All posts by Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

The Evil in Automated DMCA Takedown Notices

Automated DMCA takedown notices is nothing new and almost all copyright holders use some sort of an automated DMCA takedown request system to do the dirty work for them. However, the fun starts when these automated systems go berserk. Recently, Microsoft started sending rogue DMCA takedown notices through its automated takedown system, which had developed a fondness for the number 45.

dmcaMicrosoft has already asked Google to censor over 5 million web pages over the last year. Stupid as it may seem, the recent failure in this automated DMCA system has raised mayhem. Google has been asked to censor reputed websites like BBC, CNN, The Washington Post, TechCrunch pages, multiple pages from Wikipedia, Rotten Tomatoes and the bummers — the US Government’s Environmental Protection Agency website and Science Direct volume 45!

TorrentFreak writes,

Claiming to prevent the unauthorized distribution of Windows 8 Beta the software company listed 65 “infringing” web pages. However, nearly half of the URLs that Google was asked to remove from its search results have nothing to do with Windows 8.

Google has its own control measures in place against these blatant takedown notices. It maintains a whitelist of websites like Wikipedia and BBC, which are protected from these rogue takedown notices. However, the lesser-known websites have taken a hit.

DMCA was born over a decade ago, and it has restricted illegal copying of copyright work successfully. However, it has also created an anti-competitive world where people use DMCA takedown notices as a tool to annoy competitors or in this case where an automated tool is being allowed to determine the fate of popular websites. There should be some accountability involved in DMCA takedowns, as this automated DMCA takedown ecosystem is clearly killing the Internet.

Wine 1.5.14 Brings Optimizations and Fixes for many Windows Games

In a recent development release 1.5.14, Wine has announced a number of new features. Wine is a popular application for Linux, which provides a Windows compatibility layer. It has been used to run games, applications, and a number of tools which are unique to Windows. In a survey conducted in 2007, over 30% of Linux users were found using Wine for running Windows applications.

winelinux_photo

Wine is a compatibility layer. It duplicates functions of Windows by providing alternative implementations of the DLLs that Windows programs call, and a process to substitute for the Windows NT kernel. This method of duplication differs from other methods that might also be considered emulation, where Windows programs run in a virtual machine. Wine is predominantly written using black-box testing reverse-engineering, to avoid copyright issues.

The latest development version has brought improved GIF support, JavaScript optimizations and URL caching. However, the two most notable changes are improvements in the shader compiler, and bug fixes for many Windows games. The Wine shader compiler is an emulation of the Direct 3D compiler (d3dcompiler) from DirectX. This ensures better DirectX performance in Wine, especially for video playback. Apart from this, there are numerous bug-fixes for games like Alan Wake, StarCraft and Oblivion. A Teamviewer crash issue has been fixed and the installer for Opera 12 does not crash anymore.

Valve recently announced a native Steam client for Linux and a native port of Left4Dead 2. As Valve releases more native ports, Wine will see a sharp decline in usage as most Wine users use it solely to run Windows games.

Valve to Kick off a Private Beta of Steam for Linux Next Week

Back in July, Valve started a blog and gave exciting news of Steam being ported over to Linux. This involved porting of Valve’s Steam client and some game titles over to Ubuntu Linux. On making the port, it was seen that Left4Dead 2 runs faster on Linux at a higher FPS, than on Windows. What started as “Steam’d Penguins“ back in July, is nearing its first milestone now, with Steam for Linux ready for internal testing from next week, and due for a private beta testing sometime mid-October.

Steam_Logo

In a recent blog-post titled “External Beta News“, the Linux blog at Valve has announced,

Things have been going well. We will be having an internal beta starting next week and a private external beta for 1,000 users sometime in October.

The internal beta will run only until next week, after which the Steam client will be released for a private beta. This private beta will be limited to 1000 users, and it is not confirmed whether the availability is on a first-come first-serve basis. However, Valve has talked about a signup page for the external beta, the link for which will be announced later.

As Valve brings Steam to Linux, gaming on Linux will become more exciting with native games being developed exclusively for Linux. Going further, Valve must also release Linux versions of its own game titles to support its Steam client. This porting of Steam will boost gaming on Linux, and create a new ecosystem for gamers and game-publishers.

Extremist Hacker Group Takes Down Wells Fargo Website

“Izz ad-din Al qassam” has become quite notorious over the last few days because of its series of attacks on US financial institutions. Last week, they targeted The Bank of America, The NYSE and Chase bank. Their modus operandi is a DDoS attack, and it speculated that they are being sponsored by the Government of Iran. However, they have denied any such political affiliation. Just like Anonymous and its affiliate hacker groups, they have taken to Pastebin to announce their wins.

Wells_Fargo

Apparently, this is the second week of their operation Ababil, and they explain their operation as:

In the previous announcements, we stated that we will not tolerate insulting exalted character of the prophet of mercy and kindness. Due to the insult, we planned and accomplished a series of cyber operations against the insulting country’s credit and financial centers.

Insult to a prophet is not acceptable especially when it is the Last prophet Muhammad (Peace Be upon Him). So as we promised before, the attack will be continued until the removal of that sacrilegious movie from the Internet.

The hacker group has a “timetable” for this week’s attack, with Wells Fargo, the US Bank and the PNC websites scheduled for Tuesday, Wednesday and Thursday respectively. The “Izz ad-din Al qassam” group has claimed that these attacks will continue until the movie defaming Prophet Muhammad is removed from YouTube. The movie has already resulted in a lot of violence in Syria, and now this cyber-warfare against the US is taking further toll.

You can read this Pastebin paste for the complete declaration.

(Via)

Amazon Ads and Amazon Store Integration Coming in Ubuntu 12.10

Canonical is finally taking some serious steps towards monetization of the Ubuntu platform. Ubuntu is the most popular Linux distro and is widely used by home users looking for an alternative to Windows. It has some serious revenue earning potential. The Firefox browser bundled with Ubuntu integrates Google search, which earns a major chunk of revenue for Canonical. Taking this monetization plan further, Ubuntu now wants to integrate affiliate plans from Amazon. Amazon offers an unmatched affiliate program and this will bolster Canonical’s revenue stream from Ubuntu. ubuntu_logo Olli Ries, the Director of Technology at Canonical has commented on a postat the Ubuntu Forum, saying,

Another addition is that we will be including Launcher web apps icons to Amazon and the Ubuntu One Music Store by default. We feel that these icons will provide convenient access to these resources for our users and also benefit the project with the generation of affiliate revenue in those cases that these resources are used.

The Ubuntu community is not very happy with this decision from Canonical, as this was announced after the feature freeze. People are already upset with Unity, and are increasingly shifting to a different desktop environment or a different flavor altogether. Canonical dominates Ubuntu and its development, and it has every right to make money from the distro it has worked so hard to create. For those that do not want the icon on their Unity dashboard, you can simply drag and drop it to the trashcan to remove it. However, Ubuntu has a close competitor in Linux Mint, without all the antics. It has to take wise decision to stay in the competition.

Raspberry Pi Web IDE

The Raspberry Pi has been developed from the ground up with freedom in mind. The amount of flexibility and control it offers over the device is commendable, and while this control is really enjoyed by enthusiasts, it comes with a price— a steep learning curve. The Raspberry Pi runs on Linux and getting started on Raspberry Pi includes getting started on Linux as a mandatory step. However, for those who want to enjoy the Raspberry Pi without these antics, Adafruit, a well-known DIY kit manufacturer has designed a Raspberry Pi web IDE that lets us run programs on the Raspberry Pi.

raspberry_pi

The implementation of the web IDE is such that there is a web-server that runs on the Raspberry Pi and we can connect to the web-server using a web-browser on our PC. All the code written here is stored on the cloud. While some might argue that this defeats the purpose of buying a Pi in the first place, as it requires a PC to program on, others see this as an important step in overcoming a learning curve. We cannot ignore the fact that this will not work towards making the Raspberry Pi accessible to the poor, though it will definitely work towards improving the adoption of the Raspberry Pi.

The $25 Raspberry Pi computer is specially designed and aimed at providing low cost computing. This initiative by Adafruit can significantly help those new to Raspberry Pi overcome some initial hurdles. Visit Adafruit to take a look at all the awesomeness they have created over the last seven years.

(Via: Slashdot)

Facebook Promoted Posts Rolling Out for Personal User Accounts

Facebook is serious about solving its monetization problems, and it has recently launched a monetization-focused feature. This latest feature is being rolled out slowly across user accounts, though we have seen it earlier on brand pages as promoted posts. It is the “Promote” link-button, and the call for action on the promote button says, “tell friends this post is important”. The behavior of these promoted posts is similar to that of promoted posts from brand pages. They simply appear higher on your timeline, and this feature clearly gives you more control over the placement of content on your personal profile page. However, Facebook is taking a huge risk here, as it is the first time that the user has to pay for a feature on Facebook.

facebook-promote

According to Inside Facebook, the feature was first spotted back in May, when it was dubbed as “Highlight”. Inside Facebook confirms the feature, saying,

People who have chosen to enable subscribers might be interested in the feature since they have a wider audience than most users. There may be other cases when a user would be willing to pay a few dollars to make sure that friends see a post, for example, a birth announcement, a post about looking for a roommate or a link for fundraising.

facebook-promote-posts

Promoting posts is a common feature across major players in this niche like Twitter, Foursquare and now Facebook. The behavior of the promotion is same across all these three as well; it simply pushes the promoted content higher up in your timeline of events or posts. However, this is the first time that promotion is being made available for personal user accounts. With its massive user base, Facebook will surely see good conversions from this monetization scheme.

To understand the feature better, you can always go ahead and read the “Promote” page.

Amazon to Compete against Google Maps with Its Amazon Maps API

After Google Maps made the folly of increasing its pricing, everyone is shying away from using Google Maps for their mapping solutions, and there could not be a better time for other players to launch a competing mapping solution of their own. Amazon took the cue, and has been quick to launch an Amazon Maps API, as part of its Amazon Mobile App SDK offering.

amazon-maps

Currently, the Amazon maps API is supported only on the Kindle Fire and the Kindle Fire HD devices. The new devices will also support location-based services through the Android location API, and a mapping service was absolutely necessary to complement those services.

The features on offer are pretty much standard, and include pan and zoom controls with an option for satellite view. The location API will be used to display custom overlays, as customized pin markers. Additionally, the Amazon Maps API also promises an easy migration from Google Maps.

The mapping data in this API is being provided by Nokia, as confirmed by Dr. Sebastian Kurme, a spokesperson for Nokia.

Amazon is licensing the Nokia Location Platform (NLP) for maps and geocoding.

Amazon´s decision to choose the Nokia Location Platform is further proof point that our competence in this space is a key differentiator also for other leading players in the industry to offer great location consumer experiences.

Currently, the public mapping space is dominated by Google at large, with Open Street Maps being its only competitor. Device and platform specific maps are provided by Apple and Nokia as well, but Nokia is clearly emerging as a major enterprise-mapping provider with most of Yahoo maps, Bing maps and now Amazon Maps being powered by its map data.

The Amazon Maps API is in its beta state currently, and requires developers to apply for access through the Amazon Mobile App SDK portal.

Google Claims Breakthrough in Cognitive Computing, Neural Network Learns to Search for Cat Pictures

It has been over 60 years since the term AI was first coined. Since then, the elusive human brain has fascinated us with its learning capabilities. The massively parallel network of synapses and neurons is practically impossible to replicate and that is why, there is no public record of a human brain being fully replicated with its full learning capabilities. The human brain has not gotten any better at improving itself in the last 60 years either (you can blame evolution for being slow), but we have created wonders using this brain, and “computational power” is undoubtedly one of those wonders.

Google_X_Neurons_Cat

But, what if we can build a machine using computational power that has the same learning capabilities as that of the brain? There are a number of limitations to that, though the biggest limitation is the remarkable power efficiency of the human brain. The cue is in massive parallelism. Currently, there is a well-known project by IBM known as the Systems of Neuromorphic Adaptive Plastic Scalable Electronics (SyNAPSE), which aims to achieve this goal in AI with its DARPA funding and IBM expertise. However, Google just sped ahead of IBM in AI, with its research at the Google X laboratories. Google’s neural network is built out of 16,000 computer processors, and is capable of performing complex tasks. One of those complex tasks is looking for cute cat pictures on the Internet, and the impressive fact is that the network has learned to search for these pictures on its own, without it being told to do so.

Daily Tech reports this, saying,

Thanks to the wealth of cat videos on YouTube, the cyber-brain eventually came to a single dream-like image representing the network’s knowledge of what a cat looks like.  The network was able to then able to recognize its favorite thing — cat videos, no matter what subtle variations merry YouTubers come up with to their feline’s appearance.

In short, although rough, the network has successfully simulated the human visual cortex. David A. Bader, the Executive Director of High Performance Computing at Georgia Tech College of Computing claims that the visual cortex can be simulated fully within this decade.

Google Gets Possessive About Android, Doesn’t Want Alibaba to Steal It

In a recent blog post on the official Android blog, Google is touting the importance of compatibility in the Android platform. Android is released under the Apache Open Source License, and its source is available at http://source.android.com. Google has spent a number of years nurturing Android, and bringing it to its present state. It has successfully created an ecosystem around Android, which has changed the mobile market, made it highly competitive. Today, we see smartphones with unmatched processing powers. A huge part of this growth can be attributed to Android, and Google has a right to be protective about Android.

alibaba

However, as Alibaba thought of forking Android and build a business around it in collaboration with Acer, Google got possessive about Android and threatened Acer’s position in the Open Handset Alliance. This shows how Google dominates the Android ecosystem, and what seems to be an open source mobile OS, is clearly in the possession of Google. Both Alibaba and Google are making mistakes of their own here. Alibaba does not want to accept that its mobile OS is an Android fork, and Google wants Alibaba to join the Open Handset Alliance. However, Alibaba is probably forking an open source project without giving back, and Google is threatening Acer (Alibaba’s partner) to save the Android ecosystem, especially the Open Handset Alliance, which can take a blow from this move by Alibaba. It is hard to decide who is less wrong here.

In China, Alibaba is the equivalent of Amazon and its business is about to zoom past that of Amazon and eBay. Alibaba entered a partnership with Acer for an Android device, the CloudMobile A800. This device was supposed to be powered by Aliyum OS, a fork of Android. Aliyum was developed by AliCloud, a subsidiary of Alibaba. Although Alibaba claims that Aliyum is not related to Android, Google claims that it is indeed based on Android and it has been seen that Android apps run fine on Aliyum too. Aliyum already powers two smartphones in China. Clearly, Google has a reason to be worried but the outcome of that worry should not be an anti-competitive move like this.

WhatsApp Uses a Potentially Insecure Authentication Mechanism

WhatsApp has been criticized earlier for lax security on multiple occasions. In May last year, WhatsApp accounts could be hijacked without the user knowing, and another time in January this year, the status of a WhatsApp user could be changed remotely. Both these vulnerabilities were fixed soon. However, a concern that lived on was that WhatsApp sends communications in plaintext. This vulnerability was found in May 2011 and it was not fixed until May this year. However, the most insecure vulnerability on WhatsApp is simply in its authentication mechanism.

whatsapp-messenger

The Wikipedia page for WhatsApp outlines its Technical Specifics as,

WhatsApp uses a customized version of the open standard Extensible Messaging and Presence Protocol (XMPP).Upon installation, it creates a user account using one’s phone number as username (Jabber ID: [phone number]@s.whatsapp.net) and an MD5-hashed, reversed-version of the phone’s IMEI as password.

An interesting analysis by Sam Granger points out how easy it is to leverage this information, and actually get access to a user account. Who would have thought that WhatsApp uses exactly the same mechanism as written on the Wikipedia page, no salting of the hash, no obfuscated MD5 variant; in short, no deviations from what is written down!

WhatsApp has to get its security straight. It is under constant criticism for over a year now, and it is time WhatsApp is the first to make a security related move, rather than someone pointing out flaws and it going ahead and patching them.

For an intriguing discussion on this topic, read this Hacker News thread.

Al-Jazeera Hacked by Syrian Hacker Group Al-Rashedon

Al-Rashedon, a Syrian hacker group has hacked a slew of Al-Jaeera websites for their reporting of the unrest in Syria. The hack affected Al-Jazeera’s English and Arabic websites, and left them defaced with this image on Tuesday.

al-jazeera-hack

The group posted a message to Al-Jazeera as seen in the image, saying,

In response to your stand against Syria (Government and the People) And your support to terrorist groups in addition to spreading lies and made up news.. We have hacked your website and this is our retaliation.

The Syrian hacker group accuses Al-Jazeera of spreading fabricated news and supporting armed terrorist groups. Although Syria has another known hacker group called the Syrian Electronic Army, there was no word from them on this hack. Al-Jazeera has not commented on the hack officially either.

Qatar based Al-Jazeera takes a lot of heat from dictatorial governments like Egypt, Syria and the Saudi kingdom for its aggressive coverage of the instability in the region. Al-Jazeera also saw an exodus of journalists over biased reporting of the situation in Syria. A few months ago, the official Twitter account of Al-Jazeera was hacked by Assad loyalists. The political scenario in the Middle East is quite tense and disturbing, and perhaps, Al Jazeera is being dominated by the Government to reflect its own foreign policy. However, this is a clear indication of what can happen in a modern day political war, where everything is driven by computer technology and is equally vulnerable.

Over a Million Apple Device UDIDs Leaked by Hackers as Part of AntiSec

Back in August this year, NSA general Keith Alexander addressed the DefCon crowd for the first time and called upon hackers to join the NSA and strengthen the cyber-security infrastructure of America. However, on being asked whether the government keeps profiles of Americans and spies on them, he went into the usual denial mode. However, William Binney, a former Technical Director at the NSA (also present at DefCon) assured that this spying was indeed happening and that is the reason he left NSA back in 2001.

keith-alexander

Now, hacker groups have gotten hold of clear proof that the FBI is spying on people. They have released a huge announcement, as part of the #AntiSec movement, and the FBI is trumped. This Pastebin announcement has a long rant and a list of doxes that were obtained from the FBI laptop.

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS  devices including Unique Device Identifiers (UDID), user names, name of device,  type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

The hack is so popular; it has become the most visited Pastebin paste ever, within 24 hours. However, it also raises questions. What is the FBI doing with 12 million Apple UDIDs? Why is the data lying on a laptop, unencrypted? There are too many unanswered questions here. Apple and the FBI should come out with a response.

Update: The FBI denied possessing any such file.

Twitter Based Earthquake Detection System Puts Behind Sensor Based Systems in Detection Time

The US Geological Survey (USGS) has created an earthquake detection system based on Twitter alerts. The system was being developed as a pet project by a student, and the USGS funded it later with funds from the American Recovery and Reinvestment Act. Clearly, the USGS saw a good future prospect in the project, and the funding is beginning to prove fruitful.

During the recent earthquakes in Philippines, the USGS’ Twitter Earthquake Detection (TED) system was able to give early warnings, much before any of the sensor-based systems in place. This is groundbreaking, as sensor-based systems take anything between 2 to 20 minutes to detect an earthquake, but the TED system is almost instant. The official page for TED describes it as,

@USGSted  (USGS Tweet Earthquake Dispatch) distributes alerts for earthquakes worldwide with magnitudes of 5.5 and above. We may modify this criteria in the future to tweet alerts for more earthquakes of potential interest. @USGSted earthquake tweets contain a magnitude descriptor, location, origin time, and a link to the USGS webpage with the most recent information about the event.

In the recent Philippines earthquake, the TED system detected tweets and the location of the earthquake in just one minutes and seven seconds. Systems like TED are good for augmenting traditional earthquake detection systems based on sensors. However, they also suffer the risk of being gamed by an overwhelming amount of tweets crying wolf.

This reminds me of an XKCD comic.

seismic_waves

You can follow the TED twitter account for latest earthquake warnings. Also read how Twitter is being used for emergency calls in Japan.

Gnome Comes Back to Ubuntu, a GNOMEbuntu Flavor Planned for the Next Release

Gnome is not in as bad a shape as we thought earlier. Recently, there have been talks of Ubuntu considering a Gnome only edition, like we have Kubuntu or Xubuntu. There is no evidence for this news, but it seems apparent from this Ubuntu forum thread. From what started as a simple question, the thread attracted lots of interested people, developers came together and pretty soon, they were found discussing names for this distro. A true community indeed! there is no fix on the name yet, and the name GNOMEbuntu was dropped recently, as the Gnome Foundation does not permit this naming scheme. The last choice is between GNObuntu and Gnubuntu.

gnome_logoPCWorld discusses the software package for this new distro, saying,

Along with Compiz, the new GNOME Ubuntu will reportedly use the Rhythmbox music player as well as the Epiphany browser, Evolution for e-mail and workgroup functions, the Abiword word processor, and the Gnumeric spreadsheet package. Neither Firefox nor LibreOffice will be preinstalled, according to the report.

While on one hand, Canonical is touting Unity, this community effort brings back Gnome, an environment that most Ubuntu users are familiar with. Nonetheless, the customization offered by Gnome is miles ahead of Unity, and this is something Unity will not be able to match for some days. The development team for ubuntu Gnome edition is already in place, and there are seven members already working on this. The next challenge for GNOMEbuntu was to join the official distro party at Canonical and it has made it! If everything goes well from here, we will definitely see a Gnome version of ubuntu 12.10, due to release in October.