Speeding Up the Web: The Plot Thickens

I’ve written here before about some of Google’s projects that are aimed at speeding up the Web, and specifically about its development of the new SPDY Web session protocol,  Google has supported SPDY in its Chrome browser for some time, and Mozilla, has recently added SPDY support to Firefox.  In the testing done so far, the use of SPDY has produced reductions of 28-48 % in page loading times.

This week, the Internet Engineering Task Force [IETF] is meeting in Paris.  As always, there are many items on its agenda.  One of these is the report of the working group on the development of “HTTP 2.0”, referred to as ‘HTTPbis’, the next generation of the ubiquitous HyperText Transfer Protocol [HTTP], the core protocol of the Web.  Until very recently, Google’s SPDY was the only substantive proposal that had been put forward.

Now Microsoft has entered the picture with its own proposal, called HTTP Speed+Mobility, sometimes abbreviated HTTP S&M.  (The name must have been hammered out by the same marketing gurus that developed the Windows 7 launch parties.)  This seems to use SPDY as a starting point, with some amendments based on tests flogging  the HTML 5 WebSockets API, and focusing particularly on mobile usage.  The original blog post announcing the submission was somewhat lacking in details, but there is now an IETF draft available; I’ve not yet had a chance to read it more than superficially, but I’m most interested to see what it says.

There are many Internet “techies” (including me) that tend to be reflexively suspicious of Microsoft’s motives, because of some unseemly parts of its history.  But it is a considerable virtue of the IETF process that it is open to scrutiny.  Given that, having more (non-frivolous) suggestions is a good thing, even if they come from Microsoft’s desire to beat Google at its own game, of whipping Web performance into shape.

There are articles on the Microsoft submission at the “Webmonkey” blog at Wired, and at Extreme Tech.

Google Releases Chrome 18·0·1025·142

Google has released a new version, 18·0·1025·142, of its Chrome browser, for all platforms: Windows, Linux, Mac OS X, and Chrome Frame.  This new release includes fixes for nine security vulnerabilities, including three of High severity.  As expected, the bundled Flash Player is the just-released version.  It also provides improved graphics and drawing performance, and better 3-D graphics capabilities on older hardware.  More details are available in the release announcement, and on the Official Chrome Blog.

Windows and Mac users should get the new version via the built-in update mechanism.  Linux users should get the updated package from their distributions’ repositories, using their standard package maintenance tools.  You can verify that your system has been updated by clicking on the tools menu (the little wrench), and then on “About Google Chrome”.

Security Update for Flash Player

Adobe has issued a new version of its Flash Player, for all platforms (Windows, Mac OS X, Linux, Solaris, and Android) to incorporate fixes for two critical security vulnerabilities.   For Windows, Mac OS X, and Linux, the new version number is 11.2.202.228; for Solaris, the new version is 11.2.202.223, and for Android, 11.1.111.8.   According to Adobe’s Security Bulletin [APSB12-07], the affected versions of the player are:

• Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x

Adobe rates this as a Priority 2 update, meaning:

This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent.

As Adobe says, Flash Player has been at “elevated risk”; it is very commonly installed, across multiple platforms, and is therefore an attractive target for the Bad Guys.

You can get the new version using the built-in update mechanism, or by downloading the installation package here.  Android users should see the update instructions in the Security Bulletin.

Although a new version of Google’s Chrome, incorporating the new Flash Player, has not been announced yet, I ‘d expect one within the next 24 hours or so.  I will post a note here when I get any definite information.

Update Wednesday, 28 March, 17:25 EDT

Google has now released a new version of Chrome incorporating this update.

The new version also includes, for Windows, a new automatic updating function, which will allow updates to be downloaded and installed without user intervention.  More details are available in this post on the Adobe Secure Software Engineering Team [ASSET] blog.

Update Thursday, 29 March, 11:35 EDT

Ars Technica has a brief article explaining the new auto-update capability.

Spinning the TSA

Two committees of the US House of Representatives, the Committee on Oversight and Government Reform, and the Committee on Transportation and Infrastructure, held a joint hearing today to review the performance of the Transportation Security Administration [TSA].    The advertised title of the hearing was “TSA Oversight Part III: Effective Security or Security Theater?”.

The hearing will examine the successes and challenges associated with Advanced Imaging Technology (AIT), the Screening of Passengers by Observation Techniques (SPOT) program, the Transportation Worker Credential Card (TWIC), and other security initiatives administered by the TSA.

Originally, one of the witnesses scheduled to testify was Bruce Schneier, Chief Security Technology Officer of BT Global Services, and author of the Schneier on Security blog, as well as several books (including Secrets and Lies, Applied Cryptography, Beyond Fear, and his latest, Liars and Outliers).   He is certainly a security expert by any reasonable definition.

Schneier has also been critical of the TSA’s approach to security for some time, and in fact coined the term “security theater” to describe many of its tactics.  The TSA, apparently, did not want to testify before Congress with Schneier there, so it managed to have him “disinvited” last Friday.  (His name has been crossed off on the hearing page.)  The stated reason was that Schneier is involved in a lawsuit that is attempting to get the TSA to suspend its full-body scanner program.   This is not particularly convincing; Schneier has a blog post about the situation.

If Congress wants to exercise oversight over the TSA (or any other agency), it seems perverse to allow the agency to control the witness list, especially when the witness is an acknowledged authority in the field.

Keeping the Magic Out of Science

Science is a way of trying not to fool yourself. The first principle is that you must not fool yourself, and you are the easiest person to fool. — Richard Feynman

James Randi, the retired professional magician and skeptic of the occult (who I wrote about a couple of weeks ago), has a new opinion article at Wired, in which he argues that scientists should consider enlisting the aid of magicians when investigating claims of extra-natural phenomena.  He says that scientists, although they are trained to evaluate data in a rigorous and logical way, are often not especially sensitive to the possibility that some sort of chicanery might be involved.  Magicians, though, are entertainers skilled in the arts of deception, who can often do a better job of unmasking fakery.

… our highly specific expertise comes from knowledge of the ways in which our audiences can be led to quite false conclusions by calculated means — psychological, physical and especially sensory, visual being rather paramount since it has such a range of variety.

The idea of using a trickster to catch another trickster is, as Randi points out, hardly new.

It’s not a novel notion to call in a trickster for advice. In England, famous magician John Nevil Maskelyne [1839-1917] appeared in a courtroom to demonstrate how spiritualist fakers were working their swindles on vulnerable victims, with great success.

Randi is also the founder of the James Randi Educational Foundation, which investigate claims of paranormal, supernatural, and occult  ideas.

The suggestion that magicians be included in research teams may seem somewhat odd, but I think the basic idea is sound.  As Randi points out, the subjects of many scientific experiments, whether they are molecules or microbes, generally do not attempt to deliberately mislead the observer.  There is also some evidence that people knowledgeable in a particular area are more likely to fall for a well-conceived scam in that area (Bernie Madoff, for example, did not recruit his clients from financial rubes).  If deception is a possibility, having a deception expert on hand seems like common sense.

New Einstein Archive Site Launched

The Hebrew University of Jerusalem has announced the launch of a new Web site dedicated to Albert Einstein.  The site’s archive contains more than 40,000 documents from Einstein’s personal papers, and more than 30,000 additional documents from the Einstein Archives, and the Collected Papers of Albert Einstein.  The collection is a result of a collaboration between the Hebrew University, the Einstein Papers Project at the California Institute of Technology, and the Princeton University Press.

The new site was made possible, in part, by donations from the same charitable foundation that funded development of online access to Sir Isaac Newton’s manuscripts at Cambridge.

The newly launched digitization project is funded by the Polonsky Foundation UK. Through his foundation, Dr. Leonard Polonsky has initiated similar enterprises, such as the digitization of the writings of Sir Isaac Newton at the University of Cambridge, which attracted 29 million hits within the first 24 hours after its launch.

The initial version of the new site includes a gallery of selected documents in five categories: Science, Personal Life, Public Life, The Jewish People, and The Hebrew University.  (Einstein was a founder and ongoing supporter of the University.)  Included in the Science section is the original 46-page German manuscript of Die Grundlage der allgemeinen Relativitätstheorie [“Foundation of General Relativity Theory”], Einstein’s first systematic exposition of General Relativity, published in 1916 in Annalen der Physik.

The archive database also has facilities for indexing and cross-referencing documents.

Advanced search technology will enable the display of all related documents by subject, and, in the case of letters, by author and recipient. The first line or title of each document will also be displayed, alongside information on date, provenance and publication history.

As with the Newton manuscripts, it is terrific that these landmark scientific and cultural documents are being made available to anyone with an Internet connection.