Shreeraj Shah writes about the potential security risks as more and more financial institutions turn towards Web 2.0
Financial services are tuning into Web 2.0 but are simultaneously exposing their systems to next generation threats such as Cross site Scripting (XSS), Cross Site Request Forgery (CSRF) and Application interconnection issues due to SOA.
Mary Jo Foley writes about the new tool that is brewing inside our “friends” at Redmond.
That tool — now code-named “Springfield,” according to one source — is similar in concept to the recently introduced Yahoo Pipes composite-mashup tool introduced by Yahoo in February. Pipes provides a graphical-user-interace-based interface for building applications that aggregate Web feeds and other Web services.
While talking about the importance of metadata in Joost, Janko Roettgers quotes a comment explaining how meta data will reshape the way we watch television
“Imagine watching a show like Heroes once, and then watching it again with comments turned on to see what other people caught that you missed.”
He also offers some insights about what a meta data driven television programming can offer
Imagine a personalized TV channel that only serves you shows your friends are literally talking about. Or think about the way this could transform programming itself. What if the Lost folks didn’t do their next Alternative Reality Game on the web, but in Joost itself, allowing you to collaborate with your friends and collect clues while watching the show?
Nitesh Dhanjani writes about the Twitter and Jott vulnerability
Both Twitter and Jott authenticate users by their phone number. Twitter does this by validating users based upon the source of SMS messages sent to the phone number 40404 (US), and Jott does this by trusting the incoming Caller ID when someone calls 877-568-848. From a security perspective this means the following:
* Anyone who knows your phone number can update your Twitter page by spoofing a SMS message, i.e. post a Twitter entry as you.
* Anyone who knows your phone number can spoof his or her caller ID to send a Jott message as you.
Ted has this rant against the so called Web 2.0 applications. His post is more of a rant than an objective analysis. However, he does makes a valid point about what is wrong with all these Web 2.0 applications. Some of them are poorly written code that bloats up on continuous usage. I have got my browser crashing in Web 2.0 era many times than in any previous web eras!! I hope Web 2.0 entrepreneurs and developers take this important criticism from the otherwise negative rant and get serious about it. Probably it is time they organize Web 2.0 developers conference than Web 2.0 conferences for entrepreneurs. In fact, there is another area where Web 2.0 could be on a potential minefield. It is the Web 2.0 security. I wonder how many Web 2.0 entrepreneurs give necessary importance to the security side of the web applications.
If you’re signed into Meebo, take one of your IM windows and drag it around a bit. On my dual-core, 3.4GHz workstation, this uses 90% CPU time. However, if I take the whole Firefox window and drag it around the screen, Firefox uses about 11% CPU and XOrg uses another 20%. A pegged CPU will draw more power, which uses more electricity, which requires more electricity to be generated, which, given the division of power generation in the United States, causes more carbon dioxide to be emitted into the atmosphere. So there you have it, by not caring about resource consumption, Meebo is destroying the environment and perpetuating global warming. My grandkids will thank you, Meebo.
Mozilla Labs announces The Coop, a built in social networking option for Mozilla browsers. The following overview about The Coop is offered by Mozilla foundation
The Coop will let users keep track of what their friends are doing online, and share new and interesting content with one or more of those friends. It will integrate with popular web services, using their existing data feeds as a transport mechanism.
Users will see their friends’ faces, and by clicking on them will be able to get a list of that person’s recently added Flickr photos, favourite YouTube videos, tagged websites, composed blog posts, updated Facebook status, etc. If a user wants to share something with a friend, they simply drag that thing onto their friend’s face. When they receive something from a friend, that friend’s face glows to get the user’s attention.
This, when fully implemented, will blow a death knell on the social browser flock and bring in more people out from the IE fold (unless Microsoft acts fast and integrates live services tightly into IE browser).
I am pretty excited at the way Mozilla team is taking their original goal of making Mozilla browsers a platform for web based services than simple browsing tool. Add Semantic Web support to this, we have a futuristic application here.
Here you can see Tim Berners-Lee, father of WWW, talk about the importance of Semantic Web.
Talking at Future of Web Apps conference, Kevin Rose announced that Digg is going to support OpenID. He seems to have claimed that they are thinking about it for quite sometime now. It is pretty exciting to see OpenID taking off in such a big way.
Mike Butcher warns us about the system and bandwidth resource usage of a Joost component
The result of this is that even if you aren’t running Joost “full blown” and instead leaving it in “standby” mode, unlike Skype, you are still sharing your bandwidth and eating up your system resources. Windows showed tvprunner.exe using about 165,000K of memory! That’s 165 megabytes. This can be turned off through “Preferences” settings, so technically it’s not something malicious from Joost, but the default is switched to “on” making it a somewhat self-serving move by Joost.
An excellent article on Yahoo Pipes by Alex Iskold. Check it out.
