Wrapup for week 21

I’ve started to do something different. I’ll try and create a wrapup of the stuff on the security and/or forensics arena that got my attention. Some may be quite interesting, others may be more fleeting.

Chrome false start

Google has added a feature to Chrome which enables it to perform a SSL-handshake in less messages, resulting in a quicker session setup for the end-user. The beautiful thing is, that the only thing that needs adjustment is the browser, not the server. That’s very nice, and here is a writeup by @cyberwar on the implication that this effort will have on the adoption of SSL.

IPv6 failure coverup in chrome

If you have a network setup where IPv6 is somewhat broken, you are in trouble. The definition in this case for ‘somewhat broken’ reads as: you have a IPv6 address, but no real IPv6 connection to the interwebs. What happens is that you ask for an address to the DNS, which hands you a AAAA and an A record back. You try the AAAA record, which will fail, but it may take some time for the browser to actually notice that the IPv6 connection will not do what it intended to do, after that it will try the A record for IPv4. Chrome now has a feature called IPv4-fallback, which works like this: chrome tries to use the AAAA record, but sets a really low timer (300ms) on that connection. If it doesn’t get an answer within that time back from the server, it will start an IPv4 connection as well for the A record. The first connection to complete, either the AAAA or A, will be chosen to transfer the request and/or data. On a fast connection, this is a quite elegant way for the browser to solve the end-user’s broken network. Naturally, the end-user should fix his network, but with broken CPE it might not be that easy to do. Networkworld has an article on this, as well as the upcoming IPv6 world day (8 June 2011).

Google prediction API

The Google Prediction API may be the prelude of an upcoming trend, where the algorithms and computing power from Google can be used for your own benefit. The example described in the article is done by Ford motor company, but when you start to think about it, there may be a lot more cases where it makes sense to use the Google machine learning algorithms to make the business more profitable by helping the end-user attain his goals more easily.

Roll your own Supercomputer for $1060/h

To finish this weekly wrap-up: how to roll your own supercomputer for $1060/h, which is quite cheap once you think about it. I cannot run computing power like this for this tariff (when also including downtime and idletime).