Over the last few years, we have seen a number of exploits and vulnerabilities in Java. Oracle released Java 6 update 39 earlier this month fixing several security bugs. This was probably the last security update for Java 6, as Oracle had said earlier that there would be no security updates for Java 6 after February. However, you will be surprised to know that there are some top-notch organizations that still ask you to install age-old versions of Java.
Sitebuilder is one such tool from Yahoo! Sitebuilder can be used to whip up really simple websites within a few minutes. It is not the kind of tool developers would boast of, and I do not know anyone who uses it. However, the tool very much exists, and is distributed by Yahoo!. Most of us would not care about using it, but there are people who would want to skip the technical knowhow and just the website out.
Here comes the interesting part- Yahoo Sitebuilder comes with Java 6 update 7, which came out back in the summer of 2008. That version of java is severely flawed and outdated. The Sitebuilder tool cannot be blamed either, as it talks about support for Windows Vista at best, which makes it look like no one at Yahoo! cares about Sitebuilder either! However, what is of importance is that Sitebuilder is being distributed by Yahoo! and given the number of hacks and malware Java is attracting lately, Yahoo! should take care of this and thus prevent the spreading of Java vulnerabilities.
The Pirate Bay – Away From Keyboard (TPB-AFK), the documentary about The Pirate Bay (TPB), and its founders Gottfrid Svartholm Warg (Anakata), Fredrik Neij and Peter Sunde (brokep), was released a few hours back. It took over four years to complete and tells the story of the lives of the founders of TPB. The movie was released online and also featured at the Berlin International Film Festival this year. The film has been made by Swedish filmmaker and producer Simon Klose, who followed and documented the court cases involving TPB.
Currently, Anakata is serving a prison sentence after being arrested in Cambodia and Peter and Fredrik are wanted. The case also included the CEO of TPB Carl Lundström, and all four of them were sentenced to one year in prison each and were ordered to pay damages of USD 3,620,000 in total. Although Carl Lundström’s prison sentence was reduced to four months, which is over now, he had to pay additional damage charges.
The title “Away From Keyboard” is symbolic of the harsh realities of life away from the keyboard where the Pirate Bay trio would face a court trial away from their online lives. Cases like these push the boundaries of reality and make us wonder just how orthodox and stagnant the media industry is, when it comes to copyright. This movie lays case for copyright reforms.
The full documentary is available on YouTube and it is released under a Creative Commons License.
Additionally, there is crowdfunding page for the movie at the official website. If this movie interests you, there are two more documentary films called Steal This Film (2007) and Good Copy Bad Copy (2007), which feature the police raids on The Pirate Bay.
MS research and the UN have planned to undertake the massive task of simulating the ecosystem of the entire world. The plan has been revealed in a recent Nature article titled “Ecosystems: Time to model all life on Earth”. The article is behind a paywall, but for those who can access it, the link goes here. Work on this project has been undertaken at the World Conservation Monitoring Center (WCMC) of the United Nations Environment Program (UNEP), and scientists from Microsoft Research and the WCMC are working together on this project.
The scientists working on this project specialize in biodiversity assessment, and claim that,
This type of model could radically improve our understanding of the biosphere and inform policy decisions about biodiversity and conservation.
As part of this project, the team of scientists will build General Ecosystem Models (GEMs), which will simulate environmental processes like reproduction, migration, death, and feeding. This will provide valuable statistical data to plan and design conservation efforts for the ecosystem. A similar model called the General Circulation models (GCMs) is already in place, which is used to simulate climate changes as well as oceanic changes across the world.
The project is focusing on development of a number of competitive and cooperative models instead of a single model. This will keep the development process competitive, and will create a number of simulations that can exchange ideas and improve over time.
Here is a short interview on Forest Dynamics by Drew Purves, who is also the head of the Computational Ecology and Environmental Science Group at Microsoft and a part of the GEMs project.
The long wait is over finally, as Kim Dotcom is back with his rejuvenated version of Megaupload. The new website is being called Mega, and it has been launched a few minutes ago. Mega comes with a bold tagline of “BIGGER. BETTER. FASTER. STRONGER. SAFER”, which sounds both appealing and challenging at the same time. The launch day also commemorates the Megaupload takedown, which affected Kim Dotcom’s personal life adversely. This launch has an undertone of revenge!
As a service, Mega is still in its beta stage. It boasts of being “The Privacy Company” and offers 50 GB of storage for free users, and strong encryption. With these features, it might give Google Drive, RapidShare, Dropbox and all other cloud storage solutions a tough competition.
The Mega website also quotes the Universal Declaration of Human Rights, Article 12, stating,
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence. Everyone has the right to the protection of the law against such interference.
This reboot of Megaupload enforces 2048-bit RSA key encryption of all data stored on the Mega servers. They even have a fancy name for it — User Controlled Encryption (UCE). This solves two problems. The encrypted data cannot be sniffed by anyone without proper authorization, which will keep the user safe from prying eyes, as only his own key can be used to decrypt the data. Moreover, this will keep Kim Dotcom out of trouble because he cannot be held responsible for encrypted data stored on his servers.
Visit the new Mega at mega.co.nz.
There was a time when RIM could do no wrong. It enjoyed a dominating market share in North America, and enjoyed a massive cult status. With the advent of iOS and Android, things changed rapidly and the tables were turned on RIM. However, things are about to change now. Recently, RIM demoed its Blackberry 10 OS back in December last year, and people have been waiting for the January 30th launch of Blackberry 10 since the day Network world posted that awesome video.
As we get closer to the launch date, RIM has thrown in another surprise with its portathon event.
Alec Saunders, VP, Developer Relations at RIM was spotted tweeting,
The portathon event was held in two parts, one where only Android developers were asked to port their apps to Blackberry 10, and another where apps written in Appcelerator, Maramalade, Sencha, jQuery, PhoneGap and Qt were to be ported. The total number of ported apps stood at 15,000 after 37.5 hours. RIM was also offering $100 for every successful porting and submission. Some might call that bribing, but RIM shares have reached a new high after the event, and this is a good sign.
RIM had to realize eventually that this is what people want from a phone, and after this move, there might just be a chance for RIM to make a strong comeback. Although Blackberry 10 might not bring new features to the table, an overhaul like this had become imminent for its survival.
Two days ago, security professional Gaurang Pandya made an interesting discovery about the browser that comes bundled with the Nokia Asha 302, or pretty much any Nokia feature phone. The browser uses a proxy to route its traffic instead of hitting the requested server directly. This led many people to believe that Nokia is performing a MITM attack on their connection. Now, it would be wrong to refute those claims, because this indeed is a MITM technically. However, it is too early to jump to conclusions here.
Nokia uses its Nokia/Ovi proxy servers pretty much the same way any other browser manufacturer uses its proxy servers — for transcoding, resulting in data compression and faster browsing. Amazon’s Silk browser does it, Opera Mini does it, but with a slight difference. Others, who do it, are not handset manufacturers. Nokia, on the other hand, is a handset manufacturer and this allows it to proxy HTTPS connections as well. So, how does this work?
Nokia has control of your device (at least during the manufacturing process), and it cunningly includes a fake certification authority (CA) on your device. With this fake certificate issuer on your device, the proxy server can now decode your data because it is signed with a public key for which, the proxy server will have private key [Public Key Cryptography]. The proxy server in turn sends the data to the actual server, only this time, signing it again with a certificate issued by a proper CA. The outcry in this case was that HTTPS connections could also be hijacked by the proxy servers at Nokia, which is not possible with Opera Mini or other browsers that use proxy servers.
So, is there reason to be worried? Of course there is. However, is there reason to blame Nokia? No. There is just reason enough to ask better questions, like how secure are these proxy servers?
Following the plan to open source its Simian Army gradually, Netflix has now open sourced the Janitor Monkey tool. This is the second Simian tool to be open sourced by Netflix after the source for Chaos Monkey was released to the public in July last year. The Simian Army at Netflix is used to manage cloud services and the last offering of Chaos Monkey was used for stress testing. As a whole, this Simian Army suite is well designed to perform a multitude of actions on cloud services.
The legend behind Janitor Monkey goes as follows:
At Netflix, when we analyzed our Amazon Web Services (AWS) usage, we found a lot of unused resources and we needed a solution to rectify this problem. Diligent engineers can manually delete unused resources via Asgard but we needed a way to automatically detect and clean them up. Our solution was Janitor Monkey.
In short, the Janitor Monkey comes in handy when disposing of unused resources. The Janitor Monkey service runs in Amazon Web Services (AWS) and it can be scheduled to perform regular resource cleanups.
Although Netflix is calling this an open sourcing of the entire tool, it seems like Janitor Monkey have not been open sourced entirely. Only modules that are generalized for other cloud services have been made available under the Apache 2 license.
The source code for Simian Army tools are made available on Github, as and when they are released. Netflix had also open-sourced its Asgard tool in June last year, which was not a part of the Simian Army, but deals with cloud services.
Gaming on Linux is getting more interesting by the day. Valve has updated its Steam December Survey to include Linux statistics. This is Valve’s first month with Linux and even though the Steam for Linux system is still in a beta stage, Linux users already account for 0.8% of total Steam users. This figure is expected to increase once Steam for Linux comes out of beta, and reaches more Linux distros. Nonetheless, this is a good start for Steam for Linux.
The Steam hardware and software survey is explained as,
Steam conducts a monthly survey to collect data about what kinds of computer hardware and software our customers are using. Participation in the survey is optional, and anonymous. The information gathered is incredibly helpful to us as we make decisions about what kinds of technology investments to make and products to offer.
In other statistics, Windows 7 64 bit is the leading operating system with more than 50% of the total user share and the favorite primary display resolution of Steam gamers is 1920×1080. While 60% of all Steam users use Mozilla Firefox, only 11.56% of them were found using Google Chrome, which is surprisingly low (lower than Internet Explorer at 19.82%) given Google Chrome’s market share.
Another interesting fact is that the number of Steam users on 64 bit versions of Ubuntu 12.10 and 12.04 are almost double that of 32 bit users (unlike Windows 7, where 64 bit users are four times of 32 bit users), which is probably for Physical Address Extension (PAE).
Television has run on the cable model for as long as we can remember. Channel subscriptions always come in bundled packages, and more often than not, we end up subscribing for the bundle just to get those few channels. That is not a very efficient way of doing things and Intel has a grand plan to change this scenario. Intel is joining Apple and Google in the IPTV race. However, the unique selling proposition here is that Intel’s service would allow us to subscribe to individual channels of our preference, instead of complete bundles. The project has been developed in secrecy, and this is the first time anyone has heard of it.
The product will be made available to a limited set of beta-tester customers in March, and will be made available through an internet connection. This makes the service independent of any cable provider. The service will also include games, on-demand shows and Intel’s app marketplace.
Much of this effort is being worked upon by the Microsoft Mediaroom team, with Jim Baldwin as the VP of this program at Intel. Intel has the expertise in chip manufacturing, and it has also stuck just the right deals with Hollywood to keep this product profitable for everyone.
The project will not be showcased at CES this year. Moreover, there are many unanswered questions here. Some people are skeptic about content providers actually wanting to accept this model. Others have speculated that as the prices for these individual channels will be adjusted in such a way that the profitability per channel remains the same in both these systems. At the end of the day, the consumer will probably still end up paying the same amount overall.
The new year has started on a disturbing note for Citibank and Bank of America (BoA), as Al-Qassam Cyber Fighters have started attacking them with a DDoS. The attack is not a surprise, as it was announced back in December last year. This is the second phase of their Operation Ababil, which started on 27 December, last year. The operation seems to have one agenda only — to get the controversial anti-Islamic video removed from YouTube and to stop the organized western offensive against Islam (if there is such a thing).
The first phase of Al-Qassam’s attack took place in October, after which they took a break for Eid al-Adha. The list of targets for this second phase includes US Bancorp, JPMorgan Chase, Bank of America (BoA), PNC Financial Services Group and SunTrust. The hackers at Al-Qassam said,
In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks.
The hackers are extremely confident about their mission and have been able to cause temporary interruption of services in BoA and Citibank. While Bank of America has been attacked earlier in the first phase, Citibank is being attacked by Al-Qassam Cyber Fighters for the first time.
Citibank has announced about the disruption in service on its official Twitter account.
This hacker collective does not have any affiliation with Anonymous, and is one of its kind as it has risen to defend Islam, unlike other hacker groups.
The free software foundation has started a campaign to prevent restricted boot from becoming an industry standard in hardware. If you were living under a rock lately, restricted boot is exactly the kind of evil that will kill the PC, as we know it. Restricted boot is being sold as UEFI and although it is marketed as a security feature, it is a well-devised mechanism to create a vendor lock-in for Windows 8. That means, if your PC is secured with UEFI 2.2, you will not be able to install any operating system whose bootloader is not signed.
Although the original EFI specification was developed by Intel, it was done with the Windows OS in mind. With this move, custom kernels will be a thing of the past, as the kernel must be signed with the developer’s private key and the OEM should ship its PC with the required key alongside the Microsoft key.
Currently, the campaign by FSF has gathered 40,000 signers who support the FSF in this movement, and want to rid the world of this evil. The campaign’s appeal page goes here, and it outlines plans for the next year.
Currently, Ubuntu Linux 12.10 supports UEFI secure boot by loading GRUB though a workaround, and then proceeding with the boot. Beside this workaround, Canonical also has its private key, which will be used on certified OEM PCs. From what it seems, you need to be a big corporation to be able to fiddle with an x86 PC now.
The Linux Foundation also announced back in October that it would start working on its own version of a minimal UEFI bootloader signed with Microsoft’s key. However, it is still waiting for Microsoft to give them a signed pre-bootloader.
A few days ago, YouTube released statistics for its biggest channels and it was seen that over two billion video views were missing from them. The worst hit group was Universal, which lost around 1 billion views, followed by Sony losing over 850 million views. However, the lost views were not all fake video views. This YouTube stats of two billion lost views included views from videos that were deleted over a year ago and moved to the Vevo channel instead.
Some people speculated that the real reason for these lost views was the Black Hat SEO that these music labels used to project a higher view count. However, the lost views from these channels must have appeared on Vevo, which was hosting most of these videos now. The matter was later explained by Alex Ham from Billboard, who reported,
For Universal and Sony, that meant thousands of music videos that over the past three years slowly have migrated to the VEVO channel, which is jointly owned by the two companies.
Vevo collaborated with YouTube back in 2009, and has been a major revenue generator for YouTube. However, it also caused a major change in the number of views of videos from major record labels. As the web is moving towards richer forms of media, videos have an important role to play and video views are an important factor in search ranking of videos.
Join this discussion on Reddit for some speculation on this matter.
Over the last two years, a number of hacker collectives have successfully ridiculed existing cyber-security measures and this has brought up the need for a major overhaul in security. MD5, which is the most abused hashing technique, is over two decades old now, but it is still in use at many places, mostly because it is part of some legacy code that was never changed. The world of cryptography has taken the next step to security as BLAKE2 is here.
BLAKE2 is the advanced version of the BLAKE algorithm, which was a finalist in SHA3. The official page for BLAKE describes it as,
The cryptographic hash function BLAKE2 is an improved version of the SHA-3 finalist BLAKE. Like BLAKE or SHA-3, BLAKE2 offers the highest security, yet is fast as MD5 on 64-bit platforms and requires at least 33% less RAM than SHA-2 or SHA-3 on low-end systems.
While BLAKE2 is advocated as being a secure hashing function, it is also as fast as MD5, which might be a reason for concern, but the developers of BLAKE2 have said on their mailing list that BLAKE2 has better security and at-par performance with MD5. From what it seems, they are proposing BLAKE2 as a viable alternative to MD5. The use-case for BLAKE2 is not replacing the existing Keccak algorithm for SHA3.
Many a times, people stick to MD5 for a performance benefit. With its superior performance and better security, BLAKE2 will be a nail in MD5’s coffin.
Some software releases develop a notorious reputation for being in development for a prolonged period, so much that people almost forget about them. Enlightenment 0.17, also known as E17 is one such release, which has arrived after 12 years in development. To put things in perspective, that is how old the PlayStation 2 is!
Enlightenment has many advantages over other window managers. It is a full-fledged platform with libraries to create intriguing user interfaces rapidly. Known as the Enlightenment Foundation Libraries (EFL), this suite realizes a complete framework, with the window manager forming an integral, but not a decisive part.
The window manager is a lean, fast, modular and very extensible window manager for X11 and Linux. It is classed as a “desktop shell” providing the things you need to operate your desktop (or laptop), but is not a whole application suite. This covered launching applications, managing their windows and doing other system tasks like suspending, reboots, managing files etc.
The project has a huge growth potential as the Enlightenment Windows manager can work on a variety of devices (architectures). The next step should be packaging the release for various distros, which would facilitate a wider adoption. If this final step is not executed with care, this prolonged development effort will go to waste. Moreover, this step should come sooner for more people to be able to try out Enlightenment 17.
All the intricate details are well documented at this page. Also, check out the release announcement here.
The internet has an intangible presence in everyone’s lives nowadays, and it has grown into a strong content production and consumption platform with a worldwide audience. Some of the world’s most popular businesses are driven through this medium, and overall, the Internet is the one thing that has made life so much better for everyone. However, the Internet has been around for a few decades now, but it is still requires some decision making when it comes to transferring files over the Internet. This XKCD sums it up pretty well.
Email services have limits on the size of files that can be transferred. Recently, Dropbox was able to fill the gap with its file storage and syncing service. Now, Gmail is making it easier to transfer large file to your peers, by integrating its email service with its cloud storage service— Google Drive. Gmail has allowed email attachments up to 25 MB until now, but with Google Drive, we can send files up to 10 GB in size through Gmail. This is 400 times of what was once allowed.
The Gmail Drive integration comes with a new feature, which also checks if the file being shared has the correct permissions. The Gmail blog announces the new feature, saying,
Whenever you send a file from Drive that isn’t shared with everyone, you’ll be prompted with the option to change the file’s sharing settings without leaving your email. It’ll even work with Drive links pasted directly into emails.
The feature is available for those with Gmail’s new compose interface, and will roll out for all users over the next few days.