G$earch

Mozilla develops social skills with F1

Posted by Harshad

Mozilla develops social skills with F1


Mozilla develops social skills with F1

Posted: 15 Nov 2010 05:52 PM PST

As Flock and RockMelt duked it out for social-networking addicts' attention, browser kingpin Mozilla quietly introduced last week a new add-on for Facebook, Twitter, and Gmail users. Called F1 (download) and created by Mozilla Messaging, the division of Mozilla that manages the e-mail client Thunderbird, the secure and unobtrusive add-on provides fast sharing of URLs via a dedicated navigation bar button. It mimics one of the best features found in social-networking browsers without having to deal with hassle of switching browsers, although the add-on is definitely still a bit rough.

The Firefox add-on F1 makes it much easier to share links via Twitter, Facebook, and Gmail.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Once installed, F1 will create a button on the right side of the search box that looks like a comic book word balloon. Click it and the F1 interface appears to add accounts from Twitter, Facebook, and Gmail. Type in a message to accompany the link you're sharing and then hit Share on the right. The Gmail option will also provide To and Subject fields. In my instance of F1, it didn't support searching recipient field completion from a partial e-mail address, although the F1 demo video did show that feature working.

The add-on currently supports only one iteration of each account, too. It works on Firefox 3.6 and later, but it does not re-map the F1 hot key from Help to opening the sharing drop-down box. Mozilla stated in the blog post announcing the add-on that one of its goals with F1 was to cut down on cluttered and potentially insecure sharing buttons that have become ubiquitous on Web pages, a task that sounds Sysiphean at best, although Mozilla has taken some steps to make using F1 easier. The add-on relies on services that support OAuth, and the open-source add-on has an extensive developer's wiki. F1 developers said that Yahoo Mail was left out of the initial release because it required an extra captcha authentication on top of OAuth support.

Prospector: Find Suggest is a Mozilla experiment for Firefox that adds suggested words to your in-page search queries.

(Credit: Screenshot by Seth Rosenblatt/CNET)

Mozilla has also released other "experimental" add-ons recently that demonstrate its take on "future Web" features and technology. One of them is called Prospector, which is what Mozilla is calling a series of search experiments. One Prospector add-on is called Speak Words and allows the browser to auto-complete words as they're typed into the location bar. It's based on your browsing history, so depending on the user typing "Gia" could get you They Might Be Giants, the San Francisco Giants, or a lot of Italian actresses. Another Prospector experiment is called Find Suggest, and as the name states, it suggests complete words to search for as you type into Firefox's search box. Click on one to add it to the search box. Both Prospector experiments are restricted to the Firefox 4 beta.

A third experimental add-on for the Firefox 4 beta is called Lab Kit, and it serves the simple task to automatically update specific Mozilla Labs add-ons without having to restart the browser. While the concept is still foreign to Firefox users, Google Chrome add-ons have been auto-updated by their publishers since extensions were added to it. So far, Lab Kit supports the two Prospector add-ons, Mozilla Contacts, and the Test Pilot add-on which anonymously collects Firefox 4 beta user data.

Pulse News Reader app now free for iOS, Android

Posted: 15 Nov 2010 01:58 PM PST

The top-rated, beloved-by-all Pulse News Reader is now available free of charge.

The top-rated, beloved-by-all Pulse News Reader is now available for free.

(Credit: Screenshot by Rick Broida)

I'll admit it: the App Store is home to so many nifty and inventive news readers (Blogshelf, Early Edition, and TheScore, to name just a few), I never got around to Pulse News Reader.

My mistake. It's not just the coolest blog/feed reader for the iPhone and iPad alike, it's also one of the coolest iOS apps, period. And where it once cost $1.99, Pulse News is now free. (Same goes for the Android version.)

I spent some time fiddling with Pulse News for iPad. (If you're interested in Pulse News Mini for iPhone, which, true to its name, is just a smaller version of the app, check out Jason Parker's write-up.) Like Blogshelf and Early Edition, it serves up popular blogs in a slick, easily digestible format.

Right out of the box, Pulse News Reader gives you everything from Fast Company to Mashable to Serious Eats. Of course, you can add, remove, and reorganize sources to your liking.

The app lists about 10 "featured" sources, dozens more divided into categories, a search option for sites and keywords, and support for Google Reader--meaning you can import any feeds you've already subscribed to in your account.

The iPad edition supports up to 60 sources arranged across five tabbed pages (which, thankfully, you can rename from the default "PAGE2," "PAGE3," and so on.) You scroll up and down to find the feed you want, across to peruse the stories from within that feed, and tap any story to see the full text (and/or the actual Web page, depending on your preference).

As with other readers, Pulse News lets you tag items as favorites (which it calls "creating your own pulse"), share with friends via e-mail, Facebook, and Twitter, and even send to Instapaper (another essential app).

It may take a little doing to get Pulse News set up with just the blogs and feeds you want. But once you do, you'll never look at another reader. (Or will you? If there's an app you like better, by all means shout it out in the comments!)

Originally posted at iPhone Atlas

Sencha's Web-app tools reach mobile browsers

Posted: 15 Nov 2010 09:30 AM PST

Sencha Touch lets programmers build Web sites and Web apps that reach a variety of mobile devices, though only iOS and Android today.

Sencha Touch lets programmers build Web sites and Web apps that reach a variety of mobile devices, though only iOS and Android today.

(Credit: Sencha)

Sencha, a start-up trying to make a business out of open-source tools for building Web applications, has begun an important new phase of its business with its first foray into the hot mobile browser market.

The new Sencha Touch 1.0 software is a JavaScript programming framework out of which mobile Web apps can be built. It joins the company's earlier products, the Ext JS and Ext GWT frameworks and the Ext Designer developer tool.

The tools are designed for those who need to build user interfaces out of dialog boxes, pop-up windows, sliders, charts, check-boxes, and all the other elements used in applications today.

Sencha's work is part of the effort to ease the advancement of the Web into a more powerful foundation for interaction, with dynamic sites and applications. It employs HTML5 and a number of related Web standards such as local storage, geolocation, and most notably CSS3, the new version of the Cascading Style Sheets specification for Web page formatting.

Those technologies, while significant, have lacked mature development tools, though they're coming with software from Adobe Systems and JQuery, arguably the top dog in JavaScript programming frameworks. Maturation is important especially in the mobile realm, where it's often easier to write native applications for one operating system or another rather than Web applications that at least in theory could reach a broader market.

Sencha has a little incentive to attract programmers to its tools. It had said earlier that Sencha Touch would cost $99, but the company changed course and decided to make it free. The other tools, sold on the basis of standard or premium support contracts that come with commercially licensed versions of the software, aren't free; the Sencha Complete package that combines all the software costs $995 for a single developer with standard support and $3,995 for five developers and premium support.

Of course, anyone can already use it for free in its open-source software form. However, under the terms of the GPLv3 (GNU General Public License) that governs it, any project using the software must be made available under the same terms. "If you use our GPLv3 option, then the derivative work is also governed by GPLv3, which triggers the requirement to provide source code to anyone using the application outside your organization," Sencha said.

Sencha Touch is designed to be a cross-platform environment, making it easier for programmers to reach a multitude of devices. For example, it's geared to shield programmers from variations in screen resolution and how specific devices handle the all-important smartphone interaction mechanism, touch.

However, it's not all the way there yet, in part because the mobile browser market is so fluid. Sencha Touch today works with only two mobile operating systems: Apple's iOS and Google's Android.

Both of those use a Web browser based on the open-source WebKit engine, and it's spreading to other operating systems. That means today a Sensa Touch application will run, unchanged, on both Android and iOS. BlackBerry and MeeGo, which also employ WebKit, should be supported "very soon" as well, Sencha said

Non-WebKit browsers are another matter for now. "We hope to support Opera in the not-too-distant future, although Firefox is a little further behind in the features that we rely on for styling and animation," Sencha said.

Windows Phone 7, however, isn't supported at all at present, Sencha said.

Originally posted at Deep Tech

Time for a tune-up?

Posted: 11 Nov 2010 06:00 PM PST

Most of the time our Macs run smoothly, but every once in a while you might experience sluggishness or something else out of the ordinary. In order to rule out system problems, check out OnyX. OnyX lets you verify your Mac's start-up disk and the structure of system files, and offers several configuration tools to let you tweak the Finder, Dock, and other native applications. If you're a do-it-yourself type of person, or would just like a way to tweak some settings, OnyX might be just the tool you're looking for.

Also this week, we have the latest version of Synergy, the handy utility that adds iTunes controls to your menu bar for easy access. Our game this week is Jalada Boskonian, a top-down retro arcade shooter where your challenge is to shoot everything that moves.

Don't forget to check out our iPhone apps of the week!

Google pulls app that revealed Android flaw, issues fix

Posted: 11 Nov 2010 10:54 AM PST

This screen shot shows a list of the fake Android apps that were sneaked onto the phone by a proof-of-concept app created to show a flaw in the mobile platform.

This screen shot shows a list of the fake Android apps that were sneaked onto the phone by a proof-of-concept app created to show a flaw in the mobile platform.

(Credit: Jon Oberheide)

Google pulled an app from the Android marketplace that was created to illustrate a flaw in the mobile framework that allowed apps to be installed without a user's knowledge. It then issued a fix for bug.

Jon Oberheide, chief technology officer of Scio Security, created a proof-of-concept app disguised as an expansion for the popular Angry Birds game. After the app was downloaded, three additional apps were installed without the user's knowledge that had permission to perform malicious activities but were benign, he told CNET in an interview.

Oberheide and Zach Lanier, a senior consultant at Intrepidus Group, were scheduled to present their research on the Android vulnerability at Intel's annual internal security conference in Hillsboro, Ore., today.

Before they got a chance to give their presentation, Google pulled the app, according to Oberheide. The company also began rolling out a fix for the issue, which applies to all Android devices, a Google spokesperson said in an e-mail late yesterday.

To accomplish the proof-of-concept exploit, the fake app was written to abuse the credentials service that Android has for allowing apps to request authorization tokens, according to Oberheide. For it to work, a user had to first grant credentials to the suspicious app, according to an industry source. Meanwhile, the additional app installations would have appeared in the phone notifications, ostensibly alerting a user to the installation.

Oberheide had two other "research" apps wiped remotely from the Android marketplace in June. Those were designed to test the feasibility of distributing an app that could later be used to take control of a smartphone in an attack.

Another researcher, who goes just by the name Nils and who is head of research at MWR InfoSecurity, presented research at BlackHat Abu Dhabi yesterday that also showed a vulnerability in the Web browser on Android-based HTC Legend. That flaw could lead to the installation of arbitrary apps with a wide range of permissions without seeking explicit user permission. In his demonstration, Nils showed how an HTC Legend user who visited a malicious Web page on the mobile browser could be targeted in an attack.

The issue in this case is specific to a setting introduced by HTC, the Google spokesperson said.

"Because mobile firmware updates are often slower than comparable PC software updates, taking weeks or months to release, there's a significant period of time between when mobile vulnerabilities such as these are first publicly disclosed and when people are protected," said Kevin Mahaffey, chief technology officer at mobile security firm Lookout.

Smartphone users should be careful to only visit trustworthy Web sites and only download apps from reputable developers, especially when the apps mention known brands but come from an unknown developer. Lookout is releasing a Privacy Advisor feature to its service next week that will allow people to easily see what apps are on the phone and what capabilities and access they have.

Originally posted at InSecurity Complex

0 comments:

Post a Comment