Understanding Ajax vulnerabilities article is an introduction how to protect the web applications you create with Ajax. Because of its range of functions and ease of use, Ajax is one of the most widely used tools for building web applications today. All applications, including those built using Ajax technologies, are vulnerable to exploits that compromise websites and the databases that drive them. Using Ajax doesn’t put your website at any greater risk than if you used any other web technologies—especially if you know what the threats are.
Archive for the ‘WWW dev’ Category
Understanding Ajax vulnerabilities
Tuesday, February 19th, 2013Google Drive hosted test websites
Saturday, February 9th, 2013Google now allows web developers to share hosted websites via Google Drive. Google Drive now lets developers share hosted websites by storing HTML, JavaScript, and CSS files article gives you nice instructions how to do that. The basic idea is to upload site files to Google Drive folder and share it a as “Public on the web.” You get the URL to your content with “Preview” button.
I tested the instructions and found out that they worked as advertised for sites that do not need any server side scripting. This could be useful for test and demo purposes.
HTML5 specification published
Wednesday, December 19th, 2012W3C has published the full definitions of the HTML5 and Canvas 2D specifications and is now moving on to interoperability and performance testing. The W3C settling on a specification for HTML5 should mean that web browser developers can now provide support for a common set of functions rather than implementing parts of the specification. The W3C said that it expects to see “broad HTML5 interoperability” by 2014. In a recent Kendo UI survey of more than 4000 developers, 63 percent indicate that they are “actively developing with HTML5.”
W3C also announced the first draft of HTML 5.1 and Canvas 2D, Level 2 as an early view of the next round of standardization.
Visualizing 100,000 Stars In Chrome
Friday, November 16th, 2012Google has rolled out a new web experiment for Chrome. 100,000 Stars: Google’s latest Chrome experiment taps NASA to visually explore the Milky Way. This one is a visualization of the locations of over 100,000 nearby stars (pulls data from astrometric databases and catalogs). Using Chrome’s WebGL, CSS3D, and Web Audio support, you can zoom in and out to explore the layout of the stars, set against a dreamy soundtrack. You can zoom and pan around the cluster, zoom all the way in to the solar system, or zoom all the way out to see rest of the Milky Way. This web app works best in Chrome, but I was able to try it in Firefox as well. If you are still stuck with IE only, you are out of luck with this demo.
A single picture does not give justice to this application, so go to see it yourself at http://workshop.chromeexperiments.com/stars/
Time for Firefox Plugin Check
Monday, October 8th, 2012Mozillla announced that it will soon start prompting Firefox users to upgrade select old plugins. This means that Firefox users who have outdated versions of the most popular plugins will soon see a notification urging them to update when they visit a web page that uses them.
Old versions of Silverlight, Adobe Reader and Adobe Flash on Windows are covered by this. In addition to this Firefox also automatically disables outdated version of Java for your safety.
Mozilla strongly recommends that you go to our Plugin Check page and update them as soon as possible. Old plugin versions can cause stability problems and are potentially insecure.
Flash, Acrobat Reader, and Java flaws account for most of the malware installs, and most users are bad at keeping these things up to date. Running a stack of update utilities is irritating to advanced users and confusing to novice users. Most people just want the same thing they used yesterday to work today, and are really annoyed when what worked yesterday starts nagging them to upgrade today. All this does is make the malware industry happy.
I noticed during weekend that my Firefox on several computers automatically opened Plugin Check page for me when I started it. And the result made me to update some of the plugins that were marked to be out of date. I recommend that you also check your plugins and update them to up-to-date versions.
It is also a good idea to check your Firefox Add-ons ass well. Keep them up to date and disable ones you don’t need.
Useful information sources
Tuesday, October 2nd, 2012Here are some of my favorite sources for technology news and articles. I check them often:
HTML5 for HMI
Monday, October 1st, 2012There are some common rules in the design of user interfaces (UI) in embedded systems, such as, “use common dialogs and buttons familiar to your users” or “keep it simple by limiting user activity, as much as possible, within the context of the current function”. The design of these buttons, dialog boxes, help screens and other widgets are not always easy to create in resource-limited embedded systems. What is needed, is an easy and efficient way to create these widgets. HTML5 could help in that.
HTML5 is everywhere right now. And with good reasons it has growing popularity. HTML5 platform can add functionality and capabilities to your device, extending the life cycle of a current product and preparing applications for future platforms. Nowadays idea of building HMI based on HTML5+Websockets has become practical. The graphics and UI tools available via HTML5+CSS3+Javascript are starting be be amazing.
HTML5 is platform agnostic (the main goal is platform independence). Most/all of the UI heavy lifting would be offloaded to the browser on the client size and not using resources on the embedded device. Using web sockets, communication between embedded device and browser would actually be more akin to a peer-to-peer architecture than client-server.
HTML5 and its ancillary technologies (CSS3, JavaScript, AJAX, JSON, etc.) offer an excellent, non-proprietary solution for building rich, device-agnostic HMIs. HTML5 is not very far way. W3C recommendation status for HTML5 is expected in 2014. Many of HTML5 features are already implemented in web browsers today (both on desktop and mobile devices).
Find out how HTML5 affects your current and future products. Here are some pointers to more information:
Understanding HTML5 article attempts to bridge the gap between the musings and the tutorials and present a brief overview of HTML5 that will be useful to people who have technical background but are not already up to their elbows in HTML5. Article also has tip on how to optimize a bit of JavaScript for equalizing audio output.
HTML5 for automotive infotainment: What, why, and how? is a slide set that tells why HTML5 is a hot trend in automotive infotainment.
HTML5 Will Be The Technology Of Choice For In-Vehicle HMIs article tells that in the auto industry, and especially in the design of in-vehicle infotainment systems, the advent of the smart phone has changed everything. HTML5 is a non-proprietary and widely adopted standard that is already proving its worth in a wide range of implementations across a variety of industries, including automotive. If anything can help automakers deliver what their customers want in their in-vehicle infotainment systems at reasonable cost today and tomorrow, it’s HTML5.
QNX Auto Blog has a nice article series on HTML5 in car. Everything you wanted to know about HTML5 in the car, Part I article talks about CSS, cross-platform execution, and asynchronous design. Everything you wanted to know about HTML5 in the car, Part II turn the attention to web servers, native plug-ins, instrument clusters, and display updates. Everything you wanted to know about HTML5 in the car, Part III article turns attention to tools, touch gestures, UI performance, and vehicle resources. 8 steps to building a lean and mean HTML5 application article gives tips on HMI development for the QNX CAR 2 application platform.
PPS messaging connects HTML5 and hardware article tells that Human-Machine Interfaces (HMIs) developed with HTML5 reside in a high-level, virtualized environment, and they work well in this environment. This fact does not preclude their needing to access hardware. Unfortunately, like other high-level HMI technologies, HTML5 doesn’t offer a simple solution for communicating between the HMI layer and the many low-level components found in today’s systems.
Bridging the chasm between HTML5 and the hardware with PPS messaging article tells that writing specific interfaces to communicate between the HMI and each low-level service is a costly—and likely unsustainable—proposal. According to QNX Software Systems a better approach is to use an HMI-agnostic, asynchronous messaging model such as Persistent Publish/Subscribe (PPS): a service for pushing out changes and receiving notifications. PPS promises to provide a simple and effective way for the HMI to communicate with low-level components and the vehicle hardware.
QNX Software Systems has published quite many articles that talks about benefits of PPS. But that PPS must not be the only one choice around. The question is what are the more open alternatives to it? Any recommendations?
Conclusion
HTML5 is fast becoming not just a popular HMI technology, but the preferred environment for delivering rich, flexible user interfaces. HTML is no longer just the standard for presenting web content, but a viable technology for HMIs for all sorts of applications.
HTML 5.0 and 5.1
Thursday, September 27th, 2012HTML 5 specification might get ready (up to certain point at least) in few years if we are are lucky. W3C reveals plan to finish HTML5 and HTML 5.1 article tells that the Worldwide Web Consortium (W3C) says it’s still on track to release the final HTML5 specification in 2014. The plan (not yet officially approved but released on web site) is that W3C will deliver not just an HTML 5.0 standard in 2014, but also an HTML 5.1 spec in 2016.
Challenges remain in achieving this goal. The plan is to have HTML 5.0 Recommendation in 2014Q4 and an HTML 5.1 Recommendation in 2016Q4. The reason it’s announcing an additional HTML 5.1 version now is simple. Due to the pressure to deliver HTML 5.0 in 2014, the W3C wants to defer any new issues that are raised until HTML 5.1 and concentrate only on current issues that can be addressed without substantive changes to the 5.0 spec. The plan also advocates increased reliance on modularity as the means to keep HTML5 moving forward.
The last formal HTML specification, HTML 4.01, reached Recommendation status (meaning a finished standard) in 1999. At this rate, by the time HTML 5.0 becomes a Recommendation, the W3C will have been working on HTML5 for a solid 15 years!
Get rid of IE now!
Wednesday, September 19th, 2012Internet Explorer users have been told in many sources many times (including my blog): ditch the IE application and switch to another browser, pronto. There is a a new serious hole that’s exploitable by visiting a malicious Website: The site owner can take possession of the computer used for surfing. This critical zero-day bug in Internet Explorer is under active attack. It is claimed that this IE exploit was created by the same group that recently released a Java zero-day into the wild.
The attack works on IE 7 through 9 running on XP, Vista and Windows 7. This is one of the few times that a single vulnerability has been successfully exploited across all the production shipping versions of the browser and OS. There is no correction for this yet.
Microsoft recommendations for this problem:
Install Enhanced Mitigation Experience Toolkit
Set IE security: intranet and the Internet security level to “high.”
My recommendations:
Do not use Internet Explorer. Get rid of IE now! Use some safer browser like Firefox or Chrome. While every browser has its security issues, those are considerable safer alternatives.
Firefox 15: Type error: Can’t access dead object
Monday, September 3rd, 2012I upgraded to Firefox 15 and got an annoying error:
I keep getting annoying often “Type error: Can’t access dead object” errors.
That message is displayed endlessly after using many web pages and closing their tab.
After some Googling I found page http://support.mozilla.org/en-US/questions/935811 that tells that Drag & Drop upload extension could be the cause.
Disabling Drag & Drop upload extension seemed to help.
