Slashdot Mirror

The World Wide Web Consortium has proposed "a new plan that would see the HTML 5 spec positioned as a Recommendation—which in W3C's lingo represents a complete, finished standard—by the end of 2014. The group plans a follow-up, HTML 5.1, for the end of 2016." Instead of working toward one-specification-to-rule-them-all in 2022, features that are stable and implemented in multiple browsers now will be finalized as HTML 5.0 by 2014 with unstable features moved into HTML 5.1 (developed in parallel). In 2014, the commonly implemented parts of HTML 5.1 will begin finalization for 2016, with the unstable parts moved into HTML 5.2 (wash, rinse, repeat). Additionally, things like Web Sockets are being moved into their own modular standards (sound familiar?) for "...the social benefits that accrue from such an approach. Splitting out separate specifications allows those technologies to be advanced by their respective communities of interest, allowing more productive development of approaches that may eventually be able reach broader consensus."

The World Wide Web Consortium has proposed "a new plan that would see the HTML 5 spec positioned as a Recommendation—which in W3C's lingo represents a complete, finished standard—by the end of 2014. The group plans a follow-up, HTML 5.1, for the end of 2016." Instead of working toward one-specification-to-rule-them-all in 2022, features that are stable and implemented in multiple browsers now will be finalized as HTML 5.0 by 2014 with unstable features moved into HTML 5.1 (developed in parallel). In 2014, the commonly implemented parts of HTML 5.1 will begin finalization for 2016, with the unstable parts moved into HTML 5.2 (wash, rinse, repeat). Additionally, things like Web Sockets are being moved into their own modular standards (sound familiar?) for "...the social benefits that accrue from such an approach. Splitting out separate specifications allows those technologies to be advanced by their respective communities of interest, allowing more productive development of approaches that may eventually be able reach broader consensus."

The World Wide Web Consortium has proposed "a new plan that would see the HTML 5 spec positioned as a Recommendation—which in W3C's lingo represents a complete, finished standard—by the end of 2014. The group plans a follow-up, HTML 5.1, for the end of 2016." Instead of working toward one-specification-to-rule-them-all in 2022, features that are stable and implemented in multiple browsers now will be finalized as HTML 5.0 by 2014 with unstable features moved into HTML 5.1 (developed in parallel). In 2014, the commonly implemented parts of HTML 5.1 will begin finalization for 2016, with the unstable parts moved into HTML 5.2 (wash, rinse, repeat). Additionally, things like Web Sockets are being moved into their own modular standards (sound familiar?) for "...the social benefits that accrue from such an approach. Splitting out separate specifications allows those technologies to be advanced by their respective communities of interest, allowing more productive development of approaches that may eventually be able reach broader consensus."

From David Dahl's weblog: "Good news! With a lot of hard work – I want to tip my hat to Ryan Sleevi at Google – the W3C Web Crypto API First Public Working Draft has been published. If you have an interest in cryptography or DOM APIs and especially an interest in crypto-in-the-DOM, please read the draft and forward any commentary to the comments mailing list: public-webcrypto-comments@w3.org" This should be helpful in implementing the Cryptocat vision. Features include a secure random number generator, key generation and management primitives, and cipher primitives. The use cases section suggests multi-factor auth, protected document exchange, and secure (from the) cloud storage: "When storing data with remote service providers, users may wish to protect the confidentiality of their documents and data prior to uploading them. The Web Cryptography API allows an application to have a user select a private or secret key, to either derive encryption keys from the selected key or to directly encrypt documents using this key, and then to upload the transformed/encrypted data to the service provider using existing APIs." Update: 09/19 00:01 GMT by U L : daviddahl commented: "I have built a working extension that provides 'window.mozCrypto', which does SHA2 hash, RSA keygen, public key crypto and RSA signature/verification, see: https://addons.mozilla.org/en-US/firefox/addon/domcrypt/ and source: https://github.com/daviddahl/domcrypt I plan on updating the extension once the Draft is more settled (after a first round of commentary & iteration)"

From David Dahl's weblog: "Good news! With a lot of hard work – I want to tip my hat to Ryan Sleevi at Google – the W3C Web Crypto API First Public Working Draft has been published. If you have an interest in cryptography or DOM APIs and especially an interest in crypto-in-the-DOM, please read the draft and forward any commentary to the comments mailing list: public-webcrypto-comments@w3.org" This should be helpful in implementing the Cryptocat vision. Features include a secure random number generator, key generation and management primitives, and cipher primitives. The use cases section suggests multi-factor auth, protected document exchange, and secure (from the) cloud storage: "When storing data with remote service providers, users may wish to protect the confidentiality of their documents and data prior to uploading them. The Web Cryptography API allows an application to have a user select a private or secret key, to either derive encryption keys from the selected key or to directly encrypt documents using this key, and then to upload the transformed/encrypted data to the service provider using existing APIs." Update: 09/19 00:01 GMT by U L : daviddahl commented: "I have built a working extension that provides 'window.mozCrypto', which does SHA2 hash, RSA keygen, public key crypto and RSA signature/verification, see: https://addons.mozilla.org/en-US/firefox/addon/domcrypt/ and source: https://github.com/daviddahl/domcrypt I plan on updating the extension once the Draft is more settled (after a first round of commentary & iteration)"

Billly Gates writes "Microsoft has confirmed that Internet Explorer 10 will have Do-Not-Track settings enabled by default. IE 10 comes with Windows 8, and will go release candidate for Windows 7 very soon, according to Anne Kohn in a comment in IE's blog. During Windows 8 setup, users who choose the 'Express' option will have DNT on by default, while using the 'Custom' option will give them the chance to change the setting, if they want. IE 10 already has a score of 319 in html5test.com, while MS is trying to position IE as a great browser again. Will this pressure other browsers such as Firefox and Opera to do the same?" When Microsoft began talking about this in May, it touched off quite a debate at W3C about whether browsers should have DNT turned on by default or not.

mikejuk writes "Until now the two standards bodies working on HTML5 (WHATWG and W3C) have cooperated. An announcement by WHATWG makes it clear that this is no longer true. WHATWG is going to work on a living standard for HTML which will continue to evolve as more technologies are added. W3C is going the traditional and much more time consuming route of creating a traditional standard which WHATWG refers to as a 'snapshot' of their living standard. Of course now being free of W3C's slower methods WHATWG can accelerate the pace of introducing new technologies to HTML5. Whatever happens, the future has just become more complicated — now you have to ask yourself 'Which HTML5?'"

In a world increasingly dominated by the cloud, privacy is often sacrificed for convenience. Imagine a world where you could use cloud services without allowing the provider to read your data. Author of Cryptocat (a browser-based secure chat system) Nadim Kobeissi shared the problems he faced developing Cryptocat, his solutions, and future of client-side cryptography. Read on for more.

Update: 07/18 03:48 GMT by U L : Slides (PDF) from and video of the talk are now online.

Despite giving workshops on Off- the-Record messaging to Middle Eastern Activists, Kobeissi found that adoption was low because of the complexity of installing new chat software, plugins, generating keys, verifying your friends, etc. Especially when the person on the other end had not been taught how to use OTR. At the end of the talk he gave some reasons why North American users may find it easier: we develop this software and export it so we have a community of developers available for support, whereas in the Middle East this is foreign software lacking context.

Since he was interested in client-side cryptography and there was a clear problem getting people to securely communicate, he set out to experiment with the former while solving the latter. He identified several problems thwarting success:

• Code delivery is insecure (will it be intercepted and modified? Can you trust the original server?). Compounding this, code in browsers is ephemeral, making it nigh impossible to trust.
• The JavaScript random number generator, while fine for most uses, is not good enough for encryption (its only seed is the current time, making it vulnerable to attack).
• There are no standardized primitives for working with cryptography algorithms in JavaScript, and libraries available at the time were not very good.
• Browser sandboxing was often incomplete and exploitable (a situation which has improved, but new bugs are still occasionally found). If the sandbox breaks, all bets are off.

To each problem there is a solution. For code delivery, Chrome apps proved ideal. There are interesting client side security features, bundles can be signed, sandboxing is effective (aside from the occasional convoluted exploit), and you only have to verify the source once. For encryption, he developed his own implementation of the Fortuna CSPRNG and several cryptography primitives in JavaScript, using keypress timing, mouse movement, window position, etc. for entropy (on mobile devices, the accelerometer has proven useful). Chrome later added their own implementation (which has access to the system entropy source) with Firefox support coming soon.

But where to go from here?

We need an API for transparent encryption: it should be as enforceable and easy as https. We need a full crypto toolkit in the browser, protected key storage (the author suggested protected JavaScript variables), OpenSSL compatibility (certificate formats, not the horrendous C API). And we need secure communications usable by mere mortals.

The W3C formed a web cryptography working group six months ago, with a specification due in 18 months.

Working with the Guardian project, the Cryptocat developers hope to introduce AweSoMe (always secure messaging), which aims to build a suite of utilities for easy and secure messaging (guaranteed message delivery, verifiable end-to-end encryption, and control over logging).

Development of Cryptocat2 is in progress, using XMPP rather than their experimental protocol, and mpOTR which extends OTR with group chat features and newer ciphers. The specification is half complete, and contributions were encouraged.

Although secure chat for the masses is being worked on, there is still much work to be done on securely storing data in the cloud. Luckily, the lessons learned developing Cryptocat will apply to future projects.

An anonymous reader writes "Thought Do Not Track was strictly a geeks' issue? Think again. After Microsoft was slapped down for enabling DNT by default in Internet Explorer 10, the co-chairs of the US's Congressional Bi-Partisan Privacy Caucus have sent a strongly-worded letter to the W3C urging it to reconsider. As webdev360.com points out, it's an interesting (unprecedented?) example of Congress interacting with the standards body: 'Whether members of the [working group] will take kindly to the Representatives' interference remains to be seen. Ed Markey's legislative director, Joseph Wender, has brought the letter to the attention of the group's mailing list, but, as of the time of writing, he hasn't received any replies.'"

Pieroxy writes "The W3C is proposing a set of new rules for CSS prefixing by browser vendors. This would greatly mitigate the problem caused today where vendor specific prefixing is seeing its way through production sites. The problem is so bad that some vendors are now tempted to support other browsers' prefixing. The article also has a link to an email from Mozilla's Henri Sivonen that does a nice job of addressing many potential issues and shortcomings of this new proposal." I was under the impression that browser prefixes existed to allow use of experimental CSS features before standardization; just ditching the vendor prefix seems like a step backward.

Pieroxy writes "The W3C is proposing a set of new rules for CSS prefixing by browser vendors. This would greatly mitigate the problem caused today where vendor specific prefixing is seeing its way through production sites. The problem is so bad that some vendors are now tempted to support other browsers' prefixing. The article also has a link to an email from Mozilla's Henri Sivonen that does a nice job of addressing many potential issues and shortcomings of this new proposal." I was under the impression that browser prefixes existed to allow use of experimental CSS features before standardization; just ditching the vendor prefix seems like a step backward.

brothke writes "In the classic poem Inferno, Dante passes through the gates of Hell, which has the inscription abandon all hope, ye who enter here above the entrance. After reading The Tangled Web: A Guide to Securing Modern Web Applications, one gets the feeling the writing secure web code is akin to Dante's experience." Read below for Ben's review. The Tangled Web: A Guide to Securing Modern Web Applications author Michal Zalewski pages 320 publisher No Starch Press rating 10/10 reviewer Ben Rothke ISBN 1593273886 summary Incredibly good and highly technical book on browser security coding In this incredibly good and highly technical book, author Michal Zalewski writes that modern web applications are built on a tangled mesh of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. In the book, Zalewski dissects those subtle security consequences to show what their dangers are, and how developers can take it to heart and write secure code for browsers.

The Tangled Web: A Guide to Securing Modern Web Applications is written in the same style as Zalewski's last book - Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, which is another highly technical and dense book on the topic. This book tackles the issues surrounding insecure web browsers. Since the browser is the portal of choice for so many users; its inherent secure flaws leaves the user at a significant risk. The book details what developers can do to mitigate those risks.

This book starts out with the observation that while the field of information security seems to be a mature and well-defined discipline, there is not even a rudimentary usable framework for understanding and assessing the security of modern software.

In chapter 1, the book provides a brief overview of the development of the web and how so many security issues have cropped in. Zalewski writes that perhaps the most striking and nontechnical property of web browsers is that most people who use them are overwhelmingly unskilled. And given the fact that most users simply do not know enough to use the web in a safe manner, which leads to the predicament we are in now.

Zalewski then spends the remainder of the book detailing specific problems, how they are exploited, and details the manner in which they can be fixed.

In chapter 2, the book details that something as elementary as how the resolution of relative URL's is done isn't a trivial exercise. The book details how misunderstandings occur between application level URL filters and the browser when handling these types of relative references can lead to security problems.

For those that want a feel for the book, chapter 3 on the topic of HTTP is available here.

Chapter 4 deals with HTML and the book notes that HTML is the subject of a fascinating conceptual struggle with a clash between the ideology and the reality of the on-line world. Tim Berners-Lee had the vision of a semantic web;namely a common framework that allows data to be shared and reused across applications, companies and the entire web. The notion though of a semantic web has not really caught on.

Chapter 4 continues with a detailed overview of how to understand HTML parser behavior. The author writes that HTML parsers will second-guess the intent of the page developer which can leads to security problems.

In chapter 12, the book deals with third-party cookies and notes that since their inception, HTTP cookies have been misunderstood as the tool that enables online advertisers to violate users privacy. Zalewski observes that the public's fixation on cookies is deeply misguided. He writes there is no doubt that some sites use cookies as a mechanism for malicious use. But that there is nothing that makes it uniquely suited for this task, as there are many other equivalent ways to sore unique identifiers on visitor's computes, such as cache-based tags.

Chapter 14 details the issue of rogue scripts and how to manage them. In the chapter, the author goes slightly off-topic and asks the question if the current model of web scripting is fundamentally incompatible with the way human beings works. Which leads to the question of it if is possible for a script to consistently outsmart victims simply due to the inherent limits of human cognition.

Part 3 of the book takes up the last 35 pages and is a glimpse of things to come. Zalewski optimistically writes that many of the battles being fought in today's browser war is around security, which is a good thing for everyone.

Chapter 16 deals with new and upcoming security features of browsers and details many compelling security features such as security model extension frameworks and security model restriction frameworks.

The chapter deals with one of the more powerful frameworks is the Content Security Policy (CSP) from Mozilla. CSP is meant to fix a large class of web application vulnerabilities, including cross site scripting, cross site request forgery and more. The book notes that as powerful as CSP is, one of its main problems is not a security one, in that it requires a webmaster to move all incline scripts on a web page to a separately requested document. Given that many web pages have hundreds of short scripts; this can be an overwhelmingly onerous task.

The chapter concludes with other developments such as in-browser HTML sanitizers, XSS filtering and more.

Each chapter also concludes with a security engineering cheat sheetthat details the core themes of the chapter.

For anyone involved in programming web pages, The Tangled Web: A Guide to Securing Modern Web Applications should be considered required reading to ensure they write secure web code. The book takes a deep look at the core problems with various web protocols, and offers effective methods in which to mitigate those vulnerabilities.

Michal Zalewski brings his extremely deep technical understanding to the book and combines it with a most readable style. The book is an invaluable resource and provides a significant amount of information needed to write secure code for browsers. There is a huge amount of really good advice in this book, and for those that are building web applications, this is a book they should read.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase The Tangled Web: A Guide to Securing Modern Web Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes with news about work on Mozilla's Javascript engine. Quoting Mozilla engineer Luke Wagner's blog: "With web workers in separate runtimes, there were no significant multi-threaded runtime uses remaining. Furthermore, to achieve single-threaded compartments, the platform features that allowed JS to easily ship a closure off to another thread had been removed since closures fundamentally carry with them a reference to their original enclosing scope. Even non-Mozilla SpiderMonkey embeddings had reportedly experienced problems that pushed them toward a similar shared-nothing design. Thus, there was little reason to maintain the non-trivial complexity caused by multi-threading support. There are a lot of things that 'would be nice' but what pushed us over the edge is that a single-threaded runtime allows us to hoist a lot data currently stored per-compartment into the runtime. This provides immediate memory savings."

First time accepted submitter yuriyg_ua writes "[The] semantic line interface may combine features of both command line and graphical interface, which would allow even more complex applications than we have seen before." The idea is that the layer underlying user interfaces should define the semantic relations between data enabling the UI to provide better contextual information. Kind of a modern version of the CLIM presentation system.

In his first submission, kierny writes "A W3C working group is crafting two standards, due out by summer 2012, to enable consumers to opt out of online tracking. Numerous big players are involved, including Google, Facebook, IBM, Mozilla, Microsoft, plus the Center for Democracy and Technology, Electronic Frontier Foundation, and Federal Trade Commission. The first standard is Tracking Preference Expression, 'to define a standard for a how a browser can tell a website that a user wants more privacy,' says W3C working group co-chairman Dr. Matthias Schunter of IBM Research. 'So you send a signal, and you get a response from the website which tells you that the request has been honored.' The second standard, meanwhile, is the Tracking Compliance and Scope Specification, which details how websites should comply with Do Not Track preferences. But, don't expect Do Not Track to be active by default."

In his first submission, kierny writes "A W3C working group is crafting two standards, due out by summer 2012, to enable consumers to opt out of online tracking. Numerous big players are involved, including Google, Facebook, IBM, Mozilla, Microsoft, plus the Center for Democracy and Technology, Electronic Frontier Foundation, and Federal Trade Commission. The first standard is Tracking Preference Expression, 'to define a standard for a how a browser can tell a website that a user wants more privacy,' says W3C working group co-chairman Dr. Matthias Schunter of IBM Research. 'So you send a signal, and you get a response from the website which tells you that the request has been honored.' The second standard, meanwhile, is the Tracking Compliance and Scope Specification, which details how websites should comply with Do Not Track preferences. But, don't expect Do Not Track to be active by default."

In his first submission, kierny writes "A W3C working group is crafting two standards, due out by summer 2012, to enable consumers to opt out of online tracking. Numerous big players are involved, including Google, Facebook, IBM, Mozilla, Microsoft, plus the Center for Democracy and Technology, Electronic Frontier Foundation, and Federal Trade Commission. The first standard is Tracking Preference Expression, 'to define a standard for a how a browser can tell a website that a user wants more privacy,' says W3C working group co-chairman Dr. Matthias Schunter of IBM Research. 'So you send a signal, and you get a response from the website which tells you that the request has been honored.' The second standard, meanwhile, is the Tracking Compliance and Scope Specification, which details how websites should comply with Do Not Track preferences. But, don't expect Do Not Track to be active by default."

gzipped_tar writes "Researchers from Ruhr University Bochum demonstrated the insecurity of XML encryption standard at ACM Conference on Computer and Communications Security in Chicago this week. 'Everything is insecure,' is the uncomfortable message from Bochum. As pointed out by the Ars Technica article, XML Encryption is used widely as part of server-to-server Web services connections to transmit secure information mixed with non-sensitive data, based on cipher-block chaining. But it is apparently too weak, as demonstrated by Juraj Somorovsky and Tibor Jager. They were able to decrypt data by sending modified ciphertexts to the server by gathering information from the received error messages. The attack was tested against a popular open source implementation of XML Encryption, and against the implementations of companies that responded to the responsible disclosure — in all cases the result was the same: the attack worked. Fixing the vulnerability will require a revision of the W3C XML encryption standard, Somorovsky said. The researchers informed all possibly affected companies through the mailing list of W3C, following a clear responsible disclosure process."

angry tapir writes "The W3C (World Wide Web Consortium) is seeking to invalidate a pair of Apple patents so the underlying technologies can be used as part of a royalty-free HTML5 stack. The patented technologies are core components to the W3C's Widget Access Request Policy, which specifies how mobile applications can request sensitive material. It is one of a number of specifications that are closely tied to the W3C's next generation standard for Web pages and applications, HTML5."

angry tapir writes "The W3C (World Wide Web Consortium) is seeking to invalidate a pair of Apple patents so the underlying technologies can be used as part of a royalty-free HTML5 stack. The patented technologies are core components to the W3C's Widget Access Request Policy, which specifies how mobile applications can request sensitive material. It is one of a number of specifications that are closely tied to the W3C's next generation standard for Web pages and applications, HTML5."

yuhong writes "After about a decade of development, CSS 2.1 has become a W3C recommendation. From the announcement: 'The current interoperability makes it easier than ever for developers and designers to enrich the toolkit. W3C expects future additions to CSS to be organized as independent modules, allowing smaller, more focused feature sets to progress and stabilize at their own pace. Some of these new features are already supported in browsers and other software in draft form (using the built-in CSS prefix mechanism designed for experimentation). As interoperability improves for each one, developers can transition to the standard to simplify their code. The CSS Working Group also publishes snapshots of which CSS features are supported interoperably in browsers; see, for instance, the most recent CSS Snapshot.'"

yuhong writes "After about a decade of development, CSS 2.1 has become a W3C recommendation. From the announcement: 'The current interoperability makes it easier than ever for developers and designers to enrich the toolkit. W3C expects future additions to CSS to be organized as independent modules, allowing smaller, more focused feature sets to progress and stabilize at their own pace. Some of these new features are already supported in browsers and other software in draft form (using the built-in CSS prefix mechanism designed for experimentation). As interoperability improves for each one, developers can transition to the standard to simplify their code. The CSS Working Group also publishes snapshots of which CSS features are supported interoperably in browsers; see, for instance, the most recent CSS Snapshot.'"

surveyork writes "''Mozilla today officially released Firefox 4 Beta 9 and it's a big improvement over previous betas and a parsec beyond the Firefox 3.6.x experience. At this stage, after months of development, Mozilla developers are clearly nearing the end of this development marathon.' After Firefox beta 9, a beta 10 and a single RC are scheduled (this road map can change, of course). The main features of Firefox beta 9 are IndexedDB and tabs on titlebar (just like Chrome and Opera). IndexedDB allows sites to store data on your computer (with your prior authorization). Tabs on titlebar is self-explanatory. Old-schoolers can always turn on the 'show menu bar' to get their familiar GUI back. Oh, and Fx beta 9 is fast and starts fast. Firefox beta 9 available here and in lots of official mirrors."

mudimba writes "Microsoft has made grand announcements about how great their implementation of the HTML5 canvas specification is. However, while I was porting a large HTML5 application to work with IE9 beta I found that there are some key features missing. Workarounds are provided where possible. (Disclaimer: I am the author of the submitted article.)"

GIL_Dude writes "The W3C posted results for their latest HTML5 compatibility tests and have found that, so far, IE 9 has the best overall results. 'The tests cover seven aspects of the spec: "attributes," "audio," "video," "canvas," "getElementsByClassName," "foreigncontent," and "xhtml5." The tests do not yet cover web workers, the file API, local storage, or other aspects of the spec. Not do they cover CSS or other standards that have nothing to do with HTML5 but are somehow lumped under HTML5 by the likes of Apple, Google, and Microsoft.'"

wombatmobile writes "The world's most popular search engine company is a leading supporter of open standards. It pours money and people into initiatives that promote, assist, support and implement Web standards. As a core foundation of is mission statement, all web assets should ideally be of a kind that it can work with. Strange then, that the world's most popular search engine doesn't index all of the current important Web standards formats. Doug Schepers of W3C blogs about how Scalable Vector Graphics content is recognized and not recognized by search engines, currently and historically." Readability really helps out on this site.

starseeker writes "The Scientific and Technical Information Exchange (STIX) font creation project has released version 1.0 of its font set. This release is the product of almost 15 years of work, with the goal of creating a comprehensive set of fonts for scientific and engineering manuscript creation. The fonts have been released under the SIL Open Font License, and can be downloaded here. Among the many potential applications is proper universal support for MathML in web browsers." If you want a peek, here's "a page for viewing the thousands of glyphs (as a first approximation, think of a glyph as an individual character)."

An anonymous reader writes "SVG has been a published standard for almost a decade. Microsoft has had nothing to do with it, even while every other major browser adopted SVG as a supported format and interface. Just in the last few weeks, though, Microsoft has thrown a surprising amount of its weight behind SVG." This means for IE 9, but it's a start.

suraj.sun tips a report up at CNet which begins: "Browser makers, grappling with outmoded technology and a vision to rebuild the Web as a foundation for applications, have begun converging on a seemingly basic but very important element of cloud computing. That ability is called local storage, and the new mechanism is called Indexed DB. Indexed DB, proposed by Oracle and initially called WebSimpleDB, is largely just a prototype at this stage, not something Web programmers can use yet. But already it's won endorsements from Microsoft, Mozilla, and Google, and together, Internet Explorer, Firefox, and Chrome account for more than 90 percent of the usage on the Net today. 'Indexed DB is interesting to both Firefox and Microsoft, so if we get to the point where we prototype it and want to ship it, it will have very wide availability,' said Chris Blizzard, director of evangelism for Mozilla. ... Microsoft publicly endorsed Indexed DB on its IE blog: 'Together with Mozilla, we're excited about a new design for local storage called Indexed DB. We think this is a great solution for the Web,' said program manager Adrian Bateman."

rossendryv writes "After many years of fighting against the standard, Microsoft announced they are joining the WC3's SVG working group to help with the development of SVG. 'We recognize that vector graphics are an important component of the next-generation Web platform,' said Patrick Dengler, senior program manager on Microsoft's Internet Explorer team in a blog post."

bonch writes "On Friday, Microsoft posted to a mailing list that IE developers are reviewing the HTML 5 standard for future versions of Internet Explorer. They've given some feedback on the current editor's draft, saying that they 'have more questions than answers' and criticizing many of HTML 5's new tags, like <header>, <footer> and <aside>, calling them 'arbitrary' or unnecessary. It remains to be seen whether Microsoft waited too long to try to influence basic parts of the spec that most of their competitors have already adopted."

jccq writes "Both Google and Yahoo have been supporting Semantic Web markup (RDFa, RDF and Microformats) for weeks and months respectively. What they do, at the moment, is use the markup only for visual feedback by returning better looking, more functional 'page snippets.' But how would it look if you could get all these bits and compose them automatically to form a single structured information page about what you're searching for? The folks at the DERI institute have just released Sig.ma, a visual browser and mashup generator that will go all over the web of data and find dozens of sources to combine together when answering a user query. It also comes in API mode to reuse the information Sig.ma finds inside applications. Here are a screencast and a blog post, with semantic-web-geek details."

jccq writes "Both Google and Yahoo have been supporting Semantic Web markup (RDFa, RDF and Microformats) for weeks and months respectively. What they do, at the moment, is use the markup only for visual feedback by returning better looking, more functional 'page snippets.' But how would it look if you could get all these bits and compose them automatically to form a single structured information page about what you're searching for? The folks at the DERI institute have just released Sig.ma, a visual browser and mashup generator that will go all over the web of data and find dozens of sources to combine together when answering a user query. It also comes in API mode to reuse the information Sig.ma finds inside applications. Here are a screencast and a blog post, with semantic-web-geek details."

Julie188 writes "Opera Software is, as expected, preening over the forthcoming browser ballot box feature in Windows 7. It will put the Opera name in front of millions of users who probably never heard of it. But that's not the only reason Opera is gloating. CTO Håkon Wium Lie feels that today's decision will force Microsoft to make Internet Explorer do a better job of supporting standards, particularly the Scalable Vector Graphics (SVG). Lie would also like to see Apple and Linux makers follow suit with browser ballot boxes of their own."

Jake Lazaroff writes "According to the W3 News Archive, the charter for the XHTML2 Working Group — set to expire on December 31st, 2009 — will not be renewed. What does this mean? XHTML2 will never be a W3C recommendation, so get on the HTML 5 bandwagon now. According to the XHTML FAQ, however, the W3C does 'plan for the XML serialization of HTML to remain compatible with XML.' Looks like with HTML 5, we'll get the best of both worlds."

Jake Lazaroff writes "According to the W3 News Archive, the charter for the XHTML2 Working Group — set to expire on December 31st, 2009 — will not be renewed. What does this mean? XHTML2 will never be a W3C recommendation, so get on the HTML 5 bandwagon now. According to the XHTML FAQ, however, the W3C does 'plan for the XML serialization of HTML to remain compatible with XML.' Looks like with HTML 5, we'll get the best of both worlds."

Kelson writes "The W3C Widget specification is running into a problem: Apple claims a patent on automatic updates and is unwilling to license it royalty-free in the event that it impacts the spec. The W3C is investigating to determine whether the spec includes anything covered by the patent, and decide what to do."

beetle496 writes "It has been going on nine years now, but finally there are formal standards for Web accessibility for technologies other than HTML. They ask that you start with the press release (lots of links), but regulars might be more entertained by the last time WCAG made the front page here. Many folks here will point out that web accessibility is old hat, and by implication this is hardly news, but if you do Web development for any government organization, you should expect that accessibility is a base requirement. The Section 508 standards are to be updated (relatively) soon too."

beetle496 writes "It has been going on nine years now, but finally there are formal standards for Web accessibility for technologies other than HTML. They ask that you start with the press release (lots of links), but regulars might be more entertained by the last time WCAG made the front page here. Many folks here will point out that web accessibility is old hat, and by implication this is hardly news, but if you do Web development for any government organization, you should expect that accessibility is a base requirement. The Section 508 standards are to be updated (relatively) soon too."

beetle496 writes "It has been going on nine years now, but finally there are formal standards for Web accessibility for technologies other than HTML. They ask that you start with the press release (lots of links), but regulars might be more entertained by the last time WCAG made the front page here. Many folks here will point out that web accessibility is old hat, and by implication this is hardly news, but if you do Web development for any government organization, you should expect that accessibility is a base requirement. The Section 508 standards are to be updated (relatively) soon too."

dotne writes "Microsoft has submitted Embedded OpenType (EOT) to W3C and a slimy campaign for EOT has been launched. EOT is a DRM layer on top of normal TrueType/Opentype files; EOT ties a font file to a certain web page or site and prevents reuse by other pages/sites. Microsoft's IE has supported EOT for years, but it has largely been ignored due to the clumsiness of having to regenerate font files when a page changes. Now that other browsers are moving to support normal TrueType and OpenType on the web (Safari, Opera, Mozilla, Prince), W3C is faced with a question: should they bless Microsoft's EOT for use on the web? Or, should they encourage normal font files on the web and help break Microsoft's forgotten monopoly?"

dotne writes "Microsoft has submitted Embedded OpenType (EOT) to W3C and a slimy campaign for EOT has been launched. EOT is a DRM layer on top of normal TrueType/Opentype files; EOT ties a font file to a certain web page or site and prevents reuse by other pages/sites. Microsoft's IE has supported EOT for years, but it has largely been ignored due to the clumsiness of having to regenerate font files when a page changes. Now that other browsers are moving to support normal TrueType and OpenType on the web (Safari, Opera, Mozilla, Prince), W3C is faced with a question: should they bless Microsoft's EOT for use on the web? Or, should they encourage normal font files on the web and help break Microsoft's forgotten monopoly?"

eldavojohn writes "It's a common string you see at the start of an HTML document, a URI declaring the type of document, but that is often processed causing undue traffic to W3C's site. There's a somewhat humorous post today from W3.org that seems to be a cry for sanity and asking developers and people to stop building systems that automatically query this information. From their post, 'In particular, software does not usually need to fetch these resources, and certainly does not need to fetch the same one over and over! Yet we receive a surprisingly large number of requests for such resources: up to 130 million requests per day, with periods of sustained bandwidth usage of 350Mbps, for resources that haven't changed in years. The vast majority of these requests are from systems that are processing various types of markup (HTML, XML, XSLT, SVG) and in the process doing something like validating against a DTD or schema. Handling all these requests costs us considerably: servers, bandwidth and human time spent analyzing traffic patterns and devising methods to limit or block excessive new request patterns. We would much rather use these assets elsewhere, for example improving the software and services needed by W3C and the Web Community.' Stop the insanity!"

Lachlan Hunt writes "Today W3C announced that the HTML Working Group has published the first public working draft of HTML 5 — A vocabulary and associated APIs for HTML and XHTML. It's been over 9 months since the working group began in March 2007 and this long awaited milestone has finally been achieved. '"HTML is of course a very important standard," said Tim Berners-Lee, author of the first version of HTML and W3C Director. "I am glad to see that the community of developers, including browser vendors, is working together to create the best possible path for the Web..." Some of the most interesting new features for authors are APIs for drawing two-dimensional graphics, embedding and controlling audio and video content, maintaining persistent client-side data storage, and for enabling users to edit documents and parts of documents interactively.' An updated draft of HTML 5 differences from HTML 4 has also been published to help guide you through the changes."

Lachlan Hunt writes "Today W3C announced that the HTML Working Group has published the first public working draft of HTML 5 — A vocabulary and associated APIs for HTML and XHTML. It's been over 9 months since the working group began in March 2007 and this long awaited milestone has finally been achieved. '"HTML is of course a very important standard," said Tim Berners-Lee, author of the first version of HTML and W3C Director. "I am glad to see that the community of developers, including browser vendors, is working together to create the best possible path for the Web..." Some of the most interesting new features for authors are APIs for drawing two-dimensional graphics, embedding and controlling audio and video content, maintaining persistent client-side data storage, and for enabling users to edit documents and parts of documents interactively.' An updated draft of HTML 5 differences from HTML 4 has also been published to help guide you through the changes."

Lachlan Hunt writes "Today W3C announced that the HTML Working Group has published the first public working draft of HTML 5 — A vocabulary and associated APIs for HTML and XHTML. It's been over 9 months since the working group began in March 2007 and this long awaited milestone has finally been achieved. '"HTML is of course a very important standard," said Tim Berners-Lee, author of the first version of HTML and W3C Director. "I am glad to see that the community of developers, including browser vendors, is working together to create the best possible path for the Web..." Some of the most interesting new features for authors are APIs for drawing two-dimensional graphics, embedding and controlling audio and video content, maintaining persistent client-side data storage, and for enabling users to edit documents and parts of documents interactively.' An updated draft of HTML 5 differences from HTML 4 has also been published to help guide you through the changes."

KjetilK writes "The W3C just gave SPARQL the stamp of approval. SPARQL is a query language for the Semantic Web, and differs from other query languages in that is usable across different data sources. There are already 14 implementations of the spec available. Most of them are free software. There are also billions of relations out there that are query-able, thanks to the Linking Open Data project. The structured data of Wikipedia is now query-able at DBpedia. Also, have a look at Ivan Herman's presentations on this topic."

KjetilK writes "The W3C just gave SPARQL the stamp of approval. SPARQL is a query language for the Semantic Web, and differs from other query languages in that is usable across different data sources. There are already 14 implementations of the spec available. Most of them are free software. There are also billions of relations out there that are query-able, thanks to the Linking Open Data project. The structured data of Wikipedia is now query-able at DBpedia. Also, have a look at Ivan Herman's presentations on this topic."

KjetilK writes "The W3C just gave SPARQL the stamp of approval. SPARQL is a query language for the Semantic Web, and differs from other query languages in that is usable across different data sources. There are already 14 implementations of the spec available. Most of them are free software. There are also billions of relations out there that are query-able, thanks to the Linking Open Data project. The structured data of Wikipedia is now query-able at DBpedia. Also, have a look at Ivan Herman's presentations on this topic."

KjetilK writes "The W3C just gave SPARQL the stamp of approval. SPARQL is a query language for the Semantic Web, and differs from other query languages in that is usable across different data sources. There are already 14 implementations of the spec available. Most of them are free software. There are also billions of relations out there that are query-able, thanks to the Linking Open Data project. The structured data of Wikipedia is now query-able at DBpedia. Also, have a look at Ivan Herman's presentations on this topic."