Slashdot Mirror

theodp writes "President Obama and his daughters headed to an indie bookstore last Saturday to promote shopping local. The White House did not disclose which books were bought, but author Lauren Oliver tweeted her delight after a White House photo showed her books Delirium and Pandemonium were among the 15 children's books purchased by the Obama family for Christmas gift-giving. While it made for a nice Small Business Saturday photo op, do you suppose the President paid much more for the books at the small indie bookshop than he might have at an online retailer like Amazon, where the hardcopy edition of Pandemonium is $10.15 (44% off the $17.99 list price) and the hardcopy edition of Delirium can be had for $10.47 (42% off the $17.99 list price)? Kindle Editions of the books are also available for $7.99. And with both titles eligible for free Amazon Prime shipping, the President could've saved on gasoline and Secret Service costs, too! So, will you be following the President's lead and shop local this holiday season, or is the siren song of online shopping convenience and savings too hard to resist?"

fustakrakich writes with news that a boat powered only by its sails has reached speeds of 100km/h for the first time. The team also claims to have reached 109km/h over a 500m course. The craft took the speed record back from kite surfers, who have somewhat smaller sails but a massive weight advantage over boats. "Sailrocket 2 set the record last week, and the speed 54.08 knots (100.1 km/h) the craft achieved has been recognized by the World Sailing Speed Record Council as the new mark in Class B for vessels traversing a 500 meter course. The speed is higher than any other vessel recorded in the Council’s lists and is the only recorded speed over 100 km/h." Gizmag has a more detailed article about Sailrocket 2's exploits, and says in an update that the craft achieved speeds of 121km/h today (65.37 knots).

Presto Vivace writes "Under the right conditions, online activism can be very effective. U.S. Senator Patrick Leahy has already abandoned his warrantless e-mail surveillance bill we discussed this morning. 'The Vermont Democrat said today on Twitter that he would "not support such an exception" for warrantless access. ... A vote on the proposal in the Senate Judiciary committee, which Leahy chairs, is scheduled for next Thursday. The amendments were due to be glued onto a substitute (PDF) to H.R. 2471, which the House of Representatives already has approved. Leahy's about-face comes in response to a deluge of criticism today, including the ACLU saying that warrants should be required, and the conservative group FreedomWorks launching a petition to Congress -- with over 2,300 messages sent so far -- titled: "Tell Congress: Stay Out of My Email!""

Bennett Haselton writes: "Online political futures betting is in a legal limbo in the United States. But with the lifting of legal sanctions, and with the addition of one simple new feature, online futures betting could not only provide more accurate forecasts of the merits of different candidates, but also provide a tool for quieting partisan blowhards who think the opposing party's candidate is going to drag the country to hell. Let the blowhards bet!" You'll find the rest of Bennett's story below.

Did you have a strongly felt prediction about the 2012 elections that went against the conventional wisdom? Then you could have placed a bet at the Iowa Electronic Markets website (with real money); yet most people don't know the website exists. Indeed, it's only able to exist at all because of an exemption from U.S. laws that make other political betting websites illegal. The Irish-based online political betting site Intrade doesn't even accept American customers (you can't wire money to them from a U.S. based account), and their late CEO reportedly told John Stossel he was afraid of being arrested if he set foot in the U.S.

That's too bad, because I think that legalized Web-based betting on political outcomes could serve two valuable purposes in American politics: to provide forecasts of the relative merits of living under either of two candidates, and to force partisan blowhards to seriously consider whether they actually mean what they say. But in order to make this happen, in addition to the government lifting any legal restrictions on the ability of such sites to operate, I think a valuable additional feature would be the ability to place "if-bets", betting on particular events (the level of unemployment, for example) if a particular candidate were elected.

In September I happened to stop by the King County Republicans booth at the Puyallup Fair, and asked one volunteer, just for the sake of argument, what he thought was the best case against re-electing President Obama. (I'm a liberal, but I spend more time reading conservative blogs and opinion pieces than liberal ones, partly just to see what pieces I might agree with.) He said flatly that if President Obama were re-elected, unemployment could rise as high as 20 percent, and listed some other dire figures.

Well, I didn't consider that an "argument", but I asked him, "Would you be willing to bet on it?" -- not proposing that we actually wager, but asking him to think seriously about whether he would be willing to wager, if it were an option. In other words, if Obama is re-elected, and employment rises to 20 percent some time in the next four years (or perhaps if average employment over 4 years is above some designated threshold), then I pay my new Republican friend $100. If Obama is re-elected and no such thing happens, then the Republican pays me $100. If Obama is not re-elected, then the whole wager is void. After I spelled this out, the volunteer got a thoughtful look -- as if he were thinking, for perhaps the first time, whether he really believed what he had been saying. (Of course I've probably made similarly ill-thought-out predictions about politicians that I disliked, where the offer of a wager would have made me stop and think harder about what I actually believed.)

It would be easy for Intrade and similar companies to support these kinds of conditional "if-bets". Then their website could list data on, for example, what the bettors currently think are the odds of unemployment reaching 20% (or 15%, or 25%) if Obama were re-elected, or if Romney were elected. Ideally there would be a different betting market for each percentage point -- and you could aggregate all the market odds for those percentages into one simple graph, with a bell curve showing what the market thinks are the odds of employment hitting 10%, 11%, 12%, etc. under either Obama or Romney.

The first benefit of such a system would be obvious: to the extent that betting markets are an accurate predictor of political outcomes, this would be an easy way to see what conventional wisdom projected for unemployment, inflation, infant morality rates, or any other statistic that Intrade accepted bets on, if either candidate were elected. As long as either candidate had a realistic chance of winning, the people wagering on the "if-bets" would have to take them seriously. (If one candidate had virtually no chance of winning, then the "if-bets" conditional on that candidate's victory might not show anything useful, since everyone expects the bets will be declared void. So it wouldn't work for evaluating the merits of a long-shot candidate like Jill Stein - who might have some good ideas, but the "if-bet" betting markets wouldn't be able to tell us that.)

The second benefit would be that whenever anyone claimed projections that departed radically from the market odds, you could simply ask them, "Why not go to Intrade and bet on it?" If a person really believed that their dire predictions were more likely than the market seemed to think, then they could wager accordingly. Even if they don't think their prediction is likely to come true, as long as they think an event is more likely than the market seems to think, they should still believe that they could make money in the long run by betting accordingly. (For example, if you think there's only a 1-in-3 chance that Romney will win, but the market says 1-in-5, you should bet that Romney will win, at the 4-to-1 odds offered by the market. If you bet on lots of separate events where you think the probability of event occurring is 1/3 but the market says 1/5, then if you're right and the probabilities really are about 1/3, you'll lose 2 out of 3 times, but every 3rd time you'll make back 5 times the amount of your wager, and come out ahead. Assuming that you really are smarter than the market, of course.)

There could be rules and safeguards to prevent abuses of the system (rules that could be imposed by U.S. law, even if they're not enforced by overseas betting markets), such as not allowing individuals to bet more than $500. (This is already enforced by the Iowa Electronic Markets.) That's small enough to stop individual bettors from trying to manipulate the market through enormous wagers (although they might find ways to do that anyway). It's also small enough that it wouldn't be worth it for any one individual to try and influence a political outcome just to win a bet. You could try to enlist your friends to help you place a collective $10,000 bet on a single outcome, but the more people you rope into your coalition, the greater the chances of someone (a) turning you in for violating the betting laws, or (b) taking the $500 you lent them, and then refusing to pay it back if they win their portion of the wager.

At the same time, the $500 limit is large enough that anyone who makes a bold claim about the future, could not plausibly claim that it's not worth their time to go over to Intrade and make a wager. (Well, billionaires could claim it's not worth their time. We could have a higher limit for higher-income individuals, but the problem is that for someone like Donald Trump, any betting limit large enough to get him to take the wager seriously, would also be large enough to allow him to manipulate the market. So we might just have to get by on ignoring Trump the old-fashioned way.)

However, even if Intrade implemented "if-bets", and even if futures betting were made unambiguously legal under U.S. law, we'd have to overcome a certain amount of cultural taboo against betting on politics, especially for members of certain professions. When Joe Scarborough called Nate Silver a "joke" for saying that Obama had a 75% chance of winning, Nate Silver gave exactly the right response: "Wanna bet?" (for charity). However, the New York Times Public Editor (an office that I've dealt with in the past) rebuked Nate Silver for offering the wager, although in a 600-word essay, the Public Editor wrote only one sentence saying why she thought it was a bad idea: because it "[gives] ammunition to the critics who want to paint Mr. Silver as a partisan who is trying to sway the outcome". This doesn't make much sense, since Nate Silver had already staked his reputation on the outcome, which was worth astronomically more to him than the $1,000 (so to the extent that he had any conflict of interest, it would have already been in place anyway). Still, for anyone in a profession that placed a high value on "perceived objectivity", they might be able to use that as an excuse for not placing a wager.

Even for the rest of us not in danger of finger-wagging from the Times Public Editor, I think there would be one big obstacle to using the markets to tell blowhards to "place your bets or shut up": people would come up with dumbass excuses not to do it. I can't even anticipate the kinds of excuses that people might make, because I think I just think too rationally (at least by my own definition), so I tend to anticipate semi-logical objections like, "I think Romney will win, so I don't want to support a system that says he will lose." To that I would say: If you think the market odds are wrong, you should place the bet anyway, and if you win, you'll be taking money from the people who bet that Romney would lose, not "supporting" them. And in fact by placing the bet, you will slightly increase the market-reported odds of Romney winning. So you'll be taking money from the people who bet against your guy, and shifting the reported odds in favor of a Romney victory, which ought to be a win-win. Even better, if you're sure he'll win, you'll have winnings afterward that you can donate to the Republican Party.

So while I don't think that's a valid objection, it at least has the form of a logical argument, which is what makes it possible to answer it. The excuses that I think people would actually give, would be along the lines of, "I don't do that." Well, if you want to support your candidate and you're confident in your predictions, why not? Or, "I think it's wrong to bet against the future of our country." Hey, if you place a bet that unemployment will go up under Obama, then that will be reported in the aggregate forecasts of what the market thinks will happen under the two candidates -- which will actually slightly increase the chance of a Romney win (which is presumably what you want), right? Besides, you realize that if you have life insurance on your spouse, you're "betting" every month that they will die? How much more ethical is that?

But for everyone else who wouldn't come up with excuses not to bet on the outcomes, I wonder, in what might be hopeful naivete, if the available of online political "if-betting" might bring our partisan extremes closer together. When my Republican counterpart and I were discussing the future of the nation under Obama or Romney, if we were forced to confront the possibility of betting on the result (not betting on who would win, but betting on what would happen if a particular candidate won), I think several things would have gone through my mind. First, I might realize that despite any stridently partisan statements I had made, I didn't really know with much confidence what would happen. Second, the humility of realizing that I would want to check the online prediction markets, because I think the rest of the world collectively has more wisdom on the matter than I do. And third, if the online prediction markets showed projected similar outcomes (for unemployment, for example) no matter who is elected, then we could calmly accept the fact that neither candidate is going to be able to perform miracles, but neither candidate is going to destroy the country either, so we can accept the fact that the country will probably do OK no matter who wins, and go have a beer.

Assuming, of course, the other guy felt the same way. I can get along fine with people who don't agree with me, but I don't think I'd get along with someone who didn't even want to seriously consider whether he really believed the things he was saying. However, if the various competing futures markets would implement "if-bets", and if the U.S. government would just give the OK to online futures betting generally, I'd be perfectly happy to take the guy's money.

New submitter Nagilum23 writes "It looks like Lenovo only knows of Windows and RHEL where their Thinkcentre M92p desktop is concerned. While investigating UEFI boot issues, Matthew Garrett found the PC's firmware actually checks the descriptive string for the operating system, and will prevent unlisted operating systems from booting. Garrett writes, 'Every UEFI boot entry has a descriptive string. This is used by the firmware when it's presenting a menu to users - instead of "Hard drive 0" and "USB drive 3", the firmware can list "Windows Boot Manager" and "Fedora Linux". There's no reason at all for the firmware to be parsing these strings. ... there is a function that compares the descriptive string against "Windows Boot Manager" and appears to return an error if it doesn't match. What's stranger is that it also checks for "Red Hat Enterprise Linux" and lets that one work as well. ... This is, obviously, bizarre. A vendor appears to have actually written additional code to check whether an OS claims to be Windows before it'll let it boot. Someone then presumably tested booting RHEL on it and discovered that it didn't work. Rather than take out that check, they then addded another check to let RHEL boot as well." Note that this isn't a SecureBoot issue. Lenovo is aware of the problem and looking into it.

An anonymous reader writes "Certain iPhone and iPad applications from a Japanese company have broken software piracy detection mechanisms that are sending out tweets on the user's own Twitter account, saying, 'How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession.' The trouble is, it's sending these out on accounts of users who actually paid up to $50 or more for the software and who are legally using it. The app is asking for access to users' Twitter accounts, but does not give the reason why it is asking, so the author of the article concluded (rightly) that things were being done deliberately. Would you want your legally purchased software to send out messages to all of your contacts on Twitter or on other social networks saying that you were a software pirate? Would you excuse the writers of the software if it was just an error in their piracy detection measures?"

benrothke writes "Advanced persistent threat (APT) is one of the most common information security terms used today and it is an undeniably real and dangerous menace. Wikipedia notes that APT's usually refer to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attack. Every organization of size and scope is a target, and many of the world's largest firms and governments have been victims. In Reverse Deception: Organized Cyber Threat Counter-Exploitation, Dr. Max Kilger and his co-authors provide an effective counterintelligence approach in which to deal with APT. The good news is that the authors provide an effective framework. The bad news is that creating an effective defense is not an easy undertaking." Keep reading below for the rest of Ben's review. Reverse Deception: Organized Cyber Threat Counter-Exploitation author Sean Bodmer, Dr. Max Kilger , Gregory Carpenter , Jade Jones pages 464 publisher McGraw-Hill Osborne Media rating 9/10 reviewer Ben Rothke ISBN 978-0071772495 summary Excellent reference in which to deal with advanced persistent threats When it comes to APT, the de facto perpetrator is China. The book shows how to pursue and hopefully prosecute the perpetrator. But that begs the questions, how many firms can realistically defend themselves against an adversary like China, RBN or nation state?

In the introduction, the authors note that deception is about behavior, both induced in the adversary and undertaken by the deceiver to exploit it. To deceive, the authors write, it is not sufficient to induce belief in the adversary; it is necessary also to prepare and execute the exploitation of resultant behavior. Once again, preparation and execution against a nation state is not a small endeavor.

Chapter 1 (available free here) sets the stage for the rest of the book and provides an overview of the topic and some examples of advanced and persistent threats, including Stuxnet, Operation Aurora, the RBN and more.

Being the biggest of all APT, China takes center stage in chapter 2 – What is Deception? That is nothing new as China has successful used deception for the last 2,000 years. China is referenced heavily in the book due to their extreme confidence and success in executing deception.

Chapter 3 – Cyber Counterintelligence(CI) details how to use CI to find the cyber-adversaries. The chapter provides both the basic investigative and operational techniques and tools, in addition to detailing how to use legal counsel to ensure that what you are doing is legal.

Chapter 5 gets into much more of the details around the legal issues, and what you can and can't do to your adversary. The chapter provides an excellent overview of how to quantify which persistent threats are the most dangerous. It provides nine areas to rank, in order to use as a metric to weight each and every threat.

By the time the reader gets to chapter 4 on profiling, they will likely be overwhelmed by the amount of work necessary to implement an effective cyber CI program, which is indeed the case. The amount of time to develop an APT program is for the most part unfeasible for most organizations. While the book does not get into the budgetary issues; CIO's, CISO's and other IT managers will likely have a difficult time getting any sort of budget to fund an APT program.

Part of the issue is that many firms don't have an effective IPS in place to they won't even know they are being attacked. In the majority of cases, the APT intrusion is not even discovered by the firm, rather an outside entity who notifies them. What is worse is the fact that in many cases, APT malware has been on the victim network often for years undetected.

In addition, in the same way in which people who are scammed once are often repeatedly scammed again; companies that are victims of an APT will often be repeat victims since the perpetrators may share that information with others.

A few of the authors have military and law enforcement background, which adds to their expertise and insights.

The book is meant to be used to pursue and prosecute the perpetrators of APT. With the exception of the military and a few Fortune 50 companies, the odds of effectively prosecuting APT perpetrators is quite small. Notwithstanding that difficulty, organizations misunderstand that they are under attack, and at least have some plan to assess their vulnerabilities.

This book is mainly an introduction to the topic, but does not provide a comprehensive strategy on how to implement an APT program. Such a reference would need to be at least a few times larger than this work.

There is a web site for the book, but it does not really do more than redirect you to Amazon and Barnes and Noble. Matthijs Koot has a detailed review of the book where he took the time to detail the hyperlinks to source the books web page should have had.

Reverse Deception: Organized Cyber Threat Counter-Exploitation may be overkill for most organization, but is nonetheless a necessary read to truly understand the danger.

For anyone looking to understand what APT's are and how to deal with them, the book provides a comprehensive and unparalleled overview of the topic by experts in the field.

If nothing else, the book provides the reader with an appreciation for how dedicated the perpetrators behind APT are. They are smart, sophisticated, have governments and military agencies on their side and they are numerous. One of the many challenges of dealing with the Chinese APT is that China can easily throw tens of thousands of highly-trained and sophisticated attackers at a target in the US, while the target may only be able to muster a few people to provide a cyber-defense.

One of the most important things to take from the book is the third word in the title – organized. Those carrying out APT are highly organized, prepared and meticulous. They often do things in a slow methodical manner to avoid detection. The book provides a detailed methodology to deal with such adversaries.

The downside is that the victim companies themselves lack that organization. Defending against APT requires much more than simply reading this invaluable text. It requires management support, budget, effective tools and a highly trained staff to correctly use those tools. The great advice in the book won't be of assistance if the team deployed does not know how to correctly use them.

While you will likely be outnumbered and outgunned when it comes to APT defense, Reverse Deception: Organized Cyber Threat Counter-Exploitation is a fascinating reference that ensures you won't go down without a fight.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Reverse Deception: Organized Cyber Threat Counter-Exploitation from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

benrothke writes "Advanced persistent threat (APT) is one of the most common information security terms used today and it is an undeniably real and dangerous menace. Wikipedia notes that APT's usually refer to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attack. Every organization of size and scope is a target, and many of the world's largest firms and governments have been victims. In Reverse Deception: Organized Cyber Threat Counter-Exploitation, Dr. Max Kilger and his co-authors provide an effective counterintelligence approach in which to deal with APT. The good news is that the authors provide an effective framework. The bad news is that creating an effective defense is not an easy undertaking." Keep reading below for the rest of Ben's review. Reverse Deception: Organized Cyber Threat Counter-Exploitation author Sean Bodmer, Dr. Max Kilger , Gregory Carpenter , Jade Jones pages 464 publisher McGraw-Hill Osborne Media rating 9/10 reviewer Ben Rothke ISBN 978-0071772495 summary Excellent reference in which to deal with advanced persistent threats When it comes to APT, the de facto perpetrator is China. The book shows how to pursue and hopefully prosecute the perpetrator. But that begs the questions, how many firms can realistically defend themselves against an adversary like China, RBN or nation state?

In the introduction, the authors note that deception is about behavior, both induced in the adversary and undertaken by the deceiver to exploit it. To deceive, the authors write, it is not sufficient to induce belief in the adversary; it is necessary also to prepare and execute the exploitation of resultant behavior. Once again, preparation and execution against a nation state is not a small endeavor.

Chapter 1 (available free here) sets the stage for the rest of the book and provides an overview of the topic and some examples of advanced and persistent threats, including Stuxnet, Operation Aurora, the RBN and more.

Being the biggest of all APT, China takes center stage in chapter 2 – What is Deception? That is nothing new as China has successful used deception for the last 2,000 years. China is referenced heavily in the book due to their extreme confidence and success in executing deception.

Chapter 3 – Cyber Counterintelligence(CI) details how to use CI to find the cyber-adversaries. The chapter provides both the basic investigative and operational techniques and tools, in addition to detailing how to use legal counsel to ensure that what you are doing is legal.

Chapter 5 gets into much more of the details around the legal issues, and what you can and can't do to your adversary. The chapter provides an excellent overview of how to quantify which persistent threats are the most dangerous. It provides nine areas to rank, in order to use as a metric to weight each and every threat.

By the time the reader gets to chapter 4 on profiling, they will likely be overwhelmed by the amount of work necessary to implement an effective cyber CI program, which is indeed the case. The amount of time to develop an APT program is for the most part unfeasible for most organizations. While the book does not get into the budgetary issues; CIO's, CISO's and other IT managers will likely have a difficult time getting any sort of budget to fund an APT program.

Part of the issue is that many firms don't have an effective IPS in place to they won't even know they are being attacked. In the majority of cases, the APT intrusion is not even discovered by the firm, rather an outside entity who notifies them. What is worse is the fact that in many cases, APT malware has been on the victim network often for years undetected.

In addition, in the same way in which people who are scammed once are often repeatedly scammed again; companies that are victims of an APT will often be repeat victims since the perpetrators may share that information with others.

A few of the authors have military and law enforcement background, which adds to their expertise and insights.

The book is meant to be used to pursue and prosecute the perpetrators of APT. With the exception of the military and a few Fortune 50 companies, the odds of effectively prosecuting APT perpetrators is quite small. Notwithstanding that difficulty, organizations misunderstand that they are under attack, and at least have some plan to assess their vulnerabilities.

This book is mainly an introduction to the topic, but does not provide a comprehensive strategy on how to implement an APT program. Such a reference would need to be at least a few times larger than this work.

There is a web site for the book, but it does not really do more than redirect you to Amazon and Barnes and Noble. Matthijs Koot has a detailed review of the book where he took the time to detail the hyperlinks to source the books web page should have had.

Reverse Deception: Organized Cyber Threat Counter-Exploitation may be overkill for most organization, but is nonetheless a necessary read to truly understand the danger.

For anyone looking to understand what APT's are and how to deal with them, the book provides a comprehensive and unparalleled overview of the topic by experts in the field.

If nothing else, the book provides the reader with an appreciation for how dedicated the perpetrators behind APT are. They are smart, sophisticated, have governments and military agencies on their side and they are numerous. One of the many challenges of dealing with the Chinese APT is that China can easily throw tens of thousands of highly-trained and sophisticated attackers at a target in the US, while the target may only be able to muster a few people to provide a cyber-defense.

One of the most important things to take from the book is the third word in the title – organized. Those carrying out APT are highly organized, prepared and meticulous. They often do things in a slow methodical manner to avoid detection. The book provides a detailed methodology to deal with such adversaries.

The downside is that the victim companies themselves lack that organization. Defending against APT requires much more than simply reading this invaluable text. It requires management support, budget, effective tools and a highly trained staff to correctly use those tools. The great advice in the book won't be of assistance if the team deployed does not know how to correctly use them.

While you will likely be outnumbered and outgunned when it comes to APT defense, Reverse Deception: Organized Cyber Threat Counter-Exploitation is a fascinating reference that ensures you won't go down without a fight.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Reverse Deception: Organized Cyber Threat Counter-Exploitation from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

hypnosec writes "Kim Dotcom has revealed that Megaupload's successor, Mega, which is reportedly launching on January 20, 2013, will be operating through a new domain name: Mega.co.nz. Through a tweet Dotcom announced that Mega has found a new home and that the new domain name is protected by the law. Dotcom also revealed that lobbyists won't be able to do anything about this, as 'judges are not influenced by politics in New Zealand.' Recent announcements about Mega's domain — Me.ga — didn't go as planned following a decision by the Government of Gabon to suspend the domain name. Dotcom had announced at the time that despite the blockage, Mega would launch as planned."

beeudoublez writes "Apple was ordered to pay $368 million today to a software company named VirnetX over patents related to Apple's FaceTime technology. Apple engineers testified they didn't pay attention to any patents when building FaceTime. 'The jury, which had sat through the five-day trial, ruled that Apple infringed two patents: one for a method of creating a virtual private network (VPN) between computers, and another for solving DNS security issues. ... It's not the first time VirnetX has won a payout from a major tech firm: the company bagged $105.7m from Microsoft two years ago, and it may not be the last either. VirnetX has a separate case against Apple pending with the International Trade Commission and it has court cases against Cisco, Avaya and Siemens scheduled for trial next year.'" It's not all bad news for Apple today, though — according to Ars, they've won a new patent for a rounded rectangle (D670,286).

hypnosec writes "Kim Dotcom's plan to launch a 'bigger, better, faster, stronger, safer' Megaupload successor, Mega, is already in peril as Gabon's government has suspended the domain me.ga . Announcing his decision, Gabon's Communication Minister Blaise Louembe said 'I have instructed my departments... to immediately suspend the site www.me.ga' in a bid to 'protect intellectual property rights' and 'fight cyber crime effectively.' Dotcom revealed through a tweet that he is in possession of an alternative domain name and that the recent suspension 'demonstrates the bad faith witch hunt the U.S. government is on.'"

New submitter Journe writes "Anonymous claims to have begun a hacking spree for the 5th of November. In their spree, they've laid waste to several Australian Government sites, and, for some reason, the site of Saturday Night Live. They also claim to have leaked VMware source code, along with user and employee info from Paypal and Symantec. There's some argument however that Anonymous is falsely taking claim for Symantec."

New submitter Journe writes "Anonymous claims to have begun a hacking spree for the 5th of November. In their spree, they've laid waste to several Australian Government sites, and, for some reason, the site of Saturday Night Live. They also claim to have leaked VMware source code, along with user and employee info from Paypal and Symantec. There's some argument however that Anonymous is falsely taking claim for Symantec."

Mr. Jaggers writes "Chris Roberts, game designer of Wing Commander fame, has had great success with his new crowd-funded Star Citizen project — so much that the $2m base goal has been smashed with weeks to go on the Kickstarter portion of the campaign. Now Chris is floating a list of stretch goals for fans to vote on, with Linux and Mac support both listed as stretch goal candidates. Since Star Citizen is based on the popular CryENGINE 3 game engine, these stretch goals are equivalent to funding Linux and Mac ports of CryENGINE. Chris couldn't make any absolute promises yet, since he doesn't own the engine, but CryENGINE 3 already supports Android, so at least there is existing OpenGL ES support to be leveraged towards adding Linux and Mac OpenGL support. If there is enough outpouring of cross-platform support from fans in this poll, Star Citizen could turn out to be the high-profile game that brings a AAA game engine to the growing Mac and Linux gaming communities — analogous to the role played by Wasteland 2 in bringing official Linux support to the Unity 4 engine popular among so many Indie developers."

Tonight marks the third and final U.S. Presidential debate in the lead-up to the election on November 6th. It starts at 9PM ET (6PM PT, 0100 UTC), and it's taking place at Lynn University in Florida. The topic this time around is foreign policy, including discussions of Afghanistan and Pakistan, Israel and Iran, America's role in the world, "The Changing Middle East and the New Face of Terrorism," and China's rise as a superpower. You can livestream it from the usual suspects: (C-SPAN, ABC, PBS, CNN). Politifact has posted an article fact-checking statements the candidates have made about foreign policy. Both they and Factcheck.org will be using Twitter to verify statements in real time. This presidential debate again excludes the smaller U.S. political parties. If you're interested in hearing other voices, you'll be able to see candidates from the Libertarian, Green, Constitution, and Justice parties in a debate tomorrow with Larry King moderating. As before, we're doing a separate post for the debate in the hopes that political talk won't clutter other stories tonight. Tell us what you think as the debate unfolds. For live conversation, remember: context helps. And, as reader Ryanator2209 keeps pointing out, you can entertain yourself by playing Logical Fallacy Bingo while you watch.

Tonight marks the third and final U.S. Presidential debate in the lead-up to the election on November 6th. It starts at 9PM ET (6PM PT, 0100 UTC), and it's taking place at Lynn University in Florida. The topic this time around is foreign policy, including discussions of Afghanistan and Pakistan, Israel and Iran, America's role in the world, "The Changing Middle East and the New Face of Terrorism," and China's rise as a superpower. You can livestream it from the usual suspects: (C-SPAN, ABC, PBS, CNN). Politifact has posted an article fact-checking statements the candidates have made about foreign policy. Both they and Factcheck.org will be using Twitter to verify statements in real time. This presidential debate again excludes the smaller U.S. political parties. If you're interested in hearing other voices, you'll be able to see candidates from the Libertarian, Green, Constitution, and Justice parties in a debate tomorrow with Larry King moderating. As before, we're doing a separate post for the debate in the hopes that political talk won't clutter other stories tonight. Tell us what you think as the debate unfolds. For live conversation, remember: context helps. And, as reader Ryanator2209 keeps pointing out, you can entertain yourself by playing Logical Fallacy Bingo while you watch.

snydeq writes "You don't need to be a programmer, but you'll solve harder problems faster if you can write your own code, writes Paul Venezia. 'The fact is, while we may know several programming languages to varying degrees, most IT ninjas aren't developers, per se. I've put in weeks and months of work on various large coding projects, but that's certainly not how I spend most of my time. Frankly, I don't think I could just write code day in and day out, but when I need to develop a tool to deal with a random problem, I dive right in. ... It's not a vocation, and it's not a clear focus of the job, but it's a substantial weapon when tackling many problems. I'm fairly certain that if all I did was write Perl, I'd go insane.'"

In an effort that took four months and $2000, instead of the quarter million dollars and two years they estimate it would have using conventional design methods, a group of University of Virginia engineering students has built and flown an airplane of parts created on a 3-D printer. The plane is 6.5 feet in wingspan, and cruises at 45 mph. I only wish this had been sponsored by Estes or Makerbot rather than the MITRE Corporation; it would be great for every high school or hobbyist group that can scrape together the printing time to have one of these on demand. (HT to Gaël Duval.)

It's been said that the mix of stories on Slashdot is like an omelet: linux and tech, mixed with science and Legos, and a few reviews and sci-fi folded in. It's not just the stories that are a good mix, however, it's the people behind them. Through the past 15 years, an unusual cast of characters have been responsible for keeping the site up and running and bringing you the stories you want to read. We've asked a number of them to write a few words about their time working here and to share a few memories. Below you'll find that some of our former employees don't know what "a few words" means, and a collection of what bringing you news for the past 15 years has been like. Chris DiBona
Right after they had switched from being Chips & Dips to Slashdot, I was working at a company called VA Research. VA Research, at the time, shipped Linux hardware to dotcoms and other people and that was groovy. I liked Slashdot. It was fun. That was really the only place to go to find people who gave a crap about Open Source and free software at the time.

I said to them, "Hey. What if I just send you some hardware so that you can beef up the site a bit." They're like, "Oh my god. That'd be so helpful. Please send it." I did, they got the hardware and it was pretty helpful, it seems. They re-wrote the [Ad Foo], ad servicing system at that point and we were the base ad, so if they had no ad to show, it'd just show a VA Research ad as a thank you to us.

That went on for a year and a half, two years, I want to say, except for in classic Rob, Jeff, me style. It showed the same ad for two years and we would know that the site was broken, or Ad Foo was hosed, because it would show the ad with chips that were four years out of date. That's how I got involved and how I got to know the guys

Nathan Oostendorp
My only real association with the site is with the technology, and what I remember about Slashdot is that it was an entirely "seat of the pants" affair - there were no patterns laid down to follow, it's not like there were a hundred other sites using MySQL and there wasn't much precedent for using a database backend in the first place -- it was routinely even condemned as being risky. We had this feeling of "okay we've discovered that using Perl and MySQL to create pages of HTML is pretty awesome" so we played around a lot. Slashdot was the main thing, but there were a bunch of other projects like DJ Hernandez, which was I guess an early version of Spotify, and the original Everything (cum Everything2) which was kind of a proto-wiki system.

Fundamental to Slashdot was the Story submission and moderation system, and then the comment system, and the several dozen (what would now be called RSS feeds) for "Slashboxes" which at the time were a lot of HTML regex cron jobs from yours truly. We had idea that all the information on the internet was going to be accessible, and Slashdot could be the channel for it. The universe we were living in, everything was accessible and Slashdot could be the "geek lens" for everything to flow thru.

Very quickly we started realizing that we had to make money doing this business and so we created an "open source ad system" called Ad-fu (Inspired by one of the quote by the X-Files Lone Gunmen "my kung-fu is the best"). I spent an inordinate amount of time building this system, which was quixotically designed to put DoubleClick out of business -- once you've mastered mod_perl and databases, scheduling ads and counting the results should be easy, right? Ad-fu was several weeks of my full-time effort and got us through about 18 months and the acquisition by Andover.Net, at which point it was migrated to their Ad System which was written in C and flat files "for scalability"...

After the acquisition my relationship with Slashdot was intermittent -- the "ajax-y" single-page comment system was originally based on a hacked-up prototype I did in grad school in the mid-00s. I got my black belt in Perl, MySQL, and web programming thanks to Slashdot, and it's served me well as a practitioner in the ensuing 15 years.

Rob "CmdrTaco" Malda
15 years ago I spent every spare moment building a website hosted on the silliest domain name I could think of. I ran polls asking how many shots my roommate should drink. I posted stories detailing personal art projects, or explaining how our car broke down driving from Michigan to North Carolina. Somewhere between then and now, amidst all the movie & kernel releases, technological breakthroughs, and ceaseless threats from governments and corporations, I came to understand that Slashdot was itself made out of The Stuff that Matters. My heartfelt thanks go out to everyone who remembers.

Jeff "Hemos" Bates
One of the things people often have asked about over the years is, how did you guys know you wanted to build this business? Yeah, well we didn't, is the reality. There was no Machiavellian plan, there is nothing like that, it was absolute sheer evolution, I think that's a good way to put it. Which made for some particularly interesting discussions with BC's and people who wanted to buy it in the early years. Because, they would ask things like, well what is your burn rate. And I would say, well the landlord likes to be paid and I like to eat, so there isn't one.

I think in terms of things that Slashdot did that meant a lot to me or I am proud of, I think the post-Columbine stuff that John Katz did. I know I just said John Katz so we might as well just turn on the troll radar right now. I like John just for the record.

John is a great, very thoughtful guy. And I think that what he did during Columbine, for giving a voice to the freaks and weirdoes, and by no means am I saying that, I don't even remember their names, Eric and Dylan, I guess? That what they did was a good thing. Not at all, that was a terrible, terrible thing. But, I think that the writing that he did and the discussions that happened around that was fantastic. I think that that is a situation that is the epitome of why sites like Slashdot and social media sites are so important and meaningful. It was knitting together people all across the country, and all across the world where they didn't have a lot of people around them that they could talk about this with. They had to go online to find a community that understood what it was that they were trying to say.

Jon Katz
Slashdot was an important place for me, if not a great fit. I loved the energy of the site, and the Linux ethic looks stronger now even than it did then. After Columbine, I wrote a series on the site called "Voices From The Hellmouth" and it was one of the most important pieces I ever did. If convention media had followed the idealism and values of Rob and Jeff, they might not now be such a shambles. Slashdot was a revolutionary website, a landmark in Internet history. I was very proud to have written there.

Emmett Plant
“You wrote for Slashdot?”

I get this a lot, even twelve years after I’d written my last piece. It happened again just two weeks ago, talking to a guy from InfoSec.

I was young, idealistic and had no idea what I was doing. I imagine that for most of us, this is still true. We didn’t write for a market or to capitalize on a trend. We wrote about things we liked, and tried to get other people to like them, too.

A cynical perspective could see Slashdot as a place where angry nerds gather and rant anonymously about the topics of the day, but it misses the point. It’s actually a place where hundreds of thousands of people show up to say, ‘Hey, look at this thing, isn’t it cool?’

Sometimes the answer is yes, sometimes it’s hell-no, but there’s always an answer.

Nerds are some of the weirdest people you’ll ever meet. They also tend to be intelligent, opinionated and enthusiastically kind. Twelve years later, Slashdot still makes that obvious -- Even when the readers are loudly complaining about software patents, arguing about intellectual property and demanding new Firefly.

“What was it like?”

Rob Malda had managed to learn most of Darth Maul’s moves, and was terrifying with a dual-bladed lightsaber toy. We knew every word to ‘Cowtown’by They Might Be Giants, and we broke out into song while driving down a highway in Michigan. The ‘geek compound’was actually a few houses at the end of a suburban cul-de-sac. Jeff Bates did a killer Dr. Evil impression, and was able to eat clementines at a terrifying pace. The one-and-only time I’d ever visited the aforementioned ‘compound,’I had a flu and was taking a terrifying amount of medication for it, which led to me saying wildly inappropriate things to people I’d just met. No one really seemed to care. I slept on CowboyNeal’s couch, and learned that Rob and I had not only run BBSes ‘back in the day,’but ran them on the same software as well.

I wrote a lot of pieces that I still enjoy to this day. I also wrote a lot of pieces that I’d prefer to never see again. I approved some stories that I shouldn’t have, and rejected a lot of stories that probably should have gotten more attention. Have I mentioned that I had no idea what I was doing?

I enjoyed my time at Slashdot tremendously, and I wouldn’t trade it for anything in the world. It’s unsettling to know that what you’re typing in vi tonight is going to be in front of more than a million smart people tomorrow morning. Then those smart people will be encouraged to comment on what you write, telling you exactly how much of an unparalleled genius/complete moron you are. They may even make a chart.

No matter what we had to say on the site back then, everything at the time was colored by money. The dot-com investment mania was at full strength, and there was a wildly inaccurate assumption that we were all hip-deep in filthy lucre. Writing about technology isn’t terribly lucrative, even if you’re writing for one of the most popular sites on the planet. Putting the technology to use is considerably more valuable: When I left tech writing and journalism to go back to work as an engineer, my income more-than-doubled.

“All good things...”

I left Slashdot to take over as the editor-in-chief of Linux.com, which ended up being a beautiful disaster. I went back to engineering for about a year, then took over as the CEO of the Xiph.org Foundation for a while, and then went back to engineering again. I started a production company and was able to fulfill childhood dreams by working on Star Trek and writing a lot of music for video games. My current time is divided between working in systems engineering, managing my production company and training for my private pilot certificate here in the Valley of the Sun.

I still love tech, and I still love sharing cool new things with people I barely know.

I still run Linux machines at home, at work and in outside projects.

I still think the DMCA is a terribly stupid piece of legislation.

I still throw down with pudge on political matters.

I still read Penny Arcade, run a BBS and hang with trekkies.

...and I’m on IRC right now.

Jonathan "CowboyNeal" Pater
My fondest memories of Slashdot are always those that surround the events when people came together to effect a positive change. Starting already in the site's infancy when there was a real push among our readers, spurred on by one of CmdrTaco's editorials, to open the source of Netscape. When it actually came to pass, it was clear that in addition to being a fun way to keep up on the news and waste some time during coffee breaks and slow work days, Slashdot could be a force for good as well. Years later, we still haven't been able to influence any sort of software patent reform, but, we can keep hoping.

I always enjoy the Slashdot interviews. We've been able to interview a diverse group of people that ranges from David Korn and Rob Pike, to mc Chris and Warren Ellis. I feel that that diversity is something that makes Slashdot more interesting than just a technology news site, and the ability to pass questions on to the interviewees from our readers makes for an interesting article.

The other memory foremost in my mind, is of the infamy of being the most ubiquitous Slashdot poll option of all time. I read not long ago via Wikipedia that this was because I was in charge of the polls, and had inserted myself into them. This isn't true at all, but because Wikipedia needs a source to quote, I feel that now for our 15th anniversary, is a good time to set the record straight. While I've never been fully "in charge" of the polls, I did make plenty of polls over the years, but I never put myself into one. The honor and prestige of starting that tradition belongs to Chris DiBona, and even after he moved on from Slashdot, the other editors managed to keep it alive. I'd like to both thank and forgive him, for starting the tradition. I never kept track if I ever won any of the polls, but I have to assume I won at least one of them. That time, whenever it might have been, was pretty sweet too.

Finally, I want to thank everyone who ever emailed me over the years. To be sure, it's often been a deluge of stuff to wade through every morning. I may or may not have had time to respond to your particular email, but I read all of them eventually, even the nasty ones. Thanks for writing me, but most of all, thanks for reading the site. It's the readers that make everything possible.

benrothke writes "When Bruce Schneier first published Applied Cryptography in 1994, it was a watershed event, given that is was one of the first comprehensive texts on the topic that existed outside of the military. In the nearly 20 years since the book came out, a lot has changed in the world of encryption and cryptography. A number of books have been written to fill that gap and Everyday Cryptography: Fundamental Principles and Applications is one of them. While the title may give the impression that this is an introductory text; that is not the case. Author Keith Martin is the director of the information security group at Royal Holloway, a division of the University of London, and the book is meant for information security professionals in addition to being used as a main reference for a principles of cryptography course. The book is also a great reference for those studying for the CISSP exam." Read below for the rest of Ben's review. Everyday Cryptography: Fundamental Principles and Applications author Keith M. Martin pages 592 publisher Oxford University Press rating 9/10 reviewer Ben Rothke ISBN 978-0199695591 summary Excellent fundamental text on essentials of cryptography While the book notes that almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematical techniques underpinning cryptographic mechanisms. That might be a bit of a misnomer as the book does get into the mathematics of cryptography. While the mathematics in the book is not overwhelming, they are certainly not underwhelming. For those that want a deeper look, the book includes an appendix for many of the mathematical concepts detailed in the book.

Two benefits of the book are that it stresses practical aspects of cryptography and real-world scenarios. The mathematics detailed avoids number throaty with a focus on practicability. It also shows how cryptography is used as the underlying technology behind information security, rather than simply focusing on the abstracts of the potential of cryptography.

With that, the books 13 (made up of 4 parts) chapters provide a comprehensive overview of the theory and practice around all as aspects of contemporary cryptography. Each of the chapters end with a summary, detailed lists of items for further reading, and sets of penetration questions that challenge the reader. Readers are advised to spend time on these questions as it is often easy for the reader to feel that they understand the material. The questions can quickly humble the reader and show them that it may not be the case.

Part 1 is titled Setting the Scene and provides a comprehensive introduction to the fundamental of cryptography. Chapter 1 (freely available here) details the basic principles about cryptography and provides a high-level introduction.

Chapter 2 provides a good overview of the history of cryptography. It details a number of obsolete, yet historically relevant ciphers, such as the Vigenère cipher from the 1500's, to the Playfair cipher from the mid-1800's and others. Martin provides a good overview of the cryptanalysis of the Vigenère cipher and lessons learned from it.

Chapters 4-9 comprise part 2, and provide a thorough overview of the various forms of encryption (symmetric and asymmetric) and digital signatures. This section gets into some of the deeper mathematics of cryptography. While the author states that almost no prior knowledge of mathematics is needed; those without a background will surely be confused by some of the material.

Chapter 7 closes with a good overview of the relationship between digital signatures and handwritten signatures. The author notes the importance of resisting any temptation to consider digital signatures as a direct electronic equivalent of handwritten signatures. He then provides a detailed outline of the environmental, security, practical and flexibility differences between them.

Key management is one of the most important aspects of cryptography and often the most difficult to execute on. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the crypto system. The 2 chapters in part 3 provide a thorough synopsis of the fundamentals of key management.

Part 4 closes the book with two chapters on practical cryptographic applications. Chapter 12 details how cryptography can be used on the internet, secure payment cards, video broadcasting and more.

The book concludes with an appendix on the mathematics of cryptography, which takes a look at the basic mathematical concepts the underlie some of the material in the book.

This book is not for the fainthearted and is not an introductory text on the topic. It is meant for the advanced reader or someone taking a college level course. For such a reader serious about a significant overview of the essentials on the topic, Everyday Cryptography: Fundamental Principles and Applications is an excellent reference.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Everyday Cryptography: Fundamental Principles and Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

another random user writes "A researcher by the name of Suriya Prakash has claimed that the majority of phone numbers on Facebook are not safe. It's not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook's 600 million mobile users), but his demonstration certainly showed he could collect countless phone numbers and their corresponding Facebook names with very little effort. Facebook has confirmed that it limited Prakash's activity but it's unclear how long it took to do so. Prakash disagrees with when Facebook says his activity was curtailed." Update: 10/11 17:47 GMT by T : Fred Wolens of Facebook says this isn't an exploit at all, writing "The ability to search for a person by phone number is intentional behavior and not a bug in Facebook. By default, your privacy settings allow everyone to find you with search and friend finder using the contact info you have provided, such as your email address and phone number. You can modify these settings at any time from the Privacy Settings page. Facebook has developed an extensive system for preventing the malicious usage of our search functionality and the scenario described by the researcher was indeed rate-limited and eventually blocked." Update: 10/11 20:25 GMT by T : Suriya Prakash writes with one more note: "Yes, it is a feature of FB and not a bug.but FB never managed to block me; the vul was in m.facebook.com. Read my original post. Many other security researchers also confirmed the existence of this bug; FB did not fix it until all the media coverage." Some of the issue is no doubt semantic; if you have a Facebook account that shows your number, though, you can decide how much you care about the degree to which the data is visible or findable.

SpaceX's first regular launch to the International Space Station is set to go off at 8:35 (Eastern time) Sunday evening; the first SpaceX launch to successfully reach the ISS was more of a test, though it did bring some goodies to the crew. Wired has a live video feed in place. Slashdot reader Lee Sheridan is in Florida for the launch; if you're one of the billion Facebook users, his photos of the mission briefing and Falcon 9 lift vehicle being lifted to vertical are public. The SpaceX twitter feed might be fun to watch, too. Update: 10/08 00:09 GMT by T : Bonus points for intelligent parsing of the acronym-laden communications on the live feed.

theodp writes "File this one under it-seemed-like-a-good-idea-at-the-time. The Filter digital agency decided to show off their Steve Jobs spirit on the first anniversary of Jobs' death by declaring Friday Steve Jobs dress-up day. But where things really took a turn for the worse was in Seattle, where Filter employees took it to the local Apple Store where they formed a Flash Mob of Steve Jobs dress-alikes dancing Gangnam Style. Hey, even our best of intentions sometimes go awry."

theodp writes "File this one under it-seemed-like-a-good-idea-at-the-time. The Filter digital agency decided to show off their Steve Jobs spirit on the first anniversary of Jobs' death by declaring Friday Steve Jobs dress-up day. But where things really took a turn for the worse was in Seattle, where Filter employees took it to the local Apple Store where they formed a Flash Mob of Steve Jobs dress-alikes dancing Gangnam Style. Hey, even our best of intentions sometimes go awry."

itwbennett writes "That army of robotic assembly line workers we mentioned yesterday apparently can't get started soon enough. As many as 3,000-4,000 workers are on strike at Foxconn's Zhengzhou factory, upset at stricter quality control requirements with the iPhone 5 and having to work through a national holiday this week. 'According to workers, multiple iPhone 5 production lines from various factory buildings were in a state of paralysis for the entire day,' China Labor Watch said. Sina Weibo and Tencent Weibo are both blocking searches in Chinese for 'Foxconn strikes.'"

linjaaho writes "A group of Finnish mathematics researchers, teachers and students write an upper secondary mathematics textbook in a three-day booksprint. The event started on Friday 28th September at 9:00 (GMT+3) and the book will be (hopefully) ready on Sunday evening. The book is written in Finnish. The result — LaTeX source code and the PDF — is published with open CC-BY-license. As far as the authors know, this is the first time a course textbook is written in three-day hackathon. The hackathon approach has been used earlier mainly for coding open source software and writing manuals for open source software. The progress can be followed by visiting the repository at GitHub or the project Facebook page."

benrothke writes "Today's handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed." Read on for the rest of Ben's review. Digital Forensics for Handheld Devices author Dr. Eamon P. Doherty pages 336 publisher CRC Press rating 8/10 reviewer Ben Rothke ISBN 978-1439898772 summary Valuable reference for digital forensics In Digital Forensics for Handheld Devices, author Eamon Doherty provides an invaluable resource on how one can obtain data, examine it and prepare it as evidence for court. One of the reasons many computer crime cases fail to be prosecuted is that the evidence was not properly handled and could therefore not be admitted into court.

Once of the first things a defense attorney will do in a computer crime case is to attack how the digital evidence was obtained and preserved. In far too many cases, it was done incorrectly and the evidence, no matter that it may be a smoking gun, can't be admitted into court. The case then is dismissed, to the chagrin of the victim.

The books 8 chapters of nearly 300 pages are densely packed text, where Doherty brings significant real-world experience to every chapter. As the cybercrime training lab director at Fairleigh Dickinson University, he brings both an academic formality in additional to real-world experience in this highly tactical guide.

Chapter 1 details cell phone forensics. After a brief introduction to the history of the cell phone, it details the entire inner workings of a cell phone. The chapter also details differences in cell phones worldwide. An important fact is that many Asian countries have cell phones available 12-18 months before they appear in the US. With that, American forensic investigators need to be cognizant of this when entering into an investigation.

The chapter includes an overview of the Susteen Secure View application which is an extremely powerful tool for the mobile phone forensic investigator. Besides that tool, in each chapter, Doherty lists many tools that provide specific assistance to the topic at hand. The book is worth it for those listings alone.

Chapter 2 is similar to the previous chapter except this is about digital camera forensics. The chapter provides a detailed overview of how digital cameras operate and how the underlying hardware works. The chapter includes an extremely comprehensive overview of seemingly every tool available to investigate images on a digital camera.

The chapter also includes a number of fascinating case studies on how to effectively perform a forensics analysis of a digital camera. It concludes with an observation that when considering a career in forensics, as fascinating as it is; it may not be for everyone.

Doherty notes that as a forensics investigator, the examiner is often exposed to disturbing material. He quotes a report that studied investigators from over 500 agencies who had been exposed to child pornography during investigation of crime involving child exportation. The report noted an alarming 35% of the participants had problems arising from work exposure to child pornography.

Chapter 5 provides an extremely detailed look at forensics investigation on a corporate network. Throughout the book, Doherty stresses the need for effective chain of custody and other issues to preserve digital evidence. It is imperative to preserve the integrity of the digital evidence obtained from the time it was seized until it is presented in court.

To facilitate this, the book states a best practice to use checklists to ensure nothing is forgotten. The importance of checklists has been detailed in The Checklist Manifesto: How to Get Things Right where author Atul Gawande makes a compelling case for the use of checklists.

As to evidence and checklists, Doherty writes that once the evidence is obtained, a chain of custody form should be filled out. Each time the evidence is copied, processed, or transported, it should be documented on the chain of custody form. If others receive a copy of the evidence for prosecution or defense purposes, they too should sign for it. This is an imperative if it expected that the evidence would end up in court or be used for human resources purposes. But at the corporate setting detailed in chapter 5, that same level of diligence is not necessarily required.

Chapter 5 also has overviews of nearly 50 different forensic tools for every imaginable purpose.

While the book has exploratory and technical overviews on many tools and numerous case studies, this is not an introductory text on the subject. It is meant for someone with a technical background that is looking for a technical reference to gain competence on the topic of digital forensics.

The only lacking of the book is that while the author is an expert on the topic and the tools, the writing style is one that screams out for an editor. The text suffers from run on sentences and repetition of defining the same acronym, in addition to other readability issues. The book is pervasive its use of passive voice that can be annoying to many readers. It is hoped that the second edition of this book will be updated with the current tools of the time and a good re-editing of the text to ensure its readability doesn't suffer.

Aside from the grammatical issues, for those looking for a very hands-on guide to gain proficiency on the topic, Digital Forensics for Handheld Devices is a valuable reference. Dr. Eamon Doherty has a unique perspective in that he has academic, law enforcement and very practical experience, which is manifest in every chapter.

The notion of digital forensics is seize it, examine it and then prepare it for evidence in court. In Digital Forensics for Handheld Devices, you found out how to do just that.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

TechCrunch reports that Apple, facing a substantial backlash (and some snarky competitive advertising) over goofs in the mapping software included in iOS 6, is going after the problem with a hiring spree. Here's TechCrunch's lead: "Apple is going after people with experience working on Google Maps to develop its own product, according to a source with connections on both teams. Using recruiters, Apple is pursuing a strategy of luring away Google Maps employees who helped develop the search giant’s product on contract, and many of those individuals seem eager to accept due in part to the opportunity Apple represents to build new product, instead of just doing 'tedious updates' on a largely complete platform." Meanwhile, writes reader EGSonikku "Well known iOS hacker Ryan Perrich has gotten the iOS5 Google Maps application to run on iOS6 using 'a little trickery.' (YouTube demonstration.) He has not released it yet due to crashing issues but states 'it mostly works.'"

An anonymous reader writes "A year after a windfall $10 million in venture capital, and after a community stir over one man's attempt to Kickstarter a project to manufacture the open source Replicator with a lower price tag, it appears that MakerBot Industries is going closed source on their new model 3d printer, the Replicator 2. Josef Prusa, core developer of the widely known RepRap printer (the basis for previous MakerBot models) has confirmed the sad news, with a stunned tweet, and is organizing an 'Occupy Thingiverse,' to protest the apparent theft of others' work."

gbrumfiel writes "The Astronomical Unit (AU) is known to most as the distance between the Earth and the Sun. In fact, the official definition was a much more complex mathematical calculation involving angular measurements, hypothetical bodies, and the Sun's mass. That old definition created problems: due to general relativity, the length of the AU changed depending on an observer's position in the solar system. And the mass of the Sun changes over time, so the AU was changing as well. At the International Astronomical Union's latest meeting, astronomers unanimously voted on a new simplified definition: exactly 149,597,870,700 meters. Nobody need panic, the earth's distance from the sun remains just as it was, regardless of whether it's in AUs, meters, or smoots."

New submitter notscientific writes "Renewable sources of energy are obviously a hit but they have as yet failed to live up to the hype. A new study in Nature Climate Change shows however that there is more than enough power to be harnessed from the wind to sustain Earth's entire population... x200! To generate energy from the wind, we may however need to set up wind farms at altitudes of 200-20,000 metres. To be fair, the study is purely theoretical and does not look at the feasibility of such potential wind farms. Regardless, the paper does provide a major boost to backers of wind-generated energy. Science has confirmed that the sky's the limit."

Hugh Pickens writes "Shane Goldmacher writes that a network of look-alike campaign websites have netted hundreds of thousands of dollars this year in what some are calling a sophisticated political phishing scheme. The doppelgänger websites have the trappings of official campaign pages: smiling candidate photos and videos, issue pages, and a large red "donate" button at the top and exist for nearly three-dozen prominent GOP figures, including presidential nominee Mitt Romney, House Speaker John Boehner, House Majority Leader Eric Cantor, and donation magnets such as Reps. Michele Bachmann of Minnesota and Allen West of Florida. The only difference is that proceeds from the shadow sites go not to the candidates pictured, but to an obscure conservative group called CAPE PAC run by activist Jeff Loyd, a former chairman of the Gila County GOP in Arizona. 'The only thing they are doing is lining their pockets and funding their own operation,' says Republican political strategist Chris LaCivita. CAPE PAC has a strong Web presence, with over 100,000 followers on Twitter and 50,000 on Facebook and its business model is to buy Google ads — about $290,000 worth, as of the end of June — to promote its network of candidate sites whenever people search for prominent GOP officials. A search for 'Mitt Romney,' for instance, often leads to two sponsored results: Romney's official site and CAPE PAC's mittromneyin2012.com. Once on a CAPE PAC site, users would have to notice fine print at either the top or bottom of the page revealing that they were not on the official page of their favored politician. A dozen donors, including some experienced Washington hands such as Neusner, had no idea they had contributed to the group before National Journal Daily contacted them. 'It confused me, and I do this for a living,' says Washington lobbyist Patrick Raffaniello. 'That's pretty sophisticated phishing.'"

linjaaho writes "Senja Larsen, who runs popular Facebook study group Senja teaches you Swedish, collected $14,161 via Kickstarter's crowd funding service. The project caught much media attention in Finland (TV and all major newspapers), since it is the first crowdfunded book project in this country, and among the first Finnish crowdfunded projects. (Previous ones include the movie Iron Sky, the role-playing game Myrskyn Sankarit, and the Wishbone headphone wire manager). Now, after successfully collecting the funds for the book (and after the book has been edited and printed), the National Police Board of Finland has asked Senja to submit a statement [PDF; Finnish] concerning using crowdfunding to finance a project [PDF; Finnish] and the terminology used. It is possible that all the funding collected must be returned. The main problem is that direct translations of terminology at Kickstarter, such as 'bounty' and 'support,' are interpreted to mean collecting money without giving anything back, and this kind of operation requires a permit which can be only given to associations, not to private persons, and it takes long to apply for such permit."

hypnosec writes "A Twitter-based system managed to detect the earthquake off the Philippines before any other advanced spotting systems being used by Seismologists. The U.S. Geological Survey uses the micro-blogging site to quickly gather information about earthquakes around the globe through the use of a system — Twitter Earthquake Detection (TED) — which beat out USGS's own sensors on Friday when it came to detecting a 7.6 magnitude earthquake off the Philippine coast. The TED system gathers earthquake related messages (Tweets) in real time from Twitter. The system takes into consideration various parameters like place, time, keywords, and photographs of affected places where tremors have been detected. Online information posted by people — Tweets, in this case — can be picked up faster by researchers, compared to scientific alerts that may take up to 20 minutes."

Nerval's Lobster writes "Did images of Nokia's upcoming Windows Phone 8 smartphones leak a few days early? That's the question after a Twitter feed, @evleaks, posted a set of images early on Aug. 31. The first, it claimed, was of the '4.3-inch Nokia Lumia 820,' while the second purported to show the '4.5-inch Nokia Lumia 920 with PureView.' Corporate-sanctioned leaks are a fairly regular thing in the tech world, but they tend to follow well-defined patterns: a public-relations executive — wait, sorry, 'unnamed source' — will email a journalist with an image of an upcoming device, for example, or a disgruntled former engineer will data-dump information onto their blog. Glossy publicity images originating from a new, relatively unknown Twitter feed is less common, although the Twitter feed in question has leaked other images in the past."

Nerval's Lobster writes "Did images of Nokia's upcoming Windows Phone 8 smartphones leak a few days early? That's the question after a Twitter feed, @evleaks, posted a set of images early on Aug. 31. The first, it claimed, was of the '4.3-inch Nokia Lumia 820,' while the second purported to show the '4.5-inch Nokia Lumia 920 with PureView.' Corporate-sanctioned leaks are a fairly regular thing in the tech world, but they tend to follow well-defined patterns: a public-relations executive — wait, sorry, 'unnamed source' — will email a journalist with an image of an upcoming device, for example, or a disgruntled former engineer will data-dump information onto their blog. Glossy publicity images originating from a new, relatively unknown Twitter feed is less common, although the Twitter feed in question has leaked other images in the past."

snydeq writes "You want the best and the brightest money can buy. Or do you? Andrew Oliver offers six hard truths about 'rock-star' developers, arguing in favor of mixed skill levels with a focus on getting the job done: 'A big, important project has launched — and abruptly crashed to the ground. The horrible spaghetti code is beyond debugging. There are no unit tests, and every change requires a meeting with, like, 40 people. Oh, if only we'd had a team of 10 "rock star" developers working on this project instead! It would have been done in half the time with twice the features and five-nines availability. On the other hand, maybe not. A team of senior developers will often produce a complex design and no code, thanks to the reasons listed below.'"

Lashat writes "News of trouble at cloud gaming provider OnLive is trickling out of various sources. According to Forbes, all employees received their walking papers today. Rumors of a shutdown, buyout, or re-formation as a new company are plentiful, but the company hasn't announced anything yet. The article quotes an email sent to InXile CEO Brain Fargo from an employee within the company: 'I wanted to send a note that by the end of the day today, OnLive as an entity will no longer exist. Unfortunately, my job and everyone else's was included. A new company will be formed and the management of the company will be in contact with you about the current initiatives in place, including the titles that will remain on the service. It has been an absolute pleasure working with you and I'm sure our path with cross again.' OnLive's Director of Corporate Communications told Forbes, 'No, let me be clear. We are not going out of business.'" While the question of whether OnLive-as-an-entity will continue is still up in the air, an internal source confirmed to Gamasutra that OnLive's entire staff has been laid off, and OnLive employees were seen outside headquarters with 'moving boxes.' Kotaku says the company has filed for protection against creditors in California (not bankruptcy, but similar).

New submitter atsabig10fo writes "Twitter has finally released the hinted-at changes to their API, which include limiting the number of users for third party clients, per-endpoint rate limiting, and restrictions on how tweets can be displayed and posted. Twitter's Michael Sippey wrote, 'One of the key things we've learned over the past few years is that when developers begin to demand an increasingly high volume of API calls, we can guide them toward areas of value for users and their businesses. To that end, and similar to some other companies, we will require you to work with us directly if you believe your application will need more than one million individual user tokens.' Third party app developers are certainly going to be sweating these changes, and it puts the future of new development in question."

hypnosec writes "Anonymous has claimed a new attack on Sony's PlayStation Network, and this time around it seems they have information from nearly 10 million user accounts. As a proof of the hack they dumped more than 3000 credentials online in the form of a pastebin post. The notorious hacktivist group is claiming that the entire set of hacked credentials contains over 10 million PSN accounts and that the file is of around 50GB." Update: 08/16 13:12 GMT by S : Sony has denied this claim.

Grumbleduke writes "Anton Vickerman, who owned SurfTheChannel.com, has been sentenced to 4 years in prison following his conviction last month for 'conspiracy to defraud.' This is the first successful prosecution of an individual in the UK for running a website merely linking to allegedly infringing content (several earlier cases collapsed or resulted in acquittals). Vickerman was prosecuted for the controversial offense of 'conspiracy to defraud' for 'facilitating copyright infringement,' rather than for copyright infringement itself, and it is worth noting that the relevant copyright offense carries a maximum prison sentence of only two years — half of what was given. FACT, the Hollywood-backed enforcement group who were heavily involved in the prosecution noted that the conviction 'should send a very strong message to those running similar sites that they can be found, arrested and end up in prison,' but it remains to be seen whether this will have any effect on pirate sites, or encourage development of the largely hopeless legal market for online film."

benrothke writes "In the documentary Scared Straight! a group of inmates terrify young offenders in an attempt to 'scare them straight'" (hence the show's title) so that those teenagers will avoid prison life. A 2002 meta-analysis of the results of a number of scared straight and similar intervention programs found that they actively increased crime rates, leading to higher re-offense rates than in control groups that did not receive the intervention. For those considering the use of social media in their business, it is quite easy to read Navigating Social Media Legal Risks: Safeguarding Your Business as a scared straight type of reference. Author Robert McHale provides so many legal horror stories, that most people would simply be too afraid of the legal and regulatory risks to every consider using social media." Keep reading for the rest of Ben's review. Navigating Social Media Legal Risks: Safeguarding Your Business author Robert McHale and Eric Garulay pages 320 publisher Que rating 10/10 reviewer Ben Rothke ISBN 978-0789749536 summary Definitive guide to social media law for the layman But the reality is that social media is becoming required for nearly every business. With that, Navigating Social Media Legal Risks, author and attorney Robert McHale, with Eric Garulay, provide a fascinating and invaluable reference to any organization that wants to use social media, and not violate any of the myriad state, federal and international laws and regulations.

Social media makes it relatively easy for organizations to find and retain customers and increase sales, amongst many other benefits. At the same time, it can expose an organization to significant and highly-expensive legal risks and issues, and find themselves at the receiving end of a subpoena.

The books 12 chapters take a look at various aspects of social media and details how to use them in a legal and judicious manner.

In chapter 1, the book details social media promotions law around contests and sweepstakes. People often use the terms contest and sweepstake interchangeably, but the words have very different meanings. There are various contests and sweepstakes laws that must be dealt with before these promotions can commence. Often web sites will combines elements of contests and sweepstakes, include prizes, chances and considerations, which in turn make it a lottery. The issue is that it is illegal for most entities to create a lottery. So if not done correctly, a simple contest can turn into a costly legal mess.

Chapter 2 deals with online endorsements and testimonials. Any company that will use online endorsements and testimonials in their advertising must ensure that they are following all truth in advertising laws. The book details numerous areas where regulators have launched investigations and taken enforcement actions against violators. The book notes that one rogue blogger will not likely trigger a law enforcement action if your company has a reasonable training and monitoring program in place.

Chapter 5 shows how to manage the legal risks of UGC (user-generated content). UGC can drive significant amounts of traffic to a web site, but also creates legal risks.

Organizations can find protection from UGC via the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act of 1996 (CDA). But those firms that want to enjoy the protections of the DMCA and CDA are required to fully comply with a very detailed set of legal requirements, leaving them very little room for error. The chapter details how to avoid those errors.

The book has scores of examples of things many readers may not have thought about. For example, chapter 8 writes of the Anticybersquatting Consumer Protection Act (ACPA). The purpose of the ACPA is to protect consumers and American businesses and provide clarity in the law for trademark owners by prohibiting the bad-faith and abusive registration of distinctive marks as Internet domain names with the intent to profit from the goodwill associated with such marks-a practice commonly referred to as cybersquatting.

Yet what about the post-domain path of a URL, which is everything after the domain name. Of which question is, are post-domain path names protected under the ACPA? For example, is the post-domain path of twitter.com/Boeing owned by Boeing or simply the person who registered it first? The courts are grappling with that and similar questions.

In chapter 9, the authors detail the need for designing a geolocation data security plan. This is particularly important for firms that handle consumer's geolocation data. Such a plan is particularly important given that the tracking, storage and sharing of precise geolocation information is becoming increasingly subject to legal and regulatory requirements..

The book concludes with 10 social media lessons that details some noteworthy social media business entanglements and the lessons that businesses must learn from them. A few of these include: your Twitter hashtag can be used against your, do not pay for or use false endorsements and other invaluable lessons. The advice in these 10 tips alone are worth the price of the book.

Each chapter ends with detailed tactical lists of dos and donts around the specific topic.

The book should be required reading for every organization. Even those firms that have completely rejected any form of corporate social media interaction can still be held liable for actions of their employees. So such firms can't simply bury their head in the sand.

At $30, Navigating Social Media Legal Risks: Safeguarding Your Business is the cheapest legal advice you can get, and is worth every penny. If you are looking for crystal clear and detailed advice on social media law, you won't find a better book.

The world of social media is fraught with legal danger which can be quite expensive and embarrassing to recover from. It lives up to its title, and provides an outstanding path to navigate the dangerous waters of social media.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Navigating Social Media Legal Risks: Safeguarding Your Business from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

caseyb89 writes "If it weren't for open source technology, you wouldn't be able to tweet. Chris Aniszczyk, Open Source Manager at Twitter, shares how open source is vital to Twitter's success. He states that using open source is a 'no-brainer' for Twitter because it 'allows us to customize and tweak code to meet our fast-paced engineering needs as our service and community grows.' Twitter also established an open source office about a year ago to support a variety of open source organizations that are important to them. Aniszczyk will discuss Twitters open source usage in his keynote at LinuxCon."

caseyb89 writes "If it weren't for open source technology, you wouldn't be able to tweet. Chris Aniszczyk, Open Source Manager at Twitter, shares how open source is vital to Twitter's success. He states that using open source is a 'no-brainer' for Twitter because it 'allows us to customize and tweak code to meet our fast-paced engineering needs as our service and community grows.' Twitter also established an open source office about a year ago to support a variety of open source organizations that are important to them. Aniszczyk will discuss Twitters open source usage in his keynote at LinuxCon."

The Mars Science Laboratory, a.k.a. Curiosity, is now less than an hour from touchdown on Mars. It's scheduled to land at 1:31 AM EDT (0531 UTC). The landing will be monitored by the Odyssey orbiter, which will be the data relay between Curiosity and Earth. The Mars Reconnaissance Orbiter will be listening to Curiosity as well (yes — two of our probes orbiting another world will be watching a third). While Odyssey will be giving us close to real-time updates (as close as possible, given the 14-minute time delay), MRO's data will take a bit longer to be processed and evaluated. NASA is broadcasting from the JPL mission room right now. If you'd like to watch a pretty awesome graphical visualization of the mission, check out eyes.nasa.gov. If you'd like to play around with a Java app showing Mars-local times and seasons, check out Mars24. If you'd like to watch unofficial coverage, Bad Astronomer Phil Plait and a bunch of other astronomers are hosting a public Google Hangout. If you'd like to read a detailed explanation of the landing, checkout NASA's press kit (PDF), and there's also a post about what to expect when the rover starts sending pictures back to Earth, which will be about two hours after the rover lands. Good luck to everyone involved! We'll update this post when we get word on the landing.
Update: 08/06 05:33 GMT by S : Curiosity is on the ground! Everything looks nominal, and everybody at JPL is cheering. Congratulations, folks. They're continuing to receive telemetry from Odyssey, and the connection is strong. They've now received the first images back from Mars of Curiosity on the ground. A press briefing is scheduled in a little bit (2:15AM EDT, 0615 UTC), and several more throughout the day as more data comes back.

The Mars Science Laboratory, a.k.a. Curiosity, is now less than an hour from touchdown on Mars. It's scheduled to land at 1:31 AM EDT (0531 UTC). The landing will be monitored by the Odyssey orbiter, which will be the data relay between Curiosity and Earth. The Mars Reconnaissance Orbiter will be listening to Curiosity as well (yes — two of our probes orbiting another world will be watching a third). While Odyssey will be giving us close to real-time updates (as close as possible, given the 14-minute time delay), MRO's data will take a bit longer to be processed and evaluated. NASA is broadcasting from the JPL mission room right now. If you'd like to watch a pretty awesome graphical visualization of the mission, check out eyes.nasa.gov. If you'd like to play around with a Java app showing Mars-local times and seasons, check out Mars24. If you'd like to watch unofficial coverage, Bad Astronomer Phil Plait and a bunch of other astronomers are hosting a public Google Hangout. If you'd like to read a detailed explanation of the landing, checkout NASA's press kit (PDF), and there's also a post about what to expect when the rover starts sending pictures back to Earth, which will be about two hours after the rover lands. Good luck to everyone involved! We'll update this post when we get word on the landing.
Update: 08/06 05:33 GMT by S : Curiosity is on the ground! Everything looks nominal, and everybody at JPL is cheering. Congratulations, folks. They're continuing to receive telemetry from Odyssey, and the connection is strong. They've now received the first images back from Mars of Curiosity on the ground. A press briefing is scheduled in a little bit (2:15AM EDT, 0615 UTC), and several more throughout the day as more data comes back.

schwit1 writes with news from London that Olympic venues are being patrolled by so-called "Wi-Fi police," who seek out and shut down unauthorized access points and hotspots. BT is the "official communications services provider" for the Games, so access points other than the ones they set up or approve have been disallowed. A picture tweeted from the Olympics shows a gentleman carrying a portable direction antenna that can localize sources of transmission and interference. "One possible aim of shutting down such WiFi access points is to cut down on interference with essential wireless communications being used by those refereeing, reporting on and working at the sporting events. ... The news of the WiFi crackdown has angered many of those following the Games online, who were already upset at Olympic authorities' attempts to limit the use of social networking tools at the Games at certain times. The London Olympics had been billed as the first 'social media Games,' but organizers have been accused of bungling the effort to seamlessly integrate popular technologies like Twitter and Facebook into the event."

snydeq writes "While Apple and Samsung fight over patents and prototypes, other copyright trolls are waging an X-rated battle on innocent users, as lawyers representing some adult movie companies are sending letters accusing users of illegally downloading their movies and saying that, for a price, they can make the charges go away. 'Cases like this, usually involving pornographic content, are very common,' Mitch Stoltz, a staff attorney for the Electronic Frontier Foundation said. At least 250,000 individuals have been named in group lawsuits over the last few years. There's a very common belief that if someone pirates your Wi-Fi connection or uses your computer without your permission, you are responsible for illegal downloads of copyrighted material. That's not true, says Stoltz; the law is quite clear. However, the lawyers who bring those cases use that misperception to convince innocent people that they had better pay up. Since $3,500 is just a fraction of the money it would take to fight a case in court, most people simply settle."

colinneagle writes "Twitter today launched a new tool that leverages its estimated 400 million daily Tweets to gauge public opinion on the candidates for the 2012 presidential election. Progress in political polling is long overdue, and with Twitter providing a constant, international conversation for web users to join or leave at their own will, there may not be a better time than now to make that change. However, there are some concerns. One of the interesting points made in Twitter's description of its new tool is where it claims to be 'illustrating instances when unprompted, natural conversation deviates from responses to specific survey questions.' That assumes conversation on Twitter is natural. If parody accounts, Twitter trolls, and spam bots have taught us anything (and they usually don't), it's that Twitter conversation can be manipulated just as easily as it can be used naturally. How will Twitter distinguish between positive Tweets coming from voters or news outlets and those from spam bots designed to drive the conversation surrounding a candidate one way or the other? How easy could it be for an organization with a vested interest in positive poll numbers for one candidate to craft an army of Twitter bots designed to drive Barack Obama's positive numbers down, or vice versa? How many people reading the data, which is sure to make its way to TV news as election coverage increases in the coming months, will be aware that Tweets can be manipulated?"

colinneagle writes "Twitter today launched a new tool that leverages its estimated 400 million daily Tweets to gauge public opinion on the candidates for the 2012 presidential election. Progress in political polling is long overdue, and with Twitter providing a constant, international conversation for web users to join or leave at their own will, there may not be a better time than now to make that change. However, there are some concerns. One of the interesting points made in Twitter's description of its new tool is where it claims to be 'illustrating instances when unprompted, natural conversation deviates from responses to specific survey questions.' That assumes conversation on Twitter is natural. If parody accounts, Twitter trolls, and spam bots have taught us anything (and they usually don't), it's that Twitter conversation can be manipulated just as easily as it can be used naturally. How will Twitter distinguish between positive Tweets coming from voters or news outlets and those from spam bots designed to drive the conversation surrounding a candidate one way or the other? How easy could it be for an organization with a vested interest in positive poll numbers for one candidate to craft an army of Twitter bots designed to drive Barack Obama's positive numbers down, or vice versa? How many people reading the data, which is sure to make its way to TV news as election coverage increases in the coming months, will be aware that Tweets can be manipulated?"