Friday, April 29, 2011

Using jQuery. HTML5, PhoneGap And More In The New Multiscreen World

The soon-to-be-released Adobe Dreamweaver CS5.5 (part of Creative Suite 5.5) helps you create content with HTML5, CSS3 and the JQuery mobile framework (among other things) and target multiple platforms including Android operating systems, iOS, and Adobe AIR. As seen in the images below, Dreamweaver CS5.5 reflects the new and growing presence of not only the desktop computer, but the smart phone and tablet as well.

{ Click on any of the images for larger view }

With the Dreamweaver CS5.5 Media Queries dialog box, you can attach or create CSS files for different screen sizes and force devices to report their actual widths.


With the Mobile Applications feature and the SDK for Android (shown above) or iOS, you can emulate and create a native mobile application from your Dreamweaver CS5.5 site files.

PhoneGap is an HTML5 app platform that allows you to author native applications with Web technologies and get access to APIs and app stores.

To streamline your projects, the PhoneGap framework is now integrated as an extension in Dreamweaver CS5.5. So, using PhoneGap, you can build native Android and iOS apps directly from Dreamweaver CS5.5 projects.

Adobe has proven that it can work intimately with a vendor, such as with Research in Motion, whose application development strategy for the PlayBook at launch is 100 percent dependent on Adobe’s AIR and Flash technologies (and will be so until other native QNX SDKs and “Players” are released). Today, the PlayBook demonstrates excellent performance with the Flash and AIR runtimes as both stand-alone tablet apps and embedded into a Mobile browser.

Click here for a look of the Blackberry PlayBook runing video using Flash and HTML5. Video on the PlayBook is superb, with crisp resolution. Video arguably looks better on the PlayBook than on its iPad 2 and Motorola Xoom rivals.

At the same time, on the iOS platform, users aren't feeling any lack of Flash. Virtually every Web site imaginable has moved to HTML5 H.264-based encoding of embedded video. YouTube itself has also fully optimized itself for Mobile Safari and iOS. So, as I've been pointing out, to compensate for this shift, Adobe has introduced HTML5 support into its tools.

More to follow. Stay tuned.

Saturday, April 16, 2011

Developing Rich Web Apps On A Network With Many Platforms (JQuery Mobile)

We live in a networked world filled with smartphones, tablets, Internet-enabled televisions and, yes, desktop computers. So, it's no surprise that application development tools like the soon-to-be-released Adobe Creative Suite CS5.5 Web Premium reflect this evolution of the network by targeting multiple platforms including, but not limited to, Google's Android operating systems, Apple's iOS, RIM's Blackberry in addition to Adobe AIR by facilitating the authoring of rich content with HTML5, CSS3 and JQuery mobile to name a few. I've written about HTML5 and CSS3 in earlier posts to this blog and will have something to say about JQuery in an upcoming one. For now, please note that the

jQuery mobile framework takes the "write less, do more" mantra to the next level: Instead of writing unique apps for each mobile device or OS, the jQuery mobile framework will allow you to design a single highly branded and customized web application that will work on all popular smartphone and tablet platforms. Click here for more.

Basic features of jQuery Mobile include:

General simplicity
The framework is simple to use. You can develop pages mainly using markup driven with minimal or no JavaScript.

Progressive enhancement and graceful degradation
While jQuery Mobile leverages the latest HTML5, CSS3, and JavaScript, not all mobile devices provide such support. jQuery Mobile philosophy is to support both high-end and less capable devices, such as those without JavaScript support, and still provide the best possible experience.

jQuery Mobile is designed with accessibility in mind. It has support for Accessible Rich Internet Applications (WAI-ARIA) to help make web pages accessible for visitors with disabilities using assistive technologies.

Small size
The overall size of the jQuery Mobile framework is relatively small at 12KB for the JavaScript library, 6KB for the CSS, plus some icons.

The framework also provides a theme system that allows you to provide your own application styling.

Some jQuery Mobile UI elements

But getting back to Adobe Creative Suite 5.5 Web Premium: with it, you can:

  • Manage content for different screen sizes.
  • Develop apps for virtually any mobile device.
  • Ensure design integrity across the entire web.

For a look at this new flexibility, click here to watch Adobe's Dreamweaver CS 5.5 creating a rich app for Apple's iPad.

Stay tuned!

Wednesday, April 13, 2011

HTTPS, Certificates and Web Security Reconsidered

The Comodo Group, an Internet security company, has been attacked in the last month by a talkative and professed patriotic Iranian hacker who infiltrated several of the company’s partners and used them to threaten the security of myriad big-name Web sites.

But the case is not a problem for only Comodo, which initially believed the attack was the work of the Iranian government. It has also cast a spotlight on the global system that supposedly secures communications and commerce on the Web.

The encryption used by many Web sites to prevent eavesdropping on their interactions with visitors is not very secure. This technology is in use when Web addresses start with “https” (in which “s” stands for secure) and a closed lock icon appears on Web browsers. These sites rely on third-party organizations, like Comodo, to provide “certificates” that guarantee sites’ authenticity to Web browsers.

But many security experts say the problems start with the proliferation of organizations permitted to issue certificates. Browser makers like Microsoft, Mozilla, Google and Apple have authorized a large and growing number of entities around the world — both private companies and government bodies — to create them. Many private “certificate authorities” have, in turn, worked with resellers and deputized other unknown companies to issue certificates in a “chain of trust” that now involves many hundreds of players, any of which may in fact be a weak link.

The Electronic Frontier Foundation, an online civil liberties group, has explored the Internet in an attempt to map this nebulous system. As of December, 676 organizations were signing certificates, it found. Other security experts suspect that the scan missed many and that the number is much higher.

Making matters worse, entities that issue certificates, though required to seek authorization from site owners, can technically issue certificates for any Web site. This means that governments that control certificate authorities and hackers who break into their systems can issue certificates for any site at will.

Experts say that both the certificate system and the technology it employs have long been in need of an overhaul, but that the technology industry has not been able to muster the will to do it. “It hasn’t been perceived to be a big enough problem that needs to be fixed,” said Stephen Schultze, associate director of the Center for Information Technology Policy at Princeton. “This is a wake-up call. This is a small leak that is evidence of a much more fundamental structural problem.”

In the Comodo case, the hacker infiltrated an Italian computer reseller and used its access to Comodo’s systems to automatically create certificates for Web sites operated by Google, Yahoo, Microsoft, Skype and Mozilla. With the certificates, the hacker could set up servers that appear to work for those sites and try to view the unscrambled e-mail of millions of people, experts say. Comodo says it has suspended the Italian reseller and a second European reseller that the hacker also infiltrated.

In a series of online messages teeming with bravado, the hacker described himself as a software-engineering student and cryptography expert and said he worked alone. He suggested he was avenging the Stuxnex computer worm, which was directed at Iranian nuclear installations last year. And he indicated that he intended to use the certificates he created to snoop on opponents of the Iranian regime. “As I live, you don’t have privacy in Internet, you don’t have security in digital world,” he warned.

The certificate system was created at the dawn of e-commerce in the early 1990s before security was a major issue. Security experts say the system is not up to the challenge of today’s immense, commercial and much-attacked Internet. It was designed primarily to let businesses take credit card payments online, and less to confirm the authenticity of Web sites.

The crucial tool available to Comodo and the browser makers — revocation — is ineffective, security experts say. After the Comodo case, Google, Mozilla and Microsoft rushed out patches so their browsers would recognize and reject the bad certificates. But this solution requires many millions of Internet users to update their browser software, which many people never do.

Moreover, because certificate authorities’ servers are seen as unreliable, most browser makers allow users to proceed to an alternative site, and hackers can exploit this weakness, security experts say.

Browser makers have another problem: Faced with a suspicious certificate authority, there is little they can do shy of rescinding it. But if they did that, millions of Web users might encounter troubling error warnings when they visited sites with certificates from that company, causing a cascade of problems for users and site owners. Cutting out a large player like Comodo, which controls at least 95,100 active certificates, could effectively “break the Web,” said Dan Kaminsky, chief scientist at the security firm DKH.

They are effectively “too big to fail,” said Christopher Soghoian, a former Federal Trade Commission technologist who is now a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University. “The problem is that the browser vendors don’t have a small stick, they only have a big stick." He said he could not recall a single instance in which the browser vendors had rejected a certificate authority.

Microsoft and Mozilla said that they would consider removing certificate authority if it was in the best interest of Internet users, and that they remained in talks with Comodo about its security practices. “Participation in Mozilla’s root program is a privilege, not a right,” the company, the nonprofit maker of Firefox, said. Apple, maker of the Safari browser, declined to comment. (Google’s Chrome browser defers to the choices of operating system makers like Microsoft and Apple about which certificate authorities are accepted.)

Mozilla, Microsoft and Google said they would work together and with certificate authorities and the security community on improvements to the system. One approach proposed by Comodo and Google engineers in January would allow Web site owners to specify which certificate authorities may issue certificates for their sites.

An initiative preferred by security experts would overhaul the system more radically. It would give Web sites similar control while securing their certificates within a new encrypted version of the domain name system, the central directory of the Web, making it the de facto central certificate authority through which Web sites could generate their own certificates.