126
Living Room / Re: Tech News Weekly: Edition 45-09
« on: November 08, 2009, 04:48 AM »
You just beat me, was about to msg you the URL for the news, and to say how much I LOVE that acronym!!!!
Ehtyar.
Ehtyar.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
| Hi all. Enjoy  As usual, you can find last week's news here. |
Though jailbreaking an iPhone certainly opens up opportunities to add functionality that Apple doesn't approve of, it can also make an iPhone less secure. Several Dutch iPhone users found that out the hard way after a hacker attacked a number of vulnerable phones on T-mobile Netherlands and tried to extort €5 from them.
It appears one enterprising Dutch hacker used port scanning to identify jailbroken iPhones on T-mobile Netherlands with SSH running. Enabling SSH is a common procedure for jailbroken iPhones, allowing a user to log in via Terminal and run standard UNIX commands. Unfortunately, iPhones all have a default root password that many forget to change after jailbreaking, leaving their phone as vulnerable as a Lamborghini parked on a public street with the windows down, the doors unlocked, and the keys in the ignition.
The more Google products you use, the more data it collects about everything you do online—your search history, your emails, the blogs and news sites you read, which videos you watch on YouTube, your news alerts, tasks ,and even shopping lists. For some of these, you need to explicitly grant Google permission to keep track of data associated with your profile.
But it’s hard to keep up with everything Google is tracking.
So now the company is launching a Google Dashboard, which will give you a high-level summary of everything Google knows about you by virtue of the Google products you use. This might include how many emails are in your inbox, recent subject lines, which YouTube video you’ve watched lately (yes, all of them), appointments on your calendar, and more.
When the news broke earlier this week that the so-famous-you've-never-heard-of-it BlueBeat.com was both streaming and selling The Beatles remasters—and for 25¢ a track—we speculated that an entertainingly weird legal theory was at the root of this behavior.
We just had no idea how weird it was.
WE MUST be mad. Telstra is obliged under the universal service obligation to offer telephone customers a basic telephony service for $30 a month. The Rudd Government wants to replace this with a new service - the national broadband network - which on the most favourable assumptions will cost customers $60 to $70 a month for a basic telephone service.
And to ensure customers will take up the new service, the Telstra copper wires that enable the $30 a month service will be ripped up.
This is called levelling the playing field for fair competition. But this is not the end of the gouging of Australian telephone users.
"Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well. Although this research has focused on the implications specifically for HTTP as the application protocol, the research is ongoing and many of these attacks are expected to generalize well to other protocols layered on TLS.
There are three general attacks against HTTPS discussed here, each with slightly different characteristics, all of which yield the same result: the attacker is able to execute an HTTP transaction of his choice, authenticated by a legitimate user (the victim of the MITM attack). Some attacks result in the attacker-supplied request generating a response document which is then presented to the client without any certificate warning or other indication to the user. Other techniques allow the attacker to forward or re-purpose client certificate authentication credentials."
Efforts to bring advanced typography to the Web have reached an important milestone. Type designers Tal Leming and Erik van Blokland, who had been working to developing the .webfont format, combined forces with Mozilla's Jonathan Kew, who had been working independently on a similar format. The result of the collaboration is called Web Open Font Format (WOFF), and it has the backing of a wide array of type designers and type foundries. Mozilla will also include support for it in Firefox 3.6.
WOFF combines the work of Leming and Blokland had done on embedding a variety of useful font metadata with the font resource compression that Kew had developed. The end result is a format that includes optimized compression that reduces the download time needed to load font resources while incorporating information about the font's origin and licensing. The format doesn't include any encryption or DRM, so it should be universally accepted by browser vendors—this should also qualify it for adoption by the W3C.
With the newest DNA sequencing technology starting to reach the market, we're seeing a bit of a bifurcation. Some of the methods can do long reads, covering hundreds of bases, and provide data that's appropriate for assembling a genome that's never been sequenced before. Others produce lots of shorter reads, which can only be aligned to a genome that we know the sequence of already. What good is repeating a completed genome? Potentially quite a lot, if that genome happens to be human and, more particularly, yours, since it can provide information on medically relevant issues like disease risks and drug efficacy. The goal here is to make this so cheap that sequencing a person's genome could be routine.
A big step in that direction may have been taken by a company called Complete Genomics, which describes the methods it used to sequence three human genomes in a paper that will be released by Science today. The system described in the paper combines some clever variants of well known molecular biology techniques to read massive amounts of DNA fragments that are, in total, about 65 bases long. But, because the materials used for the reactions are so common, even the enzymes can be purchased cheaply. That allows Complete Genomics to bring an entire human genome in while spending less than $5,000 on materials. All that, plus an error rate of less than one base in 100,000.
| Hi all. Enjoy As usual, you can find last week's news here. |
A pair of German physicists claim to have broken the speed of light - an achievement that would undermine our entire understanding of space and time.
According to Einstein's special theory of relativity, it would require an infinite amount of energy to propel an object at more than 186,000 miles per second.
The police and intelligence services are calling on the Government to drop plans to disconnect persistent internet pirates because they fear that this would make it harder to track criminals online.
Lord Mandelson, the Business Secretary, has vowed to use the Government’s forthcoming Digital Economy Bill to introduce new measures to fight illegal file-sharing of music and films. He has also proposed that persistent pirates should have their internet connections suspended temporarily.
Xerox researchers have invented a kind of ink that can conduct electricity and be used to put electronic circuits on top of plastics, film, and textiles. That means in the coming years we’ll be able to wear or bend our electronics. You could even print out your electronic gadget on plastic sheets, as if you were printing a document.
Silicon chips have long been too expensive or heavy to use in devices that are extremely lightweight. The Xerox team solved this fundamental problem with lighter materials, and it plans to sell the new materials to other businesses that could make wearable electronics.
Initial reports said that hundreds of thousands of people watched YouTube’s Live U2 concert on Sunday night. Then reports yesterday raised the estimate to 2.5 million. Double that, and then double it again. 10 million is the real number of live streams that YouTube did that night, according to Variety.
That’s massive, and it’s obviously the biggest live streaming event YouTube has ever done. But even more impressive is just how smoothly it went. I watched about half of the two and a half hour show, and if there were any interruptions, I didn’t see any. I didn’t even see any hiccups, it was that good. I had the show running full screen on my desktop computer, and it was pretty great picture quality for live streaming video.
Sussex Police said the 6in to 8in cable was cut and removed from the area near Drusilla's roundabout in Alfriston in the early hours of Wednesday.
BT said telephone services to up 800 homes and businesses in Berwick were restored on Thursday evening.
The estimated cost of repairing and replacing the cable was £45,000.
Before now, typing http://clinteckergoa...bonedbyhisnewbicycle.كوم into a Web browser and actually arriving at a working domain was impossible. But thanks to a vote by the Internet Corporation for Assigned Names and Numbers (ICANN) Friday morning, it could become a reality sometime in 2010. The organization approved the "Internationalized Domain Name Fast Track Process," allowing a plethora of non-Latin characters to be used in domain name extensions and opening more doors to Internet users who don't speak Western languages.
The Fast Track Process, which begins in November, will enable countries to apply for new domain name extensions (such as .com or .net) in their own national language. This means that full domains will soon be available in Chinese, Korean, Arabic, Hindi, and more. Previously, ICANN allowed the registration of domain names with non-Latin characters—so, for example, http://clintecker他的新自行车骨骼山羊.com—but the extension had to remain in Latin characters. Now, instead of being limited to the Latin alphabet, domain extensions will utilize some 100,000 new characters.
Google on Wednesday announced the beta release of a GPS navigation application for Android 2.0 devices.
The application is part of Google Maps for mobile. Android version 2.0 will appear on the upcoming Droid handset from Motorola and Verizon, and other manufacturers also plan to release handsets carrying the updated, Google-backed mobile OS.
I really don't like releasing anything 0.5f doneEpic nerd-humor creds there, I had to think for a second wtf you were talking about-ChalkTrauma (October 28, 2009, 07:35 PM)
Perl as a language, but the lack of progress on the interpreter and the standard library is truly astonishing. By the time Perl 6 is ready, no one's gonna know what it is. However, Perl can be used for just about anything a sysadmin needs to do (Goth Man will probably back me up there), so I use it very often. As a novice or dedicated Windows user, you *may* want to consider Python over Perl, but otherwise Perl still rules the roost IMHO.| Hi all. Well, either this week was a really sucky news week or I suck at finding it. Either way, I've got two funny videos this week in the hopes you'll all forgive me  As usual, you can find last week's news here. |
Mozilla has temporarily disabled Microsoft's WPF plugin for Firefox in order to protect users from a security vulnerability that was recently uncovered in the component. The vulnerability can be exploited when users visit malicious Web pages that contain specially crafted XAML content.
Microsoft issued an Internet Explorer patch to fix the vulnerability through its Windows Update mechanism on Tuesday. The IE patch is said to fully resolve the vulnerability for Firefox users in addition to users of Microsoft's own browser. Mozilla is concerned, however, that not all users have performed the Windows update yet. In order to protect users who are not yet patched, Mozilla has added Microsoft's plugin to its add-on blocklist, causing it to be automatically disabled by the browser.
France's Création et Internet law didn't pass muster the first time around, as the country's Conseil Constitutionnel ruled that major portions of the scheme violated the 1789 Rights of Man. The first draft of the bill tended too much toward "guilty until proven innocent," and it threatened a major sanction (Internet disconnection and a national blacklist on access) without judicial oversight.
The French government, bent on passing the law, retooled it and rammed it through the legislature a second time. It was promptly reported to the Conseil by the Socialists, but the Conseil today ruled (PDF, French) that the bill largely addresses its earlier concerns.
Rohan James Wyllie of Australia doesn't sound much different than your average voyeur intent on capturing a little secret video of his female roommate unawares. He drilled holes in the walls and ceilings, installed cameras, and created an elaborate network of surveillance equipment so he could keep tabs on the girl from the comfort of his bedroom.
After his roommates noticed suspicious lights and buzzing in August 2007, Wyllie was arrested. Eventually he pleaded guilty to charges of attempting to visually record the woman in question in a private place without her consent. Open and shut case, right? Not quite: Wyllie is now going free without a jail sentence.
Time Warner says that within the past week it has patched the problem until the manufacturer can provide a permanent fix, but before that it had allowed administrative access to the routers. Attackers could then run a variety of programs against these routers, says David Chen in his blog Chenosaurus.
Because the vulnerability let anyone anywhere on the Internet take over control of the router, they could launch attacks from within Time Warner customers' homes.
Vulnerability management vendor Rapid7 has purchased the popular open-source Metasploit penetration testing tool project and named Metasploit founder HD Moore chief security officer of the company.
Moore, who is synonymous with the Metasploit Project , will continue as chief architect of Metasploit in his new role at Rapid7. He'll have an initial team of five Rapid7 researchers dedicated to the open-source project, some of whom already have been regular contributors to Metasploit. Financial terms of the deal were not disclosed.
Holy crap. It seems that Google is going to have some pretty serious explaining to do this morning, as one of our readers has sent us in a tip that reveals a major security flaw involving Google Voice. After entering “site:https://www.google.com/voice/fm/* ” into Google, our reader was shocked and discouraged to be greeted by 31 voice mail messages belonging to random Google Voice accounts. Clicking on each revealed not only the audio file and transcript of the call, but it also listed the callers name and phone number as it would if you were checking your own Google Voice voice mail. We’re not too sure if this flaw is something new or if it has been around since Google Voice started, and could just be test messages, but needless to say the matter has to be fixed if it’s legit.
America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon.
In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.
Needless to say, that was all it took to get everybody else onboard.I'm not sure how that applies to the Linux Wi-Fi debate, Atheros is still the only major chipset maker with native Linux drivers since how long...?-40hz (October 20, 2009, 06:02 PM)
Get a USB adapter with an Atheros chipset and stop being such a jackass blaming Linux for vendor failures. Simple, no?-Ehtyar (October 19, 2009, 07:49 PM)
No. Especially not for a newbie.
Most manufacturers don't willingly provide information about which chipsets they use. Many vendors also periodically switch chipsets, occasionally doing so within a given product model's lifecycle.
I can't speak for the rest of the World, but in the US, Broadcomm chipsets (which are not at all Linux friendly) make up about 75% of what gets installed or is readily available.
IMHO, the major distros have two basic options for dealing with all the wifi hassles. They either need to figure out a way to resolve their stalemate with the manufacturers over getting workable drivers; or they can "bring the battle to their opponent's doorstep" by manufacturing their own affordable wifi hardware.
I'll bet if Shuttleworth (and some other NIX heavyweights) announced they intended to put some serious money into doing just that, the bulk of the hardware vendors would soon fall in line. Especially if said 'penguin-friendly' NICs also came with drivers for Windows.
Just a thought!-40hz (October 19, 2009, 09:55 PM)
| Hi all. Enjoy As usual, you can find last week's news here. |
Google has rolled out a feature that provides webmasters of compromised sites with samples of malicious code and other detailed information to help them clean up.
The search giant has long scanned websites for malware while indexing the world wide web. When it detects outbreaks, it includes language in search results that warns the site may be harmful and passes that information along so the Google Chrome, Mozilla Firefox, and Apple Safari browsers can more prominently warn users. Google also provides administrators a private list of infected pages so they can be cleaned up.
Texas Instruments has been making programmable calculators for longer than most companies have been making computers, and the company's current line of calculators uses a chip—the Zilog Z80—that once appeared in personal computers. So it's not surprising that a modding community has taken up the task of replacing the OS that runs the calculators. TI isn't pleased by the modders' efforts, though, and the company recently sent DMCA takedown notices to a group of bloggers who linked to information about the encryption keys needed to validate a new OS. But unfortunately for TI, it appears that the DMCA does not apply, since the keys aren't used to protect the existing OS.
The Wi-Fi Alliance has announced a new way for WiFi-enabled devices to connect to one another, even in the absence of a WiFi base station. The new protocol, dubbed "Wi-Fi Direct," will allow any device that implements the standard to connect directly to another device to send and receive data.
Previously codenamed "Wi-Fi peer to peer," the technology allows any device with WiFi to easily connect to another, such as a cell phone or camera to a printer, or even a keyboard or mouse to a computer. Devices can connect one-to-one or in a group. According to the Wi-Fi Alliance, devices implementing the new standard will even be able to connect to legacy WiFi devices in most cases.
Turns out that the Anti-Counterfeiting Trade Agreement (ACTA) will include a section on Internet "enforcement procedures" after all. And how many people have had input on these procedures? Forty-two.
ACTA has worried outside observers for some time by threatening to delve into issues not normally covered by "trade agreements." Topping the list are concerns about ACTA's possible use as a Trojan horse to shove tough Internet controls onto countries like the US at the behest of Big Content. It's been hard to tell exactly what ACTA will include, though, because the process has taken place in such secrecy and even when information has been released, the section relating to the Internet has been empty.
Microsoft has demonstrated that the dark side of cloud computing has no
silver linings. After a major server outage occurred on its watch last
weekend, users dependent on the company have just been informed that their
personal data and photos "has almost certainly been lost."
While occasional service outages have hit nearly everyone in the business,
knocking Google's Gmail offline for hours, plunging RIM's BlackBerrys into
the dark, or leaving Apple's MobileMe web apps unreachable to waves of
users, Microsoft's high profile outage has impacted users in the worst
possible way: the company has unrecoverable lost nearly all of its users'
data, and now has no alternative backup plan for recovering any of it a week
later.
TorrentFreak has reported before how pirates have been turned into cash cows by the copyright mafia. However, reliable statistics on how much money the entertainment industry and anti-piracy outfits make from illicit downloads have not yet been disclosed, until now.
The German-based anti-piracy outfit DigiRights Solutions (DRS) recently published an interesting PowerPoint presentation (in German) which shows how copyright holders can make millions from pirates. The document reveals some rather shocking statistics that show how illicit downloads are more profitable than legal downloads.
How many servers does Facebook have? For some time now, the stock answer has been “more than 10,000 servers,” a number the company began using in April 2008. Facebook has continued to use that number, even as it has soared past 300 million users and dramatically expanded its data center space.
We now have an update: Facebook has 30,000 servers supporting its operations. That number comes from Jeff Rothschild, the vice president of technology at Facebook, who discussed the company’s infrastructure in a presentation last week at UC San Diego.
If you have been blessing everyone around you with cell phone "performances" of Beyoncé's "Single Ladies," rest assured that your cell phone provider won't have to pay royalties on it. A federal court has ruled that ringtones played aloud in public are not infringing on the content owners' copyrights because they don't constitute a true performance. (In other news, children are still allowed to sing songs without paying royalties.)
Joking aside (actually, that's less of a joke than you might think), the ringtone argument was made by the American Society of Composers, Authors, and Publishers (ASCAP) earlier this year when it sued certain mobile carriers in the US in an attempt to force them to fork over royalties every time a customer's ringtone is played. Even though the carriers were already paying for download rights to the songs, ASCAP argued that each ring was a "performance" and therefore those download payments weren't enough.
That was good for me—was it good for you? Hang on, I need to tweet this.
If you have heard or uttered some variation of the above phrase anytime recently, you might be a social media user under the age of 35. Shopping site Retrevo.com recently investigated the grip that sites like Twitter and Facebook have on Internet users' lives and found that the under-35 crowd in particular is on the verge of needing social media rehab.
Retrevo discovered that those under 35 took the opportunity to tweet, text, and post to Facebook at times that might be considered inappropriate to an older generation. The most amusing statistic from this is, of course, the "after sex" column—36 percent of under-35 users admitted to checking Twitter/Facebook/texts immediately after getting it on, while only 8 percent of those over 35 fell into this category.
