Arstechnica - Open Source

Twitter officially disabled Basic authentication this week, the final step in the company's transition to mandatory OAuth authentication. Sadly, Twitter's extremely poor implementation of the OAuth standard offers a textbook example of how to do it wrong. This article will explore some of the problems with Twitter's OAuth implementation and some potential pitfalls inherent to the standard. I will also show you how I managed to compromise the secret OAuth key in Twitter's very own official client application for Android.

OAuth is an emerging authentication standard that is being adopted by a growing number of social networking services. It defines a key exchange mechanism that allows users to grant a third-party application access to their account without having to provide that application with their credentials. It also allows users to selectively revoke an application's access to their account.

Read the comments on this post

As browser competition continues to heat up, 2010 looks like the year when the market was repeatedly disrupted. Internet Explorer has not managed to gain share for a third month in a row. Firefox is leveling out while Chrome and Safari continue to grow. Opera? It's hanging on to relevance.

Between July and August, Internet Explorer dropped 0.34 percent, a drop smaller than June's or July's gain. Firefox, meanwhile, went up 0.02 percent, Chrome gained 0.36 percent, Safari was up 0.07, and Opera dipped 0.08 percent.

IE looks stuck around the 60 percent mark for the time being. At least it's still above its lowest point (59.69 percent) with its best chance of market share gains in the short term coming with the IE9 beta, and the back-to-school season.

The importance of being the default browser in the world's most popular operating system continues to help IE. Microsoft browsers are being used by more than 6 out of 10 people and IE8 is being used by more than one in four on the Web (quickly closing in on one in three)—it is now at 27.90 percent (over 30 percent if Compatibility Mode is included). Unfortunately for Web developers everywhere, IE6 continues to be more popular than IE7, though this month it declined more than its successor. IE6's share can be attributed to businesses still using customized intranet applications, and XP's much bigger installed base than Vista's (especially in developing countries).

If we take a look at the last 12 months, the stabilization of IE is really obvious. Firefox, meanwhile, remains far away from what may be the unreachable 25 percent mark, having lost all the share it gained in the last year. Its market share is actually lower than it was a year ago. Chrome's progress is very noticeable in the chart above, though it seems to have found resistance at the 7 percent mark. Safari's gains are at about 1 percentage point, while Opera's are almost insignificant.

As always, things at Ars are very different. There was no place-changing this time: Firefox continues to dominate, Chrome is second, Safari is third, IE is fourth, and Opera brings up the rear. Last month, Firefox gained share, as did Chrome and Opera. The first-party browsers, Safari and IE, both dropped.

Read the comments on this post

Google's Chrome web browser will soon gain hardware-accelerated graphics—the latest trend for web browsers that has already shown up in early builds of Internet Explorer 9 and Firefox 4.

Hardware acceleration allows the browser to offload intensive tasks like image scaling, rendering complex text or displaying scripted animations to your PC's graphics card. It has the benefit of freeing up the PC's main processor and speeding up page load times.

Read the comments on this post

Mozilla has announced a new alpha release of its Fennec mobile browser for Android and the Nokia N900. Fennec offers support for add-ons and has tight integration with Firefox Sync, a browser synchronization service that was formerly called Weave.

The support for Firefox Sync is arguably Fennec's killer feature, especially because Mozilla is planing to include the synchronization features out-of-the-box in Firefox 4. Users will be able to have access to the their bookmarks, browsing history, and tabs across all of their computers and supported mobile devices.

We tested the latest Fennec alpha build on a Nexus One running Android 2.2. The browser has matured a bit since our last test earlier this year, but its performance still doesn't match that of Android's own native WebKit-based browser. Scrolling remains sluggish at times, particularly when pages are still loading. Starting up the browser takes too long and it still has issues properly preserving state between uses.

On a positive note, Fennec's large 30MB install footprint on Android is a bit less troubling now because a chunk of the program can be trivially moved from internal storage to an SD card. This capability, which is accessible from the Android application manager, was made possible by some new functionality that was introduced in Android 2.2.

The Android port of Fennec is still obviously at a relatively early stage of development, but it shows some promise despite its weaknesses. We're a bit skeptical that Mozilla can truly close the performance gap on Android between Fennec and Google's native browser, but that ultimately might not matter. The synchronization features and powerful add-on framework might be enough to attract users to Fennec despite the browser's other limitations.

Read the comments on this post

Rails 3.0, a popular Web framework written in the programming language Ruby, was released Sunday after several years of development. In a way, the release is just as much of a political win for the Ruby and Web development ecosystem as it is technological one. The biggest story of this release is the successful incorporation of a competing project.

Read the comments on this post

Playing video on an Android device can sometimes be a bit of a chore. The platform's native media framework has very limited support for mainstream formats and can really only play H.264 video that is in an MP4 or 3GP container. If you are using an mkv container or your video is encoded with wmv or xvid, it isn't going to play unless you reencode it or use a third-party video player that doesn't rely on Android's media framework.

After testing a number of third-party players, I finally found one called RockPlayer that performs relatively well and handles a broad enough selection of formats to satisfy my needs. Created by Chinese mobile software vendor Redirect Intelligence, it uses the excellent open source FFmpeg library to handle video decoding.

The free version of the program is fully-functional, but ad-supported. The advertisements will only show up when the playback controls are active. This means that you will sometimes see ads at the bottom of the screen when you are seeking, for example, but not while you are simply watching a video. It will also display a little red RockPlayer logo in the top left-hand corner at all times, including during regular playback. Users can remove the ads and the persistent logo if they pay $9.99 to upgrade to the full version.

When you launch RockPlayer, the program will show you a simple file manager interface that you can use to navigate to the video files that you have stored on your device's SD card. When you select a video in the built-in file manager, it will start playing.

You can tap the screen to toggle the visibility of the playback controls, which include a play/pause button, a seek slider, fast-forward and rewind buttons, a button that will optionally stretch the video to fill the screen, and a button to display information about the file that is currently playing. When the controls are visible, the current time and the percentage of remaining battery life will show up in the top right-hand corner.

RockPlayer is simple and predictable. It will handle pretty much anything that is supported by FFmpeg and it offers reasonable playback performance on standard-definition content, without the stuttering that I have experienced in some of the alternatives. It didn't fare particularly well with a 1080p clip, however. The $9.99 asking price for full activation is a little bit too much, but I'm pretty satisfied to use the free version with the logo. One free alternative that looks promising is arcMedia, but it's not quite as mature yet. For now, I think that RockPlayer is best choice for xvid and mkv support.

Read the comments on this post

Why Intel bought McAfee: Theories abound for why Intel bought McAfee, but the reality is more prosaic than most imagine. The Aurora attacks on Google and others were a wakeup call for Intel, and the company got serious about developing vPro's security potential. But to do that, they had to be able to offer products and services directly to the consumer.

Windows DLL-loading security flaw puts Microsoft in a bind: The rediscovery of an old attack method based on the way that Windows loads DLLs places Microsoft in a tricky position: a change to Windows will fix the problem once and for all, but could break third-party software that relies on the operating system working the way it has worked for 20 years. Ars explains the situation.

Read the comments on this post

One of the key characteristics that has contributed to Android's popularity among technology enthusiasts is the platform's flexibility. It's possible for third-party developers to build replacements for many different components of the Android user experience, including the home screen. Among the third-party home screen implementations available from the Android Market, the most functional and popular is arguably LauncherPro.

Created by independent developer Federico Carnales, the LauncherPro home screen offers a multitude of useful configuration options and practical features that are not available in Android's standard home screen. Launcher Pro can be installed at no cost from the Android Market, but the developer also recently began offering a "Plus" version for $2.99 that offers some premium functionality, including a sophisticated collection of custom home screen widgets that are inspired by HTC's Sense environment.

Read the comments on this post

Mozilla has announced the availability of the fourth Firefox 4 beta release. The new beta brings some extremely significant new features that have been gestating in Mozilla's labs, including built-in synchronization functionality and a sophisticated new tab management system. Tabs have arguably had a major impact on how users operate Web browsers, but the concept hasn't scaled very well as browsing habits become more complex. Mozilla devised a compelling solution with its Tab Candy concept, which allows users to arrange groups of tags in spatially-organized collections. Mozilla's experimental implementation of Tab Candy has matured swiftly and is going to be fully integrated in Firefox 4. It's available for testing in the new beta release, though it's said to not be fully feature-complete yet.

Read the comments on this post

Although Google's Android mobile operating system is principally designed for phones, it is also increasingly showing up on low-cost tablets and other kinds of mobile devices. The platform is rapidly emerging as a major contender in the e-book reader market, where it is attracting a growing number of hardware vendors.

Barnes and Noble's popular Nook is arguably the most prominent Android-based e-book reader, but there are also a number of intriguing offerings from other vendors. Some are differentiating their readers by eschewing battery-friendly e-ink in favor of color LCD screens. These products take a more tablet-like approach and give users the advantage of a multifunction Internet-enabled device at nearly the same price point as regular e-book readers.

Read the comments on this post

Pictures have surfaced in a Chinese forum that reportedly show a prototype Nokia handset. Rumored to be the N9, the device closely resembles the N8 but has a slide-out QWERTY keyboard. The most compelling aspect of this leak is that the device appears to be running the MeeGo Linux platform rather than Symbian.

Nokia recently confirmed that its first MeeGo-based product will launch this year, but the company hasn't officially revealed any specific details about the form factor or other characteristics. It's possible that the leaked photos of the alleged N9 handset offer the first real look at Nokia's upcoming MeeGo product.

MeeGo is a Linux-based operating system that emerged earlier this year when Nokia and Intel brought together their respective mobile Linux platforms. MeeGo is more closely aligned with the upstream Linux stack than other mobile Linux platforms and offers a more inclusive and transparent development process. The MeeGo handset user experience is still at a relatively early stage of development, however.

The device in the leaked photos certainly looks like a Nokia product, but its authenticity has not been confirmed yet. The device has a Nokia logo and photos of the inside show Nokia stickers. Unlike the N900 and other recent Nokia handsets with keyboards, the device in the photo has the space bar in the correct location. This is either a very welcome improvement to Nokia's phone design, or evidence that possibly contradicts the leak's authenticity.

The product number shown in the photos has appeared in some interesting places on the Internet. For example, a software engineer in Nokia's device division cited the device's product number in a bug report that he posted in the public bug tracker for Qt—Nokia's open source application development framework. The bug report describes a minor issue with the QCompass class, which is part of the Qt Mobility framework.

Regardless of authenticity, it's an impressive-looking device that seems to build on some excellent industrial design ideas. The combination of Qt and MeeGo has a ton of potential, but it's unclear still if Nokia can deliver a user experience that is truly competitive with Android and the iPhone.

Read the comments on this post

Close scrutiny of the Steam port for Mac OS X led to the discovery of evidence which suggested that a Linux version might be coming soon. Sadly, Valve marketing vice president Doug Lombardi dispelled these suspicions in a recent interview during which he confirmed that the company is not actively working on Steam for Linux.

Steam is a popular digital content delivery channel for computer games. It allows users to purchase and download games from a wide range of mainstream vendors. The service is developed and operated by Valve, the company behind Half-Life, Portal, and a number of other well-known games. Steam was originally only available for the Windows platform, but Valve officially launched a Mac OS X version earlier this year.

Linux hardware news site Phoronix discovered that a shell script in the Mac OS X version of Steam includes a conditional expression that checks to see if the user is running Linux. There are also some strings that refer to Linux in several of Steam's binary components. These bits of evidence strongly indicate that Valve has at least experimented internally with a Linux port of Steam.

It's possible that the company began evaluating Linux portability and decided that there wasn't enough business value in pursuing it to completion. The total number of desktop Linux users is a considerably smaller audience than Mac OS X and Windows. It's also worth noting that a big chunk of Linux desktop installations are probably never going to be used for gaming (netbooks that don't have sufficient hardware capabilities, university computer labs, free software enthusiasts who are ideologically disinclined to purchase proprietary software).

Despite the fact that the number of Linux users who are interested in buying games is relatively small, there is a lot of evidence that members of this demographic are eager to open up their wallets to vendors who support gaming on the Linux platform. This group of gamers is going to be disappointed by Valve's decision.

Read the comments on this post

The growing user base of Google's Android mobile operating system has attracted some truly talented game developers. Great games are available from the Android Market, but it's not always easy to find the best. This guide will familiarize you with some of our favorites.

We embedded a QR code next to each review so that you can easily install the games. In order to interpret the QR codes, you will need to first install a code reader application such as Zxing's Barcode Scanner. If you are reading this article on an Android device, you can simply tap the barcode image and you will be taken to the relevant entry in the Android Market.

Read the comments on this post

Radio, RIAA: mandatory FM radio in cell phones is the future: Radio stations are willing to fork over $100 million a year to music labels, but in return they want Congress to make FM receivers mandatory in portable devices. The labels think having an FM radio in every Droid and iPhone is a great idea, and both sides hope to go to Congress soon.

Your fears confirmed: "up to" broadband speeds are bogus: The FCC crunches the numbers and reveals a dirty secret: real broadband speeds and "up to" broadband speeds aren't even close. Most Americans get half the "up to" speed they purchased.

Read the comments on this post

Motorola set the standard for Android-based QWERTY sliders when it launched the original Droid last year. An aggressive advertising campaign, excellent specs, and an appealing form factor propelled the Droid to the top of the charts and made it one of the best-selling Android smartphones. Motorola is sticking to its winning formula for the product's sequel, the Droid 2, which recently launched on Verizon's network.

Like its predecessor, the Droid 2 has a solid QWERTY keyboard and a 3.7-inch LCD. The form factor is largely unchanged, but Motorola has boosted the specs to make the device more competitive relative to the latest Android offerings from other handset makers. The Droid 2 has a 1GHz OMAP 3630 processor, 512MB of RAM, and 8GB of internal storage.

Read the comments on this post

Ubuntu founder Mark Shuttleworth revealed today that Ubuntu 11.04 will be codenamed Neutered Nudibranch Natty Narwhal. In a blog entry, he described the reasoning behind the codename and discussed some of the features that are planned for the release.

Ubuntu is developed on a time-based six-month release cycle. There are two new versions every year, which typically arrive in October and April. The version number is derived from the year and the approximate month of the planned release date. Each version has a development codename that consists of an animal name preceded by an adjective that starts with the same letter. The names follow an alphabetically ordered sequence. In many cases, a future version is referred to by its letter prior to the disclosure of the intended codename.

Read the comments on this post

The OMG!Ubuntu blog interviewed me (Ryan Paul) about Gwibber.

Read More: OMG! Ubuntu

Read the comments on this post

Ubuntu founder Mark Shuttleworth announced Monday that multitouch support and gesture-based interaction will arrive in Ubuntu 10.10, the next major version of the popular Linux distribution. The feature will be tightly integrated in Unity, Ubuntu's new lightweight netbook environment.

Canonical, the company behind Ubuntu, has developed a software framework called uTouch that is intended to simplify gesture handling. The company's team of designers has published an early draft of a gesture guideline document that explains how multitouch capabilities will be used in Unity. It defines a common grammar of gestures and introduces concepts like chained gestures, which will allow users to convey gesture-based instructions to the software in a more expressive way.

Read the comments on this post

An internal Oracle memo that was released last week provides a detailed summary of the company's plans for the Solaris operating system, which Oracle obtained when it acquired Sun. The memo offers a mix of good and bad news for Solaris enthusiasts. It reveals that Oracle is strongly committed to advancing the Solaris platform and intends to increase the availability of resources for Solaris development. The bad news is that Oracle plans to discontinue Sun's community-centric OpenSolaris distribution.

The OpenSolaris project emerged in 2007 with the aim of producing a downloadable distribution that includes a complete computing environment built around the open source components of the Solaris operating system. Sun brought in Debian founder Ian Murdock to orchestrate the endeavor in collaboration with contributors from the Solaris enthusiast community.

Read the comments on this post

During the annual LinuxCon conference last week in Boston, Linux Foundation executive director Jim Zemlin moderated a discussion panel about the Linux-based MeeGo platform with Nokia's MeeGo Ecosystem Development head Thomas Miller and Intel open source technologist Derek Speed. During the panel, Miller and Speed discussed some of the technical and logistical characteristics that differentiate MeeGo from other mobile platforms.

The MeeGo project was launched earlier this year when Intel and Nokia brought together their respective mobile Linux platforms in a combined effort to reduce fragmentation and offer device vendors a standardized platform. The MeeGo platform is endorsed by the Linux Foundation, which has taken on a stewardship role with the aim of facilitating collaboration around the software. Although the underlying software components on which MeeGo is based are relatively mature and functional, the convergence process is still ongoing.

Read the comments on this post