Show all feed information | Ping Blog Update
AngularJS ’s latest release candidate is the first
framework I’ve seen that cleanly supports a content security policy that restricts usage of eval() , new Function() , and the like. I’m thrilled
to see this happening, and it’s a testament to the priority that the …
When you start Chrome, it attempts to connect to three random domains like http://aghepodlln/ or http://lkhjasdnpr/ . I’ve seen a few theories about why exactly this happens that brush up against the nefarious. The true rationale is incredibly mundane: hopefully this short summary will …
New Year’s resolutions come in all shapes and sizes; if you’re a web
developer stuck for good ideas of things you could do to improve the world
(or at least the tiny chunk of it that’s concerned with web performance and
security) I’d like to propose two: secure …
Back in November, I presented twice at the Google Developer Day in Tel-Aviv.
The first of those talks has been uploaded , and I spent most of the
afternoon transcribing it to post here. I wanted to give the audience (you!) an
introduction to screen readers, and to building accessible websites …
I had the opportunity to present a few demos during the Chrome section of Saturday’s Google Developer Day in Berlin (which, incidentally, was a blast).
I expect a video to go up at some point in the vaguely near future, but, since
I got more than a few questions about it, I’ll throw …
After reading the Content Security Policy primer that I wrote earlier this month, you should have a good idea of the benefits that CSP can offer a website developer. Whitelisting known-good resource origins, refusing to execute potentially dangerous inline JavaScript, and banning the use of eval …
The browser is not a safe programming environment. It is
inherently insecure. – Douglas Crockford, “Ajax Security” The web’s security model is fundamentally broken, and has been since the beginning. Browsers trust the code they receive from a website, so each chunk of …
With a simple Wi-Fi packet-sniffer, intercepting login cookies over the air is far easier than it ought to be. Firesheep demonstrated this vulnerability definitively, showing the public exactly how trivial it is to hijack unencrypted HTTP sessions. So, we learned an important lesson: running …
Dave Winer ends an otherwise quite reasonable piece about his concern at
Facebook’s “frictionless sharing” with a non sequitur attack on Chrome for,
as far as I can tell, nothing it’s actually doing: One more thing. Facebook doesn’t have a web browser, yet, …
I sat down with Technikwürze’s Marcel Böttcher way back at the beginning of February to talk about the exciting new release of Chrome 9 to the stable channel, and a few other bits and pieces of the Chrome ecosystem. That interview (in German) is just now seeing the light of day as …
I help make Chrome even better. https://mikewest.org/
I'll throw slides up online once I'm back home. Hopefully tonight, but maybe right after the holiday. :-)@mikewest
München, DE
