NEWS


Computing Now Exclusive Content — January 2011

News Archive

July 2012

Gig.U Project Aims for an Ultrafast US Internet

June 2012

Bringing Location and Navigation Technology Indoors

May 2012

Plans Under Way for Roaming between Cellular and Wi-Fi Networks

Encryption System Flaw Threatens Internet Security

April 2012

For Business Intelligence, the Trend Is Location, Location, Location

Corpus Linguistics Keep Up-to-Date with Language

March 2012

Are Tomorrow's Firewalls Finally Here Today?

February 2012

Spatial Humanities Brings History to Life

December 2011

Could Hackers Take Your Car for a Ride?

November 2011

What to Do about Supercookies?

October 2011

Lights, Camera, Virtual Moviemaking

September 2011

Revolutionizing Wall Street with News Analytics

August 2011

Growing Network-Encryption Use Puts Systems at Risk

New Project Could Promote Semantic Web

July 2011

FBI Employs New Botnet Eradication Tactics

Google and Twitter "Like" Social Indexing

June 2011

Computing Commodities Market in the Cloud

May 2011

Intel Chips Step up to 3D

Apple Programming Error Raises Privacy Concerns

Thunderbolt Promises Lightning Speed

April 2011

Industrial Control Systems Face More Security Challenges

Microsoft Effort Takes Down Massive Botnet

March 2011

IP Addresses Getting Security Upgrade

February 2011

Studios Agree on DRM Infrastructure

January 2011

New Web Protocol Promises to Reduce Browser Latency

To Be or NAT to Be?

December 2010

Intel Gets inside the Helmet

Tuning Body-to-Body Networks with RF Modeling

November 2010

New Wi-Fi Spec Simplifies Connectivity

Expanded Top-Level Domains Could Spur Internet Real Estate Boom

October 2010

New Weapon in War on Botnets

September 2010

Content-Centered Internet Architecture Gets a Boost

Gesturing Going Mainstream

August 2010

Is Context-Aware Computing Ready for the Limelight?

Flexible Routing in the Cloud

Signal Congestion Rejuvenates Interest in Cell Paging-Channel Protocol

July 2010

New Protocol Improves Interaction among Networked Devices and Applications

Security for Domain Name System Takes a Big Step Forward

The ROADM to Smarter Optical Networking

Distributed Cache Goes Mainstream

June 2010

New Application Protects Mobile-Phone Passwords

WiGig Alliance Reveals Ultrafast Wireless Specification

Cognitive Radio Adds Intelligence to Wireless Technology

May 2010

New Product Uses Light Connections in Blade Server

April 2010

Browser Fingerprints Threaten Privacy

New Animation Technique Uses Motion Frequencies to Shake Trees

March 2010

Researchers Take Promising Approach to Chemical Computing

Screen-Capture Programming: What You See is What You Script

Research Project Sends Data Wirelessly at High Speeds via Light

February 2010

Faster Testing for Complex Software Systems

IEEE 802.1Qbg/h to Simplify Data Center Virtual LAN Management

Distributed Data-Analysis Approach Gains Popularity

Twitter Tweak Helps Haiti Relief Effort

January 2010

2010 Rings in Some Y2K-like Problems

Infrastructure Sensors Improve Home Monitoring

Internet Search Takes a Semantic Turn

December 2009

Phase-Change Memory Technology Moves toward Mass Production

IBM Crowdsources Translation Software

Digital Ants Promise New Security Paradigm

November 2009

Program Uses Mobile Technology to Help with Crises

More Cores Keep Power Down

White-Space Networking Goes Live

Mobile Web 2.0 Experiences Growing Pains

October 2009

More Spectrum Sought for Body Sensor Networks

Optics for Universal I/O and Speed

High-Performance Computing Adds Virtualization to the Mix

ICANN Accountability Goes Multinational

RFID Tags Chat Their Way to Energy Efficiency

September 2009

Delay-Tolerant Networks in Your Pocket

Flash Cookies Stir Privacy Concerns

Addressing the Challenge of Cloud-Computing Interoperability

Ephemeralizing the Web

August 2009

Bluetooth Speeds Up

Grids Get Closer

DCN Gets Ready for Production

The Sims Meet Science

Sexy Space Threat Comes to Mobile Phones

July 2009

WiGig Alliance Makes Push for HD Specification

New Dilemnas, Same Principles:
Changing Landscape Requires IT Ethics to Go Mainstream

Synthetic DNS Stirs Controversy:
Why Breaking Is a Good Thing

New Approach Fights Microchip Piracy

Technique Makes Strong Encryption Easier to Use

New Adobe Flash Streams Internet Directly to TVs

June 2009

Aging Satellites Spark GPS Concerns

The Changing World of Outsourcing

North American CS Enrollment Rises for First Time in Seven Years

Materials Breakthrough Could Eliminate Bootups

April 2009

Trusted Computing Shapes Self-Encrypting Drives

March 2009

Google, Publishers to Try New Advertising Methods

Siftables Offer New Interaction Model for Serious Games

Hulu Boxed In by Media Conglomerates

February 2009

Chips on Verge of Reaching 32 nm Nodes

Hathaway to Lead Cybersecurity Review

A Match Made in Heaven: Gaming Enters the Cloud

January 2009

Government Support Could Spell Big Year for Open Source

25 Reasons For Better Programming

Web Guide Turns Playstation 3 Consoles into Supercomputing Cluster

Flagbearers for Technology: Contemporary Techniques Showcase US Artifact and European Treasures

December 2008

.Tel TLD Debuts As New Way to Network

Science Exchange

November 2008

The Future is Reconfigurable

New Web Protocol Promises to Reduce Browser Latency

by George Lawton

The chatty nature of traditional HTTP communications is the main source of browser latency today. Although various techniques have emerged to reduce the number of browser method calls to the server, they come with costs in programming complexity and code size. The WebSocket protocol is a proposed IETF standard to reduce Web application latency, code size, and development complexity by enabling two-way communication between Web pages and a remote host.

"WebSockets really marks a quantum leap forward in the reduction of unnecessary network traffic," said Peter Lubbers, director of documentation and training at Kaazing, an HTML 5 training and tool vendor.

Reducing application latency could have a direct impact on businesses using even the simplest text-only websites. For example, a recent Google experiment reported that users entered 25 percent fewer new search terms when the latency rose from 400 to 900 milliseconds. A 2 percent increase in latency from adding a shopping cart icon corresponded to a 2 percent drop in site usage.

A pre-standardized version of Websockets is running now within the Chrome and Safari browsers, while Opera and Firefox are also working on implementations. The main obstacle to full standardization has been security concerns related to cache maintenance.

Simplified Web Communications

Websockets is one of the primary communication protocols introduced as part of HTML 5.It's been in development for six years, starting from a World Wide Web Consortium (W3C) working group that included representatives from leading browser providers such as Google, Apple, Mozilla, and Opera. The W3C group forwarded a rough WebSockets draft to the IETF in 2008 to create a final standard.

Ian Fette, senior product manager for Google Chrome and author of the IETF standard, said the IETF group has reached consensus on many aspects of the protocol. For example, the APIs are locked in place, making it possible to write a program once using HTML 5 and WebSockets and run it today. The group is now approaching consensus on its framing and handshake aspects as well.

"People have been trying to realize these use cases for a while — for example, using XMLHttpRequest to send data from a client to server and then using a hanging get request," said Fette. But this approach is suboptimal. "There are two open connections rather than one," he explained. "The presence of caching proxies often forces you to close one of the connections to ensure the data is sent."

In contrast, WebSockets is designed to be a simple, straightforward API. "A Web developer doesn't have to worry about multiple connections and closing connections and how the entire message has been sent," said Fette. "All of that is abstracted to 'Here is the data to send,' and 'Here is the data I want to read.'"

WebSockets Primer

HTTP was designed for static websites. It worked well in the early Web, when data was presented in sequentially transmitted pages. But today, most applications involve considerable feedback between the browser and server. Many developers have developed complex workarounds, such as Comet and Ajax, to handle the communications for these applications. The various libraries resulting from these workarounds operate differently and therefore break in different ways.

The WebSocket protocol replaces all these different techniques with a single highly optimized code set that's installed natively in each browser. This makes a big difference in the time to load the first page. Fette said that Google used Websockets to reduce the startup payload for Gmail from 40 Kbytes to about 2 Kbytes.

Furthermore, the protocol itself adds less overhead to each transmission — 2 bytes of packaging to a simple 5-byte message, while HTTP adds about a thousand bytes. Peter Lubbers, director of Kaazing's documentation and training, demonstrated an application in which WebSockets reduced the bandwidth demand from 665 Mbps with HTTP to only 1.526 Mbps for 100,000 clients receiving one message per second.

Dark Clouds

Potential security concerns led browser makers Mozilla and Opera to postpone full support for WebSockets. An analysis of the number of Internet cache server configurations found that only about 0.12 percent would be vulnerable to a Web cache poisoning attack but the concern has been big enough to stall adoption. Adam Barth, a researcher who worked with Carnegie Mellon team to test various WebSockets security vulnerabilities, described Web cache poisoning as a way to confuse the proxy into doing things an attacker wants. The consequences are similar to cross-site scripting in which the attacker gets to choose the content purported to come from the Web.

Anne van Kesteren, a product developer at Opera, said they have shipped a WebSockets implementation and API in Opera 11, but it's disabled by default. "There are transparent and intercepting proxies that do not fully understand HTTP," van Kesteren said, explaining the company's decision. "In particular, they don't understand the upgrade-based handshake WebSockets is using and therefore the cache of these proxies can be poisoned." Once a cache is poisoned, he said, it would affect all users behind that proxy.

Barth said this problem has two relatively simple fixes. The first is to encrypt all of the traffic so that the proxy doesn't get confused. This adds a 1 percent overhead on traffic. The second method is to use the Connect method within HTML, which incurs no overhead.

What's Next

Chris Blizzard, a technology evangelist for Mozilla, sees WebSockets progressing along the IETF standards track at a good rate. "The protocol isn't a product, so there's no release date in the classic sense," he said. Once the IETF standard is set, however, he expects modern browsers to adopt the protocol quickly. "It improves a user's experience, decreases loads on Web servers, and reduces the amount of bandwidth that low-latency applications require."

Vendors like Kaazing have already released WebSockets development libraries for HTML 5. The libraries support backward compatibility with existing browsers, which will make it easier for organizations to move to HTML 5 without having to manage a separate code base for older browsers.

"What we are implementing now is not final, but it's pretty darn close," said IETF's Fette. "Over the course of the first half of 2011, we will see continued refinement to the protocol and in the second half, we will really get it locked down."

George Lawton is a freelance journalist in Guerneville, CA. Contact him via his website http://glawton.com.