Internet / Intranet Fall 2000

Internet / Intranet

Fall 2000

Class 9

Brandeis University Internet/Intranet Spring 2000 2

Class 9 Agenda

Milestone#3 - DiscussionPresentationsMiscellaneous Topics

CybersquattingPlug-Ins, MultimediaDevelopment Environments


CybersquattingCybersquatting

Registering a Domain NameContains or Resembles Well-Know Commercial Names or Names of IndividualsWith Intent to:

Prevent Others From Using the NameProfit by Selling Domain Name to Trademark Owner or Individual

Trademark LawLegal Action Only if Domain Name is Used

Anticybersquatting Consumer Protection ActNovember 29, 1999Civil Lawsuits May be Filed by Trademark Holder

Against anyone who Registers, Traffics In, or Uses Domain Name Identical or Confusingly Similar to Protected TrademarkBad Faith Intent to Profit

“Confusingly Similar” to be Decided By Courts


Cybersquatting (2)Effects

Reduce the Number of Domain NamesLegitimate Holders May Face Litigation

Bad Faith Factors:Harm Goodwill of Trademark HolderOffer to Sell Domain Without Actually Using it in Bona Fide Offering of Goods and Services (or past pattern of such conduct)Obtained Under False PretensesAcquisition of Multiple Domain Names With Knowledge That They are Similar to Protected Marks


Cybersquatting (2)Effects

Reduce the Number of Domain NamesLegitimate Holders May Face Litigation

Bad Faith Factors:Harm Goodwill of Trademark HolderOffer to Sell Domain Without Actually Using it in Bona Fide Offering of Goods and Services (or past pattern of such conduct)Obtained Under False PretensesAcquisition of Multiple Domain Names With Knowledge That They are Similar to Protected Marks


Cybersquatting (3)Absence of Bad Faith:

Domain Holder Has Legal Rights to ItDomain Name Commonly Used by Its HolderPast Use of Name in Conjunction with Bona Fide Goods or ServicesNoncommercial or Fair-Use PurposesName Not Distinctive and Famous When RegisteredReasonable Grounds to Believe it was Lawful

PenaltiesDomain Name Cancelled or Forfeited to Rightful OwnerDamages Up to $100,000 per Domain Name

JurisdictionCourt Where Domain Name Registrar is Located

Network Solutions Located in VirginiaDomain Name Registrars are Protected


Cybersquatting(4)ICANN Policies as a Result

Mandatory Arbitration Most Registrars Expected to Adopt it

Some Ambiguities in the LawChallenges Expected


A Quick Word About JavaJavaScript is Interpreted By the Browser

Run Within Browser EnvironmentLimited by Browser’s CapabilitiesSource Code is Part of HTML Page

Java is a Completely Separate LanguageBrowser Transfers a Java Program (“Applet”) to the Local Machine and Runs It

Output of Java Can Be Displayed Within the BrowserDesigned to Be Safe For Web Use

Otherwise Similar to Transfering .exe ProgramsCompiled Into .class Files

Pseudo-code: Requires a Java Virtual Machine to RunSource Code Hidden From Users

Does Not Have Access to Page Internals (DOM)


Including a Java Applet in Your Page<APPLET CODEBASE=“./japplets” CODE=“myapplet.class” HEIGHT=100 WIDTH=200 ><PARAM Name=Whirl Value=“True”><PARAM Name=Title Value=“WhirlyDemo”></APPLET>


Plug-InsPlatform Specific Extensions to Web Browsers

Client Side Equivalent to Server ExtensionsAssociated With a File Extension

Similar to MS-Windows AssociationsIf Installed, Files With Extension Will Invoke Program on Browser

Including a Plug-In in HTML<EMBED SRC=“filename.ext” WIDTH=200 HEIGHT=200 PINAMEx = VALUE PINAMEy = VALUE >

Height, Width Where Data is to Be Displayed in Browser WindowName/Value Pairs are Arguments to the Plug-In

<NOMBED> </NOEMBED> Used to Provide AlternativePlug-In Must Be From a Trusted Source

Like Any Other Program. Has Full Access to Local ComputerPlug-In Development

Netscape, Microsoft Provide SDK’s


Active XMicrosoft Specific“Plug-In” Technology That Allows Components to Run in Browser

Components are Accessible By Other Programs via OLEAllows Developers to Develop Internal Controls That are Web EnabledKey Advantage is Distribution

Active X Components Can Be Distributed via the WebAutomatically Downloaded As Part of Web Page (Unlike Plug-Ins)

Default Security Asks for Confirmation Must Come From a Trusted Source

Typically Used For Intranet Type Applications Or Large Commercial (“Trusted”) Organization

E.g. MicrosoftCertificates Verify Creator of Control

Third Party Verifies Sender is Who They Say They AreOLE Documents Allow Including a Document in Another Application

E.g. Microsoft Office Applications Can Run Within BrowserEmbed Into Web Page Using <CONTROL> Tag

Many Arguments. Typically Use ActiveX Control Pad to Insert Info


MultimediaSound

<BGSOUND SRC=“URL” LOOP=“Infinite”>Internet Explorer OnlyCan Appear Anywhere in <BODY>

Best to Place it Near EndOtherwise Graphics Won’t Load Until Sound is Loaded

Default: Loop = 1Supports .wav, .au, .mid Formats

<EMBED src=“music.wav”>Requires Sound Plug-In (e.g. Real Audio)

Video<EMBED src=“movie.mpg”>

Requires Plug-In (or Download and Play Separately)<IMG DYNSRC=“movie.mpg” START=“mouseover” WIDTH=“150” HEIGHT=“100” LOOP=“-1”>

START – indicates when video should play


Multimedia (2)Environments

Shockwave / FlashDevelopment Environment Plus Plug-In Playback

Allows Development of Animations User Interactivity

Audio Formats.mid – Provides the Music “Score”

Algorithm Generates the Music .wav – Microsoft Windows Sound File.au, .aif – Sun, Apple Sound Files.mp3 – Near CD-Quality Format. Great Compression.

Video Formats.avi – Microsoft Windows Video File.qt, .mov – Apple QuickTime Movie Format.mpg, .mpeg – Current Internet Video Standard.rm – Real Media. Proprietary Video Format


Streaming MultimediaProblem: Audio/Video Take a Long Time To Download

Technologies Require File to Be Downloaded Before PlayingClient Pull: Poor Solution

Requires Breaking Up the A/V into Small FilesChoppy Results

Solution: Stream the Transmission : Play in Near Real Time

Play the A/V as It’s Being SentRequires a Session to Be Efficient

HTTP is Stateless (No Sessions)Plug-Ins Don’t Have to Use HTTP

Can Use TCP/IP Directly


Streaming (2)Streaming Issues

Broadcast vs. PlayBackCoordination of Video/Sound is Non TrivialRequire Significant Compression (Scalable)

Lower Resolution as Bandwidth DegradesMany Compression Algorithms Don’t Work in Real Time

Must Deal With Differing BandwidthsServer Performance

Internet IssuesPacket BasedCan’t Rely on Consistent BandwidthPackets May Arrive in Different Order

Errors Require Retransmission“Human Processing”

Video Can Become Choppy With Minor Inconvenience Lost Packets Can Be Skipped

Choppy Audio is UnintelligibleLost Packets Can Not Be Skipped


Streaming TricksContinued Improvements ExpectedCompression (Hardware and Software)Buffering

Buffered Transmission Can Cover GlitchesTechnology

UDPFaster Than TCPDoesn’t Resend Packets in Error

New Real Time Control ProtocolsDeveloping New Internet Protocols

Use MulticastingPacket Transmission

Humans Can Deal With 1ms Loss, So:Break Audio Into 1 ms Chunks

Packets Too Small to Efficiently Send as 1msSend ms: 1, 4, 7, 10 in First Packet. 2, 5, 8, 11 in Second, etc.If One Packet Is Lost

Lose 1ms Every 4, Instead of a Contiguous 4 ms Chunk


Streaming Multimedia Plug-InsServer Push (Data)

Server Updates HTML Page as NeededSports Scores, etc.

AudioAlmost There

Phone Quality Audio: 64kbps, 5 kbps CompressedCD Quality Audio: 700kbps, 64kbps Compressed

RealAudioBroadcast – AM Radio Qualitymp3 – Downloads of CD Quality Audio

VideoBandwidth Still an Issue

320x240x256 = 2.5 MBVideo Refreshes at 30 times per Second75 Mbps Required for Video

Still Pretty CrudeCompression Improving All the Time

Current: About 100x


Other Common Plug-InsAdobe Acrobat

PDF Files – Portable Document FormatPortable Distribution of “Printed” Documents

Allows Links, Some Text Search CapabilitiesViewable/Printable on Multiple PlatformsAuthor Can Restrict Access (e.g. Restrict Printing)Proprietary Format

Viewers are Freeware


VRMLVirtual Reality Modeling Language3-D “Equivalent” of HTMLStandalone Browsers or Plug-Ins

Netscape, IE Make Plug-Ins Available.wrl Extension. MIME type: x-world/x-vrml

Web 3D Consortiumhttp://www.web3d.org


Development EnvironmentsTarget Customer

Novice – (Hide HTML From User)Experienced Developer – Make Process More Efficient

HTML EditorsTag EditorsGraphical WYSIWYG EditorsValidation

Site ManagementMacros/Pre-Processor’s/”Compilers”

Shorthand For More Complex TagsTypically Use Custom Tags

GUI Development EnvironmentConversion Tools

Convert Pages Designed in Other Environment Into HTML

E.g. Microsoft Office


Common Development EnvironmentsMicrosoft Frontpage

Novice TargetHides Internals From User

Netscape Navigator GoldAdobe PageMillDreamweaver

Macromedia Flash


Cookies RevisitedCookies Are Name Value Pairs Passed in the HTTP HeaderCookies Have Associated Expiration

Session (Default)Date / Time

Associated With a URL Path, Not a Page!Allows Passing Parameters Between Web Pages

Thus Cookies are Used to Provide State Information to a Stateless Protocol


Cookie JarCookie Storage Internet Explorer c:\windows\cookies Each Has its Own FileNetscape Navigator cookies.txt (all kept in the file)

Limits20 Cookies4K Per Name/Value Pair


More Cookies Cookies are Traditionally Set By Server

Set-CookieBrowser is Responsible For Maintaining Them

Stored On Client’s ComputerPassed to Server When Web Site is Revisited

HTTP-CookieCookie Attributes

Name – The Name of the CookieSubsequent References to Same Name Overwrites Cookie Attributes

Value – The Value of the Cookie Identified by NameExpiration – When the Cookie Expires

No Date Specified – Cookie Expires at End of SessionPast Date/Time – Delete the CookieFuture Date/Time – Delete the Cookie After This Date

Example

http://www.mkat.com/brandeis/demos/cookdemo.pl


Cookie BitsExample Cookie

Set-Cookie: tollhouse=favorite;expires=Thursday, 16-Mar-2000 00:00:00 GMT;path=“”

Note That Date Must Follow This Format:Weekday, DD-MMM-YYYY HH:MM:SS GMT

RFCs specify GMT as the mechanism for handling time problems on the InternetHTTP-Cookie Only Sends Name/Value Pair


Cookies - JavaScriptCookies Can be Set in JavaScript

document.cookie = “ “Use Date.toGMTString() to set expiration dateE.g.

document.cookie = “version=1.0; ” + “expires=“ + edate.toGMTString();

To Read a Cookie Value in JavaScriptvar allcookies= document.cookie;var pos = allcookies.indexOf(“version=“);if (pos != -1) {

var start = pos +8; var end = allcookies.indexOf(“;”,start);if (end == -1) end = allcookies.length;var value = allcookies.substring(start,end);vervalue = unescape(value);

}


Cookie StructurePath Information

Default is to Send Cookie to Any URL in the Same Directory or any Subdirectory of the Page Which Set CookiePath Attribute Can Request That Cookie Be Sent to All URLs in Path (and its Subdirectories)

Only Paths That are a Prefix of Current URL are AllowedIf Cookies Overlap, All are Sent.

Ordered by Most Specific to Least Specific MatchDomain Attribute – Allows Cookies to Be Shared Across Sites

Must Be Part of Same DomainE.g. boston.brandeis.edu and lab.brandeis.edu are part of the same domain but may be different servers

Secure – Only Sends Cookie If Secure Protocol is Used (e.g. SSL)


Security IssuesProtections:

Cookie Can Only Store Information Already Known to Server

Can’t Access Hard Disk, etc.Data Only – Not Executed by Client MachineData Can’t Be Shared Across Sites

Concerns:Of Course This Assumes That Browser Follows the RulesBrowser Can Store Sensitive Information

E.g. If Server Doesn’t Set Secure Tag, a Credit Card # May Be Passed in Clear to Another Page in Same Path

“Invisible” to UsersPaths Are Not Always Obvious

E.g. Multiple Sites Receive Graphics From DoubleClick ServerDoubleClick Can Now Gather “Cross-Site” Information

Zealous privacy folks advocate turning off cookies

Date post:	12-Feb-2016
Category:	Documents
Upload:	toni
View:	34 times
Download:	0 times