News Common PC Linux Mac CUCUG
The next CUCUG meeting will be held on our regular third Thursday of the month: Thursday, August 16th, at 7:00 pm, at the First Baptist Church of Champaign in Savoy. The Linux SIG convenes, of course, 45 minutes earlier, at 6:15 pm. Directions to the FBC-CS are at the end of this newsletter.
The August 16 gathering will be one of our split SIG meetings. All three SIGs are open for anything anyone wants to bring in.
ToC
By Greg Kline
Published Online Aug 6, 2007
<http://www.news-gazette.com/ngsearch/index.cfm?&page=displyStory.cfm&yearfolder=the07news&file=080607%5Fngstory%5F78481%2Etxt&search=supercomputer&theorder=asaphrase>
University of Illinois officials this morning said they still have no official word on news that a $200 million supercomputer - to be the world's fastest, at least at the start - will be built at the UI-based National Center for Supercomputing Applications.
The New York Times reported this morning that the system would be built at the UI, citing documents that were accidentally placed on a federal government Web site for a short time last week.
NCSA Public Affairs Director Bill Bell said the center and IBM have submitted a proposal for the facility to be funded by the National Science Foundation, apparently one of four such proposals pending.
"The decision process is ongoing within NSF," Bell said.
He said a decision is expected by the end of the summer with the contract to take effect in October, although the new supercomputer itself will take years to build.
The system is to be the first capable of one thousand trillion calculations per second, known as a petaflop, which in the high-performance computing world is akin to breaking the 4-minute mile for the first time.
The Japanese already are designing a machine to break 10 petaflops by 2011, according to the New York Times.
The project, if it lands here, would be a joint effort by IBM, which will build the system, and the NCSA. The UI center has been competing with national supercomputing centers in San Diego and Pittsburgh, among others, for the facility to be dedicated to big science problems like global warming.
"It will take several years for the deployment of the machine to actually occur," Bell said. "We're looking at technology that isn't available today."
He said IBM and the NCSA would have an "intense technical and research relationship" that also will involve researchers in UI departments such as Computer Science and Electrical and Computer Engineering.
NCSA's supercomputing building on Springfield Avenue is pretty full, but Bell said he couldn't address at this point whether the project would mean another addition to the building, which was designed for it. He noted that NCSA typically retires older machines over time, which means space could be opened up in the building.
The latest list of the world's known supercomputers, released in June, put IBM's Blue Gene/L system in California at the top. That system runs less than a third as fast as the one to be built in the project for which the UI is vying.
NCSA had the eighth-fastest system on the June list, capable of more than 88 trillion calculations per second.
From studying billions of molecules to studying billions of stars, there are no lack of big science problems that a petascale computer could be used to help tackle.
"There is a very large number of possibilities," said Marc Snir, a high-performance computing expert who is now interim head of the UI's cutting-edge informatics initiative. "The more performance you have, the more accurate your simulations can be."
But Snir, former head of the UI Computer Science Department, said the petaflop milestone itself is less significant than the continuing advancement of computing capability it represents.
He said it's also significant that the National Science Foundation, which had fallen behind with recent developments in supercomputing elsewhere, has taken a leading role.
Snir said technology developed for the new system likely would benefit the computing landscape in general, right down to the desktop eventually.
"There has always been a trickle down, if you wish, from top machines to less expensive platforms," he said.
ToC
By Greg Kline
Published Online Aug 9, 2007
<http://www.news-gazette.com/ngsearch/index.cfm?&page=displyStory.cfm&yearfolder=the07news&file=080907%5Fngstory%5F78559%2Etxt&search=supercomputer&theorder=asaphrase>
A more than $200 million supercomputer capable of breaking the "petascale" barrier - 1,000 trillion calculations per second - now appears almost certain to land at the University of Illinois.
The National Science Foundation Board on Wednesday recommended that the system be built at the UI under the direction of the National Center for Supercomputing Applications. A release from the science foundation put the price tag at $208 million over the next five years. The system would go on line in 2011.
"Working at the frontiers of knowledge is increasing the demand for powerful cyberinfrastructure," said National Science Foundation Deputy Director Kathy Olsen. "The (UI-based) system will provide U.S. scientists and engineers access to unprecedented petascale computing resources that will allow them to ask and answer complex questions we haven't even dreamed of."
The system would be 500 times more powerful than today's typical supercomputers and may be used, for example, to study complex processes like the interaction of the sun's coronal mass ejections with the Earth's magnetosphere and ionosphere; the formation and evolution of galaxies in the early universe; understanding the chains of reactions that occur with living cells; and the design of novel materials, a release from the science foundation said.
The award has to go through foundation administrative and financial channels before it is final.
"They're still saying the final decision will be late September," NCSA spokeswoman Trish Barker said.
The New York Times reported Monday the system would be built at the UI, citing documents accidentally placed on a federal government Web site for a short time last week. But NCSA and UI officials said they had received no confirmation - until Wednesday.
"We don't see any issue, any problems," said NCSA Director Thom Dunning, who will be the principal investigator on the project.
UI Chancellor Richard Herman this morning characterized the announcement as a validation of the university's past expertise in computing and a vote of confidence in its future in the area.
He also said it shows the NCSA's ability, again, to remake itself quickly to meet current scientific needs.
Dunning and Rob Pennington, deputy director of NCSA and the No. 2 man on the petascale computing project as well, said the National Science Foundation wants to change the way science and engineering are done with the system.
Part of that is the sheer size of the problems the system will be able to process.
"There are some things you will not be able to do anywhere else," Pennington said.
But the goal also relates to designing the system to make it easy for researchers to use, from both a hardware and software perspective, the two NCSA leaders said. Dunning said organizers talked technical details with likely users around the country and made ease of use an integral part of their proposal to the science foundation.
He said the UI itself has some likely users, like physics Professor Klaus Schulten, whose complex biological simulations already make major use of existing computing resources at the NCSA. Researchers in astronomy, engineering and at the UI's new Institute for Genomic Biology are among other potential beneficiaries locally.
The machine will be dubbed "Blue Waters," a nod to partner IBM, long known as "Big Blue," and to the Great Lakes Consortium. The latter includes Parkland College, all the other Big Ten universities, the University of Chicago and Argonne and Fermi labs in northern Illinois, among others, which will be working with the UI and the NCSA, along with additional partners around the country.
"It's actually a pretty wide-ranging partnership," Pennington said.
Still, the NCSA and the UI will have the ultimate responsibility, and having the system located here will "focus the supercomputing world on UIUC" for a time, Dunning said. "NSF's going to award one of these and that's going to be it."
Herman called the attention "the kind of good spotlight we like."
IBM and the NCSA will have an intense technical and research relationship, also involving researchers in UI departments such as Computer Science and Electrical and Computer Engineering, in developing new technology necessary for the system.
"We have first-rate departments in these areas," Pennington said, adding that the UI's expertise was a big selling point with the science foundation.
Dunning said the NCSA will certainly be adding some employees with various kinds of expertise related to the effort, and there's potential for an economic and business halo effect from having the system located here.
"I think it's hard for us to appreciate all of the changes this may lead to," Dunning said.
"It has a catalyzing effect," Herman said.
The UI has committed to adding faculty members with needed expertise, too. It also will create a campus Center for Petascale Computing to act as an umbrella organization for coordinating researchers involved in the project.
Herman said the number of new people remains to be worked out.
"We have some of those people, but we don't have them all," he said. "What you can count on us doing is moving swiftly."
Illinois' proposal to the science foundation also included a letter from Gov. Rod Blagojevich, a copy of which was obtained by The Associated Press, pledging up to $60 million for a new facility to house the machine. Among the options the NCSA is considering, Dunning said, are an addition to its supercomputing building on Springfield Avenue in Urbana and a stand-alone facility.
"We are in the sort of preliminary design stage," he said.
ToC
SAN FRANCISCO, Aug. 10 - In a decision that may finally settle one of the most bitter legal battles surrounding software widely used in corporate data centers, a federal district court judge in Utah ruled Friday afternoon that Novell, not the SCO Group, is the rightful owner of the copyrights covering the Unix operating system.
In the 102-page ruling, the judge, Dale A. Kimball, also said Novell could force SCO to abandon its claims against I.B.M., which SCO had sued. Judge Kimball's decision in favor of Novell could almost entirely undermine SCO's 2003 lawsuit against I.B.M.
<http://www.nytimes.com/2007/08/11/technology/11novell.html>
Prototype Device to Beam High-Speed Internet on Unused TV Airwaves Fails Government Test
The Associated Press
URL: <http://www.abcnews.go.com/print?id=3458912>
The government gave a failing grade to a prototype device that Microsoft Corp., Google Inc., Dell Inc. and other technology companies said would beam high-speed Internet service over unused television airwaves.
The Federal Communications Commission on July 31 said the devices submitted by the technology coalition could not reliably detect unused TV spectrum, and could also cause interference.
Despite the setback, FCC chairman Kevin Martin said Tuesday the agency still would like to find a way to transmit high-speed Internet service over the unused airwaves.
In a statement, the technology coalition which also includes Hewlett-Packard Co., Intel Corp. and Philips Electronics North America Corp., a division of Netherlands-based Royal Philips Electronics NV said it will work with the FCC to resolve any questions.
The technology companies say the unlicensed and unused TV airwaves, also known as "white spaces," would make Internet service accessible and affordable, especially in rural areas and also spur innovation.
However, TV broadcasters oppose usage of white spaces because they fear the device will cause interference with television programming and could cause problems with a federally mandated transition from analog to digital signals in February 2009.
ToC
by Paul Thurrott, <thurrott@windowsitpro.com>
The US Senate Judiciary Committee will hold a hearing in September in which it will grill Google executives about the company's planned purchase of DoubleClick. As with other inquiries into this potential purchase--the US Federal Trade Commission (FTC) and European Union (EU) are both investigating as well--the hearing will seek answers on the anticompetitive and privacy issues the deal raises.
Privacy advocates and competitors have argued that the combination of Google and DoubleClick would effectively eliminate competition in the online advertising space. Google currently dominates search-based advertising, whereas DoubleClick is the largest player in traditional banner ads and other forms of Web advertising. The online ad market was worth $17 billion in 2006 in the United States alone, and is growing each year.
Google argues that the online advertising market is highly competitive and that the purchase should be approved because Google doesn't directly compete with DoubleClick. "We are confident that this acquisition poses no risk to competition and should be approved," a Google spokesperson said. Competitors such as Microsoft and Yahoo! disagree, and in the wake of the Google/DoubleClick announcement, each has purchased minor players in DoubleClick's market to defend themselves against the possible purchase. Microsoft, for example, spent a whopping $6 billion on a company called aQuantive.
ToC
URL: <http://www.democracynow.org/article.pl?sid=07/08/08/1338239>
The Financial Times is reporting a congressional committee is investigating whether the Internet company Yahoo intentionally misled Congress over its role in exposing the identity of a Chinese journalist who was sent to prison for a decade. Shi Tao was arrested after posting material on a website about a government crackdown on media and democracy.
<http://www.ft.com/cms/s/cfa21b40-4519-11dc-82f5-0000779fd2ac.html>
ToC
Vivendi's Universal Music has said it is to test the digital sale of songs from artists without the customary copy-protection technology.
Story from BBC NEWS:
Published: 2007/08/10 06:15:21 GMT
URL: <http://news.bbc.co.uk/go/pr/fr/-/2/hi/business/6939807.stm>
It will allow the sale of thousands of albums and tracks available in MP3-form without the protection, known as digital rights management (DRM).
Most major recording studios insist music sellers use DRM technology to curb online piracy.
Universal artists include 50 Cent, the Black Eyed Peas, and Amy Winehouse.
Universal said: "The experiment will run from August to January and analyze such factors as consumer demand, price sensitivity and piracy in regards to the availability of open MP3s."
Retailers including Google, Wal-Mart, and Amazon.com, will participate in the DRM-free trial, Universal said.
But participants do not include Apple iTunes online music store, the third largest music retailer in the US.
ToC
By Jon Van <jvan@tribune.com>
Chicago Tribune staff reporter
August 9, 2007
URL: <http://www.chicagotribune.com/entertainment/chi-thu_jam_0809aug09,1,6237615.story>
Pearl Jam protests to AT&T about omission of anti-Bush lines; firm calls editing a mistake
A live Internet broadcast of Pearl Jam's performance at Chicago's Lollapalooza music festival Sunday went off without a hitch -- until singer Eddie Vedder criticized President Bush.
Lyrics critical of the president didn't make it past editors of the show's Webcast, the band complained Wednesday on its Web site.
The performance, sponsored by AT&T Inc. and carried on AT&T's "Blue Room" site, omitted the lyrics "George Bush, leave this world alone" and "George Bush, find yourself another home" as part of a version of the song "Daughter," according to the Pearl Jam Web site.
<http://www.attblueroom.com/music/events/lolla.php>
<http://pearljam.com/news/index.php?what=News#195>
Fans had complained to the band about the possible censorship, the site said.
"When asked about the missing performance, AT&T informed Lollapalooza that portions of the show were, in fact, missing from the Webcast and that their content monitor had made a mistake in cutting them," the Pearl Jam site said.
An AT&T spokeswoman confirmed the omission Wednesday, saying that it had been a mistake made by someone working for the agency hired by AT&T to handle its Blue Room content.
"We don't have a policy in place to censor," said AT&T's Tiffany Nels. "We have a policy on excessive profanity. This was an honest mistake. There was no censorship intended."
Nels said that there is a delay of a few seconds between the performance and its streaming to the Web so that an editor can cut out profane language because the Web site is available to all ages and AT&T doesn't want foul language going out.
She declined to name the agency in charge of the Web site content or elaborate on why an editor would cut out references to George Bush beyond saying, "We think it was just a little overzealous. It's not our policy to edit political commentary."
While stopping short of calling the omission intentional censorship, the band's Web site said the incident "troubles us as artists, but also as citizens concerned with the issue of censorship and the increasingly consolidated control of the media."
The band said it will post the unedited version of its performance on its Web site, and Nels said that AT&T hopes also to post an unedited version on its Blue Room site archives. The comments critical of the president were sung to the tune of Pink Floyd's "Another Brick in the Wall" as part of the performance of "Daughter."
Critics of large Internet providers like AT&T, Verizon Communications Inc., Comcast Corp. and others seized on the incident as an example of why Congress should pass legislation to guarantee the freedom of Internet content from manipulation by the large corporations that provide Internet connectivity.
This issue, referred to as "net neutrality," has roiled communications policy debates for more than two years. Consumer advocates and large Internet players such as Google have supported the legislation while telecom and cable corporations have opposed it.
The statement from Pearl Jam, a band with strong political views, cited net neutrality in its statement as an issue.
"If a company that is controlling a Webcast is cutting out bits of our performance -- not based on laws, but on their own preferences and interpretations -- fans have little choice but to watch the censored version," the band said. "What happened to us this weekend was a wake-up call, and it's about something much bigger than the censorship of a rock band."
[Editor's Note: Bias and censorship are not always what is said. It can also be what goes down the memory hole. In the inimitable words of Donald Rumsfeld:
"Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know."
It should be noted that later reports say "AT&T apologizes after cutting anti-Bush lines from Pearl Jam song"
<http://www.cbc.ca/arts/music/story/2007/08/09/pearl-jam-censored.html>
Webcaster AT&T has apologized to Pearl Jam for editing lyrics critical of President George W. Bush out of a webcast of its Lollapalooza concert Sunday.
....
AT&T spokesman Michael Coe said the monitors who cut the broadcast went too far and it was a mistake.
The telecom firm, which showed highlights from the three-day Lollapallooza festival on its Blue Room site, said it would draw up guidelines to prevent future misunderstandings.
AT&T said it was working to secure the rights to post the entire song, uncensored.
Sherlock Holmes might refer to this as "the curious incident of the dog in the night-time." ]
ToC
A book that calls DOS a "rip off" of CP/M is legally protected opinion under the First Amendment, in part because it's based on some facts not generally in dispute, a judge rules.
By Paul McDougall, InformationWeek
July 31, 2007
URL: <http://www.informationweek.com/story/showArticle.jhtml?articleID=201202009>
Dismissing a defamation suit brought by the inventor of DOS against a British writer, a judge has left unchallenged computer industry lore that holds the operating system Microsoft licensed to IBM in the 1980s -- thereby launching Bill Gates' multibillion dollar software empire -- was a knock off.
In a book on American innovation, author Sir Harold Evans wrote that DOS inventor Tim Paterson relied heavily on an existing OS called CP/M (Control Program/Monitor) created by a programmer who has since died. Microsoft in 1980 struck a licensing deal with Paterson's company -- Seattle Computer Products -- to obtain access to DOS and resell it to IBM.
DOS in its various incarnations, including MS-DOS and PC-DOS, ultimately netted Microsoft billions in sales and paved the way for the Windows operating system.
In his book "They Made America", Evans writes that Paterson, in developing DOS, took "a ride on" CP/M, which was created by the late Gary Kildall. Evans also wrote that Paterson's DOS operating system appropriated the "look and feel" of CP/M, copied its user interface, and "ripped-off" CP/M.
Paterson sued Evans -- the husband of former New Yorker editor Tina Brown and a fixture in British literary circles -- after the book was published in 2004. The suit, which sought unspecified damages, also named publishers Little, Brown and Co. and Time Warner Book Group.
In dismissing the lawsuit in a 34-page ruling handed down last week, U.S. District Court Judge Thomas Zilly noted that DOS' true lineage already has been widely questioned in the computer industry. "Even before IBM unveiled the IBM Personal Computer, the industry began to note similarities between DOS and CP/M," Zilly wrote.
Zilly further remarked that, "In the years that followed ... commentary on Paterson's DOS would become increasingly critical, with regard to its similarities to CP/M."
As a result, Zilly ruled that Evans' characterization of DOS as a "rip off" of CP/M is legally protected opinion under the First Amendment, in part because it's based on some facts not generally in dispute. Ultimately, Zilly said that "Tim Paterson has failed to provide any evidence that statements in Sir Harold Evans' chapter on Gary Kildall are provably false or defamatory."
Zilly also ruled that Paterson is a public figure for the purpose of cases related to the computer industry, meaning he faces a higher evidentiary threshold for proving defamation.
Paterson, who now operates Seattle-based hardware and software developer Paterson Technology, said in an e-mail Monday to InformationWeek that he was "disappointed" in Zilly's decision.
The public figure ruling "turns attacks on my personal integrity into protected free speech," he wrote.
Paterson added that he has made a number of suggestions to Evans for revisions to the book. "If he was honest with me about setting the record straight, he has a chance to prove it in the next printing," Paterson said in his e-mail. "That's all I ever wanted."
ToC
Written and produced by Stevie Converse (mediaminutes@freepress.net)
Audio: <http://freepress.net/mediaminutes/archive/mm080307.mp3>
The FCC set the rules governing the auction of the highly valued 700 MHz band of spectrum on July 31st. The most contested issue concerned about a third of the spectrum being auctioned and how the winner will be required to use it. The FCC will require the winner to build a wireless network to which consumers can attach any mobile device and use any application. But to the dismay of public interest groups, the new rules fail to guarantee that the spectrum could be leased at wholesale prices. Ben Scott, Policy Director of Free Press explains:
Ben Scott: All they gave us was the right to take a phone from one network to the other, which would be great, except we only get that right on a network that's not going to be built for three more years and that right doesn't apply to any of the existing cell phone companies or any of our existing phones. Now it's time for the Congress to take up the baton and really do the people's work, to take seriously the problems that we have with Internet access in this country, prices and speeds and availability, and finally start taking seriously the fact that we're way behind the rest of the world and we have a massive digital divide and this is the future of the media we're talking about here, so it could not have higher stakes.
Related Links:
FCC Establishes Rules for Airwaves Auction
FCC Revises 700 MHz Rules
The Internet has given ordinary people a chance to speak out on various political issues. The recent CNN/YouTube presidential debate proved that the public is quite capable of asking thoughtful and challenging questions and now one U.S. Senator is breaking new ground as he uses the Internet to develop legislation with input from the public. Senator Dick Durbin of Illinois blogged for four hours with anyone who was interested in broadband legislation. The experiment spawned a series of interesting exchanges between the Senator and the public. Media Minutes spoke with Matt Stoller of OpenLeft, the blog that hosted what is being called Legislation 2.0.
Matt Stoller: Senator Durbin's office came to me. They wanted to write some legislation online and I have some background in blogging on telecom issues. Last cycle, I talked a lot about Net Neutrality and so they figured that I might be an appropriate forum for the discussion on national broadband strategy.
Stoller says the prospect of helping draft an actual bill was well received by the public.
Matt Stoller: Got over a thousand comments and Senator Durbin then did it this week on RedState, which is a Republican blog, and it was very successful there, as well.
Senator Durbin hopes to have a bill ready sometime in the fall. To read the blogs, go to <www.openleft.com> and <www.redstate.com>.
Related Links:
Legislation 2.0, Part 3 - Universal Broadband Access and the Public Airwaves
Senator Durbin Takes a Public Leap of Faith
What Should We Include in Our National Broadband Strategy?
What should be America's national broadband strategy?
Senator Durbin Live Thread
Senator Durbin Live at RedState
Dick Durbin Reaches Out to RedState
What should we include in our national broadband strategy?
ToC
By Lisa Vaas <http://www.eweek.com/author_bio/0,1908,a=471,00.asp>
August 7, 2007
URL: <http://www.eweek.com/article2/0,1895,2167648,00.asp?kc=EWWHNEMNL080907EOAD>
LAS VEGAS -- A creaky old DNS rebinding design flaw has been dragged out of the Internet's attic, had the dust blown off and shown to be freshly poisonous.
As Dan Kaminsky, IOActive's director of penetration testing showed at the Black Hat conference Aug. 1, all he needs to bypass firewalls, penetrate VPNs and remotely cherrypick any resource available on a vulnerable system is to bounce off a lured Web browser.
DNS rebinding is an exploit that dates back to 1996, from research done at Princeton University.
Here's how Kaminsky explained the attack, which depends on the fundamental workings of the client side of the Internet: Web pages are pulled together in the browser from pieces that can come from all over the place. One page can even be embedded inside another page?that's called an "iframe." The thing is, if someone embedded a Hotmail page into another page, does that mean whoever's viewing the shell page is logged in to the embedded page? Would that person be able to read the Hotmail messages?
In theory, no, due to SOP (same origin policy), a security measure for client-side scripting (mostly JavaScript). SOP says you can look, but you can't touch. A Web page can embed Hotmail, but it can't peek inside and read somebody else's mail.
That policy is meant to provide security and privacy, but it's also a basic flaw in the architecture of browsers. Say that foo.com has an iframe to foo.com, meaning that it can look inside itself. If foo.com has an iframe to bar.com, it can display bar.com to the user, but it can't peek inside and see what the user sees. SOP dictates that if two things come from the same place, they must be trusted at the same level.
And coming from the same place means you have the same domain name, right? No. Names don't host anything, Kaminsky said?that's the job of an IP address. DNS is used to translate between a name we trust and an IP address we communicate with. Foo.com = 1.2.3.4, and Bar.com = 3.4.5.6. The assumption is that these name translations don't change.
However, in reality, both foo.com and bar.com can return any IP address, at any time, whether they control that IP address or not. Hence, bar.com can return foo.com's IP address. It could point to a server in Europe, say, and then switch in the next moment to point to a printer down the hall.
Now suppose your browser loaded a page from each address, Kaminsky said. The content from both the European server and the printer down the hall would be seen as coming from bar.com. According to SOP, the server in Europe can do whatever it wants to your printer, given that they're coming from the same place, at least theoretically.
The server can't get past a corporate firewall, but it doesn't need to, Kaminsky said. It will just use the browser to do its dirty work, instructing the browser what to do, and the browser will report back detailing whatever your printer is up to.
It's an attack that takes advantage not of a bug but rather the intended design of the Web, Kaminsky said. The browser can't tell external IP from internal IP if both are coming from bar.com because it's not supposed to. "Major Web sites have IP addresses spread across the world, and resources acquired from them need to be able to script against one another," he said.
Detecting that there's a cross-IP scripting action occurring is a start to addressing these types of attacks, but what to do after that is what people are trying to figure out, he said.
And here's where the fun really starts: with bypassing the firewall. Most corporate networks differentiate between external and internal network: Internal resources can route out, and the network is shielded from external resources trying to route in.
But by bouncing off a lured browser, an attacker on the outside can access resources on the inside, Kaminsky said. And by "resources," he means anything your machine can access: files, database ports, Web services, you name it.
Getting around a firewall sounds exotic to a U.S. audience, Kaminsky said in an interview with eWEEK, but we're in the minority. Censorship's a problem on the Web in many if not most countries outside the United States. In China, for example, the average knowledge of a child regarding how to set up a proxy and how to bypass filters and firewalls ranks at what Kaminsky considers to be master level. "There are countries where the average user knows how to get around the firewall," he said.
An associated attack, XSRF (cross-site request forgery), has been used in the wild recently. One incident was during the time of the Super Bowl attack. Two days before Super Bowl XLI, a malicious image was placed on the official Super Bowl site. More than 1 million desktops were compromised overnight.
In addition, Boneh's team at Stanford has tested a Flash applet placed on an ad network and distributed across many Web sites. It acquired partial network connectivity to client LANs and exposed 100,000 networks.
This is not the type of security vulnerability story that has a section that says "and to fix this bug, so-and-so vendor has supplied patches that you can get at such-and-such site." No, this is the type of vulnerability that is so fundamental to the machinery of the Web that Kaminsky, when asked what to do about DNS rebinding, said we basically have to stop and look at what our model is for private information.
"Everyone needs to realize that we have a tremendous gap in how the Web works," he said. "People are trying to put a lot of private information on there. DNS rebinding, cross-site scripting, cross-site request forgery, these bugs are pernicious, and they're not going away."
In fact, what we will need at some point is a reimagining of how security works on the Web, Kaminsky said. "I didn't come up with these rebinding attacks. They've been floating around since 1996. They've been talked about since 2006. I'm trying to get people to realize these bugs are exposing their corporate networks and threatening to cause them to [lose the ability to know who they're dealing with online]. ? People should not be able to borrow your Net connection just because you browsed to their page. They shouldn't be able to attack your network IP for whatever weird thing," he said. "Or we can stop using these things for any private reasons. And these bugs are threatening commerce on the Internet. I want to protect commerce on the Internet."
But of at least equal interest to Kaminsky is that this DNS rebinding attack can be used to test Net neutrality.
Net neutrality in a nutshell: Some advocates have warned that broadband providers will use their control over the "last mile" to discriminate between content providers, particularly competitors. Net neutrality advocates also predict that telecom companies will seek to impose a tiered service model as a means of profiting from their control over the pipeline as opposed to demand for particular content or services.
Some say that providers are already practicing hostility toward Net neutrality. Kaminsky wants those providers to know that people now can detect what they're up to. This is something he stumbled upon when dissecting browser behavior for the DNS binding design flaw.
"Now that I'm understanding what we can make a browser do, we can make very controlled HTTP requests with a browser," he said.
Normally, a browser makes a request that's structured, standardized and doesn't have much flexibility. Plug-in technologies such as Flash, however, are providing people with arbitrary TCP sockets. They're blank, Kaminsky said. HTCP -- TCP with headers that describe what's going on -- means people can put on any headers they want, or leave out whatever they want.
This flexibility is very interesting, Kaminsky said, in its ability to detect what he called provider hostility -- i.e., if a service provider is stuttering, or serving up a given resource at stumble rates, intentionally. In a nutshell, a speed test against "transparent" -- easily detectable -- proxies used by some consumer networks will directly yield information about hostility.
To detect hostile providers, first people need to filter out the differences. They have to download from two separate sites. Just because one's slow and one's fast doesn't mean a provider's hostile, though. People need two data sets to come from the same site, with the same server, and with the only difference being that the provider's network sees it as the person's site as opposed to someone else's.
Of course, people can just issue a request to wherever they want, such as, "Please send me a movie from Viacom. Also, send me a movie from YouTube." "If it comes faster from one vs. the other, you'll know the network is being hostile to the site" from which it's slowly delivering the movie, Kaminsky said.
However, networks can realize people are trying to test their speed. Just for the purpose of the test, people therefore might get served everything fast.
The question Kaminsky had was, is it possible to make a hostility test that's undetectable?
Here's what he needed: To spoof sites on the Internet, to know what these sites would see, to respond as if he was those sites, and to keep those real sites from interfering with his interference.
"I don't want them to be able to tell," he said. "Am I able to make a system" that couldn't tell? Is it possible to build a hostility detection system that uses traffic indistinguishable from real-world traffic?
"The answer is yes," he said. "And it's totally messed up how I'm doing it."
The answer to fashioning a Net neutrality detection tool boils down to "old-school packet stuntage," Kaminsky said.
"Say I want to pretend I'm some site I want to speed test," he said. "I don't want the test to come from me, [rather, I want it to come] from their site. They'll download something from me [and the] entire infrastructure will think it's coming from MySpace or YouTube or wherever I want."
What would normally prevent this is an HTTP session runs over TCP. What protects random people from injecting into the stream is they don't know the stream sequence. They can't know it. Right?
"Oh, wait," Kaminsky said. "There's an ActiveX plugin called PacketX and it's a sniffer that emits JavaScript events on each packet. A packet sniffer for your Web browser. Did you see what I did? I just wrote an entire tunneling layer in JavaScript."
Kaminsky said he laughed for two hours when he came up with it. He's calling it "Inspector Pakket," like "Inspector Gadget."
"Now I can have some fun," he said. "What was keeping me out was not knowing sequence numbers. If I can sniff packets on the client, I can totally know the sequence numbers. So, number one, I can totally spoof the IP of YouTube or CNN or whatever when sending traffic to the client, because I know what sequence numbers to use.
"I'm sending traffic to the client. The client is acknowledging my traffic, but not to me, to the server. The server would normally say, 'Why are you talking to me? I don't have a session open with you, go away, here's some resets,' and it would be game over for me. But everyone's deployed a firewall saying, 'You don't have a session, I don't have to talk to you.' It won't talk to me, and I can just go ahead."
As a man in the middle doing an impersonation, he won't see an acknowledgement. But because he's got a sniffer on the client, he can proxy over in JavaScript. He's doing TCP acknowledgements over an Ajax tunnel, so that even though he doesn't see the acknowledgements going to the site being tested, he can see acknowledgements as they're emitted by the client.
"And thus, I receive them," he said. "I can do what ever I want."
And thus, network quality degradation will no longer be able to be done silently, he said. "Don't think people won't notice," Kaminsky said.
Kaminsky laughed while talking about his work, but he's dead serious about stopping providers from screwing up the level playing field for business online.
"A level playing field is required for the basics of business. Problem is, it's hard to make money on a level playing field," he said. "You can be a king maker. [Providers] can choose who or what other third party is going to make money, and that third party [could] be a worst solution by far, but they paid the most."
Contrast that with a level playing field, where third parties all get access to the same level of network quality. In a level playing field, third parties duke it out until the best product wins. That model, Kaminsky said, leads to customers who are loyal, and everyone is happy. "If not, they wouldn't have used this third party," he said. "Carriers are threatening to abandon the model that's provided a steady sequence of successful, profitable, useful companies and replace them with whoever pays the highest bribe for reasonable service.
"Provider hostility makes the Internet a place where you can't invest. You can't make long-term bets on a hostile network. As soon as you start doing well you don't know what the carrier will do."
Kaminsky has come up with a goal: He wants to use the most obscure of his technical abilities to defend online advertising. "This is not something I thought I'd ever say," he said. "But I believe a huge amount of the vibrancy of the Internet comes from commercial enterprise. If we go to a kingmaker model, nobody will be able to safely invest and all existing models will die on the vine. It doesn't matter if you create the best system. It doesn't matter if users really like you. Because someone else will show up and pay more than you will."
And now, thanks to Kaminsky's work, there is at last a speedometer to clock how fast providers are moving to rough up that level playing field.
[Editor's Note: My thanks to David Noreen for submitting this article for the newsletter.]
ToC
By David Cassel
July 17, 2007
URL: <http://tech.blorge.com/Structure:%20/2007/07/17/does-comcast-hate-macs/>
They're the largest ISP in America. And they hate Macs. And the Firefox browser. At least, that's the impression you get from Comcast's installation procedure - and clues scattered across their home page.
Last month Dave Winer noted that Comcast's installation procedures require the use of Internet Explorer. Another Comcast user makes the same complaint. "They helpfully provide you with a CD that has a custom Comcast-branded version of IE5 for the Mac, because Apple hasn't shipped a Mac in quite a few years that has IE5 on it by default."
Even Comcast's web page shows an apparent bias against Mac users - or anyone not using Internet Explorer. When you click the page's "Games" hyperlink, an error message pops up, warning that the site "is not optimized for Firefox browsers or Macs."
"Our site is optimized for Microsoft Internet Explorer 5.5 or higher, on Windows Operating System."
The web contains other stories - including one from a user group for Apple fans. One Mac owner reports he'd called Comcast to troubleshoot his cable modem. Comcast's technician told him he knew "nothing about *&@#$ing Macs,"eventually disappearing into his truck. By the time the technician returned, the customer had repaired the cable modem himself with a phone call to Comcast's support line.
Now I'm afraid to ask how Comcast handles Linux.
ToC
July 27, 2007 - 5:45pm
URL: <http://www.wtop.com/?sid=1201890&nid=25>
ROCKVILLE, Md. -- If you're the type to just write the checks and throw away the paperwork when bills come in, you may want to take another look at your July Comcast bill.
According to Jane Lawton, Montgomery County's cable administrator, Comcast changed the terms of your subscription agreement.
Customers who do not opt out within 30 days of receiving the Comcast Arbitration Notice will relinquish their right to pursue any legal remedies against Comcast in court, including claims for negligence, fraud or intentional wrongdoing. This means you lose the right to sue Comcast, while Comcast retains the right to sue you.
"On the surface, arbitration sounds like a good thing, but Comcast's proposed change is one-sided," Lawton says. "We are concerned that subscribers will unknowingly give up some of their consumer rights by failing to opt out in time."
The notice was sent out without county approval.
"Vendors should not change the terms of service without first receiving the consent of the consumer, and the fact that Comcast has not done this is disturbing," Montgomery County Executive Isiah Leggett says.
Comcast customers can "opt out" of the Arbitration Notice either online or by mail (include name, address, account number and a statement that you do not wish to resolve disputes with Comcast through arbitration):
<https://www.comcast.com/arbitrationoptout/default.ashx>
Comcast
1500 Market Street
Philadelphia, PA 19102
ATTN: Legal Department/Arbitration
Comcast customers outside of Montgomery County are also wondering if they too are affected by the arbitration notification, but it is unclear.
Comcast declined to provide a spokesperson to speak with WTOP, but provided the following statement:
"Comcast strives to resolve customer concerns quickly, without the need for arbitration or litigation. That said, arbitration has been a part of Comcast's terms and conditions of service for several years. Comcast recently revised its existing arbitration policy to be worded in a more consumer-friendly fashion, to include a 30-day opt out provision and more clearly specify the choices customers have for resolving disputes with the company."
ToC
Thursday, August 09, 2007
URL: <http://marketplace.publicradio.org/shows/2007/08/09/AM200708091.html>
Text-messaging has leapt over the wall of teen obsession and into the hands of the general consumer public, so some retailers are taking advantage of the technology to lure consumers to their stores. Ambar Espinoza explains.
Doug Krizner: We've all had the experience of shopping for a special item and going from store to store to find it - something you've got to have, but doesn't seem to be in stock anywhere. Sure the Internet has helped in the search. But there's another technology that can you save time, and it uses your cell phone. Here's Ambar Espinoza:
Ambar Espinoza: Los Angeles native Patrick Keilty is on a tight schedule. He's looking for a copy of the Hitchcock film Vertigo, and he only has one hour to shop. That's not easy in L.A. traffic.
Patrick Keilty: I'm hoping one place will have it, but I don't know which one and I don't really feel like going to all of them - especially because the Barnes & Noble is actually a couple of miles away.
As he's driving, Keilty sends a text message to SLIFT. That's short for Slifter.
Keilty: 3-8-SLIFT. We're gonna try and look for "Vertigo."
Services like Slifter and NearbyNow help people track down what they're looking for. Users type a product name and a zip code into their cell phone. They get a text message back with the address of the closest store that has the item in stock.
The service is free for users, and stores pay a fee every time they come up in a query. John Gauntt is a mobile marketing expert with eMarketer. He says these services are a cheap and effective way for businesses to snag customers.
John Gauntt: Once you walk through the door, not only do you typically transact for what you had in your mind beforehand, but you'll also buy something else.
Which, of course, makes retailers very happy. So does the fact that they get instant data on what customers want.
Alex Muller is the head of GPShopper, the company that created Slifter. He says there's another bonus for stores.
Alex Muller: We're giving them geographic data as well, saying - look, everybody in New York is searching for XYZ - while people in Kansas City are searching for something slightly different.
Muller says customers can access about 30,000 retail locations nationwide through GPShopper.
But not everyone is sold on the service. Patrick Keilty has just gotten a text message from Slifter telling him to go to a website to find Vertigo.
Keilty: Which doesn't really help me, since I'm sitting in my car. I don't have time to go back home and search on the Internet. I mean that, doesn't that sort of undercut the service they're trying to provide?
In spite of the kinks, text message marketing is also taking off in sectors like entertainment, health care and banking. By the end of this year, the industry is expected to be worth more than a billion dollars.
ToC
Most IT professionals depend on online communities and Web searches to get their jobs done.
Denise Dubie, Network World
Tuesday, July 24, 2007 8:00 AM PDT
URL: <http://www.pcworld.com/article/id,135005/article.html>
For many IT professionals, Web surfing and Google searches help them more quickly get the job done, according to a recent survey.
King Research in June conducted an online survey of more than 200 IT professionals, which revealed that a majority tap online communities to help them solve problems on a daily basis. Some 93 percent of IT professionals reported that they are able to do their jobs more efficiently and "save time by using IT communities to solve system administration problems."
Specifically, 43 percent of respondents said they save between one to three hours per week, 37 percent of participants estimated that they saved three or more hours each week, and 13 percent said they were able to save less than one hour each week using online communities. Eight-seven percent said they use online communities to find answers to technical problems, while 12 percent said they visit the sites for entertainment purposes. About 70 percent said they visit online communities to research and solve security and systems management issues.
And 94 percent of survey respondents said they must visit more than one site -- such as forums on Google Groups (61 percent) and other sites -- to solve one problem. About two-thirds said they visit between two and three sites to solve one problem and 30 percent said they need to visit four or more sites to solve one specific IT issue. Just more than 5 percent are able to solve problems with one online community visit, and more than one-quarter of respondents said it typically requires two site visits to solve their IT issue.
"This is clearly a pain point for participants with 75 percent of participants who work in IT saying that a comprehensive community would answer questions without the need to visit multiple sites would be beneficial," the report reads.
A majority -- 98 percent -- also said they trust the information in online communities is "typically accurate," yet they did clarify that the sources of such information must be validated. And another 50 percent reported it would be valuable for them to have "relevant community information available to them directly from their systems management console."
And of those using online communities, 100 percent said they believe they are benefiting professionally from the use of online communities and another 85 percent said the resources help them personally as well. "The greatest professional benefit cited (75 percent) was doing a better job. The greatest personal benefit cited (68 percent) was professional development," King Research stated in its report.
Despite the cited benefits, King Research found IT professionals would like to see online communities improve going forward.
"Better search is the most frequently cited improvement that would add benefit to online communities for technical information," the King Research report states. "Other suggestions included resident subject matter experts and moderators, live forums and policing of community content for accuracy and currency.
ToC
Duncan Riley
URL: <http://www.techcrunch.com/2007/07/26/mozilla-ponders-thunderbird-spin-off/#8220;the%20e>
Mozilla CEO Mitchell Baker has called for community feedback on the future of the open source email client Thunderbird, with consideration to spinning Thunderbird off into a separate entity.
Mitchell wrote that Thunderbird is being dwarfed by "the enormous energy and community focused on the web, Firefox and the ecosystem around it" and that as a result, Thunderbird was not getting the attention it deserved.
Options floated by Mitchell include:
- a new non-profit organization analogous to the Mozilla Foundation
- a Thunderbird foundation
- Create a new subsidiary of the Mozilla Foundation for Thunderbird
- Thunderbird is released as a community project much like SeaMonkey, and a small independent services and consulting company is formed by the Thunderbird developers to continue development and care for Thunderbird users
Thunderbird has many fans. and yet what is a solid and mostly reliable program hasn't grown at anywhere near to the rate Firefox has. Hopefully the change will see a renewed focus on brining new functionality to Thunderbird, changes that could well position Thunderbird as a fully featured future Outlook alternative.
ToC
Version 2.0.0.6 is available for free download at <http://www.mozilla.com/en-US/>.
ToC
Gregg Keizer, Computerworld
URL: <http://www.pcworld.com/article/id,135708/article.html>
Mozilla's next update to Firefox will probably include a tool that would automatically block sites suspected of harboring malware, among other upgrades.
Mozilla Corp.'s next update to Firefox will sport several new safer surfing features, the company's chief of security said Wednesday, but users won't see the most important changes.
On track and expected to make it into the final version of Firefox 3.0 when it ships later this year is a tool that would automatically block sites suspected of harboring malware. The Web browser will also offer support for the extended validation Secure Sockets Layer (EV SSL) certificates, said Window Snyder, Mozilla's chief security officer.
The malware blocker, which relies on site blacklists generated by Google Inc., has been publicly debated by Mozilla and Google developers, with mock-ups of the on-screen warnings debuting in early June. Then, Snyder refused to get specific about the feature, saying there was no guarantee the tool would be wrapped up in time to add to Firefox 3.0.
Things are different now; the site blocker is currently a go.
"We wanted to make sure that it's obviously not a security notification that they can ignore," Snyder said, describing how the warnings will work. "The [user interface] makes it clear that this [site] is dangerous. And it does not give the user a click-through," Snyder said. In other words, users will be able to back out of the attempt to reach the potentially malicious site but won't be able to simply accept the warning and continue on.
"Nothing's ever done until it ships," Snyder cautioned, hinting that changes are still possible, or if necessary, the tool might still be ditched.
The other feature set for Firefox 3.0 offers support for the new EV certificates now used by a few of the largest online retailers, banks and financial institutions. Those certificates, which in Microsoft Corp.'s Internet Explorer (IE) browser trigger a color change in the address bar to green, require more extensive background checks of the buyer by the issuing authority to guarantee that they're given only to trustworthy sites. One of the first sites to use EV certificates was that of PayPal Inc.
But rather than color-code something in Firefox, the open-source browser will display an agent-like character dubbed "Larry" when it reaches a domain equipped with an EV. The indicator, she said, resembles the international symbol for immigration seen at airports: an iconic image of an official holding up a passport. "We think that makes a more visual statement about identity rather than security," said Snyder. "All we're trying to say is that we have a level of confidence about the identity of the site, not that it's free of threats."
Part of the reason why Mozilla is uncomfortable doing more than noting the enhanced identity of such as site is that the standard SSL padlock now means more than it should, Snyder said. "What it's come to mean is that everything is secure, but it's become an overburdened symbol," she said.
Virtually all the other changes to Firefox 3.0 on the security side are "under the hood" of the browser, she continued. "They'll be less apparent to the users, but they will impact them," Snyder said.
For the largest part, this back-end work on Firefox has been in making the code itself more secure. Like the Security Development Lifecycle (SDL) initiative within Microsoft to systematically create more secure code, Mozilla's unnamed effort has involved seeking out vulnerabilities before the software ships.
"I really believe in defense in depth," Snyder said, referring to in-house research on Firefox's code. "All the [security] features in the world won't help you if the code's not secure."
Snyder said that much of her time since joining Mozilla last September has been spent on improving the security of the Firefox code, with a major effort on creating penetration-testing tools developers can use to spot flaws before the application leaves the house. Mozilla used various "fuzzers," tools that automate some vulnerability detection processes, and has found dozens of bugs with just one, a JavaScript fuzzer that Mozilla released last week to the open-source community at the Black Hat security conference.
Putting tools like that in the hands of anyone should mean more secure code for everyone, said Snyder. She said that as Mozilla's point person on security, she is convinced that it's a way to get the biggest bang for buck. "If these tools are broadly distributed, they could help smaller environments develop strong code," Snyder said. "They can help make everyone safer."
[Editor's Note: My thanks to Kevin Hisel for submitting this article for the newsletter.]
ToC
Free video solution for Mac and Windows
URL: <http://www.squared5.com/>
MPEG Streamclip is a powerful video converter, player, editor for Mac and Windows. It can play many movie files, not only MPEGs; it can convert MPEG files between muxed/demuxed formats for authoring; it can encode movies to many formats, including iPod; it can cut, trim and join movies.
MPEG Streamclip can also download videos from YouTube and Google by entering the page URL.
MPEG Streamclip is a converter for QuickTime files, MPEG-1/2/4 files and transport streams (.ts and .m2t). It provides high-quality conversion of movies and MPEGs into several useful formats. It is compatible with most editing applications and DVD authoring tools. More details are available in the download pages.
Supported input formats:
MPEG, VOB, PS, M2P, MOD, VRO, DAT, MOV, DV, AVI, MP4, TS, M2T, MMV, REC,
VID, AVR, M2V, M1V, MPV, AIFF, M1A, MP2, MPA, AC3, ...
You can use MPEG Streamclip to open and play most movie formats including MPEG files or transport streams; edit them with Cut, Copy, Paste, and Trim; set In/Out points and convert them into muxed or demuxed files, or export them to QuickTime, AVI, DV and MPEG-4 files with more than professional quality, so you can easily import them in a DVD authoring tool, and use them with many other applications or devices.
Download for Windows - <http://www.squared5.com/svideo/mpeg-streamclip-win.html>
Download for Mac - <http://www.squared5.com/svideo/mpeg-streamclip-mac.html>
Windows Requirements:
This free application requires Windows XP or Vista, but may also work in Windows 2000 and in Linux with WINE; it does not work in Windows 95/98/SE/ME. You have to download and install QuickTime, using one of the following two installers (but NOT both!):
- Apple QuickTime 7 free player (http://www.apple.com/quicktime/download/win.html)
- KL QuickTime Alternative 1.61 or higher (http://www.filehippo.com/download_quicktime_alternative/)
Additionally, if you want to make or play DivX files with MPEG Streamclip, you also have to install 3ivx (http://www.3ivx.com/), (http://www.free- codecs.com/3ivx_download.htm) and Windows Media Player 10 or higher.
[Editor's Note: The KLite Mega Codec pack comes highly recommended.] (http://www.free-codecs.com/download/K_Lite_Mega_Codec_Pack.htm)
(http://www.free-codecs.com/K_Lite_Mega_Codec_Pack_download.htm)
Macintosh Requirements:
ToCThis free software requires at least Mac OS X 10.2 (Jaguar) and QuickTime 6. It is also compatible with Mac OS X 10.3.x (Panther), Mac OS X 10.4.x (Tiger) and QuickTime 7. It works with PowerPC and Intel based Macs.
For MPEG-2 playback and conversion, you need the QuickTime MPEG-2 Playback Component. You can buy it from Apple (www.apple.com/quicktime/mpeg2). If you have either Final Cut Pro or DVD Studio Pro, then the component is already installed and you don't have to buy it; but you may need to download the latest version from Apple. If you bought an older version of the component, you can update it to the latest version
(www.apple.com/quicktime/mpeg2/update). Note that the MPEG-2 component is neither required nor useful for MPEG-1 or MPEG-4 files. But it is required for VOB files and transport streams, because they are MPEG-2 files.For DivX playback and editing, you have to install DivX (www.divx.com/divx/mac). You can also install another codec like 3ivx (www.3ivx.com) or XviD (n.ethz.ch/student/naegelic), but only with DivX 6.5 and later (or DivX 5.2.1) you can encode DivX files with MP3 audio.
For WMV playback, you can install Flip4Mac WMV Player (www.flip4mac.com/wmv.htm). If you also need to export WMV files to another format you have to buy Flip4Mac WMV Player Pro.
For FLV playback and export, you can download and install Perian (www.perian.org).
by Paul Thurrott, <thurrott@windowsitpro.com>
URL: <http://www.wininformant.com/>
Microsoft this week rebranded its Windows Live Folder online storage service as Windows Live SkyDrive and made some minor functional updates, including a new user interface, drag and drop file upload capabilities, and a new thumbnail view. SkyDrive is still in beta but is expected to ship in final form by the end of the year. What's still unclear, of course, is how much the paid version of the service will cost. A free version will offer relatively limited amounts of storage space, but obviously many people will want more.
You can pretty much tell that software piracy is rampant when you have to cut prices in order to compete better with your number one competitor: Software piracy. Microsoft this week cut the price on Windows Vista in China by more than one half in a bid to lure users away from pirated software versions. If you're curious how little the Chinese will pay for Vista, here's the deal: Vista Home Basic is about $66 in US dollars, while Vista Home Premium is about $80. The reason for these huge discounts, of course, is that an estimated 82 percent of software used in China is pirated, which I'd imagine is about on par for your average American teenager.
Microsoft will test market a free but ad-supported version of its Microsoft Works suites of consumer-oriented productivity software in the fall, to test whether consumers are willing to put up with advertisements in lieu of actually paying for the software. The move is aimed to counter growing interest in free office productivity software such as OpenOffice.org or Google Docs & Spreadsheets, though of course Microsoft will never admit that. The next Works will display ads in the lower corners of the screen, and these ads will refresh as long as there's an Internet connection, Microsoft says. The company also notes that the ads won't be "intrusive." Hey, they never are.
PC maker Lenovo, which bought IBM's ThinkPad and ThinkCentre PC business a few years back, is apparently doing just fine, thank you very much: In the most recent quarter, Lenovo sold 22 percent more computers than it did in the same quarter a year previously, causing net profits to rise by something like 1300 percent. The company reported profits of $66.8 million on revenues of $3.93 billion. Not surprisingly, ThinkPad sales were a strong point, and Lenovo reports that notebook sales rose 26 percent year over year.
Microsoft sold 60 million copies of Windows Vista by the end of June 2007, making this supposedly lukewarm upgrade the fastest selling version of Windows ever created. And finally, the company publicly acknowledged a fact that I wish it had been more upfront with months ago: Windows Vista "eclipsed the entire installed base of Apple in the first five weeks that this product shipped," Microsoft COO Kevin Turner said yesterday. Exactly: That's the kind of healthy competitive truth that the company should tout more often. Microsoft also noted that the installed base of Windows-based computers will hit 1 billion machines within the next 12 months, a massive milestone that means there will be more PCs on earth than automobiles, according to the software maker.
Analysts from both Gartner and IDC report that PC sales grew much faster worldwide in the second quarter of 2007 than expected, though the companies differ, of course, on the actual numbers. Gartner says that PC sales rose 11.7 percent year over year to 61.1 million units, while IDC reported 12.5 percent growth with 58.8 million PCs sold in the quarter. HP has retained and even expanded its number one position in the market, with 19.3 percent market share worldwide, compared to 16.1 percent for Dell. Acer and Lenovo tied for third place, while Toshiba came in fourth.
ToC
by Paul Thurrott, <thurrott@windowsitpro.com>
URL: <http://www.windowsitpro.com/Article/ArticleID/96749/96749.html>
Microsoft this week quietly issued public versions of two Windows Vista software fixes which dramatically improve the reliability and performance of the company's latest OS release. News of the fixes came last week after the software giant inadvertently issued them to its public Web site, but this week's release is the real deal.
The fixes, both of which come in separate versions for 32-bit (x86) and 64-bit (x64) versions of Vista, address some of the common complaints that users have had since the OS went on sale in January. One fix addresses performance issues, especially for large file copy and move operations. The other improves Vista's compatibility and reliability in a variety of situations. Both are strongly recommended for all Vista users, and Microsoft has rated them both as "important."
Contrary to rumors floating around the Internet, these fixes have absolutely nothing to do with Windows Vista Service Pack 1 (SP1), which Microsoft plans to ship in early 2008. Though the fixes are not currently available on Windows Update, you can download the fixes manually from the Microsoft Web site:
Windows Vista compatibility and reliability fix KB938194 (x86):
<http://www.microsoft.com/downloads/details.aspx?FamilyId=AE2F819D-C33D-48DB-A7E3-62EEF7C1F7C2>
Windows Vista compatibility and reliability fix KB938194 (x64):
<http://www.microsoft.com/downloads/details.aspx?FamilyId=5B7F1544-FEF3-4C80-AF1A-8B732DCB2756>
Windows Vista performance and reliability fix KB938979 (x86):
<http://www.microsoft.com/downloads/details.aspx?FamilyId=3FB80BB9-D832-425B-B42C-D3EB2071BBEC>
Windows Vista performance and reliability fix KB938979 (x64):
<http://www.microsoft.com/downloads/details.aspx?FamilyId=3FB80BB9-D832-425B-B42C-D3EB2071BBEC>
From Microsoft's Knowledge Base
URL: <http://support.microsoft.com/>
An update is available that improves the compatibility and reliability of Windows Vista
INTRODUCTION
This update resolves some compatibility issues and reliability issues in Windows Vista. By applying this update, you can achieve better reliability and hardware compatibility in various scenarios.
This update resolves the following issues:
An update is available that improves the performance and reliability of Windows Vista
INTRODUCTION
This update resolves issues that may affect some Windows Vista-based computers. These issues have been reported by customers who are using the Error Reporting service or Microsoft Customer Support Services.
By applying this update, you can achieve better performance and responsiveness in various scenarios. This update also improves the reliability of Windows Vista.
This update resolves the following issues on a Windows Vista-based computer:
URL: <http://www.winsupersite.com/faq/windows_7.asp>
With Windows Vista finally behind us, it's time to turn our attention to the next Windows client release, which is currently codenamed Windows "7", though Microsoft has used other code-names, like "Vienna" and "Windows Seven" in the past. Despite an almost complete lack of verifiable information about this next major Windows release, there are at least two excellent reasons to begin discussing this project now:
1. This Web site, the SuperSite for Windows, is dedicated to discussing upcoming Microsoft products, so it's only natural that I'd post a FAQ like this as soon as possible.
2. Microsoft isn't particularly interested in discussing Vienna yet. "The launch of Windows Vista was an incredibly exciting moment for our customers and partners around the world, and the company is focused on the value Windows Vista will bring to people today," Kevin Kutz, a Director in the Windows Client group at Microsoft said on February 13, 2007. "We are not giving official guidance to the public yet about the next version of Windows, other than that we're working on it. When we are ready, we will provide updates." This quote was provided after I wrote a WinInfo article denouncing recent news reports about Vienna, all of which provided absolutely no new information at all.
Clearly, what's needed is a central location for accurate information about Vienna. This is it.
Q: Is Microsoft working on an operating system after Windows Vista?
A: Yes. The next client version of Windows was originally codenamed "Blackcomb," though the company renamed it to "Windows Vienna" in early 2006 and to "Windows Seven" or "Windows 7" more recently.
Q: Why Windows 7?
A: Since Windows Vista is really Windows 6.0, Windows 7 will presumably be version 7.0.
Q: Is Windows 7 the final name?
A: No. Like Vienna, Windows 7 is just a codename and will likely change prior to the OS' official release.
Q: I heard that Windows Vista will be the last major OS release from Microsoft. Is that true?
A: No. Windows-based PCs will continue to form the center of our digital lifestyles, and as Microsoft executives have noted in recent days, there are still plenty of areas in which Microsoft can improve Windows. Some obvious examples include voice recognition and storage.
Q: So is Windows 7 going to be a major Windows version?
A: Yes. Windows Vista was a major release, and Windows 7 will be also be a major update. Microsoft is currently on a development path where every other Windows version is a major release, so it's possible we'll see a minor OS update between Vista and Windows 7.
Q: When will Windows 7 ship?
A: Microsoft currently plans to ship Windows 7 in 2010, about four years after Vista. (Windows Server updates are on a similar cycle.)
Q: What features will be included in Windows 7?
A: Microsoft hasn't publicly committed to any features for Windows 7 and the company is currently still deciding what this next Windows release will look like. We do know a few things about Windows 7, however: It will include a new version of Windows Explorer that is being built by the same team that designed the Ribbon user interface in Office 2007. It will likely include some form of the "Hypervisor" (Windows Virtualization) technologies that will ship shortly after Windows Server 2008. It will also likely include the WinFS (Windows Future Storage) technologies, though they won't be packaged or branded as WinFS. Microsoft says it might also make a subscription-based version of the OS available to consumers, but that's still in flux.
Q: That's it?
A: Remember, it's early yet and Microsoft is being very secretive about future Windows versions. However, the company has publicly issued a bit of information about the broad capabilities it intends to include in Windows 7. This information comes from a publicly-available Microsoft slide deck:
Easier. Windows 7 will make it easier for users to find and use information. Local, network and Internet search functionality will converge. Intuitive user experiences will be further advanced. Automated application provisioning and cross-application data transparency will be integrated.
More secure. Windows 7 will include improved security and legislative compliance functionality. Data protection and management will be extended to peripheral devices. Windows 7 will advance role-based computing scenarios and user-account management, and bridge the inherent conflicts between data protection and robust collaboration. It will also enable enterprise-wide data protection and permissions.
Better connected. Windows 7 will further enable the mobile workforce. It will deliver anywhere, anytime, any device access to data and applications. It will enable a robust ad-hoc collaboration experience. Wireless connectivity, management and security functionality will be expanded. The performance and functionality of current and emerging mobile hardware will be optimized. The multiple device sync, management and data protection capabilities in Windows will be extended. Finally, Windows 7 will enable flexible computing infrastructures including rich, thin and network-centric models.
Lower cost. Windows 7 will help businesses optimize their desktop infrastructure. It will enable seamless OS, application and data migration, and simplified PC provisioning and upgrading. It will further efforts towards non-disruptive application updating and patching. Windows 7 will include improved hardware- and software-based virtualization experiences. And it will expand the PC self-help and IT Pro problem resolution diagnostics in Windows.
Q: Will Windows 7 be available in both 32-bit and 64-bit versions like Vista?
A: Though I had expected Windows 7 to ship only in 64-bit versions, Microsoft now says it will be the final Windows version to ship in both 32-bit and 64-bit versions.
Q: Will Microsoft release any Windows updates between now and Windows 7?
A: Yes. Windows Vista Service Pack 1 (SP1, codenamed "Fiji") will ship simultaneously with Windows Server 2008 in early 2008 and will include a new kernel version that makes that release up to date with the kernel version in Longhorn. Fiji will almost certainly include a revision to the Media Center software in Windows Vista as well. For these reasons, we might consider Fiji a major release for a service pack. Certainly, no previous service pack has ever included a major kernel update.
--Paul Thurrott
February 14, 2007
Updated March 20, 2007; July 22, 2007
URL: <http://www.microsoft.com/technet/sysinternals/default.mspx>
What's New (August 8th, 2007)
Tcpview v2.5
(http://www.microsoft.com/technet/sysinternals/utilities/tcpview.mspx)
This update to Tcpview adds support for Vista, including IPv6, and displays counts of active and connected endpoints in a status bar.
Process Monitor v1.21
(http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx)
This release adds XML as a new export format, includes performance optimizations, and fixes a number of minor bugs.
PsExec v1.85
(http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx)
PsExec v1.85 adds a new switch that takes advantage of new memory and I/O priorities on Vista, -background, for running processes with low CPU, memory and I/O priority.
ToC
James Bannan
11th August 2007
URL: <http://apcmag.com/6929/vista_sp1_in_depth>
It's no secret that there's a leaked beta of Vista SP1 floating around, but no-one yet has really taken the time to analyse it in detail to find out what it really does.
I made it my mission this weekend to trawl through the registry and file changes in SP1 to find out as best I could exactly what SP1 does.
First up, I can say that there is a very noticeable performance increase. It is obvious that since Microsoft released Vista to manufacturing, it has been optimising the code ever since. (I suspect this revelation will fuel the fires of the people who say Vista was released before it was ready for prime-time.) There's far less hard drive thrashing and in general the system seems much smoother and more responsive.
Amusingly, the build of SP1 we saw (which in this beta comes fully integrated into a 3.2GB Vista install DVD, rather than as a standalone update) still has Microsoft's internal network shares embedded as the source of the updates. For example:
\\\\winbuilds3\\longhorn_SP1Beta1\\longhorn_SP1Beta1 \\6001.16549.070628-1825\\x86fre\\packages\\ServicePack"
Not that that info is really useful to anyone, but it mildly tickled our curiosity bone (next to the funny bone) to see the file layout of Microsoft's internal distribution shares.
The first noticeable change is obviously the version number. Windows Vista has a build number of 6.0.6000, whereas this build is 6.0.6001 (full version number is 6001.16549). This is quite interesting as one of the much-anticipated (and officially acknowledged) changes in SP1 was to bring the Vista kernel up to the same kernel as that used in Windows 2008 (version 6.1). It's possible that this aspect of the service pack is still in development, and not included in this version of the private beta.
Normally, service packs don't include new features - Windows XP SP2 being the standout exception. By and large this seems to be true of Vista SP1, although there is a new maintenance application called Create a Recovery Disc. This isn't the same thing as creating a backup of the system to DVD - instead this process creates a recovery DVD which you can use with system recovery options if you don't have an original Windows DVD or you can't access OEM recovery tools.
At this point in its development, SP1 comes installed with four updates:
There is a full list of suspected hotfixes that were to be included with Vista SP1 (check them out at <www.vistasp1.net>), but these four are not on the list. Unfortunately as the beta is not yet public, there's no publicly-accessible information out there about these updates.
However, some hours of digging around in the registry did uncover quite a bit of information, mostly to do with the package load of each update and the Windows components it influences (bear in mind that this information is current for this particular version of SP1 - it may change in the public beta and in the final release).
Poking around in the registry: reveals a surprising amount about the private life of an OS update
Service Pack for Microsoft Windows (KB936330) contains 133 individual packages and is by far the biggest of the updates, so will probably be the service pack as we think of it. It is applied to the following Vista components:
Service Pack for Microsoft Windows (KB937286) contains 28 packages. The bulk of the updates are applied to the Windows Help Core Client, but it also affects client packages for:
Hotfix for Microsoft Windows (KB937287) contains just one package, which is applied to the Servicing Stack, a component used in Vista imaging.
Update for Microsoft Windows (KB938371) contains three packages, which are applied to:
The services packs are very clearly directed towards backend services rather than frontend features. I pointed the SP1 system to Windows Update to see whether it needed any Vista updates, and it didn't. So as expected, all Vista updates since Vista was released (and there haven't been many) have been bundled into SP1.
The Vista SP1 packages: you can uninstall them from the SP1 build if you so desire, and return to bog standard Vista RTM.
This service pack isn't to be confused with two enhancement packs which were leaked to the public a few weeks ago, and then officially released by Microsoft with virtually no fanfare on the 8th and the 9th. These two updates address compatibility and performance features in Vista.
The "compatibility" update (KB938194), improves the compatibility and reliability of Windows Vista in the following scenarios:
The performance update (KB938979), improves the performance and reliability of Windows Vista in the following scenarios:
That last one is wonderfully vague. And I've certainly experienced the estimated time remaining problem, so I'll be applying that particular update.
Both updates are available for 32- and 64-bit versions of Vista.
Because the packages bundled into the service pack aren't labelled by their KB number, it's hard to say with certainty whether these updates have been incorporated.
There are many rumours flying around as to when SP1 will be released, but there's nothing really concrete. The best that can be said is that the public beta is due later in the year, with the final release happening sometime in 2008.
The big question is whether the hint of a service pack on the horizon will encourage businesses to hold off deploying Vista, especially if they're contemplating Windows Server 2008 as well. This isn't a situation Microsoft wants, but if it's generally known that Vista SP1 has substantial advantages of non-SP1, it's difficult to make a business case for early adoption.
Personally, I haven't had too many problems with Vista to speak of, but if this private beta is anything like the final release, it can't come soon enough. I want those performance improvements on my main desktop machines!
ToC
[Editor's Note: My thanks to Kevin Hisel for submitting all the preceding articles in this section of the newsletter. Thanks to Jon Bejerke for all the following articles in the PC Section.]
ToC
Gregg Keizer, Computerworld
Friday, July 20, 2007 5:00 PM PDT
URL: <http://www.pcworld.com/article/id,134908/article.html?tk=nl_dnxnws>
Microsoft Corp. Thursday said that it expects Windows XP, the operating system supposedly made moot by Windows Vista, to make up a significantly larger part of sales in the coming year.
During a conference call with analysts following the earnings results release Thursday afternoon, Chief Financial Officer Chris Liddell said the company has changed its fiscal year 2008 forecast from an 85/15 split in sales between Vista and XP to a 78/22 split. Windows XP sales will, in other words, be nearly 50 percent higher in the next 12 months than Microsoft had estimated earlier.
"We fine-tuned the Vista/XP mix for next year" during the company's usual budgeting last month, said Liddell. "We changed it from 85 percent to 78 percent. Now, it's a lower number [for Vista], but it's still a very high number overall from our perspective, so 78 percent Vista mix in terms of sales next year."
According to Liddell, Microsoft will generate the same revenue, more or less, under the new Vista vs. XP numbers, although there might be some slight differences because Vista sales have tended to involve more of the higher-priced versions, dubbed premium by the company, than has XP. The financial forecast didn't spell out that directly, however. The only clue was a US$120 million difference in what Microsoft pegged as the "undelivered elements" it assigned to unearned income for the coming year.
"Undelivered elements" are revenue set-asides to account for as-yet-unknown upgrades and enhancements to software. The set-aside shrunk from $660 million in the last 2008 forecast to $540 in the estimate presented Thursday.
"Because of that change [in the OS split], then the amount of undelivered element that comes from Vista is slightly lower than it would be otherwise," Liddell explained.
His remarks caught the attention of Michael Cherry, analyst at Directions on Microsoft, a Kirkland, Wash.-based research company. "What that seems to say is that XP has stronger legs than you would expect after the release of a new operating system."
Clues that users aren't ready to ditch XP have not been hard to find. In April, for example, Dell Inc. retreated from its earlier Vista-only position and announced it would return XP to the operating system choice list for consumer PCs. Three months before that, Microsoft extended support to Windows XP Home and XP Media Center to match Windows XP Professional's drop-dead date of April 2014.
"Most of the machines I see pitched in catalogs are in the $700 range, certainly under $1,000," said Cherry. "Computers with that amount of hardware are a better fit for XP. With Vista's requirements, people may be thinking about sticking with XP, and putting less money into the hardware."
It's possible, Cherry added, that Microsoft might find itself forced to recognize more reality in the future. "At some point, they might have to consider limiting the availability of XP" to push people to Vista.
The software developer has made at least one move in that direction already. In mid-April, it announced it would terminate sales of Window XP to resellers and retail after Jan. 31, 2008. Users' reactions were almost unanimously negative.
ToC
Posted By Bink on August 7, 2007 at 8:52 PM
URL: <http://bink.nu/Article10707.bink>
These are the fixes that leaked last week, now the fix packs are publicly available. Big Smile [:D]
Funny how it says "to improve the performance of Windows Vista in certain scenarios". Confused [8-)] Well believe me, it will improve in all scenarios! So download and install these right away. I'm not sure when they will appear through Windows Update.
Update for Windows Vista for x64-based Systems (KB938979)
Update for Windows Vista (KB938194)
Update for Windows Vista (KB938979)
Update for Windows Vista for x64-based Systems (KB938194)
This is a reliability update. Install this update to improve the reliability of Windows Vista in certain scenarios.
ToC
Posted: Monday, July 16, 2007 8:13 AM by Qblogger
URL: <http://blogs.technet.com/homeserver/archive/2007/07/16/ship-it.aspx>
Woo-hoo! We did it. Today we are announcing that Windows Home Server has been released to manufacturing (RTM). We have finalized the software and now handing it off to our OEM partners. The evaluation version (with 120 day evaluation period) and the system builder version are also heading into the distribution channels and will be available in the next couple of months. French, German and Spanish versions will be finalized shortly, and OEM products will hit retail shelves this fall.
We're also excited to announce Iomega and Fujitsu-Siemens Computers (FSC) as new OEMs planning to ship Windows Home Server products later this year.
[Editor's Note: For more check out the link above.]
ToC
by Paul Thurrott, <thurrott@windowsitpro.com>
After a bewildering series of high-profile rumors about the supposed imminent release of Windows Vista SP1 appeared on various Windows news and rumors sites and blogs in the past few weeks, Microsoft took the unprecedented step this week of denying all of them. Reports suggested that Microsoft's previous timetable for Vista SP1, which would see a public beta by the end of 2007, was wrong; instead, we were told, Microsoft would ship SP1 in final form by the end of 2007 and would ship a beta in July. Then, reports of a so-called Vista SP1 Windows Driver Kit (WDK) download on the Microsoft Connect site triggered another round of wishful thinking and heady news reports.
All of this is, as it turns out, completely untrue. "There will be a Windows Vista service pack and our current expectation is that a beta will be made available sometime this year," a Microsoft spokesperson said, as first reported on Bink.nu. "Service packs are part of the traditional software lifecycle--they're something we do for all Microsoft products as part of our commitment to continuous improvement, and providing early test builds is a standard practice that helps us incorporate customer feedback and improve the overall quality of the product."
Here's what's really happening. Microsoft's previously stated schedule for Vista SP1--a public beta in late 2007 with the final release next year--is still on track, and the company has never altered its schedule since announcing that plan. The company will, however, issue an early pre-release version of Vista SP1 to a limited group of external testers, as it always does, sooner than that. This will not constitute the start of the technical beta for Vista SP1 or mark a public beta release.
As for that Vista SP1 WDK, well, that was just a typo. What Microsoft actually posted was a WDK for Windows Server 2008, the upcoming successor to Windows Server 2003 R2.
I'll be sure to report on Windows Vista SP1 when there's actually something to report.
ToC
by Paul Thurrott, <thurrott@windowsitpro.com>
URL: <http://www.windowsitpro.com/windowspaulthurrott/Article/ArticleID/96638/windowspaulthurrott_96638.html>
Microsoft has beaten a rival bid from Internet search giant Google to provide advertisements inside upcoming Electronic Arts (EA) video games that run via the LIVE network on the Xbox 360 game console and Windows-based PCs. EA is the largest maker of games on the planet and is responsible for such game franchises as Madden Football, Tiger Woods Golf, NHL Hockey, and NASCAR Racing.
The Microsoft deal is big for two reasons. First, the company was able to outperform market leader Google, and second, this deal encompasses the entire line of EA titles, which include many best-selling games that are updated every year. "It's a network play," says Cory Van Arsdale, chief executive of Massive, the in-game advertising company Microsoft purchased in 2006. Google purchased a similar company, Adscape, in March.
Although in-game advertising has yet to generate significant revenues, that's expected to change in the coming years as game makers and advertisers find innovative new ways to put advertisements and other product placements inside games. Worth more than $30 billion annually, the game industry is more lucrative even then the movie industry, and top-tier games now cost an average of $20 million each to create.
EA says that the deal with Microsoft covers only LIVE-enabled games because Microsoft's online game service is so pervasive and sophisticated. Console makers Nintendo and Sony offer much more rudimentary services, and EA says that those companies exert more control over the services, making a similar deal with them more difficult. Last week, Microsoft Video Game Chief Peter Moore left Microsoft to take charge of EA's sports games franchises. This deal is apparently coincidental to Moore's hiring.
ToC
Microsoft's massive new data center is being built with trucks running on fuel from canola oil.
Nancy Gohring, IDG News Service
Sunday, July 29, 2007 12:00 PM PDT
URL: <http://www.pcworld.com/article/id,135210/article.html?tk=nl_dnxnws>
Hydroelectric power isn't the only green energy driving Microsoft Corp.'s new data centers in eastern Washington.
The trucks ferrying cement to and from the massive building site and equipment used inside the first building are all powered with biodiesel made from Washington-grown canola oil, said the head of a company selling the biodiesel to Microsoft.
The construction company working on the new data centers approached Steve Verhey, the chief executive of Central Washington Biodiesel, with a problem earlier this year, he said. The company had built the shell, including walls and ceiling, of the 500,000-square-foot (46,451-square-meter), 11-acre building and found that laying the cement floor and finishing the rest of the interior presented a health and safety issue. That's because cement trucks and other machinery that run on diesel and propane emit harmful exhaust into the enclosed space.
They wanted to know if biodiesel might solve the problem, Verhey said. The exhaust from biodiesel contains half the carbon monoxide of regular diesel, he said. In addition, one gallon (3.78 liters) of biodiesel lets off just 1.5 pounds (0.68 kilograms) of carbon dioxide, compared to 22 pounds per gallon for regular petrodiesel, he said, so biodiesel has a much smaller impact on the environment.
During their first meeting, the construction company decided to switch fully over to biodiesel for the project, he said. Seven cement trucks were working 12 hour days, six days a week for a while, running on biodiesel, until the floor of the massive building was complete, he said.
Microsoft spokesman Lou Gellos confirmed that the construction company is using biodiesel at the Quincy, Washington, site. "It smells like you're in a fast-food restaurant in there," he said. Biodiesel, which in this case is made from the same type of oil that is often used in restaurant fryers, can let off a scent similar to fried food when it's burned in engines. The first building there is now finished, he said.
The site also includes two 33,000 gallon tanks of petrodiesel to power generators for backup power, Verhey said. While those tanks were already full by the time he met the construction crew, Verhey would have been cautious about filling them with biodiesel because it has a shorter shelf life compared to petrodiesel, he said.
Microsoft and other big Internet companies are building massive data centers in eastern Washington and Oregon. Those regions offer cheap electricity powered by hydroelectric plants. According to the Washington State Department of Community Trade and Economic Development, the state is the leading hydroelectric power producer in the country.
Microsoft said the data center at Quincy will be its largest yet and that it was designed to have minimal or no carbon footprint. Yahoo Inc. is also building a data center in Quincy and Google Inc. is building one in Oregon.
ToC
The tool is designed to inform users when their applications need patching.
Jeremy Kirk, IDG News Service
Tuesday, July 24, 2007 6:00 PM PDT
URL: <http://www.pcworld.com/article/id,135031/article.html?tk=nl_dnxnws>
A Danish security vendor is offering a free tool designed to inform users when their applications need patching.
Secunia ApS released the beta version of Personal Software Inspector for download, a client program that periodically checks to see if new updates have been issued for some 4,200 applications.
After installation, the tool inventories a computer's software and versions. It classifies programs as "insecure," "end-of-life" or "up-to-date." The tool then runs when the computer is started.
When a patch is issued for a program on a user's computer, the tool displays a pop-up window in the lower right-hand corner of the screen, said Thomas Kristensen, Secunia's chief technology officer. Another panel provides a download link for the patch.
Personal Software Inspector is intended to get users to apply patches soon after release, as hackers increasingly are trying to exploit vulnerabilities in a wider range of applications. Users may also be uninformed about a new patch, Secunia said.
Some software programs, such as Apple Inc.'s QuickTime and the Firefox browser, will check on startup to see if patches are available and download and install those patches. But Kristensen said not all programs do this, and sometimes those mechanisms don't work properly.
"I'll argue we are more reliable than other update mechanisms," Kristensen said.
Other products, such as VersionTracker, will notify users when a new software version is available. But Kristensen said Secunia's software and service is focused on security, rather than merely alerting users when any new software version is released.
Secunia monitors the Web sites of a large number of software vendors for security advisories. Those advisories are put into a database, and the Personal Software Inspector polls the database periodically to check for changes, Kristensen said.
Secunia is licensing Personal Software Inspector to other vendors for use in security software suites. Two deals have been made so far, but Kristensen said he could not yet reveal the companies.
ToC
URL: <http://www.ubuntu.com/news/dell-available-in-europe>
Dell today unveiled two consumer PCs in Europe - the Inspiron 6400n and the Inspiron 530n - with the Ubuntu 7.04 Linux operating system factory installed. Available now in the United Kingdom, Germany and France, the systems are Dell's first steps to meet the needs of the Linux enthusiast community outside of the United States.
For full information about Dell on Ubuntu see <http://www.ubuntu.com/dell>
For Ubuntu in France see (from August 8th) <http://www.dell.fr/ubuntu>
For Ubuntu in Germany see (from August 8th) <http://www.dell.de/ubuntu>
For Ubuntu in United Kingdom see (from August 8th) <http://www.dell.co.uk/ubuntu>
ToC
by Adam C. Engst <ace@tidbits.com>
TidBITS#888/16-Jul-07
article link: <http://db.tidbits.com/article/9074>
This is just painful to watch. There's a company called Blendtec that makes a high-powered blender. To showcase its capabilities, they've done a number of hilarious "Will It Blend?" videos that feature a wide variety of objects being subjected to blending. They've destroyed a can of fake cheese, old toilet components, and even a garden hose. But for their latest spin de force, Blendtec put an iPhone into their demon blender, and... well, you'll just have to see what happens for yourself. Don't try this at home, not that any sane person would.
<http://www.willitblend.com/videos.aspx?type=unsafe&video=iphone>
ToC
Apple sold almost as many Macs as the still-declining Gateway sold PCs, a research firm says.
Gregg Keizer, Computerworld
Friday, July 20, 2007 1:00 PM PDT
URL: <http://www.pcworld.com/article/id,134889/article.html>
Apple Inc. has moved into a virtual tie for third place in U.S. computer sales, a research firm said this week, with Apple selling almost as many Macs as the still-declining Gateway Inc. sold PCs.
By IDC's estimates, the Cupertino, Calif.-based computer maker sold 960,000 systems in the second quarter, a 26 percent increase over the same quarter last year. That pushed the company into a dead heat for third place in U.S. market share with Gateway; each accounted for 5.6 percent of all computers sold last quarter. During the three-month period, Gateway sold 965,000 systems, a 7 percent drop from the1.04 million machines it sold in the same quarter of 2006.
Holding firm at No. 1 and 2 were Dell Inc. and Hewlett-