Free Software and the Web

posted by Roy Schestowitz on Jun 14, 2024

• Back End/Databases

  • Giovanni Collazo ☛ Optimal SQLite settings for Django

    However, my previous experience with SQLite has taught me that it’s much more capable than what the Django docs suggest, offering better performance and simpler administration. So, I decided to migrate. To achieve the best possible performance, I had to configure Django and SQLite correctly.

  • Nico Cartron ☛ My feedback on OpenBSD.Amsterdam as hosting company

    As I explained here and here, I recently moved my dedicated email server from a Debian GNU/Linux, hosted by OVH in France, to OpenBSD hosted by OpenBSD.Amsterdam, in... Amsterdam, the Netherlands (surprise!)

• Web Browsers/Web Servers

  • ACM ☛ Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains

    Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information. In 'typosquatting,' misspellings of common domains are registered to exploit errors when users mistype a web address. Yet, no prior research has been dedicated to situations where the linking errors of web publishers (i.e. developers and content contributors) propagate to users. We hypothesize that these 'hijackable hyperlinks' exist in large quantities with the potential to generate substantial traffic. Analyzing large-scale crawls of the web using high-performance computing, we show the web currently contains active links to more than 572,000 dot-com domains that have never been registered, what we term 'phantom domains.' Registering 51 of these, we see 88% of phantom domains exceeding the traffic of a control domain, with up to 10 times more visits. Our analysis shows that these links exist due to 17 common publisher error modes, with the phantom domains they point to free for anyone to purchase and exploit for under 20, representing a low barrier to entry for potential attackers.

  • Mozilla

    • Mozilla ☛ Mozilla Addons Blog: Manifest V3 updates landed in Firefox 127

      Welcome add-on developers! Below is the next installation in our series of community updates designed to provide clarity and transparency as we continue to deliver Manifest V3 related improvements with each new Firefox release.

      The engineering team continues to build upon previous MV3 Chrome compatibility related work available in Firefox 126 with several additional items that landed in Firefox 127, which was released on June 11. Beginning in the 127 release, the following improvements have launched: [...]