Rob Isaac is a New Zealand-based developer, technical analyst, and consultant. After the news that Google would be creating its own, Chrome-specific version of the Webkit browser rendering engine, called Blink, Isaac created this “translation” of Google’s developer FAQ for Blink. This FAQ was originally published on his website.

1 Why is Chrome spawning a new browser engine?

The WebKit maintainers wouldn’t let us attack Apple directly, by changing WebKit in ways that would make it perform badly on OS X and iOS.

Because they share a rendering engine, developer effort to ensure Chrome compatibility currently benefits Apple platforms for free. To prevent this, we must make Chrome and WebKit behave differently.

1.1 What sorts of things should I expect from Chrome?

Nothing yet. This is a political move, not a technical one.

However, while the Chrome user interface will not change in any significant way, we will be silently overwriting all existing installations of Chrome with our new rendering engine without your knowledge or consent.

1.2 Is this new browser engine going to fragment the web platform’s compatibility more?

Yes.

We intend to distract people from this obvious problem by continually implying that our as-yet unwritten replacement is somehow much better and more sophisticated than the rendering engine that until yesterday was more than good enough to permit us to achieve total dominance of the Windows desktop browsing market in less than two years.

This strategy has worked extremely well for Netscape, Microsoft, Apple and us in previous iterations of the browser wars, and we firmly believe that everyone in this industry was born yesterday and they will not recognise this for the total bullshit it so clearly is.

1.3 Hold up, isn’t more browsers sharing WebKit better for compatibility?

Yes. See 1.

1.4 How does this affect web standards?

We have sufficient market share on the desktop that a few months from now, we will be in a position to unilaterally dictate them.

We hope to leverage this control to achieve the same dominance in mobile eventually.

1.5 Will we see a -chrome vendor prefix now?

No. See 1.4.

1.6 So we have an even more fragmented mobile WebKit story?

Yes.

We encourage you to adopt Chrome on Android for your mobile browsing needs.

1.7 What’s stopping Chrome from shipping proprietary features?

Nothing.

1.8 Is this just a ruse to land the Dart VM or Native Client?

We’ve decided to avoid discussing unpopular topics like those for the time being.

1.9 What should we expect to see from Chrome and Blink in the next 12 months? What about the long term?

We have a direct strategic interest in destroying Apple’s mobile platforms because their lack of participation in our advertising and social ecosystems does not benefit our long term goals. You should expect Chrome and Blink changes in the short term to be focused in this direction.

In the longer term, we aim to have sufficient control over the installed base of web browsers to dictate whatever conditions we consider most appropriate to our business goals at the time.

1.10 Is this going to be open source?

Not really.

While you can certainly read the source code, we’re fully aware that actually tracking and understanding a modern HTML renderer is extremely difficult. In addition, the first changes we will make are intended specifically to break compatibility with WebKit, so the only organisation with sufficient resources to track our changes will no longer be able to do so.

In practice, this allows us to call the project “open” while simultaneously ensuring Google will be the only effective contributor to the Chrome and Blink source now and in the future. We’ve had enormous success co-opting the language of open source in the past to imply our products are better, and we aim to continue with that strategy.

1.11 Opera recently announced they adopted Chromium for their browsers. What’s their plan?

Opera have such a tiny market share that they have no choice other than to follow whatever strategy Chromium adopts. In this case, it means they will adopt the Blink renderer as quickly as possible.

1.12 Why is this is good for me as a web developer?

It isn’t. Our primary goal is to use your development efforts as leverage against our competitors. See 1.9.

photo credit: nitot via photopin cc

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

Steam, the online gaming platform and community from Valve, seems to have fixed a security issue today that allowed anyone to easily get information about games played, achievements, and stats from a private profile.

Kyle Orland of Ars Technica reports that he found the hole while poking around his own Steam profile. He found that you could manipulate the HTML address to unearth a number of different “private” pages associated with his profile, as well as find games he’d played in the page’s source code. According to Orland, he was able to “independently confirm” that this did not just affect his profile but others as well.

People in general should be concerned about these kinds of privacy snafus — not just gamers. Like most things on the Internet, what you believe to be personal or shared just with friends often appears in unexpected places. Thankfully, the information exposed in Steam’s case didn’t include highly sensitive data such as credit card numbers or home addresses. But it’s likely just as annoying as having a Facebook photo leaked.

Orland first tried to find a private user’s (which happened to be his own profile) list of games played by typing in “/games/?tab=all” after the profile’s URL. That didn’t work and instead brought him back to the private profile page. So he inspected the source code associated with the page, and there, in plain text, was the list he’d been looking for.

After identifying the games, he played with the HTML a little more, choosing to search for achievements in the game Portal 2. He added “stats/Portal2/?tab=achievements” to the end of the URL and was immediately taken to the Portal 2 achievements page associated with that profile.

Using the same method, he found the player’s stats for specific games, as well as badges. Orland noted that an observant snooper could find the times that person was playing a game, if their profile was connected to Facebook, and when the profile was created.

As is courteous and traditional, Orland reported the hole to Steam before going public with his information. The holes have seemingly been fixed, but Valve has not responded to the bug report.

Steam image via Shutterstock

While many companies fear hactivist entities like Anonymous, some, like Whitehat Security, can actually thank them for creating a big need for security technology services. Whitehat, which claims to be the first software-as-a-service option for application security, raised $31 million fourth round of funding today.

“Back in 2011, starting with the Sony breach, organizations like Anonymous and Lulzsec began kind of a systematic campaign. That really raised awareness in the industry,” said chief executive Stephanie Fohn (pictured above) in an interview with VentureBeat. “That is very important to us. We are growing very quickly.”

The funding was led by JMI Equity, with participation from existing investor IGC (Investor Capital Group).

Whitehat Security was focused on protecting web applications first, and now mobile applications. Web applications can be popular points of entry for a cyber criminal. This is because many big enterprises, and even small to medium-sized businesses, have online presences that can span for thousands of web pages. Some of those pages eventually go un-monitored or get forgotten, so the source code can become weak and go without updates for long periods of time.

“Organizations today are saying, ‘Hey, I just can’t rely on focusing my resources on my most valued sites, I have to look across all 1,000 sites that I own,’” said Fohn.

The company’s product, Sentinel Services, monitors your web applications and source code continuously to spot vulnerabilities and tell you where they are.

After hacker groups Anonymous and Lulzsec started what the security industry called a “hack a day” in 2011, the demand for Whitehat’s products spiked, as did its need for capital. So, the company went out in search of funding and brought $31 million back, compared to an $8 million round in 2011, a $7 million round in 2008, and a previous total of $6.2 million made up of two different rounds.

Whitehat Security plans to use latest funding to expand internationally, hire on the sales side, and build out more support for its mobile application monitoring products.

Whitehat Security was founded in 2001 and is headquartered in Santa Clara, Calif. with offices in the U.K. and Singapore. Today’s funding brings the company’s total to $53 million, from Horizon Ventures, Altos Ventures, Garage Technology Ventures, Startup Capital Ventures, JMI Equity, Investor Growth Capital, and a number of angels.

Stephanie Fohn image via Whitehat Security

And, it’s free for teams up to five — or those with a MSDN subscription.

Jason Zander, a VP for Windows Azure demoed how developer teams can use TFS as a team portal which provides the ability to do code reviews, view project backloads, and generally manage software development projects. TFS integrates with Microsoft’s suite of developer tools, including Visual Studio Express for Windows 8, Desktop, Phone 8, and Web.

TFS includes a very Windows 8-ish dashboard, with live tiles showing current status and activity:

Source: Microsoft

The Team Foundations Service dashboard, with very Windows 8-ish live tiles

Something that Microsoft has added, Zander said, was “kanban” support — an originally Japanese methodology for enabling just-in-time manufacturing. In TFS, that translates to a very visual way of displaying work in progress, flow of requests, change approvals, and capacity levels.

Zander also demonstrated triggering builds in the cloud, right from Team Foundations Service.

“The build happens in the cloud,” he said. “No more build machines to configure!”

Before triggering a build, developers can re-check source code and review checkins. While “the cloud” is building an executable, it will run any test cases the team has created, ensuring that the new build passes the tests. And, of course, after the build, developers can revert to early versions if problems arise.

The service is free for small teams and MSDN subscribers, as previously mentioned, but also free until 2013, at which point additional terms and plans will be announced.

Image credits: Microsoft

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

A judge has harshly penalized Samsung today, barring the company from using specific code in its defense against Apple’s infringement case.

Judge Paul S. Grewal, who has had recent issues with Samsung violating court orders, ordered Samsung to delivers bits of its source code to Apple in December, which Samsung instead decided to put off. Apple issued a complaint to the court, saying it wouldn’t be able to use the code now, and that Samsung was unnecessarily taking its time. Grewel released this order Friday, in response to Apple’s motion:

“In accordance with the foregoing, the court grants Apple’s Motion for Snactions, and finds that Samsung’s faiure to adequately produce source code to Apple violated the court’s December 22 Order. Samsung shall be precluded from offering any evidence of its design-around efforts for the ’381, ’891, and ’163 patents, and shall not argue that the design-arounds are in any way distinct from those versions of code produced in accordance with the court’s order. Samsung must instead rely solely on the version of code that were produced on or before December 31, 2011.”

The mentioned code included Samsung’s “design-around,” or change in code so as to not infringe on patents, called a “blue glow.” Blue glow was an effort to move away from Apple’s “over-scrolling rubber band effect” patent that the iOS creator says Samsung was willfully infringing upon. Apple users will recognize this “over-scrolling” as the bouncing of a page when you’ve pulled on it too far with the swipe of a finger.

This “blue glow” code could have corrected Samsung’s alleged patent infringement and would have helped Samsung defend itself saying the code had been altered and the infringement no longer existed. But now Samsung will have to rely on code dating earlier than December 31, 2011, when the “design-around” had not yet been released.

The issues for Samsung are greater, however. According to Foss Patents, the court now sees Samsung as a continued violator of discovery orders and will more than likely be harsher on the company in future trials. And looking back on Samsung’s history with patent disputes, there will certainly be more trials.

via Foss Patents; Little boy image via Shutterstock

Symantec admitted yesterday that it’s been involved with a sting operation by law enforcement centering on a $50,000 extortion attempt from the hackers, who call themselves the Lords of Dharamaja. After those discussions fell through yesterday, the hackers released 1.27 gigabytes of what they claim to be Symantec source code onto Bittorrent.

Symantec admitted that its source code was stolen back in January, but it said at the time that no consumer data was exposed. The hackers released the code behind Norton Internet Security 2006 shortly afterwards and eventually demanded money from the company to keep the rest of its source code private.

“When they came to us with what was for all intents and purposes extortion, we went to law enforcement,” Chris Paden, a spokesperson for Symantec told Forbes. “From that point on, we turned over the investigation to them.”

Negotiations surrounding the extortion attempt were revealed yesterday in a lengthy e-mail chain between Symantec employee Sam Thomas and a hacker calling himself “YamaTough,” which was posted on the document sharing site Pastebin. At first glance, the e-mails appear to show Symantec trying to pay off the hackers, but in truth Sam Thomas was a false name used by law enforcement to trace the hackers, Paden said.

“Anonymous has been talking to law enforcement, not to us,” Paden told Forbes. “No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation.”

As for the leaked code, which appears to be from Symantec’s PCAnywhere software, Paden said the company is still analyzing what was uploaded, but that consumers should be safe to use current versions of PCAnywhere.

Anonymous image via Shutterstock

The FBI accused a man of stealing code from the Federal Reserve Bank of New York Wednesday. The code is responsible for keeping track of the US government’s finances.

According to a statement by the FBI, a contractor by the name of Bo Zhang admitted to copying code from the Federal Reserve Bank of New York (FRBNY) to an external hard drive for later access. Zhang, who was taken into custody Wednesday, explained in a complaint released by the Fed, that he wanted the code for his personal business teaching computer programming. The code itself, known as the Government-Wide Accounting and Reporting Program (GWA) is owned by the Department of the Treasury and is used to track government spending. Like a bank, the program regularly sends out account statements to various agencies of the US government tallying their balances.

“As today’s case demonstrates, our cyber infrastructure is vulnerable not only to cybercriminals and hackers, but also alleged thieves like Bo Zhang who used his position as a contract employee to steal government intellectual property,” said Manhattan U.S. Attorney Preet Bharara in a statement.

Often we think of a cyber criminal hunched over blue computer light in some dark, remote basement typing their way into our systems. What we happily ignore are thoughts of rogue employees, who already have the hard work done for them: getting access.

The GWA was stored with the Federal Reserve Bank of New York for further development. Zhang was one of the contractors working on the program.

According to the statement, the US government has spent $9.5 million developing the code thus far. If found guilty of the offense, Zhang faces up to 10 years in prison, three years of supervised release, and $250,000. He has not been charged yet.

Hat tip Reuters, Image by epicharmus/Flickr

Rohrweck is credited as discovering many Google products that prior to an official announcement, including Google Social (which became Google+), Google+ Games, Google Photos, Google+’s Shared Circles, Google Questions and many others that still haven’t been officially announced.

Google was no doubt impressed with Rohrweck’s attention to detail. The company even gave the developer a mention within an easter egg in the Google+ code.

“I’m the only contractor/employee at Google Austria (they don’t really have an office here). It was quite bumpy in a legal way,” Rohrweck said in an interview with VentureBeat. Originally, the company offered him an engineering job at Google Munich, which he declined in favor of a newly created role. “I’m more of a code modder and unorthodox in my development,” he said.

In a sense, Rohrweck created his own job.

“I don’t think a lot of people are so stubborn to hack through Megabytes of minified Javascript code. There are a few guys out there who do, or did, the same as me, but I really made some impact with my discoveries,” Rohrweck said.

In his new role, Rohrweck will probably focus on leak prevention and security as well as being a developers advocate. He won’t find out for certain until he visits the Google Munich office Monday. As for his blogging, posts about new product leaks will more than likely get put on hold.

“I will post new articles again. Not so much about leaks but more about the dark arts of mastering Google products and APIs. Or something else. Time will tell!,” Rohrweck wrote on his blog.

This is the second time in a week that a big tech company has plucked an outsider to work for them — the first being Apple, which snapped up, notorious iPhone jailbreak hacker Comex as an intern.

Image via Florian Rohrweck

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---