Gros bazar ce matin pour l’ouveture de la session 2008 de MAX Europe. Il faut dire que la pluie battante et la grève générale des transports à Milan ne facilitent pas l’organisation ! C’est donc sous un froid de canard que nous rejoignons le centre de conférence. Passé cet épisode douloureux, l’ambiance est tout de suite plus agréable avec une très belle installation et un enthousiasme généralisé (peut-être de nouvelles annonces lors de la keynote ?).

Keynote

Mark Anders pour les dernières tendances :

• 3 micro-révolutions en cours : cloud computing, social computing, device and desktop ubiquity ;
• Différents exemples des possibilités audio et vidéo, de 3D, de pixel  bender, de rendu avancé de texte ;
• Disponibilité de Flash Player 10 pour Linux ;
• 80% des vidéos visionnées sur le web le sont avec Flash.

Présentation de la Flash Platform

Anthony Rose de la BBC :

• Démonstration du iPlayer qui représente 10% de la bande passante aux UK ;
• Disponibilité sur iPhonr, Nokia N96, Wii, PS3, déclinaison en Kid Player et en version déconnectée avec AIR ;
• Broadcast 2.0 = your friend will decide what you watch (social broadcast ?).

Ted Patrick sur AIR :

• 100 millions d’installations pour AIR (disponible sur Windows, Mac, Linux) ;
• Visite guidée du desktop reader du NYTimes (une attention particulière a été portée à la modularité de la mise en page) ;
• Démonstration de la version mobile sur MI PC Pocket (distribué par SFR en France).

Deux représentants de AKQA pour parler de l’application eco:Drive de Fiat :

• Une application partagée entre votre PC et votre Fiat 500 qui calcule votre empreinte carbone à l’aide d’une clé USB qui stocke les données ;
• L’application fournit des conseils personnalisés pour améliorer votre conduite et adopter des réflexes éco-citoyen ;
• Calcul de l’économie d’argent annualisée avec l’amélioration de votre conduite.

Mark Anders à nouveau sur le social computing :

• Démonstration d’ Adobe Wave, un service universel de notification (concurrent de Twhirl), partenariat avec LastMinute pour pousser des offres de dernière minute ;
• Démonstration de collaboration en temps réel avec Cocomo (un ensemble de briques techniques).

Mark Anders toujours sur les terminaux alternatifs (mobile, TV) :

• Objectif = 1MM de terminaux mobiles équipés avec Flash d’ici à la fin de l’année 2009 ;
• Open Screen Project = accélération du déploiement de RIA sur tout type de terminaux ;
• Démonstration de Flash 10 sur un terminal Nokia / Symbian et sur un HTC / Windows Mobile (Last.fm, YouTube) et même une preview sur Android ;
• Nouvelle fonctionnalité proposée par Flash Lite 3 pour faire de l’installation d’application over the air.

Présentation du Open Screen Project

Ted Patrick sur un prototype de téléphone nouvelle génération :

• Envoie de photos sur différents écrans (comme il est possible le de le faire avec Surface) ;
• Interaction simultanée à deux = démonstration d’un casual game.

Expérimentation du téléphone du futur

Rien de neuf si ce n’est l’application Wave, mais ça fait toujours plaisir de voir tourner les démos en live. Tous les liens ici : Adobe.com/go/keynote.

Flash Catalyst et le nouveau Flex

Beaucoup de monde à cette session de présentation de la toute dernière version de Flash Catalyst orchestrée par Ryan Stewart :

• Objectif = Améliorer la productivité globale des équipes et limiter la parte d’informations ;
• Nouveau format (FXG) qui permet de séparer la présentation du comportement avec un système de skins et de skins partielles ;
• FXG repose sur XML ;
• Introduction de la notion d’état (states) car la timeline de Flash n’était plus appropriée ;
• Petite démonstration assez convaincante mais qui ne règle pas le problème du concepteur (quelle est la place qui lui est laissée ?).

Des previews de Flash Catalyst ont été distribuées en fin de session mais elle ne tourne que sur Mac. Ã suivre…

 

Advanced Papervision 3D

Le fameux Carlos Uolla

Beaucoup de monde à cette session pour voir le fameux Carlos Ulloa :

• Déjà deux ans d’existance pour la librairie Papervision3D ;
• Il est en train de créer un nouveau studio ( HelloEnjoy.com) avec un nouveau site web très impresionnant (et un showcase pour Papervision3D) ;
• Les formes arrondies sont vraiment problématiques en 3D car elles nécessitent beaucoup de polygones ;
• Explications très techniques sur les cpontraintes de rendu des reflets, de l’ombrage, de la lumière ;
• Nouvelle fonctionnalité = Advanced Mapping pour un rendu encore pus réaliste (peut- être dans la V.3) ;
• Des améliorations ont été apportées au moteur physique (avec des caractéristiques de rigidité, d’élasticité, de densité…) cf. Box2D ou Phun ;
• Autre exemple de moteur physique très impressionant : SideRoller.com/wck ;
• Très belle démonstration du moteur physique 3D avec un gros 4*4.

 

La suite demain…

Are you getting the most out of your Adobe AIR installation?  Are you one of those people that installed it for one specific application and never explored what else was out there?  Well, it’s time to get more out of AIR, and here are 10 apps that will make you anxious to get AIR up and running.

What are the Adobe AIR apps that you couldn’t live without?  Tell us in the comments!

DeskTube - DeskTube lets you get complete control over YouTube on your desktop. Search, watch, comment, get embed codes, upload your own videos and even download the videos you are currently watching as MOV files.

Dorame - Dorame doesn’t add much to the Pandora listening experience, but it does give you the freedom of being outside of your browser and changing up the appearance of the service.

EarthBrowser - EarthBrowser gives you live updates of clouds, earthquakes, the weather, satellite overlays, volcanoes, fires and a whole lot more.

Feedalizr - Many people have downloaded service specific apps like TweetDeck, Twhirl and so on, but Feedalizr rolls several social tools into one app.  You can work with Facebook, Flickr, FriendFeed, Jaiku, Twitter and VideoVideo all from this one handy interface.

Google Analytics - While most people love looking at statistics about their websites, Google Analytics can be a bit slow at times for those webmasters that use their tools.  This Adobe AIR app gives you the ability to open reports in multiple tabs for easier switching and allows you to change date ranges faster.

MiniTask - A desktop tool for creating detailed to-do lists that you can separate out by categories, copy the items out to other programs, set reminders, print out task sheets and more.

Posty - Get all of your FriendFeed. Identi.ca, Jaiku, Pownce, Tumblr and Twitter updates in one handy application with built-in URL shortening, spell checking, message search and more.

TweetDeck - While it seems that apps that only work with one social site are becoming passe, TweetDeck gives you so much control over how you see your Tweets, it is well worth it.  Your incoming messages are already split into columns for timeline, replies and direct messages, and then you can build custom columns for things such as work, friends and more.

Twhirl - The odds are fairly high that this is the application you installed Adobe Air for in the first place, but that doesn’t exclude it from the list in case it wasn’t.  Probably the most popular of the Twitter clients, Twhirl also supports interactions with multiple accounts for FriendFeed, laconi.ca, seesmic and Twitter.

Yammer - Yammer, the private corporate microblogging service, gets a desktop client that runs on the Adobe AIR platform, allowing you to use all the features of the service freed from your browser.

---
Related Articles at Mashable | All That's New on the Web:

Adobe Building Office Apps to Go After Microsoft?
Adobe Launches Updated Flash Player 9: Moviestar
Adobe Apollo Turns Into AIR and Gets New HTML Capabilities
Adobe Can’t Fix Security Flaw Until End of October
Adobe Illustrator Integrated with Del.icio.us
Adobe’s Web-Based Photoshop Express On Its Way
Adobe to Acquire Makers of Web-Based Word Processor Buzzword

SMIL gives you control of multimedia and text elements in a browser over a timeline, while PHP lets you write dynamic SMIL code. The combination produces nicely-timed presentations.

This post is part of Mashable’s Startup Review series, which highlights great unsung startups. The series is made possible by Sun Startup Essentials.

Company Name

Dailymile

20-Word Description

Dailymile is a social training site for runners, triathletes, and cyclists.

CEO’s Pitch

That race was great, but how do I stay in-touch with the people I just met? And how can I find people to train with in a new city? Providing an answer for these questions drove us to begin dailymile. We wanted to find a better way for athletes to sign-up for races, share workouts, and meet participants. Participating in a race doesn’t end after you submit payment. It’s the daily journey of training, learning, and sharing. As athletes, each day for us is an adventure filled with lessons learned and friends made. We share these experiences with one another through dailymile.

Mashable’s Take

Currently in private beta, Dailymile is a site for keeping track of your workouts, finding athletic events you can participate in, and sending motivation to others. The design is very slick and the features are well-organized, and while the event section dedicated to 10Ks and triathlons can be intimidating, there are tools that can be useful to just about any level of athlete – even if you’re just the type trying to stay in shape by going to the gym.

Once logged in, the homepage of Dailymile is very Twitter-esque, allowing you post a short update about your most recent workout (which can range from running, to swimming, to weightlifting, etc.), as well as multimedia content like photos and videos. There is also a “You and Your Friends” timeline, an “Everyone” timeline, and a “My Training” log – essentially the same views offered on Twitter. Speaking of Twitter, your updates can be auto-posted to the service if you sync your accounts.

Dailymile takes it a step further than other would-be Twitter clones though with some features very specific to the fitness niche. For one, there is the “Motivation” feature, which allows you to message other people on the site with a pre-set message like “Great Performance” or “You’re an Inspiration.”

There are also discussion groups you can join like “40+ and proud of it” and “My first marathon,” so you can find people pursuing a similar fitness goal as yourself. The aforementioned event section is already seeded with lots of running, trialthon, and cycling events you can participate in, though most seem to be on the West coast (not surprising given the time of year).

Ultimately, Dailymile has adopted a lot of popular features of other sites for the fitness niche and done a nice job with them. I think it’s more likely to be successful with serious workout nuts than weekend warriors, but there is certainly something for anyone that wants to put the time in - both in the gym and on the site. As mentioned, Dailymile is currently in private beta, but you can try it out using the invite code ‘mashable’.

Editor’s Note: This post is part of an ongoing series at Mashable - The Startup Review, Sponsored by Sun Microsystems Startup Essentials. If you would like to have your startup considered for inclusion, please see the details here.

Sponsored By: Sun Startup Essentials

When the LHC first went down, it was believed that repairs could get the system up and running by April 2009. Then we saw repairs pushing the timeline back to summer 2009. But now, CERN has arrived...

pimg src="http://cache.gawker.com/assets/images/gizmodo/2008/12/lhc_ot.jpg" align="left" hspace="4" vspace="2"/When the LHC first went down, it was believed that repairs could get the system up and running bya href="http://gizmodo.com/5058727/large-hadron-collider-to-be-shut-down-until-early-april" April 2009/a. Then we saw repairs pushing the timeline back to a href="http://gizmodo.com/5090984/lhcs-21-million-single-joint-failure-is-the-most-expensive-soldering-error-in-soldering-history"summer 2009/a. But now, CERN has arrived at a fork in the road regarding LHC repairs./p pAccording to spokesperson James Gillies, the complicated repairs can be simplified into modest Plan A and Plan B approach./p pPlan A is a quick and dirty fix, getting the particle accelerator online as quickly as possible (late summer 2009) at the cost of operating at lower power. In this scenario, 3 of 8 pressure relief-system segments are replaced (only the broken ones) with the other 5 getting upgraded at unsaid maintenance dates in the future. /p pPlan B is the more extensive but also more delayed approach, requiring the complete redesign and replacement of the LHC's entire pressure-relief system. Under this scenario, the LHC wouldn't go online until 2010 at the earliest, though at that time the system could operate at full power. /p pAs of right now, the team is moving ahead with Plan A in the interest of getting data as soon as possible. Since we have absolutely no way of knowing which course of action is best, we'll just support whatever the crazy physics geniuses decide. [a href="http://www.dailytech.com/LHC+Mess+Continues+With+Restart+Date+Pushed+Even+Further+Back/article13554.htm"DailyTech/a]/p br style="clear: both;"/ a href="http://www.pheedo.com/click.phdo?s=8ce07207d8267a50e7b13ce2abfa6563p=1"img alt="" style="border: 0;" border="0" src="http://www.pheedo.com/img.phdo?s=8ce07207d8267a50e7b13ce2abfa6563p=1"//a img src="http://www.pheedo.com/feeds/tracker.php?i=8ce07207d8267a50e7b13ce2abfa6563" style="display: none;" border="0" height="1" width="1" alt=""/div class="feedflare" a href="http://feeds.gawker.com/~f/gizmodo/full?a=wXRRjr1l"img src="http://feedproxy.google.com/~f/gizmodo/full?d=120" border="0"/img/a a href="http://feeds.gawker.com/~f/gizmodo/full?a=iCKOKSDs"img src="http://feedproxy.google.com/~f/gizmodo/full?d=41" border="0"/img/a a href="http://feeds.gawker.com/~f/gizmodo/full?a=vXFeAKuf"img src="http://feedproxy.google.com/~f/gizmodo/full?i=vXFeAKuf" border="0"/img/a a href="http://feeds.gawker.com/~f/gizmodo/full?a=ZsqSElg0"img src="http://feedproxy.google.com/~f/gizmodo/full?i=ZsqSElg0" border="0"/img/a /divimg src="http://feedproxy.google.com/~r/gizmodo/full/~4/_pV4JcKboUo" height="1" width="1"/

A Dipity timeline tracking significant developments in online journalism.img width='1' height='1' src='http://rss.feedsportal.com/c/367/f/5716/s/279b313/mf.gif' border='0'/div class='mf-viral'table border='0'trtd valign='middle'a href="http://res.feedsportal.com/viral/sendemail2.html?title=AndyDickinson.net: A timeline of online media landmarkslink=http://blogs.journalism.co.uk/editors/2008/12/01/andydickinsonnet-a-timeline-of-online-media-landmarks/" target="_blank"img src="http://rss.feedsportal.com/images/emailthis2.gif" border="0" //a/tdtd valign='middle'a href="http://res.feedsportal.com/viral/bookmark.cfm?title=AndyDickinson.net: A timeline of online media landmarkslink=http://blogs.journalism.co.uk/editors/2008/12/01/andydickinsonnet-a-timeline-of-online-media-landmarks/" target="_blank"img src="http://rss.feedsportal.com/images/bookmark.gif" border="0" //a/td/tr/table/divbr/br/a href="http://da.feedsportal.com/r/24193184450/u/49/f/5716/c/367/s/41530131/a2.htm"img src="http://da.feedsportal.com/r/24193184450/u/49/f/5716/c/367/s/41530131/a2.img" border="0"//a

Wired's Joshua A Davis has a great profile of my pal Dan Kaminsky's work on discovering and then helping to fix a net-crashing DNS bug earlier this year. Davis really captures the excitement of discovering a major security flaw and the complex web of personal, professional and technical complications that come to bear when you're trying to disclose the research in a way that minimizes harm to the net. Dan does a lot of fun security-related stuff that doesn't get talked about in public. There's this one thing he does -- But that would be telling. The next morning, Kaminsky strode to the front of the conference room at Microsoft headquarters before Vixie could introduce him or even welcome the assembled heavy hitters. The 16 people in the room represented Cisco Systems, Microsoft, and the most important designers of modern DNS software. Vixie was prepared to say a few words, but Kaminsky assumed that everyone was there to hear what he had to say. After all, he'd earned the spotlight. He hadn't sold the discovery to the Russian mob. He hadn't used it to take over banks. He hadn't destroyed the Internet. He was actually losing money on the whole thing: As a freelance computer consultant, he had taken time off work to save the world. In return, he deserved to bask in the glory of discovery. Maybe his name would be heralded around the world. Kaminsky started by laying out the timeline. He had discovered a devastating flaw in DNS and would explain the details in a moment. But first he wanted the group to know that they didn't have much time. On August 6, he was going to a hacker convention in Las Vegas, where he would stand before the world and unveil his amazing discovery. If there was a solution, they'd better figure it out by then. But did Kaminsky have the goods? DNS attacks were nothing new and were considered difficult to execute. The most practical attack—widely known as cache poisoning—required a hacker to submit data to a DNS server at the exact moment that it updated its records. If he succeeded, he could change the records. But, like sperm swimming toward an egg, whichever packet got there first—legitimate or malicious—locked everything else out. If the attacker lost the race, he would have to wait until the server updated again, a moment that might not come for days. And even if he timed it just right, the server required a 16-bit ID number. The hacker had a 1-in-65,536 chance of guessing it correctly. It could take years to successfully compromise just one domain. The experts watched as Kaminsky opened his laptop and connected the overhead projector. He had created a "weaponized" version of his attack on this vulnerability to demonstrate its power. A mass of data flashed onscreen and told the story. In less than 10 seconds, Kaminsky had compromised a server running BIND 9, Vixie's DNS routing software, which controls 80 percent of Internet traffic. It was undeniable proof that Kaminsky had the power to take down large swaths of the Internet. Secret Geek A-Team Hacks Back, Defends Worldwide Web (Photo: John Keatley)...br style="clear: both;"/ a href="http://www.pheedo.com/feeds/ht.php?t=camp;i=74a15e83cd423bc1350d6a87b483c418amp;p=1"img style="border:0;" src="http://www.pheedo.com/feeds/ht.php?t=vamp;i=74a15e83cd423bc1350d6a87b483c418amp;p=1" border="0" //a

!-- pageType= magazinewide slug= ff_kaminsky section= techbiz subsection= people headline= Secret Geek A-Team Hacks Back, Defends Worldwide Web authorName= Joshua Davis creditType= photo credit= John Keatley caption= TBD -- pstrongIn June 2005,/strong a balding, slightly overweight, perpetually T-shirt-clad 26-year-old computer consultant named Dan Kaminsky decided to get in shape. He began by scanning the Internet for workout tips and read that five minutes of sprinting was the equivalent of a half-hour jog. This seemed like a great shortcutmdash;an elegant exercise hackmdash;so he bought some running shoes at the nearest Niketown. That same afternoon, he laced up his new kicks and burst out the front door of his Seattle apartment building for his first five-minute workout. He took a few strides, slipped on a concrete ramp and crashed to the sidewalk, shattering his left elbow./p pHe spent the next few weeks stuck at home in a Percocet-tinged haze. Before the injury, he'd spent his days testing the inner workings of software programs. Tech companies hired him to root out security holes before hackers could find them. a href="http://www.doxpara.com/?page_id=1159"Kaminsky/a did it well. He had a knack for breaking thingsmdash;bones and software alike./p pBut now, laid up in bed, he couldn't think clearly. His mind drifted. Running hadn't worked out so well. Should he buy a stationary bike? Maybe one of those recumbent jobs would be best. He thought about partying in Las Vegas ... mmm, martinis ... and recalled a trick he'd figured out for getting free Wi-Fi at Starbucks./p pAs his arm healed, the details of that Starbucks hack kept nagging at him. He remembered that he had gotten into Starbucks' locked network using the domain name system, or DNS. When someone types google .com into a browser, DNS has a list of exactly where Google's servers are and directs the traffic to them. It's like directory assistance for the Internet. At Starbucks, the port for the low-bandwidth DNS connectionmdash;port 53mdash;was left open to route customers to the emPay for Starbucks Wi-Fi/em Web page./p pSo, rather than pay, Kaminsky used port 53 to access the open DNS connection and get online. It was free but super-slow, and his friends mocked him mercilessly. To Kaminsky that was an irresistible challenge. After weeks of studying the minutiae of DNS and refining his hack, he was finally able to stream a 12-second animated video of Darth Vader dancing a jig with Michael Flatley. (The clip paired the Lord of the Sith with the Lord of the Dance.)/p pThat was more than a year ago, but it still made him smile. DNS was the unglamorous underbelly of the Internet, but it had amazing powers. Kaminsky felt drawn to the obscure, often-ignored protocol all over again./p pMaybe the painkillers loosened something in his mind, because as Kaminsky began to think more deeply about DNS he became convinced that something wasn't right. He couldn't quite figure it out, but the feeling stuck with him even after he stopped taking the pain pills. He returned to work full time and bought a recumbent stationary bike. He got hired to test the security of Windows Vista before it was released, repeatedly punching holes in it for Microsoft. Still, in the back of his mind, he was sure that the entire DNS system was vulnerable to attack./p pThen last January, on a drizzly Sunday afternoon, he flopped down on his bed, flipped open his laptop, and started playing games with DNS. He used a software program called Scapy to fire random queries at the system. He liked to see how it would respond and decided to ask for the location of a series of nonexistent Web pages at a Fortune 500 company. Then he tried to trick his DNS server in San Diego into thinking that he knew the location of the bogus pages./p pSuddenly it worked. The server accepted one of the fake pages as real. But so what? He could now supply fake information for a page nobody would ever visit. Then he realized that the server was willing to accept more information from him. Since he had supplied data about one of the company's Web pages, it believed that he was an authoritative source for emgeneral/em information about the company's domain. The server didn't know that the Web page didn't existmdash;it was listening to Kaminsky now, as if it had been hypnotized./p pWhen a href="http://www.wired.com/science/discoveries/news/2008/06/dayintech_0623"DNS was created/a in 1983, it was designed to be helpful and trustingmdash;it's directory assistance, after all. It was a time before hacker conventions and Internet banking. Plus, there were only a few hundred servers to keep track of. Today, the humble protocol stores the location of a billion Web addresses and routes every piece of Internet traffic in the world./p pSecurity specialists have been revamping and strengthening DNS for more than two decades. But buried beneath all this tinkering, Kaminsky had just discovered a vestige of that original helpful and trusting program. He was now face-to-face with the behemoth's almost childlike core, and it was perfectly content to accept any information he wanted to supply about the location of the Fortune 500 company's servers./p !-- pagebreak -- div class="wide_img" img src="http://www.wired.com/images/article/magazine/1612/ff_kaminsky2_f.jpg" alt="" div class="wide_caption" div class="wide_caption_txt" Paul Vixie organized experts from around the world to address the DNS security flaw. br/ emPhoto: John Keatley/em /div /div /div br/ br/ pKaminsky froze. This was far more serious than anything he could have imagined. It was the ultimate hack. He was looking at an error coded into the heart of the Internet's infrastructure. This was not a security hole in Windows or a software bug in a Cisco router. This would allow him to reassign any Web address, reroute anyone's email, take over banking sites, or simply scramble the entire global system. The question was: Should he try it?/p pThe vulnerability gave him the power to transfer millions out of bank accounts worldwide. He lived in a barren one-bedroom apartment and owned almost nothing. He rented the bed he was lying on as well as the couch and table in the living room. The walls were bare. His refrigerator generally contained little more than a few forgotten slices of processed cheese and a couple of Rockstar energy drinks. Maybe it was time to upgrade his lifestyle./p pOr, for the sheer geeky joy of it, he could reroute all of .com into his laptop, the digital equivalent of channeling the Mississippi into a bathtub. It was a moment hackers around the world dream ofmdash;a tool that could give them unimaginable power. But maybe it was best simply to close his laptop and forget it. He could pretend he hadn't just stumbled over a skeleton key to the Net. Life would certainly be less complicated. If he stole money, he'd risk prison. If he told the world, he'd be the messenger of doom, potentially triggering a collapse of Web-based commerce./p pBut who was he kidding? He was just some guy. The problem had been coded into Internet architecture in 1983. It was 2008. Somebody must have fixed it by now. He typed a quick series of commands and pressed enter. When he tried to access the Fortune 500 company's Web site, he was redirected to an address he himself had specified./p p"Oh shit," he mumbled. "I just broke the Internet."/p pstrongPaul Vixie/strong, one of the creators of the most widely used DNS software, stepped out of a conference in San Jose. A curious email had just popped up on his laptop. A guy named Kaminsky said he'd found a serious flaw in DNS and wanted to talk. He sent along his phone number./p pVixie had been working with DNS since the 1980s and had helped solve some serious problems over the years. He was president of the a href="https://secure.isc.org/"Internet Systems Consortium/a, a nonprofit that distributed BIND 9, his DNS software. At 44, he was considered the godfather of DNS. If there was a fundamental error in DNS, he probably would have fixed it long ago./p pBut to be on the safe side, Vixie decided to call Kaminsky. He picked up immediately and within minutes had outlined the flaw. A series of emotions swept over Vixie. What he was hearing shouldn't be possible, and yet everything the kid said was logical. By the end of the third minute, Vixie realized that Kaminsky had uncovered something that the best minds in computer science had overlooked. This affected not just BIND 9 but almost all DNS software. Vixie felt a deep flush of embarrassment, followed by a sense of pure panic./p p"The first thing I want to say to you," Vixie told Kaminsky, trying to contain the flood of feeling, "is never, ever repeat what you just told me over a cell phone."/p pVixie knew how easy it was to eavesdrop on a cell signal, and he had heard enough to know that he was facing a problem of global significance. If the information were intercepted by the wrong people, the wired world could be held ransom. Hackers could wreak havoc. Billions of dollars were at stake, and Vixie wasn't going to take any risks./p pFrom that moment on, they would talk only on landlines, in person, or via heavily encrypted email. If the information in an email were accidentally copied onto a hard drive, that hard drive would have to be completely erased, Vixie said. Secrecy was critical. They had to find a solution before the problem became public./p !-- pagebreak -- pstrongAndreas Gustafsson/strong knew something was seriously wrong. Vixie had emailed the 43-year-old DNS researcher in Espoo, Finland, asking to talk at 7 pm on a hardwired line. No cell phones./p pGustafsson hurried into the freezing March eveningmdash;his only landline was the fax in his office a brisk mile walk away. When he arrived, he saw that the machine didn't have a handset. Luckily, he had an analog phone lying around. He plugged it in, and soon it let off an old-fashioned metallic ring./p pGustafsson hadn't spoken to Vixie in years, but Vixie began the conversation by reading aloud a series of numbersmdash;a code that would later allow him to authenticate Gustafsson's emails and prove that he was communicating with the right person. Gustafsson responded with his own authenticating code. With that out of the way, Vixie got to his point: emFind a flight to Seattle now/em./p pa href="http://tools.ietf.org/id/draft-wijngaards-dnsext-resolver-side-mitigation-00.txt"Wouter Wijngaards/a got a call as well, and the message was the same. The Dutch open source programmer took the train to the airport in Amsterdam, got on a 10-hour flight to Seattle, and arrived at the Silver Cloud Inn in Redmond, Washington, on March 29. He had traveled all the way from Europe, and he didn't even know why. Like Gustafsson, he had simply been told to show up in Building Nine on the Microsoft campus at 10 am on March 31./p pIn the lobby of the Silver Cloud, Wijngaards met a href="http://www.enyo.de/fw/"Florian Weimer/a, a German DNS researcher he knew. Weimer was talking with Chad Dougherty, the DNS point man from Carnegie Mellon's Software Engineering Institute. Wijngaards joined the conversationmdash;they were trying to figure out where to have dinner. Nobody talked about why some of the world's leading DNS experts happened to bump into one another near the front desk of this generic US hotel. Vixie had sworn each of them to secrecy. They simply went out for Vietnamese food and avoided saying anything about DNS./p pstrongThe next morning,/strong Kaminsky strode to the front of the conference room at Microsoft headquarters before Vixie could introduce him or even welcome the assembled heavy hitters. The 16 people in the room represented Cisco Systems, Microsoft, and the most important designers of modern DNS software./p pVixie was prepared to say a few words, but Kaminsky assumed that everyone was there to hear what he had to say. After all, he'd earned the spotlight. He hadn't sold the discovery to the Russian mob. He hadn't used it to take over banks. He hadn't destroyed the Internet. He was actually losing money on the whole thing: As a freelance computer consultant, he had taken time off work to save the world. In return, he deserved to bask in the glory of discovery. Maybe his name would be heralded around the world./p pKaminsky started by laying out the timeline. He had discovered a devastating flaw in DNS and would explain the details in a moment. But first he wanted the group to know that they didn't have much time. On August 6, he was going to a hacker convention in Las Vegas, where he would stand before the world and unveil his amazing discovery. If there was a solution, they'd better figure it out by then./p pBut did Kaminsky have the goods? DNS attacks were nothing new and were considered difficult to execute. The most practical attackmdash;widely known as a href="http://www.secureworks.com/research/articles/dns-cache-poisoning/"cache poisoning/amdash;required a hacker to submit data to a DNS server at the exact moment that it updated its records. If he succeeded, he could change the records. But, like sperm swimming toward an egg, whichever packet got there firstmdash;legitimate or maliciousmdash;locked everything else out. If the attacker lost the race, he would have to wait until the server updated again, a moment that might not come for days. And even if he timed it just right, the server required a 16-bit ID number. The hacker had a 1-in-65,536 chance of guessing it correctly. It could take years to successfully compromise just one domain./p pThe experts watched as Kaminsky opened his laptop and connected the overhead projector. He had created a "weaponized" version of his attack on this vulnerability to demonstrate its power. A mass of data flashed onscreen and told the story. In less than 10 seconds, Kaminsky had compromised a server running a href="http://www.isc.org/index.pl?/sw/bind/view/?release=9.3.2-P2"BIND 9/a, Vixie's DNS routing software, which controls 80 percent of Internet traffic. It was undeniable proof that Kaminsky had the power to take down large swaths of the Internet./p pThe tension in the room rose as Kaminsky kept talking. The flaw jeopardized more than just the integrity of Web sites. It would allow an attacker to channel email as well. A hacker could redirect almost anyone's correspondence, from a single user's to everything coming and going between multinational corporations. He could quietly copy it before sending it along to its original destination. The victims would never know they had been compromised./p pThis had serious implications. Since many "forgot my password" buttons on banking sites rely on email to verify identity, an attacker could press the button, intercept the email, and change the password to anything he wanted. He would then have total access to that bank account./p p"We're hosed," Wijngaards thought./p !-- pagebreak -- pIt got worse. Most Internet commerce transactions are encrypted. The encryption is provided by companies like VeriSign. Online vendors visit the VeriSign site and buy the encryption; customers can then be confident that their transactions are secure./p pBut not anymore. Kaminsky's exploit would allow an attacker to redirect VeriSign's Web traffic to an exact functioning replica of the VeriSign site. The hacker could then offer his own encryption, which, of course, he could unlock later. Unsuspecting vendors would install the encryption and think themselves safe and ready for business. A cornerstone of secure Internet communication was in danger of being destroyed./p pa href="http://david.ulevitch.com/"David Ulevitch/a smiled despite himself. The founder of OpenDNS, a company that operates DNS servers worldwide, was witnessing a tour de forcemdash;the geek equivalent of Michael Phelps winning his eighth gold medal. As far as Ulevitch was concerned, there had never been a vulnerability of this magnitude that was so easy to use. "This is an amazingly catastrophic attack," he marveled with a mix of grave concern and giddy awe./p pstrongIt was a difficult flight/strong back to San Francisco for a href="http://www.nominum.com/company/executives_wilbourn.php"Sandy Wilbourn/a, vice president of engineering for Nominum, a company hired by broadband providers to supply 150 million customers with DNS service. What he heard in Redmond was overwhelmingmdash;a 9 out of 10 on the scale of disasters. He might have given it a 10, but it was likely to keep getting worse. He was going to give this one some room to grow./p pOne of Wilbourn's immediate concerns was that about 40 percent of the country's broadband Internet ran through his servers. If word of the vulnerability leaked, hackers could quickly compromise those servers./p pIn his Redwood City, California, office, he isolated a hard drive so no one else in the company could access it. Then he called in his three top engineers, shut the door, and told them that what he was about to say couldn't be shared with anyonemdash;not at home, not at the company. Even their interoffice email would have to be encrypted from now on./p pTheir task: Make a change to the basic functioning of Nominum's DNS servers. They and their customers would have to do it without the usual testing or feedback from outside the group. The implementationmdash;the day the alteration went live to millions of peoplemdash;would be its first real-world test./p pIt was a daunting task, but everyone who had been in Redmond had agreed to do the same thing. They would do it secretly, and then, all together on July 8, they would release their patches. If hackers didn't know there was a gaping DNS security hole before, they would know then. They just wouldn't know exactly what it was. Nominum and the other DNS software vendors would have to persuade their customersmdash;Internet service providers from regional players such as Cablevision to giants like Comcastmdash;to upgrade fast. It would be a race to get servers patched before hackers figured it out./p pThough the Redmond group had agreed to act in concert, the patchmdash;called the source port randomization solutionmdash;didn't satisfy everyone. It was only a short-term fix, turning what had been a 1-in-65,536 chance of success into a 1-in-4 billion shot./p pStill, a hacker could use an automated system to flood a server with an endless stream of guesses. With a high-speed connection, a week of nonstop attacking would likely succeed. Observant network operators would see the spike in traffic and could easily block it. But, if overlooked, the attack could still work. The patch only papered over the fundamental flaw that Kaminsky had exposed./p pstrongOn July 8, Nominum,/strong Microsoft, Cisco, Sun Microsystems, Ubuntu, and Red Hat, among many others, released source port randomization patches. Wilbourn called it the largest multivendor patch in the history of the Internet. The ISPs and broadband carriers like Verizon and Comcast that had been asked to install it wanted to know what the problem was. Wilbourn told them it was extremely important that they deploy the patch, but the reason would remain a secret until Kaminsky delivered his talk in Las Vegas./p pEven as Kaminsky was giving interviews about the urgency of patching to media outlets from the citeLos Angeles Times/cite to CNET, the computer security industry rebelled. "Those of us ... who have to advise management cannot tell our executives 'trust Dan,'" wrote a href="http://archives.neohapsis.com/archives/dailydave/current/0090.html"one network administrator/a on a security mailing list. On one blog, an anonymous poster wrote this to Kaminsky: "You ask people not to speculate so your talk isn't blown but then you whore out minor details to every newspaper/magazine/publishing house so your name can go all over Google and gain five minutes of fame? This is why people hate you and wish you would work at McDonald's instead."/p !-- pagebreak -- pWith a backlash building, Kaminsky decided to reach out to a few influential security experts in hopes of winning them over. He set up a conference call with a href="http://securosis.com/about/"Rich Mogull/a, founder of Securosis, a well-respected security firm; researcher a href="http://www.theta44.org/main.html"Dino Dai Zovi/a; and a href="http://www.matasano.com/team/"Thomas Ptacek/a, a detractor who would later accuse Vixie and Kaminsky of forming a cabal./p pThe call occurred July 9. Kaminsky agreed to reveal the vulnerability if Mogull, Dai Zovi, and Ptacek would keep it secret until the Vegas talk August 6. They agreed, and Kaminsky's presentation laid it out for them. The security experts were stunned. Mogull wrote, "This is absolutely one of the most exceptional research projects I've seen." And in a blog post Ptacek wrote, "Dan's got the goods. emIt's really f'ing good/em."/p pAnd then, on July 21, a complete description of the exploit appeared on the Web site of Ptacek's company. He claimed it was an accident but acknowledged that he had prepared a description of the hack so he could release it concurrently with Kaminsky. By the time he removed it, the description had traversed the Web. The DNS community had kept the secret for months. The computer security community couldn't keep it 12 days./p pAbout a week later, an ATamp;T server in Texas was infiltrated using the Kaminsky method. The attacker took over google.commdash;when ATamp;T Internet subscribers in the Austin area tried to navigate to Google, they were redirected to a Google look-alike that covertly clicked ads. Whoever was behind the attack probably profited from the resulting increase in ad revenue./p pEvery day counted now. While Kaminsky, Vixie, and the others pleaded with network operators to install the patch, it's likely that other hacks occurred. But the beauty of the Kaminsky attack, as it was now known, was that it left little trace. A good hacker could reroute email, reset passwords, and transfer money out of accounts quickly. Banks were unlikely to announce the intrusionsmdash;online theft is bad PR. Better to just cover the victims' losses./p pstrongOn August 6,/strong hundreds of people crammed into a conference room at Caesars Palace a href="http://www.youtube.com/watch?v=R-SSVxsH7vw"to hear Kaminsky/a speak. The seats filled up quickly, leaving a scrum of spectators standing shoulder to shoulder in the back. A group of security experts had mockingly nominated Kaminsky for the a href="http://pwnie-awards.org/2008/awards.html"Most Overhyped Bug award/a, and many wanted to know the truth: Was the massive patching effort justified, or was Kaminsky just an arrogant, media-hungry braggart?/p pWhile his grandmother handed out homemade Swedish lace cookies, Kaminsky took the stage wearing a black T-shirt featuring an image of Pac-Man at a dinner table. He tried for modesty. "Who am I?" he asked rhetorically. "Some guy. I do code."/p pThe self-deprecation didn't suit him. He had the swagger of a rock star and adopted the tone of a misunderstood genius. After detailing the scope of the DNS problem, he stood defiantly in front of a bullet point summary of the attack and said, "People called BS on me. This is my reply."/p pBy this time, hundreds of millions of Internet users were protected. The bomb had been defused. The problem was, there was little agreement on what the long-term solution should be. Most discussion centered around the concept of authenticating every bit of DNS traffic. It would mean that every computer in the worldmdash;from iPhones to corporate server arraysmdash;would have to carry DNS authentication software. The root server could guarantee that it was communicating with the real .com name server, and .com would receive cryptological assurance that it was dealing with, say, the real Google. An impostor packet wouldn't be able to authenticate itself, putting an end to DNS attacks. The procedure is called a href="http://www.dnssec.net/"DNSSEC/a and has high-profile proponents, including Vixie and the US government./p pBut implementing a massive and complicated protocol like DNSSEC isn't easy. Vixie has actually been trying to persuade people for years, and even he hasn't succeeded. Either way, the point might turn out to be moot. Kaminsky ended his Las Vegas talk by hinting that even darker security problems lay ahead. It was the type of grandstanding that has made him a polarizing figure in the computer security community. "There is no saving the Internet," he said. "There is postponing the inevitable for a little longer."/p pThen he sauntered off the stage and ate one of his grandma's cookies./p pemContributing editor Joshua Davis/em(a href="http://www.joshuadavis.net"www.joshuadavis.net/a) emwrote about the rescue of the a href="/science/discoveries/magazine/16-03/ff_seacowboys"/afoundering Cougar Ace in issue 16.03./em/pbr style="clear: both;"/ a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:2440041967a5080eed3b2e028c523b47:a86LZtGDbU8osVSIrxV1PFlw7pm5tvcZL2p5JzaIEXcmazG%2FOS%2BC2LrGWGUABFvTOX4dkXkq1krhAg%3D%3D'img border='0' title='Add to Facebook' alt='Add to Facebook' src='http://www.pheedo.com/images/mm/facebook.gif'//a a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:67b0d7468c2ef7fd70000364ace0efde:6tTH0J1MtWaybPCAtyS8MXn%2Fjti8ZTAKWodRzBLf5kecGWAt3ZuZtIsP%2Fk7w3v130yexYqmNDV9w'img border='0' title='Add to Reddit' alt='Add to Reddit' src='http://www.pheedo.com/images/mm/reddit.png'//a a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:7846052528f145efe484cf50dae37255:k9NbsrnIxGwpmdNP%2BUuf8IRVRF%2BOjcF%2FECqqllE7NNlA%2FO9pb7K8GBQlBPoLfgAH90PSuIe5MY%2BZ'img border='0' title='Add to digg' alt='Add to digg' src='http://www.pheedo.com/images/mm/digg.gif'//a a style='font-size: 10px; color: maroon;' href='http://www.pheedo.com/hostedMorselClick.php?hfmm=v3:7a032bbfe924662c4e2494c598eae2c3:7uWjO2lLqMpadz5ADBEnMeo0pDd3int9IIlUsvppvBX5517yqEMWk0Y9shvCdk%2BWPs9Z2Gy57mQY'img border='0' title='Add to Google' alt='Add to Google' src='http://www.pheedo.com/images/mm/google.png'//a br style="clear: both;"/ a href="http://www.pheedo.com/click.phdo?s=ea67ea42add425d2f0f5016f1a176661p=1"img alt="" style="border: 0;" border="0" src="http://www.pheedo.com/img.phdo?s=ea67ea42add425d2f0f5016f1a176661p=1"//a img src="http://www.pheedo.com/feeds/tracker.php?i=ea67ea42add425d2f0f5016f1a176661" style="display: none;" border="0" height="1" width="1" alt=""/ pa href="http://feeds.wired.com/~a/wired/index?a=6NKR0K"img src="http://feeds.wired.com/~a/wired/index?i=6NKR0K" border="0"/img/a/pimg src="http://feeds.wired.com/~r/wired/index/~4/471672381" height="1" width="1"/

This article is part of the Open Web Awards, an open, international contest for the best websites and services.

…by winning the Open Web Awards, Dating and Relationships category. First, however, we need to narrow down the field to the top 3 dating sites on the web - take your pick from these 10 contenders and submit your vote by midnight PST tonight to decide who makes it into the finals!

Copenda - social site that finds potential dating partners off numerous sites, including Facebook, MySpace, Match, and other sites.

DateHookup - dating site with free chat and emails.

FlowMingle - sets you up with local events with up to 20 people to give you a chance to connect with Mr. or Ms. Right.

Ignighter - a group dating service that lets you learn about individuals in packs.

Luvem or Leavem - a site by women that offers relationship advice for women.

MyTweetheart - leverages Twitter to find your soulmate.

OkCupid - questionnaire based online dating site.

Plenty of Fish - a completely free online dating site.

SpeedDate - gives you the opportunity to speed date via webcam.

zoosk - lets you date using your current social networking accounts (Bebo, hi5, Facebook, MySpace, and Friendster).

VOTE NOW: One Vote Per Category Per Day

Now it’s time to vote for your favorite dating site in the first of two voting rounds. You can vote for one company per day until midnight on November 30th (tonight!).

Mashable Open Web Awards

Feel free to embed this widget on your own blog or website by clicking the “Grab This” button! For a timeline, rules and information on our 100 blog partners, please visit the Open Web Awards site.

Top Tip For Nominees

You got through? Congratulations! Did you know you can create a custom version of our voting widget above to post to your company blog or website? Just visit the Open Web Awards Widget Creator and check the box to preset a category or company. This means your fans only need to enter an email address to vote - simple!

Start Canvassing for YOUR Candidate!

Want others to vote for your favorite site? Of course you do! Why not leave a comment here and on any of our international partner blogs encouraging other readers to add their support? The more you promote your candidate across these blogs, the more likely it is for your site to proceed to the finals!

OWA Sponsors Love The Web

The Open Web Awards is made possible by our sponsors. By supporting the Open Web Awards, these companies reward and encourage innovative web technologies. We can’t thank them enough for sharing our passion: building great web companies.

Platinum Partner

“PartnerUp brings small business and social networking together to create a community where entrepreneurs find the people, resources and information to grow their businesses.”

Gold Sponsors

“iStockphoto is the world’s leading image market and a revenue-sharing social network. Browse 3.5 million images and videos starting at $1 or become a contributor.”

“With Quintura’s advanced visual-based search and analytics solution, content publishers can increase site usage while creating new ad revenues”

Prize Sponsor

“Infinite and Instant, Zazzle is the only on-demand retail platform for consumers and major brands, offering billions of retail quality, one-of-a-kind products, most of which are produced within 24 hours.”

---
Related Articles at Mashable | All That's New on the Web:

MatchActivity Real-Time Dating Now Wannago
Kizmeet Launches Second-Chance Dating Site
JDate Up for Sale: Worth $185M?
The Human Pet Facebook Application
Engage.com Takes $5M for Online Dating Site
Wannago Adds Hot-or-Not for Parties & Attendees
Match Activity Launches Online Dating Site

Lightsoft Weather Center 1.1

Lightsoft Weather Center (LWC) is weather station software for the Davis Vantage and WS-2300 series of hardware weather stations.

As data is gathered and stored in its database LWC allows you to view weather statistics such as the lowest temperature, or the highest wind speed over any time period stored in the database. In addition LWC contains a journal for weather notes and can generate web pages containing current conditions, graphs, statistics and a web-cam image. LWC can upload these web pages to your server for display via a web browser anywhere in the world.

LWC also monitors the weather and can run a set of pre-defined and user programmed alerts that can trigger emails, send SMS messages to your mobile phone and/or run scripts should an alert trigger.

Lightsoft Weather Center offers the following main features:

• Integration with Davis Vantage, Monitor and Wizard stations along with the La Crosse WS 23xx range of weather stations.
• Can upload to Wunderground Personal Weather Station pages
• CWOP upload - user programmable server list, ports and upload time (with random variation).
• Custom web page processing - takes your web pages, replaces weather tags with current data, graphs, dials, web-cam imagery and FTP to your web server
• Custom CGI driver - can drive a CGI on your web server with current weather data in close to real time. Simple example php scripts included.
• A local network client can display weather station gauges on any machine on your local network.
• Can record data for two other locations via data obtained from: weather.com, wunderground, NOAA or METAR.
• Continuous and unlimited recording, monitoring and analysis of weather data for up to three locations.
• Provides graphs of temperature, dew point, wind chill, wind speed, wind direction, precipitation, cloud base, internal temperature, internal humidity and barometric pressure.
• Can graph and display conditions for any date in the database; dates can be entered using natural language; for example 'last wednesday'. Graph scales range from 1 to 56 days.
• Continuous statistics calculation and display.
• Continuous database timeline maintenance; if LWC misses samples, data is interpolated between last know good sample and the latest.
• Database query facility; for example querying the total rainfaill over a given date range.
• A journal, linked to the database for recording your own weather notes.
• Web page generation and upload to web server of current conditions, graphs, web cam image, statistics and journal.
• Export of data from any date range within the database.
• Additional sources of weather data for comparison purposes or keeping an eye on other locations include weather.com, The Weather Underground, The Weather Underground Personal Weather Pages, METAR and NOAA. Backup sources can be specified.
• Three pre-programmed alerts; ice, rain and clear sky.
• Unlimited number of user programmed alerts.
• LWC can send email, SMS message (via modem) and run scripts when an alert is triggered.
• In-built test system for custom alerts.
• Independent units for each of the six main data types.
• The current weather can be spoken.
• Daily data email; sends tab-delimited data email for any or all locations.
• LWC can collect, display and animate satellite imagery.
• Weather records can be notified via email.
• Can record and upload webcam images and time-lapse movies via QuickTime compatible camera.

WHAT'S NEWVersion 1.1:

• Added German and Italian localizations.
• Added web tags for sunrise and sunset times.
• Reduced the latency of alerts to a few seconds.
• Added the option to send local time for custom CGI's
• Additional bug fixes and feature enhancements. For a full list please see http://www.lightsoft.co.uk/phpBB2/viewtopic.php?f=15&t=802

REQUIREMENTSMac OS X 10.4 or later. G3, G4, G5 and Intel based Macs.
DEVELOPERLightsoft
DOWNLOADS2815
DOWNLOAD NOW (16.8 MB)
More information

This article is part of the Open Web Awards, an open, international contest for the best websites and services.

It’s pretty simple, really. If you’d like to cast your vote for the best How To site online, simply:

1. Choose your favorite from the nominees below

2. Select that site in the widget’s dropdown menu

3. Enter your email address

4. Click Vote

5. We will send you a confirmation email. Be sure to click the link to verify your vote!

The How-To site with the most votes proceeds to the finals next week. Voting ends at midnight PST tonight. Good luck to all the nominees!

The Contenders

A Full Cup - offers how-tos for those seeking coupons and discounts.

Bright Hub - shares information about how scientific facts evolve into the latest technology.

Bukisa - lets you share your knowledge and then get paid when others access it

Church Media Design - offers tips and tricks for the church media designer in video podcast format.

College-Cram - social learning site that allows student