FightSkillz.com - Life, Code, & Idiocy
It's really irritating when you're searching for OGG Vorbis support in the iOS 4 version of WebKit and a tech reporter's last name is Ogg. 2 days ago

Posts Tagged ‘web’

Facebook is Inherently Insecure

Sunday, April 11th, 2010

I've talked a lot about their unpleasantly ghostly Privacy Policy and Myspace-esk TOS, you know the ones that sign away equal rights and entitlement to your identity indefinitely just by using their site. But I haven't talked about the intrinsic insecurity of a social network like Facebook.

Fact: A significant amount of computer users exhibit insecure behaviour online. They don't use strong passwords, they don't opt for https://, they don't work on virus/keylogger free computers, and they answer spam emails(shocking I know).

Fact: Facebook contains not just a list of all your friends, but all your friends' friends, and a record of your interactions with them. Your social network and scene.

Think about it like this: If someone gains access to your email account, they can see your contact list, and they can see how you talk to your contacts. If they have a lot of time on their hands they can read huge volumes of emails and piece together your relationships.

On Facebook, they can see your list of friends, family, your communication with them, but more importantly their communication with each other. A schematic of your social life heavy with descriptions of how you know each person. Assuming you've toggled your privacy settings back so only your friends can see your stuff, and did so before google indexed your profile and friends list. Every one of your Facebook friends is an attack vector for all the personal info you've posted and that your friends and family have posted that doesn't even relate to you. More clearly A is an attack vector for B, A<->B, C, and B<->C.

In addition 3rd party Facebook app developers also have access to your social circle and information. Your Buddy wants to try an app from some developer he doesn't know? Well they just grabbed your entire social network and know a LOT about you and all your friends.

On Facebook, you are not the only one responsible for keeping your information safe. Anyone you friend is. Would you trust your Facebook friends with your Facebook username and password?

It's given birth to a new breed of highly personalized spam. Imagine getting an email from someone you don't know offering you cheap Viagra and even using your first name. Sounds like a scam right? Sounds like if you clicked on the link you'd probably get a virus or some kind of malware installed on your system right? Right.

Now imagine getting an email from Sarah your old girlfriend, where she talks about something you did the other night at a party (which you posted a photo of on Facebook being careful to only let your friends see) and then telling you she wants you to see a funny youtube video. You click on the link and guess what? It wasn't Sarah at all! "What?!", you say? How's that possible?

The Spammer, we'll call him Spammer, gains access to Jim(your buddy)'s Facebook account because a) he accidentally typed in FaceBack.com without realizing it and tried to login. His credentials were phished and the Spammer was in his account within 30 seconds, or b) Jim(same Jim) adds an application where the 3rd party developer wrote a bunch of code that scrapes all of Jim's and your information and emails it to him(the Spammer) as a .zip file when it's done. The Spammer goes ahead and looks through Jim's friends list, then through yours. Looks through your photos and descriptions of each of your contacts. Looks at Sarah's profile and write's down her email address, attaches the photo to an email, the email spoofs Sarah's email address(this is astoundingly easy without her login credentials from any computer connected to the internet) and adds an html link that looks like this in code:

<a href="http://sitewithavirus/silentkeylogger"> http://youtube.com/v=harmlessvideo</a>

and to you looks like this:

http://youtube.com/v=harmlessvideo

Clicking on the link will obviously take you to the virus and not to youtube and if you use Internet Explorer, or the Spammer is using a zero-day exploit for one of the other browsers, you're fucked due to arbitrary code execution.

A site that gives anyone other than you access to a super detailed schematic of your social circle is inherently insecure. Facebook should not expose your real life social circle to anyone even other people in that circle. But they do and will because a large part of their user retention plays on social needs for acceptance/approval/jealousy/etc. which requires exposing that information to people you normally wouldn't and in a permanent public manner that you normally wouldn't.

Tags: , , , , ,
Posted in Anti-Idiocy, The Web | No Comments »

The Ipad

Friday, April 2nd, 2010

With it's release less than 24 hours away and projected sales in the millions it's impossible not to reflect on what it all means. You can say a lot about the Ipad; it has no Flash, no camera, bare device support and an awful name, but one thing you can't talk shit about is the depth of its potential and very likely impact. Here's a more reasonable take on some of the hype and myth surrounding the device.

No Flash - Why and What does it mean?

There is only one reason why Flash is not allowed on apple mobile devices. Market share. The iPhone and the soon to materialize iPad are "extra" devices. That is, they're not meant to be purchased by people who don't already have a computer. You need a computer to update their software, sync them, etc.. On the internet there are a lot of problems with browsers being incompatible with each other. You probably know about rendering issues and speed problems. Flash is the only ubiquitous web platform. It's cross platform and runs the same code identically across all kinds of devices and operating systems from smart phones to desktops to navigation and embedded systems, running every flavour of linux, windows, mac, etc.. The also soon to be released update Flash 10.1 will increase performance, both speed, cpu usage, memory, and more across all these devices; specifically taking in mind mobile. Flash powers more than 75% of the video on the web, 70% of the games, most of the portfolios, and most of the cool graphs, apps, and more, and is installed on more than 99.99% of all devices on the internet.

Apple wants a piece of that. They want their video codecs and their technologies to prosper. Flash is lightyears ahead of html and the only real way to build robust advanced web applications. HTML 5 adds some cool features but the spec is still incomplete and stuck in a deadlock. Building an HTML 5 application is very expensive and time consuming as every browser that supports HTML5 implements it very differently, and most browsers - or rather most internet users, do not, and will not have even a smidgen of HTML5 support for at least 2 years(read: Internet Explorer).

Aside from video codecs, Apple also knows that allowing Flash to exist on the iPhone/iPad would mean people could easily create web apps that work everywhere without paying Apple or filling up their app store. If Flash was allowed on the iDevices no one would pay hundreds of dollars to get into the app store, no one would pay thousands of dollars to train their developers to learn how to program in Objective-C simply to target a single device from a single company. And absolutely no one would put all that effort and money into building that app, knowing that there will be inevitable unpredictable delays, rejections, and removals from said app store for often no reason at all.

There are a ton of idiots proclaiming Apple doesn't allow Flash on their mobile devices because "Apple supports and open web". This quite simply isn't true. If HTML ever got advanced enough they would disallow HTML based web apps on their devices as well, in fact Apple is a major player in the HTML5 codec debate preventing the HTML5 spec from being finalized, so they've already started applying the brakes to HTML and openness. Adobe on the other hand keeps opening up their technologies and leading the open screen project, while open sourcing Flex, and releasing their formerly proprietary SWF format and AMF protocol. Apple has - and is notorious for creating, one of the most closed environments known to man. If they were a government the UN would have to intervene and if they had a monopoly they'd be in deep shit with the FTC for their anti-competitiveness. Does this mean the end of Flash? Absolutely not. In fact Adobe is about to announce that using the same tools and the same code you can easily convert Flash content and applications to iPhone/iPad applications with the click of a button, and if it's not too complex to Canvas based HTML5 code as well. Flash will remain the ubiquitous "code once run everywhere" platform. And quite frankly even in some parallel dimension where that wasn't true, ECMAScript is ECMAScript and Flash developers feel just as at home(although grossly underpowered) with Javascript as they do Actionscript.

What you will see change, although more so due to Adobe's Creative Suite 5 launch--which makes the process easier, than the iPad launch which will only slightly increases demand for it, is video services like YouTube, Daily Motion, and others who can afford to convert and maintain several formats of every video uploaded will begin creating several HTML5 versions of their players. So if you browse on most computers you'll see the Flash version, rich with Flash 10.1's many new features, but if you browse on an intentionally crippled device like the iPad it'll automatically be switched out for the compatible and feature stripped HTML5 version that works with your browser. Some huge sites that use Flash will also create alternative sites that are Flash-less, but at the same time those sites will have custom Adobe AIR apps built with Flex, and custom iPhone and Android apps built natively for those devices as well. Essentially more versions of the same product, just like how today there needs to be a separate stripped down version of websites for each version of Internet Explorer, which is also intentionally anti-competitive and incompatible with other browsers or web standards.

Adoption and Impact

The reason Apple can be so bold with Flash is because the iPad is an incredible revolutionary device. Most people struggle with computers to do anything. The desktop, laptop, and netbook paradigms are confusing and actually dealing with anything is an impossible feat to ask for the majority of users. There are a lot of people who should wait a few months for the bevy of tablets about to storm the market who have Flash, grant access to the full web and a full interface, set or ports, webcam, etc. But even I wish my grandparents would get one, because it's simple to use and understand. If someone can teach you to use a microwave, someone can teach you to use an iPad. This just isn't true for more traditional keyboard and mouse based devices - despite my sincerest efforts, most people just don't get it. It's too complex and too unnatural. If you don't have to get an iPad right now but you want one eventually, you might be wise to wait for the 2nd or 3rd version, which will no doubt have a forward facing webcam, be faster, and cooler as Apple tries to stay competitive with what is sure to be a lot of competition.

The point is that while it's not going to pull away a huge amount of market share in your website analytics, it will be a significant amount, and it will create a lot of change. Not just the iPad, but the wide array of tablets about to hit the market. The form factor will be significant, and all the big names will have alternative sites and apps to cater to not just touch screens, but no-flash environments, and small screens.

Tags: , , , , , , , , , , , , , , , , , ,
Posted in Anti-Idiocy, Life, Software, Tech, The Web | No Comments »

Some Sense

Wednesday, February 3rd, 2010

I kept reading on Giz about how HTML 5 takeover is imminent and each time lost a little respect for my favourite gadget blog. It's good to know that when it comes down to it some of them do actually know what they're talking about.

Gizmodo, who were some of the idiots I referred to in my post yesterday redeemed themselves by publishing a very comprehensive breakdown of why HTML 5 isn't saving anyone anytime soon 40 minutes ago, and (although they only briefly touched on it, being that the post is primarily about HTML 5) why Flash is better at doing the kind of things HTML 5 is supposed to usurp in imagination land.

HTML isn't platform ubiquitous and never will be because whoever has the monopoly is also directly motivated to keep web standards to shit. Companies are companies and the monopoly will always be a company.

Flash on the other hand is already platform ubiquitous. Write once, deploy everywhere. The only problem with flash is resource use, which 10.1 - already in 2nd beta will address.

Flash also now has the ability to run native c/c++ code, so decoding video with flash will be as fast as doing it natively in the browser. Well as doing it natively in the browser will eventually maybe possibly in 5-10 years if the web can come together in happy fairy land on HTML 5 implementation.

Goodbye Flash?? I say goodbye web browsers and hello Adobe AIR branded front ends to web services and content.

Here's a small excerpt from John Herrman of Gizmodo's comprehensive HTML 5 breakdown, although I strongly recommend you read the whole thing as it makes things clear for the tech - and not so tech, savvy:

...

The Basics

Before we get into what HTML5 means, we have to talk about what it is, and to talk about what it is, we need to talk about what it's built upon.

Hypertext markup language, or HTML, is the language underneath every web page you've ever been to. The language, along with its various complementary technologies (see: CSS, Javascript), has become immensely complex over the years, but the concept is simple. HTML is what turns this:

<u><em><strong><a href="http://gizmodo.com">Hello!</a></strong></em></u>

Into this:

Hello!

It's basically a set of instructions that a website hands to a browser, which the browser then reads and converts into a formatted page, full of text, images, links and whatever else.

Here, try this: Right-click anywhere on this webpage, and click "View Page Source," or "View Source," or something to that effect. Your eyes will be assaulted with a wall of inscrutable text. You'll see evidence of syntax, but your brain won't be able to parse it. Your eyes will glaze over, and you will close the window. This, my friends, is HTML. But you probably already knew that, because it's 2010, basic web languages are basically in our drinking water. So what's this "5" business?

Somewhere in the central command center basement of the internet, there's a group of guys who maintain the standard, or the rules, of HTML. In the case of HTML5, the buck stops with the Web Hypertext Application Technology Working Group (WHATWG), and to a lesser extent, the World Wide Web Consortium (W3C). It is through these independent standards organizations that new features are codified and presented to the public, and later—in theory—supported by various browsers, no matter what company is behind them.

In the early nineties, the W3C and a few influential torchbearers would collect various new web features thought up by different browser makers, publishing these standards with the hope that we didn't end up with different internets for different browsers. By the mid to late nineties, the standards had grown in both size and stature, then serving as the de facto guide for browser makers and developers alike. (If this sounds a bit rosy, the reality was far grimmer—just ask any seasoned web developer about Internet Explorer, version 6 or earlier.)

Despite an occasionally rocky road, HTML standards went beyond being just a record of changes in web technology; eventually they became the blueprint to push them forward. Still, standards are guides, not laws, and no browser maker has to adopt each and every revision.

The last major revision of the HTML standard, version 4.01, was published in 1999. HTML5 hasn't yet been formally codified, but it was born in 2004 and has been undergoing steady work and maintenance since. In the '90s, HTML discussion centered around topics like font coloration, or tables, or buttons, or something more esoteric. Today, a new HTML version means deep-down support for the modern web, namely web apps and video.

John Herrman - Read the rest on Gizmodo

 

Tags: , , , , , , , , , ,
Posted in Anti-Idiocy, Programming, Software, Tech, The Web, Video | No Comments »