How to add a URL to the Java Exception Site List file

On one of our computers, the Security Tab in the Java Control Panel sometimes looks like this:
Java Control PanelAs you can see, the part required to manage the exception site list is missing/not accessible. I have no idea why (reinstalling Java did not help).

However, you can also add exceptions by directly editing the exception.sites file. Under Win 7, it is normally found in the C:\Users\*YOUR USERNAME*\AppData\LocalLow\Sun\Java\Deployment\security directory. Simply add a new line for each URL (e.g., save the file, then restart the browser.

See this page or the official Java documentation for further information.

Why disabling Flash in Chrome is better than Click-to-Play

Chrome comes with its own Flash plugin and – if you’ve enabled “click-to-play plugins” you might get the impression that Flash is still widely used (and required) on the internet. According to what I’ve read today, this might be misleading: Even though you’ve enabled click-to-play, websites will still detect that your browser supports Flash and serve you the Flash-enabled version instead of the Flash-less alternative.

To disable Flash in Google Chrome, enter “chrome://plugins” and then click on “Disable”:
Disable Flash in Google Chrome

Unencrypted content: a threat to Google’s business model

Google’s recent announcement to give a (currently still small) ranking boost to websites using HTTPS is undoubtedly going to make the web safer for everyone.

Missing from the discussion is the fact that unencrypted content and unscrupulous ISPs present a small, but growing threat to Google’s business model. Google depends on ad revenue, and insecure connections allow third parties to tamper with data while in transit. ISPs can use this to their advantage by injecting their own ads. This is already happening: see here or here and this topic on reddit. It was also briefly mentioned in one of the comments under the original “ranking boost” announcement:

HTTPS ads comment google

HTTPS ensures data integrity and would make ad injection not only technically far more difficult, but also most certainly illegal. This also explains why Google says that even simple “content sites” should use HTTPS: they might not collect any user data, but they can still serve ads.

Being a good citizen of the web” and making the web safer for everyone sounds nice and is certainly something many people working at Google have in mind. However, it would be naive to assume that Google isn’t also looking out for it’s own commercial interests.