Justin.MadIrish.net

This week Google entered the web browser wars with a vengeance, releasing their own web browser, dubbed Chrome, as a free beta. Chrome sports some impressive features and is being released as entirely free, open source software. Of particular interest are the new security features that are built in to chrome. Two extremely interesting security features are the browser privacy mode and the tabs in Chrome.

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used verification system that forces users to look at images of obscured text and enter the text into a field. This system was designed to defeat automated computer based systems that were often used by spammers to set up bogus accounts or send spam. The idea was that the images weren't machine readable and Optical Character Recognition (OCR) technology wouldn't be able to decipher the image thereby defeating automated tools that spammers used. This raised the bar significantly for spammers. Many turned to micro payments, enlisting humans to decipher CAPTCHA code for a small fee. This isn't nearly as effective as using a computer though and both academic researchers and spammers alike have been searching for programmatic ways to defeat CAPTCHA, even as the technology evolves.

Two days ago OWASP announced the release of a new version of their DirBuster tool. DirBuster is a Java based web application scanner. Basically you give it a host and it scans that host for directories on the host. DirBuster can utilize a list of directories and files or it can brute force them. DirBuster is nice because it can find files directories that might not be directly linked to. This can be used to expose information on the host that you might not find otherwise. DirBuster will also parse the HTML of files that it does discover, allowing it to follow links present in discoverable files as well. You can find more information about DirBuster at the OWASP site at https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project.

Ok, once again, we return to the topic du jour, defiling mashups. In response to Chris' blog. As a side note I've enable anonymous comments for now, let me know if there are still problems (my opinion of Drupal is declining the more I use it).

I'm tempted to take a lot of different avenues in explaining why I would strongly recommend mashups, and there's a strong pull to use anecdotal evidence, but I think I'll stick to straightforward analysis. By this I don't even just mean business analysis, but also engineering analysis.

Mash ups are the latest cause celebre on the internet (now that corporate blogs have cooled off) and I have to say, as a developer I'm not impressed. Now, I'll admit that I'm notorious for having negative reactions as a knee jerk response, but I think "mashups" are just another facade in the internet hype cycle.

Of course, it's easy for me to be negative about any new, unproven technology, but mashups aren't anything new. Mashups are derived out of a long and less than illustrious heritage that includes portals, SOAP and remote XML. At its core a mashup is nothing more than a refactoring of remotely available data.