A 'Swift' Kick to the Secure Development Process
Dark Reading (01/18/08) Spande, Nathan
Developers will be able to easily create secure, robust, and high-performance Web applications using a new system called Swift. Developed by a group at Cornell University, Swift allows developers to write code using a variant of Java, applying sensitivity labels to variables. Developers then feed the code into a series of programs that use the labels to determine which code is to reside on the server, on the client, and in both places. The code handles synchronization, and translates the requisite client code into JavaScript. The resulting application will not be as fast as an optimally designed system, but the performance cost should be minimal. Client code is generated using the Google Web Toolkit with fixes transparently adopted by a simple recompilation, and although the code is exposed to any bugs in the toolkit, developers are able to use a suitable client-side framework due to the loose coupling of the front end. Swift was the subject of a paper at the 2007 ACM Symposium on Operating Systems Principles.
Click Here to View Full Article
Friday, January 18, 2008
Wednesday, January 16, 2008
Web: ACM Groups Urge Actions to Broaden Web Accessibility
ACM Groups Urge Actions to Broaden Web Accessibility
AScribe Newswire (01/16/08)
Several ACM Special Interest Groups, along with ACM's U.S. Public Policy Committee, have developed a joint statement to encourage equitable and inclusive Internet access for everyone, including people with disabilities. The groups say that while the Internet has become more critical for a variety of commercial and leisure activities, a majority of private and commercial Web sites have access limitations. The ACM groups have committed themselves to being leaders in the quest for improved access to the Internet and the Web, with the goal of increasing Internet access as a means to attract broader participation of talented people in the global economy. The ACM groups' statement urges increasing awareness of the value of accessibility, new federal policies to increase Web accessibility, continued federal R&D funding for more accessible IT systems, and additional low-cost Web development tools from the IT community. USACM and members of ACM's Special Interest Groups on Accessible Computing (SIGACCESS), Computer-Human Interaction (SIGCHI), and Hypertext, Hypermedia and the Web (SIGWEB) signed the statement, along with the Computer Science Teachers Association, launched by ACM in 2005. "The technical community has the resources to make commercial Web sites accessible without undue regulatory and monetary burdens," says Harry Hochheiser, a member of the USACM Executive Committee and an assistant professor of computer and information sciences at Towson University.
Click Here to View Full Article
AScribe Newswire (01/16/08)
Several ACM Special Interest Groups, along with ACM's U.S. Public Policy Committee, have developed a joint statement to encourage equitable and inclusive Internet access for everyone, including people with disabilities. The groups say that while the Internet has become more critical for a variety of commercial and leisure activities, a majority of private and commercial Web sites have access limitations. The ACM groups have committed themselves to being leaders in the quest for improved access to the Internet and the Web, with the goal of increasing Internet access as a means to attract broader participation of talented people in the global economy. The ACM groups' statement urges increasing awareness of the value of accessibility, new federal policies to increase Web accessibility, continued federal R&D funding for more accessible IT systems, and additional low-cost Web development tools from the IT community. USACM and members of ACM's Special Interest Groups on Accessible Computing (SIGACCESS), Computer-Human Interaction (SIGCHI), and Hypertext, Hypermedia and the Web (SIGWEB) signed the statement, along with the Computer Science Teachers Association, launched by ACM in 2005. "The technical community has the resources to make commercial Web sites accessible without undue regulatory and monetary burdens," says Harry Hochheiser, a member of the USACM Executive Committee and an assistant professor of computer and information sciences at Towson University.
Click Here to View Full Article
Tuesday, January 15, 2008
Security: Who Invented the Firewall? And, what do they think now?
Who Invented the Firewall?
Dark Reading (01/15/08) Higgins, Kelly Jackson
Numerous computer experts can lay claim to inventing the firewall. Nir Zuk says he developed the technology that is used in all firewalls, and David Pensak claims to have built the first commercially successful firewall. William Cheswick and Steven Bellovin wrote a book on firewalls in 1994 at AT&T Bell labs and built a circuit-level gateway and developed packet-filtering technology, though they do not claim to have invented the firewall. Marcus Ranum says his reputation as inventor of the firewall is just a marketing trick and that David Presotto deserves the credit. Regardless, all of these security experts, along with Jeff Mogul, Paul Vixie, Brain Reid, Fred Avolio, Brent Chapman, and others were associated with the development of firewall technology. Gartner's John Pescatore says Cheswick and Bellovin were the fathers of the network firewall concepts, using packet filtering to deny everything except what is explicitly allowed, while Ranum was the father of DEC SEAL, the first firewall product. Today, some of the firewall's creators are no longer big supporters of the technology. Cheswick, a lead member of the technical staff at AT&T Research, says he has not personally used a firewall since the 1990s. "They are an economic solution to weak host security. I want to see stronger host security," says Cheswick, who adds that firewalls still have a place but are simply another network element. Steven Bellovin agrees. "The firewall as Bill and I described it in 1994 in our book is obsolete," says Bellovin, now a professor of computer science at Columbia University. He says having a guard at the front door when there are thousands of backdoors into a network does not work. "I'm not saying get rid of it at the door. It provides a low-grade access control for low-value resources," Bellovin says. "But the real access control [should be] at the host."
Click Here to View Full Article
Dark Reading (01/15/08) Higgins, Kelly Jackson
Numerous computer experts can lay claim to inventing the firewall. Nir Zuk says he developed the technology that is used in all firewalls, and David Pensak claims to have built the first commercially successful firewall. William Cheswick and Steven Bellovin wrote a book on firewalls in 1994 at AT&T Bell labs and built a circuit-level gateway and developed packet-filtering technology, though they do not claim to have invented the firewall. Marcus Ranum says his reputation as inventor of the firewall is just a marketing trick and that David Presotto deserves the credit. Regardless, all of these security experts, along with Jeff Mogul, Paul Vixie, Brain Reid, Fred Avolio, Brent Chapman, and others were associated with the development of firewall technology. Gartner's John Pescatore says Cheswick and Bellovin were the fathers of the network firewall concepts, using packet filtering to deny everything except what is explicitly allowed, while Ranum was the father of DEC SEAL, the first firewall product. Today, some of the firewall's creators are no longer big supporters of the technology. Cheswick, a lead member of the technical staff at AT&T Research, says he has not personally used a firewall since the 1990s. "They are an economic solution to weak host security. I want to see stronger host security," says Cheswick, who adds that firewalls still have a place but are simply another network element. Steven Bellovin agrees. "The firewall as Bill and I described it in 1994 in our book is obsolete," says Bellovin, now a professor of computer science at Columbia University. He says having a guard at the front door when there are thousands of backdoors into a network does not work. "I'm not saying get rid of it at the door. It provides a low-grade access control for low-value resources," Bellovin says. "But the real access control [should be] at the host."
Click Here to View Full Article
Web: Google's Answer to Wikipedia
Google's Answer to Wikipedia
Technology Review (01/15/08) Schrock, Andrew
Google recently announced Knol, an experimental Web site that allows individual authors to create subject pages on topics of interest or expertise. Knol is seen as a response to Wikipedia, but will differ from Wikipedia in that pages will not be open for anyone to contribute to. Knol articles will have individual authors that will list their credentials, including work history, institutional affiliation, along with references to build credibility. Individual topics may have multiple pages by different authors, allowing Web users to read multiple but possible conflicting viewpoints on a subject. Currently, participation in Knol is by invitation only, but Google may eventually make Knol open to the public. "A Knol on a particular topic is meant to be the first thing someone who searches for this topic will want to read," says Google's Udi Manber. Wikipedia's Mark Pellegrini sees several problems with Knol. "I think what will happen is that you'll end up with five or 10 articles," Pellegrini says, "none of which is as comprehensive as if the people who wrote them had worked together on a single article." Pellegrini says Knol authors will tend to link to other articles they have written, but ignore other people's work on the subject, and that Knol articles could end up being less complete than if they were written by a community of authors. However, Google has a major advantage in that it may pay Knol authors if the pages attract a large number of visitors and advertisers are willing to publish ads on Knol pages.
Click Here to View Full Article
Technology Review (01/15/08) Schrock, Andrew
Google recently announced Knol, an experimental Web site that allows individual authors to create subject pages on topics of interest or expertise. Knol is seen as a response to Wikipedia, but will differ from Wikipedia in that pages will not be open for anyone to contribute to. Knol articles will have individual authors that will list their credentials, including work history, institutional affiliation, along with references to build credibility. Individual topics may have multiple pages by different authors, allowing Web users to read multiple but possible conflicting viewpoints on a subject. Currently, participation in Knol is by invitation only, but Google may eventually make Knol open to the public. "A Knol on a particular topic is meant to be the first thing someone who searches for this topic will want to read," says Google's Udi Manber. Wikipedia's Mark Pellegrini sees several problems with Knol. "I think what will happen is that you'll end up with five or 10 articles," Pellegrini says, "none of which is as comprehensive as if the people who wrote them had worked together on a single article." Pellegrini says Knol authors will tend to link to other articles they have written, but ignore other people's work on the subject, and that Knol articles could end up being less complete than if they were written by a community of authors. However, Google has a major advantage in that it may pay Knol authors if the pages attract a large number of visitors and advertisers are willing to publish ads on Knol pages.
Click Here to View Full Article
Monday, January 7, 2008
Research: New Threshold for Network Use; Limited Path Percolation
New Threshold for Network Use
Government Computer News (01/07/08) Vol. 27, No. 1, Jackson, Joab
Traditional percolation theory holds that a network is considered functional as long as one workable path is available, but in a recent paper in Physical Review Letters researchers offered a new variant of percolation theory dubbed Limited Path Percolation that takes into account how long it would take a message to get to its destination. The longer it takes the less useful the path is, says study co-author Eduardo Lopez, a researcher at the Energy Department's Los Alamos National Laboratory. "If I'm routing something and it has to go a longer route, due to localized failures, then what are the limits of this?" Lopez says. The Limited Path Percolation variant considers all of the surviving nodes, as well as how much longer it would take to traverse them. The researchers argue that the network becomes less valuable the longer it takes, and suggest that the threshold of users is determined by how tolerant they are of delays. "The interesting point is not when the percolation threshold is reached, but rather when the network stops becoming efficient," says study co-author Roni Parshani, a graduate student at Israel's Bar-Ilan University.
Click Here to View Full Article
Government Computer News (01/07/08) Vol. 27, No. 1, Jackson, Joab
Traditional percolation theory holds that a network is considered functional as long as one workable path is available, but in a recent paper in Physical Review Letters researchers offered a new variant of percolation theory dubbed Limited Path Percolation that takes into account how long it would take a message to get to its destination. The longer it takes the less useful the path is, says study co-author Eduardo Lopez, a researcher at the Energy Department's Los Alamos National Laboratory. "If I'm routing something and it has to go a longer route, due to localized failures, then what are the limits of this?" Lopez says. The Limited Path Percolation variant considers all of the surviving nodes, as well as how much longer it would take to traverse them. The researchers argue that the network becomes less valuable the longer it takes, and suggest that the threshold of users is determined by how tolerant they are of delays. "The interesting point is not when the percolation threshold is reached, but rather when the network stops becoming efficient," says study co-author Roni Parshani, a graduate student at Israel's Bar-Ilan University.
Click Here to View Full Article
Tuesday, January 1, 2008
Software: Agile Principles Are Changing Everything
Agile Principles Are Changing Everything
SD Times (01/01/08)No. 189, P. 1; DeJong, Jennifer
Although the formal adoption rate of agile software development is modest, underlying principles such as incremental requirement definition, inviting customer feedback, testing code while it is being written, and frequent builds are enjoying wide proliferation. "Agile principles have become IT best practices [for software development]," says IBM agile practice leader Scott Ambler. Every facet of software production is being transformed by the growing interest in agile practices, according to interviews with analysts, developers, consultants, and tool makers from which three key observations were inferred. The first observation is that the inversion of the roles of the project manager, business analyst, programmer, and tester by agile practices makes the adoption of agile principles tougher than many teams assume. The second observation is that there is no consistency in the application of agile practices between teams, which raises issues about whether a process can be enhanced by adding one or several agile practices. The third observation is that the agile development approach is not as dogmatic as it was six years ago when the Manifesto for Agile Software Development was introduced. The early days of agile development yielded important lessons, such as that rigidly following a methodology may not be viable in reality, according to the Eclipse Foundation's Bjorn Freeman-Benson. Forrester analyst Peter Sterpe says some teams embrace agile practices as a solution to failing projects, but this does not constitute agile development. Freeman-Benson concludes that a process achieves agile status when one practice leads to another practice, acknowledging that craft is needed to select a balanced set of practices. Though a report from Forrester documents the wide recognition of agile benefits such as reduced time-to-market, improved predictability, and better quality, there is a lack of empirical evidence that such advantages exist.
Click Here to View Full Article
SD Times (01/01/08)No. 189, P. 1; DeJong, Jennifer
Although the formal adoption rate of agile software development is modest, underlying principles such as incremental requirement definition, inviting customer feedback, testing code while it is being written, and frequent builds are enjoying wide proliferation. "Agile principles have become IT best practices [for software development]," says IBM agile practice leader Scott Ambler. Every facet of software production is being transformed by the growing interest in agile practices, according to interviews with analysts, developers, consultants, and tool makers from which three key observations were inferred. The first observation is that the inversion of the roles of the project manager, business analyst, programmer, and tester by agile practices makes the adoption of agile principles tougher than many teams assume. The second observation is that there is no consistency in the application of agile practices between teams, which raises issues about whether a process can be enhanced by adding one or several agile practices. The third observation is that the agile development approach is not as dogmatic as it was six years ago when the Manifesto for Agile Software Development was introduced. The early days of agile development yielded important lessons, such as that rigidly following a methodology may not be viable in reality, according to the Eclipse Foundation's Bjorn Freeman-Benson. Forrester analyst Peter Sterpe says some teams embrace agile practices as a solution to failing projects, but this does not constitute agile development. Freeman-Benson concludes that a process achieves agile status when one practice leads to another practice, acknowledging that craft is needed to select a balanced set of practices. Though a report from Forrester documents the wide recognition of agile benefits such as reduced time-to-market, improved predictability, and better quality, there is a lack of empirical evidence that such advantages exist.
Click Here to View Full Article
Subscribe to:
Posts (Atom)