HTTP2 Procotol Nears Completion

When it comes to amping up traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.

The Internet Engineering Task Force is putting the final touches on HTTP/2, the second version of the Hypertext Transport Protocol (HTTP). The working group has issued a last call draft, urging interested parties to voice concerns before it becomes a full Internet specification.

Not everyone is completely satisfied with the protocol however.

“There is a lot of good in this proposed standard, but I have some deep reservations about some bad and ugly aspects of the protocol,” wrote Greg Wilkins, lead developer of the open source Jetty server software, noting his concerns in a blog item posted Monday.

Others, however, praise HTTP/2 and say it is long overdue.

“A lot of our users are experimenting with the protocol,” said Owen Garrett, head of products for server software provider NGINX. “The feedback is that generally, they have seen big performance benefits.”

First created by Web originator Tim Berners-Lee and associates, HTTP quite literally powers today’s Web, providing the language for a browser to request a Web page from a server.

Version 2.0 of HTTP, based largely on the SPDY protocol developed by Google, promises to be a better fit for how people use the Web.

“The challenge with HTTP is that it is a fairly simple protocol, and it can be quite laborious to download all the resources required to render a Web page. SPDY addresses this issue,” Garrett said.

While the first generation of Web sites were largely simple and relatively small, static documents, the Web today is used as a platform for delivering applications and bandwidth intensive real-time multimedia content.

HTTP/2 speeds basic HTTP in a number of ways. HTTP/2 allows servers to send all the different elements of a requested Web page at once, eliminating the serial sets of messages that have to be sent back and forth under plain HTTP.

HTTP/2 also allows the server and the browser to compress HTTP, which cuts the amount of data that needs to be communicated between the two.

As a result, HTTP/2 “is really useful for organization with sophisticated Web sites, particularly when its users are distributed globally or using slower networks — mobile users for instance,” Garrett said.

Source

Brits Investigate Facebook

The British data watchdog is looking into whether Facebook Inc violated data-protection laws when it gave permission to researchers to conduct a psychological experiment on its users.

A Facebook spokesman acknowledged that the experiment on nearly 700,000 unwitting users in 2012 had upset users and said the company would change the way it handled research in future.

The study, to find if Facebook could alter the emotional state of users and prompt them to post either more positive or negative content, has caused a furor on social media, including Facebook itself.

“We’re aware of this issue and will be speaking to Facebook, as well as liaising with the Irish data protection authority, to learn more about the circumstances,” the Information Commissioner’s Office (ICO) spokesman Greg Jones said in an email.

Jones said it was too early to tell exactly what part of the law Facebook may have infringed. The company’s European headquarters is in Ireland.

The Commissioner’s Office monitors how personal data is used and has the power to force organizations to change their policies and can levy fines of up to 500,000 pounds ($839,500).

Facebook said it would work with regulators and was changing the way it handled such cases.

“It’s clear that people were upset by this study and we take responsibility for it,” Facebook spokesman Matt Steinfeld said in an email.

“The study was done with appropriate protections for people’s information and we are happy to answer any questions regulators may have.”

Source

Is The Internet Secure?

Hacker blogger Quinn Norton is getting a lot of coverage with her blog claiming that the Internet is broken. She argues that every computer and every piece of software we use is vulnerable to hackers because of terrible security flaws. Norton blames these flaws on the fact that developers who face immense pressure to ship software quickly.

Norton says that those bugs may have been there for years unnoticed, leaving systems susceptible to attacks. One of her hacker mates accidentally took control of more than 50,000 computers in four hours after finding a security vulnerability. Another one of her colleagues accidentally shut down a factory for a day after sending a “malformed ping.”

She said that the NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom. The other problem is software is too complicated and the emphasis placed on security too light.

“The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when,” Norton said.

Source

Cisco To Launch Smart City

Officials from networking giant Cisco Systems and Kansas City, Mo., have signed a letter of intent to build out a new network for smart city services.

Elements of the project call for designing mobile apps for citizen access, digital interactive kiosks, smart street lights and video surveillance in an area called the city’s innovation district.

The project is designed to complement the city’s build out of a two-mile downtown streetcar path, Cisco said in a statement.

Kansas City, Mo. and its neighbor, Kansas City, Kans., are already getting plenty of outside attention from tech giant Google, which picked the area for its first deployment of Google Fiber, an initiative to install fiber optic cable there and in other cities.

Google won’t say how many households are connected to Google Fiber in the area, but it has already installed 6,000 miles of fiber optic cable. Meanwhile, cable provider Time Warner has provisioned 11,000 Wi-Fi hotspots for its Internet customers to use from mobile devices in various Kansas City area locales, including the popular eight-block restaurant and bar district on the edge of downtown called the Power & Light District.

While some citizen groups have been concerned that Google Fiber isn’t reaching enough low-income families in the area with gigabit fiber, there’s a general recognition by city officials that people of all income levels use smartphones and other wireless devices fairly widely. That can only help the Cisco initiative with Kansas City for wireless services.

Kansas City, Mo. Mayor Sly James said the initiative with Cisco promises to connect city services and information with visitors and residents “like never before.”

Third-party app developers will also have an opportunity to build unique and innovative apps for public use.

Cisco will use its Smart+Connected Communities reference architectures to evaluate the initiative and will work with the city and a business consultancy called Think Big Partners to manage a “living lab” incubator for the tech startup community.

Wim Elfrink, Cisco’s executive vice president of industry solutions, credited city leaders with leading the “charge on innovation in the Midwest.”

Source

Heartbleed Hits Oracle

Oracle issued a comprehensive list of its software that may or may not be impacted by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.

The list includes well over 100 products that appear to be in the clear, either because they never used the version of OpenSSL reported to be vulnerable to Heartbleed, or because they don’t use OpenSSL at all.

However, Oracle is still investigating whether another roughly 20 products, including MySQL Connector/C++, Oracle SOA Suite and Nimbula Director, are vulnerable.

Oracle determined that seven products are vulnerable and is offering fixes. These include Communications Operation Monitor, MySQL Enterprise Monitor, MySQL Enterprise Server 5.6, Oracle Communications Session Monitor, Oracle Linux 6, Oracle Mobile Security Suite and some Solaris 11.2 implementations.

Another 14 products are likely to be vulnerable, but Oracle doesn’t have fixes for them yet, according to the post. These include BlueKai, Java ME and MySQL Workbench.

Users of Oracle’s growing family of cloud services may also be able to breath easy. “It appears that both externally and internally (private) accessible applications hosted in Oracle Cloud Data Centers are currently not at risk from this vulnerability,” although Oracle continues to investigate, according to the post.

Heartbleed, which was revealed by researchers last week, can allow attackers who exploit it to steal information on systems thought to be protected by OpenSSL encryption. A fix for the vulnerable version of OpenSSL has been released and vendors and IT organizations are scrambling to patch their products and systems.

Observers consider Heartbleed one of the most serious Internet security vulnerabilities in recent times.

Meanwhile, this week Oracle also shipped 104 patches as part of its regular quarterly release.

The patch batch includes security fixes for Oracle database 11g and 12c, Fusion Middleware 11g and 12c, Fusion Applications, WebLogic Server and dozens of other products. Some 37 patches target Java SE alone.

A detailed rundown of the vulnerabilities’ relative severity has been posted to an official Oracle blog.

Source

Lavaboom Offers To Encrypt

A new webmail service named Lavaboom promises to provide easy-to-use email encryption without ever learning its users’ private encryption keys or message contents.

Lavaboom, based in Germany and founded by Felix MA1/4ller-Irion, is named after Lavabit, the now defunct encrypted email provider believed to have been used by former NSA contractor Edward Snowden. Lavabit decided to shut down its operations in August in response to a U.S. government request for its SSL private key that would have allowed the government to decrypt all user emails.

Lavaboom designed its system for end-to-end encryption, meaning that only users will be in possession of the secret keys needed to decrypt the messages they receive from others. The service will only act as a carrier for already encrypted emails.

Lavaboom calls this feature “zero-knowledge privacy” and implemented it in a way that allows emails to be encrypted and decrypted locally using JavaScript code inside users’ browsers instead of its own servers.

The goal of this implementation is to protect against upstream interception of email traffic as it travels over the Internet and to prevent Lavaboom to produce plain text emails or encryption keys if the government requests them. While this would protect against some passive data collection efforts by intelligence agencies like the NSA, it probably won’t protect against other attack techniques and exploits that such agencies have at their disposal to obtain data from computers and browsers after it was decrypted.

Security researchers have yet to weigh in on the strength of Lavaboom’s implementation. The service said on its website that it considers making parts of the code open source and that it has a small budget for security audits if any researchers are interested.

Those interested in trying out the service can request to be included in its beta testing period, scheduled to start in about two weeks.

Free Lavaboom accounts will come with 250MB of storage space and will use two-way authentication based on the public-private keypair and a password. A premium subscription will cost a!8 (around US$11) per month and will provide users with 1GB of storage space and a three-factor authentication option.

Source

SkySQL Joins IBM On SQL Merger

SkySQL has announced a line of MariaDB products that combine NoSQL and SQL technology, offering users the ability to handle large unstructured data sets alongside traditional database features to ensure data consistency.

Available immediately, MariaDB Enterprise 2 and MariaDB Enterprise Cluster 2 are based on the code used in the firm’s MariaDB 10 database server, which it also released today.

According to SkySQL, the availability of an enterprise grade SQL database system with NoSQL interoperability will be a game changer for developers building revenue generating applications and database administrators in charge of large, complex environments.

The two new products have been developed with support from other partners in the open source community, including Red Hat, IBM and Google, according to the firm, and are aimed at giving IT managers more options for managing large volumes of data.

In fact, Red Hat will use MariaDB Enterprise 2 as the default database for its enterprise customers, while Google has also moved large parts of its infrastructure to MariaDB, according to Dion Cornett, VP of Global Sales for SkySQL .

Cornett said that customers have been using a wide variety of databases over the past few years in order to meet the diverse requirements of applications.

“The types of applications have evolved over time, and the challenge we now have today is that people have different IT stack structures, and trying to integrate all that has been very challenging and required lots of custom code to be created. What we’re doing with MariaDB is introduce an array of features to combine the best of both worlds,” he said.

The features are designed to allow developers and database administrators to take many different data structures and integrate them and use them in a cohesive application, in the same way that standard database tools presently allow.

These include the Connect Storage Engine, which enables access to a wide variety of file formats such as XML and CSV files, and the ability to run familiar SQL commands against that data.

A key feature is dynamic columns, which enables MariaDB to “smartly interpret” incoming data and adapt it to the data structure that best fits, according to Cornett.

“At a technical level what you’re actually looking at are files within the cells of information that can vary in size, which is not a capability you’ve traditionally had in databases and that flexibility is a big leap forward,” he said.

The new MariaDB products can also plug into the Apache Cassandra storage engine, which can take a columnar data store and read or write against it like it is a traditional SQL table.

An example of how MariaDB Enterprise 2 might be used is if a service provider has a large-scale video server and wants to combine that with billing information, Cornett said.

“The customer’s video history and what they’re consuming could be very unstructured, but the billing structure will be very fixed, and it has been something of a challenge to bring the two of those together up to this point,” he explained.

Source

Microsoft Issues New Policies

Microsoft Corp, under fire for accessing an employee’s private Hotmail account to prove he was illegally passing computer code to a blogger, has said it will now refer all suspicious activity on its email services to law enforcement.

The decision, announced by head lawyer Brad Smith on Friday, reverses Microsoft’s initial reaction to complaints last week, when it laid out a plan to refer such cases to an unidentified former federal judge, and proceed to open a suspect email account only if that person saw evidence to justify it.

“Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves,” said Smith, in a blog post on the software company’s website. “Instead, we will refer the matter to law enforcement if further action is required.”

Microsoft – which has recently cast itself as a defender of customer privacy – was harshly criticized last week by civil liberties groups after court documents made public in the prosecution of Alex Kibkalo in Seattle federal court for leaking trade secrets showed that Microsoft had accessed the defendant’s email account before taking the matter to legal authorities.

The company said last week its actions were within its legal rights under the terms of use of its email services, but has now acknowledged that its actions raised concerns about customer privacy.

The issue is poignant for Microsoft, which routinely criticizes Google Inc for serving up ads based on the content of users’ Gmail correspondence.

It has also been campaigning for more transparency in the legal process through which U.S. intelligence agencies can get access to email accounts following the revelations of former National Security Agency contractor Edward Snowden.

“While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us,” said Smith in his blog. “Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures.”

Source

Will GoDaddy Do An IPO?

Web hosting company The GoDaddy Group Inc is gearing up for a second attempt at an initial public offering, according to two people familiar with the matter, as the 2014 tech IPO pipeline continues to grow.

GoDaddy, the Internet domain registrar and web host known for its racy ads, would join a number of high-profile tech names expected to go public this year in the wake of Twitter Inc’s successful debut. They include “Candy Crush” developer King Digital and cloud services providers Box and Dropbox.

The company is in the process of selecting underwriters for its IPO, one of the two sources said on condition of anonymity.

GoDaddy was not immediately available for comment.

GoDaddy had filed to go public in 2006 but was told at the time that it would be required to take a 50 percent haircut — a percentage that is subtracted from the par value of assets that are being used as collateral — on its initial public offering.

The company instead decided to pull its filing, citing unfavorable market conditions.

The company, founded in 1997, was eventually acquired by a private equity consortium led by KKR & Co and Silver Lake in 2011 for $2.25 billion. Silver Lake declined to comment while KKR did not immediately respond to a request for comment.

Other private equity buyers included Technology Crossover Ventures.

GoDaddy, which provides website domain names, is famous for airing bawdy commercials with scantily clad women for the past decade during the Super Bowl.

The Wall Street Journal first reported on the plans.

Source

Web Pioneer Calls For Bill of Rights

The inventor of the world wide web, Tim Berners-Lee, voiced his support for bill of rights to protect freedom of speech on the Internet and users’ rights after leaks about government surveillance of online activity.

25 years since the London-born computer scientist invented the web, Berners-Lee said there was a need for a charter like England’s historic Magna Carta to help guarantee fundamental principles online.

Web privacy and freedom have come under scrutiny since former U.S. National Security Agency contractor Edward Snowden last year leaked a raft of secret documents revealing a vast U.S. government system for monitoring phone and Internet data.

Accusations that NSA was mining personal data of users of Google, Facebook, Skype and other U.S. companies prompted President Barack Obama to announce reforms in January to scale back the NSA program and ban eavesdropping on the leaders of close friends and allies of the United States.

Berners-Lee said it was time for a communal decision as he warned that growing surveillance and censorship, in countries such as China, threatened the future of democracy.

“Are we going to continue on the road and just allow the governments to do more and more and more control – more and more surveillance?” he told BBC Radio on Wednesday.

“Or are we going to set up something like a Magna Carta for the world wide web and say, actually, now it’s so important, so much part of our lives, that it becomes on a level with human rights?” he said, referring to the 1215 English charter.

While acknowledging the state needed the power to tackle criminals using the Internet, he has called for greater oversight over spy agencies such Britain’s GCHQ and the NSA, and over any organizations collecting data on private individuals.

He has previously spoken in support of Snowden, saying his actions were “in the public interest”.

Berners-Lee and the World Wide Web Consortium, a global community with a mission to lead the web to its full potential, have launched a year of action for a campaign called the Web We Want, urging people to push for an Internet “bill of rights” for every country.

Source

« Previous Page — Next Page »