HARDWARE - ASUS Xonar DS 7.1 Audio PCI Card

My WinXP desktop system's audio card was a bit 'long in the tooth.'  So I thought I'd search for a new one via Google.

I found something I did not expect, the ASUS Xonar DS 7.1 Audio PCI Card. (I bought via Amazon)

Why?  See below:

(click for larger view)

The Smart Volume Normalization (SVN) is something I've been waiting for ever since I discovered a way to have my iTunes/iPod do the same thing.  That is, play my iPod music without having to adjust between loud and low songs (set volume and forget).

For iTunes/iPod all I had to do is make sure to enable Sound-Check on both, and run a utility called iVolume.  iVolume fine-tunes the Sound-Check value by scanning each song and setting it to the master volume level you set in iVolume.  Which is what SVN does in the Xonar.

Here's the card:

(click for larger view)

Here's the Audio Center:

(click for larger view)

Note that I have SVN enabled (turquoise highlighted button) and the level bar-indicator is titled [Smart Volume].

The [ ^ ] opens the full menu list.

SVN works!  I set the master volume knob and everything plays at that volume.  No more having to adjust for differences between inputs (games, music, WEB, etc).

Xonar DS also includes Flex Bass which can be enabled for those who do not have a powered subwoffer speaker system.

CAUTION:  If you have a game that does NOT automatically detect a new audio card and run a configuration utility, you may have to start a new-game.  This is the case with Skyrim.

LINUX - Image for Linux

There is a very good drive imaging backup utility available Image for Linux from TeraByte Inc.

Startup dialog

As I have said in a previous post on backing up your hard drive, an image backup is the best.  Much better than any file backup.

Image for Linux backs up all USED sectors on your Linux hard drive, therefore [Restore] gets you your full (boot) hard drive back.  It can backup to CDs or another device, such as an USB Stick.  Well worth the price.

WARNING:  Make sure you have your USB Sick plugged-in BEFORE turning on your system to boot to the CD.  I use a 32gb USB Stick to backup my Ubuntu 13.04 laptop hard drive.

You get an eMail with your license keys, or you can copy/paste from your online recept.

Your download will be via an eMail with a special 24hr expiring link.  The downloaded ZIP file contains several other ZIP files.  You select the one you have the license for and.... see below... the ifl_en_gui.zip = Image for Linux (IFL) GUI version.

(click for larger view)

Extract ifl_en_gui.zip and you get all the other files seen above.

Run makedisk to write a bootable CD, and you will be prompted for your license key.  Just in case, you will need a CD/DVD drive that can write.

As noted in pic, you do not need to keep the files you unzipped.  AFTER you confirm you can boot to the CD and IFL works, you can delete these files.  You just keep the original downloaded ZIP file.

I highly recommend you get the PDF manual and save/print, and read.

I've used this IFL for a year now to backup, worked without a hitch.  But, thankfully, I have not used the Restore function yet.

Your IFL boot disk runs in Linux environment GUI with mouse.  You just go through each dialog.

LINUX- Ubuntu 13.04

Well, Ubuntu 13.04 is released.

My Ubuntu 13, GNOME Desktop (click for larger view)

Note the [Steam] desktop icon (launcher).  That's right, Ubuntu 13 has the Steam Client available from the Software Center.

The upgrade from Ubuntu 12.10 to 13.04, using the Software Updater when notified, was flawless.  Everything came back as before upgrade.  Only had to change a few settings because of new apps.

As to Steam:

The Steam Client runs very well.  The Store has a [Linux] tab that list Linux Games.  And there's the rub.  Not all games listed in the [Linux] tab run properly, which is NOT Steam's fault.  It is the game publisher's fault.

Here is a list of Linux games I've tried:

• Amnesia = Does not run at all.
• Anna = Runs, BUT the mouse speed is so high/fast that the game is unplayable.  And the Main Menu Option to set mouse speed cannot be selected.
• Postal (1) = Seems to run OK..... so far.
• Postal 2 = Runs the Running With Scissors [WARNING] dialog, that automatically closes, then nothing.
• Dungeon Defenders = Supposed to be new, but when started it goes through several Logo Dialogs [Press any key to continue], after those I got a blank-black dialog and that's it.  Even lost the mouse.  Had to use [Alt][F4] to force-close.
• Half-Life (1) - Runs very good, except for sound, an old reverb problem (need to find a way to disable)

The only reason I tried these?  They were cheap.

So when it comes to Steam's Linux game, beware.

CYBERCRIME - Robbers Hit ATMs for $45 Million Worldwide

"Cyber ATM Robbers Grab $45 Million Worldwide Within Hours" (Part-1) PBS Newshour 5/10/2013

JEFFREY BROWN (Newshour):  And we turn to a major cyber-theft, global in scope and raising new questions about our vulnerabilities in the digital age.

The thefts took place in broad daylight at ATM machines, and the thieves wore no disguises.

U.S. ATTORNEY LORETTA LYNCH, Eastern District Of New York:  This was a 21st century bank heist that reached through the Internet to span the globe.

JEFFREY BROWN:  U.S. authorities say the reach of the international cyber-crime was wide; 27 countries -- Russia, Japan, Egypt, Colombia, Canada and beyond.

The criminals hacked into companies that process prepaid debit cards for two banks in the Middle East, stole the data and then copied it onto doctored cards with magnetic strips.  Yesterday in New York, U.S. Attorney Loretta Lynch explained what happened next.

LORETTA LYNCH:  They become a virtual criminal flash mob, going from machine to machine, drawing as much money as they can before these accounts are shut down.

JEFFREY BROWN:  On Dec. 21st, thieves hit 4,500 ATMs in some 20 countries, stealing five million dollars.  Then on Feb. 19th, they upped their game.  In 10 hours, they stole $40 million dollars in 36,000 transactions worldwide.

In Manhattan alone, a team of eight so-called "cashers" allegedly made their way from ATM to ATM making 2,900 withdrawals totaling $2.4 million dollars.

Two of the suspects took photos of themselves and the stacks of cash they allegedly stole.  To round out the crime, authorities say the suspects laundered the money by purchasing luxury goods in the form of Rolex watches, Gucci bags and expensive cars.

"International ATM Cyber Hackers Hid 'in Plain Sight' to Overcome Computer System" (Part-2) PBS Newshour 5/10/2013

Excerpt

SUMMARY:  The global network of thieves who targeted ATMs struck 2,904 machines over 10 hours in New York alone, withdrawing $2.4 million.  For more on the attack and the aftermath, Jeffrey Brown talks with Loretta Lynch, the U.S. attorney for the eastern district of New York and the federal prosecutor in the heist case.

LINUX - Ubuntu on Tablet Systems

"Ubuntu on tablets"

SECURITY - Online Gaming Firms Targeted by Malware

"'Winnti' Malware Targeting Online Gaming Firms" by Chloe Albanesius, PC Magazine 4/12/2013

News of game-related hacks are nothing new; they have dominated headlines in recent years, from the massive Sony PlayStation Network takedown to the more recent hack of The War Z.

Attacks on gaming firms might not be isolated incidents, however.  Researchers at Kaspersky Lab this week said they uncovered a series of targeted attacks originating in China that are taking aim at Web-based gaming companies.

"According to our estimations, this group has been active for several years and specializes in cyber attacks against the online video game industry," Kaspersky said in a blog post.  "The group's main objective is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors.  In addition, they are very interested in how network infrastructure (including the production of gaming servers) is set up, and new developments such as conceptual ideas, design and more."

Kaspersky started investigating the group - known as Winnti - in the fall of 2011 at a behest of a computer game publisher that detected malware on its network.  The malware was pushed out to users via a standard update, prompting concern that the company was spying on its users.

"However, it later became clear that the malicious program ended up on the users' computers by mistake; the cybercriminals were in fact targeting the companies that develop and release computer games," Kaspersky said.

Once installed on someone's computer, the hackers could control that machine without the user's knowledge.  The malware was "the first time we saw Trojan applications for the 64-bit version of Microsoft Windows with a valid digital signature," Kaspersky said.  Previous incidents of digital signature abuse had only hit 32-bit systems.

The digital certificate in question belonged to South Korea-based KOG, which also produced MMPRG, like Kaspersky's client.  Ultimately, the certificate was revoked, but "over the next 18 months we discovered more than a dozen similar compromised digital certificates."

Kaspersky said that its research suggests that at least 35 companies from around the world have been infected by Winnti malware at some point in time, with a "strong focus" on Southeast Asia.

WINXP - Updates Coming to an End

"When will Microsoft pull the plug on your version of Windows or Office?" by Ed Bott, ZDNet 4/4/2013

Excerpt

Summary:  The countdown for Windows XP is about to get serious.  In one year, Microsoft officially stops supporting XP.  What happens when the clock runs out?  And how long until your current version of Windows or Office suffers the same fate?

For the next year or so, Microsoft will officially offer support for four versions of Windows for desktop and notebook PCs.

Windows XP, the oldest of the bunch, celebrates its 12th birthday this fall.  It kicks off a year-long farewell tour next week, counting down to April 8, 2014, when Microsoft officially ends its support.  XP lived longer than any version of Windows ever, getting multiple extensions on its retirement date to placate customers who said no to Vista.  But April 2014 is the end of the road.

XP will not get a last-minute reprieve.

Let me say that again, in boldface this time:  Microsoft will not extend the support deadline for XP.  If you're still relying on XP, you should have a plan to switch to a supported platform, whether it's from Microsoft or someone else.

April 8, 2014 is a deadline, not a death sentence.  PCs running XP will not stop working when the clock runs out.  In fact, XP diehards won’t notice anything different except an eerie quiet on Patch Tuesday.  Newer Windows versions, including Windows Vista, Windows 7, and Windows 8, will continue to get security patches and bug fixes via Windows Update, but not XP.  When the extended support period ends, so do those updates.  (Large enterprise customers who have custom support agreements with Microsoft and who are willing to pay dearly for the privilege might be able to get custom updates after the official end of support.  But consumers and small businesses will not have that option.)

None of this should be a surprise.  As I’ve noted before, Microsoft has a well-established support life-cycle for its software products.  It’s basically an agreement that the company makes with everyone who commits to Windows.  The terms of that agreement don’t change often, which is an important assurance for business customers who tend to be conservative in their approach to upgrades.

Six months after the launch of Windows 8, it’s become obvious that Windows 7 is the new Long Term Support version.  And I'm starting to get more questions from readers who are concerned that Microsoft is going to try to kill off Windows 7.

MY OPINION:  Microdunce can shove their to-hell-with-consumer policies up you-know-where.

I am NOT about to downgrade my PERFECTLY WORKING WinXP Desktop to a more hoggish, all eye-candy, version that will require me to manually reinstall over 100 apps.

INTERNET - Spam or Not to Spam Cyber War

"Cyber War Over Spam Slows Access for Internet Users" PBS Newshour 3/27/2013

Excerpt

SUMMARY:  A dispute between an online company that sends spam emails and a company trying to mitigate spam has led to the one of the largest reporter cyber attacks in history, creating slow access to common sites like Netflix for millions of web users.  Hari Sreenivasan talks over the case with Nicole Perlroth of the New York Times.

HARI SREENIVASAN (Newshour):  One company fights spam; the other is said to be behind sending those pesky e-mails.  A dispute between the two has led to one of the largest reported cyber-attacks in Internet history, the result, widespread congestion that's slowing access for millions of users to sites like Netflix.

Nicole Perlroth has been covering the story for The New York Times, joins me now.

NOTE:  For users, this is what eMail client filters are for.  Delete spam eMails, or move spam to a [Spam] folder.

INTERNET - What Happens to Your Online 'Estate' After You Die?

"Law Lags Behind in Defining Posthumous Protocol for Online Accounts" PBS Newshour 3/11/2013

Excerpt

JEFFREY BROWN (Newshour):  Billions of people around the world now live part of their lives online, sharing photographs, information on relationships and careers, tweets and more.

But what happens when physical lives end and life in cyberspace goes on?  Of the one billion people who use the social network site Facebook, for example, an estimated three die every minute.  And that can lead to some painful problems.  For one thing, there's no one method or law on the books for how beneficiaries gain access to a deceased person's digital records.

Virginia dairy farmer Ricky Rash ran into that problem after his 15-year-old son Eric committed suicide in 2011.

RICKY RASH, Father:  It was a complete shock, as any suicide is.  But we had absolutely no warning.  Eric kissed his mom good night the night before.  He did his homework.  He Armor All-ed the seats in that Oldsmobile that was his.  He did everything under the sun to show us it was a normal night.

So, with no answers from home, no answers from school, we were just hoping that there may be something that would give us some insight as to why he chose to make the decision he did.  And Facebook was literally the last frontier that we had to investigate.

CYBERWAR - Pinning Down Motive For Hacking Against U.S.

"As Hacking Against U.S. Rises, Experts Try to Pin Down Motive" by NICOLE PERLROTH, DAVID E. SANGER, and MICHAEL S. SCHMIDT; New York Times 3/3/2013

Excerpt

When Telvent, a company that monitors more than half the oil and gas pipelines in North America, discovered last September that the Chinese had hacked into its computer systems, it immediately shut down remote access to its clients’ systems.

Company officials and American intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?

Was the People’s Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs into the system so they could cut off energy supplies and shut down the power grid if the United States and China ever confronted each other in the Pacific?  Or were the Chinese hackers just trolling for industrial secrets, trying to rip off the technology and pass it along to China’s own energy companies?

“We are still trying to figure it out,” a senior American intelligence official said last week.  “They could have been doing both.”

Telvent, which also watches utilities and water treatment plants, ultimately managed to keep the hackers from breaking into its clients’ computers.

At a moment when corporate America is caught between what it sees as two different nightmares — preventing a crippling attack that brings down America’s most critical systems, and preventing Congress from mandating that the private sector spend billions of dollars protecting against that risk — the Telvent experience resonates as a study in ambiguity.

To some it is prime evidence of the threat that President Obama highlighted in his State of the Union address, when he warned that “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” perhaps causing mass casualties.  Mr. Obama called anew for legislation to protect critical infrastructure, which was killed last year by a Republican filibuster after intensive lobbying by the Chamber of Commerce and other business groups.

But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears — the subject of weekly research group reports, testimony and Congressional studies — may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.

American intelligence officials believe that the greater danger to the nation’s infrastructure may not even be China, but Iran, because of its avowal to retaliate for the Stuxnet virus created by the United States and Israel and unleashed on one of its nuclear sites.  But for now, these officials say, that threat is limited by gaps in Iranian technical skills.

There is no doubt that attacks of all kinds are on the rise.  The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at “an alarming rate,” according to an agency report last December.  Some 198 attacks on the nation’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of attacks in 2011.

Researchers at McAfee, a security firm, discovered in 2011 that five multinational oil and gas companies had been attacked by Chinese hackers.  The researchers suspected that the Chinese hacking campaign, which they called Night Dragon, had affected more than a dozen companies in the energy industry.  More recently, the Department of Energy confirmed in January that its network had been infiltrated, though it has said little about what damage, if any, was done.

But security researchers say that the majority of those attacks were as ambiguous as the Telvent case.  They appeared to be more about cyberespionage, intended to bolster the Chinese economy.  If the goal was to blow up a pipeline or take down the United States power grid, the attacks would likely have been of a different nature.

In a recent report, Critical Intelligence, an Idaho Falls security company, said that several cyberattacks by “Chinese adversaries” against North American energy firms seemed intended to steal fracking technologies, reflecting fears by the Chinese government that the shale energy revolution will tip the global energy balance back in America’s favor.  “These facts are likely a significant motivation behind the wave of sophisticated attacks affecting firms that operate in natural gas, as well as industries that rely on natural gas as an input, including petrochemicals and steel-making,” the Critical Intelligence report said, adding that the attack on Telvent, and “numerous” North American pipeline operators may be related.

American intelligence experts believe that the primary reason China is deterred from conducting an attack on infrastructure in the United States is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy.

COMMENT:  The REASON for hacking U.S. systems is in reality irrelevant.  The ABILITY to hack our systems is, or should be, the point.  Hacking methods used for economic reasons can be use for more destructive reasons.

CYBERSECURITY - Social Networking Hacking

"Twitter Hackings Put Focus on Security for Brands" by TANZINA VEGA and NICOLE PERLROTH, New York Times 2/24/2013

Excerpt

While most Americans were winding up their holiday weekends last Monday, the phones at the Vancouver headquarters of HootSuite, a social media management company, began to ring.

Burger King’s Twitter account had just been hacked.  The company’s logo had been replaced by a McDonald’s logo, and rogue announcements began to appear.  One was that Burger King had been sold to a competitor; other posts were unprintable.

“Every time this happens, our sales phone lines light up,” said Ryan Holmes, the chief executive of HootSuite, which provides management and security tools for Twitter accounts, including the ability to prevent someone from gaining access to an account.  “For big brands, this is a huge liability,” he said, referring to the potential for being hacked.

What happened to Burger King — and, a day later, to Jeep — is every brand manager’s nightmare.  While many social media platforms began as a way for ordinary users to share vacation photos and status updates, they have now evolved into major advertising vehicles for brands, which can set up accounts free but have to pay for more sophisticated advertising products.

Burger King and Jeep, owned by Chrysler, are not alone.  Other prominent accounts have fallen victim to hacking, including those for NBC News, USA Today, Donald J. Trump, the Westboro Baptist Church and even the “hacktivist” group Anonymous.

Those episodes raised questions about the security of social media passwords and the ease of gaining access to brand-name accounts.  Logging on to Twitter is the same process for a company as for a consumer, requiring just a user name and one password.

Twitter, like Facebook, has steadily introduced a number of paid advertising options, raising the stakes for advertisers.  Brands that pay to advertise on Twitter are assigned a sales representative to help them manage their accounts, but they are not given any more layers of security than those for a typical user.

Ian Schafer, the founder and chief executive of Deep Focus, a digital advertising company that also fielded a few phone calls from clients concerned about the Burger King attack, argued that Twitter bore some responsibility.

“I think Twitter needs to step up its game in providing better security,” Mr. Schafer said.  In a memo to his staff about such attacks, he called on social networks like Facebook, Twitter, Pinterest “and anyone else serious about having brands on their platform” to “invest time in better understanding how brands operate day to day.”

“It’s also time for these platforms to use their influence to shape security standards on the Web,” he wrote.

The risk for Twitter is in offending potential business partners as the company tries to build its advertising dollars, which make up the bulk of its revenue.  In 2012, the company grew more than 100 percent, earning $288.3 million in global advertising revenue, according to eMarketer.

On Wednesday, it introduced a product that would allow advertisers to create and manage ads through third parties like HootSuite, Adobe and Salesforce.com.  Advertising is estimated to account for more than 90 percent of the company’s revenue.

“This is not something we take lightly,” said Jim Prosser, a Twitter spokesman, in an interview last month.  (The company declined to comment on the Burger King hacking, saying it did not discuss specific accounts.)  Mr. Prosser said Twitter had manual and automatic controls in place to identify malicious content and fake accounts, but acknowledged that the practice was more art than science.

Mr. Prosser said Twitter had taken an active role in combating the biggest sources of malicious content.

Last year, the company sued those responsible for five of the most-used spamming tools on the site.  “With this suit, we’re going straight to the source,” it said in a statement.  “We hope the suit acts as a deterrent to other spammers, demonstrating the strength of our commitment to keep them off Twitter.”

But security experts say, and the recent hacks of Burger King, Jeep and other brands have demonstrated, that Twitter could do more.

“Twitter and other social media accounts are like catnip for script kiddies, hacktivists and serious cybercriminals alike,” said Mark Risher, chief executive at Impermium, a Silicon Valley start-up that aims to clean up social networks.  “Because of their deliberately easy access and liberal content policies, accounts on these networks prove irresistibly tempting.”

CYBERSECURITY - Executive Orders vs CISPA

"Obama's Cybersecurity Executive Order vs. CISPA: Which Approach Is Best?" by Chloe Albanesius, PCMag.com 2/13/2013

As part of his State of the Union speech last night, President Obama tipped an executive order that is intended to improve the security of Internet-based critical infrastructure.  But what does that order include?

Obama's plan would allow federal agencies to notify private companies if they detect any sort of cyber intrusion that would harm operations or the security of company data.

Specifically, the plan expands the Defense Industrial Base (DIB) information-sharing program to other federal agencies.  The DIB was put in place in 2011 and allows the Defense and Homeland Security Departments to share non-classified information about cybersecurity-related threats with DIB partner companies, like contractors.

But as we've seen with hacks of the Federal Reserve and the Department of Energy, defense-related agencies are not the only ones being targeted by hackers.  So the executive order "requires Federal agencies to produce unclassified reports of threats to U.S. companies and requires the reports to be shared in a timely manner," the White House said.  It also allows for "near real-time sharing of cyber threat information to assist participating critical infrastructure companies in their cyber protection efforts."

Obama has also ordered the National Institute of Standards and Technology (NIST) to develop a framework for handling cyber-security threats.  "NIST will work collaboratively with industry to develop the framework, relying on existing international standards, practices, and procedures that have proven to be effective," the White House said.

Given the rapid pace of technology, the recommendations will be technology neutral, the administration said.  Once they've been developed, DHS will work with other agencies to reach out to companies for voluntary implementation of the framework.

While sharing details about cyber attacks might seem like a no brainer, a major concern is how the data is handled.  If these threats deal with a credit card company or major social network, will your personal information be protected?

The White House insisted that the executive order includes "strong privacy and civil liberties protections."  Any type of information sharing will be based on the Fair Information Practice Principles (FIPP), a set of information-sharing principles developed by the FTC, as well as other applicable privacy and civil liberties policies, principles, and frameworks.

"Agencies will conduct regular assessments of privacy and civil liberties impacts of their activities and such assessments will be made public," the White House said.

Executive Order vs. CISPA

Last night, Obama called on Congress to do even more on cyber security.  Two members of the House, in fact, plan to re-introduce the controversial CISPA information-sharing bill today, but it has not secured the support of the White House.  A bill backed by the administration was introduced in the Senate last year, but did not make any major headway.

The main difference between the White House executive order and CISPA is that CISPA would allow private companies (like Facebook or Google) to share details about cyber attacks with the government, whereas the executive order is a one-way street, with the feds sharing information with the private sector.  CISPA opponents were concerned about immunity clauses that they said would incentivize companies to hand over customer information without hesitation.

As a result, the White House threatened to veto CISPA if it made it to President Obama's desk.  The White House Office of Management and Budget (OMB) released a statement that said the bill "departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres."

In a statement last night, the ACLU issued its support for the executive order and warned against CISPA.  "The president's executive order rightly focuses on cybersecurity solutions that don't negatively impact civil liberties," said ACLU Legislative Counsel Michelle Richardson.  "For example, greasing the wheels of information sharing from the government to the private sector is a privacy-neutral way to distribute critical cyber information."

Broadband trade association USTelecom said the executive order "takes some important steps toward achieving policy goals that will help protect our nation from harmful threats," but said the issue should ultimately be handled by Congress - via bills like CISPA.

GAMING BUSINESS - From Valve Co-Founder

"Watch Gabe Newell Talk For An Hour About Making Video Games" by Kirk Hamilton, Kotaku 1/31/2013

Earlier this week, Valve co-founder Gabe Newell gave a talk at University of Texas at Austin about the business and art of making video games.  Today, the school has posted a full video of one of the talks.

Sit back, relax, and watch one of gaming's visionaries talk about how he does what he does, and how his company operates.

(1:02:53)

COMMENT:  When Steam first 'hit the streets' back when Half-Life came out, I and many others, ranted about it.  That was because you actually had to be online to run a Steam game EVEN FOR SINGLE-PLAYER games.

Finally, Valve/Steam listened to what users were saying and Steam now has an Off-Line Mode.  So we can play Seam games WITHOUT being online.

CYBERWAR - New York Times Hacked by China

"New York Times Computer System Target of Lengthy Chinese Hacking Attack" PBS Newshour 1/31/2013

Excerpt

SUMMARY:  The New York Times fell victim to a four-month cyber attack by Chinese hackers who cracked passwords to more than 50 email accounts, including those of top reporters.  Ray Suarez talks with Times reporter Nicole Perlroth and Grady Summers, vice president of the cyber security company hired to investigate the attacks.