What's My Risk?

The Open Web Application Security Project (OWASP) announced on Monday the first release candidate for the 2017 OWASP Top 10, which proposes two new vulnerability categories, The OWASP Top 10 2017 RC1.

A lot of discussions and opinions, here and there, by this project lead by Dave Wichers; not due to his leadership attributes but instead on the fact this new list may be obsolete (uh) but necessary, as it is de facto an standard for web professionals and now, in our decade, security IT professionals too.

Good news every four years are always good news. Think yourself in positive, Even this yours truly may be critical for several objective reasons with this RC1, the most vane reason because once, not so long ago, his candidature for an OWASP open position was kindly rejected ( no reasons, no need for a reason neither); in a world of private contractors and tons of assets offered by this contractors and professionals ( think theRSA), this volunteer based initiative deserves no less than respect.

Judge for yourself and help maintain and develop this. Be smart.


Multi-Cost ALTO

Applications using the Internet already have access to some topology information of Internet Service Provider (ISP) network.

There is a working-draft discussed now at the IETF, quite promising, entitled draft-ietf-alto-multi-cost-09 with an intended status of standard track.

The ALTO (Application Layer-Traffic Optimization) Protocol ([RFC7285]) defines several services that return various metrics describing the costs between network endpoints.

The document defines a new service that allows an ALTO Client to retrieve several cost metrics in a single request for an ALTO Filtered Cost Map and Endpoint Cost Map. In addition, it extends the constraints to further filter those maps by allowing a client to specify a logical combination of tests on several cost metrics.

Authored by S. Randriamasy, W. Roome from Nokia Bell Labs, and N. Schwan from Thales Deutschland

If you want to know more about it, please follow the paths.

Expires: October 27, 2017

PMXPO 2017

PMXPO 2017, coming THURSDAY, April 27, 2017 at 10:30AM ET. It's the biggest virtual Project Management event of the year, brought to you by ProjectManagement.com, the world's biggest online community of project professionals. Be sure to log on to enjoy a full day of informative and entertaining presentations while earning PDUs.

See you inside, as soon as you have complimented this URL to enter the expo:


Microsoft Publishes Digital Geneva Convention Docs

Microsoft has published a trio of policy papers in support of a Digital Geneva Convention. Two of the documents describe rules for countries and technology companies to abide by in cyberspace; the third calls for establishing an international body to attribute malicious cyberattacks. In a blog post, Microsoft president and Chief Legal Officer Brad Smith, noted that while the G7 has "published a declaration recognizing the urgent need to establish international norms for responsible nation state behavior in cyberspace," voluntary norms do not go far enough. 
Smith, who spoke about a Digital Geneva Convention at the RSA Conference earlier this year, wrote, "We need to... pursue a legally binding framework that would codify rules for governments and thus help prevent extraordinary damage."
The software based company, the one that long time ago flourished your screen with a charming  electric blue colour, advances masked in this brand new century. MS is holding a vision,  Which make us aware because of is a serious proof that may confirm the Theory of the Evolution, and besides, is making an educated guess:  Rules for countries and technology companies to abide by in cyberspace.

Never is too late. Roger, Redmond. "You can always just cross your fingers, search the Web, and try again".

After reading my income email, via the SANS Institute 

RFC 114

April 16, 1971 -- 46 years ago

Abhay Bhushan of MIT first publishes FTP in RFC 114
A file may or may not have access controls associated with it. The access controls designate the users' access privileges. In the absence of access controls, the files cannot be protected from accidental or unauthorized usage.

Image: 2002 Rus Shuler @ Pomeroy IT Solutions, all rights reserved

Foster Collaboration

There is an interesting debate these days, for those who do not celebrate all Easter, at the WHATWG.( Web Hypertext Application Technology Working Group).

The discussion, mostly, arises to the new possibilities that the audio tag should present for future implementations of elements featured the HTML5 language and its associated DOM API.

Mostly the use of this label is of public interest in what concerns to the transmission in streaming of contents for the web.

Is It Worth It?

These issues are all foreign to the neutrality of the technology itself, but necessary to be taken into account and implemented in a World in which the WWW is the mass communication media par excellence.

The pre-development and research reflection on this matter, actually presents concepts as interesting as the discussion of the streamed content, titles and singular attributes, the analysis of ISRC codes and regulations, or the famous article 15 of the WIPO's treaty.

I noticed to Patrick the similitude between what is referred in the industry as royalties and the term funding for scientists. I just wanted to mention that in this post, to know your opinion.  The greatest payoff on R&D is social return-return to organizations that do not participate directly. Like dancers in a stage.

Aside note: Apologies, dearest reader of this blog, for the poor written English featured in the linked email source. Ye know, life is hard in hostile territory and I am missing aptitudes, specially writing emails to a subscribers list.

Radio, live transmission.

Return to the source.

When an R&D project is finished, contractors and vendors may reap further profits based on their experience.
For this reason, the meta-data, new HTML-version 5-dot-something attributes, and other future aspects and enhancements the audio tag may present and offer in the future, are being debated among a few selected team of us.

And yes, memoirs came to mind. The debate brought to mind thecontents of that article in the ISOC, entitled A Brief History of the Internet, Part I, and written circa May/June in the year 1997.

Hence, an excerpt
The idea of open-architecture networking was first introduced by Kahn shortly after having arrived at DARPA in 1972. This work was originally part of the packet radio program, but subsequently became a separate program in its own right. At the time, the program was called "Internetting". Key to making the packet radio system work was a reliable end-end protocol that could maintain effective communication in the face of jamming and other radio interference, or withstand intermittent blackout such as caused by being in a tunnel or blocked by the local terrain. Kahn first contemplated developing a protocol local only to the packet radio network, since that would avoid having to deal with the multitude of different operating systems, and continuing to use NCP.


We are not talking about patent features here.The debate and the research done is the present is through the official mailing listThe mailing list archives are publicly accessible. "It was clear that these systems could be used from a distance and, more important, that they fostered collaborative user communities"

Memoirs came to mind  to avoid re-inventing the circle. Said all, time for brunch, fostering collaboration.


A toast In the memoir of Robert W. Taylor, a truly smoker innovator. Building upon the shoulders of giants.

This your truly, from the battlefield, hostile territory, proudly thinking about web hypertext, since 2004.


"Provenance is information about entities, activities, and people involved in producing a piece of data or thing, which can be used to form assessments about its quality, reliability or trustworthiness."
A must read, on the PROV,  defining various aspects that are necessary to achieve the vision of inter-operable interchange of provenance information in heterogeneous environments such as the Web via @ W3C PROV WG.

Provenance is the 'who'.

What is Web architecture?

As cited in the year 2004, a public working document, [ the TAG ], explains to us that there are a number of architectural principles that underlie the development of the World Wide Web. Some of these are well-known; others are less well-known or accepted.
(...) Web architecture refers to the underlying principles that should be adhered to by all Web components, whether developed inside or outside W3C. The architecture captures principles that affect such things as understandability, interoperability, scalability, accessibility, and internationalization.

For understandability, it is important that specifications be built on a common framework. This framework will provide a clearer picture of how specifications for Web technology work together.

For interoperability, there are some principles that cross Working Group boundaries to allow technical specifications to work together. For example, W3C has adopted an architectural principle that XML should be used for the syntax of Web formats unless there is a truly compelling reason not to (refer to "Assumed Syntax", by Tim Berners-Lee). This principle allows broad applicability of generic XML tools and is more likely to lead to general protocol elements that are useful for multiple purposes.

For scalability, it is important to base current work on wide applicability and future extensibility. For example, it is a common principle in designing specifications to avoid single points of control (e.g., a single registry that all specification writers or developers must use).
Web Architecture, a professional area and a subset of the Web technology -- (e.g., "Design Issues," "What is a Good Standard?," and "Common User Agent Problems,") ---, explained and defined by the W3C's Technical Architecture Group (TAG) Charter

W3C's Web Accessibility Initiative and Internationalization Activity are already producing Architectural Recommendations in the areas of accessibility and internationalization, respectively.

Circa 2004, repeat, 2004.
Newer Posts Older Posts Home