<p><a class="imageLink" href="http://www.webat25.org/"><img src="/2014/03/web25-250.png" alt="Web 25th anniversary" /></a> Today, around the world, people are joining Web inventor Tim Berners-Lee in wishing the World Wide Web a happy 25th birthday. To mark the occasion, everyone is encouraged to share birthday greetings on social media using #web25. <a href="http://www.webat25.org/greetings">Select greetings</a> will also be posted on a virtual birthday card on the official anniversary site <a href="http://www.webat25.org/">webat25.org</a>.</p> <p>“The Web’s billions of users are what have made it great,” said Berners-Lee. “I hope that many of them will join me today in celebrating this important milestone. I also hope this anniversary will spark a global conversation about our need to defend principles that have made the Web successful, and to unlock the Web’s untapped potential. I believe we can build a Web that truly is for everyone: one that is accessible to all, from any device, and one that empowers all of us to achieve our dignity, rights and potential as humans.”</p> <p>Read the <a href="http://www.webat25.org/news/press-release-the-world-celebrates-25-years-of-the-web">full press release</a>, <a href="http://www.webat25.org/news/tbl-web25-welcome">welcome message and video from Tim Berners-Lee</a>, and <a href="http://www.webat25.org/greetings">special greetings to the Web</a>.</p> <p>Please visit <a href="http://www.webat25.org/">the Web’s 25th anniversary site</a> regularly for more details on activities and events all year long, including <a href="/20/">W3C’s 20th Anniversary Symposium</a> which will take place in Santa Clara, California, and will be live-streamed.</p> </content>
Happy Birthday World Wide Web!
Updated Techniques for Web Content Accessibility Guidelines (WCAG) 2.0 and Understanding WCAG 2.0
<p>The <a href="http://www.w3.org/WAI/GL/">Web Content Accessibility Guidelines Working Group</a> today published updates of two Notes that accompany WCAG 2.0: <a href="http://www.w3.org/TR/2014/NOTE-WCAG20-TECHS-20140304/">Techniques for WCAG 2.0</a> and <a href="http://www.w3.org/TR/2014/NOTE-UNDERSTANDING-WCAG20-20140304/">Understanding WCAG 2.0</a>. (This is not an update to WCAG 2.0, which is a stable document.) For information on these updates and links to blog posts, please see the <a href="http://lists.w3.org/Archives/Public/w3c-wai-ig/2014JanMar/0165.html">WCAG Techniques & Understanding WCAG Updated March 2014 e-mail</a>. Read about the <a href="http://www.w3.org/WAI/">Web Accessibility Initiative (WAI)</a>.</p> </content>
Last Call: Linked Data Platform 1.0
<p>The <a href="http://www.w3.org/2012/ldp/">Linked Data Platform (LDP) Working Group</a> has published a Last Call Working Draft of <a href="http://www.w3.org/TR/2014/WD-ldp-20140311/">Linked Data Platform 1.0</a>. This document describes a set of best practices and simple approach for a read-write Linked Data architecture, based on HTTP access to web resources that describe their state using the RDF data model. Comments are welcome through <strong>02 April 2014</strong>. Learn more about the <a href="http://www.w3.org/2013/data/">Data Activity</a>.</p> </content>
HTML Imports Draft Published
<p>The <a href="http://www.w3.org/2008/webapps/">Web Applications Working Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-html-imports-20140311/">HTML Imports</a>. HTML Imports are a way to include and reuse HTML documents in other HTML documents. Learn more about the <a href="http://www.w3.org/2006/rwc/">Rich Web Client Activity</a>.</p> </content>
One Week Left to Register for W3C HTML5 Training Course
<p><a href="http://classroom.w3devcampus.com/enrol/index.php?id=68">Register now</a> for the <a href="http://www.w3devcampus.com/html5-w3c-training/">W3C HTML5 online course</a> that starts next Monday, 17 March 2014. Acclaimed trainer <a href="http://www.w3devcampus.com/michel-buffa/">Michel Buffa</a> will cover the techniques developers and designers need to create great Web pages and apps. This new course edition has been updated again, and features advanced techniques illustrated by numerous examples. Learn more about <a href="http://www.w3devcampus.com/">W3DevCampus</a>, the official W3C online training for Web developers. See also our self-explanatory <a href="https://www.youtube.com/watch?v=XgyKbjOGCYA">fun video</a>.</p> </content>
RDF 1.1 is a W3C Recommendation
<p>The <a href="http://www.w3.org/2011/rdf-wg/">RDF Working Group</a> has published today a set of eight Resource Description Framework (RDF) Recommendations:</p> <ul class="show_items"> <li><a href="http://www.w3.org/TR/2014/REC-rdf11-concepts-20140225/">“RDF 1.1 Concepts and Abstract Syntax”</a> defines an abstract syntax (a data model) which serves to link all RDF-based languages and specifications. The abstract syntax has two key data structures: RDF graphs are sets of subject-predicate-object triples, where the elements may be IRIs, blank nodes, or datatyped literals. They are used to express descriptions of resources. RDF datasets are used to organize collections of RDF graphs, and comprise a default graph and zero or more named graphs.</li> <li><a href="http://www.w3.org/TR/2014/REC-rdf11-mt-20140225/">“RDF 1.1 Semantics”</a> describes a precise semantics for the Resource Description Framework 1.1 and RDF Schema, and defines a number of distinct entailment regimes and corresponding patterns of entailment.</li> <li><a href="http://www.w3.org/TR/2014/REC-rdf-schema-20140225/">“RDF Schema 1.1″</a> provides a data-modelling vocabulary for RDF data. RDF Schema is an extension of the basic RDF vocabulary. </li> <li><a href="http://www.w3.org/TR/2014/REC-turtle-20140225/">“RDF 1.1 Turtle:</a> defines a textual syntax for RDF called Turtle that allows an RDF graph to be completely written in a compact and natural text form, with abbreviations for common usage patterns and datatypes. Turtle provides levels of compatibility with the N-Triples format as well as the triple pattern syntax of the SPARQL W3C Recommendation.</li> <li><a href="http://www.w3.org/TR/2014/REC-trig-20140225/">“RDF 1.1 TriG RDF Dataset Language”</a> defines a textual syntax for RDF called TriG that allows an RDF dataset to be completely written in a compact and natural text form, with abbreviations for common usage patterns and datatypes. TriG is an extension of the Turtle format. </li> <li><a href="http://www.w3.org/TR/2014/REC-n-triples-20140225/">“RDF 1.1 N-Triples”</a> is a line-based, plain text format for encoding an RDF graph. </li> <li><a href="http://www.w3.org/TR/2014/REC-n-quads-20140225/">“RDF 1.1 N-Quads”</a> is a line-based, plain text format for encoding an RDF dataset. </li> <li><a href="http://www.w3.org/TR/2014/REC-rdf-syntax-grammar-20140225/">“RDF 1.1 XML Syntax”</a> defines an XML syntax for RDF called RDF/XML in terms of Namespaces in XML, the XML Information Set and XML Base.</li> </ul> <p>Furthermore, the Working Group has also published four Working Group Notes:</p> <ul class="show_items"> <li><a href="http://www.w3.org/TR/2014/NOTE-rdf11-primer-20140225/">“RDF 1.1 Primer”</a> provides a tutorial level introduction to RDF 1.1.</li> <li>The RDF 1.1 Concepts, Semantics, Schema, and XML Syntax documents supercede the RDF family of Recommendations as published in 2004. <a href="http://www.w3.org/TR/2014/NOTE-rdf11-new-20140225/">“What's New in RDF 1.1″</a> provides a summary of the changes between the two versions of RDF.</li> <li><a href="http://www.w3.org/TR/2014/NOTE-rdf11-datasets-20140225/">“RDF 1.1: On Semantics of RDF Datasets”</a> presents some issues to be addressed when defining a formal semantics for datasets, as they have been discussed in the RDF 1.1 Working Group</li> <li><a href="http://www.w3.org/TR/2014/NOTE-rdf11-testcases-20140225/">“RDF 1.1 Test Cases”</a> lists the test suites and implementation reports for RDF 1.1 Semantics as well as the various serialization formats.</li> </ul> <p>Learn more about the <a href="https://www.w3.org/2013/data/">Data Activity</a>.</p> </content>
Gamepad Draft Published
<p>The <a href="http://www.w3.org/2008/webapps/">Web Applications Working Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-gamepad-20140225/">Gamepad</a>. The Gamepad specification defines a low-level interface that represents gamepad devices. Currently, the only way for a gamepad to be used as input would be to emulate mouse or keyboard events, however this would lose information and require additional software outside of the user agent to accomplish emulation. The Gamepad API provides a solution to this problem by specifying interfaces that allow web applications to directly act on gamepad data. Learn more about the <a href="http://www.w3.org/2006/rwc/">Rich Web Client Activity</a>.</p> </content>
Register during MWC14 and get a special rate for the W3C mobile Web apps course
<p><a href="http://classroom.w3devcampus.com/enrol/index.php?id=69">Registration just opened</a> for W3C’s <a href="http://www.w3devcampus.com/writing-great-web-applications-for-mobile/">Mobile Web 2: Programming Applications</a> online course. W3C is offering a <a href="http://classroom.w3devcampus.com/enrol/index.php?id=69">special price</a> for the duration of Mobile Web Congress, where <a href="https://www.w3.org/2014/MWC/">W3C is exhibiting in Hall 8.1</a>. The course <strong>starts 31 March 2014</strong> and runs through 11 May. This course covers all techniques for programming successful mobile Web applications that can ship both online and in application stores. Participants have access to high quality content material and step-by-step instruction from expert "ď <a href="http://www.w3devcampus.com/niall-roche/">Niall Roche</a>. Learn more about <a href="http://classroom.w3devcampus.com/">W3DevCampus</a>, W3C’s online training for Web developers.</p> </content>
W3C Invites Implementations of CSS Syntax Module Level 3
<p>The <a href="http://www.w3.org/Style/CSS/members">Cascading Style Sheets (CSS) Working Group</a> invites implementation of the Candidate Recommendation of <a href="http://www.w3.org/TR/2014/CR-css-syntax-3-20140220/">CSS Syntax Module Level 3</a>. This module describes, in general terms, the basic structure and syntax of CSS stylesheets. It defines, in detail, the syntax and parsing of CSS – how to turn a stream of bytes into a meaningful stylesheet. CSS is a language for describing the rendering of structured documents (such as HTML and XML) on screen, on paper, in speech, etc. Learn more about the <a href="http://www.w3.org/Style/">Style Activity</a>.</p> </content>
W3C Invites Implementations of Compositing and Blending Level 1
<p>The <a href="http://www.w3.org/Style/CSS/members">Cascading Style Sheets (CSS) Working Group</a> and the <a href="http://www.w3.org/Graphics/SVG/">SVG Working Group</a> invite implementation of the Candidate Recommendation of <a href="http://www.w3.org/TR/2014/CR-compositing-1-20140220/">Compositing and Blending Level 1</a>. Compositing describes how shapes of different elements are combined into a single image. There are various possible approaches for compositing. Previous versions of SVG and CSS used Simple Alpha Compositing. In this model, each element is rendered into its own buffer and is then merged with its backdrop using the Porter Duff source-over operator. This specification will define a new compositing model that expands upon the Simple Alpha Compositing model by offering: additional Porter Duff compositing operators; advanced blending modes which allow control of how colors mix in the areas where shapes overlap; compositing groups. In addition, this specification will define CSS properties for blending and group isolation and the properties of the "ėglobalcompositeoperation' attribute as defined in HTML Canvas 2D Context, Level 2. Learn more about the <a href="http://www.w3.org/Style/">Style Activity</a> and the <a href="http://www.w3.org/Graphics/">Graphics Activity</a>.</p> </content>
The Screen Orientation API Draft Published
<p>The <a href="http://www.w3.org/2008/webapps/">Web Applications Working Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-screen-orientation-20140220/">The Screen Orientation API</a>. The Screen Orientation API provides the ability to read the screen orientation state, to be informed when this state changes, and to be able to lock the screen orientation to a specific state. Learn more about the <a href="http://www.w3.org/2006/rwc/">Rich Web Client Activity</a>.</p> </content>
Network Service Discovery Draft Published
<p>The <a href="http://www.w3.org/2009/dap/">Device APIs Working Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-discovery-api-20140220/">Network Service Discovery</a>. This specification defines a mechanism for an HTML document to discover and subsequently communicate with HTTP-based services advertised via common discovery protocols within the current network. Learn more about the <a href="http://www.w3.org/2007/uwa/">Ubiquitous Web Applications Activity</a>.</p> </content>
CSS Font Loading Level 3, CSS Display Level 3 First Public Working Drafts Published
<p>The <a href="http://www.w3.org/Style/CSS/members">Cascading Style Sheets (CSS) Working Group</a> has published two First Public Working Drafts today:</p> <ul class="show_items"> <li><a href="http://www.w3.org/TR/2014/WD-css-font-loading-3-20140220/">CSS Font Loading Module Level 3</a>. This CSS module describes events and interfaces used for dynamically loading font resources.</li> <li><a href="http://www.w3.org/TR/2014/WD-css-display-3-20140220/">CSS Display Module Level 3</a>. This module contains the features of CSS relating to the display property and other box-generation details. CSS is a language for describing the rendering of structured documents (such as HTML and XML) on screen, on paper, in speech, etc.</li> </ul> <p>Learn more about the <a href="http://www.w3.org/Style/">Style Activity</a>.</p> </content>
W3C Showcases the Open Web Platform and Web 25th Anniversary at Mobile World Congress 2014
<p><a class="imageLink" href="/2014/MWC/"><img src="/2014/02/mwc2014-shot-sm.png" width="250" height="99" alt="MWC14 W3C logo" /></a> The World Wide Web Consortium (W3C) invites media, analysts, and other attendees of Mobile World Congress to meet with us in <strong>App Planet, Stand 8.1G15</strong> and learn how the Open Web Platform is transforming industry. <a href="/2014/MWC/bios">CEO Jeff Jaffe, W3C staff</a>, and participating W3C Members will be available as expert resources for media stories and analyst reports on how the Web is impacting mobile, television, advertising, publishing, automotive, health care, and other industries.</p> <p>We will showcase many <a href="/2014/MWC/#demos">Open Web Platform demonstrations</a> from Baidu, Ericsson, Espial, Igalia, Intel, Klickfilm, Kolor, Mozilla, Opera, and Zaragoza. Be sure to check W3C's up-to-the-minute <a href="/2014/MWC/#schedule">demo schedule</a>.</p> <p>This year we also invite everyone to help us mark two special occasions: the Web’s 25th anniversary and W3C’s 20th anniversary.</p> <p>Read the <a href="/2014/02/mwc2014.html.en">full press release</a> and come meet with us at the booth.</p> </content>
Good Practices for Capability URLs Draft Published
<p>The <a href="http://www.w3.org/2001/tag/">Technical Architecture Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-capability-urls-20140218/">Good Practices for Capability URLs</a>. Capability URLs grant access to a resource to anyone who has the URL. There are times when this is useful, for example one-shot password reset URLs, but overuse can be problematic as URLs cannot generally be kept secret. This document provides some good practices for web developers who wish to incorporate capability URLs into their applications. Learn more about the <a href="http://www.w3.org/2001/tag/">Technical Architecture Group</a>.</p> </content>
Encrypted Media Extensions Draft Published
<p>The <a href="http://www.w3.org/html/wg/">HTML Working Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-encrypted-media-20140218/">Encrypted Media Extensions</a>. This proposal extends HTMLMediaElement providing APIs to control playback of protected content. The API supports use cases ranging from simple clear key decryption to high value video (given an appropriate user agent implementation). License/key exchange is controlled by the application. This specification does not define a content protection or Digital Rights Management system. Rather, it defines a common API that may be used to discover, select and interact with such systems as well as with simpler content encryption systems. Learn more about the <a href="http://www.w3.org/MarkUp/Activity">HTML Activity</a>.</p> </content>
CSS Regions Module Level 1 Draft Published
<p>The <a href="http://www.w3.org/Style/CSS/members">Cascading Style Sheets (CSS) Working Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-css3-regions-20140218/">CSS Regions Module Level 1</a>. The CSS Regions module allows content from one or more elements to flow through one or more boxes called CSS Regions, fragmented as defined in CSS3-BREAK. This module also defines CSSOM to expose both the inputs and outputs of this fragmentation. Learn more about the <a href="http://www.w3.org/Style/">Style Activity</a>.</p> </content>
CSS Masking Module Level 1 Draft Published
<p>The <a href="http://www.w3.org/Style/CSS/members">CSS Working Group</a> and the <a href="http://www.w3.org/Graphics/SVG/WG/">SVG Working Group</a> have published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-css-masking-1-20140213/">CSS Masking Module Level 1</a>. CSS Masking provides two means for partially or fully hiding portions of visual elements: masking and clipping. Masking describes how to use another graphical element or image as a luminance or alpha mask. Typically, rendering an element via CSS or SVG can conceptually be described as if the element, including its children, are drawn into a buffer and then that buffer is composited into the element's parent. Luminance and alpha masks influence the transparency of this buffer before the compositing stage. Clipping describes the visible region of visual elements. The region can be described by using certain SVG graphics elements or basic shapes. Anything outside of this region is not rendered. CSS is a language for describing the rendering of structured documents (such as HTML and XML) on screen, on paper, in speech, etc. Learn more about the <a href="http://www.w3.org/Style/">Style Activity</a> and the <a href="http://www.w3.org/Graphics/">Graphics Activity</a>.</p> </content>
Progress Events is a W3C Recommendation
<p>The <a href="http://www.w3.org/2008/webapps/">Web Applications Working Group</a> has published a W3C Recommendation of <a href="http://www.w3.org/TR/2014/REC-progress-events-20140211/">Progress Events</a>. The Progress Events specification defines an event interface that can be used for measuring progress; e.g. HTTP entity body transfers. This specification is primarily meant to be used by other specifications. Learn more about the <a href="http://www.w3.org/2006/rwc/">Rich Web Client Activity</a>.</p> </content>
Efficient XML Interchange (EXI) Format 1.0 (Second Edition) is a W3C Recommendation
<p>The <a href="http://www.w3.org/XML/EXI/">Efficient XML Interchange Working Group</a> has published a W3C Recommendation of <a href="http://www.w3.org/TR/2014/REC-exi-20140211/">Efficient XML Interchange (EXI) Format 1.0 (Second Edition)</a>. This document is the specification of the Efficient XML Interchange (EXI) format. EXI is a very compact representation for the Extensible Markup Language (XML) Information Set that is intended to simultaneously optimize performance and the utilization of computational resources. The EXI format uses a hybrid approach drawn from the information and formal language theories, plus practical techniques verified by measurements, for entropy encoding XML information. Using a relatively simple algorithm, which is amenable to fast and compact implementation, and a small set of datatype representations, it reliably produces efficient encodings of XML event streams. The grammar production system and format definition of EXI are presented. Learn more about the <a href="http://www.w3.org/XML/">Extensible Markup Language (XML) Activity</a>.</p> </content>
Call for Review: MathML 3.0 (2nd Edition), XML Entity Definitions for Characters (2nd Edition) Proposed Edited Recommendations
<p>The <a href="http://www.w3.org/Math/">Math Working Group</a> has published two Proposed Edited Recommendations today:</p> <ul class="show_items"> <li><a href="http://www.w3.org/TR/2014/PER-MathML3-20140211/">Mathematical Markup Language (MathML) Version 3.0 2nd Edition</a>. This specification defines the Mathematical Markup Language, or MathML. MathML is a markup language for describing mathematical notation and capturing both its structure and content. The goal of MathML is to enable mathematics to be served, received, and processed on the World Wide Web, just as HTML has enabled this functionality for text. Comments are welcome through <strong>11 March</strong>.</li> <li><a href="http://www.w3.org/TR/2014/PER-xml-entity-names-20140211/">XML Entity Definitions for Characters (2nd Edition)</a>. This document defines several sets of names, so that to each name is assigned a Unicode character or sequence of characters. Each of these sets is expressed as a file of XML entity declarations. Comments are welcome through <strong>11 March</strong>.</li> </ul> <p>Learn more about the <a href="http://www.w3.org/Math/Activity">Math Activity</a>.</p> </content>
Last Call: CSS Shapes Module Level 1
<p>The <a href="http://www.w3.org/Style/CSS/members">Cascading Style Sheets (CSS) Working Group</a> has published a Last Call Working Draft of <a href="http://www.w3.org/TR/2014/WD-css-shapes-1-20140211/">CSS Shapes Module Level 1</a>. CSS Shapes describe geometric shapes for use in CSS. For Level 1, CSS Shapes can be applied to floats. A circle shape on a float will cause inline content to wrap around the circle shape instead of the float's bounding box. CSS is a language for describing the rendering of structured documents (such as HTML and XML) on screen, on paper, in speech, etc. Comments are welcome through <strong>04 March</strong>. Learn more about the <a href="http://www.w3.org/Style/">Style Activity</a>.</p> </content>
Last Call: Vibration API
<p>The <a href="http://www.w3.org/2009/dap/">Device APIs Working Group</a> has published a Last Call Working Draft of <a href="http://www.w3.org/TR/2014/WD-vibration-20140211/">Vibration API</a>. This specification defines an API that provides access to the vibration mechanism of the hosting device. Vibration is a form of tactile feedback. Comments are welcome through <strong>04 March</strong>. Learn more about the <a href="http://www.w3.org/2007/uwa/">Ubiquitous Web Applications Activity</a>.</p> </content>
Scalable Vector Graphics (SVG) 2 Draft Published
<p>The <a href="http://www.w3.org/Graphics/SVG/WG/">SVG Working Group</a> has published a Working Draft of <a href="http://www.w3.org/TR/2014/WD-SVG2-20140211/">Scalable Vector Graphics (SVG) 2</a>. This specification defines the features and syntax for Scalable Vector Graphics (SVG) Version 2, a language for describing two-dimensional vector and mixed vector/raster graphics. Although an XML serialization is given, processing is defined in terms of a DOM. Learn more about the <a href="http://www.w3.org/Graphics/">Graphics Activity</a>.</p> </content>
Microsoft - IEBlog
Microsoft Security Bulletin MS14-012 - Critical
This security update resolves sixteen privately reported and two publicly disclosed vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11 on Windows clients, Moderate for Internet Explorer 6, Internet Explorer 7 on Windows servers, and Important for Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 on Windows servers. For more information, see the full bulletin.
Recommendation.¬†Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
Security Update for Flash Player (2938527)
On March 11th, a security update for Adobe Flash Player in Internet Explorer 10 and 11 on supported editions of Windows 8, Windows 8.1 and Windows Server 2012 and Windows Server 2012 R2 is also available. The details of the vulnerabilities are documented in Adobe security bulletin APSB14-08. This update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash binaries contained within Internet Explorer 10 and Internet Explorer 11. For more information, see the advisory.
Most customers have automatic updating enabled and will not need to take any action because this update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
"Ē Wilson Guo, Program Manager, Internet Explorer
Microsoft - IEBlog
Certificate reputation, a novel approach for protecting users from fraudulent certificates
At the IETF in London last week, we presented a proposal called Certificate Reputation for detecting fraudulent certificates, in order to protect you from attackers that could have stolen a site's identity. This prevents malicious sites from phishing your personal information like passwords, bank account numbers, credit card numbers etc. Recent attacks against public and Microsoft CAs (e.g. the DigiNotar and Comodo attacks) led us to develop mechanisms that protect you from such threats.
When you visit your bank site, IE relies on digital certificates (certificate for short) to ensure you are connected to the intended Web site. In order for the certificate to be considered valid, it needs to be issued by a trusted authority. This is similar to driver's licenses in the United States. The driver's license is only valid and accepted if it is issued by the Department of Licensing. In the Web world, a "Trusted Certification Authority"Ě (trusted CA for short) issues certificates for Web sites. A certificate issued by a trusted CA is considered legitimate by a browser just like a driver's license issued by the Department of Licensing is considered a valid form of identification. Browsers maintain a list of trusted CAs that help them verify certificates and establish the identities of sites.
Sometimes, certificates can be fraudulent or issued incorrectly
Trusted CAs are in the business of selling certificates. Normally, the owner of the site hosted on yourbank.com picks one of these trusted CAs, say ABC and works exclusively with them to purchase their certificate. In this case, ABC should know the owner of the site hosted on yourbank.com and should not sell the certificate for yourbank.com to anyone else. However, recent issues with certificates from Comodo proved that these verifications can be error prone. Additionally, the attacker might be able to get the certificate for yourbank.com by either hacking a CA or one of its retailers. Unfortunately, a fraudulent certificate obtained in this manner from a trusted CA will be trusted on all browsers. While there is a very high bar for such an attack, DigiNotar and Comodo were victims of this.
A data driven solution for detecting fraudulent certificates
As you can imagine, this is a tricky problem to solve. This is similar to a "trusted authority"Ě like the Department of Licensing issuing a driver's license in your name to an impersonator. Since everyone trusts the drivers' licenses issued by the Department of Licensing, a fake driver's license would be very hard to detect.
When we got to the drawing board to solve this problem, we set forth some principles and goals:
- Keep you safe from fraudulent certificates on the Internet without interrupting your workflow or preventing access to legitimate sites
- Not require a lot of changes to the ecosystem allowing easier adoption
- Preserve the privacy of site owners
We landed on a solution called Certificate Reputation that utilizes telemetry to detect abnormalities. As you are browsing the Web with IE11 (and have opted in to SmartScreen¬ģ), IE sends data to Microsoft about certificates that it encounters while validating server identities.
If a new certificate issued by a different trusted CA (other than the one the site uses typically) is detected for a site, Certificate Reputation can flag it automatically. This positions us to contact the site owner allowing them to initiate a revocation of that certificate or confirm that it is legitimate.
This Microsoft service harnesses the power of data mining and relies on heuristic algorithms. It doesn't require any action from you and changes from trusted CAs making it easily adoptable and sustainable over a long period of time. In the near future, we hope to automate the notification process as well.
In the future, the certificate telemetry collected by IE11 can be used to monitor CAs' compliance with industry guidelines and Microsoft Root CA technical requirements for SSL certificates. We can reach out to the CAs when we detect weak certificates, raising the bar for attackers and keeping you safer on the Web. You can read about other ways in which we plan to use this valuable data to improve Web security in this other blog.
With Microsoft's novel approach for detecting fraudulent certificates, you can feel safer when visiting your favorite bank, email or social networking sites. ¬†IE will do this seamlessly by collecting data about certificates in use, detecting new certificates and reporting them to site owners who can revoke them if invalid. This creates a fast and reliable process for revocation which does not require any action from you or trusted CAs and preserves the privacy of site owners. We received a positive response to this proposal from the attendees at IETF as they appreciated Certificate Reputation's goals around privacy and easy adoption. As we continue to engage with the CAs and IETF on this, we would love to hear your thoughts and feedback!
"Ē Anoosh Saboori and Ritika Kapadia, Program Managers on Windows and Internet Explorer
What Cancer Can Kill
Cancer is insidious, of course, but its tendrils spread in more ways than you might think.
(This is all true for pretty much any cancer, even the ones that aren't aggressive and aren't pediatric, but I'm the parent of a child with aggressive pediatric cancer, so that's what I'm going to talk about.)
The most obvious insidiousness is the way that many cancers send out thin fibers, interpenetrating healthy tissue, hiding literally microscopic reservoirs in places it can't be seen.¬† That's bad enough, of course.¬† It's what the surgeries and radiation and chemotherapy are meant to combat, and if they're successful then we'll have saved her life.
What's almost as bad, from a long-term perspective, is how, for us as her parents and therefore for her, cancer shades everything that happens in our daughter's life.¬† Kids are supposed to play and run and fall down and get scrapes and bumps and then get back up again to get on with life.¬† They're supposed to push themselves too hard, get exhausted, catch colds, run fevers, build up their immune systems and their experiences.
But then here comes cancer, and we second-guess every part of that.¬† If she falls and gets a bruise, we have to watch it carefully to make sure it doesn't blossom into a hematoma or worse, a side effect of the chemotherapy.¬† If she runs a fever, we have to keep an incredibly close eye on how high it rises, because fever could be the onset of neutropenia.¬† If she complains of a headache, we immediately wonder if we need to get her to an MRI to make sure the tumor hasn't come back.
Or, you know, she might just have a headache, or a viral fever, or a scrape that will quietly heal up.
Even if a child is lucky enough to survive cancer, there is the very real danger that it could effectively steal their childhood.¬† We can't just let Rebecca be a kid, however much we might want to do so.¬† And we do.¬† Oh, we do.¬† We always wanted our kids to have the chance and the time and the space to be kids.¬† To make mud pies, nail together scrap wood to make a fort in the backyard, wreck the kitchen trying to make a chocolate cake, properly learn to chop vegetables, climb trees and take gym class and wrestle with siblings and just be a kid.
And it's hard.¬† It is so hard, because some of those things we have to just flat-out forbid her to do because of the risks, and other things we have to treat as way more serious than we ever would have.
There are no more mud pies, because tetanus is in all the soil everywhere.¬† Gym class is out, because of the risk of internal bleeding as the result of a normal fall.¬† We can't just tell her to "walk it off"Ě; now there's three rounds of washing and antibiotic cream and two crossed bandages over the smallest of scrapes, which risks making all the kids germ-phobic and hypochondriac by example.
There's no more "too bad about the cold, but at least it will strengthen her immune system"Ě, no more shrugging off a low-grade fever with Tylenol, chicken soup, and a day in bed.¬† Now we own a hospital-grade oral/axillary thermometer, disposable probe sleeves and all, because if Rebecca's temperature ever rises above a very precisely defined threshold, we take her straight to the hospital.¬† Not because we want to, but because the doctors have made it very clear that an elevated temperature might be nothing, or it might be the beginning of a week or more in the hospital as she fights to survive what would merely inconvenience (almost) any other child.¬† We can't even give her Tylenol, because its magic fever-lowering properties could mask a much deeper problem.
For that matter, we've always had a relatively lax attitude toward germs and allergens.¬† We didn't let the house become a pigsty by any stretch, it's not like we were smearing them in filth; but now we have hand sanitizer bottles mounted on walls all over the house and two high-grade high-capacity dedicated HEPA filtration units.¬† Not because we want them, but because our daughter might one day need them.
Helicopter parenting?¬† Please.¬† Try NSA parenting.¬† What's more, try it even while you hate every inch of it, because it's forcing you to be the kind of parent you swore you'd never be.
We want our kids to learn that cuts and bumps and bruises are part of life and something you shake off and move on from.¬† Instead, we risk teaching them that cuts and bumps and bruises are sources of deadly danger, something to worry about and obsess over, something to avoid at all costs.
Sure, we can talk about everything with them, and we do, but children pay more attention to what you do than what you say.¬† We try to balance things out, find ways to show that life is more than dealing with cancer, and fervently hope that they learn the lessons we want them to learn instead of what we're afraid they're absorbing.
I know it's possible to do right, I do.¬† I've seen it done before, and lived the results.¬† I know that we'll do our utmost to make it happen.¬† It's just so very, very hard not to constantly worry that even if we do save her, it will be at the cost of her childhood, and the childhoods of her siblings as well.
Microsoft - IEBlog
Introducing Reading View in IE 11
In IE11, you can click or tap a button in the address bar to put a Web page article into reading view.
Reading view is a new feature in Internet Explorer 11 for Windows 8.1 that helps you focus on the main content of the Web page you want to read. Reading view is a way to experience just the article or blog post you want to read, without the distractions of related (or unrelated) content surrounding the story. Find an article you want to read, switch to reading view, and settle into a great reading experience. When you’re done, just exit reading view to continue browsing on the site.
A web article in reading view
Reading view is a native feature of “immersive” IE – you don’t have to install anything extra – and it’s available for pages with a significant amount of text, in any language IE supports.
How to Use Reading View in IE 11
Using reading view is easy. Just click the reading view button in the address bar. If you’re a keyboard person, you can also use CTRL+SHIFT+R to put a page into reading view.
The reading view button will appear in the address bar for pages that have “article-like” content. If you don’t see it, it means that the page doesn’t work well in reading view.
To exit reading view, tap or click the button in the address bar again), or hit Esc. To go to the previous page, tap or click the back button, or back-swipe if you’re using a touch-enabled device.
What makes a great reading experience?
When we built reading view in IE 11, the goal was to create a view of the page that was noticeably terrific for reading, one where it actually felt better to read this page than the original page – like a temporary reading oasis in your browser just for that article. At the same time, we wanted to preserve the integrity of the content, as well as the story’s URL, author, and other relevant contextual information. While we are not the first browser to integrate it natively, we did see an opportunity to improve on other browsers’ experiences by incorporating legibility best practices that publishers of printed media have been using and refining for centuries, and adapt them to reading online.
There are many things that can contribute to the readability of a page such as font choice, line length, white space, paragraph markers, line spacing, kerning, contrast, and placement of images. Here are a few things we built into reading view in IE11 that we think make a positive difference:
A new font designed for online reading
IE 11 reading view takes advantage of a brand new font for Windows 8.1, called Sitka. It was developed for Microsoft by Mathew Carter, in collaboration with the Advanced Reading Technologies team that previously developed Clear Type text rendering to work well for online reading as well as in print.
One of the advantages of the Sitka font comes from the optical scaling addressed by its different weights. Research has shown that different letter spacing, stroke sizes, and x-height can have a positive effect on the readability of different sizes of text. An optical family contains styles specifically optimized for each size and use case – rather than trying to be one-size-fits-all, like many of the typefaces common on the Web. Thus, you can get terrific legibility in text, and style in display sizes, all with the same family. Reading view for example uses Sitka Small, which is designed with thicker strokes, larger x-height, and looser letter spacing, for image captions, and Sitka Banner, designed with thinner strokes and tighter letter spacing, for the article titles.
In this picture we show three of the optical weights of Sitka at the 2.0em size. From this you can see how the tighter letter spacing and thinner widths employed in Sitka Heading are a better reading choice for text at this size.
In this picture again we show the same three optical weights of Sitka this time at the 0.8em size. It is easy to see how the greater x-height, and looser letter spacing employed in Sitka Small is substantially better for reading the text at this size.
Sitka was also the first typeface family designed with scientific legibility studies integrated directly into the design process. Most fonts do not undergo legibility studies. Those few that do are studied after the font is nearly done. Sitka, however, was repeatedly tested throughout the design process.
Additionally reading view uses a larger than average size font because research has shown that reading speed increases at larger sizes (up to a plateau at very, very large sizes).
A layout that is easy on the eyes
Some Web articles require significant effort to read, because there is so much other content on the page. In contrast, the effect we were going for with reading view in IE 11 can almost be described as one of relief – the page should just feel good to look at. To that end, we gave attention to a few aspects of the layout that can make a difference, specifically aiming to get the right balance of column width, line height, and text size.
For example, because the user can change the font size in reading view it was important for the feature to adjust the line spacing too as the font got bigger. Other considerations were padding (white space) between columns, around images, and between paragraphs. The goal was for the page to feel clean and free of distractions, and this padding helps your eyes and brain quickly identify and distinguish the different elements of the article from each other, as well as provide cues for orienting your path through the text.
No more “Next, Next, Next…” links
There are many articles on the Web that contain multiple and separate pages content. That means you have to click a “Next Page” link to continue reading, sometimes again and again, if the article spans many pages – and then you have to wait for each successive page to load, thus interrupting your reading experience.
Reading view in IE 11 combines the primary content from all pages of an article into a single continuously scrolling page that works great on any device. No need to click those “next page” links. Instead you can just use your finger or your mouse to scroll as you read. You get to have full control the position of the text on the screen.
If you are using a wide-screened device, like a tablet or a large monitor, articles in reading view can display in a multi-column, horizontally scrolling page.
If you like to read on a tablet while holding it in portrait mode, or if IE is displayed side-by-side with another app window, articles in reading view will display in a single-column, vertically scrolling page. As a general rule, if the IE window isn’t wide enough to show two columns of text, then reading view will use a single-column, vertically scrolling layout.
How reading view works
Once a Web site is determined to be reading view eligible, reading view uses a number of heuristics to identify and then extract relevant content from the page, to create a new page (in memory). The Web is a big and dynamic space, and from an engineering perspective, our algorithm aims to retrieve the most relevant content for the largest number of reading view eligible sites. These heuristics look at HTML tags, node depth, image size, and word count to determine what content on the page is the “main” content.
We have put together an interactive Reading View Test Drive demo to provide more details on key rules used in the Reading View extraction algorithm. We hope these tips will help content managers and developers ensure their site looks great on reading view.
We are excited to bring reading view to IE11. Try it out today and please share your thoughts.
— Jane Liles and Bonnie Yu, Program Managers, Internet Explorer
— Marty Hall, Interaction Designer, Internet Explorer
A St. Baldrick's Appeal From Carolyn
I'm turning this post over to my eldest daughter, Carolyn, who has a favor to ask of you.
My name is Carolyn Maxwell Meyer and I would like to tell you about something going on in my life, and about my sister, Rebecca.¬† My sister Rebecca is 5 years old and loves to play with our little brother Joshua who is 3 years old.¬† We all like to sing, dance, and play with friends, but we do not live a normal life, because Rebecca is undergoing treatment for a rare brain cancer called anaplastic astrocytoma.
To help Rebecca and all the other children with cancer, I'm raising money for childhood cancer research during the St. Baldrick's Shave-A-Thon.¬† I'm captaining my Elementary School team, Roxboro Cares, and shaving all my hair off my head to raise money for childhood cancer research.
Did you know that kids' cancers are very different from adult cancers?¬† And childhood cancer research is extremely underfunded?¬† So I decided to do something about it by participation in the St. Baldricks Shave-A-Thon.
Now I need your help.¬† Will you please make a donation?¬† Every dollar makes a difference for thousands and thousands of children, including my sister.¬† All infants, toddlers, school aged, teens, and young adults fighting childhood cancers need your help.
Having a sister with cancer sometimes makes me feel like I'm alone in a dark room and no one will come and get me out.¬† Please donate to help raise money so other sisters never have to feel this way.
Hosted by: Keller Technologies Inc.