Thursday, December 28, 2006

50 - Fifty Coolest Best Websites OF Year - 2006

ENTERTAINMENT, ARTS & MEDIA


A variety of amusements, from classic rock to famous photography, collage art to custom radio, plus our favorite video web logs
 

SHOPPING, LIFESTYLES AND HOOBIES

Yummy food, Hollywood fashion and helping hands for those do-it-yourself projects
 

NEWS AND INFORMATION

The Web's best war correspondent, a snarky sports blog, the pioneers of "social news" more
 

STAYING CONNECTED

A humming social network, community sing-along, instant-messaging hub, mobile-launched pub-crawls and numbers-crunching by committee
 

TIME WASTERS

Juicy celebrity gossip, mindless computer games and other guilty pleasures
 

TRAVEL AND REAL ESTATE

An airfare predictor and subway guide, restaurant reviews and car sharing
 

WEB SEARCH & SERVICES

Ordering take-out, finding phone numbers and a slew of alternative search engines
 

Monday, December 25, 2006

Good Referential Ten 10 online operating systems


As we we’re waiting for Google to launch its own Google OS (if the rumours are true, of course), I’ve checked out 10 web operating systems and what they can do. Not many of them feel like finished and fully usable products, but there are some true gems among them.
Admit it: you didn’t think there were that many WebOSes around, did you?

Neither did I. You can find month or two old articles on the web which talk about a WebOS as a recently forged concept, yet to be realized. YouOS was practically the only one that had media coverage, so when I began the research for this article, I hoped to find five usable WebOS applications at best.

I was wrong. There are over 10 fully functional WebOS applications out there, and a couple more that are announced or in closed betas.

But what is a WebOS (not to be confused with another definition of the term, see here), or a Webtop , anyway ? Here’s a simple definition: WebOS is a virtual operating system that runs in your web browser . More precisely, it’s a set of applications running in a web browser that together mimic, replace or largely supplement a desktop OS environment. It’s a tough field to start in for a Web 2.0 entrepreneur, because to be successful you need to create several applications that are at least as good as other competitors, and you need to connect them all into a usable bundle. What’s also expected by most users is that all this looks decent, operates similarly to a “real” OS and behaves as a real “OS” would, and is relatively bug-free. Simply put, to gain real everyday users, your WebOS has to be damn good . We’ll see how these newcomers fare in the following months and when (and if) some big giant like Google decides to create their own WebOS.

So, without further ado, let’s see what the 10 WebOS services I’ve gathered here (in alphabetical order) today can offer to the user. Bear in mind that not many of these services are mature enough to receive a proper, thorough review; this is more of a ‘first look’ kind of thing than a full-featured review.

1. Craythur

craythur.jpgCraythur is a completely new WebOS that puts big emphasis on looks, and it does that part really well, with a well chosen desktop background and transparent window borders similar to those Vista’s Aero. However, the apps themselves are more alpha than beta. For one thing, they’re mostly not translated from Spanish. They work, but nothing more than that; none of them can hold their own against any decent comparative application, web-based or otherwise. Since this is obviously an application at its very early stages, let’s just leave it at good-looking and come back in a few months to see the progress.

2. Desktoptwo

desktoptwo.jpgIf there’s such things as “serious WebOS players”, Desktoptwo is one of them. It’s a Flash based fully featured WebOS which requires registration to try, immediately giving you your own mini-site and your own Desktoptwo email address to use. Desktoptwo is Flash-based, and while I’m not thrilled about Flash Web 2.0 applications, most of the OSes from this list work in Flash, and I must admit that some do it pretty well. Desktoptwo’s apps can be slow, and a certain amount of bugs are present (when i clicked on Message Board preferences, everything got garbled up), but not so much to ruin your experience with the service. One more thing: Desktoptwo opens in a popup, which is sure to annoy some users.

Feature-wise, Desktoptwo delivers and then some. You’ve got search, clock and sysinfo widget, a dock, MP3 player, RSS reader, Instant messenger, OpenOffice, HTML editor, notepad, and several others. Unfortunately, several of these open in popups, which somehow makes you remember you’re in Windows. Furthermore, if you close the Desktoptwo window and log in again, some of your settings are forgotten. However, your content, for example, the files you save to the desktop, or the RSS feeds you add in the very functional RSS reader are remembered over sessions, which is good. Overall, Desktoptwo does many things well, but it needs to iron out a few usability/UI issues to become a really usable WebOS.

3. EyeOS

eyeos.jpgTaking a bit of a different approach than other sites in this bunch, EyeOS offers you to download the EyeOS server files and install them on your on web server to use as you please. You can also try out a demo which is hosted on the free public server eyeos.info, which also provides free accounts of eyeOS to everyone who wants to use it without owning a private server. The public server is funded through donations, and there’s still quite a way to go, so if you like EyeOS, go ahead and help them.

EyeOS itself is functional, not too buggy, but a bit slow and a bit bland. You have your standard calendar, calculator, address book, RSS reader, simple word processor, file uploader and a few others, but they have pretty limited functionality, and they all look more like test apps than something you’d really use in day to day work. Furthermore, some of the options simply do not work, for example changing the wallpaper.

Although EyeOS seems to be an ambitious project, it doesn’t offer much more than, for example, Craythur. It looks nice, it works, but its apps aren’t interesting enough to actually use it for any serious work.

4. Glide

glide.jpgThis text was actually postponed because Glide registration was closed until 19th of December, and I wanted to squeeze it into this list. And lo and behold; they’ve gotten real serious after the relaunch. So serious that besides free registration, they offer things like family standard and family premium plans (for the last one the fee is $149.95 yearly). For registration. they also require verification via an SMS message. This got me interested, as it is the only WebOS around that thinks of itself highly enough to actually start charging for the service.

And, to some extent, Glide delivers. It’s Flash-based, and it’s not really trying to mimic Windows or any similar desktop environment, choosing a unique GUI of its own instead. It lets you upload and store up to 1 GB of files, read RSS feeds, manage bookmarks, appointments, chat, create documents, view picturess. It’s also designed pretty well - at least at first sight. However, it’s somewhat similar to DesktopTwo in some areas, sharing a number of negative traits with it. First of all, some apps open in a popup, for which I really can’t see a good reason. Furthermore, some of the applications don’t seem to be as polished graphically as the rest of the interface. Some of the apps are just plain buggy - the Calendar simply did not work, reporting an error as soon as I clicked it.

These are mostly minor errors, but they add up. For me, an additional problem was the interface itself which is pretty confusing. It took time figuring out how to do simple tasks like reading RSS feeds, and once I closed certain areas of the Webtop, it was pretty hard to find them again. Like many other services in this list, you can definitely see that a lot of effort has been put into Glide, and some of its parts are done well, however it still has a long way to go (especially if you pay for it).

5. Goowy

goowy.jpgGoowy is also Flash-based, but I don’t feel any of the usual negative traits that Flash can bring. It has lots of well-written and usable applications, it’s not lightning fast but it’s not too slow either, and it all works within the same window with the standard desktop-OS-like toolbar. The apps…well, the apps are great. They open in windows you can move around your webtop using a pretty precise grid, which makes organization really easy. You’ve got your standard file-uploader, mail application, RSS reader, instant messenger, bookmarks, calendar and contacts. All of these apps are very well made; for example, the RSS reading functionality is almost as good as in my online reader of choice - Netvibes. I wouldn’t exchange Netvibes for it just yet, but if weren’t able to use Netvibes anymore, Goowy would do just fine. Same goes for other applications, which makes Goowy by far the most usable WebOS in this list.

As far as settings go, you’ve got a lot to choose from. Actually, Goowy is so advanced that I almost feel bad giving it a short rundown instead of a full-featured review it deserves, and I will probably make up for it sometime. Let’s just mention it has a spell checker and a spam filter, which shows the devotion to detail in this product.

Although this text is not a contest, if I had to pick just one WebOS to use, Goowy would be it - and by a big margin. The learning curve is very short; it looks sexy, it has a solid number of well-written applications, and it’s all pretty-much bug free. Great job.

6. Orca

orca.jpgWebOS is a pretty complex application and there’s no two ways about it. So when I see things like “Muly” as one choice for the month of birth or when the “create account” button is missing altogether, I think “sloppy”. And that’s exactly how Orca turned out to be in the end.

I will utter three little words and 70% of readers will skip to the next item in the list: no Firefox support. And they’re right: you simply cannot create an application meant primarily for tech-aware users and not have support for the tech-savvy browser of choice. But even in IE, Orca is simply an unfinished, early alpha, hey-i-can-now-invite-a-few-friends-to-test-this product. Best of luck to the developers, but at this stage Orca is not worth your time.

7. Purefect

purefect.jpgPurefect is also at an early stage of development, but it’s at least showing some promise. It tries to mimic the Windows environment completely, down to the icons, which is in my opinion the wrong path to choose. There are just a few apps, like file explorer, memory game and calculator, and as far as settings go you can set the display preferences. It’s functional, but pretty buggy (you can access other users’ files in the file explorer), and there simply isn’t much to do. Like Craythur, it might be interesting to check it out again in a couple of months to see if there’s any progress, but for now it’s just not usable.

8. SSOE

ssoe.jpgSSOE seems to be a project that’s looking far ahead. The author is the first to admit that the kernel of the OS is perhaps 10% written at this point and it gives you a choice of a relatively stable and a newer, unstable version to choose from.

And it’s all true. SSOE looks is more a technology demo than something you would even consider to use, regardless of which version you choose. But even at this early stage of development, I will feel free to give the author a pointer: those huge icons, and badly done brushed metal windows, are ugly. Noone is going to use them if they look like that. Other than that I can’t say much about SSOE because 80% of stuff I’ve tried to click on did not work. Best of luck in the future, next please.

9. XinDESK

xindesk.jpgXinDESK is the only one out of the 10 WebOS apps listed here that I didn’t actually try out, because they don’t have a demo or an alpha version yet. However, browsing through the author’s blog one can find some interesting facts about the service. Here’s a couple of quotes:

“The core of Xindesk is a WebOS featuring application that opens and saves the standard office formats. Xindesk is the first web operating system that works easily, even for people without deep computer knowledge. The WebOS is an open platform, just like Windows and Mac OS. This enables anyone to develop new applications.”

“Every Xindesk application you develop can also be installed on all versions of windows.”

All in all, it doesn’t sound too shoddy, and I look forward to checking out this service again when it’s available to the public. You can check out a couple of screenshots over at XinDESK blog.

10. YouOS

youos.jpgBefore I’ve started writing this piece, the only OS I’ve heard something about in the news was YouOS. And you can see that a fair amount of serious development went into the product, as there are quite a number of useful applications here, including a very good chat client, IM software, file browser, RSS reader and a couple of others. The applications can be moved accross the desktop, look pretty much like standard desktop apps and respond well with some minor issues (for example, the resizing of the RSS reader window did not go too smoothly). You can browse through your open applications using a toolbar similar to the Windows taskbar, which also works as intended.

Unfortunately, YouOS is a bit lacking in the design department. It’s windows and applications are usable, but they’re certainly not beautiful. It does not impede the functionality, but it does somewhat diminish the overall experience.

As far as the general usability applications go, I’d say YouOS takes a second place to Goowy. Its apps are fully functional, but lack a few details, be it in the design or functionality department, that would keep me from using YouOS on a daily basis. However, YouOS is definitely a very serious contender in the WebOS field, and it might turn into a force to be reckoned with.

——-

So, there we go - a short scan of 10 web operating systems shows us that this neck of the woods is promising, but still young and suffering from many a beginner’s disease. I’d say that YouOS, Goowy and DesktopTwo are the names you should watch now and in the near future, while the others *might* turn into promising products, but we’ll have to wait a month or two for that to happen. Also, keep in mind that while it’s relatively easy to judge who has the best functionality, it’s much harder to see who has the best code, or the most solid framework to build upon, so it’s safe to say that we can expect a few surprises to happen here.

Thursday, December 21, 2006

Word Web 2.0 :


1. Is Web2.0 something new and different or just something that grows from Web1.0?


I know about Web 1.0 from O'Reilly article "What Is Web 2.0", I think that Web 1.0 was born with Web 2.0. If we type the phrase "Web 1.0" in a google search box , the first result will be "O'Reilly What Is Web 2.0". Now we do a search in wikipedia, when we type "Web 1.0", will see "Web2.0" and "(Redirected from Web 1.0)"

Which came first, the chicken or the egg? And the answer is: both came in the same time...i.e.both names appears in the same time

And the answer for the main question is:
It's like a child (Web 1.0) became a teenager (Web 2.0).

2. What exactly is Web 2.0? What is definition of Web 2.0?

Web 2.0 is a next step in creating web based services. Dynamic information provided and managed by the web services and created by the users and other services...
(the web as a platform)

Examples: blogging, Google (search results, services, adsense), wikipedia, flickr, de.li.cio.us, etc..

The web is a platform (operating system), and the web services are applications ...

3. What more should I know about Web 2.0, if I want to dig deeper in this subject?

Folksonomy, Tag clouds, Social bookmarking, Rss, Syndication, Blogroll, Permanent Link, PageRank, Perpetual Beta, AdSense, Ajax, XML, RDF, Wiki, CSS, XHTML, Creative Commons, Web 3.0, Semantic web, Social networking, and so on... Lots of slogans, labels, names...

4. Where should I look for Web 2.0 based websites?

Anywhere where people making and sharing their works, thoughts, opinions, knowledge especially these websites where content has been changing dynamically and where you can create new content. (ex. blogs, social bookmarking services, online photo albums, etc).

5. What isn't Web 2.0 ?

Maybe these websites, where people can't do more than reading, watching or browsing through content aren't conform the new concept of Web 2.0, however this is very general definition. I think, we can not tell that something is hundred percent Web 2.0 or hundred percent Web1.0. If something isn't widely open for people and don't have social resources isn't Web 2.0 ready...

Wednesday, December 20, 2006

Preventing Cached AJAX Requests

As a developer, you’re probably well aware of all the issues that commonly occur due to cached data. AJAX is not unique when it comes to these issues; in fact, this problem is fairly common. Luckily, there are workarounds, one of which involves JavaScript’s Date object. If you haven’t used this approach for other caching issues, you’ll be pleasantly surprised at how easy it is to implement.

When making a standard HTTP request, the browser caches the web pages that we visit. Query strings are one way to work around this behavior. Therefore, we could easily use a query to our advantage by adding a simple query at the end of an AJAX request. But this will solve only half of the problem—if the query is the same each time, the data can still be cached. Therefore, we need to create a unique query each time a request is made. There are many ways to handle this need, but the one that makes the most sense in this situation is to use time to our advantage—because time is always changing.

The example in Listing 1 takes a uri parameter that will be used to make the request. Once we create the appropriate request object, we then create an instance of the Date object that will be used to create the next variable, called uniqueURI. The uniqueURI starts with the uri parameter; then we use a condition that checks for the index of a question mark, which would symbolize an existing query string. If the query string exists, we simply append an ampersand to the query; otherwise, we append the question mark. For either condition, the uri is followed by a key/value pair of "timestamp=" plus the current time from the Date object. Once we have the uniqueURI, we’re ready to finish making the request.

Creating a Unique URI




function xmlLoader(uri)
{
var request;
if(window.XMLHttpRequest)
{
request = new XMLHttpRequest();
}
else if(window.ActiveXObject)
{
request = new ActiveXObject("MSXML2.XMLHTTP");
}
var timestamp = new Date();
var uniqueURI = uri+ (uri.indexOf("?") > 0 ? "&" : "?")+ "timestamp="+ timestamp.getTime();
request.onreadystatechange = callbackMethod;
request.open("GET", uniqueURI, true);
request.send(null);
}




The uniqueURI variable is all it takes to avoid cached requests with AJAX.

Friday, December 15, 2006

INDEX Page at ashko.blogspot.com

Sunday, December 03, 2006

AJAX (In)security

AJAX (Asynchronous JavaScript + XML) is a combination of web browser technologies that allows web page content to be updated “on-the-fly” without the user moving from page to page. In the background of an AJAX-enabled web page, data (typically formatted in XML, but also HTML, JavaScript, etc.) is transferred to and from the web server. In the case of Gmail, new email messages are displayed as they arrive automatically. In Google Maps, a user may mouse-drag through street maps without visiting additional pages. The mechanism for performing asynchronous data transfers is a software library embedded in all modern web browsers called XMLHTTPRequest (XHR) . XHR is the key to a website earning the “AJAX” moniker. Otherwise, it’s just fancy JavaScript.

If you’re thinking that none of this sounds security related, you’re right. AJAX technology makes website interactivity smoother and more responsive. That’s it. Nothing changes on the web server, where security is supposed to reside. If that’s the case, then what is everyone talking about? Word on the cyber-street is that AJAX is the harbinger of larger attack surfaces, increased complexity, fake requests, denial of service, deadly cross-site scripting (XSS) , reliance on client-side security, and more. In reality, these issues existed well before AJAX. And, the recommended security best practices remain unchanged. If you’re like me, you want to know what’s really important, so let’s take a closer look.



Does AJAX cause a larger “Attack Surface”? No.

The term “Attack Surface” applies to a concept used to measure security by analyzing the points in a system that are open to attack. For software, these points are areas of data input and output that can be manipulated by a third-party. Obviously the smaller attack surface an application has, the easier it is to secure. What’s also obvious is that web applications, or any application, only have as much functionality (attack surface) as has been programmed in. It doesn’t matter if the user interface uses AJAX, Flash, ASCII art, or anything else. Again, AJAX is a web browser (client-side) technology. It does not execute on the server. While the coolness factor of AJAX drives developers to publicly expose more functionality - which may introduce new “server-side” vulnerabilities - this can hardly be blamed on AJAX. New code has always meant an increased risk of vulnerabilities.

Furthermore, in my experience, AJAX-enabled web applications are no more functionally complex than standard web applications. Google Maps is actually a less sophisticated application than the seemingly simple craigslist. Gmail is less complex than Outlook Web Access. Also, web applications (re)-designed using AJAX stand a better chance of being developed on more up-to-date platforms (.NET, J2EE, etc). These platforms are inherently more secure and less prone to vulnerabilities such as SQL Injection, Credential Session Prediction, Directory Traversal, and a dozen other common threats than previous generations.


Does AJAX make the “Attack Surface” harder to find? Yes and No.
A corporate security program is incomplete without measurable results. The most common way to measure the security of a website is by simulating attacks--thousands of them (i.e. a vulnerability assessment). A vulnerability assessment can be performed either manually, or with an automated scanning tool, or preferably with a combination of the two. One of the first steps in the process is to locate input points in the web application, or the “attack surface.” Therefore, a complete vulnerability assessment requires finding them all.

Automatically crawling the entire website and mapping the links is standard practice. This method works fine on some websites, others not at all, and the rest fall in-between. The challenge is that new websites often utilize heavy JavaScript, Flash, ActiveX, Applets, and AJAX, where links are either buried or dynamically generated within complex client-side code. Parsing out these links is often hard and sometimes impossible. Therefore automated scanning becomes increasingly less reliable as a method for validating the security of an AJAX enhanced website.

Humans on the other hand have an easier time sifting through code and inferring relationships. Many times the JavaScript source documents all the areas of input into the website, almost like an XML web service, which is useful not only for the good guys, but for the bad guys as well.

In a normal website, there would be no such resource and an assessor must rely on link crawling. The conclusion is that AJAX doesn’t make websites less secure, but it can make them more challenging to assess.


Can AJAX cause “Denial of Service”? Not really.
It has been claimed that AJAX-enabled websites utilize an application design in which a larger volume of smaller HTTP requests are used as opposed to fewer, larger requests. For instance, Google Suggest may fire off a tiny HTTP request for each user keystroke in an attempt to perform automatic word completion. The assumption is that if there are 1,000 users on the system, moving to the AJAX rapid-fire model will exponentially increase the number of requests to the system. This could potentially result in a denial of service (DoS) scenario. I suppose this is possible, but whose fault is this really?

In my view, this problem is not caused by AJAX or even a bad software design strategy, but instead by a lack of proper implementation and performance testing. The solution is to tune the configuration or add more web servers. And to be realistic, if someone wanted to DoS a network, they could flood the network with HTTP traffic whether AJAX was used or not.


Does AJAX rely on client-side security? No.
OK, let’s return to web application security 101. Web applications must NEVER trust the client (web browser). This is gospel whether the web page interfaces use JavaScript, Flash, ActiveX, Applets, AJAX or any other protocol or language. Every developer should be aware that basic HTTP proxies may alter anything about the HTTP request, even those generated by XHR. Great care should be taken to ensure that all security checks are performed on the server--no exceptions.

Does this mean that security professionals should not use client-side security checks? No, quite the opposite. I actually recommend using client-side security in forms and other business process flows because it benefits the user experience by being more responsive. There’s no need for a round trip to the server to inform the user that he’s typed a letter into the phone number field. This also lessens server load by pushing some processing time onto the client.


Does AJAX lead to poor security decisions? Sort of.
The new Web 2.0 websites often include data from one or more third-party websites, creating something known as a “mash-up.” AJAX developers would prefer the user to pull in the data directly from the third-party, thereby reducing bandwidth; but, this is not possible with XHR technology. XHR has security protections built-in, preventing a user’s browser on Website A from making connections to Website B. This helps protect users from malicious websites, where JavaScript Malware on the page could force a user to download all your bank account information. Web developers, not wanting to stifle innovation, created a work around to enable access to third-party sites.

What developers often do is create a local HTTP proxy on the host web server. To have the client pull in data from a third-party website, they’ll direct an XHR request through the local proxy pointing to the intended destination. Consider the following example request generated by the web browser:

http://websiteA/proxy?url=http://websitesB/

Website A takes the incoming request. The “proxy” web application then sends a request to Website B designated by the “URL” parameter value. With the proxy, developers can use XHR to make off-domain requests. And since XHR won’t send the user’s authentication cookies to Website B, because Website A did not connect to it directly, it is safe for them as well. The security issue is that Website A is hosting an unrestricted HTTP proxy.

Attackers love finding open proxies because they can initiate attacks that cannot be traced to their origin. The capabilities of the proxy should be carefully controlled and restricted with regard to which websites it will connect to and how. In my opinion, the problem lies with developers circumventing security controls without adding appropriate safeguards, not AJAX.


Does AJAX make Cross-Site Scripting (XSS) attacks worse? I hope not.
Can it get worse? During my presentation entitled “Hacking Intranet Websites from the Outside” at BlackHat 2006, I demonstrated how JavaScript Malware is able to acquire internal NAT’ed IP addresses, port scan, blind web server fingerprint, steal browser history, and exploit web-based interfaces on an intranet. The Washington Post called it “disturbing.” All proof-of-concept code was achieved without AJAX, just plain old JavaScript.

XHR can initiate just about any desired HTTP request - provided the request remains on-domain - and view the response. Plain JavaScript can make the same requests, without the on-domain limitation, but can’t typically view the response. This means if a user is on Website A, XHR cannot force user connections and read data from Website B. However, plain JavaScript could. If you look at it that way, XHR (AJAX) is more secure!

AJAX has fired up interest in JavaScript. Research in JavaScript has led to new malware discoveries whose potential severity is amplified by ubiquitous XSS vulnerabilities. To be fair, the Samy Worm that hit MySpace and JS-Yamaner on Yahoo exploited XHR for propagation. However, the attack could have just as easily been perpetrated using plain JavaScript. AJAX is irrelevant in this scenario. What matters is finding and fixing XSS vulnerabilities in web applications. The WhiteHat Security white paper “Cross-Site Scripting Worms and Viruses” is an additional information resource.


Does AJAX change security best practices? No.
If a web application has vulnerabilities, it will be insecure no matter what techniques are used to develop it. If a web application is well designed, no amount of “insecure AJAX” will reduce its security posture.

Following are five tips for securing Web applications:

1) Secure by design. Start secure and stay secure by including security as a component in each stage of the software development lifecycle.
2) Rock-solid input validation. Never trust the client, ever.
3) Use reliable software libraries. From encryption to session management, it’s best to use components that are tried and thoroughly tested. No need to reinvent the wheel and repeat the mistakes of others.
4) Secure configuration. Every component of the website should be configured with separation of duties, least privilege, unused features disabled, and error message suppressed.
5) Find and fix vulnerabilities. Continuous vulnerability assessments are the best way to prevent attackers from accessing corporate and customer data. You can’t control what you can’t measure.

Following these best practices is the first step. Validation is the second. No company can be expected to write flawless code, or have staff available around-the-clock to address all its Web application vulnerability issues. That’s why WhiteHat created WhiteHat Sentinel, a continuous vulnerability assessment and management service for web applications. WhiteHat Sentinel is available 24/7, enabling companies to identify, prioritize and ultimately remediate the vulnerabilities that leave web applications open to attack.

Remember the fundamentals, use defense-in-depth, and your online business will be safer.

Microsoft has announced free downloadable program and seven online services for accounting

Help with the accounts

Microsoft has announced Office Accounting Express 2007 for small businesses and others still struggling to do their accounts using paper and pencil.

There are a free downloadable program and seven online services. As well as offerings from eBay and PayPal, the range include more specialised services from Equifax for credit ratings and ADP for payroll, which are priced separately.

For large businesses, Microsoft offers Office Accounting Professional 2007, available next year for $149.

Intel is also trying to jump on the Web 2.0 bandwagon

Web 2.0 suite

Intel is also trying to jump on the Web 2.0 bandwagon. It plans to promote a suite of web-based applications, called SuiteTwo, to small businesses. The suite comprises a variety of third-party tools for blogging, wikis and social networking. Intel's contribution seems to be providing a single sign-on capability so you do not have to visit the sites separately.