Good stuff going on at Acko.net!
Excerpt:
Sometimes, you need to see what a technology can do before you can fully appreciate it. Take, for instance, CSS 3D and Three.js. It's one thing to hear about doing 3D elements for Web sites, and another to see them integrated into a well-designed site. Take, for example, Steven Wittens' Acko.net redesign.
Visit Acko.net using a current release of Firefox, and you'll see a nice clean site with a nice header image that demonstrates two-point perspective nicely. But hit the site using a WebKit browser, and you're in for a real treat.
Interesting development in the world of real time Web Apps. Looks like Business processes and services in the Cloud are embracing HTML5, and moving fast to replace legacy client/server. Note this is not Flash or Silverlight RiA.
excerpt:
Telax Hosted Call Center, a leader in cloud contact center solutions announced the release of its HTML5-based Call Center Agent (CCA) today. Key to the development of the browser-based CCA was Websocket, a component of HTML5 that provides a bi-directional, full-duplex communication channel over a single Transmission Control Protocol (TCP) socket. Websocket is currently supported by the latest versions of Google Chrome, Apple Safari, and Firefox, making Telax's new CCA compatible with the most popular browsers in Mac environments.
Before HTML5, real-time unified communication software was typically deployed as a local client because its browser-based counterparts were unable to deliver an acceptable user experience. Some browser-based clients use 3rd party software such as Adobe Flash or Sliverlight to operate adequately, but both solutions require software installation and are not mobile friendly.
"Opt out of PRISM, the NSA's global data surveillance program. Stop reporting your online activities to the American government with these free alternatives to proprietary software."
A designer named Peng Zhong is so strongly opposed to PRISM, the NSA's domestic spying program, that he created a site to educate people on how to "opt out" of it.
According to the original report that brought PRISM to public attention, the nine companies that "participate knowingly" with the NSA are Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple.
Zhong's approach is to replace your workflow with open-source tools that aren't attached to these companies, since they easily stay off the government's radar.
If you want to drop totally off the map, it'll take quite a commitment. Are you ready to give up your operating system? The NSA tracks everything on Windows, OSX and Google Chrome. You will need to switch to Debian or some other brand of GNU Linux! Like Mint!!!!!
Personally I have switched from Google Chrome Browser to Mozilla Firefox using the TOR Browser Bundle - Private mode.
The blurb is a bit misleading. This is a project that's been under way since last year; what's new is that they're moving under the Linux Foundation umbrella for various non-technical suoport purposes. By sometime this summer, encrypting web site data and broadcasting it over https is slated to become a two-click process. Or on the linux command line:
$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com
This is a project that grew out of public disgust with NSA surveillance, designed to flood the NSA (and other bad actors) with so much encrypted data that they will be able to decrypt only a tiny fraction (decryption without the decryption key takes gobs of computer cycles).
The other half of the solution is already available, the HTTPS Everywhere extension for the Chrome, FIrefox, and Opera web browsers by the Electronic Frontier Foundation and the TOR Project that translates your every request for a http address into an effort to connect to an https address preferentially before establishing an http connection if https is not available. HTTPS Everywhere is fast and does not noticeably add to your page loading time. If you'd like to effortlessly imoprove your online security and help burden NSA, install HTTPS Everywhere. Get it at https://www.eff.org/https-everywhere
I posted two lengthy comments here. Can't see the forest for all the trees is the idiom that comes to mind.
excerpt: With Silverlight, Microsoft continues to make it clear that they intend to use this web application framework, which they developed, to power much of what they are doing on the web going forward. Again, the problem here is that not only does Microsoft control this, but it requires a plug-in to use. Sure, they've made the plug-in available to most browsers, including the ones by rivals Google and Apple, but it's still a plug-in. It's something that's going to stop everyone from seeing the same web no matter which browser they use.
This has of course long been an issue with Microsoft. Despite a clear shift within the rest of the industry toward web standards, Microsoft long played difficult with its Internet Explorer browser. They could afford to, and maybe you could even argue that it was in their interest to, because they were so dominant. It was only when a standards-based browser, Mozilla's Firefox, started biting off significant chunks of IE's market share that Microsoft shifted their position to play more nicely with standards.
Wow! This reads like a premature press release, but if true it's breakthru technology. I wonder though why Ericom is targeting education? Seems this innovation would be of immediate importance to enterprise and SMB businesses struggling with the great transition from desktop/workgroup productivity systems to Web Productivity Platforms.
excerpt: Ericom has released AccessNow, a pure HTML5 remote desktop (RDP) client that runs within a Web browser without the need to install anything on the client device.
AccessNow provides accelerated remote access to applications and desktops running on Windows Terminal Services, remote desktop services (RDS), and virtual desktop infrastructure (VDI), including applications, remote desktops, VMware View desktops, virtual desktops running on Microsoft Hyper-V, and other hypervisors.
AccessNow works on any device with an HTML5-capable browser, such as Chrome, Safari, Firefox, Opera, and others, without the use of browser plugins, Java, Flash, ActiveX, Silverlight, or other underlying technology. Internet Explorer is also supported, although it does require the Chrome Frame plugin. AccessNow uses only the standard Web technologies: HTML, CSS, and JavaScript.
This approach helps IT administrators maintain centralized control of school resources. It also enables students and staff to use any Internet-enabled device, including smartphones, tablets, and Chromebooks, to do their work anywhere and anytime.
Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica.
It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups.
The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday.
The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones.
A price list included in the trove lists a license of the software at almost $4 million.
The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits."
Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated.
In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software.
Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer.
The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak.
On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher."
GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain.
In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
The Worldwide Web Consortium has released the results of its first HTML5 conformance tests, and according to this initial rundown, the browser that most closely adheres to the latest set of web standards is...Microsoft Internet Explorer 9.
Yes, the HTML5 spec has yet to be finalised. And yes, these tests cover only a portion of the spec. But we can still marvel at just how much Microsoft's browser philosophy has changed in recent months.
The W3C tests — available here — put IE9 beta release 6 at the top of the HTML5 conformance table, followed by the Firefox 4 beta 6, Google Chrome 7, Opera 10.6, and Safari 5.0. The tests cover seven aspects of the spec: "attributes", "audio", "video", "canvas", "getElementsByClassName", "foreigncontent," and "xhtml5":
The tests do not yet cover web workers, the file API, local storage, or other aspects of the spec.
HTTP Framework for Time-Based Access to Resource States: Memento
Herbert Van de Sompel, Michael Nelson, Robert Sanderson; IETF I-D
Representatives of Los Alamos National Laboratory and Old Dominion
University have published a first IETF Working Draft of HTTP Framework
for Time-Based Access to Resource States: Memento. According to the
editor's iMinds blog: "While the days of human time travel as described
in many a science fiction novel are yet to come, time travel on the Web
has recently become a reality thanks to the Memento project. In essence,
Memento adds a time dimension to the Web: enter the Web address of a
resource in your browser and set a time slider to a desired moment in
the Web's past, and see what the resource looked like around that time...
Technically, Memento achieves this by: (a) Leveraging systems that host
archival Web content, including Web archives, content management systems,
and software versioning systems; (b) Extending the Web's most commonly
used protocol (HTTP) with the capability to specify a datetime in
protocol requests, and by applying an existing HTTP capability (content
negotiation) in a new dimension: 'time'. The result is a Web in which
navigating the past is as seamless as navigating the present...
The Memento concepts have attracted significant international attention
since they were first published in November 2009, and compliant tools
are already emerging. For example, at the client side there is the
MementoFox add-on for FireFox, and a Memento app for Android; at the
server side, there is a plug-in for MediaWiki servers, and the Wayback
software that is widely used by Web archives, worldwide, was recently
enhanced with Memento support..."
W3C is warning against drawing any conclusions based on the early tests, saying thousands of more HTML5 tests are planned. The goal of the tests is not to declare one browser a winner, but rather to help vendors and Web application
developers ensure interoperability across all browsers, W3C says.
"We do expect to have tens of thousands of tests," says Philippe Le Hegaret, who oversees HTML activities for the W3C.
the purpose of the HTML5 test suite is to help
vendors and developers ensure that HTML5 applications work across all browsers. For example, a developer might check the test
results before enabling a certain feature in an application, just to make sure it will work across IE9, Firefox, Chrome, Safari
and Opera.
Developers can build HTML5 applications today, but they have to keep in mind that they are early adopters and act accordingly,
Le Hegaret says.
"If you think HTML5 is perfectly stable today and you can use it without worrying about interoperability issues, I think you're
going to fool yourself," he says.
Although the first round of HTML5 tests focused on desktop browsers, Le Hegaret says HTML5 compatibility is advancing more
rapidly on mobile devices such as iPhones and Androids.
Note the continuing, indeed, escalating abuse of the term "interoperability" by W3C. "Interoperability" has both a legal and (happily, coinciding) technical meaning that involves round-tripping of information. ISO/IEC JTC 1 Directives defines the term in precisely the same terms as the European Union's Court of First Instance did in the landmark Commmission v. Microsoft antitrust case; "interoperability is understood to be the ability of two or more IT systems to *exchange* information at one or more standardised interfaces and to make *mutual use* of the information that has been exchanged."
Web browsers do not do "interoperability;" there is no "exchange" and "mutual use" of the information exchanged. Web browsers do "compatibility," a one-way transfer of information that is broadcast from web servers; i.e., web browsers cannot send web pages to web servers.
Microsoft might be hesitating on Scalable Vector Graphics (SVG) in Internet Explorer 8, but Google's pressing on.
The search giant's engineers are building a JavaScript library to render static and dynamic SVG in Microsoft's browser. Google promised that the library, a Javascript shim, will simply drop into IE.
SVG has a huge presence on the web. This facet of the World Wide Web Consortium's HTML 5 spec is supported in Firefox, Safari, Opera, Chrome, and Apple's iPhone, and is used in Google Maps and Google Docs. It also topped a list of features wanted by developers in a OpenAJAX browser wish list last year.
There's suspicion, though, that the reason has more to do with Microsoft's internal politics, with the company wanting graphics and drawing in IE done using Silverlight instead.
SVG Web is more than an answer to Microsoft's foot-dragging, however. Google has declared for HTML 5 on the web, proclaiming last week that the web programming model has "won".
Support for graphics capabilities in HTML 5 should also be seen as Google's partial answer to Adobe Systems' Flash. Google has complained that Flash is not open source and its development is not driven by the community. Google said the benefit of SVG Web is that it would sit inside the DOM whereas Flash "sits on top of the web, it's not part of the web"
YouTube has decided it's had enough of Adobe's perenially-p0wned Flash and will therefore now default to delivering video with the HTML5 <video> tag.
A post by the video vault's engineering and development team says the move is now possible, and sensible, because the industry has invented useful things like adaptive bitrates, encryption, new codecs and WebRTC that make the <video> usable work in the real world.
Those additions mean HTML5 is at least as functional – or more so – than Flash, and if YouTube detects you are running Chrome, IE 11, Safari 8 and beta versions of Firefox, it'll now deliver video using <video> and flush Flash.
YouTube's also decided to can what it calls the “'old style' of Flash
YouTube seems not to care a jot that its actions are inimical to Adobe, saying it's just doing what all the cool kids – Netflix, Apple, Microsoft and its competitor Vimeo – have already done.
Which is not to say that Flash is dead: those who don't run the browsers above will still get YouTube delivered by whatever technology works bes tin their environment. And that will often – perhaps too often* – be Flash. ®
Bootnote * Until they get p0wned, that is: Flash is so horridly buggy that Apple has just updated its plugin-blockers to foil versions of the product prior to 16.0.0.296 and 13.0.0.264.
In a post on Wednesday, researchers Alex Halderman and Nadia Heninger presented compelling research suggesting that the NSA has developed the capability to decrypt a large number of HTTPS, SSH, and VPN connections using an attack on common implementations of the Diffie-Hellman key exchange algorithm with 1024-bit primes. Earlier in the year, they were part of a research group that published a study of the Logjam attack, which leveraged overlooked and outdated code to enforce "export-grade" (downgraded, 512-bit) parameters for Diffie-Hellman. By performing a cost analysis of the algorithm with stronger 1024-bit parameters and comparing that with what we know of the NSA "black budget" (and reading between the lines of several leaked documents about NSA interception capabilities) they concluded that it's likely NSA has been breaking 1024-bit Diffie-Hellman for some time now.
The good news is, in the time since this research was originally published, the major browser vendors (IE, Chrome, and Firefox) have removed support for 512-bit Diffie-Hellman, addressing the biggest vulnerability. However, 1024-bit Diffie-Hellman remains supported for the forseeable future despite its vulnerability to NSA surveillance. In this post, we present some practical tips to protect yourself from the surveillance machine, whether you're using a web browser, an SSH client, or VPN software.
Disclaimer: This is not a complete guide, and not all software is covered.
Gary Edwards on 17 Jan 12Good stuff going on at Acko.net! Excerpt: Sometimes, you need to see what a technology can do before you can fully appreciate it. Take, for instance, CSS 3D and Three.js. It's one thing to hear about doing 3D elements for Web sites, and another to see them integrated into a well-designed site. Take, for example, Steven Wittens' Acko.net redesign. Visit Acko.net using a current release of Firefox, and you'll see a nice clean site with a nice header image that demonstrates two-point perspective nicely. But hit the site using a WebKit browser, and you're in for a real treat.
