Seven Design Requirements for Web 2.0 Threat Prevention
Virtualization Review, CA - The rapid adoption of Web 2.0 applications has opened up the enterprise to new security threats that are not stopped by the widely deployed Web and … |
Internet Risk Management In The Web 2.0 World
Virtualization Review, CA - This study found that Web 2.0 usage is prevalent in enterprises today and revealed that most companies are slow to respond to the latest threats … |
How Can Publishers Embrace Web 2.0? “Just Do It”
Publishers Weekly, NY - by Lynn Andriani — Publishers Weekly, 5/30/2008 11:19:00 AM Thursday’s Web 2.0 panel at BEA brought together an author, a magazine publisher and the … |
 CIO |
Organizations Struggle To Manage The Intersection Between IT and …
CIO, MA - The technology driving Web 2.0 has outpaced many marketing professionals ability to stay ahead of the curve. This has left many organizations playing to the … |
Jon Ferraiolo of IBM and the OpenAjax Alliance wanted to share with the community news on a couple of initiatives:
The OpenAjax Alliance is requesting industry feedback on two companion initiatives, OpenAjax Conformance and the OpenAjax Registry, which have been under development for the past year.
The term OpenAjax Conformance is shorthand for the set of conformance requirements that OpenAjax Alliance places on Ajax technologies, products, and applications to promote interoperability. Version 1 of OpenAjax Conformance defines 10 specific conformance requirements on Ajax runtime libraries. An Ajax runtime library that meets these conformance requirements will allow Web developers to use that library conveniently within a given Web page with other OpenAjax Conformant libraries.
OpenAjax Conformance provides the following benefits to IT managers and the Ajax developer community:
OpenAjax Conformance defines three conformance levels. Full Conformance is for Ajax products that have sufficiently strong Ajax interoperability characteristics that there is high expectation that the given product can be used successfully and conveniently with other Ajax products as part of the same Ajax development task. Configurable Conformance is for Ajax products that support all of the same strong interoperability characteristics as for Full Conformance, except not in their default configuration. Limited Conformance is for products that meet a particular subset of the conformance criteria, and therefore have taken important steps towards Ajax industry interoperability, but on the question of whether the given Ajax product can interoperate successfully and conveniently with other Ajax products, the answer is “it depends”.
The OpenAjax Registry is a centralized, industry-wide Ajax registration authority managed by the Interoperability Working Group at OpenAjax Alliance. The Registry maintains an industry-wide list of Ajax runtime libraries and various characteristics of each library. For each library, the Registry lists:
These two technologies have now entered a public review phase that ends on June 30, 2008. Feedback can come in various forms, such as email to public@openajax.org, or comments posted on various industry blogs. After the public review phase ends, the members of OpenAjax Alliance will adjust the two specifications to take the feedback into account and then move the two specifications towards version 1.0 completion and approval.
One of the details of Yahoo! BrowserPlus that people picked up on was the fact that it only runs against Yahoo! properties.
However, some folks have hacked that restriction so they can play with it locally, and assume that Yahoo! wouldn’t like this.
Skylar Woodward of Yahoo! has posted that this isn’t the case at all:
BrowserPlus was more-or-less designed to be hacked. Not hacked in the “I want to steal innocent users data and delete their files” sort of way, but in a manner that allows experimentation and freedom without compromising the security of pedestrian users. There’s more there to be mined, but enabling local development is a good place to start.
And goes on to show how you can get rid of the restriction:
Currently, BrowserPlus is restricted to Yahoo! sites; that includes restrictions for running local files. A simple addition to our test file exposes the error:
JAVASCRIPT:
The error BP_EC_UNAPPROVED_DOMAIN confirms the local domain (
file://) isn’t permitted. That means it’s time to dig into the BP configuration files. On Mac these are in
/Users/[you]/Library/Application Support/Yahoo!/BrowserPlus/On Windows XP, you’ll find them in something akin to
c:\\Documents And Settings\[you]\Local Settings\Application Data\Yahoo!\BrowserPlus\and on Windows Vista…
c:\Users\[you]\AppData\Local\Yahoo!\BrowserPlus\In the Permissions folder is a file similarly named which is what we’re looking for. Opening it up we see:
JAVASCRIPT:
The intuitive addition to this list is:
JAVASCRIPT:
The file is modified, but BrowserPlus hasn’t picked up the changes yet. The clean way to force this is to close all open browser windows. (BrowserPlus shuts down when no pages are using it.) The dirty way to do this is to search for BrowserPlusCore in your process list and kill it using your favorite platform-available tool. Either way, after opening test.html back up we should see our “Hello World.” Sweet - now we’re ready to start playing.
There is one final catch. BrowserPlus is fairly proactive about security so it helps to know that the permissions file will be overwritten on a regular basis. The savvy way around this would be a simple build script or at least a handy copy of our modified permissions file that we can use to reapply the changes in between development sessions. We might also test for BP_EC_UNAPPROVED_DOMAIN somewhere in our init callback to scream if the temporary development environment is disrupted.
Java and AJAX Over the Cloud
SYS-CON Media, NJ - That way they're supposed to be able to sidestep common AJAX headaches l By James Hamilton Friday morning the local Fox television station in New York City … |
 San Diego Union Tribune |
AJAX RIA News - Well, Qualcomm Likes Flash
SYS-CON Media, NJ - Steve Jobs may not think much of Flash but Qualcomm apparently feels differently and has been collaborating with Adobe on a mobile platform that integrates … Busy day in mobile development world |