So how does the Web really work, anyway?

I'm always fascinated to learn how things work, especially stuff we completely take for granted, like for instance how electricity gets from a power plant to your house. So in the hopes that there are others like me out there, I'm going to describe the inner workings of something most of us take for granted: the World-Wide Web.


Naturally this is going to take more than one post, since I'll try to start from fairly non-technical concepts, and use analogies. Those of you who already know most of this may find the explanations not quite accurate, because I'll leave out a lot of the nitpicky details, especially at first. I don't have an outline in mind, so I can't say exactly how this is going to go, but here's a basic idea of what I'll try to cover:

• Internet 101


• What is a protocol?


• Before the Web was born


• HTTP vs. HTML


• Why are there different browsers?


• What's a URL and how do I read it?


• What is actually happening when I click that link?


• How does the page get to me?


• What if there's a problem?


• How forms work


• Secure connections (HTTPS)


• E-commerce and shopping carts


• Web video


• More security concerns


• What's "Web 2.0"?

Hmmm, OK, just off the top of my head I came up with a lot more than I thought I would. And there's a lot more where that came from! So we'll see how far I get, and how many entries it takes.

Ubuntu Linux update

While I'm on the subject of system updates, here's another I want to talk about: Ubuntu Linux, which is what I have on my Dell Mini 9 netbook. At the end of October Ubuntu officially upgraded from 9.4 to 9.10. (Or, according to their whimsical naming scheme, from "Jaunty Jackalope" to "Karmic Koala". I wonder what will happen when they get to Q?)

Though I was warned against trusting the automatic update process from 9.04 to 9.10, it worked just fine for me. All my data, settings, and apps were still there. (I still backed up my data first, though. Only a fool doesn't back up before a major change.)

While the improvements aren't as dramatic as the Blackberry upgrade, there are some nice ones. Probably the biggest one from my point of view is that the faulty driver for the Mini-9's graphics chipset has been fixed. It's not as dramatic an improvement as I was hoping, but it does make video run more smoothly. Flash is still problematic, as it apparently is for all Linux flavors, but it's a bit better than it was.

Firefox 3.5 is now part of the default system. There are a lot of other apps with new versions as well, like Open Office. The login screen is improved, with some language and accessibility options you can set before login. You can now turn off Bluetooth from the menu bar instead of having to open an app and type in the superuser password. File windows have a slightly more compact arrangement, a new icon set, and multi-tabbing capability. On new installations, the much more efficient Ext4 filesystem is used (but not on upgrades, so I didn't get that.)

I've been using it for a week now, and I haven't seen any problems. I'll let you know if any show up.

Blackberry Storm system update, woo-hoo!

Back when the university cellphone policies were changed, I took advantage of it to get myself a Blackberry Storm. I was tempted to get an iPhone, but ultimately decided against it because of the hoops you have to jump through to install third-party apps. I got spoiled by my old Palm, which had a huge developer community and tons of great apps you could install without worrying about approval from Big Brother. I've given up on the Palm for other reasons, so the Blackberry platform seemed to be the best remaining choice.

I picked up the Storm because I wanted a nice big screen and I've never been a fan of the tiny physical keyboards and trackballs on the other Blackberry models; the Storm seemed like it would be the easiest conversion from the stylus-based operation of the Palm. The device seemed pretty cool from testing a co-worker's newly arrived one. So I plunked down the money and ordered one...



When I actually got the thing, after the initial excitement, I was kind of disappointed. Sure, it was miles ahead of my old Palm in things like web browsing and file storage, but it was also laggy and required frequent reboots because of memory leaks. The on-screen keyboard was really slow, and the camera almost unusable due to a three-second delay between clicking the button and the actual picture being taken. And for me the biggest deal was the poor text editing capabilities; I was so used to being able to quickly jot stuff down on the Palm, easily update notes when I needed to, edit large text documents, work with a nearly full-size add-on keyboard, and so on. In this respect, the Blackberry Storm was nearly crippled. At least it was better than the iPhone, which at the time didn't even have copy and paste!
Clearly, the Storm had been released before it was really ready.
Thus I joined the thousands of Blackberry fans eagerly waiting for an operating system update that would fix these problems. The company was working on one, and I saw various leaked versions and almost installed several of them, but ultimately decided to wait for the official release. When it came a few months ago, it helped, but not really enough. The phone was more usable, required fewer reboots, cut a second off the camera delay, and had slightly better text editing, but was still annoyingly laggy too much of the time.
By then I had my netbook, and just used that for all my documentation and editing needs when I was on the go. The Storm was pretty much just my phone and calendar, unlike my old Palm. I stopped monitoring the Web for more Storm updates, and resigned myself to the situation. After all, I was lucky to have as much as I did, right?
So then late last week I hooked up my storm and out of the blue was told there was a system update ready. I went ahead and did it without paying much attention; I figured it was just a minor bugfix for some program, like I'd seen before. Much to my surprise, it was a full update to the brand spankin' new Version Five OS. It's a huge improvement! The camera now works almost instantly. The keyboard is much faster. Selecting text is no longer a trial-and-error process. The much-improved predictive text function saves a lot of keystrokes. There's flick-scrolling to move quickly through long documents and lists. The new Files app makes it easy to navigate large document trees and preview your files. I'll still have to practice a lot to get my text entry speed up to what I could do with the Palm stylus, but now the effort actually seems worth it.
So I'm actually happy with this phone now. Imagine that.

Adobe Flash security hole

This is sort of scary.

For those not familiar with security terminology, this article states that websites which allow uploading of Flash files are vulnerable to a security hole that lets bad guys run code that has all the security accesses of the webserver combined with those of the unsuspecting person who runs that file.

For instance, an attacker could send a specially coded Flash attachment to their victim in a gmail message. When the victim loads the attachment, it gets to do anything the gmail server could do with the victim's account; reset the password, delete messages, send messages (spam!), etc.

The scariest part is that there's not really a fix without significantly changing the way Flash works behind the scenes. In the meantime, you should avoid flash that isn't directly provided by the website you're going to. For instance, the Flash slideshow on the WOU homepage is OK because we wrote it, but if you go to somebody's personal website like "http://www.wou.edu/~joeblow" then you should be careful unless you personally know that Joe Blow isn't the kind of person to play nasty tricks.

Actually that's not really the best example, because even if Joe Blow has one of these malicious Flash files on his webspace on our server, it wouldn't profit him much because there's nothing much our webserver can do other than show you web pages. The WOUPortal and the Sun Java Email system are on separate servers, so they wouldn't be vulnerable to Joe Blow's attack. Of course, Joe Blow could send you a Flash attachment in an email, and if you open it in the Java email system, it could do nasty things to your email account.

This security hole isn't easy to exploit, but it is theoretically possible. I recommend limiting the Flash files you run on the Web; there are browser extensions to help you do that. If you use Firefox, an extension called NoScript can block Flash files (and malicious javascript code as well) on all sites except those you designate as safe. If you use Internet Explorer, you can install Toggle Flash, a toolbar button that lets you turn Flash off and on whenever you want. Instructions for both are available in (ironically enough) a flash video on the page I linked at the top of this entry. Don't worry; Foreground Security is a reputable company, so the video is safe to watch.

OK, let's try this again.

So I got dinged on my performance review for not blogging enough. Justifiably; as you can tell from my archives I haven't hardly made any entries at all for a while.

Anyway, time to start getting more active again.