Feed aggregator
HTTP Archive New Leadership
I announced the HTTP Archive six years ago. Six years ago! It has exceeded my expectations and its value continues to grow. In order to expand the vision, I’ve asked Ilya Grigorik, Rick Viscomi, and Pat Meenan to take over leadership of the project.
The HTTP Archive is part of the Internet Archive. The code and data are open source. The project is funded by our generous sponsors: Google, Mozilla, New Relic, O’Reilly Media, Etsy, dynaTrace, Instart Logic, Catchpoint Systems, Fastly, SOASTA mPulse, and Hosting Facts.
From the beginning, Pat and WebPageTest made the HTTP Archive possible. Ilya and Rick will join Pat to make the HTTP Archive even better. A few of the current items on the agenda:
- Enrich the collected data during the crawl: detect JavaScript libraries in use on the page, integrate and capture LightHouse audits, feature counters, and so on.
- Build new analysis pipelines to extract more information from the past crawls
- Provide better visualizations and ways to explore the gathered data
- Improve code health and overall operation of the full pipeline
- … and lots more – please chime in with your suggestions!
Since its inception, the HTTP Archive has become the goto source for objective, documented data about how the Web is built. Thanks to Ilya, that data was brought to BigQuery so the community can perform their own queries and follow-on research. It’s a joy to see the data and graphs from HTTP Archive used on a daily basis in tech articles, blog posts, tweets, etc.
I’m excited about this next phase for the HTTP Archive. Thank you to everyone who helped get the HTTP Archive to where it is today. (Especially Stephen Hay for our awesome logo!) Now let’s make the HTTP Archive even better!
Docker 1.0
On March 20, 2013, we released the first version of Docker. After 15 months, 8,741 commits from more than 460 contributors, 2.75 million downloads, over 14,000 âDockerizedâ apps, and feedback from 10s of 1000s of users about their experience with Docker, from a single container on a laptop to 1000s in production in the cloud ⦠weâre excited to announce that itâs here: Docker 1.0.
Heartbleed Redux: Another Gaping Wound in Web Encryption Uncovered
On Thursday, the OpenSSL Foundation published an advisory warning to users to update their SSL yet again, this time to fix a previously unknown but more than decade-old bug in the software that allows any network eavesdropper to strip away its encryption. The non-profit foundation, whose encryption is used by the majority of the Webâs SSL servers, issued a patch and advised sites that use its software to upgrade immediately.
The new attack, found by Japanese researcher Masashi Kikuchi, takes advantage of a portion of OpenSSLâs âhandshakeâ for establishing encrypted connections known as ChangeCipherSpec, allowing the attacker to force the PC and server performing the handshake to use weak keys that allows a âman-in-the-middleâ snoop to decrypt and read the traffic.
The Next Circle of Hell: Unpatchable Systems
Microsoft's decision to end support for Windows XP in April was met with a collective gulp by the IT community. For good reason: Approximately 30 percent of all desktop systems continue to run XP despite Microsoft's decision to stop offering security updates. Furthermore, a critical security flaw in Internet Explorer 8 disclosed recently by HP's TippingPoint Division opens the door to remote attacks on XP systems that use IE8.
But Windows XP is just the tip of an ever-widening iceberg: software and hardware that is unpatchable and unsupportable -- by policy or design. In fact, the trend toward systems and devices that, once deployed, stubbornly "keep on ticking" regardless of the wishes of those who deploy them is fast becoming an IT security nightmare made real, affecting everything from mom-and-pop shops to power stations.
Git 2.0.0 Released
The latest feature release Git v2.0.0 is now available at the usual places.
We had to delay the final release by a week or so because we found a few problems in earlier release candidates (request-pull had a regression that stopped it from showing the "tags/" prefix in "Please pull tags/frotz" when the user asked to compose a request for 'frotz' to be pulled; a code path in git-gui to support ancient versions of Git incorrectly triggered for Git 2.0), which we had to fix in an extra unplanned release candidate.
The Linux Foundation Announces Core Infrastructure Initiative
The Core Infrastructure Initiative (CII), a project hosted by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund open source projects that are in need of assistance, today announced five new backers, the first projects to receive funding from the Initiative and the Advisory Board members who will help identify critical infrastructure projects most in need of support.
CII provides funding for fellowships for key developers to work fulltime on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support. The Steering Committee, comprised of members of the Initiative, and the Advisory Board of industry stakeholders and esteemed developers, are tasked with identifying underfunded open source projects that support critical infrastructure, and administering the funds through The Linux Foundation.
PHK: HTTP 2.0 Should Be Scrapped
Via the HTTP working group list comes a post from Poul-Henning Kamp proposing that HTTP 2.0 (as it exists now) never be released after the plan of adopting Google's SPDY protocol with minor changes revealed flaws that SPDY/HTTP 2.0 will not address. Quoting:
"The WG took the prototype SPDY was, before even completing its previous assignment, and wasted a lot of time and effort trying to goldplate over the warts and mistakes in it. And rather than 'ohh, we get HTTP/2.0 almost for free', we found out that there are numerous hard problems that SPDY doesn't even get close to solving, and that we will need to make some simplifications in the evolved HTTP concept if we ever want to solve them. ... Wouldn't we get a better result from taking a much deeper look at the current cryptographic and privacy situation, rather than publish a protocol with a cryptographic band-aid which doesn't solve the problems and gets in the way in many applications ? ... Isn't publishing HTTP/2.0 as a 'place-holder' is just a waste of everybody's time, and a needless code churn, leading to increased risk of security exposures and failure for no significant gains ?"
Apple, Google Settle Smartphone Patent Litigation
Apple Inc and Google Inc's Motorola Mobility unit have agreed to settle all patent litigation between them over smartphone technology, ending one of the highest profile lawsuits in technology.
Valve Sponsors Work To Greatly Speed-Up Linux OpenGL Game Load Times
Valve Software has sponsored some interesting improvements developed by LunarG for the Mesa OpenGL library on Linux for deferred and threaded GLSL shader compilation. What these changes mean for users of the open-source Linux graphics drivers when running their favorite games is that OpenGL games now load a lot faster. As an example, the time from starting Dota 2 until the time actually being within the game is reduced by about 20 seconds on an Intel system. While Direct3D has offered similar functionality for a while, OpenGL has not, which has given it a bad reputation with regard to game load times until all shaders are compiled and cached â fortunately it's now addressed for OpenGL if using the Mesa Linux graphics drivers on a supported game.
F-Secure Report Notes Over 99 Percent Of Mobile Threats Target Android
Google's open source Android platform has the distinction of being the most popular mobile operating system in the world. That's great in terms of dominating the market and reaping the rewards that come with it, but it's also for that very reason that Android finds itself the target of virtually every new mobile malware threat that emerges.
According to data published in F-Secure's latest Mobile Threat Report, over 99 percent of the new mobile threats it discovered in the first quarter of 2014 targeted Android users. To be fair, we're not taking about hundreds of thousands, tens of thousands, or thousands of malware threats -- F-Secure detected 277 new threat families, of which 275 honed in on Android. Of the remaining two, one targeted iPhone and the other set Symbian in its sights.
Firefox 29 Launches With Major Redesign
Mozilla is launching its most important release of Firefox in a very long time today. After almost two years of working on its Australis redesign, the company is now finally ready to bring it to its stable release channel.
After loading it for the first time, chances are youâll be slightly confused. This is Firefoxâs most radical redesign since it moved to its rapid release schedule a few years ago. The new version looks significantly more like Chrome than the old Firefox. It features the same three-bar menu on the right and rounded tabs, for example. At the same time, though, it keeps the separate search form â something most other browsers have now done away with.