The "Apache Killer" lets an attacker use a single PC to wage a denial of service attack against an Apache server. So far, the Apache development team has issued an alert and workarounds in advance of rolling out a patch for the flaw in Apache HTTPD Web Server 1.3 and 2.X, but no patches.
Adam DuVander, from the Programmable Web, reported last week on a survey of API experiences which raised some of the largest problems developers encounter in consuming Web APIs, including the most popular APIs.
This weekend represented the 20th anniversary of the announcement of the World Wide Web. The length of a patent is twenty years; had the first server been patented then we would only now be able to innovate on top of one of the cornerstones of today's global economy.
Last week, the Electronic Frontier Foundation (EFF), in collaboration with the Tor Project, has launched an official 1.0 version of HTTPS Everywhere, a tool for the Firefox web browser that helps secure web browsing by encrypting connections to more than 1,000 websites.
In a recent post Mike Amundsen writes about building evolvable systems where he expands on his presentation "Beyond REST : An approach for crafting stable, evolve-able Web applications". The question he hopes to answer in the presentation is "How can we design and implement distributed network solutions that remain stable and flexible over time?"
Tim Bray who spoke recently in Seattle about this topic published today a long post on the Web vs Native Mobile Application Debate. If the game seems open today, can the Web applications remain competitive and eventually win the mobile game? Can HTTP itself remain the protocol of choice in a power and bandwidth constrained environment where bi-directional telephony protocols play equally well?
The Hypertext Transfer Protocol (HTTP) got its first major update since 1999, which includes improved support for Hierarchies, Text-Menu Interfaces and Authentication. It also includes a new set of accepted headers and extension mechanisms.
Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.
Ilya Grigorik wrote an introduction to ZeroMQ last week. ZeroMQ is a new multi-platform library abstracting socket management which can support arbitrarily large applications.
OWASP, an open and free organization focused on evaluating and improving software application security, has released the OWASP Top 10 Application Security Risks – 2010 RC1, a whitepaper documenting the top 10 web application security risks along with details on how threat agents can exploit these possible vulnerabilities, accompanied with examples and advice on what can be done to avoid them.
Google proposes SPDY, a new application protocol running on top of SSL, a protocol to replace HTTP which is considered to introduce latencies. They have already created a prototype with a web server and an enhanced Chrome browser that supposedly loads web pages twice as fast.
David Durham, manager of Intel's Security and Cryptography Research group, was recently interviewed on the subject of Internet and Computer Security. The interview covers a wide range of topics including the "monetization of malware," Cloud-based detection of malware, security of data stored in the Cloud, "Botnets in the Dark Cloud," and malware as a tool in geo-politics.
InfoQ's recent post on REST-*.org, which covered the announcement of REST-* and some of the community response to it, has drawn many responses. Changes have also been made to REST-*.org as a result of some of the feedback. Infoq had a chance to interview Bill Burke, a lead for the REST-* initiative, to learn more.
In a recent blog entry Benjamin Carlyle discusses how he believes the current approach to MIME type management is a problem for greater REST adoption. He proposes a few alternatives but mentions that they do have their own problems as well.
In a presentation, recorded at QCon San Francisco, ThoughtWorks' Ian Robinson explains how a RESTful HTTP approach can be applied in an Enterprise project. He makes use of many of the techniques that make HTTP a powerful protocol, including caching, hypermedia, and uses standard formats such as Atom Syndication for event notification.