Mozilla evalúa eliminar Java en la próxima versión de Firefox

Mozilla evalúa eliminar Java en la próxima versión de Firefox:

Hace poco más de una semana hablábamos de un par de investigadores, llamados Thai Duong y Juliano Rizzo, quienes afirmaron haber vulnerado el sistema SSL que se utiliza actualmente (TLS 1.0) para validar casi todas las operaciones seguras que se hacen en internet. Esto significa que operaciones como las transacciones bancarias o entrar al e-mail podrían ponerse en riesgo.

Duong y Rizzo demostraron que la vulnerabilidad realmente existe el viernes pasado, cuando en apenas dos minutos aprovecharon un exploit – que ellos llaman BEAST – para obtener la cookie de autenticación utilizada para acceder a la cuenta de un usuario de PayPal. Ante la gravedad del asunto, los desarrolladores de navegadores web están pensando cómo solucionar el problema.

El equipo de Firefox está considerando así dejar de trabajar con Java. La medida es muy drástica porque muchos sitios web y aplicaciones no correrían en el navegador sin él.

BEAST (Browser Exploit Against SSL/TLS) inyecta JavaScript en una sesión SSL para recuperar información secreta que es transmitida repetidamente en una ubicación predecible dentro del flujo de datos. Para que BEAST funcionara en la demostración del viernes, Duong y Rizzo debieron derribar primero un mecanismo de seguridad que existe en la web llamado la “política del mismo origen”, que dice que los datos enviados por un dominio no pueden ser leídos o modificados por alguien con una dirección distinta. Los investigadores usaron un componente (applet) Java para saltarse la política del mismo origen, lo que ha llevado a los desarrolladores de Firefox a discutir bloquear este framework en la próxima versión del navegador.

En el foro de Firefox, el desarrollador Brian Smith se manifestó a favor de bloquear todas las versiones del plugin de Java. “Lo que entiendo es que Oracle puede o puede que no esté al tanto de los detalles del exploit del ‘mismo origen’”, indicó.

Bloquear Java, sin embargo causaría una horrible experiencia de usuario, cosa que otros desarrolladores han señalado en el mismo foro. La pelea está entre usabilidad y seguridad. “Es una decisión difícil. Matar Java significa desactivar funcionalidades de usuario como el videochat de Facebook, como también varias aplicaciones corporativas basadas en el sistema”, opinó Johnathan NIghtingale, director de ingeniería de Firefox.

Todavía no hay decisión al respecto, pero se trata de una medida que sería bastante extrema si se compara lo que ha decidido hacer Chrome, en cambio. Los desarrolladores de Google actualizaron las versiones beta del navegador para que separe ciertos mensajes en fragmentos, reduciendo el control del atacante sobre el texto que será cifrado en SSL. Agregando un nivel inesperado de azar al proceso de cifrado, Chrome espera que BEAST reciba información confusa que no logre entender.

La actualización, de todos modos, creó ciertas incompatibilidades entre Chrome y algunos sitios web. Google todavía no lanza el parche a los usuarios de la versión estable.

Microsoft, en tanto, recomendó a los usuarios aplicar varios arreglos temporales mientras desarrolla un parche permanente. Todavía no hay detalles respecto de qué camino tomaría.

En Firefox, en tanto, esperan que Oracle tome cartas en el asunto ahora que Java les pertenece. “Cualquier decisión que tomemos, realmente espero que Oracle lance una actualización por sí mismo. Es la única manera de mantener a sus usuarios realmente a salvo”, señaló Nightingale.

Link: Firefox devs mull dumping Java to stop BEAST attacks (The Register)

Photo

Photo:

It’s official: Google+ will be connected to everything

It’s official: Google+ will be connected to everything:

By now it’s become fairly obvious that Google’s new social network, Google+, is here to stay (unlike some of the company’s past efforts at being social): depending on which estimates you believe, Google+ may have as many as 50 million registered users, which is not bad for a three-month old product. And the company has made it clear that it wants to use Google+ as a kind of identity platform for other things — hence the importance of its controversial “real name” policy. But it wasn’t obvious just how much was riding on the new network until recently, thanks in part to some comments made by vice-president of product Brad Horowitz, who said that in the future, Google+ and Google will effectively become inseparable.

Horowitz made his comments in an interview with Wired magazine, and among other things he said that the success the search giant has seen with Google+ wouldn’t have been possible without the failures of earlier efforts such as Buzz (which may or may not make staffers who worked on those projects feel a little better about being roadkill on the innovation highway). In fact, the Wired piece paints a picture of a team that has become incredibly gun-shy about its social efforts because of the debacle that Buzz turned into — thanks in part to what some users felt was a cavalier approach to privacy — which probably makes the success of Google+ seem even sweeter by comparison.

Google+ “is Google itself”

But the real meat of the interview appears in a statement that the Google staffer makes about where the Google+ network stands in relationship to the rest of the search engine’s vast empire. In effect, Horowitz says that Google+ is going to become part of everything Google touches — from search and advertising to YouTube and Chrome:

Google+ is Google itself. We’re extending it across all that we do — search, ads, Chrome, Android, Maps, YouTube — so that each of those services contributes to our understanding of who you are

This comes on the heels of comments that Google chairman and former CEO Eric Schmidt made earlier this year about how Google+ was intended to be an “identity service” for other projects and services that the company either had in place or was planning to launch. It wasn’t clear exactly what Schmidt meant by those remarks at the time, but putting them together with Horowitz’s comments, it sounds like Google wants to make Google+ the central repository of everything it knows about you.

Just as Facebook is trying to accumulate data about your activity through an awareness of what you are sharing via its “social apps” and its “frictionless sharing” approach, so Google wants to aggregate as much as it can about you and your interests via all the services it offers — and how you interact with those services and others through Google+. Some of it might come from connecting YouTube with Google+ Hangouts, so you can watch a TV show with others; some might come from connecting your Gmail to Google+, so that profiles of people you follow and your shared interests appear next to emails from them.

As we’ve argued before at GigaOM, all of this social-activity data and these “social signals” are crucial information that Google needs not only to make its search better — since socially-influenced search is becoming a larger and larger part of how people find things online — but to make its advertising more targeted as well. Google’s giant market share in online advertising has been built on the back of its understanding of “intent” when it comes to search, and without access to the Twitter firehose and Facebook’s walled garden, Google has to effectively create its own sandbox for social activity.

Page is said to be “obsessed with Google+”

As John Battelle of Federated Media notes, the urgency of this goal was communicated by CEO Larry Page when he changed the compensation scheme at the search behemoth — in one of his first moves as the new chief executive — to create incentives for staffers to try harder at making Google’s social efforts a success. Battelle says in talks with Googlers over the past while, it has become obvious that Larry Page “is obsessed with Google+,” and that for the Google co-founder, the new social network has become the core of what he wants the company to become: namely, Google as “the operating system of your life.”

One problem with that, of course, is that competitors and even government regulators at the Federal Trade Commission and the Justice Department (not to mention in Europe) are already howling about how many of its digital tentacles Google has extended into your life already — from Google and Doubleclick to YouTube and ITA’s travel services and Zagat and too many others to mention. Once Google starts connecting those dots with Google+ as a thread, and ties all of that to your personal activity, it could have something even more powerful with which to cement its market position.

And that brings up another tricky aspect for Google: if my activity through Google+ starts to influence everything that Google does, including search and search-related advertising, how will it keep from stepping over the kinds of privacy boundaries that have caused Facebook so much difficulty? The number of Google Circles that I appear in has already started showing up in search results, and the things that I give a +1 to are affecting my search as well. Tying all that to my real name and my Google+ posts is another step down the road towards a potential personal privacy debacle.

That’s the problem with the kind of ubiquity that Google wants for its Google+ network, and the downside of trying to copy (and improve on) a giant social network like Facebook: along with all of the benefits comes the risks and the inevitable backlash as well — and for a company that is already under investigation by the FTC for how far its reach extends, that may be a bit more than even Google can handle.

Thumbnail photo courtesy of Flickr user Mark Strozier

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected Consumer Q2: Digital music meets the cloud; e-book growth explodes
• NewNet Q1: Content Farms and Niche Networks on the Rise
• Disruptapalooza 2011: how Amazon’s Kindle is changing the portable media game

---

iOS5 in my iPhone imminent!!!

So we need more proof???

Photography by Shah Altaf

Photography by Shah Altaf:

Shah Altaf, or Mendhak, as you may know him on Flickr, is a programmer from London UK. He doesn’t claim a specific photography ‘style’, but observes others’ work and experiments with what he learns. This could be anything, such as selective coloring, HDR, tilt shifts, props, and spray and pray techniques. Some of his results are appalling, but others, as you will see below, are very appealing. On top of all this, he does everything with a Nikon D90 and a 18-200mm lens.

To see more of Shah Altaf, view his photography website, Github, and Flickr Photostream.

Lily's Pads

A Cup of Light

The Walker

Paternoster Square Tilt Shift

Why have you abandoned us?

Cumulo Artistus (An Artist's Clouds)

Two Hundred Years Ago

Use the what?

A burst of Spring

The Photographer

How To Land A Tech Job at Apple, Google and Facebook

How To Land A Tech Job at Apple, Google and Facebook:

By EconMatters

With 14 million Americans unemployed, it is difficult to fathom that there are companies that can not find qualified candidates to fill job vacancies. Oil industry has had a chronic skilled labor shortage dating way before oil hit an all-time high of $145 in 2008. Nowadays, working at McDonald's at the Bakken oil shale in North Dakota fetches about $25 an hour, while truckers get $70,000+ a year vs. $40,000 elsewhere.

But the talent crunch is now hitting the technology sector fast and furious spreading beyond the Silicon Valley in California and central Texas Austin, into cities as disparate as Indianapolis and New York, according to MarketWatch. The article described how more than two dozen start-up tech execs flew from Austin for two days to try to poach Silicon Valley talent and ended up leaving empty handed.

MarketWatch article also quoted CareerBuilder.com that

“Tech and engineering jobs are one place we’re really feeling a worker shortage..... job openings are there for software developers, systems engineers, product managers, mobile-app developers and database administrators."

Indeed, you can't automate job functions such as software development which still requires human brain skill and insight. And the tech worker crunch is set to get worse. According to CIO.com, more and more corporate IT executives are looking to pull the plug on outsourcing (i.e. insourcing) due to a number of factors including poor service quality, desire of more control over the future direction of the IT function, etc.

Moreover, MercuryNews noted that even the $60 billion IT outsourcing industry of India is hiring "thousands of expensive engineers and business development specialists in Silicon Valley and [the U.S.] nationwide," due to the growing complexity of outsourced work, and since the best Indian engineers are hired away by American giants such as Hewlett-Packard (HPQ), IBM and Accenture, Indian outsourcing companies instead are finding U.S. employees a much more attractive option.

So as dismal as the U.S. employment outlook seems to be, tech sector led by innovation is one of the very few bright spots left. When one in four young professionals consider working for Google their dream job, this timely infographic highlights some facts and tips on what you may need to land a gig at Silicon Valley. Of course, a college degree would definitely better the odds particularly in the science and tech field.

(See also Top 10 Recession Proof Jobs infographic)

Created by: Masters Degree

© EconMatters All Rights Reserved | Facebook | Twitter | Post Alert | Kindle

Fresh Start for Vintage Suitcases: Pet Furniture from Atomic Attic

Fresh Start for Vintage Suitcases: Pet Furniture from Atomic Attic:

By combining upcycled, vintage and hand-made, Oregon-based Atomic Attic has created fantastic furniture for your favorite pets. Vintage suitcases and TVs were transformed into fascinating pet furniture that add color and style to your pet’s favorite corner of the house. Made from different suitcase – like a Bright Red American Tourister Vintage Suitcase, a Bright Baby Blue Samsonite Vintage Suitcase or a Off-White Lady Baltimore Suitcase – or even vintage office chairs – like the round one seen in the photos below- these pet beds come with “removable, triple stitched, machine washable fluffy cushion for cleaning convenience“. Reinforced bottoms and metal or wood legs turn the classy suitcases into fabulous pet furniture items. The inspiration for these fresh pet beds and furniture came from the benefit of living with “a small army of kids and cats“. If you ever found yourself in need for a beautiful, charming and colorful pet bed, visit Atomic Attic’s Etsy shop.

Click here to connect with Freshome on or on