Ajax Girl

After the recent outbreak of a worm that hacked user Facebook accounts and disseminated through users contacts, Facebook responded with a post with advice to users on general tips about web security. Facebook head of security Max Kelly, a former FBI computer forensics examiner, wrote a blog post with advice to Facebook users including:

As a Facebook user you can help us protect you by doing the following things:

* Report any spam message or posting you see. The more reports we get, the easier it is for us to respond decisively.

* Never share your Facebook password with anyone. Never. No Facebook employee will ever ask for it, and no one else should know it. If you are ever prompted to log in to Facebook, make sure it’s from a legitimate Facebook web address. If something looks or feels off, go directly to www.facebook.com to log in.

Never entering your credentials on a non-Facebook site is very good advice, which most users should know by now and should adhere to. The problem is that Facebook do not seem to support these same principals when it comes to a users credentials from other sites, such as a users Google username and password, which Facebook requests when a user imports their contacts. The screenshot below is from Facebook, its the feature where a user can login to their Google, Hotmail or Yahoo account, from within the Facebook site, to retrieve their contacts.

This very feature directly contravenes what Facebook has stated in its own good security advice. While the message below the box does state that they do not store passwords, the point is more that the practice of users directly entering credentials from another site is a very poor design decision and generally very poor practice. Each one of the sites that Facebook integrates with supports oAuth or a similar authentication protocol that does not require the user to enter both their username and password. Better yet, most of those services also provide an API where the user can grant permission to Facebook to only access their address book, and not their whole email and certainly not every other service tied into it.

The Facebook security team have stated what is good practice on their blog, perhaps its time for them to direct their energies internally and evangelize support for oAuth and other open data formats as both a more secure and conveniant mechanism for data exchange.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: TechCrunch
Original Article: http://feedproxy.google.com/~r/Techcrunch/~3/mZ6BBZ52vaA/

Facebook may be the king of the Silicon Valley crowd, but Paris Hilton apparently prefers MySpace. 42 year old MySpace cofounder and CEO Chris DeWolfe has been dating 27 year old Paris Hilton for at least a few weeks, sources close to the company confirm. We first got wind of this when we saw DeWolfe in a random video clip with Hilton from last month (see below). He’s also been throwing parties in the Hamptons, and Hilton has been at all of them.

Now we’ve got a source in New York that’s confirming the two are dating. DeWolfe is hosting yet another party tonight in the Hamptons, and Hilton will reportedly be there as his date.

This is a brilliant marketing move for MySpace (or for Hilton?). Or maybe they actually like each other. All we’ve confirmed is that they are definitely dating.

As far as we can tell DeWolfe still has a wife (but is reportedly separated) and Hilton still has an official boyfriend, but whatever, this is Hollywood. Best of luck to both of them.

var x17video_id = “philton071508.mp4″;

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: TechCrunch
Original Article: http://feedproxy.google.com/~r/Techcrunch/~3/pMwu35p75lo/

All of a sudden, Yahoo and Google want to make it easy for you to opt out of their ad targeting on both their sites and across the Web. Yahoo announced a new one-click opt-out policy today, and Google made it possible to opt out of both Google and Doubleclick ad targeting with one click yesterday.

At least Yahoo was honest enough to come out and say that the new policy was a direct response to Congressional scrutiny over the intrusiveness of online advertising and behavioral targeting. Google’s announcement was buried in a blog post about Doubleclick cookies.

The truth is that both Yahoo and Google would rather take symbolic action themselves than be forced to take a more draconian one later. Who’s going to bother to opt out of ad targeting? Some people will, but the vast majority of people probably won’t. What would really mess up Yahoo’s and Google’s advertising ROIs is if Congress mandated that ad-targeting (via cookies) be opt-in. They’d surely get even fewer people opting in for those cookies than they will now get opting out. I know I’m too lazy to do either.

But if you don’t want those cookies, you can decline Yahoo’s here and Google’s here

(Flickr photo by scubadive67).

.

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

Source: TechCrunch
Original Article: http://feedproxy.google.com/~r/Techcrunch/~3/FkLIsaGxvsk/

We’re hearing reports that Propeller, the Digg-like news site that was once Netscape.com, has been holding a severe round of layoffs that is reducing its workforce to only a fraction of its former size only two weeks after relaunching the site. It seems that most of the cuts consist of Propeller’s Scouts and Anchors - paid employees who actively monitor the site to pick out the best stories and ensure quality control of user submitted content.

According to our tipster these layoffs have been long expected - it was simply a matter of when. AOL’s budget cuts have extended to Propeller, and rather than reduce the pay rate of management, Propeller has simply downsized its more expendable content control team.

Propeller uses this team to differentiate itself from Digg, which doesn’t advertise an active role in the editorial process and tends to sometimes display stories of lackluster quality. The budget cuts may save money in the short term, but in downsizing its editorial team, Propeller is making itself into even more of a Digg clone.

Propeller has had a tumultuous history. AOL initially launched the site as a “Digg killer” at Netscape.com in June 2006. A little over a year later, there were rumors that the site was being shut down in part because of domain disputes. The site was finally moved to Propeller.com in September 2007.

Update: Ryan Budke, Propeller’s Program Manager, responds in the comments:

“Well, as Propeller’s Programming Manager and the one who runs the aforementioned Scout team, I can say these reports are being blown a little out of proportion. We did let a few Scouts go, but it was 4 out of about 35, so that fraction we were reduced to is roughly 9/10ths.”

Budke also says that while the Anchor team has been substantially downsized (only about 2 people are currently working full time as Anchors), this was a result of gradual attrition, not because of budget cuts.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: TechCrunch
Original Article: http://feedproxy.google.com/~r/Techcrunch/~3/149oFSFEgKs/

Welcome to the inaugural episode of a new podcast to cover news, happenings, and our opinions on the Open Web (download the Open Web Podcast episode one directly or subscribe to it). When I say “our” I am talking about the founding podcasters: Alex Russell, John Resig, and myself. It is a pleasure to be able to share air time with two of the real leaders of the Open Web, and specifically the Ajax space thanks to Dojo and jQuery.

What is the state of the Open Web?

That is how we started out the podcast, and we got to see very different opinions. John discusses the decentralization and new openness that we see across the Web. Alex was a little more wary, and talks about how he wants the Open Web to progress faster. He noted that a lot of the good work has been a little away from the client, and instead in the area of identity, transport, and formats.

We then move on to HTML 5, where we discuss items in Mark Pilgrim’s This Week in HTML 5 piece including Web Workers (think: Gears Workers), and the clarification of alt tag usage in the img tag to have you using alt="{diagram}" and the like.

We have a detailed chat about Web Workers, and where we see them being useful. John talks about issues around not being able to talk to the DOM, Alex talks about mashups, and I talk about some tests showing how they can help performance in a few areas. Matthew Russell did a demo using the Dojo 2d code at OSCON, and showed how he doubled the performance by pushing out computation into a Worker. John also talked about a special case for passing DOM fragments or the like to a Worker with special serialization. Of course, security is a concern for all of this.

John brought up the new data- embedding tactic that showed up in the HTML 5 spec. A conversation ensued around how you should separate your data from presentation. Is the DOM there to store data? Isn’t it a good place to keep it? Is “data-” just too long?

It is exciting to think that the W3C Selectors API will soon be implemented in Firefox 3.1, Safari 3, IE 8, and probably Opera 10. That seemed to happen pretty quickly. John and Alex talk about how this is going to mean a lot of chopping code from their frameworks, the increase in performance, and the subtle differences between the spec and how they were doing things.

The discussion leads to a new feature, named scoped CSS, that allows you to say “this CSS only works over here.” This could be huge, especially if you have an application such as a CMS, where people upload their own content that can mess with your application structure itself.

Next, we delve into the world of Firebug. John talks about how Firebug development is being bootstrapped by Mozilla and other contributors, and he discusses the upcoming versions and what you can expect. Stability and performance are top of the list. Don’t forget the Firebug Lite improvements too, which mean that you get more than just console to play with in non-Firefox browsers. I just posted the notes on that meeting, kindly taken by Steve Souders.

We talked about the Open Web Foundation, and Alex discussed what he would like to see come of it. He is optimistic, and thinks that the real test will be if we see the incubation of projects that really push the Web on the client side, as well as the identity side.

Finally, there is news in the Dojo community and Alex spills the beans. After over 4 years of service, Alex is stepping down as the project lead of Dojo, and handing over the reins to Peter Higgins who has shown great chops as both a commiter and an external leader. We wish Pete the best of luck! Alex isn’t sneaking off into the sunset though, as he talks about in his post on the subject, he will see be an active member of the Dojo community for a long time to come.

Finally, thanks again to John and Alex for taking the time to start this up with me. Please let us know what you think, and what you would like us to talk about.

Source: Ajaxian » Front Page
Original Article: http://feeds.feedburner.com/~r/ajaxian/~3/359779161/open-web-podcast-episode-1-html-5-news-web-workers-w3c-selectors-and-dojo-happenings

Stitcher, the personalized streaming radio service, is releasing its native iPhone application in a limited private beta. The first 100 TechCrunch readers to submit their email addresses here will be eligible to participate. Note that you’ll have to submit your iPhone’s serial number, which is required by Apple’s Ad Hoc beta program (as is the 100 user limit).

Stitcher can best be described as Pandora for everything but music, allowing users to compile a playlist of audio feeds from hundreds of sources, including news sites and radio stations. The site also employs a small team to read popular blogs and websites aloud so you can listen to them on the go.

When I first covered Stitcher in May, I wrote that the site’s mobile service had a lot of potential, but that its iPhone web app was slow and clunky (which was more an issue with Mobile Safari than Stitcher).

The demo video below shows that Stitcher’s native app has resolved these issues - there’s no longer any lag when switching stations, and the interface is much cleaner and more intuitive. Once it launches on the App Store, Stitcher will see no shortage of competition from other audio streaming apps including Pandora (one of the most popular apps in the store), AOL Radio, and a number of others.

You can see a demo of the app below. Note that Stitcher is a work in progress, and that the team is still making improvements as it builds up to public release:

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: TechCrunch
Original Article: http://feedproxy.google.com/~r/Techcrunch/~3/AbBFLT4BE1Y/

As much as I respect Apple, Unslow, one of their new iPhone 3G television ads, has me wondering how they kept a straight face when they put this on the air. Try to follow along with your own iPhone 3G:

Web pages load immediately. GPS picks up instantly. Files download about 3x faster than I’ve ever seen a file download — even over wi-fi. I don’t think standing on top of a 3G tower antenna would even deliver such an experience.

This ad borders on bait-and-switch and it’s disappointing to see Apple go there. If the ad wasn’t about speed it might be a different story. If they were just showing off as many features as they could in a 30 second spot it would be understandable. If they exercised poetic license and cut out a few frames to make a different point we’d understand.

But Unslow is about selling speed. Speed that isn’t for sale at any price. It sets the wrong expectations. It leads to a disconnect between the iPhone in the guy’s hand on TV and the iPhone in your hand. When they don’t deliver what they demonstrate people end up disappointed.

Source: Signal vs. Noise
Original Article: http://www.37signals.com/svn/posts/1190-sour-apple-how-an-apple-ad-sets-the-wrong-expectations

AppleInsider has posted details about a patent recently filed by Apple that describes technology for playing iTunes content from a desktop computer remotely on an iPhone or iPod touch.

The new software would load only meta data about songs, videos, and other media onto a handheld device. It would then allow users to stream this media from their desktop computers on demand and even let them organize their iTunes libraries remotely (by adding, deleting, and moving files around). The main benefits come from saving space on your handheld device, where disk storage is scarce, as well as saving the time it takes to synchronize.

There’s been no official word from Apple on when or whether it plans to release this technology (it files patents all the time that go nowhere). But such a development could be seen as one step towards a streaming music service like Rhapsody or Napster, which have operated in stark contrast to Apple’s download model. However, the patent does not suggest that Apple plans to stream data from its own servers - just consumers’ own desktop computers, where they keep the music they have downloaded.

Apple could also be understood to be taking on at least one facet of Microsoft Mesh, which promises to make consumers’ personal files available to them on whichever device they use. Of course, MobileMe already goes to show that Apple has data synchronization on its mind - but perhaps there’s a broader trend here as well.

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

Source: TechCrunch
Original Article: http://feedproxy.google.com/~r/Techcrunch/~3/IL9OcPuYXLA/

Steve Souders hosted the Firebug Working Group meeting at Google last week, and after seeing how detailed his notes are I wish I could hire him as my personal assistant

Highlights

Firebug 1.2 is nearing final beta. After testing it’ll be promoted to stable. The main focus for the next release is going to be performance, stability, and testing. Some new features are on the todo list, such as adding new CSS rules, viewing bound DOM event handlers, and exporting CSS changes. More details are available in my notes from the meeting. It’s very exciting to have Mozilla more involved, and bodes well for the future of Firebug.

Source: Ajaxian » Front Page
Original Article: http://feeds.feedburner.com/~r/ajaxian/~3/359626409/firebug-working-group-meetup

Dmitry Baranovskiy of Atlassian has created Raphaël “a small JavaScript library that should simplify your work with vector graphics on the web. In case you want to create your own specific chart or image crop-n-rotate widget, you can simply achieve it with this library.”

Raphaël uses SVG and VML as a base for graphics creation. Because of that every created object is a DOM object so you can attach JavScript event handlers or modify objects later. Raphaël’s goal is to provide an adapter that will make drawing cross-browser and easy. Currently library supports Firefox 3.0+, Safari 3.0+, Opera 9.5+ and Internet Explorer 6.0+.

The API looks like this:

Check out demos showing reflection, image rotation, and text rotation.

Here is the reflection:

done via:

(via Charles Miller)

Source: Ajaxian » Front Page
Original Article: http://feeds.feedburner.com/~r/ajaxian/~3/359434674/raphael-simple-graphics-wrapper-on-top-of-svg-and-vml