|
|
According to Google’s Web Search Help blog, the search giant has decided it’s important to keep search inquiries from the prying eyes:
“With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.”
TechRepublic’s Chad Perrin recently penned an article about the benefits of SSL-encrypted Web searches. He also advises caution as some searches are not protected by SSL encryption and under certain circumstances SSL is vulnerable.
When I learn that an application claims to use SSL, I like to check and make sure for myself. Sometimes there are surprises and when it comes to security; that’s not a good thing. I fired up Wireshark and, as stated above, the search traffic was gibberish as shown below:
That’s great. But I did see something in the packet traffic that I didn’t understand, so I went to Laura Chappell’s Web site. I have taken several of her classes and consider her one of the foremost experts when it comes to analyzing packets. I did not find what I was looking for, but I did come across quite a surprise.
Cached Link
In their search results, Google has what they call a cached link:
In theory, using a cached link makes sense, as explained by Google:
“Google takes a snapshot of each page examined as it crawls the web and caches these as a back-up in case the original page is unavailable. If you click on the “Cached” link, you will see the web page as it looked when we indexed it. The cached content is the content Google uses to judge whether this page is a relevant match for your query.”
To their credit, if the cached link is clicked on, you will know it. Google prominently displays a window explaining the loaded page is a snapshot of the actual Web page and may not be current:
Ms. Chappell found out that the cached link traffic is not encrypted. I went back to testing, and sure enough, if the cached link is clicked on, it reverts back to http. Notice the URL in the above slide.
Search query sent unencrypted
That’s to be expected, but what’s not expected is that the original search information is sent to the Google Web-cache server in the clear. Let’s see if we can capture that. The first slide below is the response to my DNS query for webcache.googleusercontent.com. That’s where the cache is located:
 The next slide is that of the traffic my computer is sending to webcache.googleusercontent.com. As you can see, the highlighted packet contains my original search query:
Final thoughts
According to Google’s above statement, all search traffic is supposed to be encrypted between our computers and their servers. It’s not in all cases, and I felt it important to make sure everyone is aware of that.
After noting Apple practically being a zero in terms of mentions in yesterday’s keynote at Google I/O, today saw the gloves come off as Google came out swinging against its competitor – and it had to be noted, even from this longtime Mac customer – that many of the punches landed, again and again. Most damning? Google actually took TV seriously – instead of teasing customers with a streamlined device, like the Apple TV, which looked great, and functioned well, but was often dismissed as not being a central focus. The result, despite the occasional bumps in the morning’s demo, is the latest and most credible offering yet that could unify the worlds of Web and television in one place – on the biggest screen in the house. (See the official Google TV site)
Back in 2007, I had high hopes for the Apple TV. I openly questioned those naysayers on the device, celebrated its small feature updates, such as adding YouTube support, and postulated how it could compete and defeat other businesses, such as Netflix. But it seemed Apple had other ideas for the device – pretty much ignoring it, even as the company saw tremendous focus in other places – first with the iPhone, and now with the iPad.
Yes, the Apple TV still works. Yes, it can still show photos and YouTube and my music and pull down films from iTunes. But it’s a siloed dinosaur.
Google made its antiquity especially clear today, as instead of using Apple’s divide and conquer mentality, with Apple TV being completely separate from your TV, the company promises to bring the Web to the TV, complete with a search box that finds content, no matter where the source. The reason this has a much better chance to succeed than Apple TV ever could? Commitment. Commitment from the company’s leadership, from partners, and to the word they keep smacking us with – openness.
Rishi Chandra, product manager for Google TV, says the company’s new offering is about “taking the best of what TV has to offer today and what the Web has to offer today and give a seamless experience”, which should result in the ability to find playable content – no matter where it is and bring it to the big screen.
Built following a history of unsuccessful challengers, such as Web TV, Google’s massive potential comes from several points – including the immediate leverage of the Android platform, including the application marketplace and command from any Android mobile device, the full-fledged Google Chrome browser, the obvious support of YouTube, and alliances with Adobe for Flash and teaming with leading industry partners like Sony, Logitech, Best Buy and Intel to make the entire ecosystem do its thing.
As an Apple user, and as a TiVo customer, I have grown used to those two companies playing a significant role in my TV entertainment experience. Those two companies are exceptional when it comes to getting user experience right and making things feel smooth. Google hasn’t managed to replicate that feeling of seamless integration yet, but their ability to display bookmarks on TV, to download apps from a PC and have them hit the TV, and manage the TV from multiple devices at once all look like they are getting so many features into this thing that there is really no way somebody like Apple can compete, even if they were to buckle down and try for real this time.
Google and its partners promised that the first television sets, set top boxes and input devices will all start hitting shelves by Fall of this year – in time for the holiday shopping season. It will remain to be seen how customers take to a new platform with devices coming from different sources, but it looks like it is Google that is “Thinking Different” about the TV and trying to open it up as a platform for its many developers to leverage – all while Cupertino pretends its Apple TV doesn’t exist. As an Apple TV owner, I am disappointed in the lack of attention paid to this product, and think often my loyalty may have been taken for granted. But Google is executing so well in so many areas, it is obvious we have an alternative, one that, if the UI is excellent, could change the game.
Best Buy CEO Bryan Dunn, speaking with Google CEO Eric Schmidt, referred to the new Google TV platform as “not just a new aisle but a new category”. Rishi Chandra echoed his comments saying, “Our goal is to have the same impact on the TV experience as the smart phone did with the mobile experience.”
The TV looks like it finally may get smart. I just want to know why Cupertino played dumb for so long.
Sensors that smell help save lives everyday. From cars that won’t start because court-ordered breathalyzers smell alcohol in the operator’s blood stream, to bomb-sniffing machines at the airport, to complex medical tests that analyze your breath – we are designing machines that smell to make the world a safer place.
Smell sensors are essential to the future of the Internet of Things. From RFID stickers capable of smelling food through the package and updating the food’s status to the Web, to our next phone being a “smell phone”, engineers are finding innovative ways to help protect our families from being exposed to toxic hazards.
-
Breathalyzers
Sensors that measure blood alcohol content by smelling your breath have been around since 1938 when a professor named Rolla Harger invented the Drunkometer. His success in marketing the device was due in part to his work with the National Safety Council to legislate alcohol limits – as well as legitimize his sensor data as evidence in a court of law. Today, the innovation that’s occurring with these sensors is the dramatic decline in cost. So next time you want to know if you’re legal to drive after you drink, you can just blow into a Mini-Key chain Breathalyser, a device that will set you back less than $10.
-
Smell Sensors In Medicine
In Israel, Russell Berrie of the Nanotechnology Institute at Technion developed a sensor that can verify lung cancer by smelling a patient’s breath. The sensor searches 42 different lung cancer biomarkers, and is built out of nine cross-reactive chemiresistors. These resistors are built out of gold nanoparticles, each with different organic functionalities. A similar sensor from the same institute can be used to detect kidney disease sooner than traditional urine tests can. The research for that particular sensor system is titled Sniffing Chronic Renal Failure in Rat Model by an Array of Random Networks of Single-Walled Carbon Nanotubes.
-
Smell Phones
Michael Sailor, professor of chemistry and biochemistry at U.C. San Diego is working with startup Rhevision to develop a smelling device that will attach to your cell phone. The system is based on a camera that takes a picture of porous silicon. Each of these microscopic pores are individually shaped, or tuned, to react to a unique chemical when it’s encountered. Thanks to the current megapixel resolution of today’s phone cameras you can take a single picture of these pores, or sensors, and load it to the Web where it can be analyzed in real time. One application would be that these smell phones could rapidly map out chemical spills and other exposure threats.
-
RFID That Smells
General Electric is currently testing RFID-configured smell sensors. These small stickers can not only detect the presence of hazardous waste, they can also detect and report food spoilage. One example is a milk carton with an RFID sticker attached to the outside. The sticker periodically smells the milk through the packaging, and as soon as the milk goes bad the RFID sends a wireless alert.
-
Bomb Smelling Sensors
Ion Mobility Spectrometry machines are currently the most common bomb-smelling sensors in U.S. airports. Austrian manufacturer Ionicon Analytik was recently featured in Scientific America because of its new Ionicon Analytik’s Proton-Transfer-Reaction Mass Spectrometry (PTR-MS) machine. This machine is about the size of a refrigerator and is so sensitive that it can distinguish between molecules that are nearly identical. The device works by creating “protonated” water vapor, which is essentially water vapor with extra protons. Many organic compounds, including explosives, have an affinity to grab those extra protons and in turn become positive themselves.The positive ions produced can be extracted and analyzed to reveal their chemical composition.
-
Non-Destructive Carbon Dating
Traditional carbon dating methods required that a small piece of the object must be destroyed through burning. The carbon is then measured for age based on degeneration of the radioactive isotope Carbon 14. Yet with many artifacts the destruction of even small portions of it is sometimes prohibitive. A new non-destructive method allows the object to be placed a container that is filled with an electrically charged plasma gas similar to the plasma found in a high-definition TV. The plasma gently oxidizes the artifact, which will release trace amounts of carbon dioxide that can then be used for Carbon14-decay analysis.
I’m doing freelancing full-time this summer. Here’s a brief summary of what I’ve learned so far.
Lesson 0: Be good.
The key to being a successful freelancer is being good at what you do. If you are bad, no amount of business wisdom will save you. In the iPhone business, this means:
- Write a half a dozen or so apps and get them through App Review. Kind of obvious, really
- Troll the official and unofficial developer community hangouts and follow what is going on, especially with regards to new “unwritten” app review guidelines and practices
- Stay up-to-date with the latest beta SDK documentation so you know what’s coming
- Spend a lot of time trying out iPhone apps
- Spend a lot of time learning new SDKs and APIs
Lesson 1: Say “no” a lot
Apple wins by saying “no” to features. It makes sense that in Apple’s market, you win by saying “no” to clients. Some examples:
- Client wants to add lots of really complicated features. But you can solve 80% of the problem with a simple solution. Simple solutions are easy to maintain and can always be extended later to recover that last 20%. If the client can’t understand this, perhaps they shouldn’t be partnering with Apple, the king of simple.
- Avoid visual overload. This is a design aesthetic, but it’s key on Apple platforms. Again, if the client doesn’t get it, what other parts of the HIG is the client going to fight you about?
- Don’t negotiate on estimates. I’ve had dozens of people who want me to come down 5%, 15%, or 50%. If it was going to be less, I would have quoted less. If the start of the relationship is a spat about $500, what does that say about the rest?
Lesson 2: Filter clients fast
If you are good (see Lesson 0), the amount of work available to you is effectively infinite. Every person who has held an iPhone has an idea for an app and dreams of riches. The number of people who can take that idea and convert it to a product, on-time and on-budget, however, is vanishingly small–perhaps 10,000 good developers at most. So only take the best clients.
This concept is a lot more counterintuitive in real life than it is on paper. You are looking somebody in the eye who is offering you $5k (for a $6k app), and turning them down, because you know that next week somebody will call you who is willing to pay full price. It means turning down a stellar multi-app repeat client who pays on time but is extremely picky about the background color of unchangeable Apple UI controls because you know that right behind him is another stellar client who trusts your (and Apple’s) professional design judgment and will be a lot easier to work with. Turning down a deal in-hand that’s “ok” but less than stellar simply goes against all intuition.
As soon as I have any idea at all what the project will be, I quote new clients a price with a margin of error of a couple of thousand dollars. I do this before investing any work into writing an estimate or even hearing much about the project. I need to weed out the “revenue sharing” people instantly, not after even one hour of my time. There are simply too many of those guys out there.
Lesson 3: Don’t bid
There are a lot of bidding war sites out there like iPhoneAppQuotes.com and GetAppQuotes.com. Leads from them aren’t worth the time it takes to write an estimate. Here’s why:
- Competent developers already have plenty of work. So the number of competent developers on those sites are pretty small. So if you’re a developer, you’re bidding against incompetent people.
- Those incompetent people you’re bidding against? They will quote a lot less than you. It doesn’t take much money to not deliver a project.
- All those clients (speaking from experience here) are either clueless or penny-pinchers. The reason they’re putting projects up for bid is because they want it done (or not done, as evidenced by the responding developers) as cheaply as possible, even if it sucks.
Fast food is cheap. It’s the same everywhere. Any fool can be taught to make it.
I am not in the fast food business. I am a chef. I juggle Apple, clients, changing HIG guidelines, changing SDKs, tools, documentation… I design good layouts. I think through small-screen UI design. I pay attention to battery life. I look at what the client wants and I see past the requirements and into the real business problem. I anticipate what they really want, and I find the right balance between features and complexity. Those are specialized skills. They’re not cheap. They’re not replicable. They’re not scalable. And if you give that speech to somebody who’s trying to order a burger at McD, you’re never going to get anywhere.
A lot of people are worried about lowball foreign developers “stealing” all the work. I’m not concerned, any more than the 5-star chef is concerned when McD opens next door. It’s not within 100 miles of the same market. I will solve the problem for you and bill you a price to match. Fast-food developers will copy and paste something off a forum somewhere and you’ll be stuck in revision hell forever until you give up and hire someone new.
Lesson 4: Revenue sharing is only mostly evil
In the past, I’ve come down pretty hard on revenue sharing:
If you’re going to offer something stupid like “revenue sharing”, just walk away. Developers are going to laugh at you. I have a “revenue sharing” deal already–I do development work, and Apple sends me a monthly check. The only way to compete with that is to pay actual money up front.
I still think this is mostly right. I have all the revenue sharing agreements I want already: with Apple. And there’s still no shortage of people offering me a 50/50 split for their “app idea”.
However, I have begun to offer a 5% discount for a 3c per copy royalty for certain projects where the clients are known to be reliable/honest and the product is sound. This gives me a little bit of residual income and a little bit of risk. The smart clients realize that it keeps me invested in their projects.
Conclusion
I’m learning more this summer than I’ve ever learned in a classroom. Being forced to make actual money is perhaps the best teacher of all. Why don’t we expose students to something like this before they enter the workforce?
I’ve never been a big fan of Web “applications”. For most tasks that warrant the use of some sort of application I much prefer having a stable desktop application that adheres to the user interface conventions of the platform I’m using, and that I can use without having to be connected to the Internet.
When I use the Web, it’s first and foremost because I want to find or share information – what many call “content”. And that’s something the Web excels at. Yes, Web applications are popular. Especially among developers. But being a platform for creating and delivering applications is not what the Web does best.
Instead of trying to put more words to my thinking on this, allow me to quote a couple of passages from Ben Ward’s article Understand The Web.
First a paragraph in which he talks about the purpose of the Web:
Think about that word; ‘web’. Think about why it was so named. It’s nothing to do with rich applications. Everything about web architecture; HTTP, HTML, CSS, is designed to serve and render content, but most importantly the web is formed where all of that content is linked together. That is what makes it amazing, and that is what defines it. This purpose and killer application of the web is not even comparable to the application frameworks of any particular operating system.
Then a few sentences on why the Web is great for content but Web applications in general do not offer a particularly good user experience:
The success of the web, the success of this impossibly huge network of information is because of the open, universally accessible, cross-platform, cross-device nature of web content. Cross-platform user interface sucks. It’s a nightmare of inconsistency and wrong, momentarily obsoleted assumptions. But cross-platform content? Well that is content.
Finally something I touched upon in the first paragraph of this post – applications made specifically for a platform are better than cross-platform Web applications:
I honestly think that ‘Desktop-class Web Applications’ are a fools folly. Java, Flash, AIR and QT demonstrate right now that cross-platform applications are always be inferior to the functionality and operation of the native framework on a host platform.
Cross-platform content, on the other hand, does not have that same problem.
One of the things that gave me pause when considering the move to Chrome from Firefox was having to give up the wide range of add-ons that the Mozilla service provides. But while Chrome can’t yet match Firefox’s huge extension ecosystem, it’s rapidly catching up, and many of my favorite “must-have” Firefox add-ons are are now available as Chrome extensions, or at least have Chrome equivalents. Here are the five Chrome extensions that I wouldn’t be without in the course of my daily blogging work:
- Postponer — Read it Later is a tremendously useful service for keeping on top of the latest writing in your field. Stumble across an interesting sounding article but don’t have time to read it now? Save it to your Read It Later list so you can check it out later, from any computer. If you have an iPhone, you can sync your Read It Later list with the phone, meaning you can catch up on those articles when you get a spare moment while on the go. Unfortunately, there’s no official Read It Later extension for Chrome, but Postponer, a pair of extensions, does the job admirably.
- After the Deadline — This useful extension has been available for a while as a Firefox add-on, so it’s good to see it released for Chrome. It’s a fairly comprehensive spelling and grammar checking tool. It can highlight misspelled words, misused words (“weather” instead of “whether,” for example), grammar and style issues. It’s certainly not perfect — it won’t catch all of your mistakes and it’s also quite a hefty extension — but as a quick sanity check, it works really well. I find it especially useful as Chrome’s built-in spell-checker doesn’t seem to work with WordPress
- Clip to Evernote — Note-taking app Evernote is a tremendously useful tool for writers. You can capture and access your notes wherever you happen to be, on pretty much any device. The official Chrome extension lets you swiftly clip interesting snippets of web content and save them to your Evernote account, without having to open new tabs or mess about with bookmarklets.
- Word Count — Word counts are crucial for many writers. Word Count’s a simple extension that enables you to highlight some text on a web page and hit a toolbar button to get a word and character count without having to waste time copying and pasting the text into a word processing app.
- Webpage Screenshot — This is another simple but extremely useful extension if you often need screen grabs. On my Mac, I normally snap screenshots using OSX’s built-in tool (Cmd+Shift+4), but if the page or image that you need to grab is bigger than the current window, this extension comes in handy. It can take a screen grab of an entire page, or just the current window.
A couple of weeks ago we published the article Expert Advice for Students and Young Web Designers, in which we presented a group interview with professional designers and developers. We tried to find answers to questions that are particularly useful and interesting for those just starting to design websites for a living or considering diving into the Web design industry.
In the comments to that article, many readers wished we’d invited more female designers on the panel — in particular because, “There is no way of discerning how the experience of a female designer might differ, simply because there is a complete lack of representation.” So, we decided to prepare an article featuring specifically professional women designers giving their expert advice for young Web designers.
Today, we are glad to present a group interview of successful women working in the Web design field. These 16 female professionals will discuss inspirational topics such as the influences that have had a big impact on their work, as well as practical details, like how they managed to get where they are today. Of the 15 questions we asked, one obviously had to be about how these women have positioned themselves in this male-dominated community. We also look at the challenges they face in their careers as designers. So let’s get started by meeting these people, whom we thank once again for their thoughtful interviews. Here are their names and positions:
- Rachel Andrew (edgeofmyseat.com | this is rachelandrew.co.uk | twitter)
- F. Claire Baxter (Vanity Claire | twitter)
- Jan Cavan (Dawghouse Design Studio | twitter)
- Adelle Charles (Fuel Brand Inc | Adelle Charles | twitter)
- Kristi Colvin (Fresh ID | kris colvin | twitter)
- Molly E. Holzschlag (Molly.com | Twitter)
- Eva-Lotta Lamm (Eva-Lotta Lamm | Twitter)
- Gisele Jaquenod (Gisele Jaquenod & Birdie | Twitter)
- Inayaili de León (Yaili | Web Designer Notebook | Twitter)
- milo317 (3oneseven | Twitter)
- Sarah Parmenter (You Know Who | the blog of Sarah Parmenter | Twitter)
- Elena Scanteie (Design Disease | Twitter)
- Grace Smith (Postscript5 | gracesmith.co.uk | Twitter)
- Amber Weinberg (amberweinberg.com | Twitter)
- Lynda Weinman (lynda.com | Twitter)
- Lisa Sabin-Wilson (E.Webscapes | Just a girl | Twitter)
To most people, a knife-wielding robot probably sounds a bit scary. But some fearless researchers at the Institute of Robotics and Mechatronics at the German Aerospace Center (DLR) have armed a robot with various stabbing and slicing instruments, and have programmed it to restrain itself from injuring people.
The team equipped their robotic arm with scissors, kitchen knives, a screwdriver and a scalpel and had it stab and slice different materials, including a piece of silicone and a pig’s leg, at varying speeds. The group then implemented a detection system that uses force sensors on to detect when the robot has accidentally cut something. In the stabbing motion, the safety program resulted in much smaller cuts (as little as 1mm); for the slicing motion, it prevented the robot from cutting the pig’s leg entirely.
The US leader on Thursday also sought to quell a storm of outrage caused by earlier administration plans, vowing before NASA staff that he was “100 percent committed” to their mission and to the future of the US space agency.
“I believe that space exploration is not a luxury, it’s not an afterthought in America’s quest for a brighter future. It is an essential part of that quest,” he told a crowd at the Kennedy Space Center in Florida.
Obama made a whirlwind trip after stinging criticism of his decision to end the costly Constellation program, a project to return US astronauts to the moon.
Obama — accompanied by astronaut Buzz Aldrin, the second man to set foot on the moon after Neil Armstrong in 1969 — said his administration would pump six billion more dollars into the NASA budget over the next five years.
He also had specific ideas how it should be spent.
“We should attempt a return to the surface of the moon first, as previously planned. But I just have to say, pretty bluntly here, we’ve been there before. Buzz has been there,” Obama said.
“There’s a lot more of space to explore and a lot more to learn when we do,” he said, to loud applause.
“By 2025 we expect new spacecraft designed for long journeys to allow us to begin the first ever crew missions beyond the moon into deep space.
“So, we’ll start by sending astronauts to an asteroid for the first time in history. By the mid-2030s, I believe we can send humans to orbit Mars and return them safely to earth, and a landing on Mars will follow.”
In a nod to critics who say the new approach will costs jobs, Obama said he was retaining the Orion capsule segment of the Constellation project.
Obama said he had instructed NASA administrator Charles Bolden to design a rescue vehicle using technology already developed for the Orion capsule.
The United States would also invest some three billion dollars in research on a heavy-lift rocket to send crew capsules and supplies into deep space, with the design to be finalized by 2015.
Obama said his plan includes increasing “robotic exploration of the solar system, including a probe of the sun’s atmosphere, new scouting missions to Mars and other destinations, and an advanced telescope to follow Hubble.”
A new type of malware infects PCs using file-share sites and publishes the user’s net history on a public website before demanding a fee for its removal.
The Japanese trojan virus installs itself on computers using a popular file-share service called Winny, used by up to 200m people.
It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime.
Website Yomiuri claims that 5500 people have so far admitted to being infected.
The virus, known as Kenzero, is being monitored by web security firm Trend Micro in Japan.
Masquerading as a game installation screen, it requests the PC owner’s personal details.
It then takes screengrabs of the user’s web history and publishes it online in their name, before sending an e-mail or pop-up screen demanding a credit card payment of 1500 yen (£10) to “settle your violation of copyright law” and remove the webpage.
Held to ransom
The website that the history is published on is owned by a shell company called Romancing Inc. It is registered to a fictitious individual called Shoen Overns.
“We’ve seen the name before in association with the Zeus and Koobface trojans. It is an established criminal gang that is continuously involved in this sort of activity,” said Rik Ferguson, senior security advisor at Trend Micro.
Kenzero is a twist on ransomware, he added, which infects a computer and encrypts the documents, pictures and music stored on it, before demanding a fee for a decryption key.
“Interestingly we’ve seen a separate incident that focuses on European victims,” he said.
A fictitious organization calling itself the ICPP copyright foundation issues threatening pop-ups and letters after a virus searches the computer hard drive for illegal content – regardless of whether it actually finds anything.
It offers a “pretrial settlement” fine of $400 (£258) payable by credit card, and warns of costly court cases and even jail sentences if the victim ignores the notice.
However rather than take the money, the outfit sells on the credit card details, said Mr Ferguson.
“If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware,” was his advice.
“And if there’s online content that you want to get hold of, get it from a reputable website – if that means paying that’s what you have to do.”
|
|
