Mar
10
Posted by ssawda
Google Says Goodbye to API Keys with New Geocoding API
Google has released a new geocoding web service that is sure to bring a smile to map mashup developers working with the Google Maps API. Announced this week on the Google Geo Developers Blog, version 3 of the popular geocoding web service has been released, with several improvements and new features that will make it easier geolocate addresses. The new geocoding web service shares many of the geocoding improvements included with v3 of the Google Maps API:
- A flatter response format for address components that is easier to parse
- The ability to tag an address component with multiple types
- Both full names and abbreviations for countries and states
- Differentiation between rooftop and interpolated geocoder results
- Both the bounding box and recommended viewport for each result
As with the previous version (which is now deprecated), the new version of the geocoding web service supports reverse geocoding and it provides a RESTful API that returns results in either JSON or XML. The latest set of documentation includes additional discussion of the address component types and feature geometries returned with each result. Note that in contrast to the v2 service, the new geocoding service does not provide an accuracy “score” attribute, but rather results with a set of address components (e.g., intersection, postal code, etc.) and a location type for the feature geometry that indicates the accuracy and precision (e.g., rooftop, range interpolated, geometric center, etc.).
Perhaps one of the most exciting new features is the elimination of the need to use an API key to issue requests to the geocoding service (although URL signing is required for Maps API Premiere customers). In lieu of the API key requirement, new geocoding request limits are also in effect, with a 2,500 daily request limit per IP address. If you’re unsure about the best approach to using client-side versus server-side geocoding Mano Marks has a recent post that outlines some good strategies.
This is a nice and worthwhile improvement to a valuable web service that map mashup developers have come to rely on for a variety of needs. We’re looking forward to seeing how developers leverage the new service for the thousands of map mashups out there that use the Google Maps API.
Jan
27
Posted by ssawda
Servers and Storage
Three Silicon Valley companies - Cisco, NetApp, and VMWare - joined forces to offer “new design architectures that help customers evolve virtualized data centers to be more efficient, dynamic and secure.”
The idea is to enhance security by isolating specific IT apps and data for different clients or business units that share a common IT infrastructure. If the virtual data center can operate more efficiently with a eye on security, companies may be more likely to move deeper into the virtual data center.
In a statement, VMWare CEO Paul Maritz, explains it this way:
Virtualization of the network, server and storage infrastructure is radically reshaping today’s data center. The dynamic data center built on VMware vSphere, along with Cisco and NetApp technologies, will provide the foundation for both private and public clouds and the ability to move data and applications between these clouds. A shared virtual infrastructure requires that resources for different tenants are isolated while delivering on promised service levels. We have integrated our technology with Cisco and NetApp not only to accelerate our customers’ journey through their data center transition, but also to deliver an outstanding customer experience.
As part of the collaborative effort, the companies also introduced a global, 24-hour cooperative support system.
Jan
20
Posted by ssawda
With world governments
advising citizens to switch from Internet Explorer to alternative browsers, and an
unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in their browser. Easiest way to do it, apparently, is saying that other browsers are even worse than IE.
Microsoft’s UK security chief Cliff Evans told Techradar that “The net effect of switching [from IE] is that you will end up on less secure browser,” and that “the risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.”
Evans then downplays the seriousness of this problem. “The reality of the risk is minimal, even if you have IE6; you would have to go to a website running the exploit,” he says. Even if we disregard the fact that many very serious browser vulnerabilities work in that way – e.g. you have to visit a website running an exploit to be affected – there’s still the fact that this particular vulnerability isn’t just lab-tested, it’s been successfully used on unsuspecting victims in the real world. This alone makes it as serious as security holes go.
Evans continues to undermine the security record of other browsers. “There are broader risks and issues with other browsers,” he claims, at the same time admitting that the IE vulnerability that caused this entire mess probably isn’t present with other browsers. “I’m not aware that the vulnerability exists in other products, but those products may have other vulnerabilities,” he says.
While one can say that absolutely no piece of software is ever completely secure, this logic is flawed. Microsoft’s IE has a serious, unpatched security vulnerability, and pointing to possible holes that other browsers may or may not have won’t make it go away.
Jan
20
Posted by ssawda
Dan Worth,
V3.co.uk, Tuesday 19 January 2010 at 11:51:00
Arbor Networks report warns of sophisticated DDoS attacks against services and apps
The number one problem facing carriers and their customers over the coming year will be botnet-driven distributed denial-of-service (DDoS) attacks, according to Arbor Networks’ fifth annual security report.Arbor surveyed 132 large IP network operators globally, and found that more than a third of respondents believe that sophisticated DDoS attacks against services and applications will be the biggest threat in 2010, replacing large-scale botnet-enabled attacks.
There was also a reported rise in the size of DDoS attacks to a high of 49Gbit/s, up from 40Gbit/s in 2007, although this was a slow down in growth compared to recent years.
James Clegg, regional director for northern Europe at Arbor, warned that, although the attacks have slowed down, they are becoming more intelligent.
“Because DDoS attacks are now targeted at specific areas of web sites rather than the entire site, the speed of the attacks has not increased as dramatically because the more defined nature of the attacks means that speed is not as important,” he said.
Clegg also argued that the rise in cloud-based attacks shows that firms must be more aware of security measures given the open nature of cloud services.
“With applications on cloud services, any security breaches are visible for all to see so businesses can no longer attempt to cover up any hacks. We’ve seen attacks like this take on a political nature recently, such as on Twitter or the Estonian and Georgian attacks of 2007,” he said.
The report also uncovered grave concerns about the move from IPv4 to IPv6. Many companies are worried that a “perfect storm” is arising because they are not ready for the move, and admit to a lack of testing and deployment experience that could lead to vulnerabilities.
Others complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure.
The findings will be backed up by a warning from the Number Resource Organisation today that IPv4 addresses will be exhausted within two years.
Many firms also said that several non-technical obstacles, such as a lack of skilled resources, management understanding and clearly-defined operational responsibilities, are preventing them from better managing threats.
Jan
20
Posted by ssawda
Daniel Robinson,
V3.co.uk, Tuesday 19 January 2010 at 11:59:00
Open Mobile Platform can pick the most cost-effective connection for mobile users
Mobile access firm iPass has introduced a major overhaul of its service with the goal of cutting costs and giving enterprise customers greater flexibility in the communications services they use.
The new platform is also designed to make it simpler for end users to get connected while on the move, according to the firm.
Available immediately, the iPass Open Mobile Platform gives customers greater freedom to choose which networks they wish mobile staff to use, doing deals with local carriers, for example, rather than buying into global access through a single provider or relying on networks already affiliated with iPass.
“We’re giving enterprises the tools for carrier independence, so they can decrease connection costs. At the same time we’re bringing down user support costs, making it simpler for users to get connected,” said iPass senior product marketing manager Matt Cooke.
The Open Mobile Platform is a cloud-based service with access via a portal for administrators to apply policy controls, as well as analysis on mobile network usage in order to hone those policies in the future.
“Customers have told us that things are chaotic, with employees buying their own 3G adapters and devices and enterprises struggling to manage. At the same time, workers are using the virtual private network less as more use is being made of cloud-based resources,” said Cooke.
Because the iPass service has always used a software client on each endpoint, the company is “uniquely placed to help”, according to Cooke.
The lightweight Open Mobile Connect client will make life easier for workers by automatically selecting the best available connection based on policy rules set by the IT department, and the most cost-effective connection.
“Open Mobile Connect will characterise all networks to make a decision, and it will also walk you through connecting to a public hotspot if you need to enter a key or buy a voucher,” said Cooke.
However, while iPass is positioning its client as the mobile connection manager of choice, it will “play nicely” with other connection managers, such as those supplied with 3G modems by mobile operators, applying security policies to ensure that the endpoint protection is up to date.
Licensing for the new iPass service is on a per-active user basis, and costs “just a few dollars per seat”, according to Cooke.
“But the real value of the service is how much it saves you on network usage costs,” he added.
Existing customers will given a migration path to the new platform, iPass said.
Jan
20
Posted by ssawda
Having previously crunched the numbers on smartphone features and cost of ownership, service comparison site BillShrink now offers an informative infographic showing the costs of every carrier’s 500, 1000, and unlimited minute plans, with and without texting and data.
BillShrink’s chart shows the cost per month of having a standard cell or smartphone on Verizon, Sprint, AT&T, or T-Mobile, in the average plan divisions, with extras like a messaging plan and basic or smartphone data. It’s really helpful, but there’s a caveat—no contract purchase is ever a straightforward process. One-time deals, promotions, and slight variations offered on each plan make this chart more of a starting point for your shopping, not a final word.
Here’s the full-size chart. Click on the link at bottom for a full-size download version and BillShrink’s further notes on the real costs of cellular contracts.
Cell Phone Plans: The Ultimate Comparison [BillShrink]
Jan
20
Posted by ssawda
After news about the landing of US Airways 1549 in the Hudson first broke on Twitter in January 2009, the microblogging service quickly captured the imagination of a new group of potential users. Throughout the first months of 2009, Twitter grew at a rapid pace, peaking at a growth rate of 13% in March 2009.
Now, however, according to the latest data from HubSpot, Twitter’s growth is slowing dramatically. In October 2009, Twitter’s growth rate had fallen to 3.5%. On a positive note, though, the average active user on Twitter today is more engaged than six months ago.
Most Twitter users, however - even if they are now more engaged on average - still have fewer than 100 followers. Only 18% of all Twitter users have more than 100 followers. A total of 81% of all users are currently also following less than 100 people. Just 6 months ago, the average user was just following around 40 accounts.
HubSpot’s analysis also shows that more Twitter users now include bios (54%), links (65%) and location data (41%) in their profiles.
International Footprint Increases
As we pointed out earlier this month, social media analytics firm Sysomos also noted that most of Twitter’s growth is currently happening internationally. According to HubSpot’s analysis of over 5 million Twitter accounts, 40% of the top 20 Twitter locations are now outside of North America. In July 2009, only 15% were from outside North America.
For Twitter, this means that its current user base is making better use of the service, but the company also has to worry that its growth is slowing down. Maybe some of the earlier high growth rates were inflated by spam accounts, but a 3.5% growth rate is very low and the overall trend is only pointing down at this time.
Jan
20
Posted by ssawda
Everyone is trying to come up with the next generation cool gadget but most doesn’t even come close to the success of the most sought after gadgets. Searches goes beyond the material boundaries and some companies even spend silly amounts of money trying to incorporate the phone into our very own biological protection layer, the skin. There is a lot of speculation going on where things might be heading in the year of 2010 but it’s really anyones guess what will make us all greed over having it.
Some suggest that the “Palm Phone” (striking sounding like the Palm Pilot, however this really means it) will be the next phone that everyone will use. It’s a wearable wrist phone that easily can be twisted into a palm projected dial pad on which you can maneuver the many features of the phone. I am sure that there’s even going to be a video mode on the phone which somewhat brings it to sound like something straight taken from Star Trek.
However, I think we have a long way to go in order to be able to accept such a concept. We’re far too used to the touchscreen and the many applications that can be utilized with it to step back and get half the features just in order to have it projected and worn on our wrists. But this again only my own suggestions and ideas. With a bit of development maybe this could be something cool and unusual but that’s really up to some heavy guessing. At the present time this is of course only a concept and there’s no telling if it will ever be realized.
Jan
18
Posted by ssawda
Abstract
This article describes the concept of (abstract) Contract Exchange, and then discusses the OpenID Binding and Use of the Contracts as Access Tokens. At the end, it also provides a mapping table to User Managed Access (UMA) Terminologies.
About Contract Exchange
Contract Exchange (CX) is a protocol to exchange the signed contract dynamically among the entities in the network. It uses Public Key based signature, so it achieves certain degree of the non-repudiation and ability to prove. Thus, e-commerce etc. should benefit from it. In addition, since it can capture the purpose of the use, condition of the use, provisioning method etc. for the data/attributes, it can be used to achieve the server to server exchange of the data.
Draft OpenID CX is a binding of this Contract Exchange onto OpenID. It takes a form of OpenID Extension. Thus, it can be used over the existing OpenID Authentication 2.0, which is a GET/POST binding, as well as over the artifact binding which has been discussed since last fall. For the exchange of the proposal and contract etc., it is also using Attribute Exchange 1.1 Draft.
Basic Flow of the CX.
The basic flow of the CX has the following flow. Note that this is before binding it to a specific underlying protocol.
In the below, AM stands for Authorization Manager, SP for Service Provider.
1. (SP finds Proposal Template from XRD/S of the AM)
2. SP obtains the proposal Template from the AM.
3. SP specifies the variables in the Proposal Template to create a Proposal.
4. SP signs the Proposal to create a Signed Proposal.
5. SP sends the Signed Proposal to the AM.
6. AM shows the conditions to the user and obtains the authorization.
7. If OK, the AM counter-signs the proposal to create a Contract.
8. AM saves the Contract and sends a copy to the SP.
9. SP uses the Contract to obtain data etc. and provides service to the user.
The service does not necessarily require data transfer. It may even not a service over the network.
However, it is expected that in majority of the cases, it will be a network based service that requires some data transfer.
Under such circumstances, some data transfer protocol needs to be defined in the contract. e.g., OpenID AX, OAuth, Wrap “API Calls”.)
Characteristics of the CX Template
CX Templates has several unique features.
- XML is the default format.
- The template has to have a URL of the form http://uri_of_contract_template#digest_algorithm:digest, so if the template is changed, the url will also change.
- Anyone can create a template, but since AM is the party that knows what data is available as well as the party which creates the permission page, AM seems to be the natural place.
- As the result of the Hashed URL, template cannot be edited. Thus, we have to use variables to express the portion which is given from the outside.
- Template variables are expressed in the form of {{variable_name}}. As the variable name, xs:id of the XML element is used, and the value will be the inner text of the Element.
Characteristics of the CX Contract
- There can be as many parties as one wants. That is, we can express n-party contract. Each Party has Obligations.
- A Contract includes the public key of the each Parties. These can be used for the signature verification and data encryption.
- A Contract includes a TemplteURL and a Template. Ops and RPs can use this TemplateURL to figure out what kind of template it is.
- Obligation can be written in the Contract. This includes the price and damage limit.
- As a default data request method, AX Request is supported. Other format can be defined.
- Signature is done by XML Signature. Canonicalization is Exclusive Canonicalization. Since it is using the Digital Signature, the ability to proof is high even outside the system.
OpenID GET/POST Binding
CX can be bound to OpenID through GET/POST Binding and Artifact Binding. For the purpose of this article, which binding to use is a non-issue, so I am using simpler GET/POST binding flow.
In the next diagram I am using OP (OpenID Provider) instead of AM and RP (Replying Party) instead of SP to match the OpenID terminology. In addition, UA stands for User-Agent (e.g., Web Browser).
Fig 1: OpenID GET/POST Binding Sequence
Data Transfer using CX
In the use case that transfers data, CX Contract can be used as either the holder-of-key or bearer access token by the RP. Alternatively, if the Data Provider has the copy of the contract, then ContractID can be used as a bearer token. (In general, AM and DP are different, so the later cannot be assumed in every case.) Using such Tokens, server to server data transfer can be achieved. Data Provider (DP) checks the authenticity of the contract and then creates a dataset and encrypts it with the public key in the Contract and provides it to the requestor. Since it is encrypted by the public key of the intended recipient, it cannot be read by somebody else.
Fig 2: Data Transfer sequence when Contract was used as a Bearer Token
Appendix 1: Mapping to UMA terminology
| This Article |
UMA (User Managed Access) |
| AM |
AM |
| SP |
Host |
| DP |
Protected Resource |
| UA |
Requestor |
| User |
Authorizing User |
Jan
18
Posted by ssawda
Last week in our Mobile Web Meets Internet of Things series, we looked at barcode scanning and RFID in the next generation iPhone. We expect to see Apple and Android battling it out for both barcode and RFID supremacy this year.
Another key technology in the Internet of Things - where everyday objects are endowed with Internet connectivity - is sensors. In fact we’ve seen the most activity so far in the Internet of Things from sensor data. So in this post we explore how mobile phones and sensors are mixing; and what to expect in 2010.
RWW’s Mobile Web Meets Internet of Things Series:
Last year we wrote a lot about sensors and discovered that there are two common scenarios for sensors + mobile phones:
1) Everyday objects with sensors pumping out data on things like temperature, noise and activity; the mobile phone reads and analyzes this data.
2) The phone is used as a sensor itself. For example the iPhone has a built-in accelerometer, which is basically a motion detector.
This is used for game control and also for re-sizing your iPhone display from portrait to landscape. The iPhone also has a microphone (which can be used as a noise sensor), a proximity sensor, and an ambient light sensor.
iPhone as Sensor
A good example of scenario 2 is WideNoise, an iPhone application that samples decibel noise levels and displays the data on an interactive map. WideNoise is essentially a sound sensor, using the iPhone’s microphone.
You can take a sound reading on WideNoise and, if you so desire, share that with the community. I must admit that I haven’t found too much practical use for this app yet. However one of the use cases cited is checking it when house-hunting, to assess the average noise levels of the neighborhood. It’s one of those apps that will become more useful the more data is added to it by the community - but we all know that’s a hard thing to achieve for a young startup.
Mobile Phones Reading Sensor Data
Sensors are rapidly growing as a source of data on the Web. A corollary is that sensor networks are an enormous opportunity for some of the big tech companies. In November we wrote about HP’s CeNSE project, which aims to be a “Central Nervous System for the Earth.” CeNSE is a research and development program to build a planetwide sensing network, using billions of what HP calls “tiny, cheap, tough and exquisitely sensitive detectors.”
According to HP Labs, CeNSE sensors will enable real-time data collection, analysis and better decision making. And what will be a key tool for doing all of that? You guessed it, the mobile phone. Imagine for example getting a real-time update of traffic conditions on your mobile phone, via sensors on a major stretch of highway.
Those are the two main ways that sensors and mobile phones are mixing currently. Let us know in the comments if you have a favorite mobile phone app that outputs or inputs sensor data. Also please share other use cases.
Image credits: seizethedave; raneko
