Internet / Intranet

CIS-536

Class 9

2

Class 9 Agenda

Miscellaneous TopicsCybersquattingPlug-Ins, MultimediaDevelopment Environments

3

CybersquattingCybersquatting

Registering a Domain NameContains or Resembles Well-Know Commercial Names or Names of IndividualsWith Intent to:

Prevent Others From Using the NameProfit by Selling Domain Name to Trademark Owner or Individual

Trademark LawLegal Action Only if Domain Name is Used

Anticybersquatting Consumer Protection ActNovember 29, 1999Civil Lawsuits May be Filed by Trademark Holder

Against anyone who Registers, Traffics In, or Uses Domain Name Identical or Confusingly Similar to Protected TrademarkBad Faith Intent to Profit

“Confusingly Similar” to be Decided By Courts

4

Cybersquatting (2)

EffectsReduce the Number of Domain NamesLegitimate Holders May Face Litigation

Bad Faith Factors:Harm Goodwill of Trademark HolderOffer to Sell Domain Without Actually Using it in Bona Fide Offering of Goods and Services (or past pattern of such conduct)Obtained Under False PretensesAcquisition of Multiple Domain Names With Knowledge That They are Similar to Protected Marks

5

Cybersquatting (2)

EffectsReduce the Number of Domain NamesLegitimate Holders May Face Litigation

Bad Faith Factors:Harm Goodwill of Trademark HolderOffer to Sell Domain Without Actually Using it in Bona Fide Offering of Goods and Services (or past pattern of such conduct)Obtained Under False PretensesAcquisition of Multiple Domain Names With Knowledge That They are Similar to Protected Marks

6

Cybersquatting (3)Absence of Bad Faith:

Domain Holder Has Legal Rights to ItDomain Name Commonly Used by Its HolderPast Use of Name in Conjunction with Bona Fide Goods or ServicesNoncommercial or Fair-Use PurposesName Not Distinctive and Famous When RegisteredReasonable Grounds to Believe it was Lawful

PenaltiesDomain Name Cancelled or Forfeited to Rightful OwnerDamages Up to $100,000 per Domain Name

JurisdictionCourt Where Domain Name Registrar is Located

Network Solutions Located in Virginia

Domain Name Registrars are Protected

7

Cybersquatting(4)

ICANN Policies as a ResultMandatory Arbitration Most Registrars Expected to Adopt it

Some Ambiguities in the LawChallenges Expected

8

A Quick Word About Java

JavaScript is Interpreted By the BrowserRun Within Browser EnvironmentLimited by Browser’s CapabilitiesSource Code is Part of HTML Page

Java is a Completely Separate LanguageBrowser Transfers a Java Program (“Applet”) to the Local Machine and Runs It

Output of Java Can Be Displayed Within the BrowserDesigned to Be Safe For Web Use

Otherwise Similar to Transfering .exe ProgramsCompiled Into .class Files

Pseudo-code: Requires a Java Virtual Machine to RunSource Code Hidden From Users

Does Not Have Access to Page Internals (DOM)

9

Including a Java Applet in Your Page

<APPLET CODEBASE=“./japplets” CODE=“myapplet.class” HEIGHT=100 WIDTH=200 ><PARAM Name=Whirl Value=“True”><PARAM Name=Title Value=“WhirlyDemo”></APPLET>

10

Plug-Ins

Platform Specific Extensions to Web BrowsersClient Side Equivalent to Server Extensions

Associated With a File ExtensionSimilar to MS-Windows Associations

If Installed, Files With Extension Will Invoke Program on Browser

Including a Plug-In in HTML<EMBED SRC=“filename.ext” WIDTH=200 HEIGHT=200 PINAMEx = VALUE PINAMEy = VALUE >

Height, Width Where Data is to Be Displayed in Browser Window

Name/Value Pairs are Arguments to the Plug-In

<NOMBED> </NOEMBED> Used to Provide Alternative

Plug-In Must Be From a Trusted SourceLike Any Other Program. Has Full Access to Local Computer

Plug-In DevelopmentNetscape, Microsoft Provide SDK’s

11

Active XMicrosoft Specific“Plug-In” Technology That Allows Components to Run in Browser

Components are Accessible By Other Programs via OLEAllows Developers to Develop Internal Controls That are Web EnabledKey Advantage is Distribution

Active X Components Can Be Distributed via the WebAutomatically Downloaded As Part of Web Page (Unlike Plug-Ins)

Default Security Asks for Confirmation Must Come From a Trusted Source

Typically Used For Intranet Type Applications Or Large Commercial (“Trusted”) Organization

E.g. MicrosoftCertificates Verify Creator of Control

Third Party Verifies Sender is Who They Say They Are

OLE Documents Allow Including a Document in Another Application

E.g. Microsoft Office Applications Can Run Within Browser

Embed Into Web Page Using <CONTROL> TagMany Arguments. Typically Use ActiveX Control Pad to Insert Info

12

Multimedia

Sound<BGSOUND SRC=“URL” LOOP=“Infinite”>

Internet Explorer OnlyCan Appear Anywhere in <BODY>

Best to Place it Near EndOtherwise Graphics Won’t Load Until Sound is Loaded

Default: Loop = 1Supports .wav, .au, .mid Formats

<EMBED src=“music.wav”>Requires Sound Plug-In (e.g. Real Audio)

Video<EMBED src=“movie.mpg”>

Requires Plug-In (or Download and Play Separately)<IMG DYNSRC=“movie.mpg” START=“mouseover” WIDTH=“150” HEIGHT=“100” LOOP=“-1”>

START – indicates when video should play

13

Multimedia (2)

EnvironmentsShockwave / Flash

Development Environment Plus Plug-In PlaybackAllows Development of Animations User Interactivity

Audio Formats.mid – Provides the Music “Score”

Algorithm Generates the Music .wav – Microsoft Windows Sound File.au, .aif – Sun, Apple Sound Files.mp3 – Near CD-Quality Format. Great Compression.

Video Formats.avi – Microsoft Windows Video File.qt, .mov – Apple QuickTime Movie Format.mpg, .mpeg – Current Internet Video Standard.rm – Real Media. Proprietary Video Format

14

Streaming Multimedia

Problem: Audio/Video Take a Long Time To Download

Technologies Require File to Be Downloaded Before PlayingClient Pull: Poor Solution

Requires Breaking Up the A/V into Small FilesChoppy Results

Solution: Stream the Transmission : Play in Near Real Time

Play the A/V as It’s Being SentRequires a Session to Be Efficient

HTTP is Stateless (No Sessions)

Plug-Ins Don’t Have to Use HTTPCan Use TCP/IP Directly

15

Streaming (2)Streaming Issues

Broadcast vs. PlayBackCoordination of Video/Sound is Non TrivialRequire Significant Compression (Scalable)

Lower Resolution as Bandwidth DegradesMany Compression Algorithms Don’t Work in Real Time

Must Deal With Differing BandwidthsServer Performance

Internet IssuesPacket BasedCan’t Rely on Consistent BandwidthPackets May Arrive in Different Order

Errors Require Retransmission“Human Processing”

Video Can Become Choppy With Minor Inconvenience Lost Packets Can Be Skipped

Choppy Audio is UnintelligibleLost Packets Can Not Be Skipped

16

Streaming TricksContinued Improvements ExpectedCompression (Hardware and Software)Buffering

Buffered Transmission Can Cover GlitchesTechnology

UDPFaster Than TCPDoesn’t Resend Packets in Error

New Real Time Control ProtocolsDeveloping New Internet Protocols

Use MulticastingPacket Transmission

Humans Can Deal With 1ms Loss, So:Break Audio Into 1 ms Chunks

Packets Too Small to Efficiently Send as 1msSend ms: 1, 4, 7, 10 in First Packet. 2, 5, 8, 11 in Second, etc.If One Packet Is Lost

Lose 1ms Every 4, Instead of a Contiguous 4 ms Chunk

17

Streaming Multimedia Plug-InsServer Push (Data)

Server Updates HTML Page as NeededSports Scores, etc.

AudioAlmost There

Phone Quality Audio: 64kbps, 5 kbps CompressedCD Quality Audio: 700kbps, 64kbps Compressed

RealAudioBroadcast – AM Radio Qualitymp3 – Downloads of CD Quality Audio

VideoBandwidth Still an Issue

320x240x256 = 2.5 MBVideo Refreshes at 30 times per Second75 Mbps Required for Video

Still Pretty CrudeCompression Improving All the Time

Current: About 100x

18

Other Common Plug-Ins

Adobe AcrobatPDF Files – Portable Document FormatPortable Distribution of “Printed” Documents

Allows Links, Some Text Search CapabilitiesViewable/Printable on Multiple PlatformsAuthor Can Restrict Access (e.g. Restrict Printing)Proprietary Format

Viewers are Freeware

19

VRML

Virtual Reality Modeling Language3-D “Equivalent” of HTMLStandalone Browsers or Plug-Ins

Netscape, IE Make Plug-Ins Available

.wrl Extension. MIME type: x-world/x-vrml

Web 3D Consortiumhttp://www.web3d.org

20

Development Environments

Target CustomerNovice – (Hide HTML From User)Experienced Developer – Make Process More Efficient

HTML EditorsTag EditorsGraphical WYSIWYG EditorsValidation

Site ManagementMacros/Pre-Processor’s/”Compilers”

Shorthand For More Complex TagsTypically Use Custom Tags

GUI Development EnvironmentConversion Tools

Convert Pages Designed in Other Environment Into HTML

E.g. Microsoft Office

21

Common Development Environments

Microsoft FrontpageNovice Target

Hides Internals From User

Netscape Navigator GoldAdobe PageMillDreamweaver

Macromedia Flash

22

Cookies Revisited

Cookies Are Name Value Pairs Passed in the HTTP HeaderCookies Have Associated Expiration

Session (Default)Date / Time

Associated With a URL Path, Not a Page!Allows Passing Parameters Between Web Pages

Thus Cookies are Used to Provide State Information to a Stateless Protocol

23

Cookie Jar

Cookie Storage Internet Explorer c:\windows\cookies Each Has its Own FileNetscape Navigator cookies.txt (all kept in the file)

Limits20 Cookies4K Per Name/Value Pair

24

More Cookies Cookies are Traditionally Set By Server

Set-CookieBrowser is Responsible For Maintaining Them

Stored On Client’s ComputerPassed to Server When Web Site is Revisited

HTTP-CookieCookie Attributes

Name – The Name of the CookieSubsequent References to Same Name Overwrites Cookie Attributes

Value – The Value of the Cookie Identified by NameExpiration – When the Cookie Expires

No Date Specified – Cookie Expires at End of SessionPast Date/Time – Delete the CookieFuture Date/Time – Delete the Cookie After This Date

Example

25

Cookie Bits

Example CookieSet-Cookie: tollhouse=favorite;expires=Thursday, 16-Mar-2000 00:00:00 GMT;path=“”

Note That Date Must Follow This Format:Weekday, DD-MMM-YYYY HH:MM:SS GMT

RFCs specify GMT as the mechanism for handling time problems on the InternetHTTP-Cookie Only Sends Name/Value Pair

26

Cookies - JavaScript

Cookies Can be Set in JavaScriptdocument.cookie = “ “Use Date.toGMTString() to set expiration dateE.g.

document.cookie = “version=1.0; ” + “expires=“ + edate.toGMTString();

To Read a Cookie Value in JavaScriptvar allcookies= document.cookie;var pos = allcookies.indexOf(“version=“);if (pos != -1) {

var start = pos +8; var end = allcookies.indexOf(“;”,start);if (end == -1) end = allcookies.length;var value = allcookies.substring(start,end);vervalue = unescape(value);

}

27

Cookie Structure

Path InformationDefault is to Send Cookie to Any URL in the Same Directory or any Subdirectory of the Page Which Set CookiePath Attribute Can Request That Cookie Be Sent to All URLs in Path (and its Subdirectories)

Only Paths That are a Prefix of Current URL are AllowedIf Cookies Overlap, All are Sent.

Ordered by Most Specific to Least Specific MatchDomain Attribute – Allows Cookies to Be Shared Across Sites

Must Be Part of Same DomainE.g. boston.brandeis.edu and lab.brandeis.edu are part of the same domain but may be different servers

Secure – Only Sends Cookie If Secure Protocol is Used (e.g. SSL)

28

Security Issues

Protections:Cookie Can Only Store Information Already Known to Server

Can’t Access Hard Disk, etc.

Data Only – Not Executed by Client MachineData Can’t Be Shared Across Sites

Concerns:Of Course This Assumes That Browser Follows the RulesBrowser Can Store Sensitive Information

E.g. If Server Doesn’t Set Secure Tag, a Credit Card # May Be Passed in Clear to Another Page in Same Path

“Invisible” to UsersPaths Are Not Always Obvious

E.g. Multiple Sites Receive Graphics From DoubleClick Server

DoubleClick Can Now Gather “Cross-Site” Information

Zealous privacy folks advocate turning off cookies