PengPod Brings a true Linux Tablet with Dual Boot

There are a number of Android tablets in the market, but very few of them are marketed as being purely open devices. There are some other manufacturers as well, who have taken a shot at creating Linux based tablets, but have never been popular. The open-source tablet ecosystem is dominated by Android, which provides an unmatched experience with its apps. However, PengPod might change this notion with its dual boot tablet, which runs on both Android and Linux.

This dual boot tablet is powered by an ARM Cortex A8 processor and has a MALI 400 GPU with OpenGL support. It runs on an 800 MHz DDR3 RAM extendable up to 1 GB. The PengPod supports a max of 2160p video playback, and has an USB port, an HDMI port and is quite powerful. The processor has a low power consumption for its specs, which gives it a high power efficiency. The Allwinner Linux kernel source is open source and is well maintained, and this has been a big help for the PengPod tablet.

The tablet is priced at $120 and it would not be wise to expect a Nexus 10 like finesse from this tablet. However, it is a great attempt, and they are running a fundraiser on Indiegogo that will go towards improving the project.

Our experience has proven it takes a lot of time to locate, research, build and run all the pieces needed for a working A10 Linux system. We are working to coalesce all these parts into a stable image so users can be up and running right away. Our time is precious and every hour we can avoid redoing something that already works is another we can spend hacking!

Learn more at Also, consider making a donation at this Indiegogo campaign.

After, faces a Security Breach

The cluster saw a security breach on two of its machines on Sunday. Following the breach, was taken offline, and although most of it is back online now, some deprecated projects are being removed. The FreeBSD project has not been able to confirm the existence of trojans, but users are advised to be vigilant about the possibility.


The breach was made possible by a leaked SSH key, which affected a few clusters. This is not a result of a hack, but a classic example of people being the weakest point in security. FreeBSD has stepped up in its efforts to mitigate this risk, and a part of its response reads,

As a result of this event, a number of operational security changes are being made at the FreeBSD Project, in order to improve our resilience to potential attacks. We plan, therefore, to rapidly deprecate a number of legacy services, such as cvsup distribution of FreeBSD source, in favor of our more robust Subversion, FreeBSD-update, and portsnap models.

Although the rogue developer had no access to the FreeBSD base systems, he did have access enough to compromise the third party packages. is conducting security audits and will come out with news of possible breaches if any. The full compromise report and safety precautions are available at this page.

Government Surveillance Grows by 25% over the Last Year

Google is reporting a serious rise in government surveillance over the last year. This rise can be attributed to the rapidly evolving political, economic and military scenario all over the world. The news has been posted on the Official Google blog, and the graph suggests an accelerate rise over the last year. In its sixth Transparency Report, Google has publicized the number of Government requests made over the last six months, and taking this into account, there has been a total increase of 25% over the last year.

user data

The data shared by Google as part of these requests, includes,

Most of these user-data requests come from The United States, India, Brazil, France, The United Kingdom and Germany. However, while Google complies with over 90% of all these requests from the United States, the compliance for other countries ranges between 40% and 65%.

Two trends are evident from this report. First, the US government has stricter controls over Google and can demand (and eventually get) more amount of data out of it, than other countries. Second, the same set of six countries has always dominated the top user-data requester positions. Not to mention, many of these countries have had either political or economic tensions in the recent past.

If the Government wants user data so badly, there has to be proper accountability. This is exactly the kind of big-brother surveillance that people resent, and guess what! It has never been easier for the Governments, with all these online services curating more data than ever available earlier.

The only solution to this problem is that any online service storing user-data must encrypt the data using a key that is exclusive to the user and is his private property. Proper information for using this private key should be include in the privacy policy, and all users whose data is being requested be intimated well in advance, so that the choice is theirs whether to give up the data, and not of the company holding the data.

Another Day, Another Patent Troll — This Time over SSL

Meet Erich Spangenberg. This Texan is the owner of TQP, a company that like any other patent troll has not produced anything worthwhile, but has a popular patent under its belt. The company has only two employees, Spangenberg himself, and Michael Jones who filed a patent back in 1989. This was a crucial patent for the web as its title reads,

Encrypted Data Transmission System Employing Means for Altering the Encryption Keys

Although the patent was filed back in 1989, TQP acquired the patent only in 2006 and has been sitting atop the patent ever since, suing most of the big brands from the IT and internet industry. The patent covers the use of SSL over the web.


TQP is a perfect example of a patent troll, but a lot has to be wrong with the current patent system as well. A network-related patent filed back in 1989 is being granted 17 years later. To put this into perspective, the World Wide Web was invented back in 1989, and so was the patent.

TQP has made a living out of suing companies from various verticals over the last five years. So far, it has sued 500 companies, including Google, Apple, HP, Intel, Amazon, Dell, Electronic Arts, Adobe, Wells Fargo, Bank of America, HSBC, Walt Disney, United Airlines and even Exxon Mobil. As we can see here, the patent is so broad that TQP can sue every other company out there that has a website and encrypts its pages. What does Spangenberg have to say about this?

When the government grants you the right to a patent, they grant you the right to exclude others from using it.  I don’t understand why just because SSL is prevalent, it should be free.

Spangenberg has over 247 companies, that do nothing other than owning certain patents and filing lawsuits, but this SSL patent has to be the golden goose. The patent has already faced re-examination once but has not been revoked. What surprises me is that companies like Apple and Google that believe in the web are falling easy prey to this SSL patent troll! If anyone, these companies should have defended the right to use SSL.

(Image via)

Zero-day Adobe Reader Exploit Being Sold in the Black Market

Adobe Reader is notorious for having security flaws and these flaws are always exploited eventually. By now, you might have lost count of the number of times exploits have been discovered for Adobe’s PDF reader. However, what is interesting this time is that this unknown security flaw has made its way to the black-market and is selling at a considerably high price. This is not a hacker group trying to get some adrenaline flowing from hacking Adobe Reader. This qualifies for organized crime, and Adobe has no clue of what it can do to curb this problem.


The research on this exploit has been carried out by Group-IB. Group-IB is based off Moscow, and is the country’s leading computer security-company. A spokesperson for Adobe, Wiebke Lips, says,

Adobe will reach out to Group-IB. But without additional details, there is nothing we can do, unfortunately— beyond continuing to monitor the threat landscape and working with our partners in the security community, as always.

Adobe was not contacted by Group-IB over this exploit and the exploit is rumored to sell in the black market at $50,000. This is a significant blow for Adobe, as it introduced a sandbox for Reader X. The sandbox was supposed to hold ground against unknown exploit. However, if this exploit really is working, the sandbox has obviously failed and has provided a false sense of security until now.

The exploit works on Microsoft Windows, and starts only after the user closes his web-browser or Reader application. For now, it would be safer to switch to an alternative to Adobe Reader.

Of Voting Machines and Accurate Miscalibrations

The whole world watches closely as the next president is being elected in the United States. The results of this election will affect many decisions the world over. In the midst of this world-changing event, an interesting and embarrassing matter has come to light. A voting machine in Pennsylvania was found to have an amusing miscalibration. Pennsylvania is the sixth most populous state in the US, and the news has attracted a wide coverage from major media outlets.

The miscalibration seems to be with the on-screen vote button for Barack Obama, which places the vote in favor of Mitt Romney instead! The touch vote for Romney works just fine, and so do the other two buttons for two other candidates. The irregularity has been discovered by a Reddit user who goes by the name of “centrapavote”. He commented on the video showing the glitch around five hours ago, and has become the talk of the town since it was submitted to Reddit by his friend.

There are three manufacturers involved in making voting machines for this election, and one of them has links to Bain Capital, which has links to Romney. However, this is not the first incident of voting machines behaving badly. Voting machines are far from secure and this is a well-established fact. These machines have been ridiculed enough by hackers at DEFCON.

A similar issue was detected with a voting machine in North Carolina too. These voting machines are designed for one single purpose, and they failed to do just that! Somewhere, someone in charge of QA is having a bad day.

Kim Dotcom Teases the Mega Relaunch with the Domain

Back in August, Kim Dotcom was spotted talking about revenge for the intimidation that the police had caused him. He tweeted about his plans for a comeback of Megaupload. Soon thereafter, there were talks of a mega plan for a relaunch of Megaupload that would be secured with encryption and now, Kim Dotcom has teased a revamped Mega website with the final launch to happen on 19 January 2013.

Currently, redirects to , which looks quite interesting. It promises of a better Megaupload, which will be harder to take down for the Government, and explains this as,

In the past, securely storing and transferring confidential information required the installation of dedicated software. The new Mega encrypts and decrypts your data transparently in your browser, on the fly. You hold the keys to what you store in the cloud, not us.


The date of 19 January has significance, as Dotcom was arrested and his beloved Megaupload shutdown on 19 January this year. This makes 19 January the one-year anniversary of his arrest. Dotcom has the domain in place, but he is reportedly looking for a hosting provider, which is located outside the US.  This will save the content and the website from DMCA.

Besides Megaupload, Dotcom also launched a music service called MegaBox, back in July. Dotcom is having a busy after his arrest, and perhaps this arrest has provided his Megaupload business the much needed reboot.

Patent Troll Sues Microsoft Over Windows Live Tiles

Microsoft has just launched Windows 8 and it has already been downloaded over 4 million times in four days. With the launch of Windows 8, Microsoft has also attracted a patent troll that claims its rights over the Live Tiles used on Windows 8, Windows Phone 8 and the Surface tablet.


A company called SurfCast that claims to design operating systems is suing Microsoft for the use of Live Tiles. If you visit the SurfCast website, you will clearly see that their technical expertise is still stuck in the 1990’s but their legal and patent-trolling expertise seems to have kept pace with the industry. SurfCast owns four patents, one of which deals with Live Tiles. The verge writes,

SurfCast owns US Patent #6,724,403, which was filed in October 2000 and issued in April 2004. Broadly, the patent covers selecting a variety of information sources, assigning each of those sources to a tile, and updating those tiles at variable refresh rates.

SurfCast defines its own patent as,

Tiles can be thought of as dynamically updating icons. A Tile is different from an icon because it can be both selectable and live — containing refreshed content that provides a real-time or near-real-time view of the underlying information.

This is as abstract as it gets, because this description matches all kinds of widgets.

Live Tiles constitutes the flagship UI of Windows Phone and Windows 8. Microsoft showed off the Windows 8 UI for the first time back in June 2011. It has been 16 months since then, and Microsoft has come a long way with Live Tiles. SurfCast on the other hand, own this patent for the last eight years, and has been sitting atop it all this time, waiting for someone to use it so that it can cry foul.

HSBC Bank Employee Resigns and Steals Customer Information on the Way Out

Back in March of 2010, HSBC had a huge and embarrassing data breach where an employee resigned and stole details on the bank’s private operations in Switzerland. Around 24,000 accounts were compromised in that theft, and more than 15,000 of those accounts are still active. Although HSBC Bank claimed that the stolen data could not be used to access accounts, a data breach is a data breach and the manner in which it happened was suggestive of lax security on the spot. An investigation followed the incident and HSBC bank invested in better security in their Swiss office.


This time, HSBC bank customers had a deja vu when HSBC bank reported that another employee has pulled off the same stunt (resign, steal customer records and walk out) in California. The information contains HSBC Bank customer account numbers, account types, phone numbers and names. HSBC bank has also sent a letter to its customers, an excerpt from which reads:

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call or contact your local law enforcement and file a police report. Get a copy of the report; many creditors want the
information it contains to absolve you of the fraudulent debts. You also should file a complaint with the FTC at or at 1-877-ID-THEFT (877-438-4338). Your complaint will be added to the FTC’s Identity Theft
Data Clearinghouse, where it will be accessible to law enforcers for their investigations.

Although the data breach took place last Saturday, HSBC Bank did not report it before this Tuesday. As remedial measures, HSBC Bank is offering one year of subscription to ITAC Sentinel, a credit card monitoring service. But will that make existing customers feel any safer?

Did Google Really Boast of 700,000 Apps in Play Store?

The most important part of a mobile ecosystem is the availability of apps, as it drives adoption.  A higher number of apps on a platform attracts more developers creating a self-sustainable ecosystem. Although Google and Apple are fighting a tough battle for dominance in the mobile space, Apple is still winning for many reasons.


Back in September, Apple announced that their App Store had hit 700,000 apps. Now, Bloomberg has reported that Google’s Play Store is also reaching 700,000 apps, and this threatens Apple’s dominance in the mobile space. However, I am a bit skeptic about how this news is spreading like wildfire. Google may have reached 700,000 apps in its Play Store, but is there any word on that from Google? Last I checked, the Nexus 4 page says there are 675,000 apps in the Play Store.

Did Bloomberg mean to say that “675,000” is the same as “about 700,000″? Following Bloomberg, almost all top tech-blogs are reporting with certainty that Play Store has indeed reached 700,000 apps and most of them are citing Bloomberg as their source. What surprises me is that if this really is big for Play Store, why is there no word on this from Google?

I am not very pleased with the prospects of Play Store reaching 700,00 apps even if it did. Google needs to put better quality control in place for the Play Store, something that Apple has perfected over the years. Half of the apps on the Play Store are utterly useless, rigged with malware or simply copies of apps from the App Store. There are very few apps on the Play Store that would make me proud of being an Android user, and it is not getting any better. Perhaps, Google should give this number battle a backseat, and start focusing on quality instead.