"The fix for the Hash Collision DoS introduced a new directive (max_input_vars) to limit the number of accepted input variables," said Carsten Eiram, chief security specialist at vulnerability research firm Secunia.

"However, due to a logic error in the "php_register_variable_ex()" function in php_variables.c certain cases are not handled correctly when the number of supplied variables is greater than the imposed limit," he explained.

This error can be exploited by attackers to remotely execute arbitrary code on a system that runs a vulnerable PHP installation. PHP 5.3.9 along with any older versions for which the hash collision DoS patch was backported, are affected, Eiram said.

Proof-of-concept code that exploits this vulnerability has already been published online, so the likelihood of attacks targeting CVE-2012-0830 are high. Web servers administrators are advised to upgrade to PHP 5.3.10 immediately.

 Article Source: http://www.infoworld.com/

Google Introduces Country Domains On Blogger To Aid Content Removal - DotTechnologies

Friday, 3 February 2012

The decision by Google appears to precede a move by Twitter to selectively delete messages in some countries.

Google is directing users to localized country domains on Blogger to provide it flexibility to comply with content removal rules in various countries.
 The move suggests that Internet companies are coming to terms with the need to follow local rules, as they try to gain users in countries where there are concerns about pornography, and certain political and religious content.

[ Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]

Google's update on Jan. 9 came ahead of Twitter's controversial decision last week to withhold certain content from users in a specific country, when required by local laws, while keeping it available to the rest of the world.

Over the coming weeks, users might notice that the URL (uniform resource locator) of a blog they are reading has been redirected to a country-code top level domain, or ccTLD, Google said on a support page on Blogger that was first noticed by the news site Techdows.

"Migrating to localized domains will allow us to continue promoting free expression and responsible publishing while providing greater flexibility in complying with valid removal requests pursuant to local law," Google said. Content removed due to a specific country's law will only be removed from the relevant ccTLD, it added.

Google is facing legal action in India in connection with content on its sites that is said to be objectionable. The Indian government in January allowed a court in Delhi to prosecute Google, Facebook, and 19 others, after Vinay Rai, editor of a local newspaper, filed a suit alleging objectionable content on their websites. Google had meanwhile appealed the lower court order before the Delhi High Court.

The Indian government has also demanded that Google and others should evolve mechanisms to quickly remove online content considered objectionable under Indian law.

But the feature on Blogger is part of a global rollout, and has little to do with the current situation in India, said a source close to the situation, who requested anonymity.

Services like Blogger, YouTube and Google+ help users to express themselves and share different points of view, Google said in a statement on Thursday. Where content is illegal or breaks Google's terms of service, the company will continue to remove it, it added. Google did not respond to a request for comment whether the changes on Blogger were linked to the court decision in India.

Google's YouTube also restricts access to content by IP address, citing the requirement of some content partners to make their videos available only to certain countries. It also blocks specific content in order to comply with local laws in countries where YouTube has launched. "For instance, certain Nazi imagery is unlawful in parts of Europe," according to a YouTube support page.

French Court Fines Google $660,000 Because Google Maps Is Free - DotTechnologies

Thursday, 2 February 2012

Google faces a $660,000 fine after a French court ruling that the company is abusing its dominant position in mapping by making Google Maps free.
                                                        

According to The Economic Times, the French commercial court “upheld an unfair competition complaint lodged by Bottin Cartographes against Google France and its parent company Google Inc. for providing free web mapping services to some businesses.”

Bottin Cartographes provides mapping services for a cost, and its website boasts several business clients such as Louis Vuitton, Airbus and several automobile manufacturers.

The French court ruling requires Google to pay $660,000 (500,000 Euros) in damages and interest to Bottin Cartographes, along with a 15,000 Euro fine. That means Google’s total cost from the ruling is about $680,000.

A Google France spokesperson says the company is still studying the court’s decision and reviewing its options, adding that Google is “convinced that a free high-quality mapping tool is beneficial for both Internet users and websites.”

As you can see from the related stories listed below, this is far from the first time that the French have raised legal issues with Google.

About The Author: Matt McGee is Search Engine Land's Executive News Editor, responsible for overseeing our daily news coverage. His news career includes time spent in TV, radio, and print journalism. His web career continues to include a small number of SEO and social media consulting clients, as well as regular speaking engagements at marketing events around the U.S. He blogs at Small Business Search Marketing and can be found on Twitter at @MattMcGee and/or on Google Plus. See more articles by Matt McGee

Google, Bing & Yahoo In Partnership To Sell Top Organic Local Listings - DotTechnologies

Wednesday, 1 February 2012

A new service offered by Bruce Clay Inc. called Local Paid Inclusion should raise a few eyebrows in the search marketing community – if there's any truth to it, that is. Officially in alpha, according to backend partner Universal Business Listings, the LPI program will offer top organic rankings in local listings for a fee, sources told Search Engine Watch.

UBL’s Doyal Bryant told SEW in a phone interview that the service is on hold, at the very least until next week, while the organizations test and troubleshoot.

However, both Google and Bing strongly deny any such program is in development.

"We are not working on any program that enables a site to pay to increase ranking in organic search results," according to a Google spokesperson.

Bing also denied taking part in such a program.

"Bing is not working on the Local Paid Inclusion program and would not consider giving preferential treatment to advertisers in organic search results," according to a Microsoft spokesperson.

Now UBL is also denying any involvement:

Universal Business Listing denies any association with articles and news reports about a "paid inclusion" business listing service. The company has made no such announcements or claims, particularly in regards to Google. It has no product announcements pending.

Bruce Clay Inc is a reseller of UBL's existing business listing syndication service and is not currently testing any new service from our company.

One program partner explained to Search Engine Watch how it will work:

“Using Google as an example, a local business in the ‘organic places’ area can pay a small monthly fee and this program moves them to the top area of the Places results. So essentially, it creates a premium section at the top of the Places results that never before existed, and a local business can pay a fee to appear in that area. As a result, whenever Places appears on the first page of Google results, and you are in the Local Paid Inclusion program, you should appear in that area of the first page of Google results.”



                        

The Local Paid Inclusion website, owned by Bruce Clay, states:

    “In January of 2012 we were approached to participate in a new and exciting program: Local Paid Inclusion (LPI). We’re offering it directly to local businesses, to chains of businesses, to resellers and through large distribution channels. We have an exclusive agreement to distribute LPI to domain registrars.

    Local Paid Inclusion is a Google, Yahoo and Bing official service that is offered as an approved official contracted program in cooperation with those search engines. This is a program supported by the search engines directly - and you can order it here. The search engines do not sell this directly.”

The website also has pricing information:

    The paid inclusion prices are based upon value: First page local results rankings for an average of less than $1.70 per day. If Call Tracking is involved that call fee is extra. This fee covers up to 30 keywords appropriate to your profile page and business, making the fee about $0.06 per day per keyword... less expensive than PPC and definitely higher impact because it is in the organic results area of the search results page.

We have confirmed that the paid listings are categorized as organic and will not be marked paid, advertising, or sponsored. They should blend seamlessly with organic local listings. This offering is not connected with Google’s AdWords Express program or other similar programs offered by others in the arrangement, but creates new space for LPI program listings.

“It’s a really exciting program, when we’re ready we’ll start talking about it,” Bryant told us earlier today.

This arrangement raises a few important questions:

    * Should search engines profit from the sale of organic listings?
    * Should this type of paid advertising be marked as such?
    * How does paid organic inclusion affect the quality of local listings, when paid listings can outrank those chosen for the top spot based on relevancy, geography, ratings, or other factors?
    * Hasn’t paid inclusion died a slow death a few times already?

For now, there are more questions than answers. As it stands, the players have been dragged into the limelight on this one kicking and screaming, you could say; the search engines involved are reportedly working out technical issues and did not want the program announced for another two to three weeks.

We reached out to Google, Bing and Yahoo to ask why the program was awarded in an exclusive contract, rather than through an internal program or some other kind of open, premium listings offer. We will update this article as we hear back.

Editor's note: This story has been updated to include statements from Google, Bing, and UBL.

Microsoft Sets Office 15 Public Beta For Summer 2012 - DotTechnologies

Tuesday, 31 January 2012

Microsoft today announced it has kicked off a "technical preview" of the next version of its money-making Office suite and promised a public beta will ship this summer.
                                                

The move is a repeat of the route Microsoft took with Office 2010, which was distributed to a select group of testers as a technical preview in July 2009.

Microsoft said little about "Office 15," the code name for the product, and nothing about its Word, Excel, Outlook and PowerPoint applications in a blog post Monday that announced the preview.

"I'm not able to share too much about Office 15, but I can tell you Office 15 is the most ambitious undertaking yet for the Office Division," wrote P.J. Hough, the executive who leads the Office division. "With Office 15, for the first time ever, we will simultaneously update our cloud services, servers, and mobile and PC clients for Office, Office 365, Exchange, SharePoint, Lync, Project, and Visio."

Hough said the Office 15 technical preview was "already full," but added that "everyone will have the opportunity to try the Office 15 public beta later this summer."

He did not specify a date or set a month for the beta's availability.

Three years ago, Microsoft began the technical preview of Office 2010 in July 2009, followed that with a public beta in mid-November and launched the final product in April 2010. The suite hit retail shelves in June 2010.

If Microsoft follows a similar pace, it will release an Office 15 beta in late May or early June, wrap up the final code in October or November, and start selling the suite in December 2012 or January 2013.

Unless Microsoft changes Office's naming convention for Office, it will be called "Office 2013," as the two previous editions of the suite -- Office 2007 and Office 2010 -- actually shipped in the year prior to the one used in their titles.

It's possible, of course, that Microsoft has a faster release cadence in mind, and will ship the next Office alongside Windows 8 -- which most experts expect to see in October -- to duplicate the simultaneous launch of Windows Vista and Office 2007 in November 2007.

Microsoft may have required the invitation-only testers to sign a nondisclosure agreement that bars them from sharing secrets about the new suite, but that may not stop the unfinished code from leaking to others: Copies of the Office 2010 preview appeared on file-sharing sites even before Microsoft officially opened the program.

The company has not pegged the system requirements for Office 15, but it's possible that the new suite will not run on the decade-old Windows XP because that operating system is slated for retirement in April 2014.

Office 15 refers to the numbering system Microsoft uses to identify each edition: Office 2010 on Windows and Office 2011 on the Mac, for instance, are both labeled as "Office 14." Microsoft skipped "Office 13," jumping from 12 (Office 2007) to 14 (Office 2010) to avoid the unlucky number.

Office is one of Microsoft's biggest sources of both revenue and profit: In the fourth quarter of 2011, the Business division, which is responsible for Office, accounted for 30% of all revenues and 52% of all operating income.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer or subscribe to Gregg's RSS feed Keizer RSS. His e-mail address is gkeizer@computerworld.com.
Top