txpanhandlefilm.com

The financial site Mint is finally rolling out the investment-tracking features I covered in April to all its users. It’s added new ways to analyze your portfolio as well. It gives you the capability to pull in data from all your investing accounts so you can see performance across them, and to quickly zero in on your best- and worst-performing investments.

(Credit:
Mint.) Mint is a Webware 100 winner.

This is what they mean by, "diminishing returns."

The site is also now officially out of beta.

Developers who have created applications for Facebook’s platform can now bring them over to social network Friendster. This means that Friendster supports both Facebook’s code and OpenSocial, the standard created by Google for social-network widgets.

Since then, it’s had quite a reincarnation. Friendster estimates that 78 percent of its 80 million users, concentrated primarily in Asian countries like the Philippines, Hong Kong, Singapore, and Malaysia, do not use Facebook. If so, it would be to a developer’s advantage to make an app available on both platforms.

Could another social network do the same? Probably. “With an open platform, it’s quite possible that others will embrace it,” Roberto said.

Another social network, Bebo, now owned by AOL, announced that it would implement support for Facebook’s platform late last year. Friendster marketing director Jeff Roberto told CNET News that Friendster entered into a licensing agreement with Facebook, which has since made most of its developer platform open source.

“Friendster’s support of both the Facebook and OpenSocial platforms is a big win for business and individual developers, as well as for Friendster users,” David Jones, vice president of global marketing for Friendster, said in a release. “For the developers that have invested resources in developing and launching a Facebook app, Friendster has now made it very easy for them to ‘port’ these applications to Friendster…For Web 2.0 companies that have developed apps using Facebook and OpenSocial APIs, they now have the flexibility to choose between approaches when launching applications on Friendster.”

In August, Friendster raised $20 million in venture funding and hired former Google employee Richard Kimber as CEO. Last December, it debuted its developer platform, and in September released OpenSocial support.

Long before Facebook was a household word, Friendster was the first big social-networking site to take off in the U.S. But in 2004, plagued by technical problems, Friendster lost significant ground to MySpace (now owned by News Corp.) and later Facebook.

This, allegedly, was tossed shortly after she had closed the bedroom door on his head. It was followed by apples and water.

This is not Kenley's cat. But can you imagine throwing either of these little cuties?

(Credit: CC Amb Haims)

She allegedly threw poor Tiddles (yes, name made up by me) in her ex’s face. He covered himself with a blanket. So what would pierce the blanket’s hardy defenses? Yes, the trusty laptop.

Welcome to “Reality TV meets Tech In A Nasty Head-On Collision Week.”

May I ask if any of you has ever been assaulted by a laptop-tossing lover?

Ms. Collins, who was not one of the most popular contestants on the show, was arraigned for “assault, menacing, harassment and criminal possession of a weapon.” Was the weapon the cat? Or the laptop?

Please believe me, I have tried to find out what brand of laptop it was and whether it has received appropriate care since the incident. I have failed.

You will all collectively breathe again when I tell you that the laptop was not, apparently, her first weapon of choice. No, that was the cat.

After the hard-shoe conspiracy shuffle danced by Apple co-founder Steve Wozniak this week, I now bring you Kenley Collins, a finalist in season 5 of “Project Runway.”

Kenley was arrested early Tuesday morning after allegedly assaulting her ex-fiance with, among other things, a laptop.

Other signs. Dell has a 12-inch laptop, the Inspiron Mini 12 based on the Atom processor. Is this a Netbook or notebook? You tell me.

(Credit:
Brooke Crothers)

So, I contacted Intel. There are no immediate plans for dual-core Atom chips designed specifically for Netbooks, according to Intel. But what’s stopping a netbook supplier from using a dual-core Atom 330 (designed for nettops) in a Netbook? Answer: nothing.

And here’s evidence of Netbooks penetrating the consumer consciousness. Best Buy now has a separate category for Netbooks on its Web site. Right under laptop computers you’ll see “Netbooks”. Interestingly, the Netbooks category is ranked above desktops and most other “computer” categories.

And all the Netbooks at a Microsoft booth were running
Windows 7, Microsoft’s next-generation operating system due next year.

A Microsoft person on the floor said that a lite version of Windows 7 will run on 1GB of memory and 16GB of (solid-state drive) storage. Higher-end Netbooks will have a 160GB hard disk drive, according to Microsoft “guidance.”

At 8 watts, the chip has a higher power envelope than single-core Atom processors, but 8 watts is still low compared with a mainstream Core 2 Duo processor. Other specifications for the Atom 330 include a core clock speed of 1.6GHz, 1MB of level-2 cache, and support for DDR2 667MHz memory.

Beginning to sound more like a low-end notebook? I think so.

Rau says that the total market can grow while Netbooks eat into notebook market share. “The TAM (Total Available Market) can grow even as Atom eats into another brand. But we don’t know how it’s shaking out yet,” he said.

Netbooks were the big end-user gadget on display at the Windows Hardware Engineering Conference that ended Friday.

Netbook market share appears to be growing too. A little more than 5 million Atom processors shipped in the third quarter of 2008, according to Shane Rau of IDC, a market researcher. “Will it add to the total market or will it eat into the total market? Another question might be is Atom eating into another processor brand such as Celeron (Intel) or Sempron (AMD)?”

Microsoft displayed Netbooks running Windows 7 at WinHEC

This person also said something surprising. Dual-core Atom processors will be used in Netbooks. I tried to disabuse him of the notion that netbooks would get dual-core Atom processors. No, I said, it was Nettops (Atom-based desktops) that would get dual-core. But he assured me that vendors were planning to bring out dual-core Netbooks.

Looking for signs that netbooks are catching on? And even morphing into notebooks? Here’s a few.

Next, right-click the shortcut you just created, click Properties > Shortcut > Shortcut key, type your preferred keystroke combination for opening the service, and press Enter. Now you can open the service ready to create a new file by pressing that keyboard shortcut.

Use the Writer online word processor for instant–and universal-access to your notes.

Web word processors auto-save files
You can create a keyboard shortcut that opens Google Docs or any other Web word processor. Start by opening a new document in the service. Select the URL in the Address bar, and type Ctrl-C to copy it to the clipboard. Now open Windows Explorer to the Desktop or any other folder, right-click anywhere in the folder, choose New > Shortcut, paste the URL of the service into the location field, press Enter, give the shortcut a name, and press Enter again.

Faster is almost always better, at least when it comes to computers. So what’s the fastest way to open a word processor?

Since Writer doesn’t require you to log in–or even to create an account–you need not give your files a name. Just stick with the default, and when you want to reopen the file, select it from your list of documents, which appears just below the text window.

Well, skipping the file-naming and storage location-choosing steps, for one thing. And having access to the notes from any Internet-connected computer, for another.

Writer remembers your files by leaving a cookie with the identifying information. If you delete the cookie, you lose access to the files, unless you sign up for a free account. The account has the added benefit of providing access to your files from any Internet-connected PC.

Unfortunately, if you’re not already logged in, you’ll have to enter your username and password before you can open the blank file. You can avoid the login step by creating the shortcut to the Writer online word processor that mimics the look of old DOS-based text editors running on a green-phosphor display. (The service’s bare-bones look is itself modeled after the free Dark Room word processor, which, in turn, is the Windows version of the WriteRoom word processor for
Mac OS X.)

Monday: get more use out of Windows’ taskbar.

(Credit:
John Watson/BigHugeLabs.com)

Now press the keystroke combination to open the program, and start typing (or navigate to an existing file you want to open). When you’re done working in the file, press Ctrl-S, give the file a name (if it doesn’t have one already), choose a location to store it (or accept the program’s default storage folder), and press Enter. What could be simpler?

Should you find Writer to your liking, be sure to make a donation to its creator to help keep the great services coming.

You can create a keyboard shortcut to open Notepad, WordPad, Word, or any other word processor on your PC by right-clicking the program’s shortcut on the Start menu, choosing Properties > Shortcut > Shortcut key, entering your keystroke combination of choice (be sure not to overwrite one that’s already in use), and pressing Enter. I described how to get fast access to all your keyboard shortcuts in a post from last week.

Shortly after Flickr added videos to its photo-sharing site, a number of users are up in arms.

(Credit:
Flickr)

Some discussion on the gripe group has been constructive. For those who don’t want videos to play, there is a Flickr configuration setting that lets users reverse the default behavior that the video will play automatically when its page is opened, and
Firefox users can add extensions that block Flash videos.

(Via Thomas Hawk)

The No Video on Flickr group amassed more than 4,000 members just a few hours after the new feature launched.

“I love Flickr, and I think it should stay the same way it has always been,” the group description said. “We don’t need another YouTube! I have nothing against YouTube, I just don’t want to see all the $*#% that’s on there to wind up on here!”

Flickr member Haeretik posted a petition, so far signed by hundreds of members, that states, “We all joined Flickr because of its dedication to photography and photographers, and we want Flickr to remain true to this dedication. It is our request that this feature and addition to Flickr be removed.”

Members of the No Video on Flickr group have posted hundreds of images protesting the photo-sharing site's inclusion of video.

Personally, I find the concerns overblown, though it might have been judicious of Flickr to add an opt-out option for those who don’t want video. A lot of people react unfavorably to change–think film buffs who don’t care for digital cameras, for one example.

And I suspect video is likely to dilute the great photography that’s available on Flickr much less than the vast oceans of mediocre snapshots on the site. The days of Flickr being a haven solely for refined, high-grade photography are long gone if indeed they ever existed. Also, who knows? Maybe the addition of video will help improve Flickr’s business so it can be overhauled with a better user interface.

The software visionaries at the Mozilla Corporation, which makes the popular
Firefox web browser, have taken the approach that creativity and functionality is king–even if security has to take a backseat. Case in point: The widely praised “Ubiquity” software add-on, which brings an amazingly rich and extensible new form of interaction to the Firefox Web browser.

Mozilla does not release stats on the number of downloads, but given the rapid adoption of the browser add-on, it is quite reasonable to assume that by now it has been installed by at least 250,000 users, if not far more.

The Ubiquity command installation screen

The technology press has showered praise upon the developers of this software tool. However, in prioritizing functionality over security, Mozilla Labs punted complex trust choices to end users–the vast majority of whom are ill-equipped to make such decisions. The end result is that the hundreds of thousands of users of Ubiquity face a significant risk of browser hijacking by attackers, which could result in the theft of e-mail and online banking account information.

The Mozilla Labs team has recognized these risks, and has plans to fix them at some point in the future. However, for now, users of Ubquity remain vulnerable to attackers, particularly those who have opted to allow automatic updates of commands.

Mozilla Labs is a shared space for exploration for future user experiences on the open Web. It’s a place where we, as a part of larger community, can experiment and iterate on new ways of interacting with the Web, having the Web fundamentally enhance the browsing experience. It’s also a place where we can safely explore new security and trust models among a technically savvy group, before bringing them to a wider audience.

The fundamental problem is that extending the browser, and hence the Web, is too difficult. The closer new browser functionality can be packaged to look like standard HTML and (Javascript), the larger and more diverse a community will create it. The desktop paradigm for extension development, while powerful, has a high cost of adoption. Right now we have a short tail of browser functionality with thousands of add-ons. There should be millions. We can get to that long tail using a more Web-like model for functionality development–tools that are accessible to hobbyists and tinkerers, but that scales to professionals.

When asked to comment on some of the security issues, Aza Raskin issued the following statement regarding security issues in Ubiquity:

No security, no problem

Mozilla Labs was hugely successful, and within a week of the first public beta release of Ubiquity, over 100,000 users downloaded and installed the tool. Even more telling, is the number of commands that have been created and shared by users. The Ubiquity Wiki lists 300-plus different commands, while Mozilla’s Raskin wrote in his blog that “thousands of commands (have been) written for Ubiquity” and that “in under a week, we have a roughly comparable number of Ubiquity commands as there are Firefox extensions.”

First, a developer could release a legitimately useful command, wait until thousands of users have subscribed to it, and then send out a malicious update to those users that have enabled auto-updates. Since users only get to see the JavaScript at the time of first install, they face significant risks from future malicious updates.

Mozilla's Ubiquity in Action

One of the main design goals for Ubiquity was that it should be extremely easy for users to be able to create their own commands, which they could then share with others. As a result, a useful command can be whipped together in a couple lines of JavaScript–for example, allowing a user to send a Twitter message from within the browser. Aza Raskin, the head of User Experience at Mozilla Labs summed up the goals of Ubiquity in a blog post introducing the tool:

There is of course a legitimate reason to release beta software, even when it has known security flaws. Were Ubiquity available only to those Web programmers proficient in JavaScript, this wouldn’t be an issue. However, when hundreds of thousands of people are using your product, you can no longer reasonably hide behind the claim of “beta.”

The Ubiquity add-on brings a new form of command-driven interaction to the Firefox Web browser. Using the tool, a user can perform actions based on the contents of a page–such as translating the foreign text on a page into English, or generating a Google map of a highlighted address. While this is certainly cool, it is the extreme extendability of Ubiquity that makes it a truly compelling tool.

When a user wishes to install one of the thousands of publicly available Ubiquity commands, they are first taken to bright red warning screen. The user is clearly told the risks that they face should they accidentally install a malicious command, and then they are given the opportunity to read through the command’s JavaScript source code in order to see if it is good or evil.

The vast majority of the users on the Web are not able to read JavaScript. Even those skilled users that know enough to throw together a Ubiquity command or two are unlikely to be able to properly assess the security of someone else’s code. This point can be clearly driven home by looking at the success of the Underhanded C Programming Contest, in which users submit code that “looks” clean and safe, but which actually performs evil actions.

How popular can a piece of software get before being in “beta” is no longer a legitimate excuse for known software flaws? Or, to put it another way, is it responsible to allow hundreds of thousands of people to install your product, when you know ahead of time that doing so opens them up to attack?

In releasing Ubiquity, the Mozilla team also created a Web site it calls the Herd, which enables users to opt-in to reporting which commands they have installed. Thus, one assumes, if 20,000 other users have installed a command, it is probably safer than one that five other people are using. While better than nothing, Herd is still very new, and due to the pro-privacy opt-in model chosen for data reporting, it only captures a small slice of the Ubiquity user base.

Raskin did not answer specific questions posed by this blogger, and neither he nor Dan Veditz, Mozilla’s security lead, would confirm if the Ubiquity code base was audited by members of Mozilla’s security team before being released to hundreds of thousands of users. I’d be willing to bet a few beers that it hasn’t.

Furthermore, while Mozilla has been surprisingly frank with users about the risks they face when installing commands, this approach of education and disclaimers is simply not enough. It is totally unreasonable to offer a shiny, awesome and powerful new tool to the Internet at large if clicking on a wrong link could result in a user suffering identity theft or worse. Bruce Schneier has often said that humans are really bad at judging risk, and so of course, the vast majority of Ubiquity’s users are going to install foreign and unknown commands, simply because they offer awesome functionality.

The Herd is one way of trying to involve the community as a corner-stone of solving the security problem. It’s still in its infancy. We are working towards creating an open API so that everyone can pitch in to create a safe place for everyday users to get commands. Just like Ubiquity UI not being right yet, neither is the Herd.

Second, command updates are currently served via non-encrypted HTTP connections, and the Ubiquity infrastructure lacks the code-signing functionality that is provided to Mozilla add-ons. This creates a significant potential for man-in-the-middle attacks against the Ubiquity update process, particularly when users are connected to the Internet via a public wireless network. Last year, I revealed that a number of toolbars for the Firefox 2.0 browser were vulnerable to this same type of attack. This flaw was eventually fixed by moving the distribution of commercial browser-addon updates to SSL-encrypted servers.

Eventually, I expect there to be hybrid models. Mozilla, and other trusted sources (think folks like Bruce Schneier), will vet core and recommended commands. The Herd, enhanced by numerous metrics of “browser health,” will constantly be watching for bad actors. Clearly, we don’t expect end users to need to read code–and we do plan on adding manifests of some form to sandbox certain types of commands. Right now, however, the emphasis is on empowering verb authors to be generative.

In addition to the general problems of untrusted JavaScript, Ubiquity also suffers from significant security issues due to the ability to auto-update commands. By checking a box, a user can permit the browser to automatically upgrade commands whenever the author releases a new version. This option creates two major issues.

Security Warnings in Ubiquity

The success of Ubiquity has come at a high cost–the Mozilla Labs team completely punted on the issue of security, and made users responsible for judging the safety of downloadable Javascript, something that few of the hundreds of thousands of its users are likely able to do.

Brunner, a Democrat who recently won a dispute with the Ohio Republican Party over new voter registrations, has been the target of other malicious acts recently. Her office has reportedly fielded menacing e-mails and phone calls and received a suspicious package addressed to Brunner, which was turned over to police.

“What we know is our IT department detected a situation with our Web site where there was somehow suspicious activity where someone could have gotten into our site and tried to move things around,” Patrick Gallaway, communications director for Secretary of State Jennifer Brunner, told the Plain Dealer.

The site was temporarily shut down on Monday afternoon after the security breach was discovered, the Cleveland Plain Dealer reported. The secretary of state’s office offered few details about the breach.

The Ohio secretary of state’s office has limited the access to its Web site after discovering it may have been hacked.

“Due to security concerns experienced by the Secretary of State’s website, full functionality of the website has been suspended to protect the integrity of state records and data,” a message on the site reads. “Full functionality will be restored when we are assured that all data has been protected and restored to acceptable levels of security.”