Using HTTP/2 Server Push with PHP

Two weeks ago CloudFlare announced that it was supporting HTTP/2 Server Push for all our customers. By simply adding a Link header to an HTTP response specifying preload CloudFlare would automatically push items to web browsers that support Server Push.

To illustrate how easy this is I create a small PHP page that uses the PHP header function to insert appropriate Link headers to push images to the web browser via CloudFlare. The web page looks like this when loaded:

There are two images loaded from the same server both of which are pushed if the web browser supports Server Push. This is achieved by inserting two Link headers in the HTTP response. The response looks like:

HTTP/1.1 200 OK
Server: nginx/1.9.15
Date: Fri, 13 May 2016 10:52:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Link: </images/drucken.jpg>; rel=preload; as=image
Link: </images/empire.jpg>; rel=preload; as=image

At the bottom are the two Link headers corresponding to the two images on the page with the rel=preload directive as specified in W3C preload draft.

The complete code can be found in this gist but the core of the code looks like this:

    <?php
    function pushImage($uri) {
        header("Link: <{$uri}>; rel=preload;  Continue reading

Pay What You Want for 13 Premium Mac Apps – Deal Alert

If you want to maximize your productivity, this bundle of premium Mac apps is the ticket. Together, they’re valued at $946, but here’s your chance to pay what you want for them.

Next-generation Endpoint Security Market Bifurcation

My colleagues Doug Cahill, Kyle Prigmore, and I just completed a research project on next-generation endpoint security.  Just what the heck is next-generation endpoint security?  Cybersecurity professionals remain pretty confused around the answer to this question.  For the purposes of its research project, ESG defined next-generation endpoint security as (note: I am an ESG employee):Endpoint security software controls designed to prevent, detect, and respond to previously unseen exploits and malware.As part of this project, ESG interviewed dozens of organizations that were either supplementing or replacing traditional antivirus software on PCs of all kinds.  I’ve written a few blogs about why these organizations were moving beyond AV alone, how they selected new endpoint security products, and some details about their testing and deployment methodologies.  Aside from this technology overview however, I did come away with some strong theories about the next-generation endpoint security market in general. To read this article in full or to leave a comment, please click here

Next-generation Endpoint Security Market Bifurcation

My colleagues Doug Cahill, Kyle Prigmore, and I just completed a research project on next-generation endpoint security.  Just what the heck is next-generation endpoint security?  Cybersecurity professionals remain pretty confused around the answer to this question.  For the purposes of its research project, ESG defined next-generation endpoint security as (note: I am an ESG employee):Endpoint security software controls designed to prevent, detect, and respond to previously unseen exploits and malware.As part of this project, ESG interviewed dozens of organizations that were either supplementing or replacing traditional antivirus software on PCs of all kinds.  I’ve written a few blogs about why these organizations were moving beyond AV alone, how they selected new endpoint security products, and some details about their testing and deployment methodologies.  Aside from this technology overview however, I did come away with some strong theories about the next-generation endpoint security market in general. To read this article in full or to leave a comment, please click here

Response: Broadcom’s Secretive Behaviour

The limited about of public information available on Broadcom products is frustrating and annoying.

The post Response: Broadcom’s Secretive Behaviour appeared first on EtherealMind.

What’s the Difference Between Open-O & OSM?

One goes beyond the ETSI NFV MANO diagram.

IDG Contributor Network: Low-income neighborhoods have worse cell phone service, study finds

IDG Contributor Network: Low-income neighborhoods have worse cell phone service, study finds

Poor neighborhoods in the U.S. get 15 percent less cell phone coverage than their richer counterparts, a new study has found.This confirms the “existence of a mobile-divide in the U.S.,” say the researchers from Imperial College Business School in an abstract of their paper published in Telecommunications Policy via ScienceDirect.“Operators install two fewer mobile antennas per tract in lower income areas for equal distributions of subscribers,” the London business school says. That’s across the board, and it includes both urban and rural areas. So, it isn’t just a rural-divide issue, the researchers say.To read this article in full or to leave a comment, please click here

How Important Is Network Hardware?

Flash Player update fixes zero-day vulnerability and 24 other critical flaws

Adobe Systems has released a security update for Flash Player in order to fix a publicly known vulnerability, as well as 24 privately reported security flaws.The company issued a warning about the zero-day -- previously unknown and unpatched -- vulnerability on Tuesday, saying that it is aware of an exploit available in the wild. The flaw, tracked as CVE-2016-4117, was reported by security researchers from FireEye.To read this article in full or to leave a comment, please click here

Flash Player update fixes zero-day vulnerability and 24 other critical flaws

Adobe Systems has released a security update for Flash Player in order to fix a publicly known vulnerability, as well as 24 privately reported security flaws.The company issued a warning about the zero-day -- previously unknown and unpatched -- vulnerability on Tuesday, saying that it is aware of an exploit available in the wild. The flaw, tracked as CVE-2016-4117, was reported by security researchers from FireEye.To read this article in full or to leave a comment, please click here

Half the Web’s traffic comes from bots, and that’s costing you more than you think

Roughly half of all Web traffic comes from bots and crawlers, and that's costing companies a boatload of money.That's one finding from a report released Thursday by DeviceAtlas, which makes software to help companies detect the devices being used by visitors to their websites.Non-human sources accounted for 48 percent of traffic to the sites analyzed for DeviceAtlas's Q1 Mobile Web Intelligence Report, including legitimate search-engine crawlers as well as automated scrapers and bots generated by hackers, click fraudsters and spammers, the company said.To read this article in full or to leave a comment, please click here

Open Data Platform Initiative looks to ease fears

VANCOUVER, BC -- Last year's foundation of the Open Data Platform Initiative (ODPi), a collaborative project of The Linux Foundation that aims to reduce complexity surrounding the Hadoop ecosystem, made waves in certain parts of the Apache Software Foundation (ASF) concerned by the creation of an external organization that could exert influence over Apache projects.At the Apache: Big Data North America conference in Vancouver, BC this week, the ODPi moved to ease those concerns through dialog and sponsorship of the ASF.To read this article in full or to leave a comment, please click here

Google’s cool new natural language tool is called Parsey McParseface

Google has changed the way developers build applications that understand human language -- and in the finest tradition of the Internet, has named the result after Boaty McBoatface. The company announced a new SyntaxNet open-source neural network framework that developers can use to build applications that understand human language. As part of that release, Google also introduced Parsey McParseface, a new English language parser that was trained using SyntaxNet.To read this article in full or to leave a comment, please click here

How to fix Internet security

The Internet is all-encompassing. Between mobile devices and work computers, we live our lives on it -- but our online existence has been tragically compromised by inadequate security. Any determined hacker can eavesdrop on what we say, impersonate us, and perform all manner of malicious activities.Clearly, Internet security needs to be rethought. Retrofitting security and privacy controls onto a global communications platform is not easy, but few would argue that it's less than absolutely necessary.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Why should that be? Was the Internet built badly? No, but it was designed for a utopian world where you can trust people. When the fledgling Internet was populated by academics and researchers communicating with trusted parties, it didn’t matter that trust relationships weren’t well-implemented or communications weren’t secure by default. Today it matters very much, to the point where data breaches, identity theft, and other compromises have reached crisis levels.To read this article in full or to leave a comment, please click here

How to fix Internet security

The Internet is all-encompassing. Between mobile devices and work computers, we live our lives on it -- but our online existence has been tragically compromised by inadequate security. Any determined hacker can eavesdrop on what we say, impersonate us, and perform all manner of malicious activities.Clearly, Internet security needs to be rethought. Retrofitting security and privacy controls onto a global communications platform is not easy, but few would argue that it's less than absolutely necessary.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Why should that be? Was the Internet built badly? No, but it was designed for a utopian world where you can trust people. When the fledgling Internet was populated by academics and researchers communicating with trusted parties, it didn’t matter that trust relationships weren’t well-implemented or communications weren’t secure by default. Today it matters very much, to the point where data breaches, identity theft, and other compromises have reached crisis levels.To read this article in full or to leave a comment, please click here

How to fix Internet security

The Internet is all-encompassing. Between mobile devices and work computers, we live our lives on it -- but our online existence has been tragically compromised by inadequate security. Any determined hacker can eavesdrop on what we say, impersonate us, and perform all manner of malicious activities.Clearly, Internet security needs to be rethought. Retrofitting security and privacy controls onto a global communications platform is not easy, but few would argue that it's less than absolutely necessary.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] Why should that be? Was the Internet built badly? No, but it was designed for a utopian world where you can trust people. When the fledgling Internet was populated by academics and researchers communicating with trusted parties, it didn’t matter that trust relationships weren’t well-implemented or communications weren’t secure by default. Today it matters very much, to the point where data breaches, identity theft, and other compromises have reached crisis levels.To read this article in full or to leave a comment, please click here

House GOP seeks $120M for visa fraud-catching software

House Republican lawmakers have introduced legislation intended to bolster the scrutiny of people entering this country. Its impetus is last year's terrorist attack by a married couple who killed 14 people in San Bernardino, Calif. and wounded 22. But the bill's provisions will affect all visas, including the H-1B.The legislation, submitted Thursday and led by Rep. Bob Goodlatte  (R-Va.), the chair of the House Judiciary Committee, specifically requires analytics software "to ensure proactive detection of fraud" in the immigration process.The software analysis requires the government "to utilize social media and other publicly available information" to determine whether an applicant is a security threat. One of the San Bernardino attackers, Tashfeen Malik, had allegedly posted allegiance to ISIL on Facebook, something which wasn't revealed until after the attack. She and her husband, Syed Rizwan Farook, were killed by police in a shootout.To read this article in full or to leave a comment, please click here

House GOP seeks $120M for visa fraud-catching software

House Republican lawmakers have introduced legislation intended to bolster the scrutiny of people entering this country. Its impetus is last year's terrorist attack by a married couple who killed 14 people in San Bernardino, Calif. and wounded 22. But the bill's provisions will affect all visas, including the H-1B.The legislation, submitted Thursday and led by Rep. Bob Goodlatte  (R-Va.), the chair of the House Judiciary Committee, specifically requires analytics software "to ensure proactive detection of fraud" in the immigration process.The software analysis requires the government "to utilize social media and other publicly available information" to determine whether an applicant is a security threat. One of the San Bernardino attackers, Tashfeen Malik, had allegedly posted allegiance to ISIL on Facebook, something which wasn't revealed until after the attack. She and her husband, Syed Rizwan Farook, were killed by police in a shootout.To read this article in full or to leave a comment, please click here

SWIFT warns of malware attack on another of its customers

Financial transaction network SWIFT has renewed its warning to customers to be on their guard following the discovery of malware at another bank using its services.The bank first asked customers to take steps to secure their systems in the wake of an attempt to steal US$951 million from Bangladesh Bank in February. Attackers there appear to have used custom malware installed on computers at the bank to send fraudulent messages over the SWIFT network seeking to transfer money from the bank's account with the U.S. Federal Reserve Bank of New York.To read this article in full or to leave a comment, please click here