The PBS NewsHour’s Hari Sreenivasan speaks to co-authors Chase Cunningham and Heather Dahl about their new comic book, “The Cynja”.
Fictional character Grant Wiley, 11, is a wiz on computers. One day, his favorite teacher disappears, leaving nothing at his desk but a smoldering USB stick. Suspecting his help might be needed, Grant grabs the stick and plugs it into his computer at home.
He’s instantly sucked into the Internet and thus begins his adventures as a newly trained “cynja” fighting computer worms, hackers, malware … and worse.
Authored by Chase Cunningham and Heather Dahl, who both work for cybersecurity consulting firms, “The Cynja: Volume 1” aims to introduce children to the world of cybersecurity and teach them how to protect their computers.
Dahl said in an interview with the PBS NewsHour’s Hari Sreenivasan that she was motivated to take on the project when she tried to find a book to teach her young nephew about “the bad guys who live in our computers.” But “I couldn’t find anything that showed the world I work in,” so she approached Cunningham to help fill the void.
Cunningham said his goal was to create a relatable character that could explain to children what people are doing to protect their cyber-future. “I’ve worked in this industry for a long time and a lot of the guys that are out there doing what they can to protect the Internet and keep us safe, they don’t have badges and they’re not policemen or firemen or something like that.”
His hope is readers will better understand the role of these protectors and think, “You’re a cynja, you’re a cyberspace ninja — that’s cool.”
Wednesday, May 14, 2014
SECURITY - Comic Book With a Cybersecurity Theme as a Teaching Tool
"‘Cynja’ battles botnets and other cyber-scourges" by Larisa Epatko, PBS NewsHour 5/12/2014
Monday, May 5, 2014
LINUX - Ubuntu 14.04 LTS
The latest Linux Distribution of Ubuntu is 14.04 (Ubuntu 14.04 LTS). Note LTS = Long Term Service, which means five years of security and maintenance updates, guaranteed.
I upgraded (in place, via Ubuntu Software Update) from Ubuntu 13.10 with no problem, and only one minor utility did not work which is no problem (it is unsupported software).
My new laptop (which came with Ubuntu 13.10) is 64bit which means Ubuntu 14.04 is 64bit version.
My desktop:
Some features seen on desktop:
RAINLENDAR:
Rainlendar is NOT included in the Ubuntu Software Center but can be downloaded from their site.
Rainlendar Home - Rainlendar all version download
The install package is a .deb file, I used the 64bit Debian/Ubuntu version.
WARNING: Do NOT use Ubuntu Software Center to install! (which is the default installer)
Use the GDeb Package Installer, which comes with Ubuntu 14. Recommend this installer for any Linux Debian software NOT found on Ubuntu Software Center or Synaptic Package Manager.
I upgraded (in place, via Ubuntu Software Update) from Ubuntu 13.10 with no problem, and only one minor utility did not work which is no problem (it is unsupported software).
My new laptop (which came with Ubuntu 13.10) is 64bit which means Ubuntu 14.04 is 64bit version.
My desktop:
Some features seen on desktop:
- The orange Ubuntu icon on the top-right Title Bar is the treed Classic Menu add-on (I hate using search to find applications)
- Note, you can get Steam for Ubuntu
- The blue icon with the arrow in the Unity Bar (left side of desktop) is Krusader split-panel file manager, which has an option to run in Root Mode (Root is the equivalent of Windows Administrator mode)
- As you can see Ubuntu comes with Firefox WEB browser
- And my favorite Desktop Calendar "Rainlendar Lite" (free version) which I also have on my WinXP Desktop rig
RAINLENDAR:
Rainlendar is NOT included in the Ubuntu Software Center but can be downloaded from their site.
Rainlendar Home - Rainlendar all version download
The install package is a .deb file, I used the 64bit Debian/Ubuntu version.
WARNING: Do NOT use Ubuntu Software Center to install! (which is the default installer)
Use the GDeb Package Installer, which comes with Ubuntu 14. Recommend this installer for any Linux Debian software NOT found on Ubuntu Software Center or Synaptic Package Manager.
Friday, April 25, 2014
INTERNET - FCC Goes For Non-Neutrality
Consumers, bend over and spread cheeks.
"F.C.C., in a Shift, Backs Fast Lanes for Web Traffic" by EDWARD WYATT, New York Times 4/23/2014
Excerpt
"Consumer groups warn dismantling net neutrality could stymie startup innovation" PBS NewsHour 4/24/2014
Excerpt
"F.C.C., in a Shift, Backs Fast Lanes for Web Traffic" by EDWARD WYATT, New York Times 4/23/2014
Excerpt
The principle that all Internet content should be treated equally as it flows through cables and pipes to consumers looks all but dead.
The Federal Communications Commission said on Wednesday that it would propose new rules that allow companies like Disney, Google or Netflix to pay Internet service providers like Comcast and Verizon for special, faster lanes to send video and other content to their customers.
The proposed changes would affect what is known as net neutrality — the idea that no providers of legal Internet content should face discrimination in providing offerings to consumers, and that users should have equal access to see any legal content they choose.
The proposal comes three months after a federal appeals court struck down, for the second time, agency rules intended to guarantee a free and open Internet.
Tom Wheeler, the F.C.C. chairman, defended the agency’s plans late Wednesday, saying speculation that the F.C.C. was “gutting the open Internet rule” is “flat out wrong.” Rather, he said, the new rules will provide for net neutrality along the lines of the appeals court’s decision.
Still, the regulations could radically reshape how Internet content is delivered to consumers. For example, if a gaming company cannot afford the fast track to players, customers could lose interest and its product could fail.
The rules are also likely to eventually raise prices as the likes of Disney and Netflix pass on to customers whatever they pay for the speedier lanes, which are the digital equivalent of an uncongested car pool lane on a busy freeway.
Consumer groups immediately attacked the proposal, saying that not only would costs rise, but also that big, rich companies with the money to pay large fees to Internet service providers would be favored over small start-ups with innovative business models — stifling the birth of the next Facebook or Twitter.
“If it goes forward, this capitulation will represent Washington at its worst,” said Todd O’Boyle, program director of Common Cause’s Media and Democracy Reform Initiative. “Americans were promised, and deserve, an Internet that is free of toll roads, fast lanes and censorship — corporate or governmental.”
If the new rules deliver anything less, he added, “that would be a betrayal.”
Mr. Wheeler rebuffed such criticism. “There is no ‘turnaround in policy,’ ” he said in a statement. “The same rules will apply to all Internet content. As with the original open Internet rules, and consistent with the court’s decision, behavior that harms consumers or competition will not be permitted.”
Broadband companies have pushed for the right to build special lanes. Verizon said during appeals court arguments that if it could make those kinds of deals, it would.
Under the proposal, broadband providers would have to disclose how they treat all Internet traffic and on what terms they offer more rapid lanes, and would be required to act “in a commercially reasonable manner,” agency officials said. That standard would be fleshed out as the agency seeks public comment.
"Consumer groups warn dismantling net neutrality could stymie startup innovation" PBS NewsHour 4/24/2014
Excerpt
SUMMARY: The Federal Communications Commission is on the brink of changing the longstanding net neutrality principle, which allows consumers unfettered access to web content, and limits the ability of Internet service providers to block or filter material. New guidelines would allow some companies to charge more (to the content provider, like YouTube) for faster service. Gwen Ifill talks to Cecilia Kang of The Washington Post about what’s at stake.
Monday, April 21, 2014
INTERNET - Comments as Venues For Rudeness or Insults
"Taming the ‘Wild West’ of online comments" PBS NewsHour 4/20/2014
Excerpt
Excerpt
SUMMARY: More and more websites are including online commenting as a feature for their visitors. But sometimes the comment boards become venues for rudeness and insults. These comments can influence how a reader perceives the story. Hari Sreenivasan speaks with web experts who help manage online communities and comments in different ways.
Thursday, April 10, 2014
SECURITY - Heartbleed Hacks SSL Security Servers
Heartbleed hacks into the SSL protocol that protects HTTPS sites.
"Security bug Heartbleed could have provided key that unlocks personal online data" PBS NewsHour 4/9/2014
Excerpt
"Security bug Heartbleed could have provided key that unlocks personal online data" PBS NewsHour 4/9/2014
Excerpt
GWEN IFILL (NewsHour): You may have heard headlines today about a major lapse in Internet security and the possibility that millions of passwords, credit card numbers, bank information, and commonly used Web sites could have been exposed.
It involves a bug or security leak called Heartbleed, which can be used to read encrypted information.
Hari Sreenivasan gets a breakdown on what you need to know.
HARI SREENIVASAN (NewsHour): Essentially, Heartbleed can be used to read the memory of computer servers, the places behind a Web site that store your information, including the lock and key system which protects your usernames and passwords.
You probably see this encryption in the form of a green lock when you conduct a transaction and exchange information. The breach was revealed this week, but apparently has existed for a long time.
Russell Brandom of The Verge, an online site covering tech news, is here to help explain.
Wednesday, April 9, 2014
WINDOWS XP - The Enhanced Mitigation Experience Toolkit (EMET)
Now that SECURITY support for ordinary users of Windows XP is ended, here's an alternative way to protect WinXP.
Note that Microsoft Updates (which you should be using instead of Windows Updates) will still update some Microsoft software, like the "Malicious Software Removal Tool." What stops is security updates to WinXP itself.
The alternative protection is Microsoft's The Enhanced Mitigation Experience Toolkit (EMET)
WARNING: The EMET is NOT for amateurs. If used incorrectly it can cause problems with WinXP. But if you use Recommended Settings on installation, and the Quick Profile Name [Recommended Security settings] it should be safe.
Note that EMET is for all versions of Windows and some features are not available in WinXP.
Here's a screenshot of my EMET GUI:
With WinXP SEHOP & ASLR are not available.
There Software Profiles you can [Import]. I imported Popular Software.
From the support page in above link:
The Microsoft Download page for EMET. You should download both the Setup and Guide.
Note that EMET is just a GUI that makes setting various Windows options easier.
Also, I did try with DEP [Always On] (Maximum protection settings) but that prevented 2 of my boot-time apps from running, like MiniMinder. So I changed back to the settings you see in my GUI screenshot.
Note that Microsoft Updates (which you should be using instead of Windows Updates) will still update some Microsoft software, like the "Malicious Software Removal Tool." What stops is security updates to WinXP itself.
The alternative protection is Microsoft's The Enhanced Mitigation Experience Toolkit (EMET)
WARNING: The EMET is NOT for amateurs. If used incorrectly it can cause problems with WinXP. But if you use Recommended Settings on installation, and the Quick Profile Name [Recommended Security settings] it should be safe.
Note that EMET is for all versions of Windows and some features are not available in WinXP.
Here's a screenshot of my EMET GUI:
With WinXP SEHOP & ASLR are not available.
There Software Profiles you can [Import]. I imported Popular Software.
From the support page in above link:
What is the Enhanced Mitigation Experience Toolkit?
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.
EMET 4.0 and newer versions also provide a configurable SSL/TLS certificate pinning feature that is called Certificate Trust. This feature is intended to detect man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).
Are there restrictions as to the software that EMET can protect?
EMET can work together with any software, regardless of when it was written or by whom it was written. This includes software that is developed by Microsoft and software that is developed by other vendors. However, you should be aware that some software may not be compatible with EMET. For more information about compatibility, see the "Are there any risks in using EMET?" section.
What are the requirements for using EMET?
EMET 3.0 requires the Microsoft .NET Framework 2.0.
EMET 4.0 and 4.1 require the Microsoft .NET Framework 4.0. Additionally, for EMET to work with Internet Explorer 10 on Windows 8, KB2790907 must be installed.
The Microsoft Download page for EMET. You should download both the Setup and Guide.
Note that EMET is just a GUI that makes setting various Windows options easier.
Also, I did try with DEP [Always On] (Maximum protection settings) but that prevented 2 of my boot-time apps from running, like MiniMinder. So I changed back to the settings you see in my GUI screenshot.
Wednesday, March 26, 2014
"Microsoft makes source code for MS-DOS and Word for Windows available to public" by Roy Levin (Microsoft Research), Official Microsoft Blog 3/25/2014
On Tuesday, we dusted off the source code for early versions of MS-DOS and Word for Windows. With the help of the Computer History Museum, we are making this code available to the public for the first time.
The museum has done an excellent job of curating some of the most significant historical software programs in computing history. As part of this ongoing project, the museum will make available two of the most widely used software programs of the 1980’s, MS DOS 1.1 and 2.0 and Microsoft Word for Windows 1.1a, to help future generations of technologists better understand the roots of personal computing.
In 1980, IBM approached Microsoft to work on a project code-named “Chess.” What followed was a significant milestone in the history of the personal computer. Microsoft, at the time, provided the BASIC language interpreter for IBM. However, they had other plans and asked Microsoft to create an operating system. Without their own on hand, Microsoft licensed an operating system from Seattle Computer Products which would become the foundation for PC-DOS and MS-DOS.
IBM and Microsoft developed a unique relationship that paved the way for advancements in the nascent personal computer industry, and subsequent advancements in personal computing.
Bill Gates was interviewed by David Bunnell just after the launch of the IBM PC in the early 1980s for PC Magazine’s inaugural issue, and provided the backstory: “For more than a year, 35 of Microsoft's staff of 100 worked fulltime (and plenty of overtime) on the IBM project. Bulky packages containing computer gear and other goodies were air-expressed almost daily between the Boca Raton [IBM] laboratory and Seattle [Microsoft]. An electronic message system was established and there was almost always someone flying the arduous 4,000 mile commute.”
Following closely on the heels of MS DOS, Microsoft released the first DOS-based version of Microsoft Word in 1983, which was designed to be used with a mouse. However, it was the 1989 release of Word for Windows that became a blockbuster for the company and within four years it was generating over half the revenue of the worldwide word-processing market. Word for Windows was a remarkable engineering and marketing achievement, and we are happy to provide its source code to the museum.
It’s mind-boggling to think of the growth from those days when Microsoft had under 100 employees and a Microsoft product (MS-DOS) had less than 300KB (yes, kilobytes) of source code. From those roots we’ve grown in a few short decades to become a company that has sold more than 200 million licenses of Windows 8 and has over 1 billion people using Microsoft Office. Great things come from modest beginnings, and the great Microsoft devices and services of the future will probably start small, just as MS-DOS and Word for Windows did.
Thanks to the Computer History Museum, these important pieces of source code will be preserved and made available to the community for historical and technical scholarship.
Tuesday, March 25, 2014
THE WEB - Who Should Oversee It
The title of this article is slightly misleading to non-techies. NO single entity controls the WEB. The issue is who assigns the Internet Protocol (IP) Addressing and assigning of Domain Names to IPs.
"As the U.S. government relinquishes control, who should oversee the Web?" PBS NewsHour 3/24/2014
Excerpt
"As the U.S. government relinquishes control, who should oversee the Web?" PBS NewsHour 3/24/2014
Excerpt
SUMMARY: The Commerce Department recently announced it would give up oversight of ICANN, the California nonprofit that manages the unique domains of the world's websites and email servers. There's been international pressure to make the change, especially in light of revelations about NSA surveillance. Vint Cerf of Google and Randolph May of the Free State Foundation join Judy Woodruff to offer debate.
JUDY WOODRUFF (NewsHour): Who controls the World Wide Web, and how is it overseen and governed? These are the questions that most of us don’t really know the answers to, but the Obama administration announced a change in the role played by the United States, one that’s stirring up concerns about the Internet’s future and freedom from censorship.
FADI CHEHADE, CEO, ICANN: To become the world’s ICANN, we have to go to the world.
JUDY WOODRUFF: Change was in the wind as the Internet Corporation for Assigned Names and Numbers, ICANN, kicked off a meeting in Singapore this weekend, its purpose, to start crafting a transition from U.S. control of administration of the Internet.
Since 1998, the California nonprofit has had a federal contract to manage the unique identifiers of the world’s Web sites and e-mail servers, regulating domain names such as dot-com and dot-gov.
Wednesday, March 19, 2014
WINXP - Updates to Continue for Big Business For a Fee
More proof that Microdunce does not care about peon customers. They are just another greedy company who cares only about profits and not serving customers who bought their product. I would be willing to pay $50/year for continued WinXP Updates.
This strategy is recently confirmed by several banks making the Updates For Fee deal with Microdunce to protect their ATMs running WinXP.
"Microsoft will still patch Windows XP for a select group" by Gregg Keizer, PCWorld 9/1/2013
Excerpt
This strategy is recently confirmed by several banks making the Updates For Fee deal with Microdunce to protect their ATMs running WinXP.
"Microsoft will still patch Windows XP for a select group" by Gregg Keizer, PCWorld 9/1/2013
Excerpt
Just because Microsoft doesn't plan on giving Windows XP patches to the public after April 8, 2014, doesn't mean it's going to stop making those patches.
In fact, Microsoft will be creating security updates for Windows XP for months—years, even—after it halts their delivery to the general public.
Some will pay big for support
Those patches will come from a program called "Custom Support," an after-retirement contract designed for very large customers who have not, for whatever reason, moved on from an older OS.
As part of Custom Support—which according to analysts, costs about $200 per PC for the first year and more each succeeding year—participants receive patches for vulnerabilities rated "critical" by Microsoft. Bugs ranked as "important," the next step down in Microsoft's four-level threat scoring system, are not automatically patched. Instead, Custom Support contract holders must pay extra for those. Flaws pegged as "moderate" or "low" are not patched at all.
"Legacy products or out-of-support service packs covered under Custom Support will continue to receive security hotfixes for vulnerabilities labeled as 'Critical' by the MSRC [Microsoft Security Response Center]," Microsoft said in a Custom Support data sheet. "Customers with Custom Support that need security patches defined as 'Important' by MSRC can purchase these for an additional fee.
"These security hotfixes will be issued through a secure process that makes the information available only to customers with Custom Support," the data sheet promised.
Because Microsoft sells Custom Support agreements, it's obligated to come up with patches for critical and important vulnerabilities. And it may be required to do so for years: The company sells Custom Support for up to three years after it retires an operating system.
Custom Support and the XP security updates that result have been one reason why some experts have held out hope that Microsoft will backtrack from retiring XP next April. Their reasoning is straightforward: Microsoft will have patches available—its engineers won't have to do any more work than they already committed to doing—so handing them out to all would be a simple matter.
Or not. Most experts have said that the chance Microsoft will prolong Windows XP's life run between slim and none. And giving away patches to everyone risks a revolt by those big customers who have paid millions for Custom Support.
But Microsoft does have options. Here are our suggestions:
Continue patching for free
If Windows XP remains a major presence, as it appears likely, with projections as high as 33.5 percent of all personal computers at the end of April 2014, Microsoft could decide to continue patching the aged OS with free fixes for critical vulnerabilities, maybe even those rated important.
Such a move would be unpalatable to Custom Support customers, but Microsoft could renegotiate the fees—unlikely—or remind those companies of the program's other benefits, which include access to support representatives, as well as to prior patches and hotfixes.
Patch critical vulnerabilities under attack
Microsoft could selectively patch only the critical bugs that are being exploited by hackers. Presumably, that would be a subset of the complete XP patch collection assembled each month.
Some analysts have picked this option as a possibility. Last December, Michael Cherry of Directions on Microsoft posed just such a situation.
"Suppose ... a security problem with XP suddenly causes massive problems on the Internet, such as a massive [denial-of-service] problem?" asked Cherry at the time. "It is not just harming Windows XP users, it is bringing the entire Internet to its knees. At this time there are still significant numbers of Windows XP in use, and the problem is definitely due to a problem in Windows XP. In this scenario, I believe Microsoft would have to do the right thing and issue a fix ... without regard to where it is in the support lifecycle."
Charge users for XP patches
Although Microsoft would much rather book revenue from the sale of a newer OS, it may realize that some will refuse to upgrade, and try to make money rather than give away fixes.
It's unlikely that Microsoft would be able to charge $200 annually for post-retirement patches, as it does with Custom Support customers, but it may be able to get away with $50 a year for individuals and small businesses, perhaps with a maximum machine cap at, say, five PCs per customer.
Traditionally, Microsoft's not charged for support, but it could cast this as a special situation caused by the longevity of XP, which was due to the delay of Vista and secondarily, that OS's subsequent flop. In late 2007, when Microsoft extended XP availability to OEMs by several months, it cited Vista's delayed launch for the unusual move. (It added another extension in 2008 that kept XP alive on new "netbook" PCs, the then-popular class of cheap laptops, until mid-2010.)
And Microsoft has talked up a transformation to a "devices-and-services" company; a pay-for-support plan would mesh nicely with the latter half of that strategy.
Thursday, March 13, 2014
WORLD WIDE WEB - 25th Birthday
"25 years on, still adapting to life tangled up in the Web" PBS NewsHour 3/12/2014
Excerpt
Excerpt
JUDY WOODRUFF (NewsHour): The World Wide Web turns 25 years old today. The date marks the publication of a paper that originally laid out the concept, which eventually led to the vast system of Internet sites we now use.
Jeffrey Brown looks at how it’s changed the world we live in.
JEFFREY BROWN (NewsHour): One way to do that is to look at how individual Americans think about the Internet and its impact on their lives.
The Pew Research Internet Project did that in a survey just out. Among much else, it finds that 87 percent of American adults now use the Internet, and the number goes up to 97 percent for young adults from 18 to 29. Ninety percent of Internet users say the Internet has been a good thing for them personally, though the number drops to 76 percent when asked if the Internet has been a good thing for society generally, with 15 percent saying it’s been bad for society.
And 53 percent of Internet users say the Internet would be, at minimum, very hard to give up.
We’re joined by three people who’ve watched the growth of the Internet from different angles. Xeni Jardin is a journalist and editor at the Web blog Boing Boing, which covers technology and culture. Catherine Steiner-Adair is a clinical and consulting psychologist at Harvard Medical School, and author of “The Big Disconnect: Protecting Childhood and Family Relationships in the Digital Age.” And Daniel Weitzner teaches computer science and Internet public policy in at MIT. From 2011 to 2012, he was U.S. deputy chief technology officer in the White House.
And welcome to all of you.
And, Daniel Weitzner, I will start with you, because you worked with Tim Berners-Lee, who — one of the main people that started all this 25 years ago. What has — what surprises you now, sitting here 25 years later, about where we’re at?
DANIEL WEITZNER, Massachusetts Institute of Technology: Well, it does surprise me how tremendously the Internet and the Web has grown into every aspect of our lives.
I think that a lot of us who were involved in the early days of the Internet and the Web had hoped that it could really reach the whole world. And there’s no question that Tim Berners-Lee, who — whose architecture for the World Wide Web really helped it to grow, had the ambition that it in fact cover the whole world — represent everything in the world. But I think it’s amazing how far we have actually come in that direction.
Tuesday, February 4, 2014
MICROSOFT - New CEO
"Nadella to head Microsoft; Gates leaves chair role" by AP, Washington Post 2/4/2014
Microsoft has named Satya Nadella, an executive in charge of the company’s small but growing business of delivering software and services over the Internet, as its new CEO. Company founder Bill Gates is leaving the chairman role for a new role as technology adviser.
The software company announced Tuesday that Nadella will replace Steve Ballmer, who said in August that he would leave the company within 12 months. Nadella will become only the third leader in the software giant’s 38-year history, after Gates and Ballmer. Board member John Thompson will serve as Microsoft’s new chairman.
Nadella, who is 46 and has worked at Microsoft for 22 years, has been an executive in some of the company’s fastest-growing and most-profitable businesses, including its Office and server and tools business.
For the past seven months, he was the executive vice president who led Microsoft’s cloud computing offerings. That’s a new area for Microsoft, which has traditionally focused on software installed on personal computers rather than on remote servers connected to the Internet. Nadella’s group has been growing strongly, although it remains a small part of Microsoft’s current business.
“Satya is a proven leader with hard-core engineering skills, business vision and the ability to bring people together,” Gates said in a statement. “His vision for how technology will be used and experienced around the world is exactly what Microsoft needs as the company enters its next chapter of expanded product innovation and growth.”
The company said that Gates, in his new role as founder and technology adviser, “will devote more time to the company, supporting Nadella in shaping technology and product direction.”
Gates will also remain a member of Microsoft’s board.
Analysts hope that Nadella can maintain the company’s momentum in the rapidly expanding field of cloud computing while minimizing the negative impact from Microsoft’s unprofitable forays into consumer hardware. Major rivals in cloud computing include Google Inc., Amazon.com Inc., Salesforce.com Inc. and IBM Corp.
FBR Capital Markets analyst Daniel Ives said he views Nadella as a “safe pick.”
Ives said investors are worried that rivals “from social, enterprise, mobile, and the tablet segments continue to easily speed by the company.” In a note to investors, he said the company’s main need now is “innovation and a set of fresh new strategies to drive the next leg of growth.”
Microsoft shares rose 8 cents to $36.56 in morning trading Tuesday.
Nadella’s appointment comes at a time of turmoil for Microsoft.
Founded in April 1975 by Gates and Paul Allen, the company has always made software that powered computers made by others — first with its MS-DOS system, then with Windows and its Office productivity suite starting in the late 1980s. Microsoft’s coffers swelled as more individuals and businesses bought personal computers.
But Microsoft has been late adapting to developments in the technology industry. It allowed Google to dominate in online search and advertising, and it watched as iPhones, iPads and Android devices grew to siphon sales from the company’s strengths in personal computers. Its attempt to manufacture its own devices has been littered with problems, from its quickly aborted Kin line of phones to its still-unprofitable line of Surface tablets.
Analysts see hope in some of the businesses Nadella had a key role in creating.
Microsoft’s cloud computing offering, Azure, and its push to have consumers buy Office software as a $100-a-year Office 365 subscription are seen as the biggest drivers of Microsoft’s growth in the next couple of years. Both businesses saw the number of customers more than double in the last three months of the year, compared with a year earlier.
Those businesses, along with other back-end offerings aimed at corporate customers, are the main reason why investment fund ValueAct Capital invested $1.6 billion in Microsoft shares last year.
Last April, the fund urged investors to ignore the declining PC market — which hurts Microsoft’s Windows business — and to focus on the so-called “plumbing” that Microsoft provides to help companies analyze massive amounts of data and run applications essential to their businesses on Microsoft’s servers or their own.
“Satya was really one of the people who helped build up the commercial muscle,” said Kirk Materne, an analyst with Evercore Partners. “He has a great understanding of what’s going on in the cloud and the importance of delivering more technology as a service.”
Nadella is a technologist, fulfilling the requirement that Gates set out at the company’s November shareholder meeting, where the Microsoft chairman said the company’s new leader must have “a lot of comfort in leading a highly technical organization.”
Born in Hyderabad, India, in 1967, Nadella received a bachelor’s degree in electrical engineering from Mangalore University, a master’s degree in computer science from the University of Wisconsin, Milwaukee, and a master’s of business administration from the University of Chicago.
He joined Microsoft in 1992 after being a member of the technology staff at Sun Microsystems.
One of his first tasks will be integrating Nokia’s money-losing phone and services business. Microsoft agreed in September to buy that and various phone patent rights for 5.4 billion euros ($7.3 billion) in one of Ballmer’s last major acts as CEO. That deal is expected to be completed by the end of March.
Partly because of Nadella’s insider status and the fact that both Gates and Ballmer will remain Microsoft’s largest shareholders and for now, company directors, analysts aren’t expecting a quick pivot in the strategy of making its own tablets and mobile devices.
Some hope, however, that he will make big changes that will help lift Microsoft stock, which has been stuck in the doldrums for more than a decade. Since Ballmer took office in Jan. 13, 2000, Microsoft shares are down a split-adjusted 32 percent, compared with a 20 percent gain in the S&P 500.
“We do not want to see a continuation of the existing direction for the business, so it will be important that Mr. Nadella be free to make changes,” Nomura analyst Rick Sherlund wrote in a note Friday.
Friday, January 31, 2014
UTILITIES - A Better System Information for Windows
I've posted about this utility a long while back but they just came out with a 2014 version. In my opinion this utility is worth the price.
SIW or System Information for Windows
NOTE: This is not freeware.
I have the Technician's version, yearly subscription.
You only get SIW.exe which is the entire utility (NOT an installer). When you first launch it you get a dialog to enter your registered name and license key, it then generates a siw.key file which must be in the same directory as SIW.exe for it to run. This means you just copy both files to a USB stick and you can run it from there. Of course, to run it on your system you create a folder and move the files there then create a shortcut (I used the System Tools category) to run it.
SIW or System Information for Windows
SIW is an advanced System Information for Windows tool that analyzes your computer and gathers detailed information about system properties and settings and displays it in an extremely comprehensible manner.
SIW can create a report file (CSV, HTML, TXT or XML), and you can run it in batch mode (for PC Inventory - Software and Hardware Inventory, Asset Inventory, Software License Management, Security Audit, Server Configuration Management).
The System Information is divided into few major categories:
- Software Information: Operating System, Software Licenses (Product Keys / Serial Numbers / CD Key), Installed Software and Hotfixes, Processes, Services, Users, Open Files, System Uptime, Installed Codecs, Passwords Recovery, Server Configuration.
- Hardware Information: Motherboard, CPU, Sensors, BIOS, chipset, PCI/AGP, USB and ISA/PnP Devices, Memory, Video Card, Monitor, Disk Drives, CD/DVD Devices, SCSI Devices, S.M.A.R.T., Ports, Printers.
- Network Information: Network Cards, Network Shares, currently active Network Connections, Open Ports.
- Network Tools: MAC Address Changer, Neighborhood Scan, Ping, Trace, Statistics, Broadband Speed Test
- Miscellaneous Tools: Eureka! (Reveal lost passwords hidden behind asterisks), Monitor Test, Shutdown / Restart.
SIW (Technician's Version) is a standalone utility that does not require installation (Portable) - one less installed program on your PC as well the fact that you can run the program directly from an USB flash drive, from a network drive or from a domain login script.
- Real-time monitors: CPU, Memory, Page File usage and Network Traffic.
Client Platform: Windows 8.1 / Windows 8 / Windows 7 / Vista / Windows XP / 2000 / Media Center / Tablet PC / WinRE / BartPE / Winternals ERD Commander
Server Platform: Windows 2012 (R2) / Windows SBS 2011 / Windows Server 2008 (R2) / Windows Server 2003 (R2) / Windows Server 2000
NOTE: This is not freeware.
 |
| Screenshot of my home desktop rig (click for larger view) |
I have the Technician's version, yearly subscription.
You only get SIW.exe which is the entire utility (NOT an installer). When you first launch it you get a dialog to enter your registered name and license key, it then generates a siw.key file which must be in the same directory as SIW.exe for it to run. This means you just copy both files to a USB stick and you can run it from there. Of course, to run it on your system you create a folder and move the files there then create a shortcut (I used the System Tools category) to run it.
Tuesday, January 28, 2014
HARDWARE - My New ThinkPad Ubuntu Laptop
UPGRADE TIME....
My Clevo Ubuntu (Linux) Notebook was getting long-in-the-tooth, and having sound problems.
So I got an upgrade from the fine people at Linux Certified. The same people who shipped me the Clevo.
Here are the main specs:
Need I say, it's fast, and with that memory everything runs in memory.
This time I went with the Ubuntu (aka Unity) Desktop.
I had said in the past that I didn't like Unity, but now that I understand it, it's not that bad. Also has less problems with some apps running GNOME Desktop.
The Unity Launcher (aka Strip) to the left is a combination Taskbar and Quick Launcher. When you launch an app the app's icon will appear in the Strip marked with a white arrow that indicates its window is open. If you minimize a window/app the Strip icon acts just like the button in the Windoz Taskbar, you click it to re-open the window
The addition is you can 'lock' an app's icon to the Strip, making it a quick-launch icon. Every icon on my Strip shown above are quick-launch.
The main complaint I had against Unity is not having a treed-menu. That is why I used GNOME Desktop on my old Clevo. GNOME has a menu.
But there is a plug-in that puts a Classic Menu Button (Global Bar, top right) for Ubuntu.
You click this button and you get a classic tree menu, nice.
Here's a link to Lenovo's spec page.
Note that I have Steam installed. Now I have a rig that can play games without a hitch.
My Clevo Ubuntu (Linux) Notebook was getting long-in-the-tooth, and having sound problems.
So I got an upgrade from the fine people at Linux Certified. The same people who shipped me the Clevo.
Here are the main specs:
- Intel Quad-Core i5-3230M, 2.6 GHz, 3MB L3 Cache 64bit
- Hard Drive 500 GB SATA
- 3gb RAM
- Display 15.6" HD at 1366 x 768 (aka Widescreen)
- DVD Writer Dual Layer
- Built-in 10/100/1000 LAN
- Integrated Mini-PCI 802.11 WiFi Card
- Smart Li-Ion 6 cell battery
- Had it pre-loaded with Ubuntu 13.10
Need I say, it's fast, and with that memory everything runs in memory.
This time I went with the Ubuntu (aka Unity) Desktop.
 |
| (click for larger view) |
I had said in the past that I didn't like Unity, but now that I understand it, it's not that bad. Also has less problems with some apps running GNOME Desktop.
The Unity Launcher (aka Strip) to the left is a combination Taskbar and Quick Launcher. When you launch an app the app's icon will appear in the Strip marked with a white arrow that indicates its window is open. If you minimize a window/app the Strip icon acts just like the button in the Windoz Taskbar, you click it to re-open the window
The addition is you can 'lock' an app's icon to the Strip, making it a quick-launch icon. Every icon on my Strip shown above are quick-launch.
The main complaint I had against Unity is not having a treed-menu. That is why I used GNOME Desktop on my old Clevo. GNOME has a menu.
But there is a plug-in that puts a Classic Menu Button (Global Bar, top right) for Ubuntu.
You click this button and you get a classic tree menu, nice.
Here's a link to Lenovo's spec page.
Note that I have Steam installed. Now I have a rig that can play games without a hitch.
Monday, January 20, 2014
CYBERCRIME - Who Orchestrated the Target Breach
"Were criminal gangs involved in the Target security breach?" PBS Newshour 1/18/2014
Excerpt
Excerpt
HARI SREENIVASAN (Newshour): Another story that we wanted to follow up on tonight is the state of credit card security, or lack of it. This following discourse is about major security breaches at big retailers, including Target and Neiman Marcus. Now new details are emerging about who was behind it, and how it was accomplished. For more we are joined now, from Washington, by Mike Riley with Bloomberg News. So, there was a big report out - it started to layout the details. How do these hackers get all the credit card numbers?
MIKE RILEY, Bloomberg News: So, they have a pretty sophisticated piece of malware that goes on the point of sales system itself, so that is the terminal that sits in front the the cash register that we all swipe our cards on. So, the malware goes there and it takes advantage of a quirk, where within that machine, all that information that is taken off that card is sent from one memory chip to another. It is not encrypted in that process, and they grab it right there.
HARI SREENIVASAN: And so, who is writing this malware?
MIKE RILEY: It looks like it is Eastern European or Russian criminal gangs. Some of the most sophisticated hackers in the world are Russian or Eastern European. What they have done is they have gotten really good systems. It is like a supply chain that you can buy pieces of malware. If you are good enough, as in this case - they have bought a specific piece of malware, called Black POS. It is a pretty good piece of malware to begin with, but then they customized it. They made it better. They made it harder to find, and then they figured out a scheme to get into Target's computers, and stuck it on the point of sales system. It is also pretty clear that the same gang, or a group of different hackers using the same malware, are targeting other retailers. We have not seen the end of this.
Thursday, January 16, 2014
INTERNET - FCC Net Neutrality Rules
"Will end of net neutrality rules impact future innovation?" PBS Newshour 1/15/2014
Excerpt
Excerpt
HARI SREENIVASAN (Newshour): Net neutrality is the idea that broadband Internet service providers, Comcast, Time Warner Cable, Verizon and others, should treat everything that flows across the Internet equally. That means preventing service providers from creating fast lanes for sites they have business ties with, such as streaming video services like Hulu or Netflix, and slowing access to others, like Amazon.
It also means not charging more for YouTube and other sites based on their heavier bandwidth use or in exchange for faster speeds, all of which could affect what consumers see online, how fast, and at what price. The principles were set out by the Federal Communications Commission nearly a decade ago.
The agency enshrined them in its Open Internet Order adopted in 2010. But Verizon sued to challenge the agency's authority, and, yesterday, the U.S. District Court of Appeals for the District of Columbia found the FCC acted improperly. The 81-page ruling said the agency is wrong to classify Internet service providers as information services, but at the same time regulate them as common carriers, meaning as it does telephone and utility companies.
While the FCC decides whether to appeal, Amazon and others are watching to see if the broadband networks impose their own rules, favoring some content companies over others.
For its part, Verizon issued a statement yesterday that said, in part: "Verizon has been and remains committed to the open Internet. This will not change in light of the court's decision."
The ruling doesn't apply to wireless services accessed through mobile devices, which represent a growing share of the market.
SECURITY - Hacking By Radio
Public release of this information is a direct threat to U.S. national security. We have just let our new enemies know what to look for.
"N.S.A. Devises Radio Pathway Into Computers" by DAVID E. SANGER and THOM SHANKER, New York Times 1/14/2014
Excerpt
"N.S.A. Devises Radio Pathway Into Computers" by DAVID E. SANGER and THOM SHANKER, New York Times 1/14/2014
Excerpt
The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.
While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.
The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
The N.S.A. calls its efforts more an act of “active defense” against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.
Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”
“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
No Domestic Use Seen
There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China’s.
“N.S.A.'s activities are focused and specifically deployed against — and only against — valid foreign intelligence targets in response to intelligence requirements,” Vanee Vines, an agency spokeswoman, said in a statement. “We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of — or give intelligence we collect to — U.S. companies to enhance their international competitiveness or increase their bottom line.”
Friday, December 20, 2013
CYBERTHEFT - Target Inc. Gets Hacked
"U.S. consumers have many protections but no guarantees against credit card fraud" PBS Newshour 12/19/2013
Excerpt
RE: Hackers installed a Trojan virus that allowed external access to Target systems.
Excerpt
GWEN IFILL (Newshour): The retail chain Target confirmed that hackers breached tens of millions of credit card and debit accounts at the height of the shopping season, just before Thanksgiving and right up until Dec. 15.
The theft occurred when people swiped their cards in store, not online. The retailer confirmed that customers' names, credit card and debit card numbers and security codes were stolen. It's the latest in a series of major breaches in recent years.
We explore them with Steve Surdu of Mandiant, a cyber-security firm.
How did 40 million accounts get compromised?
STEVE SURDU, Mandiant: Well, we don't know the details at this point in time. They're still investigating.
But, obviously, information had to be siphoned off from the organization. Attackers almost certainly came in from outside, put software in place that allowed them to aggregate the information over time and then remove it, so that they could use it.
RE: Hackers installed a Trojan virus that allowed external access to Target systems.
Thursday, December 19, 2013
COMPUTER GAMING - Financing 'Oculus Rift' Gaming Goggles
"Tricking the brain with transformative virtual reality" PBS Newshour 12/18/2013
Excerpt
Excerpt
JUDY WOODRUFF (Newshour): Correspondent Paul Solman takes a look at a technology that allows adventurous users to explore the latest developments in the world of video gaming.
It's part of his ongoing coverage Making Sense of financial news.
PAUL SOLMAN (Newshour): It was a 20-year-old named Palmer Luckey who would finally make science fiction dreams come true.
Working in his parents garage, he cobbled together a headset out of ski goggles, smartphone and tablet parts to create a just-like-real-life gaming experience. Then, hoping to raise $250,000 to take his invention to market, he turned to the crowd-funding Web site Kickstarter.
PALMER LUCKEY, Oculus Rift: So join the revolution. Make a pledge. And help up change gaming forever.
PAUL SOLMAN: Within days, he had 10 times what he needed, as gamers went gaga over the goggles.
Monday, November 25, 2013
Monday, November 18, 2013
SECURITY - Government Security Breach by Collective 'Anonymous'
"Government security breach by Anonymous - scope unknown" PBS Newshour 11/17/2013
Excerpt
Excerpt
SUMMARY: Joseph Menn of Reuters reports on the story he helped break about how activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information. Menn says the campaign began almost a year ago and its scope is not yet known.
Monday, October 28, 2013
INTERNET - Secret Weapon Against Hacking
"Secret weapon against hacking: College students" PBS Newshour 10/26/2013
Excerpts
Excerpts
SUMMARY: Inside the high-tech criminal mind. It's no secret that cybercriminals are stealing personal information and credit card numbers by hacking into corporate and government computers. One school in Pittsburgh is training the next generation of cybersecurity experts to fight off the bad guys by teaching them to think the same way.
RICK KARR: The bad guys stole more than three million Social Security numbers from the State of South Carolina. As many as seventy million credit card numbers from Sony PlayStation. They got access to all of the personal details of some customers of a nationwide mortgage lending firm. But cybercriminals aren’t just looking to steal personal information and credit card numbers when they break into corporate computers -- they’re looking for other valuable information.
----
RICK KARR: All those flaws that Carnegie Mellon’s undergrads find every semester ... don’t necessarily mean that the software on your P-C or your bank’s web site is badly written. Almost every piece of software, every computer system has vulnerabilities that can be exploited -- it’s virtually impossible to make anything that’s connected to the internet perfectly secure. And today -- compared to 10 or 20 years ago, all of us have just so many more computers and smartphones and tablets -- all of them connected and vulnerable. So we’re vulnerable, too.
Carnegie Mellon’s students are so good at exploiting those vulnerabilities ... that the NSA enlisted them to create a game that teaches hacking skills to high-school-aged students -- and paid for the job. Cylab, the university’s cybersecurity institute, is home to the to-ranked competitive hacking team in the world: the Plaid Parliament of Pwning -- “pwn” is hacker-speak for “own”, as in the hacker takes a computer over and owns it. For third straight year, the team won top honors at international contests that pit teams of hackers against one another ... and utterly demolished the competition at a prestigious contest in Las Vegas.
Monday, October 7, 2013
TECHNOLOGY - Make Using Touch Screen Feel Bumps
"New Disney technology can add texture to completely smooth touch screens" by News Desk, PBS Newshour 10/7/2013
By regulating a flow of voltage to the surface of smooth touch screen, Disney researchers in Pittsburgh discovered that they can create the sensation of texture and three-dimensional surfaces. The technology can represent an artificial texture applied to an image, or elevation data extracted from topographical maps. But how does a smooth surface simulate the feel of a 3D bump?
"Our brain perceives the 3D bump on a surface mostly from information that it receives via skin stretching," said Ivan Poupyrev, who directs Disney Research, Pittsburgh's Interaction Group. "Therefore, if we can artificially stretch skin on a finger as it slides on the touch screen, the brain will be fooled into thinking an actual physical bump is on a touch screen even though the touch surface is completely smooth."
Thursday, September 26, 2013
OPERATOR SYSTEMS - ReactOS Alternative to Microsoft Windows
ReactOS alternative to Microsoft Windows
ReactOS® is a free open source operating system based on the best design principles found in the Windows NT® architecture (Windows versions such as Windows XP, Windows 7, Windows Server 2012 are built on Windows NT architecture). Written completely from scratch, ReactOS is not a Linux based system, and shares none of the UNIX architecture.
The main goal of the ReactOS® project is to provide an operating system which is binary compatible with Windows. This will allow your Windows® applications and drivers to run as they would on your Windows system. Additionally, the look and feel of the Windows operating system is used, such that people accustomed to the familiar user interface of Windows® would find using ReactOS straightforward. The ultimate goal of ReactOS® is to allow you to use it as alternative to Windows® without the need to change software you are used to.
ReactOS 0.3.15 is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.
As the quote above, this is under development but sounds good considering it is FREE and the developers MAY be more responsive to users than Microsoft. Also may be more stable in the long run, not having new versions every few years.
Here is a link to their "Missing ReactOS Functionality" page.
My desktop system is WinXP SP3. I do not like any of the newer versions of Windows which I consider glitzy resource hogs.
We should keep an eye out on progress of ReactOS. I may give it a try AFTER I can be sure in will install OVER my WinXP and all applications (especially my antivirus) and games will work.
ReactOS Wikipedia
Friday, September 6, 2013
SECURITY - The NSA's Internet Hacking
"Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security" by Jeff Larson (ProPublica), Nicole Perlrothand and Scott Shane (The New York Times), ProPublica 9/5/2013
The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.
Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.
The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.
The N.S.A. hacked into target computers to snare messages before they were encrypted. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”
An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.
In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s broad reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.
The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.
The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.
Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by Qaeda leaders about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.
But some experts say the N.S.A.’s campaign to bypass and weaken communications security may have serious unintended consequences. They say the agency is working at cross-purposes with its other major mission, apart from eavesdropping: ensuring the security of American communications.
Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL, virtual private networks, or VPNs, and the protection used on fourth generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.
For at least three years, one document says, GCHQ, almost certainly in close collaboration with the N.S.A., has been looking for ways into protected traffic of the most popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document.
“The risk is that when you build a back door into systems, you’re not the only one to exploit it,” said Matthew D. Green, a cryptography researcher at Johns Hopkins University. “Those back doors could work against U.S. communications, too.”
Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip.
“And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.
“The intelligence community has worried about ‘going dark’ forever, but today they are conducting instant, total invasion of privacy with limited effort,” he said. “This is the golden age of spying.”
A Vital Capability
The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus primarily on GCHQ but include thousands either from or about the N.S.A.
Intelligence officials asked The Times and ProPublica not to publish this article, saying that it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Americans and others.
The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June.
“Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
The documents make clear that the N.S.A. considers its ability to decrypt information a vital capability, one in which it competes with China, Russia and other intelligence powers.
“In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” a 2007 document said. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.”
The full extent of the N.S.A.’s decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes: the N.S.A. and its counterparts in Britain, Canada, Australia and New Zealand. Only they are cleared for the Bullrun program, the successor to one called Manassas — both names of American Civil War battles. A parallel GCHQ counterencryption program is called Edgehill, named for the first battle of the English Civil War of the 17th century.
Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”
Only a small cadre of trusted contractors were allowed to join Bullrun. It does not appear that Mr. Snowden was among them, but he nonetheless managed to obtain dozens of classified documents referring to the program’s capabilities, methods and sources.
Ties to Internet Companies
When the N.S.A. was founded, encryption was an obscure technology used mainly by diplomats and military officers. Over the last 20 years, with the rise of the Internet, it has become ubiquitous. Even novices can tell that their exchanges are being automatically encrypted when a tiny padlock appears next to the Web address on their computer screen.
Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
According to an intelligence budget document leaked by Mr. Snowden, the N.S.A. spends more than $250 million a year on its Sigint Enabling Project, which “actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs” to make them “exploitable.” Sigint is the abbreviation for signals intelligence, the technical term for electronic eavesdropping.
By this year, the Sigint Enabling Project had found ways inside some of the encryption chips that scramble information for businesses and governments, either by working with chipmakers to insert back doors or by surreptitiously exploiting existing security flaws, according to the documents. The agency also expected to gain full unencrypted access to an unnamed major Internet phone call and text service; to a Middle Eastern Internet service; and to the communications of three foreign governments.
In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
The 2013 N.S.A. budget request highlights “partnerships with major telecommunications carriers to shape the global network to benefit other collection accesses” — that is, to allow more eavesdropping.
At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
Microsoft asserted that it had merely complied with “lawful demands” of the government, and in some cases, the collaboration was clearly coerced. Executives who refuse to comply with secret court orders can face fines or jail time.
N.S.A. documents show that the agency maintains an internal database of encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.
How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”
Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.
Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.
Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”
“Eventually, N.S.A. became the sole editor,” the memo says.
Even agency programs ostensibly intended to guard American communications are sometimes used to weaken protections. The N.S.A.’s Commercial Solutions Center, for instance, invites the makers of encryption technologies to present their products and services to the agency with the goal of improving American cybersecurity. But a top-secret N.S.A. document suggests that the agency’s hacking division uses that same program to develop and “leverage sensitive, cooperative relationships with specific industry partners” to insert vulnerabilities into Internet security products.
A Way Around
By introducing such back doors, the N.S.A. has surreptitiously accomplished what it had failed to do in the open. Two decades ago, officials grew concerned about the spread of strong encryption software like Pretty Good Privacy, or P.G.P., designed by a programmer named Phil Zimmermann. The Clinton administration fought back by proposing the Clipper Chip, which would have effectively neutered digital encryption by ensuring that the N.S.A. always had the key.
That proposal met a broad backlash from an unlikely coalition that included political opposites like Senator John Ashcroft, the Missouri Republican, and Senator John Kerry, the Massachusetts Democrat, as well as the televangelist Pat Robertson, Silicon Valley executives and the American Civil Liberties Union. All argued that the Clipper would kill not only the Fourth Amendment, but also America’s global edge in technology.
By 1996, the White House backed down. But soon the N.S.A. began trying to anticipate and thwart encryption tools before they became mainstream.
“Every new technology required new expertise in exploiting it, as soon as possible,” one classified document says.
Each novel encryption effort generated anxiety. When Mr. Zimmermann introduced the Zfone, an encrypted phone technology, N.S.A. analysts circulated the announcement in an e-mail titled “This can’t be good.”
But by 2006, an N.S.A. document notes, the agency had broken into communications for three foreign airlines, one travel reservation system, one foreign government’s nuclear department and another’s Internet service by cracking the virtual private networks that protected them.
By 2010, the Edgehill program, the British counterencryption effort, was unscrambling VPN traffic for 30 targets and had set a goal of an additional 300.
But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence.
A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.
But the agency was concerned that it could lose the advantage it had worked so long to gain, if the mere “fact of” decryption became widely known. “These capabilities are among the Sigint community’s most fragile, and the inadvertent disclosure of the simple ‘fact of’ could alert the adversary and result in immediate loss of the capability,” a GCHQ document outlining the Bullrun program warned.
Corporate Pushback
Since Mr. Snowden’s disclosures ignited criticism of overreach and privacy infringements by the N.S.A., American technology companies have faced scrutiny from customers and the public over what some see as too cozy a relationship with the government. In response, some companies have begun to push back against what they describe as government bullying.
Google, Yahoo and Facebook have pressed for permission to reveal more about the government’s secret requests for cooperation. One small e-mail encryption company, Lavabit, shut down rather than comply with the agency’s demands for what it considered confidential customer information; another, Silent Circle, ended its e-mail service rather than face similar demands.
In effect, facing the N.S.A.’s relentless advance, the companies surrendered.
Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
Statement from the Office of the Director of National Intelligence:
It should hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption. Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.
While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news. Indeed, NSA’s public website states that its mission includes leading “the U.S. Government in cryptology … in order to gain a decision advantage for the Nation and our allies.”
The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity. Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.
Monday, September 2, 2013
MICROSOFT - Can They Survive?
"Can Microsoft Be Saved? Maybe Not" by Vivek Wadhwa, PBS Newshour 8/31/2013
Is Microsoft going the way of the Soviet Union? Vivek Wadhwa, vice president for academics and innovation at Singularity University, director of research at Pratt School of Engineering, Duke University, and a fellow at Stanford Law School, thinks so. A good friend of the Making Sen$e Business Desk, Wadhwa takes another look at Microsoft's future -- an issue he explored earlier this week in his column on the Washington Post's Innovations blog.
Vivek Wadhwa: When companies become too big, they usually lose their ability to innovate. There are a few notable exceptions, such as Apple, GE and Google, but most become complacent and focus increasingly on defending their existing turf rather than on creating new markets. Thus they begin their march into oblivion.
That is the present state of Microsoft. It has become an old giant, obsessed with defending its aging products. If Microsoft doesn't change course, it is likely to suffer the same fate as that old superpower, the former Soviet Union, whose obsession with preserving its bloated bureaucracy led to its destruction.
Microsoft has lost ground in practically every emerging field, including mobile computing, music players, smartphones, search and social networking. Yes, it has had an odd success or two, such as the Xbox, but these are just flukes.
It isn't that Microsoft doesn't have talented people working for it. Quite to the contrary, it has an abundance of talent. For two decades, it was the tech industry's strongest talent magnet. It hired the best of the best. And most of these geniuses haven't left -- yet.
My former students and friends who work at Microsoft tell me that they love the company, but are stifled by its bureaucracy, turf wars and central planning. Big ideas get quashed because they don't fit into the corporate vision; products with great potential are killed because they could threaten the company's core products. These employees believe that their talent is being wasted. They long for the days when Microsoft was a lean mean fighting machine.
That's why I believe that the best path forward for Microsoft is to break itself up into a number of fighting machines -- smaller companies that compete with upstarts in Silicon Valley and with each other. These micro-Microsofts need to have the freedom to take risks and cannibalize the company's core products. That won't happen under its present structure.
The Windows 8 fiasco illustrates the problems that Microsoft faces. Windows RT, the version of Windows 8 that was designed for tablet computers with touch screens, has a beautiful user interface and functionality. In many ways, it is better than Apple's iOS and Google's Android. But Microsoft was obsessed with protecting its Windows operating system and Office tools franchise. So it bundled a version of Microsoft Office into RT. To make the desktop version of Windows 8 consistent with RT, it added to it the same tiled user interface and removed the Start button.
Most desktop computers and laptops, however, don't have touch screens. And Windows users aren't used to computers without Start buttons. So they hated Windows 8 desktop, and it was a commercial disaster.
The inclusion of Microsoft Office on RT and Microsoft's desire to protect its operating system's pricing structure led it to charge re-sellers a price rumored to be about $85 (the re-seller price is a well-guarded secret). This is more than what lower-end tablets will soon cost, and competes directly with Android, which Google gives away. That's why RT, too, was a commercial disaster.
The sensible thing for Microsoft to do would have been to provide a lighter version of RT -- for free. It would have competed head to head with Android and would likely have won because it has a superior user interface. Microsoft could have made money by charging for special features and apps such as Office. If Microsoft's RT division had had the freedom, it might also have done the unimaginable by bundling Google's Office apps and other competitive products into it.
Tablet prices are dropping rapidly. I expect that next year, there will be several players selling devices that cost less than $100. Full-featured tablets that cost around $50 -- and less -- are also on the horizon. When these become available, the market for tablets will explode. There will be hundreds of millions, perhaps billions, of such devices. Instead of running Microsoft's RT, they will likely run Android. Microsoft has lost its opportunity to sell additional products on these devices through its obsession with protecting its legacy software. Windows and Office will likely slip into oblivion like the five year plans and Politburo the Soviet Union clung to.
But there is still hope for Microsoft. It has a wealth of great people and great technologies in its labs. They need to be untethered from the central bureaucracy and set free to compete and take big risks. I am not too optimistic, though, that this will happen. I worry that Microsoft will go the way of Kodak, RIM and Nokia -- or even the former Soviet Union -- all of which tanked because they were busy protecting old turf.
Friday, August 16, 2013
SOFTWARE - LibreOffice vs Microsoft Office
"Battle of the Office Suites: Microsoft Office and LibreOffice Compared" by Thorin Klosowski, LifeHacker 8/15/2013
Excerpt
The full article has comparison screenshots and explanations and a "The Bottom Line" for each common application (word processing, spreadsheets, database, presentation). Also note the link above to the comparison table.
I use LibreOffice at home.
Excerpt
For a long time, Microsoft Office has been the reigning champ of office suites, but that doesn't mean the free alternative, LibreOffice, isn't worth considering. Let's take a look at how the two compare, and if it's finally possible to ditch the paid option for the free one.
You might not think it's really fair to compare the free LibreOffice and the paid Microsoft Office, but the two are a lot closer in features than you might think. For one, LibreOffice is compatible with a lot more systems, including Windows, OS X, and Linux, while Microsoft Office's newest version is restricted to just Windows 7 and Windows 8. Besides: it’s not about which one is “better” or “more feature filled.” It’s about whether your work requires what Microsoft has to offer, or if you can get by with something free and save a bit of money. Now, with LibreOffice reaching 4.1, we've decided it's time to give it an in-depth comparison with Microsoft Office.
While we certainly can't go through each feature one-by-one, we'll attempt to get a good look at how they compare. If you're interested in looking for a specific feature, head to this page and search for it on the table. It should give you a pretty good idea of exactly which features are in which suite. In this post, we're going to talk in more general terms.
The full article has comparison screenshots and explanations and a "The Bottom Line" for each common application (word processing, spreadsheets, database, presentation). Also note the link above to the comparison table.
I use LibreOffice at home.
Subscribe to:
Posts (Atom)
