Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
First Radeon HD 8000M GPU Benchmarked
J. Dzhugashvili writes "As Slashdot noted earlier this week, AMD has a new line of mid-range Radeon GPUs aimed at notebooks. The chips are based on the Graphics Core Next microarchitecture, and they're slated to show up in systems early next year. While the initial report was limited to specification details, the first review of the Radeon HD 8790M is now out, complete with benchmark data from the latest games. The 8790M is about 35% smaller than its 7690M predecessor but offers substantially better gaming performance across the board. Impressively, the new chip has similar power draw as the outgoing model under load, and its idle power consumption is slightly lower. Notebook makers should have no problems making the switch. However, it is worth noting that this new mobile GPU exhibits some of the same frame latency spikes observed on desktop Radeons, including in games that AMD itself has sponsored." -
RIM Pays Off Nokia; Patent Dispute Settled
Today Nokia announced an agreement with Research In Motion to resolve all patent legislation between the two. The companies have been fighting over patents for almost a decade, most recently over devices with wireless LAN capabilities. The terms of today's agreement were not disclosed but it involved a one-time payment from RIM as well as ongoing payments. This agreement comes shortly after RIM's announcement that it pulled in $9 million in profit last quarter, down 97% from the $265 million they earned in the same quarter the year before. The company has pinned its hopes on BlackBerry 10, scheduled to launch next month: "So this is RIM at the end of 2012: losing subscribers and revenue, facing significant opponents, but with more cash on hand and at least one long-running lawsuit settled. If nothing else, it means the way is clear for RIM to launch its Hail Mary pass: BlackBerry 10." -
RIM Pays Off Nokia; Patent Dispute Settled
Today Nokia announced an agreement with Research In Motion to resolve all patent legislation between the two. The companies have been fighting over patents for almost a decade, most recently over devices with wireless LAN capabilities. The terms of today's agreement were not disclosed but it involved a one-time payment from RIM as well as ongoing payments. This agreement comes shortly after RIM's announcement that it pulled in $9 million in profit last quarter, down 97% from the $265 million they earned in the same quarter the year before. The company has pinned its hopes on BlackBerry 10, scheduled to launch next month: "So this is RIM at the end of 2012: losing subscribers and revenue, facing significant opponents, but with more cash on hand and at least one long-running lawsuit settled. If nothing else, it means the way is clear for RIM to launch its Hail Mary pass: BlackBerry 10." -
Net Neutrality Bill Aimed At ISP Data Caps Introduced In US Senate
New submitter Likes Microsoft writes "Yesterday, Senator Ron Wyden (D-Oregon) introduced a Net Neutrality bill aimed at ISPs using data caps soley for profiteering purposes, rather than the 'traffic management' purpose they often claim. The text of the bill is available at Wyden's Senate page. It would require ISPs to be certified by the FCC before implementing data caps. It says, in part, 'The [FCC] shall evaluate a data cap proposed by an Internet service provider to determine whether the data cap functions to reasonably limit network congestion in a manner that does not unnecessarily discourage use of the Internet.' In a statement, Wyden said, 'Americans are increasingly tethered to the Internet and connecting more devices to it, but they don’t really have the tools to effectively manage data consumption across their networks. Data caps create challenges for consumers and run the risk of undermining innovation in the digital economy if they are imposed bluntly and not designed to truly manage network congestion.'" -
Apple Kills a Kickstarter Project - Updated
Nerdfest writes "Venturebeat is reporting that a successfully funded Kickstarter project for a portable phone charger that works with both Apple and Android devices has been canceled because Apple wouldn't let the creators license its Lightning connector. Quoting: 'Edison Junior, the technology and design lab behind the POP portable power station, is returning the full $139,170 in funding it received from Kickstarter backers to develop the device. Unfortunately, Apple has refused to give the project permission to license the Lightning charger in a device that includes multiple charging options. ... "We didn’t get a yes or a no up front," Siminoff said. "But as we kept going back and forth it was clear that it was getting harder. Then, when we saw that they weren’t even going to allow a Lightning connector and a 30-pin connector together, we knew it was over." He also said that, while Apple is a private company and can do whatever it wishes, it should watch out. "When you do things that are bad for the customer I think it will be bad for them.”''" Update: 12/21 22:16 GMT by S : Apple has relented. A spokesman for the company told Ars, "Our technical specifications provide clear guidelines for developing accessories and they are available to MFi licensees for free. We support accessories that integrate USB and Lightning connectors, but there were technical issues that prevented accessories from integrating 30-pin and Lightning connectors so our guidelines did not allow this. We have been working to resolve this and have updated our guidelines to allow accessories to integrate both 30-pin and Lightning connectors to support charging." -
iOS 6 Adoption Rates Soar Following Google Maps Release
redletterdave writes "The Dec. 12 reinstatement of Google Maps on iOS has apparently been enough for some of those reluctant users to finally make the upgrade to iOS 6. According to MoPub, the San Francisco-based mobile ad exchange that monitors more than 1 billion ad impressions a day and supports more than a dozen ad networks and 12,000 apps, there has been a 29 percent increase in unique iOS 6 users in the past five days following Google Maps' release on iOS. In fact, MoPub reports a 13 percent increase in iOS 6 users from last Monday to Wednesday alone, which would mean that nearly half of the converts to iOS 6 in the past week switched the very moment Google Maps' standalone app hit the App Store." -
Why Google Hired Ray Kurzweil
An anonymous reader writes "Nataly Kelly writes in the Huffington Post about Google's strategy of hiring Ray Kurzweil and how the company likely intends to use language translation to revolutionize the way we share information. From the article: 'Google Translate is not just a tool that enables people on the web to translate information. It's a strategic tool for Google itself. The implications of this are vast and go beyond mere language translation. One implication might be a technology that can translate from one generation to another. Or how about one that slows down your speech or turns up the volume for an elderly person with hearing loss? That enables a stroke victim to use the clarity of speech he had previously? That can pronounce using your favorite accent? That can convert academic jargon to local slang? It's transformative. In this system, information can walk into one checkpoint as the raucous chant of a 22-year-old American football player and walk out as the quiet whisper of a 78-year-old Albanian grandmother.'" -
30 Days Is Too Long: Animated Rant About Windows 8
First time accepted submitter Funksaw writes "Back in 2007, I wrote three articles on Ubuntu 6, Mac OS X 10.4, and Windows Vista, which were all featured on Slashdot. Now, with the release of Windows 8, I took a different tactic and produced an animated video. Those expecting me to bust out the performance tests and in-depth use of the OS are going to be disappointed. While that was my intention coming into the project, I couldn't even use Windows 8 long enough to get to the in-depth technical tests. In my opinion, Windows 8 is so horribly broken that it should be recalled." -
30 Days Is Too Long: Animated Rant About Windows 8
First time accepted submitter Funksaw writes "Back in 2007, I wrote three articles on Ubuntu 6, Mac OS X 10.4, and Windows Vista, which were all featured on Slashdot. Now, with the release of Windows 8, I took a different tactic and produced an animated video. Those expecting me to bust out the performance tests and in-depth use of the OS are going to be disappointed. While that was my intention coming into the project, I couldn't even use Windows 8 long enough to get to the in-depth technical tests. In my opinion, Windows 8 is so horribly broken that it should be recalled." -
30 Days Is Too Long: Animated Rant About Windows 8
First time accepted submitter Funksaw writes "Back in 2007, I wrote three articles on Ubuntu 6, Mac OS X 10.4, and Windows Vista, which were all featured on Slashdot. Now, with the release of Windows 8, I took a different tactic and produced an animated video. Those expecting me to bust out the performance tests and in-depth use of the OS are going to be disappointed. While that was my intention coming into the project, I couldn't even use Windows 8 long enough to get to the in-depth technical tests. In my opinion, Windows 8 is so horribly broken that it should be recalled." -
GarageGames Starts IndieGoGo Campaign To Port Torque 3D To Linux
Open source (as Torque 3D recently became) is one thing; cross-platform is another. Now, reader iamnothing writes "GarageGames is heading to IndieGoGo to port Torque 3D to Linux. The campaign is centered around hiring a dedicated developer or team to port Torque 3D to Linux. The primary target is Ubuntu 32bit with other flavors of Linux as stretch goals. All work will be done in the public eye under our Github repository under the MIT license." -
Book Review: Terrible Nerd
tgeller writes "It's hard to believe that today's nerdier children will one day bore their grandkids with stories of primitive mobile access, household robotics, and 3-D printers. Some will become rich and famous by latching onto tomorrow's winners; others will find themselves irrelevant as the objects of their obsessions fail in the marketplace. But all with the energy to remember will come away with stories from the dawn of creation. One such witness is Kevin Savetz, a 41-year-old technology journalist and entrepreneur whose new book Terrible Nerd recounts 'true tales of growing up geek' during the '80s computer revolution. It's a rich chronicle that deftly mixes details of his beloved technologies with the zeitgeist a particular time and space. As such, it's an entertaining read for technologists and non-techies alike." Keep reading for the rest of tgeller's review. Terrible Nerd author Kevin Savetz pages 256 pages publisher Savetz Publishing rating 7/10 reviewer Tom Geller ISBN 978-1939169006 summary Kevin Savetz' biography of personal computing, gaming, and online adventures as a child in the '80s Savetz' background was a perfect storm of nerd-incubation factors. Suburban, Californian, white, middle class, and with a statistically improbable number of engineers in the family, he suffered through "special" gym classes and illnesses that drove him further into indoor pursuits. The family's first "computer" appeared around late 1976 in the form of a Fairchild Channel F video game — the first to use ROM cartridges. It was followed by an Intellivision in 1981 before Savetz gained access to his first "real" computer a few months later: an Atari 800 at his father's house, available to him only on bi-weekly visits.
As the Atari opens Savetz' world, Terrible Nerd traces his progress into a computer-geek community that existed even then. Between epic sessions playing text adventures (like Zork) and 8-bit classics (like M.U.L.E.), he discovered programming, software trading and, ultimately, modem-connected bulletin-board systems (BBSes). This, I think, is where the book is at its most interesting: it charts not only the nascent technology, but also a young man's blossoming into an engaged, social animal.
Not that the book is short on personal insights elsewhere. Overall, Savetz does a good job interweaving technology, personal development, and his feelings at the time. It's certainly a personal book, and the author isn't afraid to come off as the bad guy once in a while. He admits to sundry misdeeds, including piracy (ubiquitous then), hacking, forgery, and even rigging a church raffle. But he also shines light on the turbulence of adolescence, from a rocky relationship with his stepfather, to a deceitful boss, to an attempted molestation by a family friend who'd given him a valuable package of software.
In this way, it's far more readable than purely technical histories, such as Peter Salus' otherwise fascinating Casting the Net: From ARPANET to INTERNET and beyond . I would have liked greater cohesion among the stories, though — a story arc, a sense that they were all driving toward something bigger. Without a crystal ball, one doesn't have that sense of purpose at the time; but as this was written in retrospect, he could have done more to tie it all together.
On the other hand, one can't fault the author's dedication to recording details of this time — a venture he nobly continues through sites such as atariarchives.org and Classic Computer Magazine Archives. Given his archivist's heart, it's surprising that the book didn't include a much-needed index.
For me, Terrible Nerd started to slow a bit when Savetz related his college experience in the late '80s. Admittedly, this sense of detachment is partly for personal reasons: my own involvement in computers died down for a few years then, so tales of the IBM PC XT and such awoke no memories. Perhaps those years were just not as technologically interesting, as "hobbyist" computers disappeared, and the focus moved from the family den to the office. Or perhaps adulthood is intrinsically less dramatic than adolescence. In any case, this period of the book is not without its great stories, such as the author's accidental denial-of-service flood that shut down Europe's internet connection, or his involvement with the famous multi-user LambdaMOO. (I regretted that he didn't comment on the attention that that MOO got, first from a notable 1994 Wired article, then from the 1999 book My Tiny Life.)
Around then, his longstanding interest in writing and journalism started to pay off. Advice from established computer journalist John C. Dvorak and a lead from war reporter (and fellow MOO-er) Jacques Leslie led him to his first gig with MicroTimes. That led to many other jobs, including a lucrative position as America Online's "AnswerMan" (for a cut of the service's substantial hourly fees). Writing a FAQ on internet faxing got him into entrepreneurship with FaxZero.com and several other endeavors, and he took part in founding an early community internet service provider (ISP). He continues to write, and to oversee several online businesses, to this day.
Like most personal narratives, Terrible Nerd has its slow moments — some phases of one's life just aren't as interesting as others. And unlike the best of them, it lacks an overriding theme beyond "It was cool to be a computer kid in the '80s!". But that was enough to keep me hooked. For those of us who shared that time and space, it's well-presented nostalgia; for those coming up now, it's a roadmap for enjoying emerging technologies in today's time and space.
You can purchase Terrible Nerd from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Terrible Nerd
tgeller writes "It's hard to believe that today's nerdier children will one day bore their grandkids with stories of primitive mobile access, household robotics, and 3-D printers. Some will become rich and famous by latching onto tomorrow's winners; others will find themselves irrelevant as the objects of their obsessions fail in the marketplace. But all with the energy to remember will come away with stories from the dawn of creation. One such witness is Kevin Savetz, a 41-year-old technology journalist and entrepreneur whose new book Terrible Nerd recounts 'true tales of growing up geek' during the '80s computer revolution. It's a rich chronicle that deftly mixes details of his beloved technologies with the zeitgeist a particular time and space. As such, it's an entertaining read for technologists and non-techies alike." Keep reading for the rest of tgeller's review. Terrible Nerd author Kevin Savetz pages 256 pages publisher Savetz Publishing rating 7/10 reviewer Tom Geller ISBN 978-1939169006 summary Kevin Savetz' biography of personal computing, gaming, and online adventures as a child in the '80s Savetz' background was a perfect storm of nerd-incubation factors. Suburban, Californian, white, middle class, and with a statistically improbable number of engineers in the family, he suffered through "special" gym classes and illnesses that drove him further into indoor pursuits. The family's first "computer" appeared around late 1976 in the form of a Fairchild Channel F video game — the first to use ROM cartridges. It was followed by an Intellivision in 1981 before Savetz gained access to his first "real" computer a few months later: an Atari 800 at his father's house, available to him only on bi-weekly visits.
As the Atari opens Savetz' world, Terrible Nerd traces his progress into a computer-geek community that existed even then. Between epic sessions playing text adventures (like Zork) and 8-bit classics (like M.U.L.E.), he discovered programming, software trading and, ultimately, modem-connected bulletin-board systems (BBSes). This, I think, is where the book is at its most interesting: it charts not only the nascent technology, but also a young man's blossoming into an engaged, social animal.
Not that the book is short on personal insights elsewhere. Overall, Savetz does a good job interweaving technology, personal development, and his feelings at the time. It's certainly a personal book, and the author isn't afraid to come off as the bad guy once in a while. He admits to sundry misdeeds, including piracy (ubiquitous then), hacking, forgery, and even rigging a church raffle. But he also shines light on the turbulence of adolescence, from a rocky relationship with his stepfather, to a deceitful boss, to an attempted molestation by a family friend who'd given him a valuable package of software.
In this way, it's far more readable than purely technical histories, such as Peter Salus' otherwise fascinating Casting the Net: From ARPANET to INTERNET and beyond . I would have liked greater cohesion among the stories, though — a story arc, a sense that they were all driving toward something bigger. Without a crystal ball, one doesn't have that sense of purpose at the time; but as this was written in retrospect, he could have done more to tie it all together.
On the other hand, one can't fault the author's dedication to recording details of this time — a venture he nobly continues through sites such as atariarchives.org and Classic Computer Magazine Archives. Given his archivist's heart, it's surprising that the book didn't include a much-needed index.
For me, Terrible Nerd started to slow a bit when Savetz related his college experience in the late '80s. Admittedly, this sense of detachment is partly for personal reasons: my own involvement in computers died down for a few years then, so tales of the IBM PC XT and such awoke no memories. Perhaps those years were just not as technologically interesting, as "hobbyist" computers disappeared, and the focus moved from the family den to the office. Or perhaps adulthood is intrinsically less dramatic than adolescence. In any case, this period of the book is not without its great stories, such as the author's accidental denial-of-service flood that shut down Europe's internet connection, or his involvement with the famous multi-user LambdaMOO. (I regretted that he didn't comment on the attention that that MOO got, first from a notable 1994 Wired article, then from the 1999 book My Tiny Life.)
Around then, his longstanding interest in writing and journalism started to pay off. Advice from established computer journalist John C. Dvorak and a lead from war reporter (and fellow MOO-er) Jacques Leslie led him to his first gig with MicroTimes. That led to many other jobs, including a lucrative position as America Online's "AnswerMan" (for a cut of the service's substantial hourly fees). Writing a FAQ on internet faxing got him into entrepreneurship with FaxZero.com and several other endeavors, and he took part in founding an early community internet service provider (ISP). He continues to write, and to oversee several online businesses, to this day.
Like most personal narratives, Terrible Nerd has its slow moments — some phases of one's life just aren't as interesting as others. And unlike the best of them, it lacks an overriding theme beyond "It was cool to be a computer kid in the '80s!". But that was enough to keep me hooked. For those of us who shared that time and space, it's well-presented nostalgia; for those coming up now, it's a roadmap for enjoying emerging technologies in today's time and space.
You can purchase Terrible Nerd from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Makerbot Cracks Down On 3D-Printable Gun Parts
Sparrowvsrevolution writes in with a story at Forbes about Makerbot deleting gun component blueprints on Thingiverse. "In the wake of the Newtown, Connecticut shootings, the 3D-printing firm Makerbot has deleted a collection of blueprints for gun components from Thingiverse, its popular user-generated content website that hosts 3D-printable files. Though Thingiverse has long banned designs for weapons and their components in its terms of service, it rarely enforced the rule until the last few days, when the company's lawyer sent notices to users that their software models for gun parts were being purged from the site. Gun control advocates were especially concerned about the appearance of lower receivers for semi-automatic weapons that have appeared on Thingiverse. The lower receiver is the the 'body' of a gun, and its most regulated component. So 3D-printing that piece at home and attaching other parts ordered by mail might allow a lethal weapon to be obtained without any legal barriers or identification. Makerbot's move to delete those files may have been inspired in part by a group calling itself Defense Distributed, which announced its intention to create an entirely 3D-printable gun in August and planned to potentially upload it to Thingiverse. Defense Distributed says it's not deterred by Makerbot's move and will host the plans on its own site." -
TI-84+C-Silver Edition: That C Stands For Color
skade88 writes "Do you remember those large TI-8X line of calculators with a BW display from when you were growing up and learning all about math? Yeah well, you can still get them because TI has yet to update or change their line of TI-8X calculators from their 96x64 display, processors designed in the 1980s with just a few kilobytes of user accessible memory. They still cost in the $100.00 to $150.00 range. That is all about to change now that the TI-8X line of calculators is 22 years old. Their new TI-84+C-Silver edition will come with a 320x240 16-bit color display, 3.5MB of flash ROM, and 21KB of RAM. Ars has a good preview of the device along with speculation on why it took so so so very long for TI to finally bring calculators up to a level of technology that could have been delivered a decade ago."Last month some photos and a few details of the new TI-84+C were leaked. -
KDE Software Compilation 4.10 RC1 Released
jrepin writes "Today KDE released the first release candidate for its renewed Workspaces, Applications, and Development Platform. Thanks to the feedback from the betas, KDE already improved the quality noticeably. Further polishing new and old functionality will lead to a rock-stable, fast and beautiful release in January, 2013. One particular change in this RC is an updated look to Plasma workspaces." -
Property Rights In Space?
ATKeiper writes "A number of companies have announced plans in the last couple of years to undertake private development of space. There are asteroid-mining proposals backed by Larry Page and Eric Schmidt, various moon-mining proposals, and, announced just this month, a proposed moon-tourism venture. But all of these — especially the efforts to mine resources in space — are hampered by the fact that existing treaties, like the Outer Space Treaty, seem to prohibit private ownership of space resources. A new essay in The New Atlantis revisits the debates about property rights in space and examines a proposal that could resolve the stickiest treaty problems and make it possible to stake claims in space." -
Kodak Patents Sold for $525 Million
An anonymous reader writes "Intellectual Ventures and RPX Rational Patent, two companies frequently referred to as patent trolls, have snapped up the troubled Kodak company's imaging patents. Bloomberg reports that Kodak has agreed to sell the patent portfolio for $525 million, despite previous valuations of over $2 billion." New submitter speedplane adds "How many stories have we read hating on the biggest patent troll of them all? Finally we see Intellectual Ventures making their case in a Wired op-ed, filled with everything you would would expect from a company suing the tech world on thousands of dubious patents: '...the system needs intermediaries within the market — companies like Intellectual Ventures — to help sift through and navigate the published landscape. By developing focused expertise, these patent licensing entities and intermediaries can function as patent aggregators, assembling portfolios of relevant inventions and providing access through licensing.' And my favorite gem: 'Ultimately, the users of those products — you — are the ones who benefit.'" -
Kodak Patents Sold for $525 Million
An anonymous reader writes "Intellectual Ventures and RPX Rational Patent, two companies frequently referred to as patent trolls, have snapped up the troubled Kodak company's imaging patents. Bloomberg reports that Kodak has agreed to sell the patent portfolio for $525 million, despite previous valuations of over $2 billion." New submitter speedplane adds "How many stories have we read hating on the biggest patent troll of them all? Finally we see Intellectual Ventures making their case in a Wired op-ed, filled with everything you would would expect from a company suing the tech world on thousands of dubious patents: '...the system needs intermediaries within the market — companies like Intellectual Ventures — to help sift through and navigate the published landscape. By developing focused expertise, these patent licensing entities and intermediaries can function as patent aggregators, assembling portfolios of relevant inventions and providing access through licensing.' And my favorite gem: 'Ultimately, the users of those products — you — are the ones who benefit.'" -
Kodak Patents Sold for $525 Million
An anonymous reader writes "Intellectual Ventures and RPX Rational Patent, two companies frequently referred to as patent trolls, have snapped up the troubled Kodak company's imaging patents. Bloomberg reports that Kodak has agreed to sell the patent portfolio for $525 million, despite previous valuations of over $2 billion." New submitter speedplane adds "How many stories have we read hating on the biggest patent troll of them all? Finally we see Intellectual Ventures making their case in a Wired op-ed, filled with everything you would would expect from a company suing the tech world on thousands of dubious patents: '...the system needs intermediaries within the market — companies like Intellectual Ventures — to help sift through and navigate the published landscape. By developing focused expertise, these patent licensing entities and intermediaries can function as patent aggregators, assembling portfolios of relevant inventions and providing access through licensing.' And my favorite gem: 'Ultimately, the users of those products — you — are the ones who benefit.'" -
UK Pirate Party Forced To Give Up Legal Fight
Grumbleduke writes "The UK Pirate Party has been forced to shut down its proxy of The Pirate Bay. The Party had been running the proxy since April, initially to support the Dutch Party's efforts, then as a means of combating censorship after the BPI obtained uncontested court orders against the UK's main ISPs to block the site across the UK. In a statement released through their lawyers, the Party cited the impossibly-high costs of legal action for their decision, but vowed to keep fighting for digital rights however they can." -
Chilling Guidelines Issued For UK Communications Act Enforcement
From El Reg comes word that interim guidelines have been issued for prosecutions under the UK Communications Act that have landed a few folks in jail for offensive speech: "Keir Starmer QC published this morning his interim guidelines for crown prosecutors that demanded a more measured approach to tackling trolling on the Internet. ... 'A prosecution is unlikely to be in the public interest if the communication is swiftly removed, blocked, not intended for a wide audience or not obviously beyond what could conceivably be tolerable or acceptable in a diverse society which upholds and respects freedom of expression. The interim guidelines thus protect the individual from threats or targeted harassment while protecting the expression of unpopular or unfashionable opinion about serious or trivial matters, or banter or humour, even if distasteful to some and painful to those subjected to it.'" -
Newest Gov't Tracking Threat: Cell-Site Data Without a Warrant
An anonymous reader writes "Earlier this year, the Supreme Court put an end to warrantless GPS tracking. Now, federal prosecutors are trying to get similar data from a different source. A U.S. District Judge has ruled that getting locational data from cell towers in order to track suspects is just fine. '[Judge Huvelle] sidestepped the Fourth Amendment argument and declined to analyze whether the Supreme Court's ruling in Jones' case has any bearing on whether cell-site data can be used without a warrant. Instead, she focused on a doctrine called the "good-faith exemption," in which evidence is not suppressed if the authorities were following the law at the time. The data in Jones' case was coughed up in 2005, well before the Supreme Court's ruling on GPS. "The court, however, need not resolve this vexing question of Fourth Amendment jurisprudence, since it concludes that the good-faith exception to the exclusionary rule applies," (.PDF) she wrote. ... With that, prosecutors are legally in the clear to use Jones’ phone location records without a warrant.'" -
How Much Are You Worth To an Online Lead-Gen Site?
jfruh writes "You may remember the tale of the blogger who found that an infographic he'd put on his site was the front end of an SEO spam job. Well, he's since followed the money to figure out just who's behind this maneuver: the for-profit college industry. He discovered that the contact info of someone who expresses interest in online degree programs can be worth up to $250 to an industry with a particularly sleazy reputation." -
Google Brings the Dead Sea Scrolls To the Digital Age
skade88 writes "Google has been working to bring many old manuscripts to the internet at high resolution for all to see. From their announcement: 'A little over a year ago, we helped put online five manuscripts of the Dead Sea Scrolls—ancient documents that include the oldest known biblical manuscripts in existence. Written more than 2,000 years ago on pieces of parchment and papyrus, they were preserved by the hot, dry desert climate and the darkness of the caves in which they were hidden. The Scrolls are possibly the most important archaeological discovery of the 20th century. Today, we're helping put more of these ancient treasures online. The Israel Antiquities Authority is launching the Leon Levy Dead Sea Scrolls Digital Library, an online collection of some 5,000 images of scroll fragments, at a quality never seen before.'" -
Instagram: We Won't Sell Your Photos
hugheseyau writes "Earlier, we discussed news that Instagram introduced a new version of their Privacy Policy and Terms of Service that will take effect in thirty days. The changes seemed to allow Instagram to sell users' photos, and many users were upset. Instagram now says 'it is not our intention to sell your photos' and that 'users own their content and Instagram does not claim any ownership rights over your photos.' This is good news for Instagram users." And so closes another chapter of "We Let Lawyers Write a Legal Document and The Internet Freaked Out." -
Pentaho and Jaspersoft: Good Alternatives To Bigger-Name Software?
Nerval's Lobster writes "Jeff Cogswell, the developer who recently offered a 'gentle' rant about the current state of software development and installers, returns with a comparison of two players in the open-source BI space, Pentaho and Jaspersoft. 'If you believe the hype, the business-intelligence tools offered by some of the world's largest software companies also pack a substantial punch,' he writes. 'But these systems are often difficult to install and maintain, not to mention downright expensive. Small and medium-sized businesses typically can't afford software platforms that cost upwards of several hundred thousand dollars, but that doesn't mean they're cut off from BI tools in general. In fact, there are some decent open-source options.'" -
Instagram Wants To Sell Users' Photos Without Notice
DavidGilbert99 writes "Many Instagram users have reacted angrily to a proposed change to the apps terms of service by owner Facebook, which would give the social network 'perpetual' rights to all photos on Instagram, allowing it to sell the photos to advertisers without notice — or payment to the user. The new policy will come into effect on 16 January, just four months after Facebook completed its $1bn acquisition of Instagram. It states that Facebook has a right to distribute any content posted on Instagram without paying the user royalties:" Also worth reading Declan McCullagh's take on it. -
Gmail Drops Support for Connecting To Pop3 Servers With Self -Signed Certs
DECula writes "In a move not communicated to its users beforehand, Google's Gmail servers were reconfigured to not connect to remote pop3 servers that have self-signed certificates, leaving folks with unencrypted connections, or no service when getting email from other services. Not good for the small folks. One suggestion was to allow placing the public keys on Google's side in the user configuration. That would be a heck of a lot better than just dropping users into never never land." Apparently, "valid" now means "paid someone Google approves to sign the certificate." It's not like commercial CAs have the best security track record either. -
Wozniak's Predictions For 2013: the Data Center, Mobility and Beyond
Nerval's Lobster writes "Tech icon Steve Wozniak has come forward with several predictions for 2013, with data center technologies an important part of the list. Wozniak's predictions are based on a series of conversations he had recently with Brett Shockley, senior vice president and general manager of applications and emerging technologies at Avaya. They trace an arc from the consumer space up through the enterprise, with an interesting take on the BYOD phenomenon: Woz believes that mobile devices will eventually become the 'remote controls,' so to speak, of the world. Although he's most famous as the co-founder of Apple, Wozniak currently serves as chief scientist at Fusion-io, a manufacturer of enterprise flash storage for data centers and other devices." -
Wozniak's Predictions For 2013: the Data Center, Mobility and Beyond
Nerval's Lobster writes "Tech icon Steve Wozniak has come forward with several predictions for 2013, with data center technologies an important part of the list. Wozniak's predictions are based on a series of conversations he had recently with Brett Shockley, senior vice president and general manager of applications and emerging technologies at Avaya. They trace an arc from the consumer space up through the enterprise, with an interesting take on the BYOD phenomenon: Woz believes that mobile devices will eventually become the 'remote controls,' so to speak, of the world. Although he's most famous as the co-founder of Apple, Wozniak currently serves as chief scientist at Fusion-io, a manufacturer of enterprise flash storage for data centers and other devices." -
Call for Questions: Rasterman, Founder of the Enlightenment Project
Since before all other interfaces, Enlightenment has been making computers look and feel like they're from the future. On December 21, the decade long effort to rewrite Enlightenment will see the first officially stable release. With e17 a few days away, project founder and master of X11 graphics hacking Carsten Haitzler (the Rasterman) has agreed to answer your questions. Ask as many questions as you like, but only one per post please. -
IBM Predicts the Next 5 Years of Computing
SternisheFan writes "Shaun McGlaun of Slashgear writes: IBM has offered up its annual list of five innovations that will change our lives within five years. IBM calls the list the 'IBM 5 in 5.' The list covers innovations that IBM believes that the potential change the way people work, live, and interact over the next five years. The five innovations IBM lists this year include touch, sight, hearing, taste, and smell. " -
New Call For Turing Pardon
mikejuk writes "As 2012, Alan Turing Year, draws to close a group of highly regarded UK scientists, including Professor Stephen Hawking, have repeated the call for a posthumous pardon for Turing's criminal conviction in a letter to the Telegraph. The letter has re-opened the debate, which is controversial even for those who support the idea that Turing was treated in an unfair and appalling way, was formally acknowledged by the UK Prime Minister Gordon Brown in 2009 when he apologized for the treatment Turing had received. In February Justice Minister Lord McNally rebuffed a 23,000 signature petition for a pardon saying: 'A posthumous pardon was not considered appropriate as Alan Turing was properly convicted of what at the time was a criminal offense.'" -
Cisco Rumored To Be Selling Linksys
New submitter drdread66 writes "Cisco seems to be giving up on another technology acquisition. Hot on the heels of a full writedown for shuttering Flip Video, Cisco is now looking at another potentially huge loss from unloading Linksys." -
Cisco Rumored To Be Selling Linksys
New submitter drdread66 writes "Cisco seems to be giving up on another technology acquisition. Hot on the heels of a full writedown for shuttering Flip Video, Cisco is now looking at another potentially huge loss from unloading Linksys." -
WW2 Pigeon Code Decrypted By Canadian?
Albanach writes "At the start of November Slashdot reported the discovery of a code, thought to be from the Second World War, found attached to the leg of a pigeon skeleton located in an English chimney. Now a Canadian by the name of Gord Young claims to have deciphered the message in less than 20 minutes. He believes that the message is comprised mostly of acronyms." -
Views of the Asteroid Toutatis, From Earth As Well As Close-Up
When Chinese probe Chang'e buzzed the asteroid Toutatis, it wasn't the only one watching. NASA's observatory in Goldstone, CA was taking radar images, which have now been assembled into a short (40-second) animation. The craft was recording the encounter, too, as reported by Sky & Telescope, which also gives a good summary of the history behind Chang'e's mission. -
Google+ Chief Grounded From Twitter By Larry Page
theodp writes "Vic Gundotra, formerly Sr. VP of Social (and now, of Engineering) at Google, and head of the company's social networking service Google+, hasn't posted anything on his Twitter account since July 2011. Why? Responding to a question about his own social networking behavior at SMX 2012, Gundotra explained that he was asked by Google CEO Larry Page not to tweet anymore. 'I was asked not to tweet again.' Gundotra said (video). 'I was asked not to do that by my boss [Page]. I tweeted a tweet about two companies [Microsoft, Nokia] that went viral, went very very viral and made a lot of headline news.' So, what does it say when the Google CEO who reportedly tied all Googlers' bonuses to social networking apparently finds it too dangerous to permit the head of Google+ to participate in social networking?" -
China's ZTE and Huawei Join the German Patent Fray
An anonymous reader writes "Germany has pretty much become the new Eastern District of Texas, the world's most popular patent battleground. After Apple, Samsung and Motorola, the Chinese are now going to Germany as well to sort out their domestic patent squabbles. Huawei and ZTE, arguably the People's Republic's leading wireless tech companies, started suing each other in April last year. On Friday the Mannheim Regional Court held a Huawei vs. ZTE hearing, reports a local patent watcher. Huawei says ZTE infringes a 4G/LTE handover patent and wants its rival's base stations and USB modem sticks banned in Germany. More clashes between the two are coming up in the same court and in other places in Europe, including France." -
China's ZTE and Huawei Join the German Patent Fray
An anonymous reader writes "Germany has pretty much become the new Eastern District of Texas, the world's most popular patent battleground. After Apple, Samsung and Motorola, the Chinese are now going to Germany as well to sort out their domestic patent squabbles. Huawei and ZTE, arguably the People's Republic's leading wireless tech companies, started suing each other in April last year. On Friday the Mannheim Regional Court held a Huawei vs. ZTE hearing, reports a local patent watcher. Huawei says ZTE infringes a 4G/LTE handover patent and wants its rival's base stations and USB modem sticks banned in Germany. More clashes between the two are coming up in the same court and in other places in Europe, including France." -
Marijuana Prosecution Not a High Priority, Says Obama
Hugh Pickens writes "VOA reports that President Obama says it does not make sense for federal authorities to seek prosecution of recreational marijuana users in states where such use is legal. 'As it is, you know, the federal government has a lot to do when it comes to criminal prosecutions,' said Obama during a television interview with ABC's Barbara Walters. 'It does not make sense from a prioritization point of view for us to focus on recreational drug users in a state that has already said that, under state law, that's legal.' When asked if he supported legalizing marijuana, the president said he was not endorsing that. 'I wouldn't go that far, but what I think is that, at this point, Washington and Colorado, you've seen the voters speak on this issue.'" -
Automation Is Making Unions Irrelevant
dcblogs writes "Michigan lawmakers just approved a right-to-work law in an effort to dismantle union power, but unions are already becoming irrelevant. The problem with unions is they can't protect jobs. They can't stop a company from moving jobs overseas, closing offices, or replacing workers with machines. Indeed, improvements in automation is making the nation attractive again for manufacturing, according to U.S. intelligence Global Trends 2030 report. The trends are clear. Amazon spent $775 million this year to acquire a company, Kiva Systems that makes robots used in warehouses. Automation will replace warehouse workers, assembly-line and even retail workers. In time, Google's driverless cars will replace drivers in the trucking industry. Unions sometimes get blamed for creating uncompetitive environments and pushing jobs overseas. But the tech industry, which isn't unionized, is a counterpoint. Tech has been steadily moving jobs overseas to lower costs." -
Will Tablets Kill Off e-Readers?
Nerval's Lobster writes "Are e-readers doomed? A research note earlier this week from IHS iSuppli suggested that, after years of solid growth, the e-book reader market was 'on an alarmingly precipitous decline' thanks to the rise of tablets. The firm suggested that e-reader sales had declined from 23.2 million units in 2011 to 14.9 million this year — around 36 percent, in other words. The note blames tablets: 'Single-task devices like the ebook are being replaced without remorse in the lives of consumers by their multifunction equivalents, in this case by media tablets.' Even Amazon and Barnes & Noble, the reigning champs of the e-reader marketplace, have increasingly embraced full-color tablets as the best medium for selling their digital products. Backed by enormous cloud-based libraries that offer far more than just e-books, these devices are altogether more versatile than grayscale e-readers, provided their users want to do more than just read plain text." -
Why The Hobbit's 48fps Is a Good Thing
An anonymous reader writes "Last year, when we discussed news that The Hobbit would be filmed at 48 frames per second, instead of the standard 24, many were skeptical that format would take hold. Now that the film has been released, an article at Slate concedes that it's a bit awkward and takes a while to get used to, but ends up being to the benefit of the film and the entire industry as well. 'The 48 fps version of The Hobbit is weird, that's true. It's distracting as hell, yes yes yes. Yet it's also something that you've never seen before, and is, in its way, amazing. Taken all together, and without the prejudice of film-buffery, Jackson's experiment is not a flop. It's a strange, unsettling success. ... It does not mark the imposition from on high of a newer, better standard — one frame rate to rule them all (and in the darkness bind them). It's more like a shift away from standards altogether. With the digital projection systems now in place, filmmakers can choose the frame rate that makes most sense for them, from one project to the next.'" -
No Charges In UK For Gary McKinnon
clickclickdrone sends this news from the BBC: "Computer hacker Gary McKinnon, who is wanted in the U.S., will not face charges in the U.K., the Crown Prosecution Service has said. Director of Public Prosecutions Keir Starmer QC said the chances of a successful conviction were 'not high.' He announced the decision some three months after Home Secretary Theresa May stopped the extradition. Mr. McKinnon, 46, admits accessing U.S. government computers but says he was looking for evidence of UFOs. The U.S. authorities tried to extradite him to face charges of causing $800,000 (£487,000) to military computer systems and he would have faced up to 60 years in prison if convicted." -
Slashdot Story Helps Raise $43,200 For the FreeBSD Foundation In Three Days
An anonymous reader writes "The FreeBSD Foundation has posted blog article article talking about the remarkable surge in donations they've received in the last three days following a recent Slashdot article reporting on weak fundraising this year. Deb Goodkin reports that the FreeBSD Foundation, as with many non-profits, receives more than 50% of its annual funds at the end of the US tax year, but that the Foundation has never seen this rate of donations before, and will hit a new record for unique donors this year. She comments that it was Slashdot readers that made the difference! She does, however, appeal for further donations noting that they have a long way to go on their full goal." -
Kickstarter Technology Projects Ship
An anonymous reader writes "Shocking Kickstarter news this morning, not only did I actually I receive my Brydge this morning, but a Kickstarter software project shipped on time! Connectify Dispatch, the load balancing software for Windows, was released today as well. Perhaps the Kickstarter model of funding technology is not nearly as doomed as some naysayers here would have it. Why are so many here hostile to crowdsourcing? Shouldn't we be glad to have Venture Capitalists cut out of the loop so that companies actually listen to us?" -
Interviews: Eugene Kaspersky Answers Your Questions
Last week, you asked questions of Eugene Kaspersky; below, find his answers on a range of topics, from the relationship of malware makers to malware hunters, to Kasperky Labs' relationship to the Putin government, as well as whitelisting vs. signature-based detection, Internet ID schemes, and the SCADA-specific operating system Kaspersky is working on. Spoiler: There are a lot of interesting facts here, as well as some teases. Which OS/OSs do you run?
by magic maverick
While MS Windows is the most common computer OS around, there are obviously many others. For your personal use, what is your main OS, and how do you keep it secure (do you, e.g., run MS Windows with anti-malware software, or do you run Ubuntu Linux with the defaults)? Is this a setup that you would suggest for others, or is it too esoteric?
Eugene Kaspersky: I'm afraid my answer's nothing special — I've got Windows 7 on my laptop + Kaspersky Internet Security 2013. To put it short, I've no need for any other operating systems like Ubuntu or Mac OS, and some software I need is available only under Windows.
Special thing about my devices is that I don't have a smartphone. I use a good old Sony Ericsson, whose most advanced feature is its (handy) flashlight. A simple phone like this is the safest mobile you could ever choose!
On this topic I also have a few tips I can share with you:- Outside the KL corporate network I always use a VPN connection. If you have the possibility to use VPN — do so. It's a very useful way to minimize risks.
- Always use quality security software and keep it updated (automatically). That is an absolute must.
- I prefer using browsers with a relatively high security level (e.g., Chrome) and I disable scripts in it.
- And finally, the most important rule — also the simplest: always — always — use your head. I'm certain that the above + common sense is perfectly sufficient for secure personal use.
What color is your hat?
by eldavojohn
I feel like when someone is as deep in malware protection as you are, you're basically running malware and, I assume, developing malware or finding exploitable aspects of software. I notice you "discover" a lot of malware but I don't recall seeing you publish any exploits. How much malware development do you do? Any at all? Is there anyone in your company that attempts to mimic what other malware does so you can better understand it? Do you feel like that is a necessity in the field of malware protection?
EK: No, no and no. We don't develop malware and we don't publish exploits. Both happen to be illegal — and amoral. I don't recommend you doing either too.
Firemen don't start fires, doctors don't infect people, and antivirus companies don't create viruses. Any at all.
We detect 200,000 new threats every day as it is. Keeping on top of them all is quite a task. And another thing — we don't hire ex-hackers. Our business is built on trust, and we apply the highest standards in sensitive areas of our work: in malware analysis, product development, etc. Like a homicide detective doesn't need to kill to investigate a murder more effectively, a good expert doesn't need to be on the dark side to analyze viruses and predict what may come next.
Why do we still use the black list security model?
by Zaphod-AVA
Malware continues to be successful despite our current efforts. Why do we continue to use the same failed security model? Automated white listing seems like a better answer to modern security problems.
Imagine a whitelist that checks with a central repository that reputable software manufacturers send their updates to. Even with updates, checking the software you regularly run is now a simpler problem then comparing everything you run to a list of all the malware in existence.
EK: Actually we do use a whitelist security approach. Modern antiviruses are not simply based on signature analysis; they are sophisticated pieces of software containing whitelisting as well. Faced with constantly increasing malicious activity, the AV industry needs to seriously toughen up and come up with new approaches. One such new approach is the application of whitelisting technology.
Whitelisting takes a different view of computer files. It doesn't look for the bad things on your PC like with the traditional pattern-based approach, instead it just checks if files are safe based on whether such files are already whitelisted — already in the whitelist database of known-to-be-ok software. Any files that aren't already whitelisted are marked as potentially bogus. Our whitelist of ok'ed files is now populated by more than 530 million green-lighted files.
Now, depending on the settings you make in the antivirus program, files not included in the whitelist directory can be either automatically blocked (particularly useful in a corporate environment), or flagged as suspicious and sent for additional checks by anti-virus components. For the suspicious ones, a further stage of analysis can be performed by running them in Safe Run — an isolated sandbox environment from which maliciousness can't contaminate the computer's environment proper. Alternatively, right-clicking a file gives you its reputation info from our cloud-based KSN (video, details), which incidentally gets 400,000 file-checking requests per second!
The traditional pattern-based approach by its nature needs to catch 100% of all the maliciousness on a computer to be effective. Besides, every instance of malware needs to be analyzed and entered into a database, which takes time, and this is a crucial moment if we talk about epidemics. Whitelisting, on the other hand, isn't bothered about bogusness directly — it's not its concern. It concentrates instead on simply detecting possibly bogus files — files not included in the whitelist, just in case, as it were. And this task is completed in seconds — much quicker the traditional approach's task. Since today we detect around 200,000 malware samples every day, and this figure is only going to keep on increasing, just in case becomes crucially important, and isn't just some new bell/whistle addition to traditional antivirus.
Of course, let the pattern approach keep at it with the baddies, which it is doing, valiantly. But also let whitelisting do its thing with goodies. The result? Superior overall protection — a lot quicker. Kind of what we're all after, after all .
Re: Assembly code and vulnerability of Apple
by dave562
We see Apple growing in market share and one of the memes that has been accepted by a large part of the community is that Apple is not targeted by malware authors in part because the return on investment is not as high as it is for Windows machines. To put it another way, if a malware author targets Windows they get millions of home users, but more importantly, they also have the potential to infect corporate systems, server farms, etc. If they go after OS X, they get a bunch of home computers and some audio visual professionals.
Apple's market share is growing, and they also have converted their OS over to run on Intel chips. It now shares the same hardware base as PCs that run Windows. Given that all of the really advanced malware code (rootkits, polymorphism, etc.) is written in Assembly, do you foresee any tipping point coming where OS X will be targeted on a large scale like Windows has been? Or is there simply not enough of a payoff there for the malware creators, given the ease of exploitation and widespread deployment of Windows?
EK: Cybercrime today is no game; it's a very successful business. Its underlying principle is simple: risks are taken and attacks are invested in only if lots of money can be earned. The more users you can reach — the more money you may get. Simple. These days Mac OS market share is high enough to be attractive to the bad guys. In 2011 it was estimated that Apple had over 5% of worldwide desktop/laptop market share. And figures by web-tracking company Net Applications for the month of August 2012 show that Apple's combined share of the desktop market — counting versions 10.4 and after of OS X — is 7.11%, while Windows Vista for example takes 6.1%! This is a significant figure already, and that's why cyber criminals are turning their heads towards Apple.
The Flashfake epidemic, the first global Trojan for Mac OS, highlighted two things:
First, it showed that the most popular Windows attack scenario can be easily copied for Mac: a Trojan spreads via drive — by downloads — no user interaction needed, no clicks, no admin password. Just surf to a hacked website and the malware gets installed onto your computer automatically.
Second, epidemics are indeed now possible for Mac: if you compare the number of computers infected by Flashfake with the overall number of Macs, you'll find out that the "iBotnet" can be compared to Conficker — the biggest PC-botnet in history!
In sum this all means that we've reached the stage where attacks on Mac OS have become a usual phenomenon — not unusual as claimed in the past. And the scale will only increase. The Apple marketing people may not like it, but it's time to admit it — yes guys, your system is as vulnerable as Windows. Don't ignore the lesson of Flashfake. Think serious about security, not just different [sic].
Re: Healthcare/industry-specific software?
by HideyoshiJ
Many pieces of software and hardware used in healthcare are required to pass FDA certification, especially in areas like radiology. Often times, these vendors report that because they are certified on a certain patch level, these systems cannot be patched without losing that certification. Do you see any solutions to the current state of industry-specific software's seeming lack of quality, updates and security?
EK: What works best in these circumstances is whitelisting. We realized the importance of whitelisting a long time ago when we started our whitelisting program. Like many technologies, whitelisting is not a solution by itself, but in terms of more completely protected machines in healthcare it really does help. What's more, because such machines generally go unchanged the whitelisting rules can be extra strict. In our experience this works very well, especially in combination with technologies such as exploit prevention.
Anonymous Internet IDs
by AaronLS
Do you believe everyone could be issued an ID, and still remain anonymous? What I mean is, I believe that you could ensure each of your users is unique, but not necessarily know who they are. If everyone is issued a certificate signed by some trusted authority, one could verify that the certificate is valid, without the certificate exposing the information about who you are. You could even have a scheme that lets the authority issue you multiple IDs, but only one for each unique ForUseWithDomain attribute, such that if you wanted to keep your identity from being correlated across different sites, you could do so. This could probably even be automated.
This would ensure that if you banned a malicious user from your site, they wouldn't be able to come back without compromising someone else's certificate. Yet, you still get a high level of anonymity.
Sites that require non-anonymous access could deny anonymous certificates, and require that you authorize access to full name perhaps. This would be like OpenID in the way it will prompt you for a site requesting additional information, like your email.
EK: Firstly, in my opinion, Internet IDs aren't necessary for every type of Internet activity. Let me clarify in what cases I think Internet ID is needed. I believe the World Wide Web should be divided into three zones. Red zone is for critical processes: voting in elections, online banking, interactions with official bodies, and other critical transactions. For operations in this zone an Internet ID should be necessary. This is in everyone's interest — no one wants to lose private data which in some cases may lead to losing money, for example. Then comes the grey zone, where minimal authorization is needed. For example, age verification for online shops selling alcohol or adult stores. I don't think an Internet ID is necessary for this zone. You're right — Open ID is enough. And finally — the green zone: blogs, social networks, news sites, chats ... — everything related to your freedom of speech. No authorization required.
I suggest using special proxies for surfing in the red zone. You register using your Internet ID and then you use a nickname. Nobody can see your real name. If you break the law, your identity is subject to disclosure after legal procedures and a court decision. I want to stress that nobody can discover your real identity if you observe the law.
Re: Online anonymity
by gallondr00nk
Recent protest movements and the Arab Spring have shown that the ability to use the Internet anonymously is crucial to organizing resistance and circumventing censorship or oppression. In light of that have you modified your views on the "Internet ID"?
EK: My position on Internet ID is developing. The more governments speak about regulation of the Internet, the more liberal I become. I'm really worried that one day governments will go too far in their attempts to control the WWW and its users.
After the Arab spring I've slightly changed my views on the subject. I still think that Internet IDs are required for certain operations, but as I've explained above, you don't need them when, say, surfing social networks. And as far as I know it was specifically Twitter and Facebook that were used as communication tools for protesters during the Arab Spring.
Re: "Approved" Spyware
by Fnord666
I assume that various state sponsored agencies provide you with their "research" tools and ask that you not detect them with your products nor should you interfere with their operation. To what extent does this happen, to what degree are you "asked" to comply, and to what degree are you forbidden to discuss this topic? Do you, or if you had the opportunity to do so without repercussions would you, offer a version of your products that identified and disabled this spyware?
EK: There is nobody who can forbid me from discussing this topic, so here you go. The short answer is no — we don't have relations with state sponsored agencies in the way you describe. Nor ever will.
Reputation is an extremely important asset in our business. If you let somebody be your bodyguard you need to be 100% sure that you can rely on this guy. And it's the same for users and companies when choosing security software. Trust is everything for us. If we had such a skeleton in the closet, our rep would go into nosedive. And believe me, such a skeleton would be found if it ever existed: I'm pretty sure that our products are analyzed scrupulously by competitors, cyber criminals and governments. No, secret agreements with state agencies like the one you imagine — there's never been such a thing nor ever will be.
Kaspersky's relationship with the government
by swb
Does Kaspersky have a relationship with the Putin administration or the FSB? Do either of these organizations have any influence on the business practices or technology of Kaspersky antivirus? Should a security minded person be concerned with the geographic origin of security software?
EK: Firstly, we have relations with law enforcement agencies in many countries, not only in Russia, as per which we provide expertise. Moreover, all the world's leading security companies — Symantec, McAfee/Intel, and Kaspersky Lab — we all collaborate with law enforcement bodies in our own countries and worldwide — to help fight cybercrime. CERTs, the FBI, FSB, Interpol, etc. — our duty is to help them investigate criminal cases.
Without the expertise of security professionals, successful law enforcement operations would be an unattainable dream. When cybercrime cases are domestic, IT Security companies work with their law enforcement agencies to assist in investigations. When they're international, they work with the appropriate law enforcement authorities of the affected countries to abide by legal policies and federal jurisdictions. This cooperation is crucial in fighting cybercrime worldwide, and we are proud to be a part of the process.
Secondly, Kaspersky Lab is a private international company which registered its holding in Great Britain in 2006. This means that our financial reporting is completely transparent and freely available to anyone. As a private company we act independently. There's no organization that could influence our business or product development.
And finally, regarding origin: Paranoia can be useful sometimes, but you should have good reasons for it. Should the security minded person be concerned that his/her laptop is assembled in China? Or that Intel, which produces most processors, has plants not only in the US, but also in Israel, Ireland and China too? Many other chip companies of course design their chips but have them produced by third parties — mostly in Taiwan and China. Should one be worried that one of the leading Microsoft R&D centers is situated in Israel? Or that the SAP headquarters is in Germany, Sony's in Japan, and Acer's in Taiwan?
We live in the age of globalization. Kaspersky Lab has R&D centers and virus experts around the world, including Russia, Europe, Japan, China, the United States and Latin America. It's simply not a question of origin any more.
In the early 2000s, when we first entered both the UK and US markets, we were perceived with a somewhat prejudiced attitude. Nobody took much notice of our product quality, but only in its origin. However, I think that was because of lack of information about our company and the products we supplied. With years the situation has changed: it's impossible for a superior quality product to stay ignored.
Are you safe Mr. Kaspersky?
by Lieutenant_Dan
You're operating out of the same country that has a ton of botnet operators raking in some decent dough with cheap pharmaceutical sales thanks to people desperate or naive enough to do so.
There are have been some interesting stories hailing from your corner of your world. How do you feel with your ability to run your company the way you want and without any threats to you or your staff?
EK: Botnet operators? Cyber criminals? I'd say they're the most tamed animals in our zoo! In recent years we've been discovering much wilder, more dangerous stuff — more and more viruses that can be classified as cyber weapons, created by nation states or by private companies sponsored by them.
Though you can never be absolutely safe, our staff hasn't been threatened, and I hope never will be. This may be because we fight malware, we don't conduct criminal investigations. This is what the police should do.
Re: Your secure OS
by lister king of smeg
You plan on making a secure OS for industrial/infrastructure systems; do you plan on basing it on preexisting open kernels, such as BSD, Linux, Haiku, or Mach? Will it be Unix/Posix like? Will it be a monolithic or micro kernel? Or are you thinking more of a hypervisor that hosts and monitors the guest OS for SCADA systems?
It will not be based on Linux or any other OS. Existing operating systems weren't created with security in mind. Security is an extra option for many of them, and vulnerabilities are inevitable. Of course existing systems have a lot going for them — and we recognize that. But I think that their level of security isn't high enough to cope with today's threats.
We're developing our OS at the micro kernel level.
We support the POSIX standard to the extent it does not contradict with our security principles. Our main target is to create a development platform for those interested in producing software or hardware with very high levels of security. As for a hypervisor, its creation is not our original intent, although we're not completely disregarding such a development path.
Re: Your exploit-free OS
by eldavojohn
Recently you confirmed you're working on an exploit-free OS following all the SCADA attacks. Among other things, you're claiming it is to be written from scratch but I can't find many details on what it's going to look like architecturally. You say: "Architecturally, the operating system is constructed in such a way that even a break-in into any of the components or applications loaded onto it won't allow an intruder to gain control over it or to run malicious code."
Could you expound on this? Are you writing this code or still in the design phase? Or better yet, could you compare it to something like, say, CentOS or Debian, and tell us how your architecture is going to be more secure? I understand you're scoping down the requirements of your OS to be more easily manageable, but the skeptic in me feels like it just can't be done. The cat and mouse game must be played in some form or fashion.
EK: This highly-complex project is extremely time consuming. We are still writing the code but we already have several working prototypes.
Don't believe the skeptic inside you. It is possible. Our OS will guarantee the possibility to run just preliminarily and explicitly declared functionality. I'm afraid I'm not ready to disclose much information at this stage — our rivals are watching. We are also currently collaborating with hardware manufacturers. Where there is a need for a superior level of security we plan to provide an integral, reliable computer appliance developed by our own team of specialists. Regarding architecture, we're not restricting ourselves to anything specific such as x86 or ARM. The hardware will definitely have to meet some specific requirements because it will have a direct bearing on the ability to ensure the required security guarantees. Follow our news — it's going to be interesting.
Re: The importance of programming language to SCADA security?
by Anonymous Coward
How important will the process of choosing a "language-based system" be to ensure the security of the operating system you envision? Choosing a type-safe language to create a memory-safe OS can help with the threats posed by the Internet or malware while also reducing some complex code used to get around a lack of type-safety in an OS. Will you be creating your own system or general purpose programming language to ensure this security in this way? If not, there are a few languages already available, or partially available, to choose from: Cyclone (an extension of the last version of C), Red/System (still under development), Euphoria (a system language with type-checking, and it uses simple words instead of punctuation to improve readability) and the combination of a type-safe Assembly that handles hardware and memory with managed C# that handles the rest of the kernel and the applications (like Microsoft implements in the Verve OS and might implement in a future Windows; that is, code-name Midori).
EK: Using a type-safe language is an interesting and promising approach, although we're not using it in our micro-kernel. We give a higher priority to tailoring OS architecture along with our security principles, which do not depend on the implementation language. More details on the approaches we use we'll share later.
Re: Malware's history and future?
by Anonymous Coward
You've been in computer security a long time, and have seen many things come and go. DOS/bootsector viruses, Windows viruses, macro viruses, rise of worms to replace them, and now the commercialization of malware with botnets, extortion-ware and the targeted weaponised malware like the one that hit Iran (and who knows what else). What's changed? What's remained the same? What about the malware creators — has their motivation changed? Where do you believe things are headed?
EK: Twenty years ago malware was a curious toy for programmers. Ten years ago it was a criminal instrument for bad guys who wanted to earn some money. Today it's a cyber weapon for governments. And that is the main and the most dangerous tendency of recent years.
Recent malware — Stuxnet, Duqu, Flame, Gauss — proved that cyber weapons (i) are relatively cheap to produce, (ii) are effective, (iii) mostly go undetected, (iv) leave their authors anonymous, and (v) can be easily replicated. And they're hard to protect against. They look like perfect weapons to some governments. In the meantime, Pandora's box is now wide open.
The most dangerous aspect of cyber weapons is their unpredictable side effects. A worst case scenario is when a cyber weapon aimed at a specific industrial object — like, say, Stuxnet — isn't actually able to accurately pick out its victim — either down to a mistake in the algorithm or a banal error in the code. As a result of such an attack the targeted victim — let's say a nuclear power station — would not be the only one affected: all the other nuclear stations in the world built with the same design would be too. Sounds scary, doesn't it? And without control from an international body, it could become more than scary: catastrophic.
As concerns home/consumer users, the defining feature of the next decade will be an enormous shift to mobile OS — and all the cyber criminals will be there already to greet them. The more financial transactions we conduct using smartphones, the more cyber criminals will target them. Future developments are likely to see more mobile botnets and drive-by downloads. There is also a high probability that the first mass worm for Android will appear, capable of spreading itself via text messages and sending out links to itself at some online app store. We're also likely to see more mobile botnets, of the sort created using the RootSmart backdoor.
Digital concepts young people should learn?
by davecrusoe
There's much talk about combating malware through technical solutions (e.g., adding transparency to communication, building increasingly sophisticated scanning systems, etc.). But what interests me is what we should be teaching our young people (children in primary and secondary school) with respect to the expertise we wished all adults possessed. In your estimation, what are 2-3 things that, if young people understood well, would help them excel in the face of cyber adversity (e.g., malware, privacy theft, etc.)?
EK: The most important advice I can give to young people is to always use your head. It might sound too simplistic, but if everyone who surfs online followed this rule the risks would be minimized. Don't download suspicious applications, and use social networks with caution. The largest portion of viruses is being spread with the use of social engineering, so never open links or files from unknown persons. Never ever! And even if you know the person, double check before doing so. Another way is to open suspicious files or links in a Sandbox mode.
Also, always use up-to-date quality security software. Free AV products are not a solution. Don't forget to update your system regularly. Install all the patches from the software developer and don't ignore update notifications.
By following these few simple rules you can minimize the risks online. As I mentioned, I've got standard Windows running with Internet Security, and I don't experience any problems with online surfing. -
Hotmail & Yahoo Mail Using Secret Domain Blacklist
Frequent contributor Bennett Haselton writes: "Hotmail and Yahoo Mail are apparently sharing a secret blacklist of domain names such that any mention of these domains will cause a message to be bounced back to the sender as spam. I found out about this because — surprise! — some of my new proxy site domains ended up on the blacklist. Hotmail and Yahoo are stonewalling, but here's what I've dug up so far — and why you should care." Read on for much more on how Bennett figured out what's going on, and why it's a hard problem to solve.On December 7th I sent out a normal batch of emails to the Circumventor mailing list, where I send out new proxy sites for getting around Internet filters. I registered seven new domains and sent each domain to one seventh of the list; the list contains about 420,000 addresses, so each one went to about 60,000 people. (Each new site is only sent to a random subset of the list, so that a blocking company can't just subscribe one address to the list and block all new sites as soon as they're mailed out.)
The list is also comprised of 100%-verified-opt-in addresses, meaning that a new subscriber has to reply to a confirmation message in order to be added to the list. That's considered the gold standard for responsible mailing, but major email providers keep finding new ways to block the emails as "spam," which sometimes provide interesting insights into how the filters work behind the scenes.
After the last mailing, for example, all of my newly registered domains got disabled by the registrar because two of the domains had been incorrectly blacklisted by the Spamhaus Domain Block List. It took two days to discover the problem and then several hours to trace the problem to Spamhaus, although once I found Spamhaus's automated form I was able to get the domains un-blacklisted immediately. So the registrar re-enabled the domains a few hours later, although the traffic to the domains never returned to its previous levels. Spamhaus, meanwhile, continues to claim the DBL is a "zero false-positive" list, and has yet to acknowledge the error or contact me to help get to the bottom of how it happened. Well, they know how to reach me.
At least this time around, my domains didn't get disabled. Instead, the messages rolled out for a few hours with no problem (replies from users indicated that at least some hotmail.com and yahoo.com users were receiving them), until bounces abruptly started coming in from hotmail.com and yahoo.com addresses saying:
----- Transcript of session follows -----
... while talking to mta5.am0.yahoodns.net.:
>>> DATA
<<< 550 Message Contains SPAM Content
554 5.0.0 Service unavailableAfter pummeling my address with bounce messages (to the point where my own Gmail account started bouncing because it was getting hammered with so many bounce messages from Hotmail and Yahoo), when the dust finally settled, I tried reproducing the error by sending test messages from my server's IP address to a test Hotmail account. It turns out that out of the seven different URLs that I had been mailing to our users, four of the domains in those URLs would generate a "550 Message Contains SPAM Content" error when sent from my IP to a Hotmail address, and the other three did not. The message didn't have to contain the banned domain in the From: address; the message would get blocked if it even mentioned the domain anywhere in the message body. (This only happened when sending from my own IP address at peacefire.org. It didn't happen if I tried sending a message from my Gmail account to a Hotmail address, even if the message contained one of the four banned domain names, so the issue probably won't reproduce if you try sending a test message yourself.)
But interestingly, Yahoo Mail started bouncing my messages at about the same time — out of the seven domain names, the same four domain names were being bounced by Yahoo Mail as by Hotmail, also with the error "550 Message Contains SPAM Content." That's far too unlikely to be a coincidence, so it looks as if Hotmail and Yahoo Mail are using a common secret blacklist of domain names that cause a message to be blocked as spam. (As it happens, the other three domains were also being bounced by Yahoo Mail with the error "Message Contains SUSPECT Content" — as opposed to "SPAM Content" — while those three domains were not blocked by Hotmail at all. That of course is aggravating, but the real clue lies in the fact that both Yahoo Mail and Hotmail were giving "SPAM Content" errors to the exact same subset of domains.)
I don't want to publish the list of all seven domain names here, so as not to make it too easy for censorware companies to block them all, but one of the four blacklisted domains was 'golflanding.com.' (All of the new domains I register are nonsensical two-word combinations, since those are the only .com domains that are likely to be (1) still available and (2) easy to remember.) As soon as it seemed like Hotmail and Yahoo Mail were working off of a common blacklist, I checked to see if Spamhaus had screwed up again and listed our domains, but none of the seven domains were on Spamhaus's lists.
I looked up golflanding.com on the blacklistalert.org service, which checks against all major spam blacklists, but no hits were listed there either (except for on some defunct services which haven't been updated in years).
So if Hotmail and Yahoo Mail are both using the domain blacklist, perhaps it's a list compiled by one company and then licensed to the other, or perhaps it's a third-party list not widely known to the public. (Hotmail uses their own SmartScreen filter, but I've found nothing online about Yahoo using it as well.) It's conceivable that one or more of the domains might have gotten blacklisted as a result of Hotmail or Yahoo users clicking their "This is spam" button. However, Hotmail allows newsletter publishers to view data about what percent of their messages to Hotmail users are being flagged by users as "spam," and when I looked up the stats for our IP, they showed a "complaint rate" of less than 0.1% (usually the rest of people hitting 'Junk Mail' to unsubscribe from the list). Assuming that the complaint rates are similar for Yahoo Mail, it's unlikely that the domains got blacklisted as a result of user complaints, unless the blacklist trigger has a ridiculously low complaint threshold.
Neither the Hotmail postmaster site nor the Yahoo postmaster site mention anything about a list of domain names that could cause a message to be blocked for mentioning the domains in the message body. Yahoo Mail does provide a support form for newsletter publishers to send inquiries about why their mail is being blocked; I submitted that on Saturday and started a thread with email "support," although so far their response has just been to copy and paste articles from the Postmaster site, with tips like "Send email only to those that want it." Each time, I reply saying, No, this is not the problem, the problem is that the domains in the messages are getting incorrectly blacklisted, and each time, support cheerfully sends me another article. If I'm not literally talking to a bot, I might as well be.
I opened a similar ticket with Hotmail, and they sent me a form letter saying that the emails were being blocked because of SmartScreen, and that as a matter of policy, they would refuse to fix any errors being made by the SmartScreen filter. Waiting to see if I get a reply from a human next.
So why should you care? Well, for one thing, if you care about users in China and Iran being able to receive proxies to get around their Internet blockers, right now Hotmail and Yahoo are thwarting these proxies more effectively than those countries' own censors are. Yes, these are real people who really do write back to me after a mailing goes out, telling me about how they were able to use the proxies to receive banned political information, and sometimes how long the proxy lasted before the censors blocked it. This week, they had to do without.
But more importantly, this is an example of a general problem: That there are certain types of issues, like blocking of legitimate mail by spam filters, where the "free market" does not deliver the best experience to consumers, and the costs get passed on to everybody. Sometimes the problems could be solved with some effort, but the effort does not get made, because people believe that the free market will solve the problem, or that it already has.
In theory, if consumers have enough information about different companies and their services, the companies can compete to provide the best product to users. The problem is that if one type of information is systematically hidden from users — in this case, the fact that their mail provider is blocking mails from reaching them — then the "theory" falls apart. Since spam getting into your inbox is a visible problem, but missed email messages are an invisible problem, Hotmail's incentive is not to give the user the best experience, but rather to err on the side of blocking legitimate messages — even if the user might prefer to get slightly more spam, than to miss one important email that they were waiting for.
This means we're not just talking about a few messages getting caught in filters, which could happen even in an efficient marketplace. We're talking about a permanent equilibrium where the user gets a sub-par experience by default — a trade-off that causes them to miss more messages than they want to — and senders have to pay the cost of overcoming the marketplace inefficiencies. (Which means if the sender is a business you buy from or a charity you support, the costs get passed on to you.)
Pretty much the entire financial cost of sending email, is attributable to the failure of the "free market" to motivate email providers to deliver non-spam emails into their user's inboxes. If a company or organization uses an email list hosting company like AWeber or Constant Contact to email their users, they pay a fee of about $1 per month for every 100 users on their list (which would run me about $4,000 per month). That fee doesn't go towards bandwidth — even a 1-million-subscriber list, emailed once a month, would use less than 3 GB per month of bandwidth, which is what GeoCities was was giving away for free 10 years ago. What you're paying for is the fact that AWeber and Constant Contact have friends in the right places at Hotmail, Yahoo, and Gmail, so if your mails are getting blocked, they know the people to call to fix the problem. If you run your own list instead of paying a hosting fee to AWeber or Constant Contact, you'll end up paying other costs indirectly, through loss of income when your messages don't reach recipients, or in time and money spent trying to fix the issue. (I have to take this option anyway, since I send different URLs to different random subsets of my list, which is not supported by AWeber or Constant Contact.)
On the other hand, if the market actually "worked" — if email providers did reliably deliver non-spam messages to their users — a company or charity could run their own list for virtually zero cost, and would be able to keep all of that money. (I incur no up-front fees for running my own list; all of the costs are the time spent trying to get Yahoo, Gmail, and Hotmail to stop blocking it.) So every time you donate to a charity or buy from an online retailer, a little bit of that money goes towards the cost of that organization having to fight past marketplace failures in order to get their email to you.
I don't think there's an easy algorithmic solution, like crowdsourcing Facebook complaints or using random-sample voting on Digg. Generally, I just think we need more awareness of the fact that, under certain conditions (including those surrounding email deliverability), the "free market" is virtually guaranteed to arrive at a non-optimal solution. One manifestation of that awareness would be if Hotmail, Yahoo Mail, and Gmail created public points of contact where legitimate email publishers could find out why their emails were blocked, and had real humans responding to the messages and fixing the problems. By default, the imperfect information in the marketplace leads toward an equilibrium that errs on the side of blocking too much legitimate email, so anything that pushes the equilibrium back towards more legitimate messages getting delivered will improve the experience for users and lower costs for senders.
Besides, there's a more basic ethical issue here. If you're Hotmail and you tell your users that you're providing them with "email accounts," then those users expect those accounts to work — including having the ability to receive mails from mailing lists that they've signed up for. Helping legitimate emails get through to users is not just a matter of addressing a marketplace inefficiency, it's a matter of honesty.
Larry Lessig's book "Code is Law" describes how default choices built into the architecture of the Internet and other environments — the "code" — can steer our behavior in ways that we might not choose otherwise. I'm making essentially the same point in saying that some problems are not fixed by market forces, because people are not aware of the problem at all. I think the evidence and the reasoning are straightforward in this case, but it's hard to convince people who have adopted it as an axiom that whatever the free market arrives at, must be the solution. My favorite single sentence in Lessig's book was, "Put your Ayn Rand away." I could imagine the years of pushing against dogmatic fanaticism that led him to write that sentence, and I knew how he felt.