Payment Request API | W3C

Payment Request API; W3C; 2017-09-21.

  • Adrian Bateman, Microsoft Corporation
  • Zach Koch, Google
  • Roy McElmurry, Facebook
  • Domenic Denicola, Google
  • Marcos Cáceres, Mozilla

Promotions

WebRTC and STUN for intra-LAN exploration & end-user tracking

WebRTC

  • WebRTC, promotional site
  • Availabilities
    all the browsers that matter

    • Android
    • Chrome (Linux, Android, Windows)
    • Firefox
    • Opera
    • Safari (iOS)

STUN

Related

Standards

  • RFC 7350Datagram Transport Layer Security (DTLS) as Transport for Session Traversal Utilities for NAT (STUN); Petit-Huguenin, Salgueiro; IETF; 2014-08.
  • RFC 7064URI Scheme for the Session Traversal Utilities for NAT (STUN) Protocol; Nandakumar, Salgueiro, Jones, Petit-Huguenin; IETF; 2013-11.
  • RFC 5928Traversal Using Relays around NAT (TURN) Resolution Mechanism; Petit-Huguenin; IETF; 2010-08.
  • RFC 5389Session Traversal Utilities for NAT (STUN); Rosenberg, Mahy, Matthews, Wing; IETF; 2008-10.
    (obsoleted)

    • RFC 3489STUN – Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs); Rosenberg, Weinberger, Huitema, Mahy; 2003-03.

In Jimi Wales’ Wiki.

Implementation

Tracking

In archaeological order

Leaking


665909webrtc WebRCT Tracking; In Bugzilla of Mozilla; 2011-06-21 →2016-01-11; Closed as INVALID


Some droid using the self-asserted identity token cchen; How to Stop WebRTC Local IP Address Leaks on Google Chrome and Mozilla Firefox While Using Private IPs; In Privacy Online Forums; 2015-01→2015-03.

Mentions

  • Availability
    of the problem (not of WebRTC in general)

    • Chrome of Google
      • Windows
    • Firefox of Mozilla
      • Unclear, perhaps Windows only
    • Internet Explorer of Microsoft
      WebRTC is not available at all.
    • Opera of Mozilla
      • Unclear
    • Safari of Apple
      WebRTC is not available except through a plugin
    • Unavailable
      • Chrome of Google
        • OS/X
        • Android
      • Linux at all
        not clear; not mentioned at all.
  • Blocking
    • Chrome of Google
    • Firefox of Mozilla
      • Production
        • about:config
        • media.peerconnection.enabled set to true (default true)
      • Development
        same

        • Canary
        • Nightly
        • Bowser
    • Opera of Opera
  • API Directory
    • voice calls
    • video chats
    • p2p file sharing

Configuration

  • Chrome
    default is available and active
  • Firefox
    • about:config
    • media.peerconnection.enabled set to true (default true)
  • Opera
    only when configured, with a plugin, to run Google Chrome extensions

Demonstration

webrtc-ips, a STUN & WebRTC test rig

  • diafygi/webrtc-ips
  • via on-page JavaScript, makes latent requests to certain STUN servers.
  • Firefox 34 → Does. Not. Work.
  • Fails with
    Error: RTCPeerConnection constructor passed invalid RTCConfiguration - missing url webrtc-ips:58

Argot

  • Private Internet Access (PIA)
  • Real-Time-Communication (RTC)
  • Virtual Private Network (VPN)
  • WebRTC

Previously

In Privacy Online Forums:

Referenced

  • 2013
  •  Since WebRTC uses javascript requests to get your IP address, users of NoScript or similar services will not leak their IP addresses.

Via: backfill.


Firefox

  • about:config
  • media.peerconnection.enabled set to true (default true)

The App-ocalypse: Can Web standards make mobile apps obsolete? | Ars Technica

The App-ocalypse: Can Web standards make mobile apps obsolete?; Larry Seltzer; In Ars Technica; 2015-12-28.
Teaser: Many big tech companies—absent Apple—are throwing weight behind a browser-based world.

tl;dr → Betteridge’s Law; i.e. No.

  • WebApps are a Google-culture thing.
  • And good luck with Apple; they are intransigent in their non-interest.

Mentions

In (the arbitrary) order of appearance in the piece:

Projects

Standards

Via: backfill.

SubResource Integrity (SRI)

Implementation

  • Blink/Chromium → 355467Subresource Integrity; In Google Chromium Bugzilla; 2014-03-24.
  • Gecko → 992096 Implement Subresource Integrity; In Mozilla Bugzilla; 2014-09-03.
  • Subresource Integrity (SRI) Manager, a WordPress Plugin; WordPress.org; 2015-06-15.
    requires WordPress v4.1 to WordPress 4.2.5.

Tutorial

Referenced

Promotion

Usage

SRI Hash Generator

cat FILENAME.js |
openssl dgst -sha384 -binary |
openssl enc -base64 -A
<script src="https://example.com/FILENAME.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

Fetch API of HTML5

Notable

  • Fetch bodies are read “at most once.”
  • Fetch responses may use streams, some day.
    … to deliver data to the applicatino “as it arrives.”
  • <quote cite=”ref“>Along with the transition to streams, Fetch will eventually have the ability to abort running fetch()es and some way to report the progress of a fetch. These are provided by XHR, but are a little tricky to fit in the Promise-based nature of the Fetch API.</quote>

Promotions

Related

Example

Via: article

GET
fetch("/data.json").then(function(res) {
  // res instanceof Response == true.
  if (res.ok) {
    res.json().then(function(data) {
      console.log(data.entries);
    });
  } else {
    console.log("Looks like the response wasn't perfect, got status", res.status);
  }
}, function(e) {
  console.log("Fetch failed!", e);
});
POST
fetch("http://www.example.org/submit.php", {
  method: "POST",
  headers: {
    "Content-Type": "application/x-www-form-urlencoded"
  },
  body: "firstName=Nikhil&favColor=blue&password=easytoguess"
}).then(function(res) {
  if (res.ok) {
    alert("Perfect! Your settings are saved.");
  } else if (res.status == 401) {
    alert("Oops! You are not authorized.");
  }
}, function(e) {
  alert("Error submitting form!");
});

Javascript Object Signing and Encryption (JOSE)

See Javascript Object Signing and Encryption (JOSE) at IETF

draft-ietf-jose-cookbook-08 Examples of Protecting Content using JavaScript Object Signing and Encryption (JOSE) 2014-12-24
draft-ietf-jose-json-web-algorithms-40 JSON Web Algorithms (JWA) 2015-01-13
draft-ietf-jose-json-web-encryption-40 JSON Web Encryption (JWE) 2015-01-13
draft-ietf-jose-json-web-key-41 JSON Web Key (JWK) 2015-01-16
draft-ietf-jose-json-web-signature-41 JSON Web Signature (JWS) 2015-01-16
draft-ietf-jose-jwk-thumbprint-04 JSON Web Key (JWK) Thumbprint 2015-03-03
RFC 7165
(was draft-ietf-jose-use-cases)
Use Cases and Requirements for JSON Object Signing and Encryption (JOSE) 2014-04
draft-bormann-jose-cose-00 Constrained Object Signing and Encryption (COSE) 2014-10-27
draft-jones-jose-key-managed-json-web-signature-00 Key Managed JSON Web Signature (KMJWS) 2015-03-03

Geofencing API | W3C

Geofencing API; editor: Marijn Kuisselbrink (Google); W3C; 2015-03-18.

Referenced

  • Service Workers; editors: Alex Russell (Google), Jungkee Song (Samsung), Jake Archibald (Google); Working Draft; W3C; 2015-02-03.
  • Geolocation API Specification; editor: Andrei Popescu.(Google);  Recommendation; W3C; 2013-10-24.
  • Web IDL; editor: Cameron McCormack (Mozilla); Candidate Recommendation; W3C; 2012-04-19.

Example

The following code extracts illustrate how to use this API to be notified of geographic regions being entered or left.

Example 1: Monitor a region
// https://example.com/webapp.js
navigator.serviceWorker.register('serviceworker.js').then(
  function(serviceWorkerRegistration) {
    serviceWorkerRegistration.geofencing.add(
        new CircularGeofenceRegion({
          name: "myfence",
          latitude: 37.421999,
          longitude: -122.084015,
          radius: 1000
        }), {includePosition: true}).then(
      function(geofence) {
        console.log(geofence.id);
        // If more than just a name needs to be stored with a geofence, now
        // would be the time to store this in some storage.
      }, function(error) {
        // During development it often helps to log errors to the
        // console. In a production environment it might make sense to
        // also report information about errors back to the
        // application server.
        console.log(error);
      }
    );
  });
Example 2: Respond to a region being entered
// https://example.com/serviceworker.js
self.ongeofenceenter = function(event) {
  console.log(event.geofence.id);
  console.log(event.geofence.region.name);

  // If this is not a geofence of interest anymore, remove it.
  if (event.geofence.region.name !== "myfence") {
    event.waitUntil(event.geofence.remove());
  }
};
Example 3: Respond to an error condition
// https://example.com/serviceworker.js
self.ongeofenceerror = function(event) {
  console.log(event.geofence.id);
  console.log(event.geofence.region.name);
  console.log(event.error);

  // Some error condition occured. The region is no longer monitored, and won't
  // trigger any more events.

  // Try to re-monitor, although depending on the error this might fail.
  event.waitUntil(self.registration.geofencing.add(event.geofence.region).then(
    function(geofence) {
      // re-monitoring succeeded, new geofence will have a different ID.
    }, function(error) {
      // re-monitoring failed.
    }
  ));
};
Example 4: Unmonitor a region in response to some other event
// https://example.com/serviceworker.js

// Either look geofence up by name:
self.onsomeevent = function(event) {
  event.waitUntil(self.registration.geofencing.getAll({name: "myfence"}).then(
    function(geofences) {
      for (let i = 0; i < geofences.length; ++i) {
        geofences[i].remove();
      }
    }
  ));
};

// Or look geofence up by ID:
self.onsomeotherevent = function(event) {
  let geofence_id = "" /* somehow get the ID of a geofence */;
  event.waitUntil(self.registration.geofencing.getById(geofence_id).then(
    function(geofence) {
      geofence.remove();
    }
  ));
};

Via: backfill

Beacon API (navigator.sendBeacon) | W3C

Beacon; editors: Arvind Jain (Google), Jatinder Mann (Microsoft); W3C; 2014-02-12.

Referenced

  • Web IDL; editor: Cameron McCormack (Mozilla); Candidate Recommendation; W3C; 2012-04-19.

Example

The following example shows a theoretical analytics code that attempts to submit data to a server by using a synchronous XMLHttpRequest in an unload handler. This results in the unload of the page to be delayed.

window.addEventListener('unload', logData, false);

function logData() {
    var client = new XMLHttpRequest();
    client.open("POST", "/log", false); // third parameter indicates sync xhr
    client.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
    client.send(analyticsData);
}

Using the sendBeacon method, the data will be transmitted asynchronously to the web server when the User Agent has had an opportunity to do so, without delaying the unload or affecting the performance of the next navigation.

The following example shows a theoretical analytics code pattern that submits data to a server using the by using the sendBeacon method.

window.addEventListener('unload', logData, false);

function logData() {
    navigator.sendBeacon("/log", analyticsData);
}

Availabilities

Via: backfill

HTTP and UDP

httpp and httpps

Who

When

  • 2010-Current.
  • 2012-10-28, announced to the ietf-http-wg@we.org

httpu and httpmu

draft-goland-http-udp-01Multicast and Unicast UDP HTTP Messages; Yaron Y. Goland (Microsoft); 1999-11-09 (expired: 2000-04).

  • New protocol names: httpu and httpmu
  • For httpmu the lack of a URI (a path) means *by some rationale (Section 5.3).
    • httpu://example.com and httpu://example.com/ are the same and have an implied path of / (slash)
    • httpmu://example.com and httpmu://example.com/ are different wherein the former has a path of * (star) and the latter has a path of / (slash), as per usual.
  • New headers (Section 11)
    • AL is like Location, but allows for multiple redirect locations
    • mx is a response-delay advisory, in integral seconds (not fractional seconds).
    • S is a unique client identifier, unique across all time; requests without an S don’t require a response.
  • Cookies are not implementable in Somethings(S, Serial Sequence, Something; that globally unique Request Identifier)
    • Cookies are:
      • sent out by servers
      • returned by clients
    • Somethingsare:
      • sent out by clients
      • returned by servers
  • SSDP Mailing List (circa 1999)

Protocols

  • TURN
  • STUN
  • STUNT

Related

Irrelevant

General UDP

at Jimi Wales’ Wiki

Specific

ServiceWorker of HTML5

Mentioned

Concepts

  • Push Notifications
  • Offline First
  • Background Sync

Overview

  • ServiceWorker is like SharedWorker
    • Own thread.
    • No DOM, no page access, no need for a page.
    • Has an upgrade model.
    • HTTPS only.
  • Cross Origin Resource Sharing (CORS)
    • by default,
    • but no-cors is possible
  • ECMAScript
    • ECMAScript 5 (ES5)
    • ECMAScript 6 (ES6)
    • ECMAScript 7 (ES7)
      • async functions
      • await

Referenced

Browsers

Firefox

  • about:config
    • dom.serviceWorker.enabled
    • dom.serviceWorkers.testing.enabled

Chrome

Promotions

Related

Client-Hints

User Agent Detection

Actualities

Let’s Encrypt

Let’s Encrypt

Internet Security Research Group (ISRG)

Sponsors

  • Mozilla
  • Akamai
  • Cisco
  • Electronic Frontier Foundation (EFF)
  • IdentTrust

Mentions

Outreach

Steps

  1. Your Public Key exists (and is public)
  2. [Automated] proof of domain ownership
    1. a DNS record in your domain
    2. a URI on your server in the domain
  3. Client to Let’s Encrypt (LE)
    1. Client requests service from LE
    2. LE responds with a nonce to be signed
    3. Client is validated
  4. Client requests a Certificate
    1. Client initiates a PKCS#10 Certificate Signing Request
    2. …etc…

How It Works

$ sudo apt-get install lets-encrypt
$ lets-encrypt example.com

Via: backfill

Proxygen by Facebook, a C++ HTTP Framework

Daniel Sommermann, Alan Frindell (Facebook); Introducing Proxygen, Facebook’s C++ HTTP Framework; In Their Blog; 2014-11-09.

Mentions

Assessment

Summary
Language LOC App LOC Test LOC
am 695 572 123
c++ 47,712 35,075 12,637
py 163 163 0
sh 84 84 0
total 48,654 35,894 12,760

Language (C++)

  • C++11
  • In-class initializers
  • Uniform Initialization
    • brace-enclosed initializers
    • in-class initializers
  • move semantics
  • namespaces
  • const
  • return value optimization (functions returning containers)
  • seems formatted for 80 character teletype screens.
  • std::unique_ptr
  • bool as single bitfield
  • range for loop
  • auto
  • std::string in lieu of char * (sometimes)
  • std::vector in lieu of arrays (sometimes)
  • attributes
    • final
    • ifunc (indirect function, per ELF)
    • noexcept
    • override
    • __attribute__((constructor))
  • static_assert
  • std::function
  • std::thread
  • std::chrono (seconds, milliseconds)

Dependencies

Runtime
Buildtime
  • Python
  • Ruby
  • gperf

Physical Design

  • (outline) function definitions separated from the function declaration (mostly)
  • roughly one class per file
  • Suffixes
    • *.hpp
    • *.cpp

Build System

  • autotools (automake, autoconf)
  • doxygen

Portability

  • Ubuntu

Promotion

Via: backfill

Actualities

CoreProxygenArchitecture.png

Inventory

LOC File
264 ./proxygen/proxygen/configure.ac
27 ./proxygen/proxygen/httpserver/Makefile.am
10 ./proxygen/proxygen/httpserver/samples/echo/Makefile.am
1 ./proxygen/proxygen/httpserver/samples/Makefile.am
1 ./proxygen/proxygen/lib/http/codec/Makefile.am
135 ./proxygen/proxygen/lib/http/Makefile.am
1 ./proxygen/proxygen/lib/http/session/Makefile.am
13 ./proxygen/proxygen/lib/Makefile.am
29 ./proxygen/proxygen/lib/services/Makefile.am
28 ./proxygen/proxygen/lib/ssl/Makefile.am
62 ./proxygen/proxygen/lib/utils/Makefile.am
1 ./proxygen/proxygen/Makefile.am
2381 ./proxygen/proxygen/external/http_parser/http_parser_cpp.cpp
319 ./proxygen/proxygen/external/http_parser/http_parser.h
3142 ./proxygen/proxygen/external/http_parser/test.c
59 ./proxygen/proxygen/httpserver/filters/DirectResponseHandler.h
125 ./proxygen/proxygen/httpserver/Filters.h
106 ./proxygen/proxygen/httpserver/filters/RejectConnectFilter.h
92 ./proxygen/proxygen/httpserver/HTTPServerAcceptor.cpp
48 ./proxygen/proxygen/httpserver/HTTPServerAcceptor.h
205 ./proxygen/proxygen/httpserver/HTTPServer.cpp
142 ./proxygen/proxygen/httpserver/HTTPServer.h
86 ./proxygen/proxygen/httpserver/HTTPServerOptions.h
78 ./proxygen/proxygen/httpserver/Mocks.h
186 ./proxygen/proxygen/httpserver/RequestHandlerAdaptor.cpp
74 ./proxygen/proxygen/httpserver/RequestHandlerAdaptor.h
76 ./proxygen/proxygen/httpserver/RequestHandlerFactory.h
99 ./proxygen/proxygen/httpserver/RequestHandler.h
198 ./proxygen/proxygen/httpserver/ResponseBuilder.h
84 ./proxygen/proxygen/httpserver/ResponseHandler.h
56 ./proxygen/proxygen/httpserver/samples/echo/EchoHandler.cpp
47 ./proxygen/proxygen/httpserver/samples/echo/EchoHandler.h
87 ./proxygen/proxygen/httpserver/samples/echo/EchoServer.cpp
41 ./proxygen/proxygen/httpserver/samples/echo/EchoStats.h
192 ./proxygen/proxygen/httpserver/ScopedHTTPServer.h
36 ./proxygen/proxygen/httpserver/SignalHandler.cpp
37 ./proxygen/proxygen/httpserver/SignalHandler.h
218 ./proxygen/proxygen/lib/http/codec/CodecDictionaries.h
92 ./proxygen/proxygen/lib/http/codec/CodecProtocol.cpp
51 ./proxygen/proxygen/lib/http/codec/CodecProtocol.h
409 ./proxygen/proxygen/lib/http/codec/compress/GzipHeaderCodec.cpp
96 ./proxygen/proxygen/lib/http/codec/compress/GzipHeaderCodec.h
128 ./proxygen/proxygen/lib/http/codec/compress/HeaderCodec.h
46 ./proxygen/proxygen/lib/http/codec/compress/Header.h
61 ./proxygen/proxygen/lib/http/codec/compress/HeaderPiece.h
210 ./proxygen/proxygen/lib/http/codec/compress/HeaderTable.cpp
221 ./proxygen/proxygen/lib/http/codec/compress/HeaderTable.h
105 ./proxygen/proxygen/lib/http/codec/compress/HPACKCodec.cpp
56 ./proxygen/proxygen/lib/http/codec/compress/HPACKCodec.h
50 ./proxygen/proxygen/lib/http/codec/compress/HPACKConstants.h
59 ./proxygen/proxygen/lib/http/codec/compress/HPACKContext.cpp
58 ./proxygen/proxygen/lib/http/codec/compress/HPACKContext.h
105 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecodeBuffer.cpp
84 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecodeBuffer.h
167 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecoder.cpp
78 ./proxygen/proxygen/lib/http/codec/compress/HPACKDecoder.h
112 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncodeBuffer.cpp
94 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncodeBuffer.h
155 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncoder.cpp
75 ./proxygen/proxygen/lib/http/codec/compress/HPACKEncoder.h
36 ./proxygen/proxygen/lib/http/codec/compress/HPACKHeader.cpp
81 ./proxygen/proxygen/lib/http/codec/compress/HPACKHeader.h
345 ./proxygen/proxygen/lib/http/codec/compress/Huffman.cpp
138 ./proxygen/proxygen/lib/http/codec/compress/Huffman.h
158 ./proxygen/proxygen/lib/http/codec/compress/Logging.cpp
39 ./proxygen/proxygen/lib/http/codec/compress/Logging.h
111 ./proxygen/proxygen/lib/http/codec/compress/StaticHeaderTable.cpp
24 ./proxygen/proxygen/lib/http/codec/compress/StaticHeaderTable.h
39 ./proxygen/proxygen/lib/http/codec/ErrorCode.cpp
52 ./proxygen/proxygen/lib/http/codec/ErrorCode.h
124 ./proxygen/proxygen/lib/http/codec/FlowControlFilter.cpp
97 ./proxygen/proxygen/lib/http/codec/FlowControlFilter.h
1071 ./proxygen/proxygen/lib/http/codec/HTTP1xCodec.cpp
196 ./proxygen/proxygen/lib/http/codec/HTTP1xCodec.h
49 ./proxygen/proxygen/lib/http/codec/HTTPChecks.cpp
38 ./proxygen/proxygen/lib/http/codec/HTTPChecks.h
263 ./proxygen/proxygen/lib/http/codec/HTTPCodecFilter.cpp
175 ./proxygen/proxygen/lib/http/codec/HTTPCodecFilter.h
468 ./proxygen/proxygen/lib/http/codec/HTTPCodec.h
74 ./proxygen/proxygen/lib/http/codec/HTTPSettings.cpp
71 ./proxygen/proxygen/lib/http/codec/HTTPSettings.h
16 ./proxygen/proxygen/lib/http/codec/SettingsId.cpp
44 ./proxygen/proxygen/lib/http/codec/SettingsId.h
1584 ./proxygen/proxygen/lib/http/codec/SPDYCodec.cpp
378 ./proxygen/proxygen/lib/http/codec/SPDYCodec.h
163 ./proxygen/proxygen/lib/http/codec/SPDYConstants.cpp
130 ./proxygen/proxygen/lib/http/codec/SPDYConstants.h
81 ./proxygen/proxygen/lib/http/codec/SPDYUtil.cpp
144 ./proxygen/proxygen/lib/http/codec/SPDYUtil.h
16 ./proxygen/proxygen/lib/http/codec/SPDYVersion.h
47 ./proxygen/proxygen/lib/http/codec/SPDYVersionSettings.h
33 ./proxygen/proxygen/lib/http/codec/TransportDirection.cpp
28 ./proxygen/proxygen/lib/http/codec/TransportDirection.h
61 ./proxygen/proxygen/lib/http/HTTPCommonHeaders.template.h
167 ./proxygen/proxygen/lib/http/HTTPConnector.cpp
152 ./proxygen/proxygen/lib/http/HTTPConnector.h
32 ./proxygen/proxygen/lib/http/HTTPConstants.cpp
67 ./proxygen/proxygen/lib/http/HTTPConstants.h
31 ./proxygen/proxygen/lib/http/HTTPException.cpp
169 ./proxygen/proxygen/lib/http/HTTPException.h
308 ./proxygen/proxygen/lib/http/HTTPHeaders.cpp
423 ./proxygen/proxygen/lib/http/HTTPHeaders.h
34 ./proxygen/proxygen/lib/http/HTTPHeaderSize.h
831 ./proxygen/proxygen/lib/http/HTTPMessage.cpp
98 ./proxygen/proxygen/lib/http/HTTPMessageFilters.h
724 ./proxygen/proxygen/lib/http/HTTPMessage.h
45 ./proxygen/proxygen/lib/http/HTTPMethod.cpp
59 ./proxygen/proxygen/lib/http/HTTPMethod.h
34 ./proxygen/proxygen/lib/http/ProxygenErrorEnum.cpp
73 ./proxygen/proxygen/lib/http/ProxygenErrorEnum.h
81 ./proxygen/proxygen/lib/http/RFC2616.cpp
73 ./proxygen/proxygen/lib/http/RFC2616.h
23 ./proxygen/proxygen/lib/http/session/AckLatencyEvent.h
33 ./proxygen/proxygen/lib/http/session/ByteEvents.cpp
105 ./proxygen/proxygen/lib/http/session/ByteEvents.h
171 ./proxygen/proxygen/lib/http/session/ByteEventTracker.cpp
85 ./proxygen/proxygen/lib/http/session/ByteEventTracker.h
67 ./proxygen/proxygen/lib/http/session/CodecErrorResponseHandler.cpp
42 ./proxygen/proxygen/lib/http/session/CodecErrorResponseHandler.h
122 ./proxygen/proxygen/lib/http/session/HTTPDirectResponseHandler.cpp
52 ./proxygen/proxygen/lib/http/session/HTTPDirectResponseHandler.h
89 ./proxygen/proxygen/lib/http/session/HTTPDownstreamSession.cpp
73 ./proxygen/proxygen/lib/http/session/HTTPDownstreamSession.h
34 ./proxygen/proxygen/lib/http/session/HTTPErrorPage.cpp
70 ./proxygen/proxygen/lib/http/session/HTTPErrorPage.h
47 ./proxygen/proxygen/lib/http/session/HTTPEvent.cpp
126 ./proxygen/proxygen/lib/http/session/HTTPEvent.h
102 ./proxygen/proxygen/lib/http/session/HTTPSessionAcceptor.cpp
141 ./proxygen/proxygen/lib/http/session/HTTPSessionAcceptor.h
71 ./proxygen/proxygen/lib/http/session/HTTPSessionController.h
2002 ./proxygen/proxygen/lib/http/session/HTTPSession.cpp
832 ./proxygen/proxygen/lib/http/session/HTTPSession.h
25 ./proxygen/proxygen/lib/http/session/HTTPSessionStats.h
933 ./proxygen/proxygen/lib/http/session/HTTPTransaction.cpp
118 ./proxygen/proxygen/lib/http/session/HTTPTransactionEgressSM.cpp
71 ./proxygen/proxygen/lib/http/session/HTTPTransactionEgressSM.h
1155 ./proxygen/proxygen/lib/http/session/HTTPTransaction.h
134 ./proxygen/proxygen/lib/http/session/HTTPTransactionIngressSM.cpp
73 ./proxygen/proxygen/lib/http/session/HTTPTransactionIngressSM.h
116 ./proxygen/proxygen/lib/http/session/HTTPUpstreamSession.cpp
95 ./proxygen/proxygen/lib/http/session/HTTPUpstreamSession.h
66 ./proxygen/proxygen/lib/http/session/SimpleController.cpp
66 ./proxygen/proxygen/lib/http/session/SimpleController.h
162 ./proxygen/proxygen/lib/http/session/TransportFilter.cpp
124 ./proxygen/proxygen/lib/http/session/TransportFilter.h
27 ./proxygen/proxygen/lib/http/session/TTLBAStats.h
96 ./proxygen/proxygen/lib/http/Window.cpp
84 ./proxygen/proxygen/lib/http/Window.h
59 ./proxygen/proxygen/lib/services/AcceptorConfiguration.h
444 ./proxygen/proxygen/lib/services/Acceptor.cpp
342 ./proxygen/proxygen/lib/services/Acceptor.h
56 ./proxygen/proxygen/lib/services/ConnectionCounter.h
54 ./proxygen/proxygen/lib/services/HTTPAcceptor.h
45 ./proxygen/proxygen/lib/services/LoadShedConfiguration.cpp
109 ./proxygen/proxygen/lib/services/LoadShedConfiguration.h
60 ./proxygen/proxygen/lib/services/NetworkAddress.h
40 ./proxygen/proxygen/lib/services/RequestWorker.cpp
89 ./proxygen/proxygen/lib/services/RequestWorker.h
126 ./proxygen/proxygen/lib/services/ServerSocketConfig.h
58 ./proxygen/proxygen/lib/services/ServiceConfiguration.h
33 ./proxygen/proxygen/lib/services/Service.cpp
137 ./proxygen/proxygen/lib/services/Service.h
102 ./proxygen/proxygen/lib/services/ServiceWorker.h
66 ./proxygen/proxygen/lib/services/TransportInfo.cpp
279 ./proxygen/proxygen/lib/services/TransportInfo.h
160 ./proxygen/proxygen/lib/services/WorkerThread.cpp
129 ./proxygen/proxygen/lib/services/WorkerThread.h
24 ./proxygen/proxygen/lib/ssl/ClientHelloExtStats.h
53 ./proxygen/proxygen/lib/ssl/DHParam.h
31 ./proxygen/proxygen/lib/ssl/PasswordInFile.cpp
38 ./proxygen/proxygen/lib/ssl/PasswordInFile.h
23 ./proxygen/proxygen/lib/ssl/SSLCacheOptions.h
69 ./proxygen/proxygen/lib/ssl/SSLCacheProvider.h
95 ./proxygen/proxygen/lib/ssl/SSLContextConfig.h
654 ./proxygen/proxygen/lib/ssl/SSLContextManager.cpp
186 ./proxygen/proxygen/lib/ssl/SSLContextManager.h
354 ./proxygen/proxygen/lib/ssl/SSLSessionCacheManager.cpp
293 ./proxygen/proxygen/lib/ssl/SSLSessionCacheManager.h
42 ./proxygen/proxygen/lib/ssl/SSLStats.h
76 ./proxygen/proxygen/lib/ssl/SSLUtil.cpp
102 ./proxygen/proxygen/lib/ssl/SSLUtil.h
308 ./proxygen/proxygen/lib/ssl/TLSTicketKeyManager.cpp
198 ./proxygen/proxygen/lib/ssl/TLSTicketKeyManager.h
20 ./proxygen/proxygen/lib/ssl/TLSTicketKeySeeds.h
60 ./proxygen/proxygen/lib/utils/CobHelper.h
76 ./proxygen/proxygen/lib/utils/CryptUtil.cpp
22 ./proxygen/proxygen/lib/utils/CryptUtil.h
84 ./proxygen/proxygen/lib/utils/DestructorCheck.h
71 ./proxygen/proxygen/lib/utils/DomainNameMisc.h
34 ./proxygen/proxygen/lib/utils/Exception.cpp
46 ./proxygen/proxygen/lib/utils/Exception.h
358 ./proxygen/proxygen/lib/utils/FilterChain.h
43 ./proxygen/proxygen/lib/utils/HTTPTime.cpp
20 ./proxygen/proxygen/lib/utils/HTTPTime.h
16 ./proxygen/proxygen/lib/utils/NullTraceEventObserver.cpp
23 ./proxygen/proxygen/lib/utils/NullTraceEventObserver.h
159 ./proxygen/proxygen/lib/utils/ParseURL.cpp
112 ./proxygen/proxygen/lib/utils/ParseURL.h
242 ./proxygen/proxygen/lib/utils/Result.h
38 ./proxygen/proxygen/lib/utils/SocketOptions.cpp
24 ./proxygen/proxygen/lib/utils/SocketOptions.h
46 ./proxygen/proxygen/lib/utils/StateMachine.h
37 ./proxygen/proxygen/lib/utils/TestUtils.h
128 ./proxygen/proxygen/lib/utils/Time.h
32 ./proxygen/proxygen/lib/utils/TraceEventContext.h
130 ./proxygen/proxygen/lib/utils/TraceEvent.cpp
139 ./proxygen/proxygen/lib/utils/TraceEvent.h
24 ./proxygen/proxygen/lib/utils/TraceEventObserver.h
24 ./proxygen/proxygen/lib/utils/UtilInl.h
163 ./proxygen/proxygen/lib/utils/gen_trace_event_constants.py
54 ./proxygen/proxygen/deps.sh
30 ./proxygen/proxygen/reinstall.sh
11 ./proxygen/proxygen/httpserver/tests/Makefile.am
21 ./proxygen/proxygen/lib/http/codec/test/Makefile.am
21 ./proxygen/proxygen/lib/http/session/test/Makefile.am
14 ./proxygen/proxygen/lib/http/test/Makefile.am
16 ./proxygen/proxygen/lib/ssl/test/Makefile.am
27 ./proxygen/proxygen/lib/test/Makefile.am
13 ./proxygen/proxygen/lib/utils/test/Makefile.am
97 ./proxygen/proxygen/httpserver/samples/echo/test/EchoHandlerTest.cpp
154 ./proxygen/proxygen/httpserver/tests/HTTPServerTest.cpp
35 ./proxygen/proxygen/lib/http/codec/compress/test/HeaderPieceTests.cpp
134 ./proxygen/proxygen/lib/http/codec/compress/test/HeaderTableTests.cpp
345 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKBufferTests.cpp
283 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKCodecTests.cpp
202 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKContextTests.cpp
65 ./proxygen/proxygen/lib/http/codec/compress/test/HPACKHeaderTests.cpp
96 ./proxygen/proxygen/lib/http/codec/compress/test/HTTPArchive.cpp
37 ./proxygen/proxygen/lib/http/codec/compress/test/HTTPArchive.h
312 ./proxygen/proxygen/lib/http/codec/compress/test/HuffmanTests.cpp
146 ./proxygen/proxygen/lib/http/codec/compress/test/LoggingTests.cpp
212 ./proxygen/proxygen/lib/http/codec/compress/test/RFCExamplesTests.cpp
61 ./proxygen/proxygen/lib/http/codec/compress/test/TestUtil.cpp
28 ./proxygen/proxygen/lib/http/codec/compress/test/TestUtil.h
222 ./proxygen/proxygen/lib/http/codec/test/FilterTests.cpp
130 ./proxygen/proxygen/lib/http/codec/test/HTTP1xCodecTest.cpp
130 ./proxygen/proxygen/lib/http/codec/test/MockHTTPCodec.h
1228 ./proxygen/proxygen/lib/http/codec/test/SPDYCodecTest.cpp
207 ./proxygen/proxygen/lib/http/codec/test/TestUtils.cpp
237 ./proxygen/proxygen/lib/http/codec/test/TestUtils.h
226 ./proxygen/proxygen/lib/http/session/test/DownstreamTransactionTest.cpp
1367 ./proxygen/proxygen/lib/http/session/test/HTTPDownstreamSessionTest.cpp
154 ./proxygen/proxygen/lib/http/session/test/HTTPSessionAcceptorTest.cpp
226 ./proxygen/proxygen/lib/http/session/test/HTTPSessionMocks.h
71 ./proxygen/proxygen/lib/http/session/test/HTTPSessionTest.h
153 ./proxygen/proxygen/lib/http/session/test/HTTPTransactionMocks.h
169 ./proxygen/proxygen/lib/http/session/test/HTTPTransactionSMTest.cpp
1411 ./proxygen/proxygen/lib/http/session/test/HTTPUpstreamSessionTest.cpp
1368 ./proxygen/proxygen/lib/http/session/test/MockCodecDownstreamTest.cpp
41 ./proxygen/proxygen/lib/http/session/test/TestUtils.cpp
34 ./proxygen/proxygen/lib/http/session/test/TestUtils.h
463 ./proxygen/proxygen/lib/http/test/HTTPMessageTest.cpp
49 ./proxygen/proxygen/lib/http/test/MockHTTPMessageFilter.h
128 ./proxygen/proxygen/lib/http/test/RFC2616Test.cpp
124 ./proxygen/proxygen/lib/http/test/WindowTest.cpp
83 ./proxygen/proxygen/lib/services/test/AcceptorTest.cpp
278 ./proxygen/proxygen/lib/ssl/test/SSLCacheTest.cpp
88 ./proxygen/proxygen/lib/ssl/test/SSLContextManagerTest.cpp
635 ./proxygen/proxygen/lib/test/TestAsyncTransport.cpp
158 ./proxygen/proxygen/lib/test/TestAsyncTransport.h
23 ./proxygen/proxygen/lib/test/TestMain.cpp
49 ./proxygen/proxygen/lib/utils/test/CryptUtilTest.cpp
538 ./proxygen/proxygen/lib/utils/test/GenericFilterTest.cpp
54 ./proxygen/proxygen/lib/utils/test/HTTPTimeTest.cpp
42 ./proxygen/proxygen/lib/utils/test/MockTime.h
137 ./proxygen/proxygen/lib/utils/test/ParseURLTest.cpp
73 ./proxygen/proxygen/lib/utils/test/ResultBenchmark.cpp
112 ./proxygen/proxygen/lib/utils/test/ResultTest.cpp
22 ./proxygen/proxygen/lib/utils/test/UtilTest.cpp

HTTP/2 all the things! | Ilya Grigorik (Google)

Ilya Grigorik (Google); HTTP/2 all the things!; At VENUE; WHEN? (2014-10?); 47 slides <- bit.ly/1rOWzXj
Teaser: challenges, opportunities, and the exciting world ahead of us…

Mentions

Via: backfill

Protecting Users by Confining JavaScript with COWL | Stefan, Yang, Marchenko, Russo, Herman, Karp, Mazières

Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, David Mazières; Protecting Users by Confining JavaScript with COWL; In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI); 2014-10; 14 pages; landing.

Abstract

Modern web applications are conglomerations of JavaScript written by multiple authors: application developers routinely incorporate code from third-party libraries, and mashup applications synthesize data and code hosted at different sites. In current browsers, a web application’s developer and user must trust third-party code in libraries not to leak the user’s sensitive information from within applications. Even worse, in the status quo, the only way to implement some mashups is for the user to give her login credentials for one site to the operator of another site. Fundamentally, today’s browser security model trades pri- vacy for flexibility because it lacks a sufficient mechanism for confining untrusted code. We present COWL, a robust JavaScript confinement system for modern web browsers. COWL introduces label-based mandatory access control to browsing contexts in a way that is fully backward-compatible with legacy web content. We use a series of case-study applications to motivate COWL’s design and demonstrate how COWL allows both the inclusion of untrusted scripts in applications and the building of mashups that combine sensitive information from multiple mutually distrusting origins, all while protecting users’ privacy. Measurements of two COWL implementations, one in Firefox and one in Chromium, demonstrate a virtually imperceptible increase in page-load latency.

Promotion

  • New web privacy system could revolutionize the safety of Internet surfing; University College London (UCL); press release; 2014-10-06.
    Teaser: Researchers have built a new system that protects Internet users’ privacy whilst increasing the flexibility for web developers to build web applications that combine data from different web sites, dramatically improving the safety of surfing the web.

Via: backfill

Mentioned

  • <quote>In practice, web developers turn their backs on privacy
    in favor of flexibility because the browser doesn’t offer primitives that let them opt for both. For example, a developer may want to include untrusted JavaScript from another origin in his application. All-or-nothing DAC leads the developer to include the untrusted library with a script tag, which effectively bypasses the SOP, interpolating untrusted code into the enclosing page and granting it unfettered access to the enclosing page’s origin’s content. And when a developer of a mashup that integrates content from other origins finds that the SOP forbids his application from retrieving data from them, he designs his mashup to require that the user provide the mashup her login credentials for the sites at the two other origins [2]—the epitome of “functionality over privacy.”</quote>

Terms

  • Confinement with Origin Web Labels (COWL)
  • Content Security Policy (CSP)
  • Cross Origin Resource Sharing (CORS)
  • Discretionary Access Control (DAC)
  • Mandatory Access Control (MAC)
  • Same Origin Policy (SOP)
  • Document Object Model (DOM)
  • postMessage
  • XMLHttpRequest (XHR)
  • Chromium
    • Blnk
  • Firefox
    • Gecko
  • Web Worker
    • LWorker
  • XHR
  • JSON

Concepts

  • symmetric confinement
  • hierarchical confinement
  • delegation
  • mutually-distrusting parties
  • Decentralized Label Model (DLM) of Myers & Liskov
  • Nexus
  • First-order logics
  • Circular flow of information (fixed points?)
  • membrane pattern

Schemes

  • coarse-grained
  • fine-grained
  • protection zones
  • iframe containment (IFC)
  • symmetric confinement
  • tainting
    • over-tainting

Related

  • BFlow
  • Data-Confined Sandbox (DCS)
    • data:URI iframes
  • JSFlow
  • Secure-Multi Execution (SME)
  • Caja
  • BrowserShield
  • WebJail
  • TreeHouse
  • JSand
  • SafeScript
  • Defensive JavaScript
  • Embassies

References

  1. Google Caja. A source-to-source translator for securing JavaScript-based web content. 2013.
  2. Mint. 2013.
  3. jQuery Usage Statistics: Websites using jQuery. 2014.
  4. P. Agten, S. Van Acker, Y. Brondsema, P. H. Phung, L. Desmet, and F. Piessens. JSand: complete client-side sandboxing of third-party JavaScript without browser modifications. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2012.
  5. D. Akhawe, F. Li, W. He, P. Saxena, and D. Song. Data-confined HTML5 applications. In ESORICS, (CSP). 2013.
  6. L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker, and S. A. Haghighat. Practical domain and type enforcement for UNIX. In Proceedings of the IEEE Symposium on Security and Privacy. 1995.
  7. A. Barth. The web origin concept. Technical report RFC 6454, IETF, 2011.
  8. A. Barth, C. Jackson, and J. Mitchell. Securing frame communication in browsers. In Communications of the ACM (CACM). Volume 52, Number 6. pages 83–91, 2009.
  9. K. Bhargavan, A. Delignat-Lavaud, and S. Maffeis. In USENIX Security, 2013. Language-based defenses against untrusted browser origins. In Proceedings of USENIX Security. 2013.
  10. N. Carlini, A. P. Felt, and D. Wagner. An evaluation of the Google Chrome extension security architecture. In Proceedings of USENIX Security, 2012.
  11. E. Y. Chen, S. Gorbaty, A. Singhal, and C. Jackson. Self-exfiltration: The dangers of browser-enforced information flow control. In Proceedings of Web 2.0 Security and Privacy. 2012.
  12. W. De Groef, D. Devriese, N. Nikiforakis, and F. Piessens. FlowFox: a web browser with flexi- ble and precise information flow control. In Proceedings of the ACM Conference on Computer & Communications Security (CCS). 2012.
  13. D. Devriese and F. Piessens. Noninterference through Secure Multi-Execution. In Proceedings of the IEEE Symposium on Security and Privacy. 2010.
  14. P. Efstathopoulos, M. Krohn, S. VanDeBogart, C. Frey, D. Ziegler, E. Kohler, D. Manzières, F. Kaashoek, and R. Morris. Labels and event pro- cesses in the Asbestos operating system. In Proceedings of the USENIX Conference on Operating Systems Design & Implementation (OSDI). 2005.
  15. D. Hedin, A. Birgisson, L. Bello, and A. Sabelfeld. JSFlow: tracking information flow in JavaScript and its APIs. In SAC, 2014.
  16. J. Howell, B. Parno, and J. R. Douceur. Embassies: Radically refactoring the Web. In Proceedings of the USENIX Conference on Networked Systems Design & Implementation (NSDI). 2013.
  17. C. Hriţcu, M. Greenberg, B. Karel, B. C. Pierce, and G. Morrisett. All your ifcexception are belong to us. In Proceedings of the IEEE Symposium on Security and Privacy. 2013.
  18. L. Ingram and M. Walfish. Treehouse: JavaScript side sandboxes to help web developers help themselves. . In Proceedings of the USENIX Annual Technical Conference (ATC). 2012.
  19. C. Kerschbaumer (Mozilla). Faster Content Security Policy; In Their Blog. 2014.
  20. R. Kotcher, Y. Pei, P. Jumde, and C. Jackson. Cross-origin pixel stealing: timing attacks using CSS filters. In Proceedings of the ACM Conference on Computer & Communications Security (CCS). 2013.
  21. M. S. Miller. Robust composition: towards a unified approach to access control and concurrency control. PhD thesis, Johns Hopkins University, 2006.
  22. M. S. Miller and J. S. Shapiro. Paradigm regained: Abstraction mechanisms for access control. In Proceedings of the Asian Computing Science Conference (ASIAN). 2003-12. 20 pages; landing, presentation; also SRL Technical Report SRL2003-03, Department of Computer Science, Johns Hopkins University; also Hewlett-Packard Technical Report HPL-2003-222 (unabridged). Erights.org (the E Language)
  23. M. S. Miller, K.-P. Yee, and J. Shapiro. Capability myths demolished. Technical Report SRL2003-02, Johns Hopkins University Systems Research Laboratory, 2003.
  24. S. Moitozo. Password Meter, JavaScript. 2006.
  25. B. Montagu, B. C. Pierce, and R. Pollack. A theory of information-flow labels. In Proceedings of the IEEE Conference on Security Foundations (CSF); 2013-06.
  26. Mozilla. Add-on builder and SDK. 2013.
  27. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. In ACM Transactions on Software Engineering and Methodology (TOSEM). Volume 9, Number 4. 2000.
  28. C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. Browsershield: Vulnerability-driven filtering of dynamic HTML. In ACM Transactions on the Web (TWEB). Volume 1, Number 3. 2007-09.
  29. J. Reisg. Dromaeo: JavaScript performance testing. 2014.
  30. E. G. Sirer, W. de Bruijn, P. Reynolds, A. Shieh, K. Walsh, D. Williams, and F. B. Schneider. Logical attestation: an authorization architecture for trustworthy computing. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP). 2011.
  31. S. Son and V. Shmatikov. The postman always rings twice: Attacking and defending postMessage in HTML5 websites. In Proceedings of the Network and Distributed System Security Symposium (NDSS). 2013.
  32. E. Stark, M. Hamburg, and D. Boneh. Symmetric cryptography in JavaScript. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2009.
  33. D. Stefan, A. Russo, D. Manzières, and J. C. Mitchell. Disjunction category labels. In Proceedings of the Nordic Security Conference (NordSec). 2011.
  34. D. Stefan, A. Russo, J. C. Mitchell, and D. Mazières. Flexible dynamic information flow control in Haskell. In Proceedings of the Haskell Symposium. 2011.
  35. D. Stefan, A. Russo, P. Buiras, A. Levy, J. C. Mitchell, and D. Manzières. Addressing covert termi nation and timing channels in concurrent information flow systems. In Proceedings of the International Conference on Functional Programming ICFP. 2012.
  36. M. Ter Louw, P. H. Phung, R. Krishnamurti, and V. N. Venkatakrishnan. SafeScript: JavaScript transformation for policy enforcement. In Proceedings of Secure IT Systems. 2013.
  37. S. Van Acker, P. De Ryck, L. Desmet, F. Piessens, and W. Joosen. WebJail: least-privilege integration of third-party components in web mashups. In Proceedings of the Annual Computer Security Applications Conference (ACSAC). 2011.
  38. A. Van Kesteren. Cross-Origin Resource Sharing (CORS), 2012.
  39. B. Vibber. CSRF token-stealing attack (user.tokens). Mozilla, a ticket. 2014.
  40. G. Wagner, A. Gal, C. Wimmer, B. Eich, and M. Franz. Compartmental memory management in a modern web browser. In SIGPLAN Notices. Volume 11, Number 46 part 2. 2011.
  41. H. J. Wang, X. Fan, J. Howell, and C. Jackson. Protection and communication abstractions for web browsers in MashupOS. In ACM SIGOPS Operating Systems Review. Volume 41, Number 6. 2007.
  42. WC3. Content Security Policy (CSP) v1.0. 2012.
  43. WC3. HTML5 web messaging. 2012.
  44. WC3. Web Workers. 2012.
  45. WC3. Cross-Origin Resource Sharing (CORS). 2013.
  46. WC3. Content Security Policy (CSP) v1.1. 2013.
  47. WC3. HTML5. 2013.
  48. WHATWG. HTML living standard. 2013.
  49. E. Yang, D. Stefan, J. Mitchell, D. Mazières, P. Marchenko, and B. Karp. Toward principled browser security. In Proceedings of HotOS. 2013.
  50. A. Yip, N. Narula, M. Krohn, and R. Morris. Privacy-preserving browser-side scripting with BFlow. In Proceedings of EuroSys. 2009.
  51. N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières. Making information flow explicit in HiStar. In Proceedings of the USENIX Conference on Operating Systems Design & Implementation (OSDI). 2006.
  52. M. Zelwski. Browser Security Handbook, Part 2, 2011.

Actualities

Making the Web Faster with HTTP 2.0 | Ilya Grigorik

Ilya Grigorik; Making the Web Faster with HTTP 2.0; In ACM Queue; 2013-12-03.

References

Via: backfill

Click-to-Play in Mozilla’s Firefox

Promotions

Via: backfill, backfill

, Mozilla Wiki

; In Mozilla Support

JavaScript checkers & linters

Dynamic Adaptive Streaming over HTTP (DASH)

MPEG DASh Scope

Concepts

  • MPEG-DASH Media Presentation Description (MPD)

Origin

  • Adaptive HTTP streaming (AHS) in 3GPP Release 9
  • HTTP Adaptive Streaming (HAS) in Open IPTV Forum Release 2.

Related

  • Adobe Systems, HTTP Dynamic Streaming,
  • Apple, HTTP Live Streaming (HLS)
  • Microsoft Smooth Streaming.

Standard

Highlights

  • Use Cases
    • On-Demand
    • Live
  • Ad insertion. Advertisements can be inserted as a period between periods or segment between segments in both on-demand and live cases.
  • CDN
    • Multiple URL
    • CCN (CCNx)
  • Codec
    • Agnostic
    • Common Encryption
    • Multiple DRM
  • Coding
    • Scalable Video Coding (SVC)
    • Multiview Video Coding (MVC)

Implementations

Via: backfill

Deep Links

Concept

Generally

  • URL => domain.com/profile/user123
  • URI => profile://user123.

Facebook

Theory

Organized along the great cultures

Android

iOS

Practice

(alphabetical)

ActionX

Cellogic (Deeplink.me)

  • Deeplink.me, an ad retargeting network
  • Nextap (nextap.co)
  • Concept: “bit.ly for deep linking”
  • Specifications
    • 300×50 template
    • app badge icon
    • custom message
    • link
  • Who
    • Itamar Weisbrod, CEO
    • Noah Klausman, VP of Business Development
  • Previously

Facebook

Google

OneMillionAppSchemes.com

  • By Zwapp
  • open source
  • a database (unpublished) custom URL schemes for iOS applications
  • a downloadable tool
  • scans your iOS device looking for URLs

PhotoAppLink

  • By Pocket Pixels, a photo app, iOS only
  • Older
  • Something about integrating photo sharing & editing web apps
  • iOS (iPhone) only
  • Source Code
  • Supported Apps
    • Original
    • Follow on
      • AutoStitch,
      • Click!,
      • Color Splash,
      • Juxtaposer,
      • PicTools,
      • Photogene,
      • Simply B&W,
      • Snap!,
      • TrueHDR.
  • Promotions

Quixey

TapCommerce

  • Mobile ad retargeting
  • Outreach
  • Promotion
    • Surely …

Twitter

URX

  • Mobile App Deeplink Retargeting
  • URX Mobile App Retargeting
  • Outreach
  • Founding
  • Funding
    • Y Combinator Summer 2012
    • $3.1 million seed round
    • Include First Round Capital, Maverick Capital, Google Ventures, SV Angel, Betaworks, Crunchfund (Michael Arrington), Greylock, CyberAgent, Fuel Capital, Garry Tan, Alexis Ohanian, Charlie Cheever, Sam Altman, Paul Bucheit, Geoff Ralston, Gus Fuldner, Plug & Play Ventures, Paul Sethi, Bill Peckovich, Joe Montana, Mehul Nariyawal, Dalton Caldwell, Virginia Turner, Andre Ranadive, Linda MacKenzie, Jamie Lee Curtis, Christopher Guest, Sumon Sadhu, Bruno Bowden, Chris Look, Nicholas Smith, and the Erickson Family.
  • Reference Customer
    • LivingSocial
  • Promotions

Promotions

of the genre

Via: backfill, backfill, backfill

App Installs and Deep-Linking in Twitter Cards | Twitter

Mentions

  • Twitter Cards are based on Open Graph.
  • The value is specified in the “twitter:app:name:(iphone|ipad|googleplay)” tags.

Examples

<meta name="twitter:app:name:iphone" content="Example App"/>
<meta name="twitter:app:id:iphone" content="306934135"/>
<meta name="twitter:app:url:iphone" content="example://action/5149e249222f9e600a7540ef"/>
<meta name="twitter:app:name:ipad" content="Example App"/>
<meta name="twitter:app:id:ipad" content="306934135"/>
<meta name="twitter:app:url:ipad" content="example://action/5149e249222f9e600a7540ef"/>
<meta name="twitter:app:name:googleplay" content="Example App"/>
<meta name="twitter:app:id:googleplay" content="com.example.app"/>
<meta name="twitter:app:url:googleplay" content="http://example.com/action/5149e249222f9e600a7540ef"/>
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="@nytimesbits">
<meta name="twitter:creator" content="@nickbilton">
<meta property="og:url" content="http://bits.blogs.nytimes.com/2011/12/08/a-twitter-for-my-sister/">
<meta property="og:title" content="A Twitter for My Sister">
<meta property="og:description" content="In the early days, Twitter grew so quickly that it was almost impossible to add new features because engineers spent their time trying to keep the rocket ship from stalling.">
<meta property="og:image" content="http://graphics8.nytimes.com/images/2011/12/08/technology/bits-newtwitter/bits-newtwitter-tmagArticle.jpg">

Via: backfill.