News information technology online

Microsoft washes its hands of UEFI/Linux mess

2011-09-27T12:10:00.000-07:00

Shifts responsibility to hardware vendors
Linux Australia is fit to be tied over recent reports that Microsoft is requiring Windows 8 certified machines to support UEFI secure booting, a situation that could most likely hamper or block Linux booting on such machines.

Indeed, Linux Australia is so ticked off, they plan to file a formal anti-competitive complaint against Microsoft with the Australian Competition and Consumer Commission (ACCC).

Unfortunately, all I can say is, good luck with that.

I am unfamiliar with the burden of proof the ACCC holds for such complaints, but I'm pretty sure Microsoft will be able to get itself off the hook for this one. Why? Because nothing in the language they have used to describe the UEFI secure boot process or the need for this process mentions other operating systems in any way. The case Microsoft has carefully and consistently made is that secure booting is good for Windows because it shuts down one more avenue of malware.
There's been some confusion about why the UEFI proposal is such a bad thing, so let's walk through it again, if I may beg your indulgence:

Red Hat developer Matthew Garrett blogged on Sept. 20 that according to the new Windows 8 logo rules, all Windows 8 machines will need to be have the Unified Extensible Firmware Interface (UEFI) instead of the venerable BIOS firmware layer. BIOS has been pretty much the sole firmware interface for PCs for a long time. Under Windows 8, BIOS will be gone, replaced by the UEFI layer.

And not just any old UEFI layer, either, but secure UEFI. Meaning a hardened boot process. This hardened boot means that "all firmware and software in the boot process must be signed by a trusted Certificate Authority (CA)," according to slides from a recent presentation on the UEFI boot process made by Arie van der Hoeven, Microsoft Principal Lead Program Manager.

It's the secure booting that puts Linux on the spot, because it means in order to be bootable on one of these Windows 8-certified machines, the Linux distribution will need to have certified keys from the manufacturer. Now, from a technical point of view, Garrett posted in a follow-up blog Friday afternoon, implementing such keys would be a week's worth of work.

Practically and legally, it's a whole different ball game.

First, there's the legalities. According to Garrett, GRUB 2 is licensed under the GPLv3, which means the signing keys may have to be provided along with the source code. It's fuzzy: the GPLv3 requires signing keys be released when hardware is sold with GPLv3 software that's encrypted. But if the signed software is used on someone else's hardware, then the keys are not required. It's not even clear with the GPLv2, the license for the original GRUB bootloader. In order to clear the ambiguity altogether, Garrett recommends a non-GPL bootloader.

But that scenario, as unsavory as it sounds, could be worse. Bootloading is one of the services that is being pulled into the Linux kernel, which is most definitely GPLv2, and isn't going to change.

And then there's the practical issue Garrett mentions: who's to say the OEMs are going to provide keys for Linux to hook into? Sure, they have to provide keys for Windows 8 if they want to be able to sell Windows 8 on their hardware, but there's no rule that says they have to provide keys for anyone else.

Which is why I don't think Linux Australia's complaint has a hope of succeeding. Microsoft will argue--in fact, has argued in a rebuttal on this matter on Sept. 22--that this is a security matter for Microsoft Windows deployments, and they are in no way influencing what the hardware vendors are doing with their keys. Microsoft is not preventing other operating systems' keys from being handed out, and it's not their problem if the OEMs aren't accommodating to other operating systems.

The funny thing is, they're right. In one fell swoop, Microsoft has shifted the blame from their requirements to the actions (or inactions) of the OEMs. And why should the hardware vendors feel any pressure to provide keys, as Garrett summarizes?

"Microsoft can require that hardware vendors include their keys. Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's."

When this issue first came to light, it seemed to be a worry for desktop Linux alone. But as time went on, I began to wonder how many blade and rack servers come with that Windows Server certified logo. If Microsoft gets around to requiring UEFI secure booting for server hardware in a future version of Windows Server, then vendors like Red Hat and SUSE, who really don't play much in the desktop space, would take a serious hit if OEMs opted not to bother giving them keys. So would all the other Linux server distros.

For what it's worth, I don't see it coming to that. In server-space at least, vendors like IBM, HP, and Dell have too much invested in Linux, cloud, and virtual systems to prevent Linux installs. But in a world where barely any OEMs will even ship with Linux now, what incentive will hardware vendors have to provide keys for Linux distros?

For now, Microsoft isn't even bothering to argue these points, and from where I stand, they won't. If they are smart, they won't even mention complaints about other operating systems, and keep hammering home the point about security and malware. And, like a politician on a stump speech, that message will be drilled so many times it will even start to sound like the truth.

Source: ITWorld.com

Yahoo blocks emails about Wall Street protest

2011-09-24T15:05:00.000-07:00

Ready for conspiracy theories? Folks emailing information about the Wall Street protests on Monday using Yahoo discovered their emails failed, and received a message from Yahoo claiming "suspicious activity." Does that sound suspicious?

ThinkProgress.org has perhaps the best coverage, including a YouTube video of users trying to send emails that mention the "OccupyWallSt.org" web site. That seemed to be the magic phrase to get your email blocked.
Yahoo spokespeople claim it was a glitch, a mistake, unintentional, and they don't know how their spam filters became so sensitive. Via Twitter, Yahoo announced the blockage was now fixed, but "there may be residual delays." There will certainly be some residual questions. But remember, censorship requires a government entity squelching speech, not an email provider.

Source: ITWorld.com

Cisco compacts Catalyst switches

2011-01-10T15:20:00.000-08:00

New C-series line targeted at wiring-constrained environments
Cisco this week is rolling out two lines of Catalyst Ethernet switches in compact form factors intended for deployment in workgroups closer to users vs. wiring closets.

The Catalyst 3560-C and 2960-C Compact Series (C-Series) switches are designed to extend connectivity to IT deployments outside of the wiring closet -- customer check-outs, kiosks, warehouses, conference rooms, classrooms, hotel rooms, cruise ship cabins, gaming floors and other space- and wiring-constrained networking environments.Cisco says this market is about $1 billion and is being underserved by low-end, commodity switches. The C-series are “enterprise-class,” and carry all the features of the higher-end Catalyst 3560 and 2960 switches, but in a compact form factor, says Rob Soderbery, senior vice president and general manager, Ethernet Switching Technology Group at Cisco.
So the C-series will compete with both low-end commodity switches and enterprise-class compact switches from Cisco’s traditional competitors in the enterprise and SMB switch market – HP, Adtran, Netgear, D-Link, etc.

Click to see: Photo of Cisco C-series family
The switches are comprised of five models. They sport eight to 12 Fast Ethernet and Gigabit Ethernet ports, and two Gigabit Ethernet uplinks. They also include hardware acceleration for IPv6, IP multicast and access control lists.

The switches feature what Cisco calls Power over Ethernet (PoE) pass-through, a capability that allows the products to draw 30 watts/port of power from PoE switches deeper in the network – like in the wiring closets -- and not require dedicated power outlets or power supplies. The switches are also designed to reduce cabling costs by eliminating the need for individual cable drops from the wiring closet to far-flung network endpoints.

The switches can be deployed up to 100 meters away from the wiring closet, Cisco says. They are fanless, and can be placed on or mounted underneath desktops and countertops or on a wall.
For security, the switches support Cisco’s TrustSec technology, which determines, through policies, the role of users and devices in the network before granting access to resources. The C-Series switches are also PCI compliant, Cisco says, for regulatory compliance of payment transactions.

The switches encrypt all packets between the switch and the end device, and malicious users can be blocked from eavesdropping on the conversation between two endpoints, Cisco says. The switches also come with an optional security lock and cable guard to prevent theft of the switch and unauthorized access to the cables.
The C-Series switches also feature tools for simplified configuration and management, and QoS implementation for IP telephony and video. The switches can be remotely managed along with the switches in the wiring closet, Cisco says.

They also support Cisco’s EnergyWise software for monitoring and managing energy consumption of the devices connected to the switch. EnergyWise turns off or powers down devices when they are not needed.
"This is a long, overdue and good move by Cisco," says Andre Kindness of Forrester Research. "The retail and education markets that have always had a need a for smaller, more efficient, and quieter switches which has been traditionally filled by D-Link, HP and 3Com" before HP’s acquisition of them.

Kindness says Cisco is responding to trends in retail, education and enterprise in general where users are moving to more a distributed workforce with smaller campuses and more branch/remote locations. This means there will be shift in edges switches from large 24 and 48 port ones to compact and fanless ones, Kindness says.

Businesses are also setting themselves up in more locations but with smaller footprints to connect with more customers, Kindness says. An example of this is banks that have carved out locations within grocery stores instead of leasing large buildings on the corner of major streets.

The strengths of Cisco's C-Series line are simplicity, security and deployment flexibility, Kindness says. The downsides may be price and feature overkill for some markets.
"They are packing all the features into each physical form factor instead of offering different firmware levels for each form," Kindness says. "For example, the education market doesn’t really need the security rich feature set as the retail industry."

The switches may also overlap with Cisco's 500 series switches for the SMB market, Kindness says. Cisco may need to do a better job articulating the differences between these and other offerings, he says.

Pricing for the C-series ranges from $745 to $1,995. They will be available in March.

Facebook ignites Bubble 2.0 chatter

2011-01-10T15:18:00.000-08:00

Can the next hottest dotcoms live up to Wall Street's expectations?
Remember Webvan? The online grocer, whose initial public offering in March 2000 was among the most hotly anticipated during the dot-com boom, is now viewed as one of the greatest disasters of the era.

Fast forward 11 years and the feeding frenzy around Facebook and its exponentially expanding valuations are conjuring fears of a Bubble 2.0.

Goldman Sachs bankers have offered their private wealth clients less than a week to decide whether they want to hand over US$2 million apiece for a sliver of the Web darling du jour: Facebook at a $50 billion valuation.
For one Goldman client, who was expecting a 100-page financial document on Facebook to be hand-delivered on Thursday, hours before the deadline to invest in the company -- the whole thing "felt a bit like 1999."

Thanks to Goldman Sachs' latest cash infusion of about US$450 million with a commitment to raise another US$1.5 billion, Facebook has become the lightning rod for debate over whether these new Internet hotshots possess the profit-generating muscles to justify Wall Street's unforgiving expectations.

Twitter and Groupon, an online coupons site considered by some as the fastest growing company in Web history, are also mulling plans for IPOs well ahead of Facebook's potential offering at the end of 2012, investment bankers have told Reuters.

LinkedIn is wasting no time. The social network for professionals, with 85 million members, has hired bankers to go public this year.

For Facebook, which generated about US$2 billion in revenue in 2010, according to media reports, the US$50 billion valuation means investors have awarded it a multiple of 25 times sales, compared with a nine-times multiple for Google, and Amazon.com's 2.5-times multiple.

Facebook generates US$4 per user, compared with Google's US$24 per user and Yahoo's US$8 per user, according to a recent report by JPMorgan.

All that makes Facebook look expensive in the eyes of investors who measure businesses using traditional financial yardsticks, said Ken Sawyer, the managing director of venture capital firm Saints Capital, which owns shares of Facebook.

Investors will need to look past existing financial returns to focus on the company's business-transforming potential.

"It depends on your view of the world," said Sawyer. "If you believe that the ability to leverage this social network fabric will change the way companies acquire customers, then the valuation looks cheap."

Just as Google's search advertisements revolutionised the way businesses reach customers, Facebook's audience of a half-a-billion members has allowed companies like social gaming service Zynga and online dating service Zoosk to sign-up tens of millions of customers of their own in record time, Sawyer said.

As Facebook devises more ways to make money from that capability, such as by taking a cut of transactions made by other companies on its platform, the opportunity could be substantial, he said.

GLOBAL PHENOMENON

Facebook, born as a Harvard dorm-room project to help students to stay connected, has evolved into a global phenomenon, whose users include nearly as many people over 45 years of age as it does people under 24 years old.

In 2010, Facebook displaced Google as the most visited website in the United States, and nearly one out of every four graphical display ads viewed in the United States in the third quarter was on Facebook's website, according to analytics firm comScore.

Other young social networking businesses are experiencing similar growth.

Twitter, the microblogging service that has become an indispensable tool for celebrities and politicians to connect with fans, now counts more than 175 million users and fetched a US$3.7 billion valuation in a recent round of venture capital funding.

Online coupon service Groupon recently announced plans to raise up to US$950 million, implying a valuation that one research firm estimated could be as high US$7.8 billion.

Premium valuations for top-tier players like Facebook and Groupon are usually worth it, wrote Google "developer advocate" Don Dodge in a widely read blog post on Tuesday. The potential for a bubble comes when investors bid up prices for third-tier companies, whose business prospects aren't as solid, he wrote.

Unlike in the late 1990s, shares of today's Web sensations are privately held and not available to the general public. But a growing secondary market has developed in which investors meeting certain criteria, such as minimum net worth, can buy and sell shares.

Goldman Sachs plans to raise up to US$1.5 billion to invest in Facebook through a special purpose investment vehicle marketed to its private wealth management customers.

Such trading in companies that are not required to provide investors with the same kind of detailed financial reports and updates as public companies is raising alarms.

"It feels a little irrationally exuberant with some of these transactions, some of these values, particularly given the level of disclosure," said Robert Ackerman, the founder of early-stage venture capital firm Allegis Capital.

"Maybe with Facebook that's well placed," he said, "but what about all the other companies that are going to ride on Facebook's coat-tails."

The laws of gravity are also different in the private markets in which the new generation of Web superstars trade.

Because there's no way to short shares of private companies, the shares are subject to upward pressure but not downward pressure, noted BGC Financial analyst Colin Gillis.

"There's no counterbalance," he said.

AT&T exec says CDMA iPhone users won't like 'life in the slow lane'

2011-01-10T15:15:00.000-08:00

AT&T's top PR exec decided to stir the pot on the eve of an expected announcement that Apple's popular iPhone would finally be available on Verizon Wireless' CDMA-based network.

Verizon is widely expected tomorrow to announce it will be the second U.S. carrier to offer the iPhone, and the first to do on a CDMA network.

GET THE SCOOP: Will a Verizon iPhone be announced next Tuesday?

AT&T Executive Vice President Larry Solomon today reacted to a Wall Street Journal story which reported that Verizon is confident enough of its beefed up network to offer iPhone subscribers unlimited data plans for $30 a month. AT&T currently charges them $25 a month, with a data limit of 2 Gigabytes.
Solomon sent out the following statement, according to Business Insider: "The iPhone is built for speed, but that's not what you get with a CDMA phone. I'm not sure iPhone users are ready for life in the slow lane." Solomon noted that AT&T's GSM network is faster than Verizon's CDMA network.

That's already sparking a wave of commentary.

"Theoretically, Solomon is correct, as AT&T's 3G network offers higher peak speeds than Verizon's," writes MobileBeat's Devindra Hardawar.

"But that doesn't mean much when you can't get a network connection at all — something the 140,000-plus attendees of the Consumer Electronics Show saw last week, and something that residents of big cities like New York and San Francisco deal with every day."

AT&T has been the exclusive U.S. carrier for iPhone since the wildly popular handset was released in mid-2007. But the carrier has been plagued with complaints about missing or dropped or slow connections and poor customer service almost from the start. The company has said it under-estimated the data traffic impact of iPhone users, and has spent a lot of money to bolster its cellular infrastructure.

Late last week, in what was widely interpreted as a pre-emptive move, AT&T announced it was cutting the price of the iPhone 3Gs in half, to $49 from $99.

The big question, assuming Verizon Wireless does indeed announce a CDMA iPhone, is how many units it will sell. Several analysts have forecast that Verizon, with a current subscriber base of about 93 million, will sell 9 million to 12 million iPhones in the first 12 months. The Wall Street Journal reported that AT&T sold 11.1 million iPhones in the first nine months of 2010, and one analyst estimates the 2010 total will be about 14.5 million.

Hacker to use cloud for brute force WiFi crack

2011-01-10T15:08:00.000-08:00

WPA-PSK not powerful enough in a cloud world.

A security researcher claims to have figured out a quick and inexpensive way to break a commonly used form of password protection for wireless networks using powerful computers that anybody can lease from Amazon.com over the Web.

Thomas Roth, a computer security consultant based in Cologne, Germany, says he can hack into protected networks using specialised software that he has written that runs on Amazon's cloud-based computers. It tests 400,000 potential passwords per second using Amazon's high-speed computers.
That leaves businesses as well as home networks prone to attack if they use relatively simple passwords to secure their networks.

Amazon leases time on computers to developers and companies that don't have the money to buy their own equipment, or don't use it frequently enough to justify doing so. Customers include individual programmers and corporate users.

A spokesman for Amazon said that Roth's research would only violate his company's policies if he were to use Amazon Web Services (AWS) and its Elastic Compute Cloud (EC2) computing service to break into a network without permission of its owner.

"Nothing in this researcher's work is predicated on the use of Amazon EC2. As researchers often do, he used EC2 as a tool to show how the security of some network configurations can be improved," said Amazon spokesman Drew Herdener.

"Testing is an excellent use of AWS, however, it is a violation of our acceptable use policy to use our services to compromise the security of a network without authorisation."

Roth will distribute his software to the public and teach people how to use it later this month at the Black Hat hacking conference in Washington, D.C.

He said he is publicising his research in a bid to convince skeptical network administrators that a commonly used method for scrambling data that travels across WiFi network passwords is not strong enough to keep crafty intruders from breaking in to networks.

That encryption method, dubbed WPA-PSK, scrambles data using a single password. If a potential intruder is able to figure out the password, he or she can gain access to computers and other devices on the network.

Roth said that the networks can be broken into if hackers use enough computer power to "brute force" their way into figuring out the passwords that protect networks.

Those passwords were difficult for the average hacker to break until Amazon.com recently started leasing time on powerful computers at relatively inexpensive rates: It takes the processing capability of multiple computers to perform mathematical calculations needed to break the passwords.

The online retailer charges users 28 cents a minute to use machines that Roth used in his attack. It would cost at least tens of thousands of dollars to purchase and maintain that equipment.

Roth said that he used his software and Amazon's cloud-based computers to break into a WPA-PSK protected network in his neighborhood. It took about 20 minutes of processing time. He has since updated his software to speed its performance and believes he could hack into the same network in about 6 minutes.

"Once you are in, you can do everything you can do if you are connected to the network," he said.

Roth said he was not publicising his discovery to encourage crime, but to change a misconception among network administrators:

"People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so," he said. "But it is easy to brute force them."

RIM to block access to porn on BlackBerry in Indonesia

2011-01-10T14:58:00.000-08:00

Research in Motion said Monday it will work with Indonesia's carriers to filter out pornography websites as soon as possible for BlackBerry subscribers.

Internet service providers are required by law to block pornographic content, said Heru Sutadi, commissioner of Badan Regulasi Telekomunikasi Indonesia (BRTI), the telecommunications regulator in the country. If RIM does not block pornographic sites, Indonesia may consider blocking the service, Sutadi said.

Tifatul Sembiring, Indonesia's minister of communications and information, had warned of legal action if RIM did not filter pornographic web sites, according to media reports.RIM said in its statement that it shares Sembiring's sense of urgency on the matter and that it is fully committed to working with Indonesia's carriers to put in place "a prompt, compliant filtering solution for BlackBerry subscribers in Indonesia."

A meeting between RIM and the government is scheduled for Jan. 17. “We hope RIM will be compliant by then,” Sutadi said.

The BRTI is also pressing RIM on an earlier demand that RIM should install a server in Jakarta so that domestic communications traffic does not go out of the country, Sutadi said. It also wants access to some of the communications for security reasons.

RIM is already under pressure in India to allow the country's security agencies access to communications on its services. The company has agreed to provide lawful access under certain conditions to traffic in India on the BlackBerry Messenger service, but said that it does not have the technical ability to provide its customers' encryption keys for its corporate service, the BlackBerry Enterprise Server.

Facebook's leaked financials show possible $1B profit in '11

2011-01-10T14:51:00.000-08:00

Goldman Sachs' not-so-secretive document spills beans on site.
Facebook reportedly generated $1.2 billion in revenue in the first nine months of 2010, according to a document being distributed by Goldman Sachs.

What are reportedly Facebook's financials began leaking out Friday thanks to a not-very-secretive 101-page document that Goldman Sachs is sending out to potential Facebook investors, according to Reuters. Goldman Sachs, which earlier this week invested $450 million in Facebook and valued the social networking company at $50 billion, is providing its wealthiest customers with the most detailed information about Facebook's financials to hit the street yet.Citing an unnamed source who received the document, Reuters is reporting that Facebook earned $355 million in net income in the first nine months of 2010. It also noted that the financial statements being handed out have not been audited and do not specify how Facebook is pulling in its revenue.

Businessweek is reporting that if Facebook can maintain its growth and margins, the company could realistically pull in $1 billion in profit in 2011.
Facebook declined to comment for this story.

"We're finally seeing some numbers on Facebook's revenue and profitability and the news is mostly good," said Dan Olds, an analyst with The Gabriel Consulting Group. "The company has solid revenues north of a billion and profit margins of anywhere from 25% to 35%. These are great numbers, but not necessarily high enough to support a $50 billion valuation."

To financially get where Goldman Sachs thinks Facebook can go, the company won't be able to just stay the course.

"The only way Facebook at $50 billion looks like a good investment is if you believe that the company is going to continue to grow revenue and profits at a huge clip well into the future," added Olds.

News of Facebook's financials surfaced just one day after reports hit that the social networking company is on the cusp of gaining 500 shareholders, an invisible line enforced by the U.S. Securities and Exchange Commission (SEC) that will force Facebook to disclose its financials even though it's not a publicly traded company.

Discussion of the site's finances was widespread this week, even turning up in a segment on The Daily Show, where host Jon Stewart lampooned Facebook's desire to keep its information secret.
The Wall Street Journal reported yesterday that Mark Zuckerberg, CEO and co-founder of Facebook, is preparing to launch an initial public offering in 2012. That echoes statements made last September by Facebook board member, venture capitalist and PayPal co-founder Peter Thiel that Facebook was eyeing an IPO in late 2012.

News about Facebook's IPO prospects follow widespread speculation in recent days that another social networking company, LinkedIn, is working on an IPO of its own and could beat social networking heavyweights like Facebook and Twitter to the IPO gate.

Fear not, Facebook isn't shutting down

2011-01-10T14:40:00.000-08:00

Social network moves quickly to quash rumors Zuckerberg is set to call it quits.
No need to worry that Facebook will shut down on March 15, as reported by the supermarket tabloid Weekly World News.

Facebook quickly dispelled rampant online rumors that the site will be shut down for good on March 15. The rumors spread after Weekly World News, best known for stories about UFOs, aliens and the like, published a story over the weekend saying that Facebook CEO Mark Zuckerberg announced he was shuttering the company because it had become too stressful for him.

Facebook's quick reply: "We didn't get the memo about shutting down, so we'll keep working away like always. We aren't going anywhere; we're just getting started."

"It's hard to believe that anyone would take this seriously," said Dan Olds, an analyst at Gabriel Consulting Group. "But Weekly World News readers probably have bigger things on their minds, like their story about aliens attacking Earth in 2011 or the story about developing the skills to be invisible and levitate."

The rumors come just a week after Goldman Sachs and Digital Sky Technologies invested $500 million in the company, which gives Facebook a valuation of $50 billion. Shortly thereafter, leaked financial documents shows that Facebook generated a profit of $355 million on $1.2 billion in revenue during the first nine months of 2010.

The financials began leaking out last Friday thanks to a not-very-secretive 101-page document that Goldman Sachs sent to potential Facebook investors. Citing an unnamed source who had reportedly received the document, Businessweek reported that Facebook is on a path to generate $1 billion in profit this year.

1.5 million stolen Facebook IDs up for sale

2010-04-23T19:54:00.000-07:00

A hacker named Kirllos is offering to sell the accounts in an underground forum for 2.5 cents per account
A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.
Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.

IDefense doesn't know if Kirllos' accounts are legitimate, and Facebook didn't respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.
To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard.

Hackers have been selling stolen social-networking credentials for a while -- VeriSign has seen a brisk trade in names and passwords for Russia's VKontakte, for example. But now the trend is to go after global targets such as Facebook, Howard said.

Facebook has more than 400 million users worldwide, many of whom fall victim to scams each day. In one such scam, criminals send out messages from a compromised account, telling friends that the account's owner is trapped in a foreign country and needs money to get home.

In another, they send Web links that lead to malicious software, telling friends that it's a hilarious or sensationalistic video.

"People will follow it because they believe it was a friend that told them to go to this link," said Randy Abrams, director of technical education with security vendor Eset. Once the malware gets installed, criminals can steal more passwords, break into bank accounts, or simply use the computers to send spam or launch distributed denial of service attacks. "There's just a plethora of things that people can do if they can trick people into installing their software," he said.

Kirllos' Facebook prices are extremely cheap compared to what others are charging. In its most recent Internet Security Threat Report, Symantec found that e-mail usernames and passwords typically went for between $1 to $20 per account -- Kirllos wants as little as $0.025 per Facebook account. More coveted credit card or bank account details can go for much more, ranging between $0.85 to $30 for credit card numbers to $15 to $850 for top-quality online bank accounts.

5 hot IT certification picks for 2010

2010-04-21T02:14:00.000-07:00

Certifications have always been beneficial to IT job seekers, but lately there's increased emphasis on vendor- and technology-specific training as the economy begins to recover and companies look to plug talent holes in their IT organizations.

"There are great opportunities in technology, but there is increased competition for jobs," says Ray Kelly, CEO of certification provider Certiport. "I have never seen a time like today where there is such a focus on certifications."

Cisco, Microsoft certifications increase high-tech salaries

When the economy tanked, certifications became more important for IT pros who wanted to make themselves more employable.

"For the past couple of years, the economy has been challenging, but from a technical education standpoint it has been a positive market," says Fred Weiller, director of marketing for Learning@Cisco. "In pure volume, the foundation technologies such as routing and switching -- without which no network exists -- represent a huge amount of our certification portfolio."

These days, Cisco Certified Internetwork Experts see virtualization as the top networking investment area (cited by 67% of 970 CCIEs polled by Illuminas on behalf of Cisco). Another 64% say security and risk management will continue to be the networking skills in greatest demand -- an expectation echoed by Weiller.

Already, "professionals with 'cyber' on their resume can command a 20% salary premium as both the public and private sectors are becoming more aggressive in building their security talent pipeline," notes Thomas Silver, senior vice president at Dice. The high-tech job board listed more than 62,000 tech jobs available as of early April, about half of which are contract or part-time positions.

Determining the best IT certification to pursue depends on an individual's existing skill level, career goals and accessibility to training. Here we detail five of the hottest IT certifications for 2010.

1. VMware Certified Professional

The VMware Certified Professional (VCP) program, now available on vSphere 4 (VCP4), seems like a no-brainer. With virtualization technology growing within the majority of organizations, it is critical that the talent pool keep up with the technology. Yet recent research shows that enterprises are worried about a lack of expertise specific to virtualization. New skills need to be acquired for virtual systems, and new management and automation technologies must be introduced into the environment to truly reap the rewards of virtualization. According to Forrester Consulting, which interviewed 257 IT professionals on behalf of CA, "the proper skills for the future are difficult to attain and retain."

2. Microsoft Certified Technology Specialist

Microsoft continues to dominate most desktops in U.S. business. Its Windows operating system boasts more than 91% market share, according to March figures from Net Market Share, and Microsoft has seen accelerated interest in the latest revision, Windows 7.

"Microsoft continues to leave its computing fingerprints on most desktops," says Forrester Research analyst Sheri McLeish.

IT professionals who become a Microsoft Certified Technology Specialist (MCTS) can prove their abilities around implementing, building, troubleshooting and debugging specific Microsoft technologies, such as a Windows operating system, Microsoft Exchange Server, Microsoft SQL Server and Microsoft Visual Studio. (Check out this 9 year-old, who's working on his fifth Microsoft certification.)

"In terms of training and certification, we have seen the fastest ramp up on Windows 7 than any technology in the past five years," says Chris Pirie, general manager of sales and marketing for Microsoft Learning. "We are anticipating a big wave of desktop refreshes and we will be having a new wave of Office software this summer. Certification is very hot for us right now."

3. Cisco Certified Architect

IT professionals with a few certifications under their belts could consider upgrading to what has been dubbed the Ph.D. in Cisco.
The network giant last year added to its educational roster with a new level of certification, the Cisco Certified Architect (CCA). While Cisco boasts more than 20,000 CCIEs worldwide, the vendor decided to build another layer of expertise on top of its proven certification program. The CCA requires applicants to already be certified as Cisco Certified Design Experts (CCDE) and have 10 years of experience. The training for CCA would equip IT professionals with the C-level know-how and skills to prevent wasteful investments on technology and better align network projects with business goals, according to Cisco.

"One of the key things we are testing or investigating is the ability for a candidate to understand the business side and translate that into technology demands," Cisco's Weiller says. "The CCA builds upon the CCDE program, which in itself is very much in demand. Networks have become very sophisticated and to be able to design and build a network that can adapt to changing needs and stand the test of time is critically important in making an individual successful in a networking career."

4. CompTIA Strata Green IT

While vendor-specific knowledge and foundational certifications seem a prerequisite for most jobs, IT professionals in 2010 should also consider amping up their vendor-neutral skills around technologies that continue to gain attention from high-tech as well as business leaders.

"From CompTIA's perspective, entry-level certifications such as the A+ and Network+ are going through the roof, and we are seeing double-digit growth in Security+ certifications," says Terry Erdle, senior vice president of skills certification at CompTIA (Computer Technology Industry Association).

Building on the basics, CompTIA just announced a new training track, green IT. CompTIA's Strata Green IT certificate is recommended for IT professionals with 18 months of technical experience and IT credentials such as CompTIA A+ or Server+, and the program is designed to show that a candidate is schooled in power management as well as virtualization techniques. The certification also includes training on developing and calculating ROI for green IT initiatives and knowledge of environmentally sound waste disposal techniques.

"We just launched the Strata Green IT certification to help build the funnel from the lower end to the higher end for people with advanced skills. The best thing we as a nonprofit in the IT industry can do is help fix the unemployment problem in the country, and we do that by adding such advanced skills training to address emerging employment needs," Erdle says.

5. ITIL v3 Foundations

For many, the goal this year is to streamline IT operations, adding automation where possible, while at the same time increasing services to users. The premise of overhauling the way IT works is outlined in the IT Infrastructure Library, or ITIL (Version 3 is currently being adopted).

With four levels of ITIL certification, IT professionals can prove they understand the principals around service life-cycle management and apply them to real-world environments. Companies seeking such expertise would likely desire a candidate who couples ITIL skills with security or other technical expertise. Considered more of a process-oriented area, ITIL can still deliver benefits such as improved availability, faster problem resolution and reduced costs due to streamlined processes.

"Whether you want to call them soft skills or business skills, IT professionals need communications skills, they need to be able to manage a project, and they need ITIL skills to show they understand the service lifecycle," Cisco's Weiller says. "Individuals need all these skills, not just technical skills."

Adobe vs. Apple is going to get uglier

2010-04-16T19:38:00.000-07:00

You think things are bad now between Apple and Adobe? Just wait until the lawsuit.
Usually I write about security here, but Apple's iron-bound determination to keep Adobe Flash out of any iWhatever device is about to blow up in Apple's face. Sources close to Adobe tell me that Adobe will be suing Apple within a few weeks.

It was bad enough when Apple said, in effect, that Adobe Flash wasn't good enough to be allowed on the iPad. But the final straw was when Apple changed its iPhone SDK (software development kit) license so that developers may not submit programs to Apple that use cross-platform compilers.

Officially, Adobe's not talking about such actions, but there's no question that Adobe is ticked off big time at Apple. I mean how often in print does one company representative say about a former partner, "Go screw yourself Apple," as Lee Brimelow, an Adobe platform evangelist, did on his personal Web site, The Flash Blog. While Adobe had him retract some of his words, and the blog now has a big disclaimer, "[Adobe would like me to make it clear that the opinions below are not the official views of the company and are entirely my own.]" we can be sure that within Adobe's offices far stronger words were used to describe Apple's attitude towards Flash.

For now, Adobe spokesperson Wiebke Lips maintains that "We are aware of the new SDK language and are looking into it. We continue to develop our Packager for iPhone OS technology, which we plan to debut in Flash CS5." Flash CS5, which is part of Adobe Creative Suite 5, arrived on April 12th, but, at this point, it can't be used to create i-device applications.

Indeed, the net effect of Apple's licensing change, according to John Gruber of Daring Fireball, is to make it impossible to use cross-compilers, such as the Flash-to-iPhone compiler in Adobe's upcoming Flash Professional CS5 release. This also bans apps compiled using MonoTouch -- a tool that compiles C# and .NET apps to the iPhone." In other words, Adobe, Microsoft, not only can you not have Adobe Flash or Microsoft Silverlight running natively on an iPod Touch, iPhone, or iPad, you can also forget about creating an iWhatever program that can get around that requirement.

Adobe, the king of Internet video with 95% Web browser market penetration, is not one bit happy about being locked out of Apple's lucrative mobile device market. Novell's MonoTouch group is "reaching out to Apple for clarification on their intention, and believe there is plenty of room for course-correction prior to the final release of the 4.0 SDK." Adobe, which doesn't want to let go of its hold on Internet-based video, isn't anything like as optimistic.

So, unless things change drastically between Apple and Adobe in the next few weeks, from what I'm hearing you can expect to see Adobe taking Apple to court over the issue. It's not going to be pretty.

source : ITworld.com

Hacker restores "Other OS" to PS3; has Sony opened Pandora's box?

2010-04-12T02:10:00.000-07:00

Last week on April 1st, Sony pushed out a (more or less mandatory) firmware update (version 3.21) that clobbered the "Install Other OS" feature from older PS3s (the feature had already been disabled from the newer PS3 Slim).

When Sony revealed that a firmware update would remove this feature, hacker George "Geohot" Hotz announced that he'd see what he could do about helping people retain this functionality while still being able to use their PS3 on the Playstation Network. His plan was to build a custom version of firmware 3.21 that had all of Sony's content (such that is is; the update didn't seem to do anything but remove the feature) while retaining Other OS.

Yesterday he released video purported to show an early version of his custom firmware in operation (video embedded below). Hotz's blog post offers a few more details, but the one caveat is that your PS3 has to have firmware version 3.15 or earlier in order for this to work. If you've already upgraded to 3.21, you'll be out of luck when Hotz releases his custom version.

What's interesting to me about this story is that Hotz (who, prior to taking on the challenge of the PS3, was big in the iPhone hacking scene) was the first to hack the PS3 back in January. Some suspect that this was the incentive for Sony to go all paranoid and yank the "Install other OS" feature in the first place, so there's some poetic justice in Hotz putting that feature back in.

Now I don't know George Hotz and I'd never heard the name "Geohot" before that news in January, and only recently have I started reading his blogs. From reading him, it sounds like he initially hacked the PS3 just for the challenge of doing so and because he's legitimately interested in seeing how things work. He states more than once that he doesn't condone piracy and for now, let's take that at face value. On the other side of the coin, I can understand how Sony can be so skittish about having their hardware hacked, considering how much rampant piracy (accomplished via custom firmware) impacted the Sony PSP. But I think Hotz makes a really good point in the closing paragraph of his most recent blog post:

"Note to the people who removed OtherOS, you are potentially turning 100000+ legit users into "hackers." There was a huge(20x) traffic spike to this blog after the announcement of 3.21. If I had ads on this site I guess I'd be thanking you."

How many PS3 owners were paying attention to the PS3 hacking scene before Sony yanked this feature on them? It didn't seem like there were that many, but now it's become big news. Is Sony trying to put out a fire with gasoline? Newer PS3s didn't have the "Install Other OS" option. Now Hotz says it's possible that his hack will enable it on those new systems too. If that turns out to be true, Sony has done themselves more harm than good. Accepting that Hotz has no interest in piracy, that certainly isn't true of everyone and it seems logical that his custom firmware will offer a good starting point for those with more nefarious reasons for hacking their PS3. By removing the Install Other OS feature, all Sony has managed to do is garner ill-will and encourage the PS3 hacking scene that it was trying so hard to quash.

To fight scammers, Russia cracks down on .ru domain

2010-03-22T04:30:00.000-07:00

In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures.

Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers. Right now, domains can be set up with no verification -- a practice that has allowed scammers to quickly set up .ru domains under bogus names.

The changes will help Russia align its rules with international best practices, said Olga Ermakova, informational projects manager with the Coordination Center for the .ru top-level domain, in an e-mail interview. The .ru administrators care about the "cleanness" of the domain, she added. "We don't need negative content, and such content is often [created] by unknown users."

Loopholes in the domain name system help spammers, scammers and operators of pornographic Web sites to avoid detection on the Internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified.

Criminals in eastern Europe have used .ru domains for a while, registering domain names under fake identities and using them to send spam or set up command-and-control servers to send instructions to networks of hacked computers.

With the new domain registration requirements, it will be more difficult for criminals to continue with business as usual. At the very least, the requirement that registrants must submit paper documents will make setting up domains a more costly and time-consuming process.

"It's pushing the malicious activity elsewhere," said Rodney Joffe, chief technologist with Neustar, a DNS service provider. "If it's so much of a hassle, they'll say, 'Screw it. I'm going to register another top-level domain.'"

Russia has been under pressure to clean up the .ru system, which is widely perceived as a safe haven for scammers. China made similar changes last month to the way that its .cn space is administered.

Joffe said it's too early to say how effective the .cn changes have been.

The .ru domain has been a top source of fraud of late, agreed Robert Birkner, chief strategy officer with Hexonet, a domain name service company. But even if it is cleaned up, criminals will have other places to go. Vietnam's .vn domain and Indonesia's .id have also been a problem lately, he said.

Earlier this week, representatives from the U.S. Federal Bureau of Investigation and the U.K.'s Serious Organised Crime Agency (SOCA) lobbied the group responsible for coordinating the Internet's domain name system to enforce tighter name recognition policies. Now it is "ridiculously easy" to register a domain name under false details, said Paul Hoare, senior manager and head of e-crime operations with SOCA.

Last month, a study of Internet domain name databases found that only 23 percent of records were accurate.

source: ComputerWorld.com

Google eyes departure from China on April 10, report says

2010-03-22T04:27:00.000-07:00

Beijing newspaper says search giant to reveal plans Monday; Google mum
A report today in the Chinese press says Google will announce on Monday that it plans to pull its business out of China on April 10.

The China Business News, a Beijing-based newspaper, is reporting that Google is just days away from putting a specific deadline on its departure from China. "I have received information saying that Google will leave China on April 10, but this information has not at present been confirmed by Google," the newspaper quoted an unidentified sales associate who works with the company as saying.

In an emailed response to Computerworld, a Google spokesman said, "We have repeatedly made clear that we are not going to comment on our discussions with the Chinese government."

This latest report comes just days after both Google and the Chinese government appeared to be leaking word that the search firm may soon shutter its operations there as negotiations between the two break down.

The Wall Street Journal reported Monday that the Chinese government had begun informing news Web sites in that country that Google's Chinese site is likely to close soon.

"I think Google is serious about this and I think their reputation would be damaged by capitulation," said Ezra Gottheil, an analyst with Technology Business Research. "I thought this was pretty inevitable from the beginning, considering how both parties have made pretty firm statements. It doesn't mean that a new arrangement cannot be made in a year or two, but it will require at least the appearance of compromise on both sides."

Google first threatened to halt its operations in China after disclosing in January that an attack on its network from inside China was aimed at exposing the Gmail accounts of Chinese human rights activists. At the time, Google also said it was reconsidering its willingness to censor search results of users in China as required by the government.

Google has since been negotiating with the Chinese government to find a way to continue operating in the country.

Google's continuing stand against China has been met mostly with support from industry watchers, who say it is helping the search company overcome the major hit in good will it's taken in recent years by ceding to China's censorship demands.

source: ComputerWorld.com

China state media cranks up Google tension amid speculation

2010-03-22T04:19:00.000-07:00

State-controlled Chinese media accused Google of political motives in its threat to exit China, suggesting a hostile government stance as speculation grows that Google could act on a plan defying the country's regulations.

Other editorials published in recent days, which appear to mark a coordinated attack on Google in Chinese state media, played down the effects any exit by the company would have in China.

"It is unfair for Google to impose its own value and yardsticks on Internet regulation to China, which has its own time-honored tradition, culture and value," a commentary by writers at the official Xinhua news agency said Sunday. "One company's ambition to change China's Internet rules and legal system will only prove to be ridiculous."

Google said in January that it planned to stop censoring results on its China-based search engine, Google.cn, but that the move might mean having to shut down that Web site or Google's China offices altogether. Google cited reasons including hacking attempts allegedly launched from China and concerns about restrictions on free speech.

The Wall Street Journal on Sunday cited an unnamed person familiar with the matter as saying Google could announce its latest plans for China this week.

Another state-media editorial, run in the China Daily, said Google leaves itself less room for negotiations the more it "politicizes the issue."

Chinese officials have repeatedly warned that Google and other foreign companies must follow China's laws to operate in the country.

"Chinese netizens did not expect the Google issue to snowball into a political minefield and become a tool in the hands of vested interests abroad to attack China under the pretext of Internet freedom," China Daily said in another editorial.

A constant message in the editorials was that a Google exit would have no effect on the growth of the Internet in China. Chinese Internet users will simply move on to other search engines if Google is unavailable, and Google "will be the biggest loser in all of this," China Daily said.

Google did not immediately reply to a request for comment.

source : ComputerWorld.com

Mozilla confirms critical Firefox bug

2010-03-22T04:13:00.000-07:00

Slates patch for March 30; flaw can't be used in upcoming Pwn2Own hack contest
Mozilla yesterday confirmed a critical vulnerability in the newest version of Firefox, and said it would plug the hole by the end of the month.

Although the patch won't be added to Firefox before next week's Pwn2Own browser hacking challenge, researchers won't be allowed to use the flaw, according to the contest's organizer.

"The vulnerability was determined to be critical and could result in remote code execution by an attacker," Mozilla acknowledged in a post to its security blog late Thursday. "The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix."

Firefox 3.6, which Mozilla launched in January, is affected, Mozilla said, adding that it would be patched in version 3.6.2, currently slated to ship on March 30.

The bug was disclosed by Russian researcher Evgeny Legerov a month ago in a message posted on a forum hosted by Immunity, the Miami Beach, Fla. developer best known for its Canvas penetration testing framework. Legerov works for Moscow-based Intevydis, which produces the VulnDisco add-on for Canvas.

Legerov did not publish attack code, and initially refused to provide details to Mozilla, according to a March 4 entry he posted on his blog. "I've ignored e-mails ... from Mozilla, please do not waste my and your time anymore," Legerov wrote. The blog has since been deleted, but is still available via Google's cache.

In comments appended to a vulnerability alert published by Danish bug tracker Secunia, several users questioned Legerov's motives for making the announcement, while others chided Secunia for not thoroughly testing the flaw or claimed that it was all a hoax.

Mozilla yesterday said Legerov had eventually sent them "sufficient details to reproduce and analyze the issue."

Until the March 30 patch is released, users can upgrade Firefox to the beta of version 3.6.2, which includes the fix, by downloading the preview.

Although Apple and Google have recently updated Safari and Chrome, respectively -- beefing up the browsers' security before the $100,000 Pwn2Own hacking contest starts March 24 -- the version of Firefox that will be used in the challenge will lack the patch for Legerov's vulnerability. Pwn2Own will pit only production versions of Chrome, Firefox, Internet Explorer (IE) and Safari against the hacking talents of researchers.

However, that doesn't mean hackers will be able to use the bug to claim one of the $10,000 prizes for successfully exploiting Firefox. "We will have our entire research team on-site so that we can do our best to ensure that known issues such as this one do not turn up at our contest," said Aaron Portnoy, a research team lead with 3Com TippingPoint, the company sponsoring Pwn2Own.

Portnoy, who organized the fourth annual contest, has predicted that Microsoft's IE8 will be the first browser to fall during the three-day event.

Mozilla will also patch Firefox 3.0 (with 3.0.19) and Firefox 3.5 (with 3.5.9) on March 30. Firefox 3.0.19 will be the final security update for the browser Mozilla debuted in mid-2008.

Source: ComputerWorld.com

Hands on: Internet Explorer 9 Platform Preview shows speed, not much else

2010-03-19T02:18:00.000-07:00

For now, the main selling points are increased performance and support for HTML 5
The Internet Explorer 9 Platform Preview exhibits to good effect two of what Microsoft says will be the new browser's selling points: speed and HTML 5 support. If the final version is as fast as or faster than the preview, IE will no longer be a laggard in the browser race and will most likely beat out Firefox. HTML 5 support is a nice extra, but it's still too early to tell how important that will be.

At this point, the IE9 Platform Preview is little more than a browser display engine, and it isn't intended for users. Instead, it's Microsoft's attempt to give developers a heads-up about where the browser is headed. There's no address bar, no navigation features or Favorites, no Back or Forward buttons, no multiple tabs, no malware protection or other basic or advanced browser features. To visit a Web site, you have to press Ctrl-O, type in the URL and then press Enter. When you click a hyperlink that would normally open a new window, that page will open in your default browser.

Not surprisingly, the IE9 Platform Preview doesn't replace your existing version of IE. Instead, it runs alongside it. It cannot be set as your default browser. It runs only with Windows Server 2008 R2, Windows Vista Service Pack 2 or Windows 7. To run it on Vista SP2 and Windows Server R2, you'll need the Platform Update. It won't run on Windows XP -- now, or when it finally ships, according to Microsoft.
The need for speed

IE8 and previous versions of IE have been criticized for being far slower than competing browsers such as Firefox and Chrome, and tests have proved that out. The IE9 Platform Preview fixes that problem. In my testing on two PCs -- one with Windows Vista and other with Windows 7 -- I found it far speedier than earlier versions of IE, and faster than Firefox.

I ran the SunSpider JavaScript Benchmark on a Dell Dimension 9200 with an Intel Core 2 Quad CPU and 2GB of RAM. I tested the Internet Explorer 9 Platform Preview, Internet Explorer 8, and the current versions of Firefox (3.6) and Chrome (4.1). IE9 exhibited a dramatic speed improvement; with an average score of 804ms, it performed more than six times faster than IE8 (5078ms) and nosed out Firefox (914ms) but was beaten by Chrome (489ms).

Microsoft says that one way it sped up the browser was by using a separate processor core to compile JavaScript in the background. JavaScript is only one benchmark for speed, of course. The vendor says it has taken steps to speed up the browser in other ways as well, notably by using a PC's graphics processor to accelerate the rendering of text and graphics.

There's no way to adequately test this, so I can't report on it accurately. But on the IE9 Test Drive site, you can find several impressive demonstrations of interactive HTML 5 graphics powered by your graphics processor. I also tested Chrome and Firefox; both were significantly slower than IE9 and did not display the test graphics properly. However, there's no way to know whether the graphics on the page have been specifically tuned for IE9, so it's hard to know how significant the results are.

Adherence to standards

Microsoft is also touting IE9's adherence to HTML 5 standards, including a variety of features such as the ability to embed video and to interactively change and animate the borders of Web pages. To show them off, the company has created a set of Web pages on its IE9 Test Drive site.

The results are fast and impressive, but again, it's hard to know how well the browser will work in the real world, since the pages may have been tuned for it. And because HTML 5 is not in general use, this may not be a big selling point in the short term, although it could be important in the long term.

Currently, IE9 doesn't play HTML 5 videos using the HTML 5 tag, even though that feature was shown off at the recent MIX10 developer's conference. Microsoft says it will be fully functional in future versions of the browser.

IE9 showed mixed results on the Acid3 test, which tests how well a browser adheres to several sets of Web standards, notably those related to JavaScript and the Document Object Model (DOM). When I ran it, the IE9 preview scored a 55 on the Acid3 test and rendered the page properly except for color. Chrome 4.1 scored a 98 and did not render the page properly; Firefox 3.6 scored a 92 and did render the page properly, although during the course of the test it displayed several error messages.

IE9's Acid3 test score is not impressive, but it's a great leap forward compared to IE8, which on my PC scored only a 20 and, as with IE9, rendered the page properly except for color.

In normal Web browsing, every page I visited displayed properly on IE9, with one very major exception: Gmail. The buttons that normally range across the top of the page instead were stacked on top of one another, leaving a very large empty blue space.

That's all, folks

At this point, the Internet Explorer 9 Platform Preview does little more than display Web pages, so there's no way to tell what the final version of IE9 will look like. However, based on this initial release, it's clear that the browser will be far faster than previous versions of IE and that it will beat or rival Firefox, if not Chrome, in terms of performance.

Only developers or those who simply must get their hands on new software the moment it comes out would need to download the IE9 Platform Preview -- it can be found at Microsoft's Test Drive site. Everyone else will do well to wait until a later version is released. Microsoft says a new version of the Platform Preview will be released approximately every eight weeks, but it has given no date for beta or final releases.

Source : ComputerWorld

IT gives Windows 7 the green light

2010-03-09T14:17:00.000-08:00

After taking a pass on Vista, organizations are ready to commit to Microsoft's new OS
Jim Thomas said no to Windows Vista — but Windows 7 is an entirely different matter.
Thomas, CIO at Pella Corp., says his IT team began beta testing Vista's successor a year ago as an upgrade path from Windows XP. By October, just two months after Windows 7 launched, the Pella, Iowa-based window and door manufacturer had 225 Windows 7 clients up and running — and the feedback from both IT staff and end users has been generally positive.

Pella is ready to move forward, Thomas says. "We will have 50% of our users, that's 2,500 machines, deployed on Windows 7 in 2010," he says. By the end of next year he expects to have 90% of the business on the new operating system.

This time, IT organizations say, it looks like Microsoft has finally delivered the goods. And just in time. About 80% of IT organizations didn't move forward with Vista, according to Gartner Inc. Instead, the vast majority of enterprise users remain on Windows XP, an outdated, eight-and-a-half-year-old operating system that should have passed into the high tech-fossil record long ago.

Computerworld surveyed 285 IT professionals to gauge their attitudes and intentions with regard to Windows 7. Overall, 72% said they plan to migrate to Windows 7, with 70% saying they will implement it within a year or that they already are installing the new OS.

The number one reason cited for upgrading: To get off the aging Windows XP platform. That said, however, almost 40% of survey respondents will take XP support to the end — April 2014 — before they install Windows 7 on all their Windows machines.

Those willing to wait that long, however, are in the minority. "We're ready to move on," says Paul Shane, IT director at the Seattle offices of Milliman, Inc., an actuarial consulting firm in Seattle. He avoided Vista, which he says was initially problematic, clumsy, buggy and continues to suffer from slow performance. But he expects to have most of his 150 desktops and laptops upgraded to Windows 7 by the end of this year. Disappointed with Vista, Shane briefly considered the Mac and OS X platforms. Now, he says, "We've cast those aside."

Like Thomas, he's not even waiting for the first Service Pack, which Gartner analyst Michael Silver says customers can expect some time this summer. (Microsoft had no comment on the availability of SP1.)

What IT wants: Enterprise features

For IT, Windows 7 is an opportunity to take advantage of new features and better integration, especially with Windows Server and Microsoft's System Center Configuration Manager, which can save money by requiring fewer pieces of management software, and can make managing desktops easier.

Art Sebastiano, vice president of infrastructure at ModusLink Global Solutions in Waltham, Mass., has been testing Windows 7 on a few dozen machines for a rollout on 3,500 machines in 30 global locations. He says Windows Server's account-credential (password) caching, which facilitates single sign-on and allows access to networked resources when a domain controller is unavailable, works better with Windows 7 clients. "Driver support and legacy compatibility has been good," he says, and adds that Microsoft offers a downloadable XP Mode program to facilitate backward compatibility.

For his part, Shane says group policy controls are improved under Windows 7. "We really love the new client group policy. You can manage a lot of things through group policy now that used to require a login script," he says.

For University HealthSystem Consortium in Oakbrook Ill., DirectAccess, which allows secure remote access without a separate VPN client and login, is a big win. Donald Naglich, director of technology infrastructure, says that for the half of his 275 users who use laptops, remote access will become more seamless. "It's one of the main reasons we want to [move to] Windows 7," he says. "It's one less piece of software we have to worry about from an integration standpoint." He plans to start migrating to Windows 7 early next year and hopes to have all systems upgraded by the end of 2011.

Pella is considering deploying DirectAccess for the same reasons. "Users don't like having to remember to launch a VPN client and log in," Thomas says. He's also interested in BranchCache, a remote office content-caching technology designed to speed up access to files stored on Windows Server 2008 from Windows 7 clients. "We want to see if it adds value," Thomas says.

Both Pella and Milliman Inc. see BitLocker, which provides full-volume encryption, as a solid win for laptop users. "We used a third-party product that didn't integrate well with Windows and had a separate password," says Milliman's Shane. "Now we can secure laptops and the encryption and security is transparent to the user." He says some offices are already using BitLocker to Go, which encrypts USB storage. Then, through group policy, machines are set up so that they can't store data on any USB device that's not using encryption.

Thomas says moving from Windows XP to Windows 7 has reduced the number of system images he'll need by 80%. "It has to do with drivers and Windows 7 being able to understand and adapt to them versus having a specific image built," he says. Pella has about 25 images for all of its users, each of which must be kept up to date with the latest software updates, patches and security fixes. His team expects to have fewer than five once the deployment is complete, which should save on administrative costs.

What users like
While IT executives say Windows 7 boots up faster than Vista, is more stable and removes the intrusive user access control pop-ups, most end users didn't have Vista. Instead, end users tend to compare the new user interface in Windows 7 to what they've had with Windows XP.

ModusLink's Sebastiano says that, on the whole, his users like the interface, particularly features like drag-and-drop "snap" resizing of windows for easy side-by-side comparison and task bar previews.

But Shane says his users are split on the new task bar. "People either love it or hate it." It's a challenge, he says, because he has users who can't navigate the Start menu in Windows XP to find programs. "If it's not a shortcut on the desktop they're in trouble." He fears that another change to the task bar may just add to user confusion.

Users also don't always understand Windows 7 libraries, a concept that replaces the standard folder metaphor with a more sophisticated model that allows groupings of files that may be stored in different locations. What's more, File Explorer defaults to the local library — even if you don't want users pointed there. Shane says that even administrators may find it annoying at first. "When you're rolling out a bunch of PCs on a network it gets in the way," he says.

Shane says his users like Windows 7's interface improvements, such as those Sebastiano described, and more subtle changes, such as how Windows automatically makes desktop icons bigger on larger screens with higher resolution. "That has helped users with poor eyesight," he says. Users particularly like what he calls the "shake and bake" feature on the Aero desktop that lets the user minimize all open windows on screen except for the currently selected one by simply grabbing and shaking that window from side to side.

Such features have been well received, he says. "But users have to be told about them."

Thomas warns that a migration from XP to Windows 7 won't be a slam-dunk with users without a little training. "Users haven't always gotten value of the tools we shove their way. This time we're spending more time up front trying to understand where the values are and actually promoting that."

Challenges and roadblocks

Given a choice between bringing in Windows 7 on new machines and upgrading old ones, most organizations prefer the former. Most (58%) of the survey respondents, however, say they will also upgrade at least some existing machines, particularly those purchased within the last two years.

One way to avoid replacing end user PCs is to use PC virtualization technologies. Naglich plans to do exactly that at University HealthSystem Consortium. And he's not alone in considering the use of desktop virtualization to ease the transition to Windows 7. Nearly one in five (18%) of IT professionals surveyed said they plan to move at least some Windows XP users from traditional Windows PCs to hosted virtual desktops as they migrate to Windows 7.

Naglich is working on a proof of concept for VMware-based desktop virtualization. That should roll out in the next month or two, he says. He hopes that hosted shared desktops will make administration easier and reduce application and hardware conflicts during the transition to Windows 7 by using a few common, centralized system images on back end servers. "For some people, the first Windows 7 they have may be on a virtualized desktop," he says. But he's not ready for a broader rollout. Most of the 275 Windows clients will be upgraded to a local version of Windows 7.

That's smart, because both Windows 7 and desktop virtualization products are still maturing, says Gartner's Silver, adding that what you save on desktops you'll need to invest in back end servers, virtualization software and associated infrastructure. The real benefits come from easier management. The sweet spot for organizations that want to do both at once, he says, is late 2011. By then, he contends, both Windows 7 and desktop virtualization technologies will be more mature.

For existing hardware that meets Windows 7 system requirements, all of the usual upgrade issues apply. "Fresh installs are quick," Sebastiano says. On the other hand, while a Vista upgrade to Windows 7 is fairly straightforward, getting user profiles and settings moved over from XP is more challenging. He's looking at using Laplink Software's PCmover to bring those over.

Application compatibility is another potential issue, particularly for older software. Axium Healthcare Pharmacy Inc., an online specialty pharmacy based in Lake Mary, Fla., is using several internally developed Visual Basic 6 applications that won't run on Windows 7, not even with the XP Mode software. "A lot of ActiveX controls don't play at all," says Norbert Cointepoix, director of IT.

But Matt Okuma has found that some applications run better. Okuma, enterprise architect at BEST Technology Services, a business unit of Pacific Coast Building Products in Rancho Cordova, Calif., says his Cisco unified communications software never worked properly on about 100 of the Vista machines he rolled out. Some of those, he says, had to be rolled back to Windows XP. With Windows 7, however, it runs just fine. "We love it. Everything just works," he says.

Well, almost. Initially Windows 7 machines running Internet Explorer 8 couldn't connect to his iPrism proxy server, but he says the vendor, St. Bernard Software, provided a fix quickly. He plans to start rolling out Windows 7 to all 3,500 users next year.

The IE 8 quandary

The good news is that Internet Explorer 8 follows industry standards more closely than did IE7 and IE6. The bad news: Its lack of backward compatibility with proprietary features in previous versions of the Microsoft browser may cause problems for Web sites and applications designed to work with those browser versions — especially IE6. More than half of survey respondents (53%) said that they may have applications that won't run properly with IE8.

"If you have apps that were written to IE6 you're going to have some issues," Silver says, and he warns that IE8 runs with fewer Windows user rights on Windows 7 than it did on XP. A Microsoft spokesperson says that administrators can set up Windows 7 machines to run previous versions of IE in XP Mode if necessary.

Premier Health Partners has a medical imaging application that still requires IE6 and a clinical application that requires IE7. "We're in a quandary here," says Sam Seay, corporate director of infrastructure. While he could use XP compatibility mode to try to run IE6 and IE7 on some machines, Seay says he prefers to wait for the vendors to support IE 8.

"The biggest issue is making sure you do application compatibility testing," Thomas says. Pella's IT staff has had to update software releases and work through issues on some of the company's approximately 400 applications. Pella is still testing compatibility; the firm started with its most-used applications, in terms of the number of users. "Our issue has been on older apps that didn't necessarily follow current development guidelines," Thomas says, explaining that Pella's had to make some "small adjustments" on approximately 20% of its applications, or get updates if a more current release exists.

In general, he says, "We haven't had too many applications that we haven't been able to get running."

Overall, after more than eight years living with XP, most organizations say they finally feel comfortable moving on. Shane feels confident that the transition will go smoothly at Milliman. "It's not something completely new," he says. "They just made a better Vista."

Cisco unveils next Internet core router

2010-03-09T14:13:00.000-08:00

Says its CRS-3 has three times the capacity of its current version
Cisco Systems today introduced its next-generation Internet core router, the CRS-3, with about three times the capacity of its current platform.

"The Internet will scale faster than any of us anticipate," Cisco Chairman and CEO John Chambers said during a webcast announcing the product.

At full scale, the CRS-3 has a capacity of 322Tbit/sec., roughly three times that of the CRS-1, which was introduced in 2004. It also has more than 12 times the capacity of its nearest competitor, Chambers said.

The CRS-3 will help the Internet evolve from a messaging to an entertainment and media platform, with video emerging as the "killer app," Chambers said.

Using a CRS-3, every person in China, which has a population just over 1.3 billion, could participate in a video phone call at the same time. It could transmit the whole printed contents of the Library of Congress in one second and every movie ever made in four minutes, according to Cisco.

"This is the heart and brains of the next-generation Internet," said Suraj Shetty, vice president of worldwide service provider marketing.

Also on the webcast, AT&T announced it has been using the CRS-3 to test 100Gbit/sec. data links in tests on a commercial fiber route in Florida and Louisiana. The router will be available in the third quarter this year.

Source : computerworld.com

Cisco touts new core router's 100G Ethernet, energy efficiency

2010-03-09T13:56:00.000-08:00

Cisco's new CRS-3 core router, which the company has boasted will "forever change the Internet," will come with 100Gbps Ethernet interfaces and 322Tbps multichassis interconnect capability.

The router also will support software to help make data center and cloud computing resources more available to users, and will use 60% less power than its predecessor, the CRS-1, said Mike Capuano, Cisco's director of service provider marketing, in an interview following Tuesday's announcement.

Cisco expects to ship the 120G per slot system, which has three times the capacity of the CRS-1, in the third quarter.

100G Ethernet cheat sheet

Some wonder whether such capacity claims are all that meaningful, however, in that Cisco never really delivered on it 92Tbps promises with the CRS-1. The largest CRS-1 multichassis deployment connects eight CRS-1s into a 10Tbps system, Capuano acknowledges.

So will any carrier really need a 322Tbps system any time soon?

"We're continuing to increase the size of our multichassis deployments at a pace where we're meeting customer demand," Capuano said. "We don't want to get ahead of them; we have to time it so that we're delivering the right set of capabilities as time progresses. It's all designed in from the beginning."

Capuano also said all CRS-1 modules are forward compatible with the new router.

The CRS-3 delivers the industry's most energy efficient core router, according to Capuano. It consumes 2.75 watts/gigabit, almost half that of rival Juniper's 4.4 watts/gigabit on the T1600, he said.

The single port 100G Ethernet interface for the CRS-3 supports "singleflow" 100G transmissions through Cisco's QuantumFlow Array chipset. It transmits a single 100G flow while other 100G Ethernet interfaces take two 50G forwarding engines and multiplex traffic across them, Capuano said.

"That makes it much harder to do a multichassis design," he said.

For delivery of data center and cloud services, the CRS-3 supports Cisco software called Data Center Services System. The software detects changes in traffic patterns of workloads between data centers and locates the best path to access compute and storage resources, or content. It works with another attribute of the Data Center Services System software called Cloud VPNs to set up a secure MPLS connection between data centers to balance workloads.

"That's a big part of this next generation Internet -- the emergence of cloud," Capuano said. "It requires scale, savings and service intelligence."

Source : computerworld.com

Five new technologies for your home

2010-03-08T12:00:00.000-08:00

Many new technologies and gadgets have taken a back seat to the news of 3D television. Yes, 3D HDTV is astonishing. However, there are some new products out there that will not only improve your geek lifestyle, but also won't require you to wear hulking glasses. Here are five such items. Enjoy!

Can't find your remote control? No problem.

The Re™ from New Kinetix can turn your iPhone or iPod touch into a universal remote control. Simply snap on the IR attachment, download the software, and you can control your home theater with probably the best illuminated remote you'll ever see. Essentially, this application turns your iPhone/iPod into a learning remote. You hold your antiquated remote face to face with the dongle and the software will copy the infrared signals needed to operate your television, sound system, etc.

Price: Not yet set

RGB and...Y? QuadPixel technology is here!

The combination of the colors red, green and blue produces the millions of colors that you see on your LCD television (or computer monitor). Even the most beautiful of modern televisions are limited to these mere millions of colors your screen can produce. No longer. Sharp is introducing it's new QuadPixel LCD TV which adds in a yellow filter to produce more than a trillion colors.

Price: $3,600

Portable Digital TV and DVD player

Are your kids tired of watching the same ol' DVDs as you travel over the river and through the woods? Philips understands. It has introduced the first portable DVD player that can also pick up digital TV stations. Never miss American Idol again when you're traversing this great nation.

Price: $180

Out of the box thinking

The Armour Group has developed a marvelous little radio called the Q2 Cube that tunes in to your favorite internet radio stations. Change the station by physically flipping the box onto one of it's four sides. Volume control? Tilt the box backwards or forwards.

Price: Not yet set

6 in 1 television

So the other day I was talking to a friend who is a huge sports fan. This product is for him. Samsung has developed the first multi-screen 60-inch HD monitor. Six separate screens that can work in concert or individually. Just think of the possibilities...!

Source : ITworld.com

Bill calls for NASA to continue push to Moon

2010-03-07T06:36:00.000-08:00

Legislation would halt space shuttle retirement and continue human space flight plan
President Barack Obama's plan to push NASA to scrap the "Obama budget scraps NASA manned moon mission" and contract with commercial companies to build space taxis is meeting with some resistance in Congress.

Senator Kay Bailey Hutchison (R-Texas) yesterday introduced a bill that would undo NASA's plans to retire its aging space shuttle fleet later this year. The bill would also require that NASA continue on with its Constellation program, which calls for building rockets and spacecraft to carry astronauts to the International Space Station and further into space.

"We must close the gap in U.S. human space flight or face the reality that we will be totally dependent on Russia for access to space until the next generation of space vehicle is developed," said Sen. Hutchison, in a statement. "If the space shuttle program is terminated, Russia and China will be the only nations in the world with the capability to launch humans into space. This is unacceptable."

Hutchison introduced the bill just a little more than a month after the president released his 2011 federal budget proposal, which would eliminate NASA's plan to return humans to the moon by 2020.

The budget plan aims to turn the agency's attention to developing new engines, in-space fuel depots and robots that can venture into space.

NASA administrator Charles Bolden has repeatedly said since the budget plan was proposed that the Constellation program is behind schedule, and projected to ultimately be over budget. He said he feared that NASA's Constellation program would sap funding and attention from developing new technologies.

Sticking with the plan would also drain funds from the space spation program, and would force NASA to withdraw its support from the international effort as early as 2015, he added.

The Obama administration's new plan calls for NASA to work with commercial aeronautics companies to design and build so-called space taxis that could take astronauts to the space station and eventually into outer space.

Obama's plan - and the fact that it could lead to job losses in both Florida and Texas -- got a pretty chilly reception in Congress this week. Bolden faced a vigorous round of questions in front of Congress earlier this week about the space agency's missions and what the new budget plan means for NASA.

he Wall Street Journal reported late yesterday that Bolden has asked senior managers at NASA to draw up an alternate plan in case Congress shoots down Obama's proposal. The alternative would be a compromise that would include ideas from both the administration and Congress, according to the Journal .

Sen. Hutchison's bill is designed to enable NASA to postpone the retirement of the space shuttle fleet until work is complete on a next-generation American spacecraft.

She also wants to push forward with NASA's goal of moving beyond human flights in low-Earth orbit and extend missions out to the moon or Mars.

Hutchison called the administration's plan short-sighted.

"Not only are we turning our backs on 40 years of American space superiority, we are giving up vital national security and economic interests to other nations," she added. "This must not be an 'either-or' proposition where we are forced to choose between continuing to fly the shuttle to service the station and maintain our independence in reaching space, or investing in the next generation of space vehicle. We can and must do both."

Dan Olds, an analyst with The Gabriel Consulting Group, said Hutchison is obviously motivated to keep jobs in her area and boost her public approval. However, that doesn't mean that the legislation won't garner much support across the country. "Some politicians are, of course, concerned about losing major facilities and employers in their districts, but that doesn't necessarily mean that their argument is without merit," said Olds. "If the space shuttle is retired now, we do lose our ability to launch humans into space until the new, privately built space taxis comes on line. I do think that private industry can probably do a better, faster, and less expensive job of it than the government, but they're not going to be able to get these new vehicles off the ground as quickly as hoped." He added that it comes down to how long the U.S. wants to go without being able to launch an astronaut into orbit on its own.

"In fact, I can put together a compelling case for launching politicians into orbit that would be sure to gather broad public support and immediate funding from voluntary contributions," he added.

Source : computerworld.com

Google giving away phones to (some) Android devs

2010-03-07T06:28:00.000-08:00

Google just can't stop giving away phones!
The first time we heard about what is now called the Nexus One, it was because Google was handing them out at a company meeting. Then they gave everyone at the TED conference a Nexus One. Everyone who attended the Android Developer Lab's at MWC got one. We're told they'll be giving either a Nexus One or a Motorola Droid to qualified developers at next week's Game Developer's Conference. Earlier this week we ran a story (still rumor at this point) saying that anyone registered for the canceled Washington DC Android Developer Lab would get a free "Android device."

Clearly Google wants to get Android phones into the hands of as many tech pundits and developers as possible in order to create buzz and build out the community of Android developers as quickly as possible. But here's a twist to the story. Now Google is giving either a Droid or a Nexus One to existing Android developers. How do you qualify? You have to have an app on the Android Market that has at least a 3.5 rating and at least 5000 downloads. That's a fairly low bar; Google is going to be giving out a lot of devices!

The program is called the Device Seeding Program for Top Android Market Developers. Here's the full text of the email going out:

Due to your contribution to the success of Android Market, we would like to present you with a brand new Android device as part of our developer device seeding program. You are receiving this message because you’re one of the top developers in Android Market with one or more of your applications having a 3.5 star or higher rating and more than 5,000 unique downloads.

In order to receive this device, you must click through to this site, read the terms and conditions of the offer and fill out the registration form to give us your current mailing address so that we can ship your device.

You will receive either a Verizon Droid by Motorola or a Nexus One. Developers with mailing addresses in the US will receive either a Droid or Nexus one, based on random distribution. Developers from Canada, EU, and the EEA states (Norway, Lichtenstein), Switzerland, Hong Kong, Taiwan, and Singapore will receive a Nexus One. Developers with mailing addresses in countries not listed above will not receive a phone since these phones are not certified to be used in other countries.

We hope that you will enjoy your new device and continue to build more insanely popular apps for Android!

-Eric Chu
Android Mobile Platform

The big question of course, is why send Android phones to developers who already have Android phones? Presumably the assumption is that many established Android developers have older devices and Google wants them to get started taking advantage of new features in Android 2.0+, or even just taking advantage of the more powerful processors in recent phones.

As an example, Engadget recently ran a post about HyperDevBox, a Japanese studio that's created ExZeus, an Android game that really shows off what the new handsets are capable of. (I've embedded a video below.) This game (currently) only runs on phones with Android 2.0 or later, and a dedicated GPU; Google would like to see more apps of this caliber in the Android Market and that will only happen when more experienced developers have the latest hardware in their hands.

No matter the reason, this has to be good news for developers that qualify!

Source ITworld.com

Cisco quits WiMax radio business

2010-03-07T06:19:00.000-08:00

The company will stop making base stations to concentrate on back-end IP infrastructure by Stephen Lawson

Cisco Systems will stop developing and making WiMax base stations to concentrate on the IP (Internet Protocol) networks that sit behind them.

Cisco acquired Navini Networks, which made WiMax RAN (radio access network) equipment, in 2007. The dominant IP networking company said at the time that it saw a powerful opportunity to bring broadband Internet access to developing countries through WiMax.

However, despite hitting the market first, WiMax has taken a back seat to LTE (Long-Term Evolution) as a 4G (fourth-generation) mobile technology. LTE is backed by the industry body behind GSM (Global System for Mobile Communications) and is on the road maps of most major carriers that have chosen a 4G system. In the U.S., Verizon Wireless plans to launch LTE commercially this year and AT&T will follow next year.

Cisco can serve both markets with products it acquired through its purchase last year of Starent Networks, which made gateways between radio networks and a carrier's core IP infrastructure. Both WiMax and LTE are based on IP packet networks. In order to concentrate on this business, the company will get out of making the actual radios that deliver WiMax signals to subscribers' devices.

"Cisco's mobile strategy has always been to provide a radio-agnostic approach that focuses on the packet core and IP network, where the company can add differentiated value. After a recent review of our WiMax business, we announced a decision to discontinue designing and building new WiMax base stations and modems, and we also announced a support plan for transitioning existing customers," Cisco spokesman Jim Brady said Friday.

The Navini products haven't played a big role in high-profile WiMax networks. Cisco is a supplier to the world's largest WiMax network project, Clearwire's national U.S. buildout, but only with IP equipment, not radios.

Analysts called the Starent acquisition a move away from WiMax toward the larger LTE market. Unlike WiMax, which had its roots in the wireless LAN world, with strong backing by Intel, LTE is dominated by the giants of cellular equipment, such as Ericsson and Alcatel-Lucent. Cisco has said it does not intend to compete with those types of vendors.

Analysts were not surprised by Cisco's announcement.

"Cisco pulling out at this moment looks like good business," said analyst Laurence Swasey of Visant Strategies. He believes LTE will dominate the 4G world and may even be adopted by current WiMax carriers eventually.

Cisco did the WiMax industry a big favor by buying Navini, Swasey said. "It was a stamp of approval at a time when the market was very fragmented as to what 3.5G and 4G would be to the masses," he said. Today, several major vendors, including Huawei, Samsung and Motorola, are supplying RAN equipment for commercial networks. Cisco's decision to get out of the business will have far less impact than its choosing to get in, Swasey said.

Source :ITnews.com

Printers and Scanners of Tomorrow (and Beyond)

2010-03-07T00:16:00.000-08:00

Four ultra-futuristic printers and scanners hint of the possibilities of future tech

Affordable 3D Printers
3D printers are nothing new; in fact they've been around for some time. We've had a look at some of the cool things you can do with these types of printers, including creating models, tools and all sorts of wizardry. Unfortunately, the 3D printers of today cost in excess of $100,000 and are largely reserved for large architecture and development firms.

Thankfully, it won't stay that way forever. HP recently announced its interest in 3D printing, with products potentially available for just $15,000. 3D printers might not make it to your desk this year, but at this rate, the possibility of owning a 3D printer for personal or business use is becoming more likely.

3D Critters of the Future
The products of 3D printers, naturally, aren't limited to flat images. Here are some of the cool things 3D printers let you make.

Biological Printers
We are still a little way off re-growing entire limbs, but we are certainly making strides towards it. Invetech and Organovo have created the first 3D bioprinter, which is capable of printing entire cells. According to Organovo CEO Keith Murphy, the potential uses are wide-ranging - from supporting existing kidney cells to forming the foundations of a tooth.
With a printer capable of producing "tissue on demand," researchers and surgeons will apparently be able to easily repair organs without waiting for a lab to catch up; just press the button and go. It's all a bit freaky, but if these end up in every hospital they could literally be a life saver.

Food Printers
To us, this seems even more unlikely than biological printers. Then again, science fiction movies have told us for years that one day we'll have replicators that can reproduce anything on command. This concept from MIT doesn't quite reach those heights, but it sure does get close. By mixing liquid ingredients to suit the user's preferences and then either heating or cooling it, the "Cornucopia" can recreate a meal with any number of textures and tastes.

We're not sure of the final taste, but somehow we don't think these food printers will be making it into five-star restaurants anytime soon.

Food Printer Products
This opens all kinds of possibilities . . . liquid lasagna, anyone?

3D Scanning
We've seen plenty of devices that help you get designs out of a computer, but how about something to get 3D objects back in? Step in Ortery's Photosimile 5000, allegedly the world's first 3D scanner for the office. The Photosimile 5000 is essentially a big box that allows you to attach compatible Canon SLR cameras, and automatically takes a succession of photos. The product lies on a rotating turntable, giving you a full 360 degree view of the product.

The scanner is undoubtedly useful for product manufacturers everywhere (and it could even threaten the jobs of in-house product photographers). It even automatically creates a 3D animation of the product, though this has to be viewed using Ortery's proprietary software.

USB 3.0 vs. eSATA: Is faster better?

2010-03-06T12:33:00.000-08:00

While USB 3.0 is good, it's not as simple as "Whoever's the fastest wins." Let's take a closer look at these new and improved ports on our PCs

Up-to-date computers now include external ports that, in theory, can handle data at rates of up to 5 Gigabits per second. But which is better?

If you've been in the computer business for any length of time you can probably painfully remember when serial RS-232 ports could barely handle 28 Kilobytes per second. And, adding insult to injury, the standard was loose enough that you could have 'compatible' devices that you could never physically connect. How things have changed! Now, eSATA can handle 300 MBps (MegaBytes per second) and USB 3.0 can wheel and deal up to 625 MBps.

So that makes USB 3.0 better right? Well, while USB 3.0 is good, it's not as simple as "Whoever's the fastest wins." Let's take a closer look at these new and improved ports on our PCs.

ESATA (External Serial Advanced Technology Attachment) is the external version of the technology, SATA, that your computer is likely already using for its hard drive. While SATA and eSATA are both older than USB 3.0, its proponents would still claim that it's better than USB 3.0.

They can make this argument because the most common use for eSATA is for external hard drives. Internally, these drives are still using SATA even if you're connecting to these devices with USB or FireWire on the outside. Thus, the argument goes, these devices must use a bridge chip to translate from the ATA protocol to USB or the FireWire IEEE 1394 protocol.

There are two ways to do this. The first is to encapsulate the SATA protocol-borne data into USB or FireWire. The other is to actually convert the data into one of the external data transmission protocols. In either case, this requires extra steps and processing, which slows down the effective throughput.

Various benchmarking tests support this claim. In particular, eSATA has clearly been shown to be faster than USB 2.0.

Today, USB 3.0's SuperSpeed 5 Gbps (Gigabits per second) is more than ten times faster than USB 2.0's top theoretical speed of 480 Mbps (Megabits per second). In addition, USB 3.0 supports asynchronous data transfers, which means that, unlike USB 2.0, it doesn't need to wait to poll a USB device every time it wants to start shipping data one way or the other.

In addition, USB 3.0 includes a new transfer method called Bulk Streams. With Bulk Streams, USB now supports multiple data stream transfers. The net effect of this is that the protocol will do much better with huge data transfers such as those required by viewing an HD movie that's residing on an external hard drive.

Still, on those same external drives, USB 3.0 must deal with the SATA to USB protocol conversion slowdown. So, who wins when it comes to raw read and write speeds? We still don't know.

I did, however, run some rough benchmarks to get an idea of what we're dealing with. For my devices I used a Western Digital My Book Studio Edition II 1TB 7,200 RPM external hard drive with its eSATA port and ran it against a Western Digital My Book 3.0 with a similar drive inside. I attached these to a Gateway SX2802 PC with a 2.5GHz Intel Core 2 Quad Q8300 CPU and 6GBs of DDR2 memory. On this system I was running Windows 7 Ultimate. To enable it to handle USB 3.0, I installed a StarTech 2 Port PCI Express SuperSpeed USB 3.0 Card Adapter.

With this setup, USB tends to be about 20% faster than eSATA at reads, while eSATA was about 20% faster at writing data to the disk. While I make no claims for these to be definitive benchmarks (I used the freeware Crystal DiskMark 3.0 program for my tests), I do think the results indicate what you can expect to see from today's eSATA and USB 3.0 drives.

In both cases the real world results were quite a bit slower than their theoretical bests. With reads, my USB drive averaged 90 MBps, while the eSATA drive came in at 75 MBps. When it came to writing to the disk eSATA still processed data at 75 MBps while the USB drive dropped to 62 MBps.

This kind of difference between real world and theoretical results is quite common. Nothing in your office or home, or even the test bench, will ever run as fast as its design specifications call for.

That said, I was surprised to see USB 3.0 do as poorly as it did. Mind you, it's still much faster than USB 2.0 and somewhat faster than eSATA in data reads. I had expected better from it. I strongly suspect that as USB 3.0 devices and drivers mature, it's speed will significantly improve.

USB 3.0 does have some other advantages over eSATA. For example, like USB 2.0, you can power devices through a USB 3.0 connection, while you'll need another power connection for external eSATA devices.

In addition, USB 3.0, which can handle up to 50% more power than USB 2.0, should be thriftier with energy than 2.0. Alas, it's not. As Brian Nadel reported in ITworld's sister publication Computerworld, current USB 3.0 implementations will drain your laptop's battery faster than their equivalent USB 2.0 devices. Again, the next generation of devices and drivers should handle this better.

Another noteworthy point is that while USB 3.0 is backwards compatible with USB 2.0 cables and devices, you can't use a USB 3.0 cable with a USB 2.0 or earlier device. In addition, you can't use any USB 3.0 device with a USB 2.0 cable. That's because while the flat USB Type A plug, the one that goes into your PC, is compatible with USB 2.0 ports even though it has an extra pair of connectors, the other end is a different story entirely. The Type B plug, which is the one that you use to connect devices to the computer, comes in two different varieties. Neither of these will fit into a USB 2.0 B port.

So, what should you do? If I were you, I'd stand pat for now. USB 3.0 is the wave of the future. Later this year, as the technology matures, USB 3.0 devices should be consistently faster than today's eSATA devices, but we're not there yet.

In addition, for now, you'll still pay a premium for USB 3.0 devices, boards with USB 3.0 ports, and even PCs with USB 3.0 built-in. Towards the year's end though USB 3.0 will become the default on almost all PCS and peripherals. Much as I like USB 3.0, I don't see any reason to hurry up and adopt it today. I'd advise you to wait too

N. Korea develops operating system with Windows-like GUI, Linux guts

2010-03-06T12:30:00.000-08:00

Bundle includes thinly disguised versions of Firefox, OpenOffice.org

The North Korean government appears to have developed its own graphical Linux-based "Red Star" operating system, though its people still prefer that symbol of Yankee high-tech imperialism, Microsoft Windows.

That's according to the blog of a Russian college student, 'Mikhail,' studying at a university in North Korea's capital city, Pyongyang.

According to translations of the blog by Russian satellite news channel, Russia Today, as well as Google's Translate tool, installation DVDs of Red Star can be freely purchased in Pyongyang for $5 and come in both client and server versions.

Red Star requires, at minimum, a Pentium III 800 MHz CPU (state-of-the-art in developed countries about ten years ago), 256MB of RAM and 3GB of hard disk space.

Installation takes 15 minutes, and users may only choose to run it in the Korean language. A more serious quirk: The clock on the bottom right shows the year in both the standard international Gregorian calendar, and the North Korean "Juche Idea," in which 2010 is the year 99.

Local North Koreans told Mikhail that Red Star is not stable, and that they still prefer Windows XP, Vista or 7.

Mikhail did not comment on what version of Linux that Red Star may be built upon. Cuba released its own version of Linux last year called Nova that is based on Gentoo, a Linux variant that is run by a foundation based in New Mexico.

Red Star includes applications such as a thinly disguised version of the Mozilla Firefox browser, an OpenOffice.org-like productivity suite, an e-mail client called 'Pigeon,' and a number of other utilities.

Two programs that were apparently developed by North Korea include a firewall program called "Pyongyang Fortress," and an antivirus application called "Woodpecker."

The browser's search engine defaults to the North Korean government's official Web site, Naenara.

Internet freedom and security

2010-03-04T12:09:00.000-08:00

It's already been a busy year in the area of Internet freedom and security.

10 of the Worst Moments in Network Security History

First, Google reported that it, along with a bunch of other major companies, had been hacked, and pointed the finger at China.

Then Secretary of State Hillary Rodham Clinton gave a few "Remarks on Internet Freedom" in which she pushed for one Internet, without barriers.

Separately, the Federal Trade Commission notified about 100 companies that some of their secrets had been exposed by employees who were running peer-to-peer software.

Finally the Internet security firm NetWitness said that it had figured out that 75,000 computers at 2,500 companies had been compromised with the ZeuS Trojan starting in 2008.

Nope - not a good start to 2010. I would like to think that things will quiet down some for the rest of the year but it does not look like that will happen.

In early January, Google announced that it had been hacked from China, that the hackers seemed to be after the gmail accounts of Chinese human rights activists and that Google was going to review "feasibility of our business operations in China."

Well, that caused quite a splash. Google's accusation fit so well with the general public perception of China's approach to the Internet that it was easy to assume that the hacking was directed by the Chinese government.

Clinton did not go quite so far as to accuse the Chinese government of complicity during her speech on Internet freedom,but she did call upon it to "conduct a thorough review" of the Google hacks and that the results of the review be transparent. Clinton's speech was quite a good one from the point of view of those of us who value the positive impact of the communication enabled by the Internet.

Properly, she did not hide the fact that communication over the Internet can be used for good (human rights activists) and evil (terrorists).

India adds IT jobs despite recession

2010-03-04T11:26:00.000-08:00

The largest addition of jobs in the country came in the IT services and BPO industries

India added 487,000 jobs in its IT and BPO (business process outsourcing) export industries in the quarter ended Dec. 31, despite the global recession, according to a Quarterly Quick Employment Survey by the country's labor bureau.

The survey was conducted to assess the impact of the economic slowdown on employment in India.

The results, released Thursday, found that of a total of 638,000 jobs added across the economy, 580,000 were in the exports sector. IT services and BPO exporters led the pack.

Besides Indian service providers, a large number of multinational companies like IBM and Accenture have set up IT services and BPO operations in the country, that service both the Indian market and markets abroad. Most of India's IT and BPO exports go to the U.S. and the U.K.

In January this year, a large number of Indian outsourcers, including the largest, Tata Consultancy Services (TCS), and the second largest, Infosys Technologies, reported plans to increase hiring in anticipation of improved business conditions.

TCS, for example, added 7,692 positions in last quarter of 2009, taking the total staff at the end of the quarter to 149,654. The company plans to hire about 8,000 trainees and about 3,000 experienced staff in the current quarter, it said.

India's software and services exports are expected to grow at 5.5 percent to US$49.7 billion in the Indian fiscal year to March 31, 2010, Minister for Communications and IT Sachin Pilot told Parliament on Thursday.

That growth rate for software and services exports is well behind the 16.5 percent rate in the year to March 31, 2009, and 29.5 percent in the previous year.

However an expected uptick in business later this year is driving new hiring by the IT and BPO sector. The National Association of Software and Service Companies (Nasscom) said in February that India's exports of software services and BPO are likely to increase by 13 to 15 percent in the fiscal year to March 31, 2011.

Some companies have also indicated that they will increase staff salaries soon. Raises were cut down or held back last year after the recession hit the industry.

IT management: Zero in on business impact

2010-03-04T11:19:00.000-08:00

Push users to think past the idea that technology will be a cure-all
CIO Executive Council - Within five years of moving into IT management, Jay Kerley found his purpose: working with the business to affect business outcomes and results. And he set his sights on the CIO role when it became clear that the best way to create change and effect a business impact on as wide a scale as possible is to have that executive-level, strategic role. "With a CIO's cross-division view of processes, you are in the position to shift and turn the company," says Kerley, who was promoted to the position of deputy CIO at Applied Materials in 2009.

Kerley, a winner of CIO magazine's and the CIO Executive Council's 2009 CIO Ones to Watch Award, identifies three milestones in his path to the c-suite: building business outcome-focused IT leadership teams, taking on risky challenges with big payoffs for the company, and cultivating a portfolio perspective.

Kerley's first taste of driving business results came in his first leadership position, where he discovered that he had a knack for rallying and motivating teams to tackle complex, business-oriented challenges. What motivated him -- and his team, in turn -- was the chance to create and enable business improvements. He built a close-knit team of people during his time in that position -- many of whom have stayed with him as he moved to new companies and new locations -- that led projects with far-reaching impact on the company, including globalization of processes for more efficient and consistent operations, and merging acquired business units without disrupting service to the customers.

Kerley realized that a willingness to face new challenges would bring greater benefits to the business, and he had this in mind when he joined Applied Materials, the world's largest supplier of manufacturing equipment to the semiconductor, display and solar photovoltaic industries. There he took a risk by evaluating applications that hadn't been meeting the engineering users' needs for years, pushing people to think past the idea that technology would be a cure-all, and examining the underlying processes as the source point for potential improvements. He then partnered with business leads to develop new processes and a technology solution to enable them. In the end, the engineering team not only had a better user experience, but was able to use the system in ways it hadn't before, including collaborating across the globe.

Much of this came together because Kerley found a strong CIO mentor early on, who complemented weaknesses -- while Kerley came up in IT via infrastructure and applications development, this mentor came from a leadership development and project and portfolio management background. Being exposed to that side of the IT world was a revelation, Kerley says. Having a portfolio perspective enables IT leaders to serve as a bridge into the business and to see the potential for cross-functional improvements, a skill-set necessary to being a results-oriented CIO.

Jay Kerley is deputy CIO at Applied Materials and a member of the CIO Executive Council. The Council's Pathways Program was created by CIOs to build business and IT leadership skills in senior IT leaders through group mentoring with CIOs, 360-degree competencies assessment, targeted seminars and community forums. To learn more, visit council.cio.com/pathways.html.

Microsoft's Charney suggests 'Net tax to clean computers

2010-03-04T10:39:00.000-08:00

The company recently used the U.S. court system to shut down the Waledac botnet

How will we ever get a leg up on hackers who are infecting computers worldwide? Microsoft's security chief laid out several suggestions Tuesday, including a possible Internet usage tax to pay for the inspection and quarantine of machines.

Today most hacked PCs run Microsoft's Windows operating system, and the company has invested millions in trying to fight the problem.

Microsoft recently used the U.S. court system to shut down the Waledac botnet, introducing a new tactic in the battle against hackers. Speaking at the RSA security conference in San Francisco, Microsoft Corporate Vice President for Trustworthy Computing Scott Charney said that the technology industry needs to think about more "social solutions."

That means fighting the bad guys at several levels, he said. "Just like we do defense in depth in IT, we have to do defense in depth in [hacking] response."

"I actually think the health care model ... might be an interesting way to think about the problem," Charney said. With medical diseases, there are education programs, but there are also social programs to inspect people and quarantine the sick.

This model could work to fight computer viruses too, he said. When a computer user allows malware to run on his computer, "you're not just accepting it for yourself, you're contaminating everyone around you," he said.

The idea that Internet service providers might somehow step up in the fight against malware is not new. The problem, however, is cost.

Customer calls already eat into service provider profits. Adding quarantine and malware-fixing costs to that would be prohibitive, said Danny McPherson, chief research officer with Arbor Networks, via instant message. "They have no incentive to do anything today."

So who would foot the bill? "Maybe markets will make it work," Charney said. But an Internet usage tax might be the way to go. "You could say it's a public safety issue and do it with general taxation," he said.

According to Microsoft, there are 3.8 million infected botnet computers worldwide, 1 million of which are in the U.S. They are used to steal sensitive information and send spam, and were a launching point for 190,000 distributed denial-of-service attacks in 2008.

More than 100 companies targeted by Google hackers

2010-02-27T23:50:00.000-08:00

Two months after hack, security firm says another 68 command-and-control servers have been identified

IDG News Service — The hackers who broke into Google two months ago have gone after more than 100 companies, according to an estimate by security vendor Isec Partners.

Researchers have been closing in on the unidentified criminals responsible for the attack over the past month. In the process, they have uncovered another 68 so-called command-and-control servers, used to control the hacked machines.

Investigators had already identified 34 hacked companies after examining the single command-and-control server used in the Google attack, and the discovery of another 68 servers could mean that many more companies were compromised than previously thought. "It's easily over 100 companies," said Alex Stamos a partner with Isec Partners.

In the weeks since Google went public with details of the hack, informal discussion lists have sprung up, including security experts and staffers from companies that have been compromised. In those discussions, "that list of control machines keeps getting longer and longer," Stamos said.

The code used in the attacks, known in security circles as Aurora, has been in use for at least 18 months, Stamos said. But the security industry was unaware of Aurora until Google discovered the intrusion last December. That allowed hackers to get onto corporate networks undetected.

Other technology companies, including Intel, Adobe, and Symantec, have also been hit by the attack, which investigators have traced back to China.

To break into victim companies, the hackers sent carefully targeted e-mail or instant messages to victims, hoping to trick them into visiting Web pages or opening malicious documents that would then attack their computers.

The worst part of the attack is what happens once the initial victim has been compromised. The hackers then use a variety of techniques to acquire additional usernames and passwords and fan out across the targeted company's network, downloading sensitive data, which is then moved offshore.

This type of targeted attack is not new, but it is dangerous because it is so good at circumventing traditional security measures, said Rob Lee, a computer forensics instructor with the SANS Institute. "We've been dealing with [these attacks] for five years," he said. "They're basically going around all the security appliances via email."

Not all of these attacks have been linked to Aurora, but Lee said that "there have been hundreds of companies infiltrated."

Stamos agreed that traditional security products such as antivirus and intrusion detection systems are not enough to stop the attack. "The interesting thing to me about these attackers is they're very patient," he said. "They'll spend a lot of time writing custom malware to get around people's antivirus."

"They'll use a social network to learn about one person in the company, and then will send emails or chats messages as that person's friend," he added.

Facebook Tips and Tweaks

2010-02-27T23:35:00.000-08:00

Add-ons, plug-ins, and services to streamline and simplify your Facebook experience.
by Rick Broida, PCWorld - I like using Facebook to keep tabs on my friends, but I don't like the endless stream of "so-and-so took this quiz" and "Joe became friends with Jane" messages. I just became a fan of Facebook Purity, an add-on that removes those notifications from your Facebook home page. Facebook Purity is a script that requires Greasemonkey. Once you've installed that and restarted Firefox, just install the FP script, start up Firefox again, and fire up Facebook.

The effects are subtle--don't expect a major makeover--but definitely worthwhile. You may not notice any immediate changes, but you should see a "FB Purity hid" header like the one highlighted in this screen shot. The tally refers to the number of Facebook apps and "extras" hidden from your home page. If you're curious to see what they are, just click Show for either category.

If you want to edit the list of apps and extras Facebook Purity blocks, see the developer's FAQ page. Speaking of which, the script doesn't cost anything, but the developer sure would appreciate a few bucks if you find it useful. (Click the Donate button on his page to make a contribution via PayPal.)

By the way, Facebook Purity is compatible with Google Chrome, Opera, and Safari, but using Greasemonkey scripts with those browsers is a bit more complicated. Again, see the FAQ page for details.

Download Photo Albums in a Flash

For a service as photo-oriented as Facebook, the simple act of downloading photos is annoyingly complicated. In fact, there is no download option; you have to view each photo in turn, right-click it, and choose Save Image As or Save Picture As (depending on your browser).

So what happens if a friend posts a bunch of pictures you want to download? Are you really supposed to go through and save them one by one? Not if you install the FacePAD plug-in for Firefox. Short for Facebook Photo Album Downloader, it does exactly what its name implies: downloads entire albums at a time.

After loading the plug-in and restarting Firefox, select Tools, Add-ons, find FacePAD, click Options, and choose your language. Click OK and you're good to go.

To use FacePAD, just navigate your way into a friend's photo library, right-click an album link, and choose Download Album with FacePAD. In a matter of minutes the plug-in will plunk every photo into your default Firefox Downloads folder.

It's too bad you can't specify a folder or do any batch-renaming; all the photos end up with cryptic numerical file names. Still, FacePAD works as advertised, and it's a damn sight easier than retrieving each photo manually.

Add Facebook Chat to Your Firefox Sidebar

Let's solve another Facebook hassle: When you leave the site, your chat sessions get left behind. Wouldn't it be nice if you could keep a Facebook chat going regardless of what site you're viewing?

If you use Firefox as your Web browser, you can add Facebook chat to the Sidebar, thus keeping it alive and active even while you browse elsewhere. (I also find it a more convenient location than the bottom-right corner of the screen, which is where Facebook shoehorns it.) Here's how to make it happen:

In Firefox, press Ctrl-B to open the Sidebar in Bookmarks view. Right-click the bookmark folder where you want to add Facebook chat, then choose New Bookmark. Name the new bookmark "Facebook Chat," then paste this URL into the Location field: http://www.facebook.com/presence/popout.php Check "Load this bookmark in the sidebar," then click OK.

Now just click your new bookmark and presto: Facebook chat in the sidebar. Not too shabby, eh?

Simplify Your Facebook Experience with Brizzly

Brizzly provides a clean, simple, ad-free interface for Facebook (Twitter, too).

Getting started with this free Web service is a snap. Sign up for an account, then supply your user name and password for Facebook and/or Twitter. You'll have to click through a couple "approval" pop-ups, which is normal for any outside service seeking access to your account.

Now you've got a simple front end for your Facebook news feed. You can update your status, comment on friends' posts, watch posted videos, write on walls, and so on. You don't get every single Facebook feature--you can't "hide" a friend or play any games--but you do get a refreshingly streamlined interface.

MSI ready to launch iPad alternative

2010-02-02T04:24:00.000-08:00

So we get it, a lot of you are underwhelmed by the iPad. But there's much more to the tablet world than Apple's latest creation. According to Digitimes (via Engadget), MSI's 10" tablet is coming during the second half of 2010. But will you Doubting Thomases be any happier with this offering?

The price is the same as the cheapest iPad ($500) and the capacitive screen is effectively the same size (9.7" for the iPad, 10" for the MSI). The iPad runs iPhone OS while the MSI runs Android. That means the MSI will multitask of course, and Flash support in Android should be a given by launch time (though that isn't certain). It has a camera. It's running on an Nvidia Tegra2 chip which Ars Technica suggests puts it on par with the iPad's A4 as far as computing horsepower. And of course Android doesn't live in a walled garden.

On the other hand, it doesn't have the iTunes App Store, nor does it have the media partners that Apple has lined up for the iPad. And (as seen in the video below) native apps don't support multi-touch pinch and zoom gestures.

So what do you say, iPad doubters? Is a device like this any more appealing or will you still stick to your smartphones and netbooks? (Another intriguing option is the Notion Ink Adam which Engadget took a good look at during CES.)

Some of you, I know, just aren't interested in the tablet form factor but others have specific grievances with the iPad in particular, and I'm wondering if a device that addresses some of these grievances without increasing the price is of more interest.

Here's one of the least bad videos of the MSI Android Tablet that I could find at YouTube, so you can see it in action. Keep in mind it isn't shipping for at least 5 months so in theory response should get a bit snappier, and rough edges should get a bit of polishing, before then.

update status facebook via kantor pos, kalkulator, telepon umum, blueberry, kaskus

2010-01-31T00:33:00.000-08:00

Trik update status facebok via kalkulator, blackberry, blueberry, telepon umum, wartel, kaskus, hati sampai update fb via hp pinjaman.

kemarin wall FB gw di posting something ama kwn gw, tapi yg bikin gw ngakak ntu.. tu posting statusx via telepon umum.. gimana ga bikin ngakak coba.. wkwkwkwkwkwk. Namun yang dimaksud update dari telepon umum bukan langsung menggunakan telepon umum yang ada dijalan-jalan itu hehe(yg seperti gw ama loh2 pikirin). akan tetapi cuman statusnya saja via telepon umum namun updatena tetap menggunakan komputer.

Disini saya kasih contoh update status facebook via blueberry, caranya sama dengan update menggunakan blackberry kita tinggal pasang app-facebook sajah.

1. login Facebook anda di www.facebook.com
2. pasang applikasi apps-blue-berry klik disini
3. ikutin langkah selanjutnya atau lihat gambar dibawah ini

Nb : lihat gambar no 4, disitu ada berbagai tipe update status facebook via blueberry, wartel, kalkulator, sampai dengan kaskus dan hati

update status facebook via (Kumpulan applikasi update status fb):
Update status facebook via telepon umum klik disini
Facebook st via kalkulator klik disini
Facebook status update via Blackberry klik disini
Update status facebook via blueberry klik disini
Update status facebook via kaskus klik disini
Update status facebook dari hari klik disini
Update status facebook dari warnet klik disini
Update status facebook dari Hp pinjaman klik disini
facebook status update via Android Klik disini
Updates status fb via laptop kreditan
Updates status fb via satelit click here
Updates status fb via Nokia 3315 (Hape jadul)
facebook status update via I-phone
Updates status fb via bluetooth
Update status facebook melalui kantor Kantor pos
Facebook status update via samsung corby

caranya sama tinggal pasang applikasinya nanti status facebook update via…? bagaimana anda suka mana update fb via laptop kredit atau via nokia 3315 yang jadul....... hihihihihi

And the best Linux desktop distro of all is...

2010-01-30T06:57:00.000-08:00

When it comes to Linux, there is no one size fits all answer. But, unlike other desktop operating systems, Linux doesn't try to squeeze you into a system's that's too large or too small. Instead, Linux offers a wide variety of distributions and one of them is likely be the right one for you.

Linux, you see, is a family of operating systems. They share the same father, but each distribution has its own personality and its own audience. For example, if you really wanted to, you can have a Linux distribution that looks and act like Windows XP, but which underneath its Microsoft-like surface is actually running Ubuntu Linux. Or, if that doesn't strike your fancy, you can always make the popular Ubuntu distribution into a Mac OS X look-alike.

[ How to give Linux a try ]

Better still, you can find a Linux that will do what you want it to do. After all, despite silly tales of how you have to be some kind of technical wizard who chants "awk, grep, sed" at a shell command prompt to use Linux, anyone can run Linux these days. The default Linux desktop KDE or GNOME graphical interfaces may not look quite like the ones you're used to but they're every bit as easy to use and as powerful. Yes, once in a blue moon you may need to modify a configuration file by hand, but you'll need to do it no more often than a Windows user has to do the exact same kind of thing with the regedit command.

The real question isn't, "Can I run Linux?" It's "which Linux is best for me?" Here's my guide to help you find the right one for you.

I just want to play with it and see what Linux is like

No problem. There's a variety of ways to tinker with Linux and never have to buy or install anything permanently. For that matter, you may already have Linux on your present PC and never have realized it. Many laptops come with an instant-on setting that lets you browse the Web and check e-mail without ever booting up. If your notebook does that, chances are you're already running an instant-on Linux like DeviceVM's SplashTop.

If not, there are many other ways to give Linux a try without any trouble. For more on these check out my earlier feature, How to give Linux a try.

I just want it to run. Period.

OK, what you need to do then is to buy a netbook, laptop, or PC that already has Linux installed on it. Once upon a time that was hard to do. These days it's no trouble at all to find vendors that offer Linux already installed and ready to go.

The best known major vendor that wants to sell you a computer with desktop Linux ready to go is Dell. Dell usually offers three to four systems with Ubuntu already installed. The mix always includes at least one netbook and one laptop. At the moment, my favorites of their selection is the Mini 10v, a nice little netbook, and the Studio XPS 13, a powerhouse laptop.

These are easy-to-use, handy systems for both individuals and SOHO (Small Office/Home Office) users. But, say you're an engineer and you want a heavy-duty system with a business class operating system, what then? Dell has you covered again with its Dell Precision Workstations with Red Hat's RHEL (Red Hat Enterprise Linux) WS 5.3.

You don't have to go with Dell though. Other major hardware vendors like HP and Lenovo also offer pre-installed Linux on desktop systems. I'm loath to recommend them though because, frankly, they make it very hard to find their Linux-powered systems. Your better choice is to go with a smaller company that stands behind its Linux PCs like Los Alamos Computers, system76, or ZaReason. For a more comprehensive list of companies that sell computers with Linux ready to go see LXer's Pre-Installed Linux Database.

I want an easy to use Linux

Ubuntu is the default answer for anyone looking just for an easy-to-use desktop Linux with a huge, friendly user community who are ready to help. It has that reputation for a reason: Ubuntu really is easy.

What Ubuntu doesn't come with, by design, is some popular proprietary programs such as Adobe Flash or Reader. If you want those programs, but you don't want to bother tracking them down and installing them with the Ubuntu Software Center, what you want is a Linux distribution that comes with these programs either already installed or makes it really easy to install them.

If that's you, what you want is Mint or Novell's openSUSE. Mint is based on Ubuntu but includes most of the more popular proprietary goodies. I've used Mint a lot and I've grown quite fond of it. Indeed, for users who just want something that's simple to use and comes ready to work with Flash, PDFs, and the like, it's probably your best choice.

OpenSUSE is also an old favorite of mine, but it's more of a business desktop distribution, which reminds me...

I want a Linux desktop for my business.

Red Hat has a business desktop, but Novell puts more effort behind making their Linux desktops work and play well in corporate offices. If you want an official, fully-supported business Linux desktop then Novell's SLED (SUSE Linux Enterprise Desktop) is the one for you.

I've been using SLED for years and, as far as I'm concerned, it, not Windows, is my business desktop of choice. It's easy to manage, simple to upgrade, and far more secure than Windows will ever be. Besides, it also fits in nicely with Windows Server-based networks so you can slowly migrate your way from Windows to SLED while keeping your existing AD (Active Directory) network infrastructure.

Another plus in SLED's favor is that you can always try its community-based little brother, openSUSE first. I use openSUSE myself both on desktops and servers and I've always liked it. If it works for you too, you can then move up to full corporate support with SLED.

I hate, hate, proprietary software.

If you spit when you hear Bill Gates on TV and think Novell is a traitor to Linux for partnering with Microsoft, then there are several Linux distributions just for you. The one I've used the most is gNewSense. A variation of gNewSense is also RMS' (Richard M. Stallman), free software's founder, preferred Linux distribution.

I'm not crazy about proprietary software, but what I really want is cutting edge Linux.

Sound like you? Then, chances are you're already using Fedora. This, Red Hat's community distribution, is both an outstanding Linux in its own right and takes Linux about as far as you can go without being a Linux kernel developer.

What's that? You want to be a Linux kernel developer? Well, the other distribution you might want to look at is Gentoo. This source-code based distribution lets you gets your hands dirty with every aspect of the Linux experience. It is, in no way, shape, or form, a distribution for beginners. But, if you really want to know Linux from the inside out, it's the operating system for you. You'll also want to check out the Linux Foundation's free training Webinars to see how the real pros of Linux go about building Linux.

I've got computer troubles and I've heard Linux can help.

You've heard right. There are several Linux distributions that are designed to help you bring dead PCs back to life no matter what operating system they're running. I have two favorites in this line: Damned Small Linux, which will run on almost any 486 or newer PC, and SystemRescueCD. With both, I've brought PCs back from fried hard drives, corrupt memory, and innumerable cases of Windows malware crud. If you ever do computer repair, you must have at least one of these in your repair kit. They're incredibly powerful and useful.

OK, so what do you use?

Who? Me? After more than a decade in Linux, I use several Linux distributions on a daily basis. These include Fedora 12, openSUSE 11.2, and Ubuntu 9.10. For work-a-day desktop work I tend to stick with openSUSE and one distribution I haven't mentioned yet: MEPIS.

MEPIS is relatively unknown and that's a pity. What I like about it is that it combines ease of use and great stability. Linux systems are known for running for weeks and months without problems, but MEPIS is exceptional even by those exacting standards. I'm sure I rebooted my main desktop sometime last fall, just don't ask me which month!

In addition to those virtues, this Debian-based distribution provides a nice blend of cutting edge software with old favorites and it also includes access to the most important proprietary programs. If it wasn't such a small operation—it has only one developer—I'd recommend without reservation as a business desktop. Some day, I hope some venture capitalist will realize what a diamond in the rough MEPIS is, and give it the kind of support it needs to become a major Linux player. In the meantime, if you know some Linux and you want an outstanding distribution with a KDE interface, may I recommend you give MEPIS a try. You'll like it.

So, did I miss your situation? Drop me a note here in the comments and I'll see if I can find just the right distribution. In the meantime, I'd also like to know what distributions you've found to be your perfect fit and why.

Now, with all that being said, get on and give Linux a try. You'll be glad you did.

Read more about operating systems in ITworld's Operating systems section

source : ITworld.com

Forecast 2010: 6 hottest skills for 2010

2010-01-09T23:26:00.000-08:00

Pent-up demand for new projects. Veteran employees leaving the company. Who could complain about such pressures in the waning months of 2009, when the year was spent under a cloud of economic misery?

Certainly not Shane Kilgore, IT director at Randall-Reilly Publishing Co. in Tuscaloosa, Ala. He was dismayed to see two talented software developers give notice recently. One had five years under his belt and the other had 10, but Kilgore took their departures as a sign that the economy is taking its first steps toward recovery. He plans to hire a few new developers this year, not only to replace the ones who left, but also to work on new products that will be in demand when -- as many economists predict -- the recovery gains headwind this year. (Read more about the outlook for IT compensation and hiring inComputerworld's Salary Survey.)

"Things have been frozen because of the economy," Kilgore says. "But if we don't get new products out there, we won't have enough places for customers to put their money."

Still, with signs pointing to recovery and even job growth in 2010, companies such as Randall-Reilly are planning to hire only in key areas, and even then, they will favor people with skills that span multiple disciplines. In many cases, companies will still resist bringing on full-time employees, says Tom Silver, senior vice president for North America at Dice Holdings Inc., which operates Dice.com and other careers Web sites. "One thing we see companies do is bring people in on a project basis, and then as business comes back, they hire them full time," Silver says.

According to Computerworld's 2010 Forecast survey, this year's hiring plans certainly aren't at 2009 levels. Less than 20% of the 312 IT executives polled said they plan to increase IT head count in the next 12 months, compared with 26% in the previous year. And nearly 20% said they plan to decrease their IT head count.

For IT professionals who are either looking to get back into the workforce or mulling moves to greener pastures, here are the six types of skills most in demand among survey respondents who said they expect to hire IT workers in 2010.

1. Programming/Application Development

Among companies that plan to hire, the top reason for doing so is to meet demand for new systems and projects. That could be why programming/application development is the skill set that's most in demand, by far, according to Computerworld's survey.
"We're actually seeing new projects get the green light," says Dave Willmer, executive director of IT staffing firm Robert Half Technology. Quite possibly, he says, these were projects that were canceled at the end of 2008, only to be revived for 2010. The wave of new projects is also leading to demand for application developers who can double as business analysts and project managers, Willmer says. (Read Willmer's recent column, "IT hiring poised for skills-driven rebound.")

Specifically, companies will look for developers with knowledge of .Net, Java, Web development, open source and portal technologies such as Microsoft Corp.'s Sharepoint, says Willmer, who is a Computerworld columnist.

Demand is growing for people who know specialized programming languages like Ruby on Rails and AJAX, Silver notes. There aren't many jobs that require those skills, he says, but the number of openings has increased since January 2009.

Kilgore says he would like to find a "hybrid" software developer who can also serve as a business analyst. "We need someone who can talk to the business and be a requirements gatherer, project manager and software developer, all rolled into one," he says. He also needs developers with open-source expertise -- a rare talent, he says -- as well as professionals familiar with Microsoft tools for the ERP and marketing intelligence sides of the business.

Willmer says it makes sense that companies are looking for developers with skills in other areas, such as business analysis or even quality assurance, since employers are concerned about the cost of talent. "They're making sure they get the most out of their resources," he says.

Computerworld's Forecast survey respondents said they also need developers to build homegrown applications in an effort to save money. That's the case for James Sullivan, manager of information services at Covidien, a global health-care company in Mansfield, Mass.

Sullivan soon hopes to add three or four business-savvy programmer/analysts with Java or .Net backgrounds and an understanding of SQL databases. That represents a 25% increase in his usual hiring levels, he says, and it's a departure from previous years when he looked for programming skills alone.

One of Covidien's 2010 projects is to migrate from third-party custom-built applications to commercial off-the-shelf applications or bring them in-house. This, Sullivan says, would reduce spending on vendors and consultants, as well as enable his group to provide the support and turn around business-driven changes more quickly. This dovetails with a growing trend at Covidien to better leverage existing resources. "If something takes 10 hours today, we're asking how we can make it take one-tenth of that," Sullivan says.

At Scottrade Inc., the recession didn't affect hiring, according to Ian Patterson,CIO at the online financial services company. He hired more than 150 IT professionals in 2009 and plans to hire up to 200 this year to meet demand for new internal and customer-facing applications, and to keep up with changes and expansions. He says he's mainly looking for people with C++, Java and C# skills and notes that the company is also implementing a Siebel CRM system for the call center.

Energy Northwest, a power supplier in Richland, Wash., also saw continued growth in 2009. CIO Keith Cooke is looking for computer and electrical engineers with Java, Web and .Net skills to help fully Web-enable an internal system that is partially Web-based but still uses a terminal-based interface. Initially, he didn't want to retrain staff to use a browser-based interface. Now, however, "we're bringing on people who can help us adapt our legacy system to the new workforces coming in," Cooke says.

2. Help Desk/Technical Support

It's no surprise that there will be strong demand for the people who make the help desk hum in 2010, Silver says. The need for support technicians tends to reflect general business conditions, he says. "As the business starts to improve, companies hire more people, which increases demand for help desk staff," Silver explains.

Willmer says he's already seeing a rise in demand for help desk and support skills, especially among companies that cut too deeply in this area in 2009. "They can get away with it for a certain time period, but it eventually catches up and affects revenue," he says. Instead of offering full-time positions, however, some companies are hiring on a project basis, he adds.

3. Networking

The demand for networking professionals, Willmer says, is likely connected to the growing complexity of networks and to the stresses placed on them by virtualization and newly popular approaches to application delivery, such as cloud computing and software as a service.

Cooke says the network will be a big area of focus in the coming year. Energy Northwest is making increasing use of video and voice over its IP network, so it will need network, voice and radio engineers to handle upgrades and ensure compliance with new federal mandates. One of those mandates requires the company to move from wideband to narrowband radio frequencies.

Patterson sees Scottrade dabbling with a converged infrastructure in the next 12 months, driving a need for people with a mix of server, software and networking skills to support networked storage and server devices contained in a single chassis. "This will change the market for the type of people we need," he says. "It won't be just a guy who knows EMC and Hitachi storage, but [one] who knows server, storage and networking all in one device. We'll need a guy who says, 'The network has a problem here,' but when he traces it down, the problem is due to a lock on a table in the storage device."

4. Project Management

Silver sees project management as an area that is growing in importance and a good avenue for technology professionals interested in building up their careers. "Professionals who understand technology and how it fits in the overall business strategy are the ones who add the most value, get paid more and have the most fulfilling careers," he says.

5. Security

Willmer sees a relationship between demand for security skills and the still-shaky economy. "The biggest threat to companies is breaches by their own staff," he says. "When you throw in changes to the staff and disgruntled employees losing their benefits or facing the threat of being laid off, you increase the chances of network fraud or security infringement."

Meanwhile, Cooke is concentrating on hiring people with cybersecurity skills. "Ten years ago, we didn't worry -- as leaders in our companies -- about things like passwords," he says. "Now we're making sure we support complex passwords. That's just a new reality."

Energy Northwest is looking for recent graduates who studied computer engineering and digital controls to help upgrade its manufacturing systems from analog to digital. "They need to understand how those systems should be protected, given the security world we're operating in," Cooke says, citing new federal regulations and threat warnings emanating from the Department of Homeland Security.

Patterson thinks the trend toward including security features in network and storage devices will also affect the skills professionals need in this realm. "I can't believe in the long term that you won't see companies like EMC or Cisco not embedding security into their devices," he says. "We're going to need people who understand not just how to run things from a server or storage or network perspective, but also the security implications."

Security is an evergreen skill, according to Silver. "If you know how to help keep your company's information secure, there will be a home for you forever," he says.

6. Business Intelligence

Computerworld's survey respondents ranked business intelligence skills as No. 6 in importance; for Kilgore, however, BI is a higher priority. "Being a smaller midsize organization, we're late to the game in BI," he says. "We don't have the budget to do a year's worth of R&D; we have to be effective with it out of the gate."

Sullivan would like to find a data architect to help with Covidien's conversion from a nonstandard business intelligence system and miscellaneous reporting tools to an enterprise standard. More important than a BI expert, though, are programmer/analysts who can relate the nitty-gritty of data tables, database joins and data structure to business requirements. "That's what I'm finding is more valuable to us at this stage in getting BI established and used by the business," Sullivan says.

Meanwhile, at Scottrade, Patterson sees BI intertwined with Web 2.0. Whereas BI has traditionally been understood as a system that collects historical data and provides tools to analyze it, he says, he's now more interested in real-time BI that relies, for instance, on people entering competitive data into a wiki and providing that information almost instantaneously via a portal.

Intel unveils new microprocessors

2010-01-09T23:18:00.000-08:00

Netbook app store also previewed.
Intel released a flurry of new computer chips as it seeks to maintain its dominance over rival AMD and prepare for an expected rise in demand.

The new microprocessors, designed to power desktop and laptop PCs, are the first of a new generation of chips featuring smaller transistors that Intel said will juice performance and improve energy efficiency.

At the Consumer Electronics Show in Las Vegas, Chief Executive Paul Otellini said the company hopes to capitalize on new opportunities presented by a world of hyper-connected products of every stripe.

"Every electronic device will eventually connect to the Internet," he said.

Otellini demonstrated advances in 3D movies, consumer electronics and personal computers, and plugged the forthcoming "Moorestown" platform for smartphones and mobile devices.

"We're on the cusp of a new era in computing," he said. "An era of personal computing essentially where we have many devices for every person, where computing is increasingly integrated into every aspect of our lives."

He also unveiled a test version of an application store aimed at netbooks, the Intel AppUp Center. Apps in a variety of categories can be downloaded for free or bought through an Intel website, and the company plans to expand it to other products such as PCs, smartphones and TVs.

Intel released new chips ahead of arch-foe AMD, which is not due to field chips featuring the smaller 32-nanometer circuits until 2011.

"The juggernaut is rolling on, if you will," said David Kanter, an analyst with Real World Technologies. "It's important because it's their first 32 nanometer products, but if you're looking at what they're releasing in notebook and desktop, this is where they already have a lead over AMD."

Intel, the world's No. 1 chipmaker, had an 81.5 percent share of the PC and server microprocessor market in the third quarter, according to Mercury Research. AMD had 17.8 percent.

The introduction of the new processors come on the heels of the release of Microsoft's new Windows 7 PC operating system software, which Intel expects will prompt consumers and businesses to upgrade to more powerful PCs.

The new processors are the first to include basic graphics capabilities, which the company said will support high-definition video playback and more casual 3D games.

Typically, computers are sold with basic graphics capabilities designed onto separate cards.

Intel also said it is producing chips targeted at automated teller machines as well as medical and communications and other equipment, as the company continues its bid to extend the reach of its chips into new markets.

Google confirms release of Nexus One handset

2010-01-09T23:11:00.000-08:00

Google has announced its first foray into the smartphone market with the launch of the Nexus One handset but Australia isn't among the three countries to get first access to the device.

At an event today at its Mountain View headquarters Google released the handset, which it says is part of an ongoing Nexus program, although it declined to say when new models are planned.

“Nexus One is an exemplar of what's possible on mobile devices through Android — when cool apps meet a fast, bright and connected computer that fits in your pocket,” said Mario Queiroz, vice president of Product Management at Google.

“The Nexus One belongs in the emerging class of devices which we call " superphones." It's the first in what we expect to be a series of products which we will bring to market with our operator and hardware partners and sell through our online store.”

The Nexus One uses a 3.7 inch OLED screen, 1GHz Snapdragon processor, supports Wi-Fi and Bluetooth, is 11.5mm thick and weighs less than a standard Swiss Army knife.

It also comes with GPS, a five megapixel camera with flash, a proximity sensor and accelerometer and has removable storage via MicroSD.

On the software side the company demonstrated the 3D graphics capability of the phone, has built in noise cancelling technology and has software to convert speech to text so that messages can be spoken rather than typed on the phone’s virtual keyboard.

The handset runs Android 2.1, codenamed Éclair, but Andy Rubin, Google’s vice president of engineering who has led the Nexus project, said that not all handsets currently using the Android would be using the new operating system.

He explained that some handsets couldn’t handle the new operating system, in much the same way that his old laptop couldn’t run Windows 7.

Gradual rollout planned

In the US the phone will be sold running on the T-Mobile 3G network with a two year plan for US$179 or without a contract for US$579. A version using Verizon’s network is expected this year.

Customers in the UK, Singapore or Hong Kong can also buy an unlocked phone now but Vodafone will be selling the phone with a data plan in Europe once negotiations are complete.

"We want to gradually roll out the Nexus One to different countries in order to gain user feedback internationally and ensure the ordering process works smoothly," a Google spokesman told iTnews.

"The Nexus One also had to undergo certification in all countries we sell the phone in, and we wanted to ensure that the import regulations didn't make the phone prohibitively expensive."

The spokesman said Google hoped "to allow people in other countries to purchase the Nexus One and future phones from Google soon."

IT staff back in demand

2010-01-09T22:52:00.000-08:00

Network engineers with security clearances wanted.
Help desk candidates and network engineers with security clearances were among the those most in demand this year, said recruiter Hays Information Technology.

Its latest quarterly report said that managed services businesses wanted help desk workers with "excellent communication skills and appropriate security clearances" to work on client sites.

"Following signs of increased government project activity, private companies are also seeking network engineers with clearance, preferably at the secret or above level," the report said.

Business analysts, infrastructure team leaders, project managers, system engineers and senior .NET developers rounded out those employers wanted.

Hays believed Australian employers were "repopulating teams" after a year when departing staff were rarely replaced.

"For many employees, the last few months have meant coping with extra work and employers realise they risk losing those dedicated employees if they don't feel recognised, rewarded and, most of all, supported," the recruiter's regional director Peter Noblet said.

Source : www.itnews.com.au

Watchdog issues spam warning to real estate agent

2010-01-09T22:39:00.000-08:00

Targets real estate sector.
The communications watchdog has issued a "formal warning" to Elders Real Estate Wollongong following an investigation that found the agency breached the Spam Act.

The Australian Communications and Media Authority said the real estate agent breached the Act by sending commercial electronic messages without an unsubscribe facility.

ACMA said it contacted "more than forty" head offices of real estate franchisors and companies last year to inform them of "key obligations" and "consequences of non-compliance" with anti-spam laws.

"This is the first enforcement measure taken against a real estate agent since an ACMA awareness campaign about unsolicited communications targeted at the real estate sector," said Chris Cheah, acting chairman of the ACMA.

Penalties of up to $1.1 million per day may be imposed by the Federal Court for repeat offenders of the Spam Act, ACMA said.

Essential Windows Tricks

2010-01-09T22:31:00.000-08:00

Whether you run Windows 7, Vista, or XP, these 25 tricks will make your PC faster, safer, and even more fun to work with.
PCWorld - The verdict is in: Windows 7 is Microsoft's best operating system ever. It's stocked with genuinely handy interface upgrades (hello, Aero Snap), long-overdue networking improvements (we love you, homegroups), touchscreen support (long live tablet PCs), and the best Windows Media Center experience yet (ClearQAM support at last).

Like every operating system, though, Windows 7 can benefit from a few tweaks here, some add-ons there, and a smattering of OS-enhancing apps and utilities. We've rounded up 27 of them, each one designed to make Windows 7 faster, easier, safer, or more fun. And because we know that many people still run Windows XP or Vista, we've identified the tips that work with those versions as well.

Make It Faster

Is Windows 7 really speedier than Vista or XP? Different Windows 7 performance tests have yielded varying results, but ultimately it depends on your hardware and the apps you run. Of course, with a few simple tricks, you can wring better performance from any system.

Go 64-Bit

Works in: Vista, 7 The old saw still holds true: Windows loves RAM. The more memory that you supply, the less the OS has to rely on the comparatively poky hard drive. But if you want Windows to address more than 3GB of memory, you have to run the 64-bit version. If you're buying Windows 7 as an upgrade, you should find a 64-bit installation disc in the box; ignore the 32-bit disc entirely. In addition to recognizing more RAM, 64-bit Windows makes better use of your PC's processor, giving you the best Windows experience possible.

Boot More Quickly

Works in: XP, Vista, 7 Does Windows 7 really boot more rapidly than other versions of Windows? Yes, a little. But the more programs you install, the slower your system will start (something that's true of all Windows editions). Many apps force Windows to run them at startup--a situation not unlike a dozen cars trying to merge into one lane.

Chrome sets browser security standard, says expert

2010-01-09T22:27:00.000-08:00

Dino Dai Zovi urges browser makers to follow Google's lead
All browser makers should take a page from Google's Chrome and isolate untrusted data from the rest of the operating system, a noted security researcher said today.

Dino Dai Zovi, a security researcher and co-author of The Mac Hacker's Handbook, believes that the future of security relies on "sandboxing," the practice of separating application processes from other applications, the operating system and user data.

In a Wednesday entry on Kaspersky Labs' ThreatPost blog, Dai Zovi described sandboxing, as well as the lesser security technique of "privilege reduction," as "[moving] the bull (untrusted data) from the china shop (your data) to the outside where it belongs (a sandbox)."

The idea behind sandboxing is to make it harder for attackers to get their malicious software onto machines. Even if an attacker was able to exploit a browser vulnerability and execute malware, he would still have to exploit another vulnerability in the sandbox technology to break into the operating system and, thus, get to the user's data.

"Sandboxing raises the bar significantly enough that attackers will have to turn to other [types of attacks], like rogue anti-virus software," Dai Zovi said today in a telephone interview.

The pervasiveness of Web-based attacks calls for browser sandboxing, Dai Zovi argued. "It's crucially important because, in my opinion, the browser will become the OS," he said. "Google is the first to realize that the browser is the operating system, and Chrome is a huge leap forward with its ground-up rewrite."

Chrome has included sandboxing since its September 2008 debut. And while Dai Zovi considers it easily the leader in security because of that, other browser have, or will, make their own stabs at reducing users' risks.

For example, Microsoft's Internet Explorer 7 (IE7) and IE8 on Vista and Windows 7 include a feature dubbed "Protected Mode," which reduces the privileges of the application so that it's difficult for attackers to write, alter or destroy data on the machine, or to install malware. But it's not a true sandbox as far as Dai Zovi is concerned.

Currently, Mozilla's Firefox, Apple's Safari and Opera Software's Opera lack any sandboxing or privilege reduction features. "Apple, for example, has implemented some sandboxing in Snow Leopard, but [although] security researchers were hoping to see some of that technology used in Safari, that hasn't happened," Dai Zovi said.

Mozilla is working on Chrome-like sandboxing for Firefox -- the project's dubbed "Electrolysis" -- but the feature probably won't make it into the browser until Firefox 4.0, which is now slated to ship in late 2010 or early 2011.

Dai Zovi sees browser sandboxing as an answer to the flood of exploits that have overwhelmed users in the past year. "This isn't perfect, but it's the direction we should be heading in," he said. "The idea of fixing every vulnerability is clearly not working. We can't always win the race to patch."

But sandboxing, or at the least, reducing the browser's ability to affect the rest of the OS, may be the way to block most attacks. "It adds more defense-in-depth and impedes attackers," Dai Zovi said.

Mozilla ships Firefox 3.6 release candidate, nears final

2010-01-09T22:17:00.000-08:00

Barring problems, RC1 will turn into final as early as Jan. 18
Mozilla on Friday shipped a release candidate build of Firefox 3.6 that, barring problems, will become the final, finished version of the upgrade.
irefox 3.6 Release Candidate 1 (RC1), which followed a run of betas that started in early November, features nearly 100 bug fixes from the fifth beta that Mozilla issued Dec. 17. The fixes resolved numerous crash bugs, including one that brought down the browser when it was steered to Yahoo's front page.

Another fix removed a small amount of code owned by Microsoft from Firefox. The code was pointed out by a Mozilla contributor, and after digging, another developer found the original Microsoft license agreement. "Amusingly enough, it's actually really permissive. Really the only part that's problematic is the agreement to 'include the copyright notice ... on your product label and as a part of the sign-on message for your software product,'" wrote Kyle Huey on Bugzilla, Mozilla's bug- and change-tracking database. Even so, others working the bug said the code needed to be replaced with Mozilla's own.

RC1 may be the last preview before Mozilla declares the edition done. "Should everything run smoothly during testing this is what will be released to our users as the official version after a beta period," noted a page on the Mozilla wiki dedicated to Firefox 3.6 RC1 testing.

If past practice is any clue, the final of Firefox 3.6 could be ready for downloading as early as Jan. 18. Last summer, Mozilla delivered the release candidate of Firefox 3.5 on June 20, then launched the browser 10 days later. In 2008, the window between the last release candidate of Firefox 3.0 and the final was 13 days.

RC1 was once slated for release in October 2009, with a final Firefox 3.6 scheduled for the following month. But Mozilla delayed Firefox 3.6 as it struggled to make deadlines, then decided Dec. 17 to issue a fifth beta rather than push for a release candidate. Even so, Mozilla maintained that it would get RC1 out by the end of 2009.

Mozilla has had trouble making its development schedules. In 2008, the company originally shot for a late-2008 release of Firefox 3.5, but eventually postponed the ship date to mid-2009 in order to add features and quash troublesome bugs in the then-new TraceMonkey JavaScript engine.

Among the new features in Firefox 3.6 are built-in support for the scaled-down browser skins dubbed "Personas;" warnings of out-of-date plug-ins; support for new CSS, DOM and HTML 5 technologies; support for full-screen video embedded with the video HTML tag; and support for the Web Open Font Format (WOFF).

TraceMonkey has also been refreshed to boost JavaScript performance, something Mike Shaver, Mozilla's chief engineer, bragged about last week on Twitter. "I am excited about upcoming JS [JavaScript] engine work, and I don't care who knows it," Shaver tweeted.

As is usual for a Firefox preview, not all of the available browser's add-ons are compatible with the release candidate. According to Mozilla, about 75% can be used with Firefox 3.6.

Firefox controls about 25% of the global browser market, according to the most recent data from U.S.-based metrics company Net Applications. But while Firefox's usage share remained flat last month, Google's Chrome surged into third place, pushing Apple's Safari into the No. 4 slot for the first time.

Firefox 3.6 RC1 can be downloaded from Mozilla's Web site for Windows, Mac and Linux. Users running a beta of Firefox 3.6 should see upgrade notices shortly if they haven't already.

More flash drive firms warn of security flaw; NIST investigates

2010-01-09T21:57:00.000-08:00

The drives were certified to meet NIST standards
SanDisk Corp. and Verbatim Corp. have joined Kingston Technology Inc. in warning customers about a potential security threat posed by a flaw in the hardware-based AES 256-bit encryption on their USB flash drives.

The hole could allow unauthorized access to encrypted data on a USB flash drive by circumventing the password authorization software on a host computer.

"It's really onerous. It's a stupid crypto mistake and they screwed up, and they should be rightfully embarrassed for making it," said cryptographer and computer security specialist Bruce Schneier.

Verbatim warned that the security flaw exists in its Verbatim Corporate Secure and Corporate Secure FIPS Edition series of USB flash drives; SanDisk revealed a threat related to its Cruzer Enterprise series of USB flash drives. Both companies issued online application upgrades to address the issue.

According to SanDisk and Verbatim, the security issue only applies to the application running on the host system; it doesn't apply to the drive itself or the drive's firmware. Computerworld reported earlier this week that Kingston had recalled its DataTraveler secure USB flash drives so it could update the devices because of the same issue. The Kingston models affected include the DataTraveler BlackBox, DataTraveler Secure-Privacy Edition and DataTraveler Elite-Privacy Edition.

All three companies claimed their USB drives had met security criteria set by the Federal Information Processing Standard (FIPS) 140-2. FIPS is a U.S. government standard used to accredit devices with encryption algorithms. The standard was developed by the National Institute of Standards and Technology and includes both hardware and software components. FIPS 140 covers four levels of security.

"There are lots of certifications out there, and they mean very different things," Schneier said. "These certifications are far more about marketing than they are about real security."

Storage companies tout FIPS 140-2 certification as part of their marketing materials, stating that their devices are secure enough for use by government agencies. Because of security problems in the past, however, the government has banned the use of removable flash media devices by its employees.

"What does the NIST certification mean? Is it a good standard or a bad standard? That certainly is the issue here," Schneier said. "If you look at the NIST certification, all it means ... is there's some level of tamper resistance in the hardware. Does it mean it's any good? No."

German security company SySS GmbH found the flaw when it tested the drives' security and designed code for each device that modifies the software running in the computer's memory, telling it to always authorize the password -- no matter who enters it or what it is.

Schneier said NIST will likely have to revamp its certification standards to cover the hardware-based encryption flaw found by SySS.

In a response to a Computerworld inquiry, NIST said it is aware of the vulnerability involving several FIPS 140-2-validated USB drives and is now reviewing information on the flaw.

According to NIST, the FIPS 140-2 certification only covers cryptographic modules, which scramble data into an encrypted format that is indecipherable. The data is then decrypted and retrieved only by entering the correct password, key or other means of authentication processed by the module.

"From our initial analysis, it appears that the software authorizing decryption, rather than the cryptographic module certified by NIST, is the source of this vulnerability," a statement read. "Nevertheless, we are actively investigating whether any changes in the NIST certification process should be made in light of this issue."

According to Fountain Valley, Calif.-based Kingston, the security flaw involves the way the drives process passwords. According to Kingston, "a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on" its DataTraveler encryption-enable USB drives.

A Kingston spokesman said the company would not comment on any specifics surrounding the security flaw, because "anything we say [could give] other hackers fuel and clues" as to how to break into the drive's security features.

The security flaw appears to be in the password authentication process in the host computer's memory. When a new USB flash drive from one of the companies is used for the first time, software on the device tells the computer it's a CD-ROM, allowing it to automatically ask for a password to unlock data on the device after a password is established. While the user's password is stored on the USB drive, the authentication code runs on the PC or a server's CPU.

Ultimately, that host system's authentication password for each company is the same on all of its devices.

"So if a hacker is able to find those default set of characters, all they need to do is return those and they will have access to encrypted data on the drive," said David Jevans, CEO of high-end USB manufacturer IronKey Corp. IronKey makes USB drives using higher-cost single-level cell NAND flash memory, compared with the more typical multilevel cell NAND flash that most other manufacturers use.

Jevans agreed that FIPS certification, which IronKey also touts, is to some extent marketingspeak that's needed to sell to government agencies and private corporations. But "there's more value to it," he said.

"We don't want people implementing proprietary cryptographic algorithms, which are almost always shown to be flawed," Jevans said. "That's one benefit: FIPS specifies that you will use well-known cryptographic algorithms, and AES went through a long and detailed public evaluation."

When Kingston, SanDisk and Verbatim issued their warnings, IronKey was among a number of companies to issue statements reassuring customers that their devices were safe from the same attacks. Jevans said that's because the password and authentication process is contained on the USB drive itself and has nothing to do with the host system.

"We don't trust the computer at all," he said. "The computer could have malware on it or have hackers accessing it. In our security design, we said we have to assume the computer is completely untrustworthy. That's where we started our threat modeling."

Jevans said FIPS doesn't tell vendors how to build a secure product but assumes that the manufacturer knows what it's doing. "When I talk to our FIPS analysis guys who helped write the standard, they said they've known about this problem for a long time."

The reason current FIPS standards don't defend against the vulnerability is because in a corporate environment, being able to unlock and manage hundreds of USB flash drives with a single administrative password is useful, Jevans noted, "which is effectively what this vulnerability is."

The device password, which is unlocked by a user password, is built into the software that resides on all of the USB drives.

"You can see why, in a data center environment, that makes sense. But that's very different from millions of users walking around with these things," he said. "That's not currently contemplated with the FIPS standards and where I think they're going to be evolving it."

White House calls for IT boost to fight terrorism

2010-01-09T21:52:00.000-08:00

Better technology needed to 'connect the dots' on terror-related data, says Obama report
The White House report on the failed bombing attempt of a U.S airliner on Christmas Day highlights the challenges U.S intelligence agencies face in correlating terrorism-related information gathered from multiple databases and sources.

The review, released yesterday, identified an overall failure by intelligence agencies to "connect the dots," despite having enough information at their disposal to have potentially disrupted the botched attack.

The problem, according to the report, was not a lack of information sharing between government agencies but a failure by the intelligence community to "identity, correlate and fuse into a coherent story all of the discrete pieces of intelligence held by the U.S. government."

In listing the various causes for this failure, the report noted that information technology within the counter-terrorism community "did not sufficiently enable the correlation of data that would have enabled analysts to highlight the relevant threat information."

Nigerian citizen Umar Farouk Abdulmutallab attempted to detonate an explosive device while onboard an international flight from Amsterdam to Detroit on Dec. 25. Though the plane landed safely, the incident sparked widespread concern over the intelligence lapses that led to his being allowed on the flight in the first place.

Prior to his having boarded the flight, Abdulmutallab's father had expressed concerns about his son's radicalization to U.S. embassy officials in Nigeria. Various other agencies had gathered information about Abdulmuttalab's visiting Yemen and meeting with operatives from an Al Qaida-affiliated terror group.

The report called on the director of national intelligence to "accelerate information technology enhancements" in areas such as knowledge discovery, database integration and cross-database searches. It also called for improved capabilities for linking biographic information with terrorism-related intelligence.
Computers that don't talk to each other

The report identifies what's been a challenge for some time within the intelligence community, said James Lewis, director and senior fellow at the Center for Strategic and International Studies (CSIS). The office of the Director of National Intelligence, one of the agencies responsible for analyzing and integrating terrorism-related intelligence gathered by the U.S. government, has been struggling for years to accomplish its mission, Lewis said.

"In the past, the director of the National Counter Terrorism Center had 11 different computers because none of the computers could talk with each other," said Lewis, who led a CSIS-led group that submitted a set of cybersecurity recommendations to President Obama last January.

The DNI has been trying to address the issue by standardizing its technology acquisition, but the task still remains a work in progress, Lewis said. in this particular case, "the dots were in several different places and we haven't brought them to a single place."
The incident also highlights an intelligence culture that emphasizes secrecy over information sharing, said John Pescatore, a former analyst at the National Security Agency who is now an analyst at research firm Gartner Inc.

The State Department and intelligence agencies, including the NSA, the FBI and the CIA, all have their own processes for handing raw intelligence data that they gather, Pescatore said. Often this raw information is filtered before being passed or shared with other agencies, which results in an incomplete picture of an unfolding scenario, such as the attempted Christmas Day bombing, he said.

"The first issue isn't tools, it is what you would do with the information the tool might discover," Pescatore said. The intelligence community was developed to gather information about opponents that was to be used in attacking the opponent, he said. "Defending against kamikaze pilots, suicide bombers or airplane terrorists is not the same thing by a long shot."

Handling terrrorist threats will require intelligence agencies to be more proactive in sharing information, he said. And rather than relying on threat information, the Transportation Security Administration and other consumers of intelligence information need to have a more direct role in analyzing intelligence data, he said,
Fix the culture first

More than eight years after the terrorist attacks of Sept 11, 2001, the biggest challenge for U.S. counter-terrorism efforts continues to be cultural issues rather than technology issues, said Bruce Schneier, a noted security expert and chief security technology officer at BT Group PLC.

"The intelligence community has been optimized to fight the cold war where secrecy was paramount," Schneier said. "That kind of secrecy doesn't make sense any more. You need more openness and collaboration and sharing," Schneier said. While it is conceivable that IT enhancements could boost data correlation abilities, the fundamental issue that needs to be overcome is cultural, he said.

Unlike Cold War foes such as the Soviet Union, Al Qaida and other adversaries are decentralized and poorly funded. "Our intelligence organizations need to trade techniques and expertise with industry, and they need to share information among the different parts of themselves," Schneier said.

"Today's terrorist plots are loosely organized ad hoc affairs, and the dots that are so important for us to connect beforehand might be on different desks, in different buildings, owned by different organizations," he said. "What we need is an intelligence community that shares ideas and hunches and facts on Facebook, Twitter, and wiki. I'm not advocating that the CIA and NSA open its networks to everyone, but they need to bring Web 2.0 tools into their own classified networks

Wireless power group sees standard within 6 months

2010-01-09T21:47:00.000-08:00

The group developing a standard for wireless charging expects to complete its first specification within six months, opening the door for makers of cell phones, digital cameras and other devices to bring compatible products to market.

Wireless charging lets consumers place gadgets on a mat that plugs into a wall outlet, and have the devices recharge automatically without needing to plug in each one. Apart from the gee-whiz factor, it's supposed to make life more convenient by letting people walk into their home or office, toss their gadgets onto a mat to recharge and forget about them.

There are still questions about when standardized products will come to market and how they'll be received, but the Wireless Power Consortium aims to finish its first standard before the middle of the year, said Menno Treffers, a Philips executive who is chairman of the consortium. If it's not ready by then, "I will eat my hat," he told a group of vendors at the Consumer Electronics Show in Las Vegas on Friday.

The consortium has 27 members including Nokia, Research In Motion, Philips, Sanyo, Samsung Electronics, Energizer and Hewlett-Packard, as well as component and wireless-power technology companies such as Texas Instruments and Fulton Innovation.

The standard is for a technology called magnetic induction, in which power is transferred between metal coils built into the device and the charging mat when they are placed close to each other. The standard is for delivering up to 5 watts of power, which covers most smaller devices. A further standard will be needed for laptops and larger products. "We want to start on that as soon as possible, but for now we don't want to dilute our engineering efforts," Treffers said.

Consumers will know which products are compliant because they'll carry the consortium's "Qi" logo (pronounced "chee" after the Chinese for life force). Initial products are likely to come bundled with a small charging mat of their own, but if the technology takes off other companies are likely to sell mats that can charge multiple devices at once.

Several wireless power products are already in the market, including a Nintendo accessory from Energizer for recharging Wii game controllers, a Dell Latitude Z business laptop that can be recharged by placing it on a stand, and products from Powermat for charging phones and other devices. Bosch has shown power tools that are recharged by laying them on a workshelf.

But a standard is seen as important to wider adoption because it ensures that devices will interoperate. Until it arrives, some vendors won't release any further products. "We're done for now until the standard is complete," said Serge Traylor, brand manager for charging and rechargeable systems with Energizer. When the standard is done, Energizer will release a mat for charging as many as two devices, for about $100, and charging sleeves for iPhone and Blackberry devices, for $30 to $40, he said.
The standardization effort faces several challenges, though. Powermat, one of the leading wireless power companies, has not joined the consortium and is selling products using its own technology, which Treffers acknowledged could create confusion in the market.

Some of the most popular gadget makers also are not on board, including Apple. "I have not heard from them," Treffers said.

He admitted also that the public may have concerns about safety, although vendors insist any concerns are unfounded, and there have been no big problems reported with products on the market. The consortium hopes regulators will classify the products as "home appliances" and vouch for their safety.

The consortium also needs to establish testing bodies to certify products as standards-compliant, and it's not prepared to say yet when the first qualifying products will appear.

Companies seem keen to get products out quickly, however. Those selling charging units today say they charge as quickly as plugging devices into a wall outlet. There is some loss in the system, however, and the technology being standardized is only about 70 percent efficient, Treffers said, meaning it is not a particularly green way to charge devices.

"We're not selling this as a solution to global warming," he said, "it will appeal to consumers because it is magical." The standard will conform to regulatory requirements for efficiency, however, and the group will try to get it approved under Energy Star guidelines. He added that manufacturers can make their products more energy-efficient with additional technology investments.

Charging mats will recognize when a device is fully charged and then consume a trickle of energy in standby mode, Treffers said. "We have demonstrated standby power in the micro-watt range," he said, displaying a slide that showed standby consumption of 0.0001 watts. The coils can be made small enough to fit inside a Bluetooth headset.

Treffers was involved in the standards-setting process for Blu-ray, which took several years to complete. He said he learned lessons from that experience and is determined the wireless power effort will go more smoothly.

"If we get the standard done, that will give [wireless power] the most market appeal," he said. "Otherwise it will be something that's nice for geeks and users with specialized needs."

Intel opens up the Atom processor to TSMC

2009-03-08T11:06:00.000-07:00

Intel on Monday announced a partnership that could provide access to the chip design of its low-cost Atom processor to Taiwan Semiconductor Manufacturing Co.

The partnership with TSMC could lead to customized chips that could provide Intel access to new markets it can't reach alone, said Sean Maloney, Intel executive vice president and chief sales and marketing officer, during a conference call with reporters.

TSMC will be able to provide its customers with details of Atom's design so that they can design chips based on the chip's core.

Atom chips currently go into low-cost laptops, also known as netbooks, and devices such as mobile Internet devices (MIDs) and smartphones. Future Atom chips will include more integrated PC capabilities, such as graphics and Internet connectivity, that could push the processor into embedded devices and consumer electronics.

To date, Intel has alone developed and sold its Atom processors for netbooks and MIDs. The company wants to maintain tight control over the types of products the derivative Atom chips will go inside, Maloney said. Intel will not be transferring Atom's manufacturing process technology to TSMC, so any chips that result from the deal will be manufactured by Intel.

"What we're doing here ... we will be picking the segments we go after," Maloney said.

The companies have collaborated for close to 20 years on products that include WiMax chips.

Intel officials shied away from answering questions on whether the TSMC deal would affect Atom's product road map or future smartphone chips like Moorestown. Details surrounding the deal are still being worked out, Intel officials said.

This agreement is similar to a strategy employed by Arm, which generates revenue by licensing smartphone and embedded chip designs to chip makers, said Jack Gold, principal analyst at J. Gold Associates. Arm has licensed its chip cores to companies such as Texas Instruments and Qualcomm, which provide chips for smartphones.

"This is a direct attack on competing processors, especially the Arm processor, which is trying to move upstream from phones and embedded gadgets, while Intel is trying to move downstream with Atom into this overlapping space. The battleground in the middle will be aggressive and potentially bloody, with huge potential returns," Gold wrote in a research note.

The partnership will help Intel add a revenue stream by licensing out its Atom core, and adds "massive market potential" through TSMC's customers, Gold wrote. TSMC has connections to many consumer and lower-end products like smartphones and embedded device markets, especially in Taiwan and Japan, Gold wrote.

The partnership is a win for both companies, said Rick Tsai, president and chief executive officer of TSMC, during the call. It is mutually beneficial as it will allow both companies to generate additional revenue and reach new markets, especially at a time when the semiconductor industry is struggling.

"People in our industry must work together ... so we can share the benefits," Tsai said.

Intel has taken a number of steps to develop integrated chips that could fit into new products like set-top boxes and TVs. Intel in February said it was prioritizing its move from the 45-nanometer process to the new 32-nanometer process technology, which should help the company produce faster and more integrated chips.

To that effect, the company said it would spend US$7 billion over the next two years to revamp manufacturing plants. It will also help Intel make more chips at lower costs and add efficiencies to the production process. Intel will begin producing chips with 32-nm circuitry starting in late 2009.

Salacious content driving the adoption of ebooks?

2009-03-08T11:04:00.000-07:00

This week's ebook news continues with the announcement that Barnes & Noble has purchased ebook seller Fictionwise for $15.7 million in cash, plus undisclosed earn-out payments if the company meets certain objectives over the next two years.

Fictionwise, founded in 2000 by Steve and Scott Pendergrast, operates the eReader.com site as well as Fictionwise.com. Barnes & Noble says the founders will continue to operate the sites as a separate business unit within Barnes & Noble.

eReader.com sells books only for the eReader Pro software which is available for a wide range of mobile platforms (the notable exception being the Blackberry), as well Windows and OS X computers.

Fictionwise.com, on the other hand, covers a broad range of digital book formats, including audiobooks.

One of the challenges of selling ebooks (pre-Kindle) has been the plethora of formats available. Grabbing a random example off of Fictionwise.com, here's what we find under "available formats":

Available eBook Formats [MultiFormat]: Adobe Acrobat (PDF) [828 KB], eReader (PDB) [289 KB], Palm Doc (PDB) [284 KB], Rocket/REB1100 (RB) [252 KB], Microsoft Reader (LIT) [279 KB] - PocketPC 1.0+ Compatible, Franklin eBookMan (FUB) [280 KB], hiebook (KML) [659 KB], Sony Reader (LRF) [329 KB], iSilo (PDB) [235 KB], Mobipocket (PRC) [294 KB], Kindle Compatible (MOBI) [356 KB], OEBFF Format (IMP) [412 KB]

This strikes me as both a strength and a weakness of ebook sellers. If you've got any kind of device with a screen you can probably find an ebook reader that supports one of these formats. But as a new user hitting the site, the choices can seem overwhelming. Presumably this is the reason for the more focused eReader.com site: Step 1, download our reader software for your device. Step 2, Start buying books from us.

This is also why Amazon probably has the best shot of taking ebooks mainstream.

Barnes & Noble abandoned ebooks once, so why are they coming back to them now? Because the format is starting to take off. Why is that? What's popular on Fictionwise? Well, once again it seems like porn is blazing a path to a new media format. Of the top 10 bestsellers under the "Multiformat" category, nine are tagged "erotica" amd the last is "dark fantasy".

Hey, I'm not judging anyone (one of my dearest friends is an erotic romance author) and yes, I've used the most salacious Top 10 list on the site in my example, but this data backs up my anecdotal observations. People who read erotic romance and 'bodice rippers' love ebooks because of the privacy they offer, both during purchase and when reading.

One of my favorite geek thespians, Felicia Day, apparently agrees with me. Here're a few recent tweets from her:

My Dad got me a Kindle 2.0! Thx Dad! Buying all the trashy novels I'm too embarrassed to buy because of the cover art. Oiled up Chests FTW!

BTW third trashy paranormal romance book read on my Kindle. Just told someone I am reading Dickens, LOL!!! I love this!

Let's take that last one with a grain of salt, shall we? But I do honestly believe that the success of the ebook is being fueled by the romance and erotic romance market. My aforementioned author friend, Samantha Lucas, sells almost all of her novels in ebook format for publishers like Cobblestone Press and Siren Publishing (google Ms. Lucas or the publishers if interested; links not really appropriate for ITWorld!) and tells me the market is growing in leaps and bounds.

It'd be fascinating to learn what percentage of Kindle book sales fall into this category, and I'm looking forward to seeing how much of the more explicit Fictionwise content makes it onto the Barnes & Noble site.

I've danced around this point but let me just say it: most of these erotic romance books are purchased by women (presumably) while most of the visual pornagraphy that drove the success of the VHS and arguably video on the web was consumed by men (again, presumably).

Separate but equal, indeed.

Myths, gods, and titanic disasters: How servers really get their names

2009-03-08T10:57:00.000-07:00

Last month we looked into the practice of naming servers, half expecting to discover it was a quirky, geeky thing to do -- and nothing more. To our surprise, readers flooded the story with comments, chiming in about their own naming schemes -- what worked, what didn't, and flashes of brilliance. Let's just say that server naming is a surprisingly complex undertaking. Here's what we learned.

What's in a name?

The practice of naming servers and other machines was born of the basic need to distinguish among machines. In fact, as one reader reminds us, this was a convention in factories long 'before computers ever existed. It helped people working on the machines distinguish which one they were talking about when they had dozens or hundreds of the same machine on the factory floor.'

Photo by Lamerie

And, let's face it, naming things is just part of being human. "Anthropomorphizing gear is a very nice way of making sure that people remember what it does and kind of care for it," says Retep Vosnul. "Picking a suitable name [for] a server is very satisfying as well. For example, a server that needs to have very high service uptime, you might want to give a name that reflects that.... I used Belgarath (7000 year old wizard) and other characters from the Eddings novels and I used to use A'tuin and other Discworld persona for other networks. My former employer did not want names for some reason and I never felt at home in that datacenter, it lacked something."

Courting disaster

If uptime is important to you, why tempt fate?

Consider the case of one reader who named a Windows NT domain "Hades" in an attempt to be "ironic and edgy." Should it really have come as any surprise when 4 computers on that network died in 2 months time?

Photo by cliff1066

Or what about the government agency that named all their servers after disasters? With a main server called Hindenberg (as it used to go down so often), why would you take the chance of backing it up with a server called Titanic?

And then there's the "meaningful" naming convention gone awry: "When told to move to a global standard," a reader writes, "we were told to name Norway's mail server to NOMAIL (at the mail server level), and Canada's physical server name to CANTMAIL (NT was to signify the OS)."

Now that is courting disaster.

Up to the job

Photo by <>

You might think it would be too literal-minded to name a machine after its function but there's something downright elegant about printers named after writers or a plotter named "Moriarty" after the Mr. Moriarty who continually 'plotted' against Sherlock Holmes.

Mail servers, in particular, seem to make good targets for job-based names. MikeH names his servers after constellations, with the mail server being Pegasus, of course. Jim Haynes "always wanted to have a mail server named Norman Mailer." And one reader named his outgoing SMTP server "Newman" from the Seinfield television series. "When it relays to other servers it sends the command 'HELO newman'."

Glenn continued this theme, naming his mail server Hermes, his domain controllers Zeus and Hera, and a tech playground Eris (the goddess of discord). At home his machines are: Tyr (the war driving laptop), Castor and Pollux (a dual boot machine) and Athena (the server).

One if by land...

The natural world is a, er, natural place to look for server naming schemes. One anonymous reader writes that in his Colorado-based company, "the servers are all named after the various 14ers (mountains > 14k feet). This was started by an admin a few years back who set up most of the servers and whose father was in the process of hiking all of the mountains. Between Elbert, Massive, Challenger, Pyramid, Blanca, Crestone, and the rest of the gang, it's a bit of a hike (mentally) to keep them all straight. But darn if I don't hate Quandary some days."

Photo by Dan Hershman

But if it's an ecosystem you're looking for, you might turn to the sea. "All of the groups of systems I've been responsible for over the years had something of an 'ecosystem'," writes one reader. "The best one was based on the notion that test servers would be slower and less functional than production servers. The overarching theme was undersea creatures, production systems getting names like barracuda and test systems getting names like sponge, coral and my favorite, nudibranch. It just so happens that nudibranch became the overall test server for orgs far and wide and I was questioned about the tastefulness of the name more than once. No one ever forgot the name though."

"In our company," writes another reader, "we named servers after fish. steelhead, sturgeon, walleye, king. But the best was 'crappy'. None of our customers wanted to be on crappy."

An eye on the sky

"Most of my machine names come from stars," says egon. "The hardest part is picking a name that short and easy to spell. Some over the years... Nova, Aurora, Polaris, Celaeno, and Orion. All my firewalls have been named Turais, it means 'little shield'. The best machine name was my P6 FreeBSD server. It was held together with duct tape, had sharp edges, was black and safety orange. Hazard."

Photo by provos@monkey

Another reader writes that his company quickly ran through the planets and their moons and "began using, in order, the standard list of (thousands of) smaller asteroids, in order of discovery. The christening of a new server involved learning about the new mythological character, and always helped me keep them straight.... All my workstations are, therefore named after astronomers, since they watch the skies."

And this word of warning from Jeff, who chimed in about a place he worked where the "servers were named after the planets - Mercury, Venus, Earth, Mars, etc. Which was all well and fine, until in a meeting someone stood up and admitted we were 'pulling financial data out of Uranus."

LoTR

Photo by Ryan McD

What article about server naming would be complete without a nod to Lord of the Rings? There are plenty of names to go around and the roles carry particular meaning. One reader, for example, named his "various development boxes after Tolkien names in Middle Earth. Of course, the Linux boxes get names like 'bree' or 'bagend', while the Windows boxes get names like 'mirkwood' or 'doom'. For some reason, I've named laptops after characters like 'gandalf' or 'sam'. [The] best part was when my central server was named 'rivendell'."

"For our research," writes a grad student, "we got many laptops, and I was the first one to pick the names. First we got three, so I named them after the three elven rings from lord of the rings: Narya, Nenya and Vilya. Later my advisor ordered a fourth one, that happened to have slightly better specifications. I thought it would be just perfect to name that 'theOne,' and my advisor being a team player agreed, funny enough he ended up taking over the computer, and we didn't see it for more than a year and a half... and then one day ... it resurfaced, I thought that was very funny, just like the real one ring."

Too clever for their own good

"At U.C. Santa Cruz," writes Jim Haynes, "the acronym for the computing organization was CATS, so the machines were named for famous cats. Except the file servers for the Athena system were named with Greek puns, like Ailurophile (cat lover), Dendrophile (tree lover), etc. At U.C. Berkeley they have a thing of naming things as puns on celebrities. Thus the shuttle that runs between the campus and the BART station is Humphrey Go-Bart. Their first VAX machine was named Ernie Co-Vax."

Photo by Elaine Vigneault

Another reader writes that in a previous job, they "named all the servers after computer scientists:

Fileserver: Bernoulli
Auto-build machine: Babbage
Firewall: Schneier
CVS server: Ritchie
Router: Metcalfe

One day he had to explain the naming convention to Mr. Metcalfe when he responded to a thread on a forum board about an issue we were having."

Rules for success

Like so many things in life, you know a good naming scheme when you see it, but there are a few things you may want to consider:

Choose a theme that provides enough names that you won't run out. "All of the machines on my home network (laptops, printers, desktops, routers, cell phones, iPods, portable hard disks, Wii, PS3, etc.) are named after Peanuts characters," says Kwami. "It all started 5 years ago with my laptop named Snoopy, and it's gone on since then. Unfortunately, I'm running out of names!"
Steer clear of "meaningful" names: they're boring and they're not at all as meaningful as they seem. One anonymous reader writes that in his company, there is one server "whose name has not changed in the last ten years - even as we have rebuilt its functions onto different hardware, the name keeps being returned to SERVER. Yup, that's right - a file server named Server. This name was chosen by the same person who decided naming our printers after presidents was too confusing and insisted we give them location names instead - like 5Counter (a printer on a countertop on the 5th floor) and 4Cabinet (a printer on a cabinet on the 4th floor)."
Spelling matters. Choose names that are too long or complicated and users will get confused and make mistakes. One anonymous reader named servers after characters from Greek, Roman and Egyptian Mythology, each covering a separate operating district. Unfortunately, the naming scheme wasn't in operation a month before he was asked to change it. It seems people couldn't remember how to spell Clytemnestra, Agamemnon, Ashtoreth, Aesculapius, etc.
Don't choose something too dear to your heart. One reader writes that he named machines after classical composers but drew the line at Wagner because he didn't want to subject it to the mangled mispronunciation that befell Haydn, Bizen, and Grieg.
Go with what you know. A reader writes that he "decided a while ago to go with a Greek Mythology theme for my boxes. About a year ago, my mother's laptop started having problems with both the battery and the power adapter. She gave it to me, and I named it Oedipus, because I recognized it as a Greek name, but couldn't bring to mind the story. I recently looked it up, and I feel cold inside."
Still unsure where to start? Read these "official" rules for computer naming

Judge kicks notorious spammer off Facebook

2009-03-08T10:56:00.000-07:00

A federal judge in San Jose, California, has ordered convicted spammer Sanford Wallace to stay away from Facebook.

Facebook sued Wallace and two other men last week in an effort to cut down on spam and phishing schemes on the social-networking site. On Monday, Judge Jeremy Fogel of the U.S. District Court for the Northern District of California issued a temporary restraining order barring Wallace and two other alleged spammers, Adam Arzoomanian and Scott Shaw, from accessing Facebook's network.

Wallace was served with notice of the lawsuit on Monday in Las Vegas, said Sam O’Rourke, senior litigation counsel with Facebook. "Basically, he's not allowed to have any contact with our site or our physical location," he said. "Should Mr. Wallace choose to continue to spam us we can actually go out and have a bench warrant and try to have him arrested, so we think it's a pretty significant ruling."

In court filings, Facebook argues that these men gained access to legitimate Facebook accounts and then used them to spam the profile pages of the account holders' friends. Facebook allows users to post messages on the "Wall" of the profile pages of their friends.
·
The Facebook spam messages served two functions -- they enticed users into visiting phishing Web sites where they could be tricked up into giving up their Facebook login credentials; they routed victims to commercial Web sites that paid the spammers for the traffic, Facebook said.

Wallace would entice users with typo-filled messages that had subjects such as "has anyone emailed youu to let you know your defauult image is diisplayed on dynafaces.com," or "I'm not sure if you know but your pix are all over bakescream ^dot^ com->you gotta see it," Facebook said.

Sometimes Wallace would get users to register on these sites and then try to log into Facebook with the same usernames and passwords, hoping the victims used the same credentials for both sites.

News of the lawsuit was first reported Friday by Inside Facebook, a Web site for Facebook developers.

Wallace is one of the country's most notorious spammers, with a career that dates back to the 1990s. Last May a federal judge found him and a partner guilty under the CAN-SPAM act and ordered them to pay US$230 million for phishing and spamming MySpace users with links to gambling, ringtone and pornography Web sites.

Spammers and phishers have been hitting Facebook particularly hard over the past year and a half, said Dave Jevans, chairman of the Anti-Phishing Working Group. Because Facebook spam often looks like it comes from a friend it can be very effective. And because it's Web-based, it skirts traditional e-mail spam filtering tools, Jevans said.

"Some of the bigger guys can get a million people a day to look at their stuff," he said. "It's occasional, but you'll see it."

Spam is just one of several ills plaguing the social network. Over the past few days, Facebook users have also been hit with a new variant of the Koobface worm, which tries to trick victims into installing malicious software onto their PCs. Also, fake applications that send out messages such as "F a c e b o o k - closing down!!!" or "Error Check System" to try to trick victims into sending the messages to their friends have also been circulating around the social network.

Late last year, the judge in the Wallace case awarded Facebook a record US$873 million in damages after Facebook accused other spammers of using stolen logins to pump out more than 4 million spam messages. Facebook says that it doesn't expect the spammers in that case to pay up, but the company hopes that it may serve as a deterrent.

Jevans agreed that lawsuits probably won't stop the big-time Facebook spammers, but he said they could deter the little guys.

Despite criminals best efforts, spam has not become a major problem on the social network O’Rourke said. "I think we're being targeted just because we have 175 million users now. No self-respecting spammer can not pay attention to that."

Gmail outage caused by rogue code

2009-03-06T09:46:00.000-08:00

New code triggered a failure during routine maintenance of Google's European data centers, which led to a two hour shutdown of its Gmail system around the world last week.

The outage was an "unforeseen side-effect of some new code that tries to keep data geographically close to its owner," Acacio Cruz, Google's Gmail site reliability manager, wrote in a Google blog post.

The rogue software caused a datacentre in Europe to become overloaded, which caused cascading problems from one datacentre to another.

"It took us about an hour to get it all back under control," wrote Cruz.

Users around the world could either not get access to their inboxes or had to wait a minute or more for them to open during the two-hour outage last Tuesday.

Google has had trouble with Gmail before, and users have voiced concerns over the reliability of the service. In the past six months, Gmail has suffered some form of downtime on five separate occasions. In the month of August alone, Gmail had three significant outages that affected not only individual consumers of the free web mail service but also companies and organisations paying for Apps Premier, the company's hosted suite of collaboration, messaging and office productivity services.

According to Google, the bugs have been found and fixed.

Cruz wrote: "We know how painful an outage like this is - we run Google on Gmail, so outages like this affect us the same way they affect you."

Windows 7: The Six Versions Explained

2009-03-06T09:41:00.000-08:00

Despite pleas from users to stop the confusion and craft one version of Windows 7, Microsoft is continuing down the path it followed with XP and Vista releasing multiple versions or SKUs (stock-keeping units) of Windows 7.

Six Windows 7 versions, to be precise. But most users only need to decide between two versions. Microsoft has said that 80 percent of users will be deploying Windows 7 Home Premium (consumers) or Windows 7 Professional (small businesses, remote workers). This is where Microsoft will put most of its marketing muscle.

"We have over 1 billion customers. It's hard to satisfy all of them [with a single version]," Windows General Manager Mike Ybarra has said. "There are vocal customers who want every feature, and more regular consumers who say 'I want a version that can grow with me.'"

Yet some analysts are accusing Microsoft of manipulating customers and padding profit margins with the high number of versions and bloggers are emphasizing that three versions are enough.

Here's a look at the features of each of the six Windows flavors and who might want them. Microsoft has not yet announced pricing for Windows 7.

Windows 7 Starter

This is the bare-bones, 32-bit only version of Windows 7 intended for users in developing countries, to serve the most basic computing needs.

Starter is designed for lightweight, portable netbooks, though Microsoft claims any of its versions will be able to run on netbooks.

Windows Starter 7 will not have the Aero Glass graphical user interface that is included in all other versions of Windows 7 (except Windows 7 Home Basic) and can only run three applications at a time. It will include the revamped taskbar and jump lists, Windows Media Player, the file-sharing feature Home Group (you can participate in a Home Group but cannot create one) and other basic features such as Action Center and Backup and Restore.

Starter will not be available in retail stores, and will only be offered pre-installed on new PCs by Microsoft OEMs.

Windows 7 Home Basic

Home Basic sits somewhere between Starter and Home Premium. It has all the features of Windows 7 Starter and will also only be available through OEM partners in developing countries. Also like Starter, it will not include the Aero Glass GUI.

Some of the features Home Basic has over Starter: the ability to run more than three applications at once; a 64-bit version; thumbnail previews from the taskbar; and Mobility Center, which allows you to manage the various networks that you connect to with your laptop.

Based on what Microsoft has announced about Home Basic (which is not very much), it shares the same features as Windows 7 Home Premium except there are no Aero Glass GUI features and other UI tweaks such as Aero Snap, Aero Peek

and multi-touch. This version will not will not legally be available for sale in the United States.

Windows 7 Home Premium

Windows 7 Home Premium has all the features of Starter and Home Basic and then some. This is the mainstream retail version that nearly all consumers will be using. Windows 7 Home Premium will be available worldwide to Microsoft OEMs and sold in retail stores loaded on new PCs.

A step up from Windows Home Basic, Home Premium includes the Aero Glass GUI and new Windows navigation features such as Aero Glass, Aero Background, Windows Touch, Home Group creation, Media Center, DVD playback and creation, premium games and Mobility Center.

Windows 7 Professional

Also available worldwide, to OEMs and in retail, Windows 7 Professional has the features of Home Premium, but with added networking and data protection features for small businesses and those who frequently work at home.

Microsoft may have a hard time convincing customers that Home Premium isn't good enough for a small business - considering it is bound to be less expensive than Professional - but if it succeeds it will be by marketing Professional features such as Domain Join to connect to business networks, Encrypting File System for data protection and Location Aware Printing to better connect to printers at work and home.

Windows 7 Professional will not include the more buzzed-about business features such as DirectAccess and BranchCache. They show up in the next version up the food chain, Windows 7 Enterprise.

Windows 7 Enterprise

Windows 7 Enterprise is only available to businesses through volume licensing. It includes all the features of Windows 7 Professional plus more security and networking features.

Businesses covered by Microsoft's Software Assurance will get Windows 7 Enterprise at no additional charge. Features that differentiate Enterprise from Professional are: BitLocker (encrypts data on internal and external drives); DirectAccess (connectivity to a corporate network without VPN); AppLocker (prevents unauthorized software from running); and BranchCache (speeds up the accessing of large remote files at branch offices).

Windows 7 Enterprise is designed for the corporate world and will only be used by large businesses. It will not be available at retail or by OEMs for pre-installation on a new PC.

Windows 7 Ultimate

Ultimate, the supersize version of Windows, includes all the features of all the other versions. Think of it as Windows 7 Enterprise for consumers.

Ultimate will be the most expensive version, so it's doubtful that many people will use it other than the occasional super-user who wants every possible feature. Microsoft is not likely to heavily promote Windows 7 Ultimate. Most regular users do not need all the security and networking features and there doesn't appear to be much in Ultimate for businesses that isn't already in Windows 7 Enterprise.

Microsoft has said that OEMs will be able to pre-install Windows 7 Ultimate on new machines and that there will be limited availability in retail.

Five Facebook Scams: Protect Your Profile

2009-03-06T09:19:00.000-08:00

Beny Rubinstein knows computer security. An employee of a Seattle-area tech giant with 20 years of IT experience under his belt, Rubinstein has seen a side of the industry that most people will never know. He holds a degree in computer engineering, and--oh yeah--he just got scammed out of $1100 on Facebook.

Rubinstein's experience isn't entirely uncommon. (We'll get to the specifics in a moment.) What's striking about his story, though, is that it demonstrates how easily anyone--even a highly trained expert in computer security--can be ensnared by a seemingly simple social network scam. And all kinds of these scams are on the loose.

More than 20,000 pieces of malware attacked social networks in 2008 alone, estimates the online-security firm Kaspersky Lab. That's no surprise, either: While e-mail is still the most spam-filled medium, researchers suspect that social network cybercrime is growing at a far faster rate.

"People are used to receiving spam and malicious messages in their e-mail, but it is much less common on Facebook," says Graham Cluley, a senior technology consultant with Sophos. "They are lulled into a false sense of security and act unsafely as a result."

You can avoid becoming one of the many who make that mistake. We've dug up the dirt on five scams currently posing a threat on Facebook. We turned to analysts who study them as well as to users who have fallen for them, all to help spread the word about how these things work and how you can best dodge them. (Facebook representatives did not respond to our request for comment.)

Knowledge is the greatest weapon against becoming a victim. Read on, and arm yourself well.

Scam #1: The Nigerian 419

The Scam: It may sound like a hip new emo band (or a somewhat old e-mail scam), but the Nigerian 419 will do more than just offend your ears--it'll also empty your wallet. The moniker refers to a scam dating back decades that has recently entered the social network scene.

Back to Beny Rubinstein. A couple of months ago, Rubinstein received some alarming Facebook messages from a friend and fellow tech professional.

"[He said] he was in the UK and was robbed, and needed $600 to fly back to Seattle," Rubinstein recalls.

The messages came both in Facebook-based IMs and in e-mail. They included details such as family members' names, making the notes appear all the more authentic. It wasn't until 2 hours and $1100 later that Rubinstein realized what had happened: Someone had hijacked his buddy's account, contacted his friends, and--at their expense--made off like a bandit.

"Scammers figured out that even though social networks don't have direct access to money, they have access to information that gives you a good shot at getting someone else's money," says Vicente Silveira, a product management director at VeriSign and a personal friend of Rubinstein's.

you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network--either by phone or by external e-mail. Not feasible? Ask an extremely personal question that a hacker couldn't possibly figure out from information within the profile. We'll leave the specifics up to you.

Next: Be Wary of Widgets, The Koobface Virus, Facebook Phishing

Scam #2: The Widget Warrior

The Scam: Facebook is famous for its widgets--you know, the third-party applications that you can add onto your account. Sometimes, though, widgets turn into warriors with a single mission: stealing your data.

The first rogue widget reared its head in 2008, when researchers realized that a program called Secret Crush had anything but sweet intentions. The application, which was supposed to help you find your virtual admirers, instead installed spyware onto your computer. Even worse, it encouraged you to spread the love by getting other friends on-board--essentially "manipulating humans to pass it along on their own," says Guillaume Lovet, senior manager of Fortinet's Threat Response Team.

Secret Crush has since been crippled, but the potential for similar threats still exists. Just days ago, security experts determined that an application called Error Check System was misusing profile details and possibly stealing personal information. A few months earlier, researchers from Greece's Institute of Computer Science uploaded a malicious app to Facebook as an experiment (PDF). The team was able to configure the widget, which posed as a "Photo of the Day" displayer, to utilize its users' Internet connections for denial-of-service attacks.

The Protection: Use extra caution when installing third-party applications. "When you accept to install one, malicious or not, you are granting its author access to all the info in your profile," Lovet says. Make sure you know what the app's creator will do with it.

Scam #3: The Koobface Virus

The Scam: Don't be fooled by the name--there's little to laugh about when it comes to the quickly spreading Koobface virus. (The word, by the way, is an anagram of "Facebook.") Once the virus infects your PC, it starts sending messages or wall postings to your Facebook friends, directing them to a "hilarious video" or some "scandalous photos" of someone you both know.

"The link promises an enticing video, but when the user clicks, he is presented with a Web page with a fake Adobe Flash update or a fake codec that needs to be downloaded," explains Ryan Naraine, a security evangelist with Kaspersky Lab. "That download is malware."

The Protection: Antivirus software can help keep you safe, but some common sense can also go a long way. "Be wary of any kind of direct URL in messages or postings," advises Jamz Yaneza, a threat research manager with Trend Micro. If a site asks you to download a software update, Yaneza says, click Cancel and go directly to the vendor's page to see if the update is legit.

Scam #4: The Phishing Pond

The Scam: Phishing, a favorite hacker tactic, has found new life at social networking sites. Scammers trick users into following links that open official-looking Facebook log-in prompts. If you enter your user name and password, the information is logged--and your account is theirs.

Brandon Donaldson, a pastor at the Lifechurch.tv Internet Campus, fell for the scam. Someone gained control of his Facebook account and started sending messages to his friends and followers, trying to persuade them to follow the same links and unwittingly give up their accounts, too.

"This was a pretty bad ordeal, since I regularly put video content up on the Web, and I use the Internet as a tool for many relationships," Donaldson says. "You build a certain social trust in these spaces, and you want to keep that trust without these kinds of incidents."

The Protection: The previous plan also applies here: Watch where you click. Plus, if you're ever asked for your password midsession, don't enter it. Manually navigate back to the Facebook.com home page instead, and then log in there if need be.

Next: Fake Facebook Communities, Web of Trust

Scam #5: The Contrived Community

The Scam: Community enthusiasts, be cautioned: Facebook user groups can sometimes be cleverly disguised vehicles for marketing. And--whether you realize it or not--when you click the join link, you're effectively opting in.

Brad J. Ward was one of the first users to find such a scheme in action. Ward, then a member of Butler University's admissions department, discovered a Facebook group called "Butler Class of 2013." The only problem: The people behind it had nothing to do with Butler. After posting about the issue on his blog SquaredPeg.com, Ward soon learned that the names of nearly 400 other schools appeared in similarly suspicious groups, all created by the same small set of people.

"My initial reaction was that some company or person was essentially setting themselves up to be the administrator for hundreds of groups, which provides the opportunity to send out mass messages or to collect data," Ward says.

His instinct was right: The publisher of a college guidebook had set up the groups, seemingly with the goal of building a mass mailing list for marketing its products, Ward discovered.

"Was any of it illegal? Not necessarily," Ward points out. "But was it unethical, and could it be misconstrued as an official university presence? Yes."

Once exposed, the publishing company College Prowler admitted its involvement and agreed to back out of the groups. Still, that's only one company. More than likely, countless others haven't been detected, and are actively using groups to gain the trust (and information) of unsuspecting users.

The Protection: Be very selective in deciding what groups you join. If you aren't sure who runs a given Facebook community, or whether it's officially linked to the organization that it claims to be, don't accept the request. Your privacy is worth more than any membership.

The Web of Trust

In the end, staying safe comes down to maintaining control of your information and carefully selecting with whom you share it--because you never truly know who's on the other end of electronic communication. This past month, for example, a high school student was charged with 12 felonies after investigators say he posed as a girl on Facebook and tricked male classmates into sending him nude photos.

"An online version of the 'web of trust' is formed among users," notes Trend Micro's Jamz Yaneza. "Although this does work in the noncyberspace environment, the platform ... is really different when someone else is in charge of your medium."

It's easy to feel invulnerable while reading about such scams. The second you let your guard down, though, it's even easier to become the next victim. Just ask people who know Beny Rubinstein, the IT pro who lost more than a grand to a Facebook scammer.

"Worse than losing the money, he realized how exposed you are in a social network," says Vicente Silveira, Rubinstein's friend. "We're exposing things now that are in many ways a lot more valuable than money."

Visa: New payment-processor data breach not so new after all

2009-03-04T22:12:00.000-08:00

Days after Visa Inc. seemingly confirmed that a data breach had taken place at a third payment processor , following on the recent breach disclosures by Heartland Payment Systems Inc. and RBS WorldPay Inc., the credit card company now is saying that there was no new security incident after all.

In actuality, Visa said in a statement issued Friday, alerts that it sent recently to banks and credit unions warning them about a compromise at a payment processor were related to the ongoing investigation of a previously known breach. However, Visa still didn't disclose the identity of the breached company, nor say why it is continuing to keep the name under wraps.

Visa said that it had sent lists of credit and debit card numbers found to have been compromised as part of the investigation to financial institutions "so they can take steps to protect consumers." It added that it currently "is risk-scoring all transactions in real-time, helping card issuers better distinguish fraudulent transactions from legitimate ones."

Visa's latest statement follows ones issued by both it and MasterCard International Inc. earlier this week in response to questions about breach notices that had been posted by several credit unions and banking associations. The notices made it clear that they weren't referring to the system intrusion disclosed by Heartland on Jan. 20 and suggested that a new breach had occurred.

Visa's initial statement, and the one from MasterCard, were both carefully worded; neither said specifically that the breach being referred to was a new one, but they also didn't say that it was a previously disclosed incident. Visa said it was "aware that a processor has experienced a compromise of payment card account information from its systems," while MasterCard said it had notified card issuers of a "potential security breach" affecting a payment processor in the U.S.

MasterCard officials didn't respond Friday to requests seeking clarification on whether its statement referred to a previous breach or a new one.

Benson Bolling, vice president of lending at the Alabama Credit Union in Tuscaloosa, said Friday that officials there had understood the breach to be a new one based on the alerts sent out by Visa - but couldn't say that for sure. According to Bolling, the credit union, which posted an advisory on Feb. 17 and updated it two days later, was informed by Visa of a "big breach" shortly after getting the word about the intrusion at Heartland.

The identifying number that was used in the so-called Compromised Account Management System alert issued by Visa appeared to suggest a new breach, because it was different from those used in previous CAMS notices, Bolling said. It was his understanding, he added, that CAMS alerts related to a previous breach would use the same identifier as the original notifications.

Almost 50% of the credit and debit cards issued by the ACU have been affected between the Heartland breach and the compromises detailed by Visa in the latest CAMS alert, Bolling said, without disclosing the number of compromised cards.

The Pennsylvania Credit Union Association also issued an advisory, dated Feb. 13, in which it described the recent alerts from Visa and MasterCard as being related to a new breach. "As the entity involved has not yet issued a press release, Visa and MasterCard are unable to release the name of the merchant processor," the PCUA said. The advisory appears to have since been removed from the association's Web site, but a cached version can be found via the Google search engine.

An advisory posted by the Tuscaloosa VA Federal Credit Union in Alabama also indicated that "another" payment processor had been breached and said that the compromise involved so-called card-not-present transactions, such as those made online or via the phone. Tuscaloosa VA noted that the "window of exposure" provided by both Visa and MasterCard was from February 2008 to this January. And like the PCUA, the credit union said that because the affected payment processor had yet to publicly announce the breach, Visa and MasterCard were unable to identify it.

Heartland has yet to disclose the scope of the breach in its systems, saying that it still doesn't know how many card numbers were compromised. The company, which processes more than 100 million transactions per month, also has yet to specify when exactly the system intrusion took place, beyond saying that malware was operational on its systems "during part of 2008."

RBS WorldPay, the Atlanta-based payment processing division of The Royal Bank of Scotland Group, disclosed Dec. 23 that its systems had been breached by unknown intruders, resulting in the compromise of personal information belonging to about 1.5 million owners of prepaid payroll and gift cards (download PDF). The compromised information included the Social Security numbers of 1.1 million people, according to the company, which said it had discovered the breach in early November.

Roku & Amazon: Cloud vs Hard Drive

2009-03-04T22:03:00.000-08:00

I've owned a Roku video player for almost a year now, and I'm not ashamed to admit that I'm a fan. In case you aren't familiar with the Roku, it's a $99 device that initially was for streaming Netflix's "Watch Now" content to a television. The device is compact and works like a charm, and back when I bought it, it was the only out-of-the-box option for getting a Netflix stream direct to your TV.

Of course since that time, the XBox 360 has added Netflix support, as have a number of Blu-ray players, and this spring, you'll even be able to buy a TV with Netflix streaming built in. (There are plenty of companies betting that Netflix isn't going anywhere!) Roku wasn't sitting still during all this, though. They've promised to add new sources of content to their box, and this morning the first of those promises came true: you can now stream Amazon's Video on Demand service to the Roku.

As I was surfing around reading about this announcement, I read a comment that got me thinking. Amazon allows renting or purchasing content, but the Roku has no hard drive. This commenter — and I honestly can't remember where I read this; it may have been on Twitter (where else?) — questioned why anyone would buy content if it was going to remain "in the cloud." If you watch Amazon's Video on Demand on a TV or a Tivo, you can download purchased content and keep it locally. Obviously this isn't an option on the Roku.

I don't think I really care all that much if my content is in the cloud, to be honest. Ideally, I'd still like a store-bought hard copy with a spiffy case and all that. I like to browse our shelves of movie boxes looking for a DVD or Blu-ray to watch, but if I'm not going to own the physical media, I don't really care where my digital version "lives."

I can see where people who travel a lot would want to download a copy to keep on their laptop for watching on the go, but they can still do that. The only drawback I can see with the Roku is, what happens if your internet goes out? And that's a valid concern, but I'm blessed with a very reliable net connection (knock on wood). My counter argument is this: if you're downloading your content, what happens when your hard drive fails? Sure, you can burn a DVD copy or something, but then you're back to having physical media.

I think I'm very content letting Amazon store my digital copies of any Amazon Video On Demand content I might purchase. That feels easy to me. Let them worry about backups and storage space and all that. (The big caveat here is all the noise we're hearing about ISPs putting bandwidth caps in place. That could rain on everyone's parade.) I love that the Roku is silent and small with no moving parts. I just want to turn on my TV and let the Roku stream my content to me.

What do you think? Am I on the right track, or am I just making excuses for my treasured Roku box? Would you purchase content that was going to remain in the cloud?

Google blocks paid apps for unlocked G1 users

2009-02-26T10:44:00.000-08:00

People who bought an unlocked version of the Android G1 phone are no longer allowed to download new paid applications from the Market, after a change Google made late last week.

Google is prohibiting users of the unlocked phones from viewing copy-protected applications, including those that cost to download.

The Developer version of the G1 comes unlocked to any particular mobile operator and is priced at US$400. Anyone who joins the Android developer program for $25 can buy the phone.

Last week, Google employees began replying to questions people posted on the Android Market Help Web site about being unable to see copy protected applications in the store. "If you're using an unlocked, developer phone, you'll be unable to view any copy-protected application," wrote Google employee Ash on the help site in reply to a user's question on Friday. "This is a change that was made recently."

While Google offered only slim details about why it made the change, it could be an attempt to close a loophole that reportedly allows users of the unlocked phone to download paid applications for free. "The Developer version of the G1 is designed to give developers complete flexibility," Google said in a statement. "These phones give developers of handset software full permissions to all aspects of the device... We aren't distributing copy protected applications to these phones in order to minimize unauthorized copy of the applications."

A couple of developers have theories about the issue behind the move. Tim at the Strazzere.com blog discovered that protected applications are automatically downloaded into a private folder on Android phones. Most phone users can't access that file but users of the Developer phone can.

That means a Developer phone user could buy an application, copy it from the private folder, return the application for a refund and then re-download the application to the phone, the developers say. The Android Market allows anyone to return an application within 24 hours.

The Phandroid blog and a few developers commenting on the blog said they were able to download and copy-protected applications. Some developers are surprised that assigning the application to a specific folder is the only copy protection given to applications.

It's unclear how many people have the unlocked version of the phone. But some vocal developers are very annoyed that they paid $400 for the phone and aren't allowed to access all of the apps in the store.

One, who goes by the name bakgwailo, is proposing a "developer revolt," where all developers pull their applications from the store. "It would be the only way to show Google that this is NOT acceptable, and that devs are not second (third?) class citizens on the Market," he wrote. "I do not know about you, but I am beyond angry that I can not even see my own paid app on the Market with my 400 dollar dev phone!"

"This is a big problem for everyone who has a Dev phone," one developer using the name oscillik wrote. "Assuming that we're pirates is very offensive."

App Store grows, but apps are seldom used

2009-02-22T09:20:00.000-08:00

At least that's the conclusion from data collected by Pinch Media, a company that helps developers track the use of their iPhone applications.

Pinch found that of the users who download free applications from the App Store, only 20 percent use the app the next day, and far fewer do as the days pass. For paid applications, the return rate is only slightly better: 30 percent of people use the application the day after they buy it. The drop-off rate for paid applications is about as steep as for free applications after the first day.

Generally, 1 percent of users who download an application turn into long-term users of it, Pinch found. Pinch has noticed some differences based on the kind of application. For example, sports applications get more use than others in the short term, while entertainment applications tend to keep users for longer than others.

Pinch has discovered, or at least confirmed, some other interesting usage trends as well. Developers have a far greater success rate once they rise to the top of the store, which Apple ranks based on popularity. Once applications hit the top 100, the number of daily new users increases by 2.3 times, Pinch said.

Also, free applications tend to get more use than those that cost. Users run free applications, on average, 6.6 times as often as paid applications, Pinch said.

The findings might surprise and disappoint developers, many of whom regard the iPhone's application ecosystem as the first real opportunity to build a business around wireless applications. Prior to the launch of the easy-to-use App Store, few phone users ever downloaded new applications to their phones. That meant that the best way for developers to offer their applications was to convince operators to preload the applications on phones -- an expensive, time-consuming and challenging proposition.

Pinch Media collected data from "a few hundred" applications in the App Store that use its hosted analytics product. Applications that use the analytics offering include those that have been the number-one paid and free applications available in the store, Pinch said. The store currently has more than 15,000 applications, and users have downloaded applications more than 500 million times.

The data from Pinch might be valuable for developers who are also considering building applications for other stores that have been planned following the success of the App Store. Stores for Android, Windows Mobile, BlackBerry and Palm Pre applications have either been announced or are already open.

Would a server by any other name be as functional?

2009-02-22T09:13:00.000-08:00

When I graduated from college, my parents bought me a new computer as a graduation gift (a Power Computing Mac clone, if you remember that odd little interlude in Apple's history). It was an order of magnitude more powerful than my Mac Plus, and I was so thrilled to have it that I decided that it would be auspicious to christen it. Since I was in grad school studying ancient history at the time, I changed the name of the hard drive from whatever the boring default was (it may have actually just been "HARD DRIVE") to "Kleopatra," using the more correct Greek spelling of the ancient queen's name.

Over the next few years -- especially after I fled academia -- I wondered if maybe I should cast aside this little bit of whimsy, but I did like thinking of my computer as more than just another grey-beige box of silicon taking up desk space. So Kleopatra stayed, and when I got a second internal hard drive, I named it after her husband Marc Antony, just to keep her company. I thought that this affectation made me unique and just a little bit weird. But then I got my first real job.

The job was as a copy editor at a San Francisco Web publishing startup, and I quickly learned that all of the Unix servers upon which our internal and external processes depended had names. And not boring names like PRODUCTION_SERVER; these machines were all named after African nations. This didn't exactly turn every trip into the office into an exotic vacation, but dealing every day with machines named Rwanda and Angola at least gave us something concrete to rant about when tech difficulties beset our work. (I hope the good people of Angola weren't hurt by the invectives we hurled when their country's namesake computer went out of commission for good, leaving us in two weeks of limbo before we eventually replaced it with Congo.) But more to the point, it taught me about the feeling of of hominess and community you get from a consistent naming system for your machines.

It's possible to give them too much personality
Photo by c.j.b.

When our business unit was merged with another one back east, and they started foisting their own, non-geographical naming conventions onto us -- well, that's when we knew that an era was ending.

The spy who named me

As it happens, such a naming system wasn't unique to our little office. Sandra Henry-Stocker was our company's Unix admin when I started that job, though she wasn't the originator of the African naming scheme. However, she did once work with a similar server naming scheme at another workplace with a slightly more exciting mission. "When I worked at the CIA," she says, "the office I worked in named its servers after states -- like Alaska and NewHampshire. We'd briefly considered wineries, but figured most of the staff would have no hope of pronouncing them, so we abandoned that idea pretty quickly."

It didn't stop there, though: "Client systems in each subnet were named after cities in the associated states. So we had systems with names like Juneau and Portsmouth. Some analysts grumbled that they wanted to 'move,' but it was easy to tell which subnet a particular analyst was on just by knowing his or her workstation's name and a bit of geography. The funny part was the looks I'd get in the elevator when I'd say to a coworker with a tone of annoyance something like 'I don't know what we're going to do about Maine! We're seeing crashes every day now.'"

It seems that this concept -- giving your servers a naming system that is at once arbitrary and consistent -- is a near-universal one, either passed down from admin to admin or reinvented dozens of times over the years. There are thousand-post Slashdot threads on the subject, and enthusiastic user discussions at O'Reilly and ISP discussion sites. What's really interesting to me is how these arbitrary conventions can take on a life of their own and affect how we think about the machines we use every day, like they did for Henry-Stocker's CIA analysts who wanted to move to better "locations."

Sometimes mere names can get downright philosophical . Lee Mandell, now the president of communications agency Matlin Mandell, recalls, "At a small agency I worked for back in the dot-com days we named our servers after quarks. Thus our file server and its mirrored backup were TRUTH and BEAUTY, because, after all 'Beauty is truth, truth beauty -- that is all Ye know on earth, and all ye need to know.' And our Web server and its mirrored backup were UP and DOWN. Unfortunately I never got the chance to say to my boss that, due to a server crash, UP was down -- but don't worry because DOWN is up.'"

However, naming schemes can go beyond whimsy and enter what strikes me as enabling. "At my current agency," says Mandell, "we name all our computers after playwrights. Notably our main file server was named O'Neill. It was always problematic, given to disk crashes (twice), BSOD lockups and slowness. 'But,' my partner once said to me, 'what else would you expect from a server named after an alcoholic depressive?'" Would a box merely named FILESERVER1 have been so indulged? Fortunately, since O'Neill was just a server after all and not a beloved family member or Nobel-winning playwright, it was not confronted in an elaborate intervention, but eventually merely replaced. Kaufman, the new server, "is doing just fine," Mandell reports.

Method to the madness

Is there something more to this than just whim, and an aid to anthropomorphism that may or may not be healthy? Perhaps. Sandra Henry-Stocker describes the arrangement at her current workplace. "The naming scheme, largely resulting from the fact that one of our prior sysadmins was a diver, started with Caribbean Islands -- like StCroix and StBarts -- and then moved to the Mediterranean with names like Malta and Sicily. One of the other development groups uses a naming scheme that mimics the project and system types. So we have systems named gwx1a and gwx1b where the 'gwx1' stands for 'Gateway Netra X1'. These names are so boring and easily confused (e.g., did you just say 'gwx1b' or 'gwx1d'?) that the users all refer to them by their IP addresses! The islands, on the other hand, seem to invoke some enthusiasm on the users' part. In fact, we often refer to them as 'the islands' rather than 'the servers.'"

I think there's a couple of important data points in this story. The first is that server names that seem "logical" to a particular kind of very systematic and linear computer geek -- like gwx1 -- are actually pretty difficult to remember. Our language-focused brains aren't really built to accommodate them. (It's a really bad sign when your naming scheme is less user-friendly than IP addresses!)

It's also interesting to note that enthusiasm for one scheme -- in this case, the islands -- can inhibit the adoption of another scheme viewed as inferior. Presumably the more enthusiastc you are about one, the less likely you are to brook changes. "Sometimes it seems people pay nearly as much attention to this as to how they name their kids!" says Henry-Stocker. And that reminds me of another situation I heard about second-hand. A former roommate was a research scientist, and in the department where he worked, most of the servers were named after chemical elements; however, my roommate's boss wanted to keep things a little closer to home -- so he named his group's servers after his own theories.

The march of history

And what about Kleopatra? The Egyptian queen died famously of a snakebite suicide; my Power Computing machine went less glamorously, to a tinkerer from a Mac mailing list who volunteered to take her off my hands. She was followed by a series of ancient rulers, with gaps of a few centuries between each; there was Theodosius, then Justinian, and my current laptop is named Heraclius, after the 7th-century Byzantine emperor. I even have a little ecosystem going on at home: my Wi-Fi access points, set up when I had my previous computer, are named Belisarius and Narses (after Justinian's great generals) and my iPhone is named Niketas (after Heraclius's cousin).

When my wife wanted to name her phone Pinky, rather than after some ancient figure, I didn't make too much of a fuss, even though it wounded me inside. I have something bigger to worry about: if I jump forward a few centuries with every new computer, what do I do when I catch up with the present?

Apple still has 'ideas' for Mac netbook, says analyst

2009-02-19T07:59:00.000-08:00

An analyst who met with Apple recently believes the company has "ideas" about producing a Mac netbook, an ultra portable laptop computer.

Analyst Toni Sacconaghi of Sanford C. Bernstein & Co met with Apple's Chief Operating Officer Tim Cook, covering for CEO Steve Jobs during a leave of absence, Apple's Chief Financial Officer Peter Oppenheimer and Apple's marketing chief Phil Schiller.

According to Sacconaghi, Apple's Cook hinted at "ideas" for a netbook as well iPhone price changes, and new smartphone handsets.

"Tim Cook stated that since Steve Jobs announced his leave of absence, he was spending more time on new products, how Apple could take the iPhone into new markets and examining iPhone's business model," said Sacconaghi, who is ranked the top computer analyst by Institutional Investor magazine.

The MacBook Air is Apple's smallest, lightest laptop.

Sanford C. Bernstein & Co manages portfolios for private and institutional investors currently valued at $85 billion.

"Several interesting tidbits point to new iPhones, potentially with different pricing/price points this year," Sacconaghi added.

A Mac netbook has long been rumoured since the success of smaller lighter laptops, typically with a 10" screen, from companies such as Asus, Acer, Dell, HP and MSI Wind.

Last week Asus said they had sold 4.9 million Eee PC netbooks last year despite the economic downturn.

Netbooks are traditionally competitively priced due to their relative lack of power and limited upgradability.

Apple's smallest, lightest laptop the MacBook Air starts at £1,271, which is a long way from what Apple would need to charge to make the a Mac netbook a success.

Apple has also previously said that the iPhone was there netbook, offering email and web surfing on the move.

Analyst Sacconaghi added that he expects Apple's stock to outperform the S&P 500 in the next year.

Sacconaghi also said he expects new Apple iMacs as earlier as next month and an new Apple iPhone in the summer.

Charge dropped against Pirate Bay four

2009-02-18T10:03:00.000-08:00

A Swedish prosecutor on Tuesday dropped a charge levied against four men on trial for running The Pirate Bay, one of the most popular BitTorrent search engines and trackers on the Internet.

Tuesday's proceedings saw Swedish prosecutor Håkan Roswall drop a charge of aiding in the making of copies of works under copyright, said Peter Sunde, one of the four on trial. The charge was dropped due to the inability of the prosecution to prove copies of content were made, he said.

"We have definitely won this round," Sunde said.

One charge -- essentially aiding the making of material under copyright available -- remains. Sunde and the other three defendants, Fredrik Neij, Gottfrid Svartholm Warg and Carl Lundström, could face prison time. Swedish authorities want them to forfeit 1.2 million Swedish kronor (US$140,000) in advertising revenue generated from the site.

A lawyer for the music industry, Peter Danowsky, denied that dropping the charge hurt the overall case.

"It's a largely technical issue that changes nothing in terms of our compensation claims and has no bearing whatsoever on the main case against The Pirate Bay," Danowsky said in a statement published by The Local, a Swedish newspaper published in English. "In fact it simplifies the prosecutor's case by allowing him to focus on the main issue, which is the making available of copyrighted works," he said in a statement.

The Motion Picture Association is seeking 93 million Swedish kronor in damages, and the IFPI (International Federation of the Phonographic Industry) is seeking €1.6 million (US$2.06 million) in damages.

Evidence presented by Roswall on Tuesday included screenshots showing computers were connected to The Pirate Bay's tracker, or software that coordinates P-to-P (peer-to-peer) file sharing.

But a majority of the screenshots show that The Pirate Bay was actually down at the time and that the client connections timed out, Sunde said. The clients, or peers, were still connecting with each other, but through a distributed hash table, another protocol for coordinating downloads unrelated to The Pirate Bay.

The schedule for Wednesday includes testimony from a Swedish antipiracy agency as well as the Motion Picture Association, Sunde said.

Hackers attack IE7 flaw

2009-02-18T09:01:00.000-08:00

Less than a week after the last round of Microsoft Internet Explorer patches, security experts are already warning that exploit code is in circulation.

The particular flaw, MS09-002, is being exploited using a specially crafted Word document which is emailed to users. Once opened it installs malware onto the target system, including a Trojan to allow the malware to update itself.

"Several anti-virus vendors reported MS09-002 exploits in the wild. We can confirm that the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working on an unpatched Windows XP machine," said Bojan Zdrnja of the Sans Internet Storm Center.

"Initially there was some confusion about this attack as most anti-virus vendors mentioned Word documents. The exploit targets Internet Explorer 7, but so far it has been delivered to the end user as a Word document.

"That being said there is absolutely nothing preventing attackers from using the exploit in a drive-by attack and we can, unfortunately, expect that this will happen very soon."

The first malware to try and exploit the flaw looks to have been reverse-engineered rather than being in existence before the patch was announced, experts said. The malware collects information from infected computers, encrypts it and sends it to a server in China.

The short turnaround time from patch to malware will leave IT administrators racing to update corporate servers in time, and they are advised to warn users about potential threats.

Obama pours billions into IT with recovery package

2009-02-18T08:24:00.000-08:00

Obama's economic stimulus package, which was signed into law yesterday, will see billions of dollars poured into technology in the US.
A significant part of the $787bn total will be spent on IT-related measures. A main beneficiary will be healthcare IT, which is set to receive around $19bn.

Obama wants to introduce electronic care records, computerising all health records in the next five years.

The project will be similar to the UK's £12bn national programme for IT, a part of which aims to automate records, which has weathered a few storms since Tony Blair first introduced the plan.

Obama said in a speech yesterday, "It is an investment that will take the long overdue step of computerising America's medical records to reduce the duplication and waste that costs billions of healthcare dollars, and medical errors that cost thousands of lives each year."
ADVERTISEMENT

In addition, $2.5bn has been earmarked for loans for improving broadband infrastructure in the US, $200m will go into expanding public computer capacity at community colleges and public libraries, and $250m will be available in grants for innovative programmes encouraging broadband adoption.

An innovative technology loan guarantee programme, which will provide loan guarantees for renewable technologies and transmission technologies, will receive $6bn.

The US government will also allow some students to claim money for IT equipment used for studying.

A further $30bn will go towards clean energies and an upgrade of the country's electricity grid.

The US government hopes to be able to detail its economic recovery spending on its recently launched website, recovery.gov, although observers have pointed out that collecting and reporting the data will be a difficult task.

US Congess passes huge economic stimulus bill

2009-02-15T12:27:00.000-08:00

The U.S. House of Representatives and Senate have both passed the final version of a huge economic stimulus package, including billions of dollars for broadband deployment and electronic health records.

The House Friday afternoon voted 246-183 to approve a compromise version of the estimated US$787 billion American Recovery and Reinvestment Act. All 176 House Republicans present voted against the bill.

Late Friday evening, the Senate voted 60-38 to approve the bill, with three Republicans joining Democrats in supporting it.

U.S. President Barack Obama pushed for the legislation and he is likely to sign the bill in the next couple of days.

The House and Senate both passed versions of the bill within the past three weeks, and negotiators from both chambers agreed on a compromise version of the bill earlier this week.

The bill includes $7.2 billion to help deploy broadband in rural and other unserved areas, $17 billion for incentives for health care providers to adopt electronic health records, and $11 billion to update the nation's electricity grid by hooking it up to the Internet.

Republicans complained that the bill included so-called pork-barrel spending and that Democrats didn't seek their input in crafting the bill. "A bill that was supposed to be about jobs, jobs, jobs has turned into a bill about spending, spending, spending," said Representative John Boehner, an Ohio Republican and House minority leader. "We owe it to the American people to get this right."

Republicans also complained they had less than 24 hours to digest the final version of the bill, about 1,000 pages long. No lawmaker has had the time to read the entire bill, Boehner said.

"This is a sad day for our country," said Senator John Thune [cq], a South Dakota Republican. "And it's a sad day for future generations who will be left paying for this billion-dollar spending bill."

Democrats argued the bill is necessary to jump-start the U.S. economy. Senator Joe Lieberman [cq], a Connecticut independent who caucuses with Democrats, said he's confident the bill will "begin the turnaround of the American economy."

Senator Amy Klobuchar, a Minnesota Democrat, applauded the bill for including money for grants and loans to broadband providers that deploy in unserved areas. Residents of the rural United States need broadband to train for high-tech jobs of the future, she said.

"Broadband Internet deployment creates jobs," she said. "I want those jobs to go to Thief River Falls, Minnesota ... instead of India or Japan."

Curiosity drives Twitter "social virus"

2009-02-14T06:09:00.000-08:00

If you were hanging out on Twitter today, you probably noticed a lot of very similar Tweets coming through, saying "Don't Click" followed by a shortened URL.

Many people, upon receiving that Tweet, immediately clicked the link, which took them to a page with a "Don't Click" button. And when they clicked on that button (assuming they were logged into Twitter in their web browser) they ended up posting a Tweet from their account. This Tweet repeated the original message: "Don't Click" followed by a shortened URL. Which all their Followers clicked. And so on.

The end result of this was huge numbers of "Don't Click" Tweets, a lot of puzzlement on the part of the Twitter community, and nothing more serious. This time at least.

The security community immediately got to work investigating the event and found that it was accomplished via clickjacking. Chris Shiflett has a done a great job of explaining the exploit, as has Sunlight Labs. This wasn't a case of using clever javascript or any scripting at all. It was just done with an IFrame, pulling the Twitter page into the "Don't Click" page and populating the Status Update box on the Twitter page. However the IFrame was rendered invisible via CSS. You thought you were clicking this "Don't Click" button on the page, but you were actually clicking the (now invisible) Update button on the embedded Twitter page. If that went over your head, the links above step through it much more clearly.

To their credit, the Twitter Engineers blocked the problem very quickly, and no real harm was done. But their fix isn't bulletproof, as Jeff Jones discovered.

In some ways, the most interesting part of this story was the way it was the "virus" was distributed. Apparently the very best way to get people to click on something is to label it "Don't Click"!

2009-02-14T05:29:00.000-08:00

Blockbuster, Inc announced today that it would add video games to its BLOCKBUSTER Total Access online rental service. A pilot program is planned for Q2 of this year with a goal of national availability by the second half of the year.

This puts Blockbuster in competition with online game rental services such as Gamefly, Gamerang and Gottaplay, none of which have the breadth of distribution centers that Blockbuster has. Additionally, renting games will offer a differentiation point from rival Netflix. Game platforms covered include Nintendo Wii, Sony PS & PS3, and Microsoft Xbox & Xbox 360. As with movies, users will be able to return rentals to a brick and mortar Blockbuster store.

Game enthusiast site Joystiq contacted Bob Barr, vice president and general manager of Blockbuster Online, for further details, including the price. A 3-disk Total Access account costs $19.99 per month. During any month that a game is rented, a $5 charge gets added to that price. During the testing phase, a game counts as a disk.

One of the biggest problems with existing game-rental services is availability of new titles; it'll be interesting to see if Blockbuster can overcome this hurdle.

T-Mobile issues firmware update for G1, adds voice search

2009-02-11T00:45:00.000-08:00

T-Mobile began pushing out an update that adds a couple of new features and fixes some glitches in the G1, its phone that runs Google's Android software.

The most notable new capability is voice search. Once G1 users get the firmware update, they'll notice an icon for a microphone in the Google search bar on the home screen. When users hit the button they'll hear a "speak now" prompt, after which they can say their query, said Jeff Hamilton, a software engineer for Android, in a blog post.

If voice search doesn't properly interpret the query, users will be able to hit a "down" arrow next to the search box to find other suggestions, one of which might be correct, he said. G1 users will also be able to dial phone numbers and search in their contacts lists using voice commands.

The voice command capability follows the introduction of Google's voice search application for the iPhone in November.

Another minor addition with the Android update is the ability to save attachments sent via MMS. Users will also start seeing notifications when new software updates are available, including for applications in the Android Market. Phone users will also be able to report offensive comments in the Market as spam.

The update fixes a few glitches as well, such as one that automatically ended an instant messaging session when users turned their Wi-Fi connection on or off. Another glitch caused reminders for calendar items not to be delivered.

T-Mobile started pushing the update out Monday and expects all customers to receive it in two weeks.

On a T-Mobile Forum hosted by the operator, an administrator said the update is not related to "cupcake," the name of another update that will include a wider range of new capabilities and bug fixes.

Intel to invest $7B on U.S. plants

2009-02-10T10:36:00.000-08:00

Intel will spend $7 billion over the next two years to revamp three U.S. manufacturing plants, and the company's CEO called on other companies to also invest in the future as a way to combat an economic recession.

Intel will update manufacturing plants in Arizona, New Mexico and Oregon to build new 32-nanometer processor chips, Paul Otellini, the company's president and CEO announced today.

Intel sees the tough economic times as an opportunity for investment in the future, Otellini told the Economic Club of Washington "Tough as these times are, we are not blinking," he said. "Today, I am pleased to announce our intention to stamp the words, 'made in America,' on even more Intel products in the months and years to come."

He called on other U.S. companies to join Intel, even as dozens of companies are laying off workers. "A secure future requires investment in areas that will give rise to new industries and new ideas," he said. "We can't look to government to do this."

The three U.S. plants will support about 7,000 Intel employees and "multiple thousands" of contractors

Hackers clone passports in drive-by RFID heist

2009-02-10T10:28:00.000-08:00

A British hacker has shown how easy it is to clone US passport cards that use RFID by conducting a drive-by test on the streets of San Francisco.

Chris Paget, director of research and development at Seattle-based IOActive, used a US$250 Motorola RFID reader and an antenna mounted in a car’s side window and drove for 20 minutes around San Francisco, with a colleague videoing the demonstration.

During the demonstration he picked up the details of two US passport cards, which are fitted with RFID chips and can be used instead of traditional passports for travel to Canada, Mexico and the Caribbean.

“I personally believe that RFID is very unsuitable for tagging people,” he said.

“I don’t believe we should have any kind of identity document with RFID tags in them. My ultimate goal here would be, my dream for this research, would be to see the entire Western Hemisphere Travel Initiative be scrapped.”

Using the data gleaned it would be relatively simple to make cloned passport cards he said. Real passport cards also support a ‘kill code’ (which can wipe the card’s data) and a ‘lock code’ that prevents the tag’s data being changed.

However he believes these are not currently being used and even if they were the radio interrogation is done in plain text so is relatively easy for a hacker to collect and analyse.

The ease with which the passport cards were picked up is even more worrying considering that less than a million have been issued to date.

Paget is a renowned ‘white hat’ ethical hacker and has made the study of the security failings of RFID something of a speciality.

In 2007 he was due to present a paper on the security failings of RFID at the Black Hat security conference in Washington but was forced to abandon the plans after an RFID company threatened him with legal action.

He points out that RFID tags are increasingly being used in physical security systems such as building access cards and the technology needs significant security adding before it could be considered safe for commercial use.

Mommas don't let their babies grow up to be engineers

2009-02-10T10:14:00.000-08:00

More than 85% of students today aren't considering careers in engineering, a new survey found, as more parents encourage girls specifically to become actresses than IT professionals.

The vast majority of students recently polled confirmed that interest in engineering careers has waned significantly, with a majority (44%) of respondents citing a lack of knowledge around engineering as the top reason they would not pursue such jobs. Another top reason kids don't consider a career in high-tech involves the "geek" perception for 30%, who indicated "engineering would be a boring career," according to the American Society for Quality (ASQ).

ASQ commissioned Harris Interactive to conduct an online survey of 1,277 U.S. youths aged 8 to 17 and 2,196 U.S. adults aged 18-plus, of whom 584 reported being parents of children aged 17 or younger. The ASQ kicked off the study in light of forecasts that there will be a shortage of 70,000 engineers by 2010, according to the National Academy of Sciences and National Science Foundation.

Another factor kids surveyed indicated steers them away from a career in engineering is a lack of confidence in math or science skills (21%). Yet 22% of kids polled listed math as their favorite subject and 17% find science the most fun. Additionally, just 20% parents encourage their children to consider an engineering career, despite the fact that 97% of parents said they believe knowledge of math and science will help their children have a successful career.

"It's clear that there is a low level of interest and knowledge about engineering careers for both parents and children," said Maurice Ghysels, chair of ASQ's K-12 Education Advisory Committee. "Educators and engineers need to work more closely together to get students excited about the profession and spotlight interesting role models."

The survey results also revealed a gender divide among students' career aspirations and parental guidance. Among the girls, 21% said their parents encourage them to be actresses vs. 10% hearing about the potential of engineering from their parents. Other careers parents find suitable for their girls include doctor (33%), teacher (31%), lawyer (25%), veterinarian (23%), nurse (20%) and businessperson (17%).

Boys indicated a higher interest in engineering careers than girls: 24% vs. 5%. And parents follow suit. Nearly one-third of boys polled said their parents have encouraged them to consider a career in engineering, vs. just 10% of girls who said the same.

A New Internet Attack: Parking Tickets

2009-02-09T13:01:00.001-08:00

Trojan-pushing parking tickets? Yes, really. The Internet Storm Center, which tracks Internet attacks and threats, documented a case in Grand Forks, North Dakota where someone put yellow fliers on cars that claimed to ticket a parking violation. The fliers named a Web site that purportedly had pictures of your supposed violation.

To see the pictures, according to additional commentary from the McAfee Avert Labs, the site instructs you to download a toolbar named PictureSearchToolbar.exe. Do so, and you end up with a Trojan. That Trojan, called Vundo by Symantec and McAfee and Monder by Kapsersky (according to a Threat Expert report linked by the ISC), displays false infection warning pop-ups that market a fake antivirus product called "Antivirus 360."

I knew that pushing rogue antivirus was becoming a more popular tactic for crooks, who get a cut of the purchase price via shady affiliate marketing deals, but I had no idea the potential profits could justify the time and expense of physically distributing fake parking tickets. Then again, maybe it doesn't: Many Internet crooks aren't exactly known for their excessive brain power.

The ISC post from Lenny Zeltser has more details on the discovery, including some digital sleuthing about the model of the camera used for pictures on the Web site. And keep an eye out for an upcoming PC World story that delves into rogue antivirus, including how to tell a harmless browser-based social engineering attempt from one that can indicate a malware infection like the one described here

Analyst: Apple making smart moves with next OS, Snow Leopard

2009-02-09T12:59:00.000-08:00

Apple has delivered another pre-release build of Snow Leopard, its next operating system, that includes developer tools to mimic the iPhone's location-sensing skills and boost the multi-touch function of the company's laptops, according to reports on the Web.

Both moves would be smart for Apple if they are part of the OS when it is rolled out, an expert said Friday.

According to AppleInsider , developers now have Mac OS X 10.6 build 10A261, which includes a development framework, dubbed "CoreLocation," for triangulating location, as well as access to new APIs (application programming interfaces) for making use of the multi-touch features in the newest MacBook and MacBook Pro notebooks.

CoreLocation debuted in the first-generation iPhone as part of a January 2008 firmware update , which lacks any GPS hardware, and instead uses cellular signal towers to determine an approximate location. According to AppleInsider's sources, Snow Leopard includes support for the feature.
"Apple clearly wants to leverage the portability [features] of its smaller devices, like the iPhone, on its other hardware," said Ezra Gottheil , an analyst with Technology Business Research Inc.

He was also bullish on the idea that Snow Leopard may include more support for multi-touch, the finger gestures available in limited form on Apple's laptop trackpads. The design, which debuted early last year on the MacBook Air and then on the updated MacBook Pro line , was extended to the less expensive MacBooks in Apple's October laptop revamp . Multi-touch, like geo-location, was first found on the iPhone.

"Apple might be able to get more out of the multi-touch touchpads," said Gottheil. He pointed to the four-finger swipe that calls up Leopard's "Expose" screen feature. "Before [multi-touch], I just never used Expose on an Apple laptop ... it was just too hard to do the Function-F9 keypresses."

With Snow Leopard, third-party software developers will be able to call on the operating system's gestures within their own applications, AppleInsider reported.

Last June, Apple confirmed that it was working on Snow Leopard, and at the time said it would ship the update to Mac OS X 10.5, aka Leopard, in about a year. It also stressed both then and later, that Snow Leopard would focus on performance and stability improvements, and lack the kind of flashy interface or feature changes that users have come to expect from the company's operating systems upgrades. Apple's current online marketing materials for Snow Leopard, for example, claim that the OS is "taking a break from adding new features."

Today, Gottheil said everyone should take Apple at its word. "I think that Apple will try to make it as appealing as it can as an upgrade," he said. "But unless they have some brilliant insight that they're hiding, they're basically going to deliver a lot of invisible improvements with Snow Leopard."

And while that may not dampen the enthusiasm of Apple's most fervent fans, it will likely mean less of a benefit to the bottom line. "I don't think they'll get the upgrade revenue that they did before with Leopard," Gottheil said.

According to the retail market research company NPD Group Inc., Apple easily broke its one-month upgrade revenue record in late 2007 when it launched Leopard that October. Unit sales of Leopard were up 20.5% over its predecessor, Mac OS 10.4, also known as Tiger, when both versions' first-month numbers were compared. Leopard's revenue was up even more: 32.8% higher than Tiger's.

Gottheil doesn't see Apple being able to repeat that performance with the lower-key Snow Leopard. "But then, that's sort of where OS system development is heading, isn't it?" he said, pointing to a similar message coming out of Microsoft Corp. . It has said its next operating system, Windows 7, is no full-fledged revamp, but an update to Vista that focuses on boosting performance.

One way Apple could improve its chances of promoting Snow Leopard would be if it launched the new operating system with a redesigned line of iMacs, as some have speculated. "There's been talk of Apple using quad-core processors in the iMac," Gottheil acknowledged, referring to reports by other analysts, primarily Shaw Wu of Kaufman Brothers, who has recently speculated that Apple will soon refresh its main desktop line.

"Apple might have the two [Snow Leopard and iMacs] ready at the same time, although they don't necessarily have to," said Gottheil. Instead, Apple could launch a line of more powerful desktops sooner, including models with quad-core processors or more powerful graphics processors, then later in the year roll out Mac OS 10.6 and promote it as the OS that takes advantage of the new hardware.

Snow Leopard will be optimized for multi-core machines -- the company has promised to "squeeze every last drop of power from multi-core systems" -- and will support OpenCL (Open Computing Language) to allow developers to "steal" computing power from the graphics processor and apply it to general, nongraphics tasks.

Apple has been silent in recent months about its plans for rolling out Snow Leopard. Despite predictions it would announce a timetable at last month's Macworld Expo, it failed to do so.

The incredible shrinking operating system

2009-02-09T12:49:00.000-08:00

Windows, Mac OS, and Linux are all getting smaller. What does that mean for you?
From the software concept called JeOS (pronounced "juice"), the Just Enough OS, to hardware concepts like Celio RedFly, an 8-inch screen and keyboard device running applications off a smartphone via a USB or a Bluetooth connection, there are an increasing number of indications that the center of gravity is shifting away from the traditional massive operating systems of the past.

Even the major OS vendors themselves are saying that the next versions of their OS -- Windows 7, Linux in its many distributions, and Mac OS X 10.6, aka Snow Leopard -- are getting a smaller footprint.

There are many reasons for the traditional OS to shrink and for new OSes to start small, but two stand out:

One, a smaller code base is easier to manage and secure than a large one. For example, estimates for Vista's development costs run around $6 billion, and BusinessWeek has estimated that 10,000 employees spent about five years developing it.

Two, a smaller OS can run on a greater variety of devices, and as netbooks, smartphones, and new devices such as the iPod Touch gain traction, the benefit of a smaller OS becomes hard to ignore. Today, Microsoft's Windows Mobile is a separate code base from the desktop Windows, while Apple's iPhone OS is a both a subset of and extension of the Mac OS. In both cases, that adds a lot of work for their companies and for application developers. And it means that customers must support an unwieldy number of operating systems.

What Microsoft, Apple, and the Linux community are up to
"Ideally, we want to see Windows 7 run across a spectrum of hardware: small, standard, or desktop," says James DeBragga, general manager of Windows Consumer Marketing at Microsoft. Apple hasn't said why it wants Mac OS X to use fewer resources, but a common theory is that it wants future iPhones and perhaps netbook or tablet devices to run the same OS as its beefier Macs do.

DeBragga told InfoWorld that Microsoft designed Windows 7 to reduce the overall memory footprint compared with Windows Vista. It did so by reducing the overall number of services running at boot, improving Desktop Windows Manager memory consumption and reducing the memory requirements for features throughout Windows 7. "Users have no patience for a long boot-up or shut-down time," says Dan Kusnetzky, an independent research analyst.

Linux distribution vendors are also slimming down their versions of Linux. Ubuntu, for example, has stripped out MySQL, CUPS (Common Unix Printing Service), e-mail, and LDAP functionality to bring the size of its OS down from about 700MB to 200MB.

And Red Hat, Novell, and Ubuntu have all delivered stripped-down versions of their Linux distros for use in virtual appliances, several of which often run on one physical computer, so footprint becomes a key issue for them. Red Hat's AOS (Application Operating System), for example, lets you run Linux Enterprise Edition apps unmodified in a portable virtual machine. And JeOS -- which Ubuntu, Novell, and others offer -- builds a stack that is "just enough" to support that application by analyzing what APIs and library components need to be called for what functions.

While Apple always plays it close to the vest, it too has stated publicly that the next Mac OS will be smaller: "Taking a break from adding new features, Snow Leopard ... dramatically reduces the footprint of Mac OS X, making it even more efficient for users and giving them back valuable hard drive."

Not everyone is convinced that the traditional OSes will stay small. Tony Meadow, president of Bear River Associates, says that the current OS footprint reductions are all about pruning, such as removing old graphics APIs. But he believes that new capabilities will pull the OSes to keep growing, despite the periodic pruning.

New devices drive need for a much smaller OS
Beyond making the OSes smaller for physical computers and virtual machines, the major platform providers face a new pressure to reduce their OSes' size: the several new classes of devices, from netbooks to smartphones. Netbooks are a good example: Because their hardware resources are much more limited than regular laptops', Microsoft has had to keep Windows XP available for them, since Vista simply can't run on them.

Much of the latest mobile hardware can be run to good advantage on microprocessors and OSes that require less power. The high-tech rumor mill lately has been abuzz about the possibility of a full-size notebook running a smartphone-oriented processor such as ARM's with an embedded version of Linux; such a device would have a battery life of days, not hours. "To an ARM device, a laptop looks like the Hoover Dam in terms of battery life," says Jim Ready, CTO of MontaVista Software.

Dell has already taken a step in this direction with its "BlackTop" Latitude laptop, which can boot into Linux for e-mail, Web access, and document viewing instead of Windows (which you can also boot into for traditional work).

Smartphones such as the Apple iPhone and the Research in Motion BlackBerry are also increasingly providing computerlike capabilities, creating demand for computerlike OSes to run on them. Witness Celio's RedFly, a smartphone terminal that connects to a cellular phone over Bluetooth or a USB. It weighs just 1.4 pounds and features an 8-inch screen and an 8.3-inch keyboard large enough to do real work. RedFly uses the Windows Mobile OS as an operating system, and its users typically work in their browser, often using Web 2.0 applications.

Time for the browser to supplant the OS?
The dependence on the browser, instead of the OS, in such devices has convinced some that the OS should shrink even further, ceding much of its role to the browser.

One of those believers is Philippe Winthrop, a mobile analyst at Strategy Analytics. He says the notion of cloud computing is a major driver behind the movement away from full-featured OSes and toward having critical functions reside in the browser.

For example, the SDK for the hot new Palm OS provides developers with CSS, JavaScript, and XML, all the tools that are used in a modern browser. These tools let developers write applications as widgets that do not require the support of an onboard OS.

Winthrop also says when back-end and front-end services both use the same Web technologies, the need for a powerful OS is reduced.

Tomi Rauste, president of Movial Creative Technologies, a mobile consultancy, picks up on that idea. Rauste believes combining Web technologies obviates the need for application integration at a deeper level. "Using Web technologies to customize a user interface is far easier than using interface technologies where you have to have native coding skills to change the interface," Rauste says.

Of course, Microsoft is not convinced that the browser will take over much of the OS. While there are a number of embedded versions of Windows, including Windows CE and Windows XP Embedded, where hardware designers use only those components needed for their device, DeBragga says he doesn't see the browser taking over most of operating system chores.

It is true that 50 percent of the time a user is in his or her browser, but the browser is not suited to handle the other applications a computer can handle, DeBragga argues. He cites document editing and video editing as example tasks that don't require a browser but do require a powerful operating system.

Bear River's Meadow agrees. While the OS may get smaller and more users will live in their browsers, he says there is still a lot of competitive advantage to having a fully featured OS that does things other operating systems don't. Case in point: "OS X running on the iPhone gives the iPhone incredible power."

But even that legitimate OS dependence is changing, counters Winthrop. He points to Photoshop.com and Photoshop Express, Web versions of the premier photo-editing package Adobe Photoshop. There was a time when no one would have thought that feature-rich Photoshop would ever be a Web 2.0 application, but to a great extent it is now.

For a growing class of users, notes independent analyst Kusnetzky, a device that presents a Web browser, Internet mail, a word processor, and a calendar is more than sufficient for their needs.

It's certain the OS will continue to shrink, in whatever direction
The incredible shrinking of Windows 7, Mac OS X Snow Leopard, and Linux JeOS are no accidents. The OS center of gravity is indeed shifting away from the large do-it-all operating systems to a far more targeted approach.

The reason for these changes by the major vendors is downright Darwinian. All of them realize that they must adapt or die as virtualization, cloud computing, the explosion of unique devices, and the desire for more efficient, less costly operating systems all drive the next generation of business users toward smaller, less costly, and more efficient operating environments.

Identity thieves beat Obama to stimulus package punch

2009-02-07T11:46:00.001-08:00

Although the U.S. government's economic stimulus package hasn't even gotten out of Congress, scammers aren't waiting; they've launched multiple campaigns that tempt users into revealing personal information, a security researcher warned Thursday.

One spam-and-scam example, said Dermot Harnett, a principal researcher with Symantec Corp., poses as a message from the Internal Revenue Service (IRS) , and claims that the recipient qualifies for something called a "Stimulus Payment."

"After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a Stimulus Payment," the bogus e-mail reads. The message then tells the user to download the attached document, supposedly a form that must be submitted to the IRS.

The document, in fact, is an identity stealing tool, said Harnett, that asks the user to provide personal information, much or all of it data that the actual IRS would presumably have on file.

Another stimulus-related spam campaign Harnett has monitored touts "Economic Stimulus Grants," and tempts the unwary with a link that offers fake testimonials. "I found the grant I needed and filled out the forms and sent them in and in about two weeks I received a check in my hand for [US]$100,000," one reads.

"This one takes people to a marketing type of site," said Harnett, "and after it asks them to answer a few questions, including salary range, e-mail address, mailing address and date of birth, it promises to send out a CD that shows you how to claim one of these grants. They're building up their files on people." Another twist: The CD comes with a postage and handling charge, which the scammers use to collect credit card information.

It's no surprise that such spam is circulating, said Harnett. "People often have news alerts set from various organizations, so they expect to see subject lines about the stimulus package," he said, noting that the tactic of using current events is nothing new.

Given that stimulus scams cranked up as long as two weeks ago -- and President Obama 's $900 billion plan isn't slated to come to a vote in the U.S. Senate until later Thursday

Free BlackBerry Downloads: 5 (More) Essential Apps

2009-02-07T11:38:00.000-08:00

If you're anything like me, you spend entirely too much time poring through Web pages and online search engines seeking the latest and greatest free BlackBerry downloads for your Research In Motion (RIM) smartphone. But today's your lucky day. Today, the search stops right here.

Over the past weeks and months, I've worked hard to deliver to you the best free BlackBerry applications the Internet has to offer. I dug up my top picks for free open source BlackBerry apps, the best mobile Twitter apps, and the highest quality BlackBerry Storm software. I even asked RIM's co-CEO and two additional executives for their favorite free BlackBerry software, then delivered the answers directly to you.

This time around, I picked a handful of new apps that promise to vastly improve your BlackBerry's audio experience, help you rapidly browse the Web, manage your online DVD mailing account, find just about anything from anywhere, and even grab screen captures of your device's display without the need for a PC.

Slacker Radio for BlackBerry: Your New Radio is...Your BlackBerry!?!

It's rare, but every once and a while a new BlackBerry application comes along and single-handedly raises the bar for all other mobile apps. The last such piece of software I can remember to fit this description is Viigo, the ultimate mobile RSS reader and lifestyle app. For a long time, Viigo has been my favorite free BlackBerry app, but today, thanks to Slacker Radio for BlackBerry, I'm just not sure anymore.

Slacker Radio for BlackBerry is an easy to use, personal Internet radio app that brings unlimited free music to your RIM smartphone. More than 100 pre-programmed "genre stations" let you listen to a variety of artists and ensembles for as long as you want--or your battery lasts. And the app works well on just about any BlackBerry device running RIM's handheld OS v4.3 or higher and with at least an EDGE or another 2.5G data connection. The app also works over Wi-Fi. (For best results, employ Slacker for BlackBerry on a device running BlackBerry OS 4.5 or higher.)

The best thing about Slacker for BlackBerry? Why, it's free of course--or at least there's a free option. To employ the new app, simply surf on over to Slacker.com using your BlackBerry browser and follow the on-screen download instructions. Once the app's installed, you can either log in to an existing Slacker account or create a new one. You'll have two options for account creation: 1) a free account, which delivers the occasional audio and visual advertisements and lets you skip over songs just six times an hour; and 2) the commercial version, which is available via subscription for US$3.99 a month--$47.88 a year--and doesn't have a limit for song skips or requests.

iPhone and iPod touch, one of its most valuable features is currently restricted to the BlackBerry-specific version: station "caching." The ability to cache, or store, Slacker stations on your BlackBerry's media card means that you can listen to your favorite tunes without wireless connectivity, which makes the app particularly well suited for use during travel. (You must have at least 500MB of free space on your media card to cache Slacker stations.)

And like most BlackBerry apps, it supports multitasking, so you can, say, play a game of BrickBreaker while jamming out to the Beatles on Slacker.

More details on Slacker Radio for BlackBerry can be found online.

Bolt Browser for BlackBerry: Lightning Speed

RIM is a legend in the smartphone space: Its keyboards are inimitable; its "push" e-mail delivery system is the envy of the mobile industry. But the company's browser? That's a whole different story. The BlackBerry browser sucks; it's relatively slow, awkward to use and doesn't always render pages correctly, among other complaints. (The BlackBerry browser on the Storm, in OS v4.7, is a step in the right direction, but still...)

I've offered up free alternatives to the BlackBerry browser in the past -- namely, Opera Mini--but today, there's a new kid on the browser-block: Bolt.
I have a few quibbles with Bolt--it too has problems rendering certain pages; it uses a proxy server, which could be considered a privacy/security risk; and it's still in beta and is a bit unstable. But whatever it lacks in these categories, it makes up for in speed.

Bolt is fast, Fast, FAST; in fact, it's the speediest mobile browser I've ever used. And it employs similar shortcuts to Opera Mini for scrolling, zooming and other page navigation, so it shouldn't take you long to get used to it. And Bitstream, the company that makes Bolt, also says the browser uses one-third of the battery life of comparable mobile browsers.

As mentioned above, Bolt is still in beta testing, and as such, you'll need to request an invite for a free download at this point. But Bolt ought to be hitting the big-time any day now, and you can expect to find a download link on the Bolt website as soon as it does.

(Note: Bolt is not BlackBerry specific and will work on a wide variety of Internet-connected mobile devices.)

SmartFlicks: Netflix for Your BlackBerry

I'm an unabashed film buff; I love movies and DVDs. But it's been quite some time since I stepped foot into a brick and mortar movie rental joint like Blockbuster or Hollywood Video to pick up a flick. I've long been a user of the Netflix DVD mailing service, as the price is right, selection is great and you can't beat the convenience of having movies delivered directly to your door.

I've always wished for more though: Wouldn't it be handy

, and add movies to your online queue whenever, and wherever, you might be. Thanks to Pyxis Mobile and its SmartFlicks app, my wish is now a reality.

The SmartFlicks free BlackBerry app lets you manage and update your NetFlix account from anywhere there's cellular connectivity. You can not only add and remove titles from your movie queue, but also reorder them at any point with no restrictions. You can even add films to your "Instant" queue for future viewing on your TV. (A Netflix compatible DVR, Blu-ray player of other peripheral is required for Instant viewing.)

The free BlackBerry app also offers up-to-date movie news, recommendations for future rentals, a film search feature and "What's Hot" and "Coming Soon" tabs for information on the most popular films and actors at a giving time. And its clean, intuitive user interface makes employing SmartFlicks almost as much fun as watching the movies it helps you procure.

Download SmartFlicks here.

Where for BlackBerry: Your GPS-Based Search Companion

You can find plenty of local search applications for BlackBerry devices -- some free, some not; others GPS-based, others not. One of my early favorites in this category was Beyond411 for BlackBerry. Then there was Poynt. Now there's Where.

What's truly valuable about Where? You can customize it to your own specific needs and tastes: the app uses your phone's built-in--or externally connected--GPS data, along with a set of custom widgets, to let you know what sorts of businesses and establishments are around you at any given time. And you can also use Where to find out information about those specific establishments.

For example, the free Where app comes with widgets for finding gas prices in your area; pinpointing events; locating the nearest Starbucks and digging up local user reviews on Yelp. But that's not all; Where lets users download a variety of additional widgets that provide information on items like local golf courses and the "10 Best" food/travel/hospitality recommendations for specific cities.

Where is available to users of BlackBerry Bold 9000, 8800, Curve and Pearl series devices, though whether or not the app will work on your smartphone depends on your wireless carrier. T-Mobile and Verizon Wireless users appear to be out of luck, for now at least, but AT&T, Boost Mobile, Helio, metroPCS, Sprint and Virgin Mobile customers shouldn't have any issues with Where.

Capture It with On-Device BlackBerry Screen Shots

Have you ever wanted to take a picture of your BlackBerry device's screen, to help a friend with a handheld-related issue or describe a problem of your own to your IT help desk? If so, your days of fiddling with a camera to get a decent shot of your BlackBerry's shiny screen are over.

Thanks to Capture It, a free, on-device application that grabs images of whatever's on your BlackBerry's display and saves them as .jpeg files in your Pictures directory, snapping BlackBerry screen shots couldn't be easier.

First you download and install the app to your device, set it as a device convenience key and you're good to go. (To assign Capture It as a BlackBerry convenience key, launch the Options icon, click Screen/Keyboard, scroll down to the "Convenience Key Opens" section and choose Capture It from one of the corresponding drop-down menus. Finally, hit the Escape key to exit the Screen/Keyboard screen and then save your modifications when prompted.)

Taking BlackBerry screen shot from there is as simple as tapping the corresponding convenience key whenever something you want to capture is on screen. And you can transfer the jpeg files from your BlackBerry to a computer or other device using Bluetooth, USB, e-mail or MMS.

Download Capture It via BlackBerry browser here.