Author Archives: ericlaw

Unsecure Content

Chrome has landed their change that allows you to mark unsecure (HTTP) content as insecure or dubious. Visit chrome://flags/#mark-non-secure-as to set the toggle. You can choose to mark as Dubious: …or as Non-Secure: The expectation is that eventually one of these modes will be the default for sites that are transferred over insecure protocols likeContinue reading “Unsecure Content”

HTTP Caching Public Service Announcement

There are many interesting thing to say about HTTP caching. I’ve blogged about them a lot in the past. Today’s public service announcement to clear up two extremely common misconceptions: 1. The no-cache directive does not mean “do not cache” (even though IE versions prior to IE10 implemented it that way). What it really meansContinue reading “HTTP Caching Public Service Announcement”

Browser Benchmarks

Back in December, I predicted that Microsoft wouldn’t release the Project Spartan beta until it bested all of its competitors on the major benchmarks: SunSpider, Kraken, and Octane. I was wrong—the first beta was released with only minor script performance improvements. That changed with build 10061 of Windows 10, and Spartan now does beat everyoneContinue reading “Browser Benchmarks”

Velocity Conference – 2015 Santa Clara

I’ll be speaking at my third (or fourth?) Velocity Conference in Santa Clara California one month from now. I’m always excited to go to Velocity; it’s a conference full of great talks, and more importantly, smart people working on important problems. My talk, HTTPS in 2015, delivers a whirlwind overview of HTTPS, from how itContinue reading “Velocity Conference – 2015 Santa Clara”

Security UI

Over a decade ago, Windows started checking the signature of downloaded executables. When invoked, Attachment Execute Services’ (AES) UI displays the publisher’s information for signed executables; unsigned executables instead show a security prompt with a red shield and a bolded warning that the publisher of the file is unknown: In contrast, signed executables show aContinue reading “Security UI”