Notes toward the Network 25 unhosted social network application.

Quite a few years (and a couple of re-orgs) ago on the Zero State mailing list we were kicking around the idea of building an unhosted social network to keep in touch, which is to say, a socnet that was implemented only as a single file, with all of the JavaScript and CSS embedded at the end.  Some of the ideas included using a distributed hash table so each instance could find the others, as many crazy but feasible ways as possible to bootstrap a new member of the network into the DHT, and using using the browser's built-in local …

Read more...

Setting up converse.js as a web-based chat client.

As not bleeding edge, nifty-keen-like-wow the XMPP protocol is, Jabber (the colloquial name for XMPP I'll be using them interchangably in this article) has been my go-to means of person-to-person chat (as well as communication protocol with other parts of me) for a couple of years now.  There are a bunch of different servers out there on multiple platforms, they all support pretty much the same set of features (some have the experimental features, some don't), and the protocol is federated, which is to say that every server can talk to every other server out there (unless you turn that …

Read more...

A new way to write web applications.

It's almost taken for granted these days that your data lives Out There Somewhere on the Internet. If you set up a webmail account at a service like Gmail or Hushmail, your e-mail will ultimately be stored on a bunch of servers racked in a data center someplace you will probably never see. Users of social networks implicitly accept that whatever they post - updates, notes, images, videos, comments, what have you - will probably never touch any piece of hardware they own ever again. Everything stays in someone else's server farm whether or not you want it to, and while there …

Read more...

Firefox plug-ins I have known and loved.

It's been said that the killer app that made the Net as ubiquitous as it is today is the web browser, with e-mail running a close second. Just about everyone uses a browser in some capacity or another to access news, information, and e-mail, possibly moreso than dedicated applications (such as e-mail readers, RSS readers, or database searching applications). As great as they are, web browsers have their own unique sets of problems and vulnerabilities that have to be taken into account, especially if privacy is of concern to you.

Firefox, in my considered opinion, is an excellent web browser …

Read more...

Source code to Javascript botnet agent leaked!

Remember the software that Billy Hoffman demo'd at Shmoocon 2007 - the Javascript that turns any capable web browser into a zombie?

One Mike Schroll snagged a copy while in the audience and posted it to his website. From there, about 100 somebodies downloaded copies, which no doubt have spread farther.

You can bet that this is going to find illicit use soon. For Firefox users, I strongly suggest that you look into installing a plug-in called NoScript, which lets you decide whether or not to execute the Javascript embedded in a particular web page.

As always, read the documentation.

Cross-platform droneware: Bots written in Javascript.

Billy Hoffman of the security outfit SPI Dynamics unveiled the fruits of his research at Shmoocon last weekend (which I'm still miffed about not being able to attend), botnet software written in Javascript that runs on any modern web browser. His prototype botnet agent is called Jikto, and it searches for cross-site scripting vulnerabilities in websites after beginning execution when the user looks at a malicious website or e-mail message. Periodically, it will phone home with vulnerable URLs and details of same. This means that even Net-capable cellphones can unwittingly be turned into botnet members.

Javascript can hypothetically be dropped …

Read more...