I use Firefox, though I used to swear by
Safari. (I’ve long despised IE as slow, clunky, and a security trap.) I started using it for only one reason: CNET requires it for its blogging tool. Over time (and once I had skinned it to look just like Safari and optimized it to run almost as fast as Safari), I’ve come to appreciate its adaptability and pluggability. But it took a forward-looking organization to force me into the change.

Most organizations don’t have this attribute. They’re conservative. For such, it’s important to introduce a Firefox that appreciates and respects the old world while pulling users into the new world. Mozilla doesn’t do this well.

Mozilla writes and helps foster communities that assist in writing some of the best open-source code on the planet. Where Mozilla fails is as an activist voice, trumpeting to the world just how exceptional the products it builds can be. I’m not sure if this is a fault with the Mozilla Corporation or the Mozilla Foundation, but we need a more vocal Mozilla.

Mozilla has thus far neglected to develop tools to help IT departments deploy and manage Firefox, and it doesn’t offer paid technical support services to risk-averse corporate users. “The enterprise is looking for a neck to choke, and that is absolutely what is missing from Firefox,” said Ebron, a former product manager for Firefox and its predecessor, Netscape Navigator.

BusinessWeek notes that Mozilla is making efforts to improve upon its 2% market share in China. It’s starting campus programs, among other things, to boost awareness of
Firefox. But according to the article, most Chinese simply want their browser pre-bundled and pre-configured with a wide range of options. Microsoft and those companies building browsers based on the IE kernel are doing that. Mozilla? Not so much.

Somewhat surprisingly, Mozilla apparently has little interest in catering to enterprise needs, needs that include integration with proprietary technology like Active Directory, as pooh-poohed by Mozilla’s Chris Hoffman.

Maybe, maybe not. The point is that so long as Mozilla remains committed to burrowing into its safe little bunker with little appreciation for the needs of real users, it will cram itself into the role of perennial also-ran. One need not give up the ideals of open source to integrate with the rest of the world.

But even if it did, we’d never know, since Mozilla isn’t good about talking publicly about all the good it’s doing. I hope it finds an executive director of the Mozilla Foundation who will bring the corporate perspective to bear on the organization. Not to drown out its existing voices, but to augment and amplify them.

He dismissed Active Directory as a “proprietary technology” that would hurt rather than help Firefox administrators. “Multiple levels of permissions applied across different groups adds a lot of complexity,” he said. “If you look at the track record for that feature, it’s resulted in less security for IE.”

commentary

Back in the West, Linux Insider notes that Mozilla’s biggest problem is its lack of corporate outreach:

Other Aviary graphics apps to come include a color palette creator, an “algorithm-based pattern generator,” a vector editor (competitor to Adobe Illustrator?), a 3D modeler, and other non-graphics tools such as a word processor, an audio editor, a “music generator,” plus a network file storage system and a marketplace for the exchange of creative works.

Online apps in general have other advantages. Most offer Web-based storage and built-in access to the world’s largest collaboration network: the Internet. Nobody likes hassling with LAN-based workgroup software installations, and with Web apps you don’t have to.

There are invitations to Phoenix, the new app discussed in this post, set aside for Webware readers. Read on to learn how to get yours.

If you want to try out Phoenix, there are 100 early-bird invitations set aside for Webware readers. Go here to enter your e-mail address. You have to click over from this story to get on the list–cutting and pasting the link won’t work.

As I reported from Demo 2008, new Flash- and Flex-based Web apps are putting traditional desktop apps to shame. The database Blist, the widget maker Sprout, and the photo manager Joggle are all Web-based apps that give up almost nothing to run inside a browser.

Flash has its downsides, of course. It’s yet another layer of platform software for an app to run on. For the most part, today’s overpowered personal computers and fast broadband connections punch through this inefficiency. However, in some cases, Flash just doesn’t offer up enough performance. The personal finance app Voyant, for example, eschews Flash for Java; a Voyant developer told me it’s faster at the math his app needs to perform.

In fact, I want to encourage this crazy ambition. If Worth1000 can build a suite of professional media creation and management apps all at once using new Web platforms–and even if it tries but in the end cannot– it could encourage other developers to stretch beyond today’s current Web 2.0 apps. We certainly could use more real Web apps, and fewer me-too social networks or developers’ resumes masquerading as products.

Even rich media apps will fall

I experimented with Phoenix a bit. I can’t give it a deep review, since I’m not an expert in image editing. However, it certainly does a lot of the things I’ve done when poking around in Photoshop: It has rich tools for selected image elements, layering items you’re working on, and transforming parts of the image. Lacking, of course, is plug-in support and Photoshop’s snappiness when it runs on a fast PC. But the capability to open an image directly from a URL is pretty cool, and I would fully expect to see the capability to write files right back soon as well.

And I’ll tell you this: I’m not seeing nearly the same creativity today in traditional software that I am seeing on Flash and in browser-based apps. Flash-based apps are finally beginning to compete head-on with standard software. Many new Flash apps aren’t just different. They’re better.

See also: Picnik; and watch for Adobe’s own Photoshop Online.

Flash-based applications are inherently cross-platform, because there are Flash runtimes that work in Internet Explorer and
Firefox; on Macs, Windows, and Linux. (There are even Flash runtimes for mobile phones and set-top boxes, although Adobe’s expensive licensing schemes for those platforms do a lot to keep Flash apps off them.) With Adobe’s new AIR runtime environment being basically a wrapper for Flash and Flex, we can expect that many of these Flash apps will be released as independent app-like products, but with Flash’s cross-platform and Web-native advantages.

Who needs Photoshop?

The full rundown of tools the team hopes to build sounds hopelessly ambitious and reminds me of Zoho, which has a too-big suite of not-quite-developed online productivity apps. Probably a better strategy would be to focus on the key moneymakers and open up a plug-in platform so other developers could add to the ecosystem. But I don’t really want to critique the company before the first app is even out of beta.

Case in point: the Aviary suite of graphics apps, coming out soon from the team at Worth1000. The first app, the image editor Phoenix, will make you question the value of your Photoshop license. Not that it’s a drop-in replacement for Photoshop today, but it gives you a strong indication that the need for expensive apps licensed on a per-PC basis is ending.

Compuware surveyed 1,112 “IT practitioners” and found that only 1 percent of data losses could be attributed to hackers.

Asked about their employer’s ability to monitor and detect information theft, most of those surveyed said their employers did a poor job.

Ouch.

See a summary of all my Defensive Computing postings.

If you work in a corporation, then you might be interested in a blog posting by Joel Hruska over at Ars Technica
that reviews a report by Compuware on how and why corporations lose data.

The report ultimately suggests that the vast majority of companies have security models that are semifunctional at best. Accountability is a hit-or-miss affair, confidence in the system as a whole is minimal, and the flaws that contribute to data breaches aren’t confined to any single level of an organization.

The other 99 percent? Mostly negligent insiders. The next biggest sources of trouble were outsourcing and malicious employees.

If you like to cut to the chase, here is Hruska’s conclusion:

In the future, Benedetto says, the OpenID and Data Availability projects will merge. Users will be able to use their MySpace OpenID to access their profile and network, “even when they are not on MySpace.” Supporting OpenId will allow users to “login to the long tail of the Internet” via MySpace. Data Availability could make their profiles ubiquitous.

Data Availability is a powerful concept. It makes it possible to take your profile page and your social network created in MySpace, and push them into another service. Like MySpace’s OpenID initiative, this project is part of MySpace’s plan to become a hub of identity.

MySpace's Data Availability program allows other sites to import MySpace profiles. Eventful shown here.

The company is also announcing today that two implementations of its Data Availability program are going live. It’s showing how profile data from MySpace can be imported into user accounts in Eventful and Flixter.

While these initiatives are powerful and important for MySpace, and are good for users, neither implementation is, yet, fully open, since they’re both one way. As I said, MySpace is not yet allowing users to login to the service with OpenIDs obtained elsewhere, nor is it allowing Data Availability partners to write data into MySpace profiles. Benedetto told me, “It would be very beneficial to us to have data coming in,” but that the company needs to take a phased approach to supporting data sharing. “We’re stepping in to uncharted territory,” he said. Previous sharing projects in the industry have failed, he said.

MySpace today is announcing support for the OpenID identify platform. This means users of services that let you log in to them with OpenID will be able to use their MySpace credentials for the login. As TechCrunch pointed out, though, this appears to be a “land grab for user identities,” since MySpace isn’t allowing users to log in to MySpace with an OpenID account from another identity provider.

Full and open synchronization with other identify platforms and social networks would be much more complex than the current initiatives, and would likely confuse users at first, but ultimately this is what users are going to want: Truly portable social network data. It’s the only way users can end up owning their online identities.

All MySpace users will, by default, get OpenIDs when the project is turned on at some point in the near future. If they don’t use the OpenID login from other sites, they will not notice any changes to their MySpace login experience.

(Credit:
MySpace)

Bill Ford at Fortune Brainstorm Green conference.

“When I joined Ford board in 1988, I was told I had to stop associating with any known or former environmentalists,” he joked. At the time, Ford said that it was important for the company to have a dialogue with environmental groups.

Ford himself was integral in the company adopting sustainability and environmental awareness in its operations. He spearheaded the construction of the Rouge River factory, which adopted a number of techniques to minimize energy and water use.

Ford plans to bring small cars designed originally for congested cities in Europe to the U.S., he said.

Over the years, the culture of the company has changed gradually to take the notion of environmental sustainability more seriously.

To see tweets from the conference, see http://twitter.com/mlamonica.

Moving the company to cleaner technologies and environmental responsibility has helped Ford financially and motivated employees, Ford said. Many of the changes Ford adopted at Rouge River in Michigan made sense financially and its improvements into fuel efficiency have helped the company.

“The downsizing of the fleet is going to happen. We at Ford are placing a big bet on that,” he said. “It’s a bet we’re making because we believe that it’s the right thing to do. Whether we get the timing right–don’t know.”

(Credit:
Martin LaMonica/CNET)

“I am so energized by what is going on now–it’s fantastic. Not only is it the right thing to do but there’s also all this cool technology being developed now,” Ford said. “Not just in powertrains, but in safety, communications–it’s a really cool time to be part of the industry.”

LAGUNA NIGUEL, Calif.–Even though the U.S. auto industry has been badly weakened by poor decisions and falling sales, new technologies are bringing a new vibrancy to the industry, said Bill Ford, the executive chairman of Ford Motor.

A spokeswoman from The EMI Group said that executives there have not been asked for information from the DOJ.

Two sources close to both record companies confirmed that that the labels had received letters from the DOJ in an interview with CNET News.com. A spokeswoman for the Justice Department declined to comment. Representatives from Sony BMG, and Warner Music Group did not return calls. Universal Music declined to comment.

Businesweek reported that Morris was interested in launching an iTunes competitor. Morris had already enlisted the support of Sony BMG and was in talks with Warner Music Group, the magazine reported. If the start-up was successful at securing deals from all the top three labels, then it would offer about 75 percent of the music sold in the U.S.

Morris’ plan, according to the magazine, is to convince hardware makers and cell carriers to help carry the costs of the $5-per-month subscription fee, so Total Music can offer consumers a device that comes with “all-you-can-eat” music that’s available for a very low fee.

The source said that Universal Music has also spoken with Microsoft, Google, MySpace and Facebook about their interest in a subscription site.

The Justice Department’s investigation is unprecedented for something that has yet to get out of the concept stage, according to one of the sources who spoke on condition of anonymity.

The U.S. Department of Justice has requested information from Sony BMG Music Entertainment and Universal Music Group about Total Music, an iTunes competitor that plans to offer music from all the majors for a $5-per-month subscription fee, according to a report in the newsletter Music Alley.

Universal Music CEO Doug Morris, who according to an October story in BusinessWeek came up with the idea for Total Music, has only floated the plan past the other three record labels, the source said, adding that no contracts have been signed, no money has changed hands, and no final decisions about whether the site will ever be launched have been made.

UPDATE: 5:02 P.M. Federal regulators have begun asking questions about a plan supported by at least two major record companies to launch a jointly operated music-subscription site.

“Universal Music has also spoken with Microsoft, Google, MySpace and Facebook about their interest in a subscription site.”

If you’re a search junkie, this is a whole lot faster than having to navigate to each site and then use the search tool. Essentially it’s saving you one click each time you want to look for something. At the same time it’s taking away some of the business your browser’s creators are getting by replacing the stock search engine modules with this one.

(Credit:
CNET Networks)

Joongel's social media search toolbar gives you quick access to several social news and media sites and the search engines that go with them. To give it a spin, click on the graphic above.

Joongel (rate it!) is a new plug-in for
Firefox and IE7 that lets you search through various social media and news sites using the same query. Unlike a search aggregator that mixes up all the results, you have to view them on each service’s results page. It’s simply emulating the same effect of having each site’s custom search installed in your browser’s built-in search bar.

While the 2600 article is not online, a reader of the Consumerist blog summarized it online:

Facebook has its legal bases covered though, as its Terms of Service clearly state that the company is in no way responsible for anything that the developers do with user data. It further notes that the company does nothing at all to verify that developers are doing anything at all to protect user data, or that they are not storing data beyond the time needed to process the application request (a strict no-no). The terms of service state:

The Moods application allows unauthorized users to view the mood histories of non-friends, and with Firebug, anyone with the app can intercept their own mood change form before submitting it, change the uid in the form, and change someone else’s mood.

According to a recent article in 2600, the Hacker Quarterly, many popular Facebook applications are vulnerable to trivial attacks, which permit a nefarious person to both set and read the data associated with that app. The 2600 article uses apps Moods, Free Gifts, and Super Wall to prove its point.

This is not rocket science, but far closer to computer security 101. Microsoft’s Larry Osterman has written about these kinds of flaws on his own blog, describing his effort to educate Microsoft’s programmers:

Super Wall has a similar vulnerability that allows someone to intercept the form in a similar way and spoof messages from ANYONE to ANYONE (even a non-friend) just by changing the to and from uid’s.

Just a few months after this blog brought you exclusive news of privacy problems in Facebook’s application system, we are now already seeing the consequences of Facebook’s decision to pass the buck on on application security and privacy. Facebook shares user data with a large number of third-party application developers (without user consent), who then leave the data open to hackers due to nonexistent security and privacy protections. We at Surveillance State would be lying if we said we didn’t see this coming.

Third-party developers

In all three of those applications, User A can very easily modify User B’s data by intercepting a form and modifying the uid (Facebook user ID) before transmission. In addition, with some applications, User A can gain access to stored application data (e.g. history, etc.) for any User B, whether they are friends or not. Such applications blindly trust form data that can easily be tampered with, which is very clearly a bad idea.

Quite simply, the developers have no authentication mechanism in place on their own servers when processing queries issued by a Facebook application. The developers rely instead, on the Facebook app itself playing by the rules. A nefarious hacker merely needs to intercept the Web request issued by the app, and replace his/her own Facebook ID with that of a potential victim.

For those of you interested in learning more, someone has taken the time to record a screencast of the attack in action. All that’s needed is a Facebook account, the
Firefox browser, and the Firebug browser add-on.

On Wednesday, I spoke with Adrienne Felt, the University of Virginia researcher whose report first highlighted the excessive and dangerous data sharing that happens between Facebook and its Application developers. When asked for her thoughts on the lack of authentication and security at major Facebook apps, Adrienne told me that, “sadly i am not surprised at all” as “apps are written by people who just barely know anything about coding.”

As I mentioned in a blog post back in January, Facebook permits application developers to get access to large amounts of sensitive data, all without clear user consent. Simply put, whenever a user installs a Facebook app, the developers of that application get access to data on every person who that user is Facebook ‘friends’ with, as well as most of the people in that user’s network. While Facebook makes it perfectly clear when users install an application that developers will get access to their data, it doesn’t do anything at all to warn users that the same data sharing occurs when their friends install apps.

Flaws in apps, users at risk

Hackers have turned their attention to Facebook’s hundreds of independent applications. The results are not terribly surprising, but do not tell a good tale: app developers don’t seem to know a thing about basic security, and are putting private user information at risk. As a result, malicious hackers are able to access and change what should be private user data managed by the application providers.

“[each application] has not been approved, endorsed, or reviewed in any manner by Facebook…we are not responsible for…the privacy practices or other policies of the Developer. YOU USE SUCH DEVELOPER APPLICATIONS AT YOUR OWN RISK.”

(Credit:
CNET Networks)

GoAnimate is a browser-based animation studio. It lets you build multi-scene animated creations, complete with support for music, transitions, and user-uploaded page elements. I spent most of this morning playing around with it and the results are about on par with what you’d find on one of those animated greeting cards.

Like most video editing applications GoAnimate centers around a time line. Everything is drag and drop, so you can pick out characters, props, backgrounds and special effects and simple put them on the canvas where you see fit. Each “scene” can be edited to last as long as you want, and you can drag finished scenes around the time line to re-order them. Basically everything is set up to let you quickly clone and continue your work with minimal effort.

The tool also feels a little cramped on larger screens as it doesn’t scale to match the extra width. This, too, is a small quibble, but after having played with Flash game creator PlayCrafter yesterday (story), tools that account for this extra space make it far easier for people who are serious about using them as an alternative to desktop applications.

GoAnimate lets you stick cropped heads onto ready-made animated characters quickly and easily. The results can be rather humorous.

GoAnimate is completely free to use. You can see an example of the test one I made here.

One cool feature is that you can upload pictures from your hard drive, Facebook, or Flickr and turn them into props, backgrounds, or human heads. These heads can be stuck onto the bodies of pre-made characters, so with just a few head shots you can make your very own animated faces by splicing scenes together.

While simple to use, the tool is not without its shortcomings. For instance, you can’t set up several character movements or actions within one scene. This means attaching a speech bubble to a character requires its own scene instead of being able to time out multiple speech bubbles in one scene using delay. I know this seems like a small quibble, but it means adding in more scenes when you could simply mark out the action on a separate time line.

That’s a problem I could live with.

Jimmy Carter might have served two terms (or, more toward the wishes of you conservatives, never been elected at all). The Ayatollah Khomeini, meanwhile, likely would have been a guy on a park bench. As a country with a fairly well-developed middle class and educational system, Iran would likely have emerged as a shining star in globalism.

(Credit:
CNET Networks)

Offshore oil drilling? Wouldn’t be needed. In fact, when you think about it, there wouldn’t be much to debate in the 2008 presidential election.

OK, a vibrant economy in the Great Lakes would likely have doomed the musical careers of Grand Funk Railroad and Bob Seger–the beer rock movement just wouldn’t have the same oomph without mass unemployment. But it’s a small price to pay.

Michael Kanellos, Greentech Media

U.S. Secretary of Defense James V. Forrestal was terrified. The year was 1948 and diplomats worldwide contemplated what might occur if various nations recognized Israel as a separate state.

Alternative fuels like biodiesel and ethanol? A thriving industry would have probably emerged. The lack of cheap oil would have put farmers and chemists on the hunt for substitutes. (Biofuels work, but they just cost more than gas. Less gas would have opened an opportunity.) The wealth generated would have made Kansas look like Palo Alto.

Editor’s note: What with the price of gasoline near record highs, attention increasingly focuses on the race to deliver battery-driven automobiles. But even with advances in this and other alternative technology areas, this remains a work in progress. As they say, we’re likely going to remain dependent on oil for the foreseeable future. Apropos, I recently came across a provocative column by Greentech Media’s Michael Kanellos, which I’m reposting as a guest column. Might his look-back scenario have worked out? We’ll never know. Still, it’s a good read. What’s your take? Leave your comments in the TalkBack section below.

Iran? Wouldn’t be a problem. Britain and the United States organized a coup in 1953 against Mossadegh, the then-prime minister who wanted to nationalize Iranian oil assets. The coup led to the Shah on the throne. Better efficiency and alternative oils would have meant no coup, no Shah, no 1979 Iranian Revolution, and no Great Satan Bookstore in the old CIA headquarters in Tehran.

For one thing, U.S. auto companies likely wouldn’t be the bumbling boneheads of the industrial world. General Motors, Ford, and Chrysler would have had to retool quickly. But turning on a dime was something they learned to do thanks to the wartime experience, when the federal government ordered these automakers to start building planes. Germany and Japan were still in shambles at the time so U.S. automakers could have eked out an early, sustainable lead.

Global warming? Still a problem, but it would have come on more slowly and might have been easier to ameliorate. Then again, people could have reacted to it slower. But even as global warming began to appear, we’d have had more experience to combat it. So chalk that up as a positive, too.

Muscle cars? Well, you can’t have it all. NASCAR fans would be cheering on drivers from the Opal team. Mattel would have likely have scuttled Hot Wheels too.

In turn, that might have meant softening, or even avoiding, the blight that hit Detroit in the 1970s. And the focus on efficiency could have bled into the steel industry. Who knows? The U.S. could have become an early leader in solar manufacturing with all the intellectual capital focused on efficiency and energy.

The views in this opinion piece are not connected with Greentech Media news.

In a decade, “the nation could be forced to convert to four cylinder
cars,” he confidentially predicted. (The quote has been cited in several books, including O Jerusalem by Larry Collins and Dominique Lapierre.)

But it makes me wonder. What would have happened if Forrestal’s fears had come true? What if the Gulf nations had imposed a strict embargo and the United States was forced to go four-cylinder and cut down on gas starting in 1948?

If the United States had decided to recognize the soon-to-be nation, Arab nations might cut off oil shipments, which in turn could imperil the Marshall Plan, which in turn could provide momentum to the communist juggernaut.

Terrorism? It would have occurred–the cultural, political, and religious issues of the Mideast made war inevitable. But the oil-rich nations of the Gulf wouldn’t have had as much money. In turn, that would have meant less of the “affluent poverty” of those nations. Instead of relying on family wealth and government-made jobs, more kids in those nations would have attended college. Which in turn would have meant more “normal” nations and likely less radical political fringes.