Upgrade to core HTTP protocol promises speedier, easier web

Now with added "2". Download Now/Shutterstock

Hypertext Transfer Protocol, HTTP, is a key component of the world wide web. It is the communications layer through which web browsers request web pages from web servers and with which web servers respond with the contents of the page. Like much of the internet it’s been around for decades, but a recent announcement reveals that HTTP/2, the first major update in 15 years, is about to arrive.

The original HTTP protocol was the protocol first used by Sir Tim Berners-Lee at CERN where the web was created in 1991. This was improved over many years and finalised as HTTP 1.1 in 1999, the current standard used worldwide. Over the years the web has changed dramatically, introducing images, complex style sheets and Javascript code, Flash and other embedded elements and more. The original HTTP was a simple protocol for a simple web, it was not designed to handle increasingly media-rich websites.

For example, Google handles 40,000 web searches per second every day. To handle the pressure of serving billions of internet users, the company’s technicians launched a project in 2009 called SPDY (pronounced “speedy”) to improve HTTP. Originally only for internal use, other sites fielding heavy traffic such as Twitter, Facebook, Wordpress and CloudFlare also implemented SPDY having seen its performance improvements.

This caught the attention of the Internet Engineering Task Force (IETF), which develops and promotes internet standards. IETF decided to use SPDY as the basis for HTTP/2 in 2012 – and the two protocols were developed in parallel. Even though Google spearheaded the protocol’s development, the work is continued by the IETF’s open working groups as it has done for other protocols for more than 30 years.

Google recently announced it was dropping SPDY in favour of the soon-to-arrive HTTP/2.

The drawbacks of HTTP 1.1

Web pages today can generate many requests for images, CSS style sheets, video and other embedded objects, off-site adverts, and so on – perhaps a hundred of these per page. This adds unnecessary strain to the web server and slows the web page loading time because HTTP 1.1 only supports one request per connection.

HTTP 1.1 is sensitive to high latency connections – those with a slow response time. This can be a big problem when working on a mobile device using cellular networks, where even a high-speed connection can feel slow. HTTP pipelining allows the browser to send another request while waiting for the response of a previous request. While this would go some way to tackling high latency, it is susceptible to problems of its own and is disabled by default in most browsers.

The benefits of HTTP/2

Rather than using clear text, HTTP/2 is now a binary protocol which is quicker to parse and more compact in transmission. While HTTP 1.1 had four different ways to handle a message, HTTP/2 reduces this to one. To tackle the multiple request issue HTTP/2 allows only one connection per site but using stream multiplexing fits many requests into a single connection. These streams are also bi-directional, which allows both the web server and browser to transmit within a single connection. Each stream can be prioritised, so browsers are able to determine which image is the most important, or prioritise a new set of streams when you change between browser tabs.

HTTP is a stateless protocol – every connection comprises a request-response pair unconnected to any connections before or after. This means every request must also include any relevant data about the connection – this is sent in HTTP headers. As HTTP 1.1 evolved, the headers have grown larger as they incorporate new features. HTTP/2 uses header compression to shrink this overhead and speed up the connection, while improving security.

A final addition is server push. When a web page is requested, the server sends back the page, but must wait for the web browser to parse the page’s HTML and issue further requests for things it find in the code, such as images. Server push allows the server to send all the resources associated with a page when the page is requested, without waiting. This will cut a lot of the latency associated with web connections.

Web version 2?

Once web servers and web browsers start implementing HTP/2 – which could be as soon as a few weeks from now – the web-browsing experience will feel quicker and more responsive. It will also make developers' lives easier by not having to work around the limitations of HTTP 1.1.

In fact, some of the latest versions of popular browsers (Firefox v36, Chrome v40 and Internet Explorer v11) already support HTTP/2. For Chrome and Firefox, HTTP/2 will be used only over encrypted connections (SSL) – this, along with the Let’s Encrypt initiative, will probably boost the adoption of encryption more widely.

Malware infecting hard disk firmware remained hidden for 15 years – but who's responsible?

Picking off hard drive manufacturers, one by one. Kaspersky Lab

It sometimes seems that whenever security researchers discover some new exploit or malware that allows the monitoring of remote computers, the finger is quickly pointed at the US intelligence agencies.

Security firm Kaspersky has recently revealed a complex malware developed by a group called Equation. Although its report made no mention of the US National Security Agency, subsequent news reports held it responsible anyway.

This seems to follow the logic that, as Equation’s malware uses techniques similar to Stuxnet, if Stuxnet was developed by the NSA then Equation’s must also have been developed by the NSA. But despite everything that’s been written about Stuxnet’s origins, there’s no conclusive proof tying it to the NSA, or anyone else.

Such breathless headlines unfortunately obscure how interesting this new suite of malware is – not least that it isn’t new, but dates back to 2001. That is eons in technological terms.

A family of malware evolving over more than a decade. Kaspersky Lab

Hard drive attack

What’s also interesting is the way the attackers hid the malware: by embedding the malicious code into the firmware (hard-coded software) built into hard disk drives found in practically every computer. Not just drives from one manufacturer, but almost all the mainstream brands – perhaps even the one that powers the computer on which you read this now. Why is this important? It means you could wipe the entire drive, reinstall your computer’s software from scratch – and still be infected.

The only more attractive hiding place for an attacker is the firmware that is required to start the computer, the BIOS, but viruses that attack the BIOS have been around for decades and hardware has been adapted in defence. On the other hand, looking at hard drive firmware and adopting defences against tampering with it just hasn’t been on the agenda, a fact that has allowed this malware to go undetected for so long.

An updated, evolving threat

And it’s not just that the attackers were able to work out how to embed their malware in the drives' firmware; they appear also to have been able to update it with improved versions. This would require updating (“flashing”) not just the malware but the original firmware code too, without which the drive wouldn’t function. This is considered technically advanced even today – yet someone seems to have developed the capability to do so more than 10 years ago. This is technically impressive.

A new meaning to installing ‘on’ my hard drive

So the fact that such an advanced technique was deployed so long ago prompts us to wonder what else is out there that we don’t know about? It’s not as if this is the first such discovery: Stuxnet, Flame, Regin and now Equation, all of which appear to have been active for many years. To paraphrase Oscar Wilde: to miss one piece of malware looks like misfortune, to miss four looks like trend.

Pointing the finger

It is easy, as we see from some of the headlines, to attribute blame based upon circumstantial evidence such as those who was attacked. However, this assumes that a state actor is responsible – and that only certain countries have the wherewithal to develop such a capability. Yet, as the video above demonstrates, one individual with skills and time was able to do much the same.

One of the extraordinary things about cyber warfare and cyber espionage is how it has levelled the playing field between adversaries who might be hugely unequal in other ways. With a relatively small team and modest budget anyone could potentially develop very clever software. Cyberspace is the ideal platform to wage asymmetric warfare.

Pointing the finger of blame based on who was targeted is not conclusive. Kaspersky Lab

The reports of all these threats – Regin, Stuxnet, Flame, and others – carry the assumption that a government is responsible. It’s not an unreasonable assumption considering that the software’s primary function is espionage. But while nation states are the consumers of intelligence gathered in this way, it doesn’t mean that their agencies are responsible – there is an active market for such information, which means there is a commercial motivation for others to collect it.

Criminal hackers steal personal information to sell on the black market to those who would commit fraud. They might equally gather data of interest to governments and law enforcement and sell it to them. In many ways it is a classic market: with limitless demand there will always be those willing to supply.

In any event, it’s worth reading the full range of reports available and forming your own judgement. Like reading only a single newspaper, the likelihood is that the news is reported with a particular slant – such as blaming the NSA. And while you can be sure of very little when it comes to final attribution of these attacks, you can be sure that individual reports carry their own bias. If you are able, it is worth concentrating on the technical detail as that is where you’re more likely to find the truth.

And expect to hear more such stories in the future – after all, if malware can be hidden so succesfully 10 years ago imagine what’s possible today.

'I could sow the seeds of a new civilisation': Mars One hopeful's vision of a stellar future

Mars in her eyes: Hannah Earnshaw - student, scientist, adventurer. Monica Alcazar-Duarte

I have always been in awe of the night sky, trying to comprehend the vastness of space and the countless wonders it contains. But I have always felt a certain dissatisfaction with only being able to see it at a distance.

One day I imagine that humanity will be able to visit other planets in the Solar System, and venture even further to other stars, but this has always seemed very far away. That’s the reason why I applied for the Mars One mission, aimed at starting a human colony on Mars – it seemed like a real opportunity to get closer to the rest of the night sky, to give me a chance to be a part of taking humanity into the stars.

Mars is, in a way, the perfect stepping stone into the rest of the universe. Despite its inhospitable conditions, it has a day-night cycle only 39 minutes longer than on Earth. Unlike the moon, it is resource-rich, and has a soil and atmosphere rich in water and nitrogen respectively. Mars does not suffer from the sweltering heat and toxic atmosphere found on Venus, closer to the sun from Earth, but still receives enough light from the Sun to enable the generation of solar power.

Science, but more than science

As a PhD student carrying out astronomical scientific research, I’m naturally drawn to the research possibilities on the surface of Mars. We’re already able to achieve amazing things with the rovers we’ve landed there. But there’s only so much that a robotic rover can do compared to what a human on the surface would be capable of, what with the ability to physically apply a range of techniques and make immediate decisions instead of having to wait for commands from mission control on Earth.

Being able to study the geology of Mars up close would be the ultimate research opportunity, answering questions about the history of the planet and the Solar System. However the scientific value of a mission to Mars, while enormous, isn’t all the mission could provide.

Life on the Martian range. Bryan Versteeg/Mars One

The social and political implications of a colony on another planet are staggering, and its development will be fascinating. Will the Martian colony be its own political entity? (I hope so.) If so, how will it relate to Earth? What will Martian society, kick-started by an incredibly diverse and intelligent group of just 40 people, come to look like in the decades to follow colonisation? Will it remain very connected to Earth, or will its start to develop its own culture, with its own customs, habits, and rituals for birth, death and other significant moments of life, such as one’s first step onto the Martian surface? What sort of a world will our descendants inherit – and will they remain friends with their cousins on Earth?

The journey of a lifetime

When I applied for Mars One, I applied to dedicate my life to the creation of a colony that will have enormous implications for the future of the human race. It’s in many ways a monumental responsibility, a life’s work much bigger than myself, and one for which I feel no qualms about the fact that it’s journey from which there’s no coming back.

I feel very aware of the dreams of all those people who wished to travel in to space, to colonise other planets – and I do so on their behalf, as well as for myself. I want to have lived my life doing something that wasn’t only what I wanted to do, but something that will have a lasting impact on our collective future.

I’m 23, and the past couple of years have been uncertain: stepping through the application for Mars One, even though I’ve made the shortlist of 100 I’m still unsure whether I’ll be selected. Hoping that I am suitable, but ultimately wanting the very best and most capable people to go, I have had to hold two possible futures in my mind.

The thin atmosphere of Mars… perhaps home sweet home to 40 colonists. NASA

In one, I complete my PhD, get a place of my own, pursue a career in research or maybe in politics. I get really good at playing piano, I find time to travel to Norway, Italy, Canada, and Japan, and maybe find a husband or wife.

In the other, I leave behind the possibilities of Earth for the possibilities of Mars. Alongside my crew I pioneer planetary scientific research and, as the founding member of a new civilisation, I plant the seeds of a diverse and generous society. I communicate our life to followers on Earth, help establish new policy through which humans explore and settle the stars ethically and responsibly… and maybe find a husband or wife.

Both futures hold so much potential that there will be a real sense of loss when I know which path I am on, but also a real sense of purpose.

I have very high hopes for what we can achieve by colonising Mars. The mission is a difficult one, but I believe the plan is feasible and Mars One is capable of pulling it off. And when that happens, it will be an incredibly diverse group of people from many different countries, cultures and backgrounds working together to represent the human race on a new planet, backed by the investment and support of millions of people across the world.

Mars One is the people’s mission to Mars, and I am honoured to be a part of it.

Dwarf planet Ceres comes into view

The Dawn spacecraft captured two sides of Ceres in this pair of images taken 10 hours apart when the probe was 83,000 kilometers from the dwarf planet.

JPL-Caltech/NASA, UCLA, MPS, DLR, IDA

The Dawn spacecraft has snapped the most detailed photos to date of the dwarf planet Ceres. Craters and mysterious bright patches dot the landscape in a pair of images taken February 12 when Dawn was just 83,000 kilometers from Ceres, the largest body in the asteroid belt between Mars and Jupiter.

Launched in 2007, Dawn spent 14 months investigating the asteroid Vesta before heading off to Ceres, which it will begin to orbit on March 6. Once there it will spend the rest of the year mapping the dwarf planet, hopefully finding clues about the formation of the solar system.

Beyond Silicon Roundabout, the UK is a high-tech start-up nation

There's more to the UK than just this roundabout. Stephen McKay, CC BY-SA

Whether as “Tech City” or “Silicon Roundabout”, the cluster of digital start-ups centred around Old Street in East London is well known. The extensive network of similar start-up clusters in cities outside the capital, however, has now been revealed by a thorough study of the UK’s start-up scene.

Since the economist Alfred Marshall developed the idea of “spillovers” back in 1890, there has been debate over how best to encourage the transfer of knowledge between organisations. The perceived wisdom is that, by co-locating similar organisations in clusters, knowledge will circulate between them and drive further innovation.

Keen to promote economic growth, governments have striven to develop clusters artificially, with planners especially keen to replicate the success of California’s Silicon Valley with the UK’s high-tech industries – hence Silicon Fen (Cambridge), Silicon Glen (Scotland), Silicon Gorge (Bristol), and so on. In this sense, while the findings of last week’s TechNation report by Tech City UK are interesting, it isn’t a surprise to see so many clusters emerging elsewhere.

Strength in numbers

Media reporting on tech clusters is often London-centric, but the TechNation report shows that this isn’t the full picture: 74% of digital companies are based outside London. Inner London is the third-fastest growing cluster in the UK, but it’s Brighton & Hove that has the highest concentration of digital businesses (3.3 times the national average). South Wales is fast developing as a centre of health tech and data analytics firms, and Bournemouth, a centre of digital advertising and publishing, has quadrupled the number of digital businesses since 2010, while Liverpool, a centre for UK games development, has more than doubled.

Naturally many of the growing centres for digital business are Britain’s other major cities: Manchester’s well-established media and publishing industries have gone digital, boasting the country’s highest per-company turnover. Bristol and Bath are globally significant areas of high-tech engineering with Hewlett Packard, Bristol Robotics Lab and the Bristol and Bath Science Park. Leeds and Edinburgh are strong in financial tech businesses, Belfast and Dundee are strong in games development. But there are others that might seem unusual, such as the centre for cybersecurity expertise developing in Great Malvern, alongside GCHQ in Cheltenham.

It’s not just about London. Tech City UK

Building success

Being in a cluster can enable access to infrastructure, knowledge and skills for dynamic but usually resource-constrained small and medium enterprises.

The high costs of research and development have led to renewed interest in what Henry Chesbrough has called open innovation, which builds knowledge sharing into the business model of start-up companies. This has allowed tech start-ups with few resources to develop rapidly by drawing upon the expertise of universities and other firms.

Interestingly, as the tools to work remotely have improved, it’s no longer necessary for firms to be permanently located in clusters to benefit from collaborations and hack events. For example, the Open Data Institute maintains several “nodes” in more remote parts of the country, such as Devon, which allows distant companies to connect to knowledge-sharing facilities in London and elsewhere. Clusters themselves are interlinked, and this provides provincial tech clusters with an advantage: being able to draw upon others' knowledge to create solutions and products without the high cost of being based in the capital.

With over 20 clusters profiled, there’s plenty of activity outside London Tech City UK

Our own research suggests that even mere affiliation to a cluster or participation in professional communities can be enough to help start-ups by raising their profile and providing legitimacy and reputation in order to help advance firms' chances in a global market. A strong cluster identity also attracts highly skilled employees, which develops a labour pool with more diverse skills, in turn driving better and faster innovation.

In this sense, geographical location is important. Cosmopolitan urban areas with access to bars, restaurants and education attract talented young workers, drawing new generations of talent into the cluster. Subsequently, tech clusters don’t just appear in London but are supported by the strong cultural draw and educational centres of Sheffield, Greater Manchester, Bristol & Bath and Brighton & Hove.

What doesn’t work?

Problems faced by tech clusters are often features of their own success. Competition for office space and employees drives up costs for everyone – and their appeal may attract large, incumbent firms that can out-gun smaller firms in acquiring resources. In this way the young, dynamic start-ups that the clusters were created to assist can find themselves squeezed out – something already occurring in Silicon Roundabout and throughout London.

The rising costs associated with tech clusters in London may see a further increase in the appeal of clusters outside of the capital for Britain’s tech community. What is needed is venture capital, business advice, additional training and support for national and international networks to ensure these clusters can overcome the financial and skill gaps in order to grow. As the TechNation report rightly points out, each cluster has its own unique configuration and this needs to be taken into account; any one-size-fits-all approach is doomed to fail.

Fish oil or snake oil? Most capsules don't contain what they promise

More palatable in a capsule - but do they do any good? Flickr - Jo Christian Oterhals, CC BY-NC-ND

My mum and dad are troopers. Every morning, in an effort to stave off old age and dry rot, they down a tablespoon of oily, stinky fish oil. This is done without any obvious signs of distress – clearly, they are from a more stoic generation.

Fish oils – or more accurately, the omega-3 long chain polyunsaturated fatty acids (n-3 PUFAs) in fish oils – have been linked to cognitive performance. The idea of cognitive lubrication has proved very popular. However, for some of us, the idea of choking down fish oil in its liquid form is repulsive.

That’s where fish oil capsules come in. On the surface, they seem to be the perfect solution. The fish oil stays safely trapped in its hard shell until it passes down through the stomach and into the upper intestine. Once there, the capsule degrades to allow the fishy brain lube to be released.

There is just one problem. New research led by Benjamin Albert at the University of Auckland in New Zealand shows that the quality of over-the-counter fish oil capsules is pretty rubbish.

Albert and his team bought 32 different brands of fish oil capsules and measured them for levels of eicosapentaenoic acid (EPA) and docosahexaenoic acid (DHA), supposedly the “good” n-3 PUFAs responsible for brain gains. They found that 69% (29 out of 32 tested) had lower levels of EPA and DHA than was claimed on the label. As an interesting side note, the more expensive capsules were more accurately labelled for EPA and DHA levels.

To achieve such lower than advertised levels of EPA and DHA, either the freshly isolated fish oil had lower concentrations to begin with, or the oil within the capsule had oxidised and degraded over time. Both EPA and DHA are prone to oxidation, and break down to form a soup of peroxides, aldehydes and ketones. In fact, fish oil supplement manufacturers typically add anti-oxidants into their capsules to slow this process.

Quality control

When the New Zealand team tested oxidation values across fish oil capsules, 92% exceeded one or more international recommendations. But older capsules that had been on the shelves for longer didn’t show any difference in oxidation values compared to newer ones. This suggests that there were lower levels of active EPA and DHA at the very beginning of the manufacturing process, and that many companies may be failing to test their individual batches of fish oil.

What might such oxidation values mean for the consumer? While some studies indicate that oxidation breakdown products may in fact be responsible for the anti-inflammatory benefits of fish oil, at high experimental doses, they can cause organ toxicity, stunted growth and accelerated atherosclerosis. The overall effect on health – if any – of consuming products with high oxidation values is still unclear. Since there is no formal assessment of their health effects, oxidation levels in fish oil capsules are subject to recommendations based on palatability rather than legal requirements based on safety.

If this research is representative of the global market, consumers have a one in ten chance of buying fish oil capsules that contain the levels of EPA and DHA that are promised. These odds might improve a little if they stick to high-end brands. Until better standards and regulations hit the fish oil supplement market, it is probably a good idea to look for your brain boost elsewhere.

Pair of stars buzzed the solar system 70,000 years ago

A pair of dim red stars, shown in an illustration, passed within 0.8 light-years of the sun (left) roughly 70,000 years ago.

Michael Osadciw/Univ. of Rochester

Most stars keep their distance from the sun. Scholz’s star, about 20 light-years away in the constellation Monoceros, is an exception. Roughly 70,000 years ago, the binary star system came within about 0.8 light-years of the sun, researchers report in the February 12 Astrophysical Journal Letters. It’s the closest known flyby of another star.

When Scholz’s star buzzed the solar system, it probably slipped inside the Oort cloud, a shell of trillions of comets that envelops the solar system. While such close encounters can hurl a barrage of comets toward the sun, Scholz’s star’s flyby apparently spared the inner solar system.