Lori Macvittie recently raised concerns about WebSockets vulnerabilities to viruses and malware due to the removal of HTTP headers and MIME types. Given other reported security issues with the protocol and implementations, is it time to step back and consider what a world based on WebSockets should look like?
Apache has released the HTTP Server version 2.4 with performance improvements, enhanced concurrency, asynchronous I/O support, lower resource footprint and others.
The Netty 3.3.1 release adds support for SPDY protocol, which has been proposed for inclusion in http/2.0, fixes regression of Android support and reduces memory consumption of ZLib compression.
As the title suggests, in Best Practices For HTTP API Evolvability, Benjamin Carlyle, set out to define priciples and practices for designing systems, that are built around HTTP API’s. Systems, that are extensible and can evolve over time.
EclipseSource has released the first stable version for an open source JUnit extension that automates testing of REST/HTTP services supporting both synchronous and asynchronous calls.
The "Apache Killer" lets an attacker use a single PC to wage a denial of service attack against an Apache server. So far, the Apache development team has issued an alert and workarounds in advance of rolling out a patch for the flaw in Apache HTTPD Web Server 1.3 and 2.X, but no patches.
Adam DuVander, from the Programmable Web, reported last week on a survey of API experiences which raised some of the largest problems developers encounter in consuming Web APIs, including the most popular APIs.
This weekend represented the 20th anniversary of the announcement of the World Wide Web. The length of a patent is twenty years; had the first server been patented then we would only now be able to innovate on top of one of the cornerstones of today's global economy.
Last week, the Electronic Frontier Foundation (EFF), in collaboration with the Tor Project, has launched an official 1.0 version of HTTPS Everywhere, a tool for the Firefox web browser that helps secure web browsing by encrypting connections to more than 1,000 websites.
In a recent post Mike Amundsen writes about building evolvable systems where he expands on his presentation "Beyond REST : An approach for crafting stable, evolve-able Web applications". The question he hopes to answer in the presentation is "How can we design and implement distributed network solutions that remain stable and flexible over time?"
Tim Bray who spoke recently in Seattle about this topic published today a long post on the Web vs Native Mobile Application Debate. If the game seems open today, can the Web applications remain competitive and eventually win the mobile game? Can HTTP itself remain the protocol of choice in a power and bandwidth constrained environment where bi-directional telephony protocols play equally well?
The Hypertext Transfer Protocol (HTTP) got its first major update since 1999, which includes improved support for Hierarchies, Text-Menu Interfaces and Authentication. It also includes a new set of accepted headers and extension mechanisms.
Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.
Ilya Grigorik wrote an introduction to ZeroMQ last week. ZeroMQ is a new multi-platform library abstracting socket management which can support arbitrarily large applications.
OWASP, an open and free organization focused on evaluating and improving software application security, has released the OWASP Top 10 Application Security Risks – 2010 RC1, a whitepaper documenting the top 10 web application security risks along with details on how threat agents can exploit these possible vulnerabilities, accompanied with examples and advice on what can be done to avoid them.