zixuan.org

“Silverlight multimedia applications will provide an all-access pass for the Convention’s online audience, offering an unprecedented opportunity for viewers to individually tailor their Convention experiences,” the party and Microsoft said in a statement.

The software maker will power real-time online voting systems for delegates as well as live, gavel-to-gavel streaming coverage of the event at DemConvention.com.

If this year’s Democratic convention does come down to a floor battle, Microsoft could end up being the real winner.

The Democratic convention is just one of the events that Microsoft is banking on to help drive adoption of Silverlight. The company also has an exclusive deal to power NBC’s Olympics site.

The Democratic National Convention Committee announced Monday that Microsoft will be the “official software and HD Web content provider” for the convention, which runs August 25-28 in Denver. The move is a vote of confidence for Silverlight, which is in a battle against incumbent Adobe Flash.

Snyder says often the security story isn’t that a company created a tool that found 14 vulnerabilities in it own product, it’s that there were 14 vulnerabilities in the product in the first place. “Why would they want to share this tool? Maybe they want to demonstrate how successful it was because it found a vulnerability. That’s something that we can do that other companies cannot.”

Mozilla has been steadily demonstrating how open source projects can make money without betraying their community goals. At Mozilla, she says “we absorb the costs in criticism and we tolerate that in security because the benefit for us far outweighs everything else.”

In addition to training and tools, Mozilla wants to talk more about security metrics and threat modeling.

“At a lot of companies,” she told me recently, “there’s fear around security: you don’t want to talk about what you’re doing around security because one might deem it not enough–or might want to criticize it.” She said most companies have a lot of reasons to keep what you’re doing in security quiet, but not Mozilla. “We benefit from being open; it’s the model for us and it’s been successful for us.”

Snyder started her security work at @Stake (now a part of Symantec) then went to Microsoft and later Matasano Security. She describes her journey as moving toward open source with each environment. At Mozilla, makers of the popular
Firefox browser, Thunderbird e-mail client, and other open software, she’s pretty much at ground zero.

Johnathan Nightingale of Mozilla echoed this. “It’s pretty brittle if there’s only one person who is the security guy or gal that always solves a problem. It’s better to get that knowledge out there–whether it’s working on Mozilla or some other project. By working at understanding the good habits and the bad habits, you’ve made a huge step forward.”

They decided to start out small. “We’re starting off with secure programs and practices for C and C++. There is a focus on how to make it useful for a browser, but there is of course a general aspect to this. It’s training materials, it’s syllabi, exercises, it’s a workshop-style class. Hopefully we’ll be able to do video as well.” The idea is that one employee from a company can attend these workshops and then take the training back home to train even more people.

“Threat modeling is a methodology for identifying security vulnerabilities, for identifying the risks of a security vulnerability within that application,” Snyder said. “Making a threat model available shows other development environments how a complex application like Firefox gets deconstructed into threats, along with the mitigations that we’ve implemented to address those specific threats.

In this video, Window Snyder talks about security metrics.

Window Snyder, Mozilla’s chief security something-or-other (her official title), wants to bring open source practices to the security community.

Snyder said the idea of opening up security came about by asking, “What are we doing internally that we can make publicly available to help somebody else in some other project.”

The goal, she said, is to remove whole categories of vulnerabilities. “Here’s a pattern, and if we implement one architectural change we can eliminate all these vulnerabilities.”

“But it also gets us feedback on whether or mitigations are sufficient. It gets the research community engaged in another point in the development process. Instead of looking for vulnerabilities at the end of the lifecycle, they’re able to get involved in the threat modeling process which is between design and implementation, ideally. You want to be able to do it early enough in the process so that you can actually change at the architectural level as the result of threat modeling.”

Threat modeling is more theoretical; it’s abstract. “So, instead of saying concretely if you do this that and the other thing, that will result in an actual vulnerability, threat modeling, says there is no input validation mechanism, for example. If you send a request this way, you end up bypassing the input validation mechanism and you’re sending content, unvalidated to this audio decoder. That would be scary. So the threat would be unvalidated content is being passed directly to the audio decoder if it comes in this way. A vulnerability would be there’s an overflow in the audio decoder that an attacker is able to trigger if they craft a URL this way, and because it bypasses the input validation mechanism, all these other mechanisms that would have protected from an exploit are bypassed as well.”

In addition to training sessions, Mozilla will be making a variety of tools available. Last year Mozilla released a protocol fuzzer created by Michael Eddington, and a Javascript fuzzer created by Jesse Ruderman. Further, Mozilla admitted that these tools had found vulnerabilities within Firefox. Accepting that openness, Opera reported that the tools had also discovered a flaw within its browser product. Microsoft, maker of Internet Explorer, and Apple, maker of
Safari, haven’t revealed whether they used the tool to detect any flaws in their products.

She concludes that the training, the tools, and the threat modeling is “good for peer reviews, it’s good for testers, it’s good for developers.” She sees it as delivering on a promise to “to make the Web more secure.”

Download today’s podcast

Today’s stories:

Google to buy GeoEye satellite imagery

Napster won’t rule out a sale

IBM tests 4-terabyte solid-state drive tech

Comcast’s cap plan

Do you download more than 250GB of data per month? If you’re a Comcast customer, you’ll likely want to get out of the habit–quickly. Beginning October 1, the Internet provider said customers that use more than 250GB per month, per account will get their account disabled. It’s got a lot of people in an uproar. Make sure to check out Webware.com’s coverage of the news.

McCain taps outsider Palin to be VP

Listen now:

Nintendo shares soar on bumped-up forecast

Also on Friday’s podcast: Apple and AT&T could be looking at a plan to allow tethering of the
iPhone,
Nintendo Wii sales continue to propel the company forward, and is Napster for sale?

Tethering coming soon to iPhone 3G?

Microsoft to drop $486 million for European shopping site

Pressed by analyst Heather Bellini on when Microsoft might see the business shift away from being a drag on overall margins, Liddell said, “I can’t promise you you are going to see a massive turnaround in the short term.”

Update: 2:40 p.m. PDT: CFO Chris Liddell speaking, noting that, since its last conference call, Microsoft has decided to invest more in both acquisitions and in in its own online services business.

2:45 p.m. PDT: Healy noted that the PC industry saw 12 percent to 14 percent in the quarter, ahead of Microsoft’s forecast, with Microsoft seeing its client revenue growing even faster as it returned to making piracy gains after a dip last quarter.

On to Q and A:

He noted disappointment in Microsoft’s share price given its results, saying it reflected both general uncertainty and Microsoft-specific issues, such as the uncertain Yahoo issue.

Asked about the macroeconomic economy, Liddell said. “We are clearly cautious like everyone is,” but added that for Microsoft’s products, the company is feeling good overall. He did note that the company was seeing slowness in online advertising. “It was weak in the fourth quarter,” he said. “There is a direct impact and we are not immune to that in the online space.” That weakness is expected to continue, at least in the current quarter, he said.

Turning to Yahoo, Liddell said the company made the decision to shift gears during the quarter as a deal with Yahoo seemed less likely and after Yahoo made its deal with Google. Of the increased spending plans, Liddell said two-thirds are related to driving increased search business.

Microsoft said it won’t be deterred by either the current weakness or its failure to strike a deal with Yahoo. “Regardless of what happens with Yahoo, it’s a space we are committed to.”

He again pointed to the company’s planned investments in areas like distribution deals as well as new business models, like Live Search Cashback. “In the short term that is not going to make the division profitable,” he said.

Microsoft has kicked off its earnings conference call, after posting quarterly results and outlook that were below what some analysts were projecting.

2:52 p.m. PDT: Expenses came in $500 million higher than expected, on higher sales of Xboxes and Microsoft consulting services, both of which have a higher cost of sale, Healy said.

3:00 p.m. PDT: Microsoft plans to continue to invest (read: lose money) in online services.

2:54 p.m. PDT: Liddell is back. The company expects 12 percent to 14 percent growth in the PC market, but Windows client unit revenue to only climb 9 percent to 10 percent for the year. Slower growth for Microsoft is because of the continuation of a few key trends, he said. Emerging markets growth will continue to outpace mature markets, while consumer segment growth is seen exceeding business growth. Also, more PCs are being sold by large computer makers as opposed to smaller “system builders.”

The company sees some of the challenges it saw in the online services business continuing, although Liddell said the company hopes that some of its investments will start to pay off later in the fiscal year.

“We do not make these investments lightly,” Liddell said, noting that the loss will be “a drag” on the rest of the company. However, he said Microsoft views a further several hundreds of millions of dollars is worth the cost given the size of the online advertising market is measured in tens of billions of dollars.

2:47 p.m. PDT: As for the online business, Healy said that page views and search queries came in as expected, but noted that “monetization lagged.”

2:49 p.m. PDT: The company sold 1.3 million
Xbox consoles in the quarter.

I’ll update this blog once there’s more to report. For now, Microsoft is just going through the formalities. (And the sound quality, at least here at CNET, is terrible, with investor relations chief Colleen Healy barely audible).

Hiring improved, with Microsoft closing more open positions, Healy said.

He noted the market is projected to be $80 billion by 2012, making it one of largest growth areas for the company.

It’s plans include more toolbar programs with computer makers, deals with other software makers and Internet service providers as well as a faster roll-out of its Live Search Cashback program. The company will also look at more vertical acquisitions, he said.

3:10 p.m. PDT: Liddell said he won’t be taking questions on Yahoo, but he did go over the elements of its latest proposal and added, “We continue to believe our proposal is a compelling one.”

“We remain focused on the factors in our control,” Liddell said.

The I-Ball won Britain’s Ministry of Defence’s Competition of Ideas contest, which challenges U.K. companies to come up with problem-solving technologies.

“A chap from the MoD told us there was money if (we) came up with a good idea so we came up with an idea, we didn’t know if it was bonkers or a good idea–and they funded it,” Paul Thompson, an engineer at Dreampact, said in an interview with Silicon.com.

A new launchable, wireless projectile camera from Scotland gives troops 360-degree, high-quality, real-time video coverage whether in flight or rolling on the floor.

The I-Ball demo model is wired, but the unit is readily adaptable to wireless networks. However, the wired model comes with one advantage over the wireless version, and that is that after throwing it somewhere: “You can pull it out again,” said Thompson.

The I-Ball can be tossed into a room, fired from a grenade launcher or even a mortar, and its advanced image stabilization technology will still deliver a steady picture and easy to see “high-value” video, according to creator Edinburgh-based company Dreampact. The grenade-size, wireless camera will allow the redcoats to have a quick peek before entering a room or cresting a ridge–basically providing the services of a miniature unmanned vehicle, but without the noisy engine.

(Credit:
Dreampact )

First, hiring companies can see lists of candidates who are interested in their available positions, and the tool ranks those candidates in order of the likelihood of a match, from strongest to weakest.

Then, they can deploy a series of widgets that allow the candidates to show exactly how they want to be presented on the site. They can define an asking price that is essentially 5 percent of the salary range they’d like and then they can put together a list of benefits and other attributes about a new job they’d like, in order of importance to them, such as salary, health benefits, education reimbursement and the like. They can then drag and drop such attributes into the exact order of importance to them.

A company called Paidinterviews that presented at DemoFall here Tuesday morning thinks it has the answer.

From the employer’s side, Paidinterviews also offers useful tools.

And that, the company said, is its Paidinterviews new job site and candidate recruitment site.

The first side of it is designed for job candidates trying to find a new position.

Initially, they would upload pictures of themselves, previous employment references, examples of their work and other information employers might want to know about them.

SAN DIEGO–What would happen if you mashed up LinkedIn and Monster.com and threw in a dose of steroids?

At that point, they can turn to the “watercooler,” what the company likens to Amazon.com product ratings. Here, candidates can peruse a list of potential positions that meet their criteria and look at ratings of the hiring companies posted by previous and current employees.

I’m not in the job market right now, and I have found in the past that job-seeking sites never really do a good job with the journalism industry. But for people in many other industries, I suspect that a tool like this will be, at the least, a good adjunct to more established sites, especially as the site builds a bit of critical mass of users.

And finally, users can join groups centered around professional interests with the idea of helping members of those groups identify potential companies and positions they’d want to pursue.

How did Yahoo become such a loser company in anyone’s mind other than the idiotic investors who usually don’t seem to know what they’ve bought. Let’s have a little reality check about that big fat failure Yahoo supposedly is.

So is there also a contrarian case to be made against the naysayers? More than you might think, at first blush. For more, check out my interview with CNET News.com Editor in Chief Dan Farber.

More trouble for the SS Yahoo. The latest exec to bail: Delicious founder Joshua Schachter, Meanwhile, a big reorg is said to be on the way. All the while, Yahoo shares continue to get slammed. But even before the Schachter news, Yahoo had suffered through the resignations of several high-profile execs. What’s behind the rush for the exits? Is there a common theme or is it just happenstance?

Danny Sullivan at SearchEngineland has an interesting take and offers up this delish morsel:

In addition to its exploratory angle, StumbleUpon is introducing a new partner program. Sites that have StumbleUpon installed will be able to offer their users a new “Stumble This” button with a counter on it. When a user clicks this it adds to the number, which can help promote it for other StumbleUpon members. It’s also got an option right underneath the counter that lets users jump to another piece of related content, something Camp says should drive traffic to other existing posts. It’s worth noting this is different from the previously existing StumbleThru feature, which would do this randomly.

StumbleUpon's new home page will serve as a starting point to various bits of media, and exploring it no longer requires a software toolbar. (Click to enlarge.)

The partner program is launching on four sites Tuesday night, including political blogging network The Huffington Post, HowStuffWorks, Rolling Stone online, and National Geographic. Of the four, Rolling Stone and National Geographic are the most interesting, as users will be able to explore the photo archives with the service’s recommendation engine. Like service Photoree, which we checked out back in August, this can be a fun and engaging experience.

(Credit:
StumbleUpon)

On Tuesday night StumbleUpon is changing the way users interact with the service, ditching the need for a software-based browser toolbar in place of a small frame that loads on top of the Web site you’re on. Users with the toolbar installed will still be getting the same experience, but the idea is that anyone can begin stumbling without having to install anything.

When I asked Camp for comment on the rumored sale of StumbleUpon from parent company eBay, he said he “couldn’t talk about any rumors.” However, what’s interesting is that this new system could be ported over to eBay, or any other product site, which is something many were expecting when the company was acquired last year. “This does open us up,” he said. “We’re a lot more media focused, and this would allow us to do product discovery.”

The future of StumbleUpon

The new StumbleUpon.com should be available right now. Camp says user profiles, reviews, and friends lists will get updated to match the new style in the coming weeks.

Earlier this week, StumbleUpon founder Garrett Camp told me this was an idea that had been kicked around the office for years–six in fact, and the only reason it hadn’t happened sooner is that Camp and others felt it would diminish the number of people who were populating the service with rated content. That number is still staggering, with more than 35,000 new URLs submitted every day by 6 million registered users. Camp hopes this new install and registration-free solution will make those numbers even larger, and improve some of the uptake as people get to try the service without that first hurdle.

Camp says there are 10 other partnerships in the works, including several for video and music content. Eventually the system will be open for anyone to place it on their blog, although Camp says the system needs to be fine-tuned before it’s ready for that.

Presumably with such a system in place you could jump around the site and discover new products while rating them at the same time–something the auction site does not currently provide. Camp says StumbleUpon might one day provide that, but for now he says that realm has already been covered pretty well by search. “(We’re) more interested in doing media stuff. There’s a greater need for discovery than products right now.”

(Credit:
StumbleUpon)

The new toolbar doesn't require a download, although it'll disappear if you go to another site without using the stumble or rating buttons.

To get the Web toolbar to show up in the first place, users must now begin their stumbling experience from the StumbleUpon home page. The site is now broken up into categories. Once you’ve clicked on a link the experience begins, with the persistent toolbar following you from site to site and keeping track of your ratings to provide you with new stumbles.

Microsoft said Sunday that it plans to ship the JQuery JavaScript library with its Visual Studio developer tool suite.

In addition, Microsoft said that it would contribute tests, bug fixes, and patches to the JQuery open-source project and that later this year it would extend product support to JQuery.

Guthrie also pointed to a newly posted tutorial on Scott Hanselman’s Computerzen blog about integrating JQuery with ASP.net Ajax.

(Credit:
Microsoft)

Nokia is looking to use jQuery to develop applications for their WebKit-based Web Run-Time. The run-time is a stripped-down browser rendering engine that allows for easy, but powerful, application development. This means that jQuery will be distributed on all Nokia phones that include the web run-time…

The software powerhouse said that jQuery would be one of the libraries used to implement higher-level controls in the ASP.net Ajax Control Toolkit, and would also have a role in new Ajax server-side helper methods. The 15KB JQuery JavaScript library will be distributed as is, with no forking, and files will continue to adhere to the JQuery MIT license.

Sample JavaScript using JQuery.

Writing on the JQuery blog, John Resig said that mobile phone heavyweight Nokia also is adopting JQuery as part of its application development platform. As is the case with Microsoft, he said, Nokia isn’t looking to make any changes to the library, and its developers will contribute to the JQuery project.

The announcement came in a blog post by Scott Guthrie, a vice president in Microsoft’s developer division, who described the library’s attraction:

…The jQuery test suite is already integrated into the test suites of Mozilla and Opera and this move will see a significant level of extra testing being done on Internet Explorer and WebKit - above-and-beyond what is already done by the jQuery team.

A big part of the appeal of jQuery is that it allows you to elegantly (and efficiently) find and manipulate HTML elements with minimum lines of code. jQuery supports this via a nice “selector” API that allows developers to query for HTML elements, and then apply “commands” to them. One of the characteristics of jQuery commands is that they can be “chained” together - so that the result of one command can feed into another. jQuery also includes a built-in set of animation APIs that can be used as commands. The combination allows you to do some really cool things with only a few keystrokes.

Resig, a lead developer of JQuery, wrote:

Editors’ note: Last.fm is owned by CNET’s parent company, CBS Interactive.

With any luck, future updates to the Last.fm app will improve streaming music reliability and refine the somewhat confusing assortment of menu options and playback screen features. In its current state, the Last.fm app presents a bite-size version of the Last.fm Web site experience in a way that may satisfy existing users, but is unlikely to win new converts.

With all its features, tabs, and buttons, the Last.fm app is one of the most in-depth and dynamic streaming music applications available for the iPhone. Unfortunately, despite its ambitious list of features, the program is bogged down with performance issues that make it frustrating to use at times. During testing in both Wi-Fi and 3G modes, we often experienced 5 to 10 second buffer delays each time we initiated a music stream or skipped between songs. The buffer issues subsided under ideal circumstances where Wi-Fi or 3G reception was strong; however, similar streaming audio applications from Pandora and AOL offered better streaming performance under more realistic conditions.

The Last.fm app's main menu offers many ways to hear streaming music…maybe too many.

Once you’re logged in, the Last.fm app offers eight ways to stream music over EDGE, 3G, or Wi-Fi. You can listen to songs Last.fm has already scrobbled from your computer’s music collection, treat yourself to recommended songs, do a cold search for new music, or hear what your friends have been listening to. The music playback screen is similar to Apple’s own
iPod screen, displaying large cover art, volume, pause, and skip controls, as well as an iTunes purchase link and Last.fm’s own song rating buttons, which help to steer the quality of song recommendations. On the very bottom edge of the screen you’ll find tabs for the currently playing track, artist biography, similar artists, events (such as related concerts), and a More tab that includes the track’s tag information and Top Listeners.

Last.fm’s music-centered social network is one of our favorite ways to discover, share, and stream music online. Currently in version 1.01, the Last.fm application for the iPhone and iPod Touch allows many of the best features of Last.fm to break away from your computer and go on the road with you. The Last.fm app isn’t perfect, however, and people looking for a straightforward Internet radio application would do better with offerings from Pandora and AOL.

When launching the Last.fm
iPhone app for the first time, you’ll be prompted to enter your existing Last.fm account username and password, or you’ll be offered the option to create a new account. If you’re new to Last.fm, we recommend you get started with the service using your home computer, since many features depend on an ongoing analysis of your computer’s music collection (also known as scrobbling).