Microsoft has chosen a new song to continue its public slow dance with the white hat hacking community: online properties like *.microsoft.com, *.msn.com and *.live.com.
According to Dan Goodin reporting from Toorcon Seattle, Microsoft security strategist Katie Moussouris pledged that the software vendor will not to sue or press charges against ethical hackers who responsibly find — and report — vulnerabilities in its online services.
Continue reading »
by Tom Krazit
It held out as long as possible, but a Windows Vista laptop fell to a determined bunch of hackers Friday evening at the Pwn to Own contest at CanSecWest.
Since it was the third day of the contest, which saw a MacBook Air get hacked on Thursday, the TippingPoint Zero Day Initiative relaxed the rules even further. On the first day of the contest, only the operating system could be targeted, but on the second day that was expanded to include standard applications. An undisclosed Safari flaw led to the MacBook Air’s downfall.
But on Friday, hackers could target any “popular” piece of application software that you might find on a system. The Fujitsu laptop, running Vista Ultimate, was compromised by a previously undiscovered flaw in Adobe’s Flash software.
Shane Macaulay, Derek Callaway and Alexander Sotirov, were able to gain control of the laptop, which also means they get to keep it. However, since the rules had been relaxed, they only get $5,000; the MacBook Air winners collected $10,000.
The contest rules stipulated that any winner sign a nondisclosure agreement immediately after a successful hack, so that the nature of the flaw could be disclosed to the vendor. Once Adobe and Apple patch their flaws, the nature of the flaw will be disclosed.
A Sony Vaio laptop running Ubuntu remained unscathed at the end of the conference.
by Martin LaMonica
When it comes to wind energy, knowing how hard the wind blows is like knowing how much oil you have in the ground.
Renewable-energy assessment company 3Tier released a map that depicts the wind “resources” around the world on Monday at the Washington International Renewable Energy Conference (WIREC) 2008.
The Firstlook map, which uses Google Maps, falls under the 3Tier initiative “Remapping the World,” which the company says marks the first time valuable wind resource information has been made available for free.
Before erecting any turbine, wind developers need to choose a spot carefully and then use special equipment, such as a “met” tower, to measure wind over time.
3Tier’s map provides data on wind at 80 meters high over an area of 15 kilometers for a year. The company has determined that more than 40 percent of the world’s land mass has wind speed of more than 6 meters per second. A lot of that land is not open to development, but the data indicates that there’s a lot more potential for wind-generated electricity.
3Tier believes that the Firstlook data might be most helpful for developing countries looking into wind energy projects.
“The map provides enough resolution so countries and organizations can begin to look at the potential wind resource at a regional level,” said Kenneth Westrick, CEO of 3Tier. “If we want developing nations to ‘leapfrog’ over fossil fuels, they need information about what renewable-energy resources, or combination of resources, exist.”
The company is working on integrating solar-energy resources around the world into its mapping data.
By Mary Jo Foley
Following reports by users of problems resulting from new Vista Service Pack (SP) 1 installation prerequisite update – which Microsoft pushed out via Windows Update last week — Microsoft has halted availability of those prerequisites.
Microsoft announced on February 19 via the Vista Team Blog its decision to stop the distribution of the Vista SP1 prerequisites.
Vista Product Manager Nick White posted the following update:
“Immediately after receiving reports of this error, we made the decision to temporarily suspend automatic distribution of the update to avoid further customer impact while we investigate possible causes.
“So far, we’ve been able to determine that this problem only affects a small number of customers in unique circumstances. We are working to identify possible solutions and will make the update available again shortly after we address the issue.
“Customers who may be experiencing this issue can use system restore to correct it or contact 1-866-PC-Safety for help troubleshooting. Additional guidance will be available via Microsoft’s free Update Support Center soon.”
Last week wasn’t the first time endless reboot problems were reported by Vista users. In fact, there were reports of endless-reboot-loop problems from some Vista SP1 users dating back to late January, before Microsoft distributed the prerequisites for SP1 — right around the time the company delivered the final bits (in the form of the Vista Service Pack 1 Release Candidate 1 Refresh 2 build).
By Håkon Wium Lie
Two years ago, the Acid2 test was announced in this column. Acid2 is a complex Web browser test page that shows a smiley face when rendered correctly.
The test, published by the Web Standards Project, has been a tremendous success in weeding out browser bugs that stop Web designers from reaching pixel perfection in their pages. Safari and Opera ship Acid2-compliant versions, and the upcoming Firefox 3 will also pass the test.
Recently, Microsoft announced that Internet Explorer version 8 can render Acid2, and it showed a screenshot to back the claim. The news was received with joy and excitement in the Web-authoring community.
“Finally, it seems, Microsoft has decided to take Web standards seriously. Designers will no longer have to spend countless hours trying to get their pages to look right in Internet Explorer while adhering to standards. Unfortunately, I think that the celebration is premature.”
Finally, it seems, Microsoft has decided to take Web standards seriously. Designers will no longer have to spend countless hours trying to get their pages to look right in Internet Explorer while adhering to standards. Unfortunately, I think that the celebration is premature. I predict that IE 8 will not pass Acid2, after all.
But first, a few words about the next Acid test, soon to be published by the Web Standards Project: Acid3.
Acid3 will follow in the footsteps of Acid1 and Acid2; it’s a tough one-page test that displays a quirky graphic when rendered correctly. No browser will pass the test at the time of its release. All vendors are equally challenged.
Whereas Acid2 was a static Web page, Acid3 will be a dynamic Web application. When browsers are improved to pass Acid3, it will become easier to write Web applications that work interoperably across browsers.
Acid3 is written for and by the Web community. Ian Hickson is the editor of the test. While he has a unique ability to write test cases that expose bugs in all browsers, he has also asked for help from others. Code contributions are welcome.
Acid2 and Acid3 both state that they should be tested using the default settings of the browser. Web usability consultant Jakob Nielsen has discussed the power of defaults for search results. It applies to many other areas as well.
People are more likely to use the default browser than an alternate browser. They are more likely to save a document in the default format than in an optional format. And they are more likely to display Web documents using the browsers’ default settings than to change the settings.
This brings me back to Microsoft and my prediction that IE 8 will not pass Acid2. I suspect that IE 8 will, at best, support standards in a circuitous way–they will exert the power of default.
What will happen when you type http://webstandards.org/acid2 in your freshly installed IE 8? Will Acid2 be displayed correctly when you hit the test button?
Microsoft has been asked that question, but it has not given an answer. I think that the company is considering three possible scenarios.
One scenario could be that IE 8 will require users or authors to “opt in” to support standards. For example, in order to render Acid2 correctly, users could be required to modify IE 8’s default settings. This breaks with the guidelines of the test, and IE 8 will therefore not pass in this scenario.
A second scenario could be that Microsoft requires Web pages to change the default settings by flagging that they really, really want to be rendered correctly. Web pages already have a way to say this (called “doctype switching,” which is supported by all browsers), but Microsoft has all but announced that IE 8 will support yet another scheme.
If it decides to implement the new scheme, the Acid2 test–and all the other pages that use doctype switching–will not be rendered correctly.
A third scenario could be to hard-code the Web address of Acid2 into IE 8. This way, the page is given special treatment to make it look like the browser is passing the test. It should be obvious that this breaks the spirit of the test and doesn’t warrant a passing grade.
I predict that Microsoft will implement at least one of these scenarios to limit the impact of standards. This would be damaging for the Web, and I therefore hope that my prediction is completely and absolutely wrong. The IE 8 team has shown that it can render Acid2 correctly. Now it’s time for Microsoft to put its code to good use.
Biography
Håkon Wium Lie is chief technology officer of Opera Software. Before joining Opera in 1999, he worked at W3C where he was responsible for the development of Cascading Style Sheets, a concept he proposed while working with Tim Berners-Lee at CERN in 1994.
Ribbit, a Silicon Valley start-up that lets software programmers embed phone-like voice features in everything from Web sites to computers to phones themselves, unveiled its first product for consumers on Monday.
Ribbit is introducing a service, called Amphibian, that plays on the notion that its technology works in and out of the water–making voice features found on customers’ phones accessible on their computers or via many Web sites.
“We are merging computers and telephony in a true sense,” said Crick Waters, Ribbit’s vice president of strategy, who played a key role in starting several Internet businesses at former employers AT&T and NorthPoint Communications.
Amphibian–set to be launched during the first quarter–will be announced this week in Palm Desert, Calif., at Demo, a semi-annual conference that serves as a launch pad for new, up-and-coming technology companies.
Consumers can have two-way phone conversations through Web pages. Incoming calls can be sent to voicemail for automatic transcription, allowing them to be read back or forwarded like e-mail on computers or on mobile phones. This feature is made possible by voicemail transcription service SimulScribe.
The technology uses Flash and Flex design software from Adobe Systems, allowing developers to build “virtual phones” that run as computer applications or work on Web sites. More than 2,500 developers have signed up to build Ribbit services.
In a telecommunications industry dominated by proprietary software built and controlled by individual network operators, Ribbit presents an alternative using standard Web development tools.
As a start-up with limited resources, Ribbit must move carefully in a market dominated not only by incumbent phone equipment makers Cisco Systems and Avaya covet, but where Google and Microsoft have becoming aggressive players.
Waters said the company is setting out to give individual users, be they business professionals or consumers at home, the freedom to pick and choose specific telecommunication services. Ribbit software hooks up standard phone services to the Web.
Users simply forward their mobile phone numbers to Ribbit, which delivers the calls back to personalized Amphibian Web pages that offer a series of unified communications features.
Pricing has yet to be determined, Ribbit executives said, but they added that they are considering charging $10 a month for retrieving 40 voicemails via text. An unlimited transcription service might run $15 or so a month, they added.
While the company initially has focused on demonstrating the technology’s usefulness to businesses, telephone carriers, and software developers, Ribbit’s new push aims to popularize the power of its software, dubbed “voiceware,” for regular consumers.
Ribbit plans to showcase how users of personalized Web pages from Facebook, Google, MySpace, or Netvibes, as well as business-contact management applications like Salesforce, can take phone calls via their Web pages using Amphibian.
As a demonstration of the power of Ribbit, one independent developer using new Adobe AIR software has built a full-featured version of Apple’s iPhone that works on Web pages.
IDC analyst Will Stofega cautions that some of what Ribbit is showing is merely “the latest stupid phone tricks” rather than a stand-alone business. But the flexibility that Ribbit gives developers of telecommunications software could prove the sort of powerful alternative to spark rapid change in the industry.
Ribbit also introduced an online marketplace for users to find new voiceware applications that have been created using its software.
The company raised $13 million funding from investors including Alsop-Louie Partners, Jean-Louis Gassee’s Allegis Capital, and KPG Ventures.
For more information, visit http://www.ribbit.com/
Ten years ago, Netscape issued a press release announcing plans to make available the Netscape Communicator source code for free on the Internet. Citing an installation base of 68 million users and a desire to spread the browser further while encouraging community-driven development, Netscape declared that its bold new strategy would involve full publication and disclosure of the browser’s source code under the Netscape Public License, a GPL-inspired license that would facilitate modification and redistribution—a move laid the foundation for the emergence of Mozilla.
Acknowledging the historic milestone, former Mozilla CEO Mitchell Baker has published a copy of the original 1998 press release and wrote a blog entry reflecting on Mozilla’s decade-long effort to bring freedom to the web.
“2008 is a year to celebrate our history, our accomplishments, our community and our future,” wrote Baker. “We have laid the groundwork for another great 10 years—years where we can influence the web for the better, demonstrate what openness, transparency and broad participation look like, marvel at the distributed excitement and fierce dedication to the Mozilla vision for the Internet, and do things we haven’t even dreamed up yet.”
Baker intends to launch a year of celebration to commemorate the original release of the Netscape source code and all of the hard work that the open-source software community has invested in the past decade to make Mozilla what it is today. She encourages members of the Mozilla user and developer community to provide suggestions for inclusive and participatory activities that Mozilla can coordinate as part of the celebration.
Today, Mozilla’s Firefox web browser has well over 125 million users and steadily climbing market share. Meanwhile, Netscape has vanished into the mists of temporal obscurity and is scheduled to be completely decommissioned next month by AOL, its current owner.
During the past decade, we have seen the Internet transform to become an essential part of day-to-day life. The Mozilla organization has grown and evolved with the web and will continue to influence its future. Although much has changed, many things are still the same—like Mozilla’s commitment to freedom and innovation. With an impressive Firefox 3 release right around the corner, we can expect another decade of great things ahead of us.