Tag Archives: www

Google 的 www.google.com 要上 HSTS 了

Google 宣佈 www.google.com 要上 HSTS 了:「Bringing HSTS to www.google.com」。 雖然都已經使用 EFF 的 HTTPS Everywhere 在跑確保 HTTPS,但這個進展還是很重要,可以讓一般使用者受到保護... Google 的切換計畫是會逐步增加 HSTS 的 max-age,確保中間出問題時造成的衝擊。一開始只會設一天,然後會逐步增加,最後增加到一年: In the immediate term, we’re focused on increasing the duration that the header is active (‘max-age’). We've initially set … Continue reading

Posted in Computer, Murmuring, Network, Search Engine, Security, Software, WWW | Tagged , , , , , , , , , , , , | Leave a comment

CloudFlare 放出可以同時支援 HTTP/2 與 SPDY 的 nginx patch

CloudFlare 放出可以同時支援 HTTP/2 與 SPDY 的 nginx patch:「Open sourcing our NGINX HTTP/2 + SPDY code」。 不過 patch 的版本有點舊: We've extracted our changes and they are available as a patch here. This patch should build cleanly against NGINX 1.9.7. 如同原文下面 comment … Continue reading

Posted in CDN, Computer, Murmuring, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , , | Leave a comment

利用 HSTS 資訊得知網站紀錄的 sniffly

看到「sniffly」這個工具,可以利用 HSTS 資訊檢測逛過哪些網站,程式碼在「diracdeltas/sniffly」這邊可以找到: Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome. 測試網站則可以在這邊看到,作者拿 Alexa 上的資料網站來掃,所以熱門網站應該都會被放進去... 主要是利用 HSTS … Continue reading

Posted in Browser, Computer, Firefox, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , , , , | Leave a comment

nginx 1.9.6 釋出

在 nginx 的官網上可以直接看到連結,點進 CHANGES 後可以看到兩項關於 HTTP/2 的修正: *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2. Thanks to Piotr Sikora and Denis Andzakovic. *) Bugfix: the $server_protocol variable was empty when using HTTP/2. *) Bugfix: … Continue reading

Posted in Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , | Leave a comment

幾個使用 LWP (WWW::Mechanize) 的好習慣...

WWW::Mechanize 是繼承 libwww-perl 中 LWP::UserAgent 的工具,所以這個方式通用於兩者... 首先是在取得資料時加上 Accept-Encoding: gzip 的 header,這可以在產生物件時指定,之後就都會送出: my $ua = LWP::UserAgent->new; $ua->default_header('Accept-Encoding' => 'gzip'); 取回後直接透過 HTTP::Response 的 decoded_content 幫你處理: my $res = $ua->get($uri); my $msg = $res->decoded_content; 取回的 $msg 會是 Perl internal encoding,要變成 UTF-8 還需要透過 Encode … Continue reading

Posted in Computer, Murmuring, Network, Programming, Software, WWW | Tagged , , , , | 2 Comments