BBC: How cyber criminals attack websites

The BBC has acquired control of 22,000 home computers as part of an investigation into hi-tech crime. Click's Spencer Kelly speaks to Jacques Erasmus from security firm Prevx who said high-traffic sites are a "massive target" for hackers.

Source: BBC News

Asus Transformer Prime Coming To India In January

The red hot tablet from Asus, which is a potential challenger to Apple's popular iPad 2, is all set to hit shelves in India in January 2012.  

Friday, December 16, 2011:  Asus will launch the much-awaited quad-core Eee Pad Transformer Prime tablet in India next month. The device will run Google's latest mobile OS, Android 4.0 Ice Cream Sandwich. The pricing of the device has yet not been disclosed.

Unaez Quraishi, sales and distribution director-system business group, Asus (India) said at an event in Gurgaon Wednesday that the tablet, now available for pre-order in the UK, would be launched in India in January next year.

The 25.4-cm (10-inch) tablet is powered by Nvidia's quad-core Tegra 3 processor. It is worth mentioning here that Apple's iPad 2 and Samsung's Galaxy Tab come with dual-core processors. The Transformer Prime is capable of running multimedia and applications faster, with more processing power provided by the four processing cores. However, its Android-based software is still to be optimised to take advantage of the amount of power its processor contains.

The Asus Transformer Prime's battery lasts 9.5 hours; in addition, the total battery life can be extended to a total of 18 hours once the tablet is connected to its keyboard dock. It also comes equipped with 1GB of RAM, a 1.2-megapixel front camera and an 8-megapixel camera with flash on the back.

Quraishi added, "The company was waiting for the opportune time to launch the Asus Eee Pad Transformer Prime, which caused the delay in its launch."

Asus is also planning to bring 4-5 more tablet PCs to the Indian market next year, which will work on different operating systems. Though it is yet not confirmed, one of these might also be a Windows 8 tablet. These tablets will be priced differently. However, none of these would be low-cost (sub-Rs 10k) devices, Quraishi informed.

AaramShop Mobile Grocery Shop Arrives On Android

Now, shop for your daily groceries from your Android phones as the AaramShop Mobile Grocery Shop app is now available in the Android market. 

Friday, December 16, 2011:  You can now order your daily groceries from your mobile phone on the go! Online grocery vendor AaramShop has released its Android app to let users enjoy daily grocery orderings from the comfort of their home via their Android-powered devices.

To avail the services, users just need to download this free application from the Android Market. With AaramShop app for Android, you can browse through hundreds of products from top FMCG brands from India, select a retailer nearest to your area and confirm the order.

Launched earlier this year, Aaramshop.com gives you the luxury of availing goods at your doorsteps with free home delivery option. There is also an option of paying cash on delivery to utilise the services. Furthermore, users have the option to log into AaramShop using their Facebook accounts and do their grocery shopping. You can avail great discounts on a range of products via Value at Home Vouches offered through AaramShop.

The online grocery vendor has tied up with several hundred local grocery stores across major cities in India. You just need to visit Aaramshop.com, choose your products and a nearby kirana store to place the order. The chosen store will deliver your order within sometime and you just need to pay cash on delivery, reports AndroidOS.in.

You can visit the Android Market to download AaramShop Mobile Grocery Shop on your device.

FAA gives nod to iPads in cockpits for American Airlines

On Friday, American Airlines will be the first carrier to start using iPads in all phases of flight. Alaska started testing the use of the Apple tablets in May.
(Credit: Alaska Airlines)

Starting this Friday, American Airlines is expected to start using iPads in all phases of flight operation, replacing hefty paper charts and manuals.
The certification by the FAA comes several months after American completed tests of pilots using iPads in the cockpit. "American pilots started testing iPads as electronic flight [manuals] last year," reported the Seattle PI in June, "replacing paper manuals. Now, they have [FAA] approval to test iPads with electronic charts."

American Airlines spokesperson Andrea Huguely confirmed the FAA's move and said that the federal agency had certified the airline as the first to be able to use iPads from "gate to gate."

That means, Huguely said, that American pilots will be able to use their iPads from before leaving the gate all the way through the flight and until reaching the destination gate. Crucially, that means they can use the tablets--though without connecting to the Internet--during takeoff and landing.

Huguely also said the iPads will allow American's pilots to discard the huge paper manuals they have traditionally had to carry around with them--and update every 14 days. Now, they'll be able to push a single button on the iPad and update automatically.

Even better, Huguely said that once the iPad program is rolled out across American's entire fleet--it is currently being used on Boeing 777s and will soon be on Boeing 737s--it could save the airline as much as 500,000 gallons of fuel a year, simply from the lack of the paper manuals, which she said can weigh up to 40 pounds.

In May, Alaska Airlines announced that it was starting to roll out the use of iPads as a way of replacing its pilots' paper manuals, a process it said at the time could help pilots avoid having to carry 25 pounds of paper when they fly.

"This follows a successful trial by 100 line and instructor pilots and Air Line Pilots Association representatives who evaluated the feasibility of using iPads as electronic flight bags this past winter and spring," Alaska wrote in a release.

Android Phone Makers Responsible For Security Leaks!

The malicious apps can access personal information as well for which they do not have explicit permission from the user.  

Wednesday, December 14, 2011:  A recent study conducted by North Carolina University reveals that it's not the Android operating system that has to be blamed for the security issues...it's actually the manufacturers of the Android devices whose modifications make the OS insecure. The report said that manufacturers' modification of Android creates way for malicious apps to access information from your phone. The malicious apps can access personal information as well for which they do not have explicit permission from the user.

Researchers tested a number of leading Android handsets where they discovered a vulnerability that allows hackers to access private data without users' permission. The study revealed that such a loophole can easily help a malicious hacker to wipe out your data, send out SMS messages and even record your conversations on the affected phones. All this can happen without your permission.

It is worth mentioning here that Android apps use a permissions-based security system, unlike iOS which informs the up-front what type of information the app may need to access. Users are given a choice to decide whether or not they want to install the app based upon the permissions granted.

The study discovers that the modification of Android by handset manufacturers creates a security hole in the permissions infrastructure of an Android phone that allows hackers to access personal information, or perform functions on the phone, even if an app doesn’t explicitly request permission to perform these activities.

According to a Digital trends report, Xuxian Jiang, assistant professor of computer science at NCSU, said, “These features are standard and make the phone more user-friendly. They make the phones more convenient to use, but also more convenient to abuse.”

The devices found vulnerable in the study include HTC Evo 4G, HTC Wildfire S, HTC Legend, Motoroal Droid and Droid X, Samsung Epic 4G, Google Nexus One and Nexus S. Both Google and Motorola have responded to the researchers, confirming their discovery. According to the report, despite their findings, the researchers say that manufacturers should not necessarily be condemned for including these loopholes. In addition, they say all is not lost with Android’s permissions-based system.

The research team writes, “Though one may easily blame the manufacturers for developing and/or including these vulnerable apps on the phone firmware, there is no need to exaggerate their negligence. Specifically, the permission-based security model in Android is a capability model that can be enhanced to mitigate these capability leaks.”

 

Red Hat Enterprise Linux 6 Technical Details

Red Hat Enterprise Linux 6, the latest release of Red Hat's trusted datacenter platform, delivers advances in application performance, scalability, and security. With Red Hat Enterprise Linux 6, you can deploy physical, virtual, and cloud computing within your datacenter, reducing complexity, increasing efficiency, and minimizing administration overhead while leveraging technical skills and operational know-how. Red Hat Enterprise Linux 6 is an ideal platform to translate current and future technology innovations into the best value and scale for IT solutions.

Efficiency, Scalability, and Reliability

Scalability

• Red Hat Enterprise Linux 6 supports more sockets, more cores, more threads, and more memory.

Efficient Scheduling

• The CFS schedules the next task to be run based on which task has consumed the least time, task prioritization, and other factors. Using hardware awareness and multi-core topologies, the CFS optimizes task performance and power consumption.

Reliability, Availability, and Serviceability (RAS)

• RAS hardware-based hot add of CPUs and memory is enabled.
• When supported by machine check hardware, the system can recover from some previously fatal hardware errors with minimal disruption.
• Memory pages with errors can be declared as "poisoned", and will be avoided.

Filesystems

• The new default file system, ext4, is faster, more robust, and scales to 16TB.
• The Scalable File System Add-On contains the XFS file system, which scales to 100TB.
• The Resilient Storage Add-On includes the high availability, clustered GFS2 file system.
• NFSv4 is significantly improved over NFSv3, and is backwards compatible.
• Fuse allows filesystems to run in user space allowing testing and development on newer fused-based filesystems (such as cloud filesystems).

High Availability

• The web interface based on Conga has been re-designed for added functionality and ease of use.
• The cluster group communication system, Corosync, is mature, secure, high performance, and light-weight.
• Nodes can re-enable themselves after failure without administrative intervention using unfencing.
• Unified logging and debugging simplifies administrative work.
• Virtualized KVM guests can be run as managed services which enables fail-over, including between physical and virtual hosts.
• Centralized configuration and management is provided by Conga.
• A single cluster command can be used to manage system logs from different services, and the logs have a consistent format that is easier to parse.

Power Management

• The tickless kernel feature keeps systems in the idle state longer, resulting in net power savings.
• Active State Power Management and Aggressive Link Power Management provide enhanced system control, reducing the power consumption of I/O subsystems. Administrators can actively throttle power levels to reduce consumption.
• Realtime drive access optimization reduces filesystem metadata write overhead.

Unprecedented Resource Management

System Resource Allocation

• Cgroups organize system tasks so that they can be tracked, and so that other system services can control the resources that cgroup tasks may consume (Partitioning). Two user-space tools, cgexec and cgclassify, provide easy configuration and management of cgroups.
• Cpuset applies CPU resource limits to cgroups, allowing processing performance to be allocated across tasks.
• The memory resource controller applies memory resource limits to cgroups.
• The network resource controller applies network traffic limits to cgroups.

Storage

• A snapshot of a logical volume may be merged back into the original logical volume, reverting changes that occurred after the snapshot.
• Mirror logs of regions that need to be synchronized can be replicated, supporting high availability.
• LVM hot spare allows the behavior of a mirrored logical volume after a device failure to be explicitly defined.
• DM-Multipath allows paths to be dynamically selected based on queue size or I/O time data.
• Very large SAN-based storage is supported.
• Automated I/O alignment and self-tuning is supported.
• Filesystem usage information is provided to the storage device, allowing administrators to use thin provisioning to allocate storage on-demand.
• SCSI and ATA standards have been extended to provide alignment and I/O hints, allowing automated tuning and I/O alignment.
• DIF/DIX provides better integrity checks for application data.

Networking

• UDP Lite tolerates partially corrupted packets to provide better service for multimedia protocols, such as VOIP, where partial packets are better than none.
• Multiqueue Networking increases processing parallelism for better performance from multiple processors and CPU cores.
• Large Receive Offload (LRO) and Generic Receive Offload (GRO) aggregate packets for better performance.
• Support for Data Center Bridging includes data traffic priorities and flow control for increased Quality of Service.
• New support for software Fiber Channel over Ethernet (FCoE) is provided.
• iSCSI partitions may be used as either root or boot filesystems.
• IPv6 is supported.

Designed-In Security

Access Control

• SELinux policies have been extended to more system services.
• SELinux sandboxing allows users to run untrusted applications safely and securely.
• File and process permissions have been systematically reduced whenever possible to reduce the risk of privilege escalation.
• New utilities and system libraries provide more control over process privileges for easily managing reduced capabilities.
• Walk-up kiosks (as in banks, HR departments, etc.) are protected by SELinux access control, with on-the-fly environment setup and take-down, for secure public use.
• Openswan includes a general implementation of IPsec that works with Cisco IPsec.

Enforcement and Verification of Security Policies

• OpenScap standardizes system security information, enabling automatic patch verification and system compromise evaluation.

Identity and Authentication

• The new System Security Services Daemon (SSSD) provides centralized access to identity and authentication resources, enables caching and offline support.
• OpenLDAP is a compliant LDAP client with high availability from N-way MultiMaster replication, and performance improvements.

Stable Application Development and Production Platform

Web Infrastructure

• This release of Apache includes many improvements, see Overview of new features in Apache 2.2
• A major revision of Squid includes manageability and IPv6 support
• Memcached 1.4.4 is a high-performance and highly scalable, distributed, memory-based object caching system that enhances the speed of dynamic web applications.

Java

• OpenJDK 6 is an open source implementation of the Java Platform Standard Edition (SE) 6 specification. It is TCK-certified based on the IcedTea project, and the implementation of a Java Web Browser plugin and Java web start removes the need for proprietary plugins.
• Tight integration of OpenJDK and Red Hat Enterprise Linux includes support for Java probes in SystemTap to enable better debugging for Java.
• Tomcat 6 is an open source and best-of-breed application server running on the Java platform. With support for Java Servlets and Java Server Pages (JSP), Tomcat provides a robust environment for developing and deploying dynamic web applications.

Development

• Ruby 1.8.7 is included, and Rails 3 supports dependencies.
• Version 4.4 of gcc includes OpenMP3 conformance for portable parallel programs, Integrated Register Allocator, Tuples, additional C++0x conformance implementations, and debuginfo handling improvements.
• Improvements to the libraries include malloc optimizations, improved speed and efficiency for large blocks, NUMA considerations, lock-free C++ class libraries, NSS crypto consolidation for LSB 4.0 and FIPS level 2, and improved automatic parallel mode in the C++ library.
• Gdb 7.1.29 improvements include C++ function, class, templates, variables, constructor / destructor improvements, catch / throw and exception improvements, large program debugging optimizations, and non-blocking thread debugging (threads can be stopped and continued independently).
• TurboGears 2 is a powerful Internet-enabled framework that enables rapid web application development and deployment in Python.
• Updates to the popular web scripting and programming languages PHP (5.3.2), Perl (5.10.1) include many improvements.

Application Tuning

• SystemTap uses the kernel to generate non-intrusive debugging information about running applications.
• The tuned daemon monitors system use and uses that information to automatically and dynamically adjust system settings for better performance.
• SELinux can be used to observe, then tighten application access to system resources, leading to greater security.

Databases

• PostgreSQL 8.4.4 includes many improvements, please see PostgreSQL 8.4 Feature List for details.
• MySQL 5.1.47 improvement are listed here: What Is New in MySQL 5.1.
• SQLite 3.6.20 includes significant performance improvements, and many important bug fixes. Note that this release has made incompatible changes to the internal OS interface and VFS layers (compared to earlier releases).

System API / ABI Stability

• The Red Hat Enterprise Linux: Application Compatibility Specification document defines stable, public, system interfaces for the full ten-year life cycle of Red Hat Enterprise Linux 6. During that time, applications will not be affected by security errata or service packs, and will not require re-certification. Backward compatibility for the core ABI is maintained across major releases, allowing applications to span subsequent releases.

Integrated Virtualization

Kernel-Based Virtualization

• The KVM hypervisor is fully integrated into the kernel, so all Red Hat Enterprise Linux system improvements benefit the virtualized environment.
• The application environment is consistent for physical and virtual systems.
• Deployment flexibility, provided by the ability to easily move guests between hosts, allows administrators to consolidate resources onto fewer machines during quiet times, or free up hardware for maintenance downtime.

Leverages Kernel Features

• Hardware abstraction enables applications to move from physical to virtualized environments independently of the underlying hardware.
• Increased scalability of CPUs and memory provides more guests per server.
• Block storage benefits from selectable I/O schedulers and support for asynchronous I/O.
• Cgroups and related CPU, memory, and networking resource controls provide the ability to reduce resource contention and improve overall system performance.
• Reliability, Availability, and Serviceability (RAS) features (e.g., hot add of processors and memory, machine check handling, and recovery from previously fatal errors) minimize downtime.
• Multicast bridging includes the first release of IGMP snooping (in IPv4) to build intelligent packet routing and enhance network efficiency.
• CPU affinity assigns guests to specific CPUs.

Guest Acceleration

• CPU masking allows all guests to use the same type of CPU.
• SR-IOV virtualizes physical I/O card resources, primarily networking, allowing multiple guests to share a single physical resource.
• Message signaled interrupts deliver interrupts as specific signals, increasing the number of interrupts.
• Transparent hugepages provides significant performance improvements for guest memory allocation.
• Kernel Same Page (KSM) provides reuse of identical pages across virtual machines (known as deduplication in the storage context).
• The tickless kernel defines a stable time model for guests, avoiding clock drift.
• Advanced paravirtualization interfaces include non-traditional devices such as the clock (enabled by the tickless kernel), interrupt controller, spinlock subsystem, and vmchannel.

Security

• In virtualized environments, sVirt (powered by SELinux) protects guests from one another

Microsoft Windows Support

• Windows WHQL-certified drivers enable virtualized Windows systems, and allow Microsoft customers to receive technical support for virtualized instances of Windows Server

Enterprise Manageability

Installation, Updates, and Deployment

• Anaconda supports installation of a “minimal platform” as a specific server installation, or as a strategy for reducing the number of software packages to increase security.
• Red Hat Network and Red Hat Network Satellite continue to provide management, provisioning, and monitoring for large deployments.
• Installation options have been reorganized into “workload profiles” so that each system installation will provide the right software for specific tasks.
• Dracut, a replacement for mkinitrd, minimizes the impact of underlying hardware changes, is more maintainable, and makes it easier to support third party drivers.
• The new yum history command provides information about yum transactions, and supports undo and redo of selected operations.
• Yum and RPM offer significantly improved performance.
• RPM signatures use the Secure Hash Algorithm (SHA256) for data verification and authentication, improving security.
• Storage devices can be designated for encryption at installation time, protecting user and system data. Key escrow allows recovery of lost keys.
• Standards Based Linux Instrumentation for Manageability (SBLIM) manages systems using Web-Based Enterprise Management (WBEM).
• ABRT enhanced error reporting speeds triage and resolution of software failures.

Routine Task Delegation

• PolicyKit allows administrators to provide users access to privileged operations, such adding a printer or rebooting a desktop, without granting administrative privileges.

Printing

• Improvements include better printing, printer discovery, and printer configuration services from cups and system-config-printer.
• SNMP-based monitoring of ink and toner supply levels and printer status provides easier monitoring to enable efficient inventory management of ink and toner cartridges.
• Automatic PPD configuration for postscript printers, where PPD option values are queried from printer, are available in CUPS web interface.

Microsoft Interoperability

• Samba improvements include support for Windows 2008R2 trust relationships: Windows cross-forest, transitive trust, and one-way domain trust.
• Applications can use OpenChange to gain access to Microsoft Exchange servers using native protocols, allowing mail clients like Evolution to have tighter integration with Exchange servers.

Source : Redhat

40 useful APIs for web designers and developers

An application programming interface (API) is a set of rules and specifications that software programs can follow to communicate or ‘interface’ with each other.

As developers are well aware, there are hundreds of APIs out there for doing almost anything you could imagine online. Some are better than others, and some are definitely more useful than others.

Below are forty of the most useful APIs out there. The included APIs will let you do everything from shortening a URL to displaying a book preview on your site to interacting with your Twitter account, and everything in between.

Please share with us which APIs have you found most useful and feel free to recommend others that we may have missed…

The Google APIs

Google offers dozens of APIs for web designers and developers.

Some are specifically related to popular Google products, like Gmail and Analytics, while others are more specialized and aren’t part of public programs.

All are free to use, of course. You can view all of Google’s APIs and code tools on their site directory.

• Feed API – The Google Feed API lets you download any public feed (including RSS, Media RSS, and Atom) and then combine them into mashups. It simplifies the mashup process by using JavaScript rather than more complex server-side coding.
• Places API – Google Places is a large directory of local businesses and attractions all around the world. The Places API lets you access that information and display it on your website, as well as display check-ins by users.
• Geocoding API – The Geocoding API lets you convert any address into geographic coordinates, which can then be used to place markers on a map.
• Tasks API – The Tasks API offers endpoints for reading, searching, and updating Google Tasks content and metadata.
• Analytics Management API – The Analytics Management API gives improved access to your Analytics data, and lets you fine-tune your requests to just pull the information and reports you need for your application.
• Blogger Data API – The Blogger Data API lets your application create and post new blog posts, edit or delete existing posts, and search for posts based on specific criteria.
• Books API – The Google Books API lets you integrate book searches into your application, and embed book previews on your site.
• Calendar API – The Calendar API gives access to many of the standard web interface tools and operations to your web app. Public calendar events can be searched and viewed without authentication, while authenticated sessions can access private calendars, as well as edit, create, or delete those calendars.
• Moderator API – Google Moderator is a tool for collecting ideas, questions, and recommendations from any size audience. The API allows your website or application to do the same.
• Prediction API – The Prediction API helps you make smarter apps that can analyze historic data and predict future outcomes. It can be used for things like recommendation systems, spam detection, upsell opportunity analysis, and more.
• Picasa Web Albums Data API – The PWA Data API can be used to create albums and upload, retrieve, or comment on photos, among other features. It’s been used for everything from powering digital photo frames to full-featured mobile clients and more.
• Static Maps API – You don’t always want an interactive map on your site. Sometimes a static map is just what you need. The Static Map API lets you embed static Google Maps onto your site, including custom styled maps.
• Directions API – The Directions API lets your users get directions from one point to another using a variety of travel modes from within your site or app, and doesn’t require a Google Maps API Key.
• YouTube APIs – YouTube has two APIs available: Player APIs and Data API. The Player APIs allow you to have an embedded player, or a chromeless player that you can then customize within HTML or Flash. The Data API lets your app perform a lot of the operations available on YouTube, including uploading videos and modifying user playlists.
• Webmaster Tools API – The Webmaster Tools API lets your client application use a variety of Webmaster Tools functions, including viewing sites, adding and removing sites, verifying site ownership, and submitting and deleting Sitemaps.
• Google Web Fonts API – The Web Fonts API makes it easy to add free web fonts to your website or application. Their collection of fonts grows on a continuous basis and already includes a huge variety.
• OpenSocial – OpenSocial can be used for building social applications, creating social app platforms, and sharing and accessing social data.

The Yahoo! APIs

Like Google, Yahoo! offers a number of APIs useful for developers. All are free to use and can help you integrate a variety of Yahoo!-owned web services into your app, including Flickr and Delicious.

• Answers API – The Answers API lets you access the collective knowledge contained within Yahoo! Answers. You can search Answers based on a variety of criteria (including specific user, category, and more), set your app to watch for new questions in the categories you choose, and track new answers from specific users.
• Contacts API – The Contacts API lets you access relationships in your Yahoo! address book. It reads a user’s Contacts information while respecting user privacy and permission settings.
• Delicious API – The Delicious API gives read/write access to Delicious bookmarks and tags.
• Fire Eagle Developer API – The Fire Eagle API helps you create location-aware websites and applications.
• Flickr API – With the Flickr API you can view, search, and manipulate photo tags, display photos from a specific user or group, and more.
• Local API – The Local API lets you access location-based information and user-contributed content.
• Maps APIs – Yahoo! offers a number of APIs for their Maps services, including an Ajax API, a REST API, and a No Coding API.
• Meme API – Meme is a multimedia light-blogging platform. The API lets you create apps that can read, post, and repost content through Meme.
• PlaceFinder – The PlaceFinder API, similar to Google’s GeoCoding API, and lets you convert a street address into geographic coordinates.

More APIs

Yahoo! and Google aren’t the only ones offering powerful APIs for designers and developers. A number of social media sites and others have their own API(s), including Twitter, Facebook, Yelp, Bit.ly, and many more.

• Twitter API – Twitter has a host of developer tools surrounding their API that let you create apps that interact with virtually any of Twitter’s functions.
• Facebook APIs – Facebook offers APIs for working with Credits, Ads, Chat, and more, including a couple of legacy APIs that are no longer actively supported. Also found here is the Graph API, which is the backbone of the Facebook Platform, and enables your app to read and write data to Facebook.
• Awe.sm – Awe.sm offers a number of developer APIs for integrating their social media campaign tracking tools into your app or website.
• Foursquare APIv2 – The Foursquare API not only allows you to create apps that interact with the Foursquare service, but also to use Foursquare’s place-related database as a standalone service.
• Ning API – Ning offers a set of APIs for developing desktop and mobile apps, custom network features, profile apps, and data importers.
• Soundcloud API – Soundcloud’s API includes tools for sharing, streaming, and customizing the Soundcloud player for your website.
• Klout API – The Klout API makes a variety of data available to developers, including Klout Scores, Network Influence, Amplification Probability, True Reach, and more.
• Social Mention API – The Social Mention API provides a stream of real-time search data from a number of social media services for integration into other applications. It’s free for personal and non-commercial use.
• Opus Social Media API – The Opus Social Media API can serve as a basis for developing a social networking and digital media site or app.
• Digg API – Digg offers an API that lets you access their newsfeeds for your own sites and applications.
• Yelp API – The Yelp API lets you access business listing info, business ratings, and review excerpts from Yelp in your application or website.
• Zillow Neighborhood Information APIs – Real estate site Zillow offers APIs that give access to neighborhood information that can be integrated into other applications. (They also offer a number of other APIs, including postings, property details, home valuations, and more.)
• Tropo – The Tropo API adds Twitter, IM, voice and SMS functionality to a variety of common programming languages. Development is free, though sending messages varies in price (with Twitter and IM messages currently free).
• Bit.ly API – Bit.ly offers an API for integrating URL shortening into your app or site.