Top Tech Stories Audio Listen Now

Daily Installment of Coffee Joe, By Jim O'Connor

MP3

I was able to create a system of transmitting numbers undetected through the local service. The robot would leave me a message that only said where it was. Using the number of line feeds and spaces, I would be able to tell what the exact frequency was. The spaces and the line feeds would be put at the end of the message, so every message would look the same to the human eye.

I had it all put together and I told the robot to keep making a spiral around the city, getting further away with each pass. This would continue until I called the robot back. I knew this would take days or maybe even weeks, but this really was the only sane way to deal with it. In the mean time, I would have to live without a robot at home. On the other hand, maybe I could spend some of the extra money I had been making to buy a new robot. I sent the robot out to get started. I told the robot "Happy hunting." the robot asked, "Sir, why would you think that a robot could be happy?" I said, "I thought maybe you had some software that could emulate human emotion." the robot replied. "Emulate human emotion Sir. Why would I want to do that?" I said, "I don't know. Maybe I thought you would want to understand humans." The robot said, "I do understand humans Sir. Give me any instruction and I'll will demonstrate for you." I told the robot "Just get started. Run the alternate." "Yes Sir" the robot replied. The robot started to go down the street.

I went inside and told the computer to find me a good deal on a new robot. A list of robots and prices showed up on the monitor. Even the cheapest robots were about fifty thousand dollars. I thought that was a little expensive, so maybe I would just find a used one.

The first call from the robot came about 30 seconds after it started running the program. I checked the time and converted the frequency. I realized the robot had found a signal at 1140 Kilohertz. I got the radio out again. I turned it on and sure enough, the robot had found the same signal I found before. The signal was back and so was the interference. I couldn't help but to be curious about why I couldn't see it after I got closer to Nevada. All things considered it seemed like a sure bet.

The program the robot was running was not designed to give me signal strength. It would only tell me if there was a signal there. I knew I was going to have to modify the robot software again so it could zero in on the location of the radio signals. First, I would give the robot a couple of days to see if it could find anything else.

Verizon is Only Friendly Until You Buy Something

MP3

By Meg Marco

Reader David sends us a heads up about a blog entry that nicely sums up Verizon's consistently awful customer service.


Did anything outrageously horrible happen to this company when they tried to order a phone line? No. Were the Verizon people so incapable of doing their jobs that even a simple problem ("Hey, you forgot our voicemail!") became an epic battle for truth justice and the American way? Yes. Is this at all unusual? No. From ParagraphNY:




Even the best of them will be reduced to a screaming idiot after spending three days trying to get through to Verizon representatives. And after three days of soul searching, we still cannot fathom why a business line ordered with voicemail came without voicemail and why it took the phone company 72 hours, 82 representatives, and three escalations to correct their mistake.
...
We make our first phone call to Verizon on Monday at 6:00p.

We get through to an operator on Monday at 6:30p.

The operator informs us that she is in California, everyone in New York has gone home and she has no way of giving us the access number for voicemail or helping us further. Because she's in California. And this should make perfect sense to us.



Paragraph has managed to sum up, in one blog post, everything that is wrong with Verizon. We even like the title: "Why Verizon Deserves to Die a Slow, Painful Death."

What to Expect from HTML5

MP3

Support for the next generation of HTML is already appearing in today’s browsers and Web pages. Are you ready to take advantage?
By Neil McAllister | InfoWorld


Among Web developers, anticipation is mounting for HTML5, the overhaul of the Web markup language currently under way at the Worldwide Web Consortium (W3C). For many, the revamping is long overdue. HTML hasn't had a proper upgrade in more than a decade. In fact, the last markup language to win W3C Recommendation status -- the final stage of the Web standards process -- was XHTML 1.1 in 2001.

In the intervening years, Web developers have grown increasingly restless. Many claim the HTML and XHTML standards have become outdated, and that their document-centric focus does not adequately address the needs of modern Web applications.

[ For more on HTML5's potential impact on proprietary Web technologies, see "HTML5: Could it kill Flash and Silverlight." | The InfoWorld Test Center investigates how well the new Microsoft Silverlight 3 and Adobe Flex 4, Flash 4, and Catalyst rich Internet technologies measure up, and provides an in-depth comparison of eight PHP IDEs. ]

HTML5 aims to change all that. When it is finalized, the new standard will include tags and APIs for improved interactivity, multimedia, and localization. As experimental support for HTML5 features has crept into the current crop of Web browsers, some developers have even begun voicing hope that this new, modernized HTML will free them from reliance on proprietary plug-ins such as Flash, QuickTime, and Silverlight.



But although some prominent Web publishers -- including Apple, Google, the Mozilla Foundation, Vimeo, and YouTube -- have already begun tinkering with the new standard, W3C insiders say the road ahead for HTML5 remains a rocky one. Some parts of the specification are controversial, while others have yet to be finalized. It may be years before a completed standard emerges and even longer before the bulk of the Web-surfing public moves to HTML5-compatible browsers. In the meantime, developers face a difficult challenge: how to build rich Web applications with today's technologies while paving the way for a smooth transition to HTML5 tomorrow.

Modernizing HTML for the rich Web
Rich applications and HTML have not always been a natural fit. The father of the Web, Tim Berners-Lee, envisioned HTML as "a simple markup language used to create hypertext documents that are platform independent." With the advent of XHTML, the pure XML formulation of the language, the W3C maintained this focus on Web pages as documents, with the proposed XHTML standards emphasizing such issues as document structure, compatibility with XML tools, and Berners-Lee's vision of the Semantic Web.



This frustrated many developers who saw greater potential in the Web as an application platform. In 2004, representatives of Apple, the Mozilla Foundation, and Opera Software founded the Web Hypertext Application Technology Working Group (WHATWG), an independent Web standards consortium. Working outside the W3C, WHATWG began a parallel effort to revamp HTML for a more application-centric view of the Web.

In 2007, with its XHTML 2 work mired in seemingly endless debate, the W3C voted to adopt WHATWG's work as the starting point for a new HTML5 standard. By this time, even Berners-Lee had come around to the notion of an application-centric Web. "Some things are clearer with hindsight of several years," he wrote in 2006. "It is necessary to evolve HTML incrementally. The attempt to get the world to switch to XML ... all at once didn't work."

That's not to say the concept of a pure-XML Web markup language is dead. Although HTML has retaken the lead role in the standards effort, an XML formulation of HTML5, to be known as XHTML5, is being developed at the same time. The difference is that while XHTML5 will be available for those who have already made the switch, developers will no longer be required to observe the rigorous syntax of XHTML to take advantage of Web markup's latest features.

HTML5: Markup gets a makeover
Be that as it may, HTML5 has inherited many additions originally proposed for XHTML 2, including a number of features designed to improve document structure. For example, new HTML tags such as header, footer, dialog, aside, and figure allow content authors to specify common document elements in a consistent way. Previously, developers had to mark such elements using div tags with custom class attributes, an arbitrary method that made HTML documents difficult to parse.

HTML5 also continues the effort to separate Web content from presentation. Developers might be surprised to see the b and i elements available in the new standard, for example, but these elements are now used to offset portions of text in generic ways, without implying any specific typographic treatment. Where the i element once implied italic type, for example, in HTML5 it merely means "a span of text in an alternate voice or mood." Similarly, the b element does not imply specifically boldfaced text, but text that is stylistically offset without having any additional importance.

By comparison, the u tag, which referred specifically to underlined text, has been dropped from HTML5, along with other presentation-specific elements, including font, center, and strike. Such stylistic attributes are now considered the exclusive domain of CSS.

The new standard introduces additional data types for form input elements, including dates, URLs, and email addresses. Still other elements improve support for non-Latin character sets, including tags for specifying the "ruby text" that appears in some Asian languages. HTML5 also introduces the concept of microdata, a method of annotating HTML content with machine-readable tags, making it easier to process for the Semantic Web. Together, these structural enhancements allow content authors to build cleaner, more manageable Web pages that play nicely with search engines, screen readers, and other automated content parsers.

Enabling a richer, standards-based Web
But the most eagerly anticipated additions to HTML5 are the new elements and APIs that enable content authors to create rich media using nothing more than standards-based HTML. Modern Web pages increasingly incorporate scalable graphics, animation, and multimedia, but so far these capabilities have required proprietary plug-ins such as Flash, RealMedia, and QuickTime. Such plug-ins not only introduce new security risks, but they also narrow the audiences of the resulting pages.



One way HTML5 solves this problem is by aligning itself more closely with related markup languages. Content authors can embed markup written in MathML (for rendering equations) and SVG (for rendering scalable vector graphics) directly into their HTML5 markup. This increased flexibility makes cross-platform HTML more competitive with file formats such as Flash and Silverlight, which were designed with both text and graphics in mind.

But Web developers are clamoring loudest for HTML5's new audio and video tags, which aim to finally make it easy to embed multimedia content into Web pages. These tags are defined in the HTML5 standard as being codec-neutral, meaning it's up to individual browser vendors to support the codecs needed to play any given content item. Still, the video tag in particular is expected to be a godsend, particularly for online video providers who want their content to be available on Apple's iPhone and forthcoming iPad, neither of which supports Flash.

Taking interactive Web graphics one step further is the canvas tag, which can be used to define areas of the browser window as dynamic bitmaps. Web developers can use JavaScript to manipulate the content of canvas elements, rendering graphics in real time in response to user actions. In theory, this technique could allow developers to create fully interactive games using nothing more than JavaScript and HTML.

In addition to these onscreen technologies, HTML5 also introduces the concept of browser-based application caches, which allow Web applications to store information on the client device. Like the Google Gears plug-in, these caches can both speed up application performance and allow users to continue to use Web applications even when they do not have access to the Internet -- in fact, Google is already planning to phase out support for Gears in favor of the HTML5 technology.

Browser plug-ins: Not dead yet
But for all of HTML5's new features, users shouldn't expect plug-ins to disappear overnight. The Web has a long history of many competing technologies and media formats, and the inertia of that legacy will be difficult to overcome. It may yet be many years before a pure-HTML5 browser will be able to match the capabilities of today's patchwork clients.

For example, while Vimeo and YouTube are already experimenting with the HTML5 video tag, deploying HTML5 multimedia will not be as easy as it sounds. The W3C's decision not to specify media codecs in the HTML5 standard means developers cannot guarantee that any one media format will be playable on every possible client device. Apple, Google, and Microsoft are pushing for H.264 video, for example, but open source browsers such as Firefox and Konqueror are unable (or ideologically unwilling) to license the appropriate patents to support that format. Unless this boondoggle can be resolved, Web content authors who need to reach the widest possible audience may be forced to continue to rely on Flash.

Not every legacy application will be rewritten for HTML5, either. For example, even if Google downplays its own Gears technology in favor of a standards-based approach to local application storage, the Gears API and the HTML5 application cache API are not identical. Google itself admits that "there is not yet a simple, comprehensive way to take your Gears-enabled application and move it (and your entire userbase) over to a standards-based approach." Until there is one, even users of fully HTML-compliant browsers may be forced to install Gears to support some legacy applications.

In the end, browser market share may be the most significant hurdle for developers interested in making the most of HTML5. Internet Explorer 6, for all its rendering quirks and inept handling of Web standards, is seemingly the browser that cannot die. Older versions of Firefox, IE, Opera, Safari, and others all have large user bases, and none support HTML5. Until these legacy browsers are replaced with modern updates, Web developers may be stuck maintaining two versions of their sites: a rich version for HTML5-enabled users, and a version for legacy browsers that falls back on outdated rendering tricks.



In HTML5's favor, Apple's iPhone and iPad will not support Flash, but are expected to gain support for HTML5 features as the standard matures. Similarly, Google's Chrome browser leads the pack in HTML5 support, and devices based on the company's forthcoming Chrome OS are expected to follow suit. Large Web publishers, however, have traditionally been conservative about standards support; even given a large HTML5 installed base, it may be years before the Fortune 500 is willing to risk the upgrade.

How to try HTML5 today
Some voices among the Web development community also urge caution. Although Microsoft plans support for HTML5 in Internet Explorer 9, for example, the software giant questions the wisdom of claiming support at this early stage. "Saying you are standards-based but then saying you are the most HTML5-compliant browser does not make sense, because the standard is not [complete] yet," Microsoft's Steven Sinofsky remarked in a recent interview.

Indeed, no organization is more guarded in its estimates of HTML5 adoption than the W3C itself. The HTML5 working group does not expect the standard to reach Candidate Recommendation status -- the feature-complete phase of the W3C standards process -- before 2011. Even then, the process of ratifying the standard as a W3C Recommendation is expected to continue until somewhere around 2022. If you're doing the math, that's 21 years from XHTML 1.1 to HTML5.

By any count, HTML5 is likely to remain cutting-edge technology for the next five to 10 years. Early adopters who would like to see it in action today can do so, however, albeit in a limited way. A number of pilot projects and demonstration sites that showcase the various capabilities of the new standard are available online; the key is choosing the right browser. Support for HTML5 features in Firefox is spotty. Browsers based on the WebKit rendering engine, including Chrome and Safari, work best. Ironically, that means Internet Explorer is also an option -- but only with the Chrome Frame plug-in installed.

Web developers, likewise, are free to experiment. Whole sites can be built with code that conforms to the current draft of the HTML5 specification, although results with current browsers will be spotty. One of the best online resources for would-be HTML5 developers is Mark Pilgrim's excellent Dive into HTML5, which includes, among other things, a detailed guide to navigating the complex world of the HTML5 video element and the various codecs supported by current browsers.



So much work remains to be done on the HTML5 standard, however, that some organizations are liable to dismiss it as yet another overhyped, up-and-coming technology. That would be a mistake. Standards bodies by their very nature move slowly, but work on HTML5 is being driven by large, motivated vendors, including Adobe, Apple, Google, Microsoft, the Mozilla Foundation, Opera Software, and others. These companies recognize the need for an upgrade to the HTML standard, and their work is helping to realize its potential. The resulting opportunities for Web developers are too compelling to ignore.

Notable HTML5 Demonstration Sites
(Note: Most require Chrome, Safari, or IE plus the Chrome Frame plug-in.)

Mozilla Bespin An in-browser programmer's editor written using HTML technologies
YouTube YouTube's HTML5 player offers experimental HTML5 support
Vimeo Vimeo movies offer a link at the bottom for switching to an HTML5 player (Chrome, Safari, IE+Chrome Frame)
Merge Design An HTML5 geolocation demo
Sticky Notes A demonstration of HTML5 client-side storage
Wolfenstein 3D Demo using the canvas tag (with how-to) -- works in Firefox 3.6
ClouserW Soundboard An HTML5 sound board showing off multimedia capabilities
Google Wave Google Wave relies on HTML5 for some of its features
FreeCiv A game implemented in HTML5



Related articles

And Now, a Word from Our Sponsor

MP3

Web Store

Our Daily Bit of the U. S. Constitution. Law Makers Ignore This Like Always

MP3

The Congress may determine the time of choosing the electors, and the day on which they shall give their votes; which day shall be the same throughout the United States.

No person except a natural born citizen, or a citizen of the United States, at the time of the adoption of this Constitution, shall be eligible to the office of President; neither shall any person be eligible to that office who shall not have attained to the age of thirty five years, and been fourteen Years a resident within the United States.

In case of the removal of the President from office, or of his death, resignation, or inability to discharge the powers and duties of the said office, the same shall devolve on the Vice President, and the Congress may by law pro vide for the case of removal, death, resignation or inability, both of the President and Vice President, declaring what officer shall then act as President, and such officer shall act accordingly, until the disability be removed, or a President shall be elected.

The President shall, at stated times, receive for his services, a compensation, which shall neither be increased nor diminished during the period for which he shall have been elected, and he shall not receive within that period any other emolument from the United States, or any of them.

IE Zero-Day Exploit Code Goes Public

MP3

Expect attacks against unpatched browsers to gain momentum, as hackers are using the exploit to launch drive-by attacks from malicious sites
By Gregg Keizer | Computerworld


Exploit code for the unpatched bug in Internet Explorer was published on the Web yesterday, a step security pros said earlier would be the precursor to widespread attacks.

Israeli researcher Moshe Ben Abu used a clue in a Wednesday blog post by McAfee to grab an in-the-wild exploit, strip it of its obfuscations and use it to craft a working attack module for the popular Metasploit open-source penetration framework.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

"It was quite easy," said Abu in an email reply to questions late yesterday, referring to the time it took him to build the Metasploit module from the exploit code he'd found. "[It took] no more than a few minutes."

Abu's exploit was added to the Metasploit tree earlier Wednesday after review by the development team, confirmed HD Moore, the creator of the framework and chief security officer for security company Rapid7. Abu has contributed 10 exploit modules to Metasploit in the last three years, added Moore.

Microsoft first warned users of the vulnerability in Internet Explorer 6 (IE6) and IE7 on Tuesday when it issued a security advisory, typically a first step in the path toward delivering a patch when exploits or attacks are public.

By Wednesday, antivirus companies were reporting that hackers were using the exploit to launch drive-by attacks from malicious sites, including the one hosting the code that Abu found.

Abu claimed that the exploit worked on fully-patched PCs running Windows Vista Service Pack 2 (SP2) and IE7, as well as machines running Windows XP SP3 and IE6 or IE7. But the attack code isn't foolproof: It works between 60% and 75% of the time, said Abu.



Moore said it was at the lower end of Abu's range. "The exploit is somewhat unreliable, as it shares traits with other use-after-free flaws such as the bug exploited in the 'Aurora' attacks," said Moore, talking about the IE6 exploit used to hack into Google's corporate network. "Based on our testing, we are seeing the exploit work best against Windows XP SP3 IE7 with rates close to ~60%, without DEP. Other platforms are less reliable right now, but it's likely just a case of tuning the parameters for each target."

Security experts consider public posting of exploit code, especially when it's added to the popular Metasploit, as a milestone that usually means attacks will grow in number as other hackers use the code.

They also have said it's a signal that Microsoft might rush out an emergency fix. "Generally, one of the indicators is if an exploit has gone public," said Andrew Storms, director of security operations at nCircle Network Security, in an interview Tuesday. "That often determines how quickly they'll patch."

Microsoft hasn't committed to a patching schedule for the IE bug, but said Tuesday one option would be to deliver an "out-of-band" update before the company's next patch day, April 13.

Until a patch is available, Microsoft has recommended that users modify access to the "iepeers.dll," disable scripting and enabling DEP (data execution prevention). Users can also upgrade Internet Explorer to IE8 , which does not contain the bug.

Virus Update from Symantec

MP3

Bloodhound.PDF.22 is a heuristic detection for potentially malicious files, which may exploit vulnerabilities in Adobe Acrobat or Adobe Reader in order to perform further malicious actions.



JS.Sykipot is a Trojan horse that exploits the Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability (BID 38615) in order to download Backdoor.Sykipot on to the compromised computer.



Trojan.Pidief.I is a Trojan horse that exploits the Adobe Acrobat and Reader CVE-2010-0188 Unspecified Remote Code Execution Vulnerability in order to drop additional malware on to the compromised computer.



Bloodhound.Exploit.321 is a heuristic detection for potentially malicious files that may exploit the Microsoft Excel MDXSET Record Remote Heap Buffer Overflow Vulnerability (BID 38552) in order to perform further malicious actions.



Bloodhound.Exploit.320 is a heuristic detection for potentially malicious files that may exploit the Microsoft Excel MDXTUPLE Record Remote Heap Buffer Overflow Vulnerability (BID 38551) in order to perform further malicious actions.



Bloodhound.Exploit.318 is a heuristic detection for potentially malicious files that may exploit the Microsoft Excel DbOrParamQry Record Remote Code Execution Vulnerability (BID 38555) in order to perform further malicious actions.



Bloodhound.Exploit.317 is a heuristic detection for potentially malicious files that may exploit the Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability (BID 38553) in order to perform further malicious actions.