govgrantcash.com

Facebook announced Wednesday morning that its in-browser Facebook Chat feature is now live to all members, over two weeks after it first debuted to a limited number of users.

Facebook now has nearly 70 million users.

It was clear that Facebook was concerned with the stability of the chat application, first debuting it on a Sunday when many members–not to mention tech bloggers eager to report any flaw or bug–might not be at their computers.

The social network then rolled out Facebook Chat incrementally, with different “networks” on the site–geographic regions, colleges, companies–gaining access to it before others so that the new feature could stay under control. Some had the feature as early as April 6; a number of large networks couldn’t access it until very recently.

Access to data, sites and applications on the Internet shouldn’t be limited by the type of device being used, and Fennec will make that possible, said Mitchell Baker during a keynote speech at the Web 2.0 Expo in San Francisco.

Mozilla has shuffled around mobile for several years now, initially with Minimo. Mozilla has finally decided to get into the mobile market in earnest, however, with Fennec.

If Fennec proves to be even a shadow of
Firefox’s potential, the world will never be the same.

Mobile has been fraught with problems since its inception, largely due to corporations carving up their petty niches for profit. With a true, community-developed mobile web platform and entry point, however, we may yet see a rich convergence in mobile, one where a particular mobile device is not an inhibitor to the web, as it has been (giving rise to the need for mobile open-source providers like Volantis).

“The key to the Internet should be the same. The core is information: What can I get to and what can I do with it?” she said.

commentary

It takes one to know one. So, how can non-techies form an opinion on the abilities of a computer nerd? There is a language gap, a knowledge gap and, likely, a personality gap to overcome. Here’s a tip.

Ask the techie about the system (meaning hardware, software and manual procedures) used to backup the computers they are responsible for.

I see three possible answers.

The techie will brag about what a great system they devised or inherited.
The techie will gripe about how management has held them back from implementing a much better system than the one currently employed. They may go on and one about the flaws in the way things are done.
The techie will blow off the question, as if it wasn’t important.

In real estate, the three most important things are location, location and location. In computers, they are backup, backup and backup. Any techie that blows off the question about backup, is a normal person in techie clothing.

Where do I fit in? See for yourself: The Best File Backup Scheme

See a summary of all my Defensive Computing postings.

IBM and Saudi Arabia’s national research and development organization have created a joint nanotechnology lab to develop new technologies in solar power, seawater desalination, and recyclable materials.

An agreement to create the Nanotechnology Centre of Excellence, established by the King Abdulaziz City for Science and Technology and IBM Research, was signed last week in a ceremony in Riyadh.

The lab is one of several indicators that oil-rich Middle East nations are moving rapidly into clean tech.

The oil minister of Saudi Arabia, Ali al-Nuaimi, told the French oil newsletter Petrostrategies that “one of the most important sources of energy to look at and to develop is solar energy,” according to an AFP report.

Last November, OPEC members created a $750 million fund to do research on carbon capture and storage.

And the head of the Masdar Clean Tech Fund, based in Abu Dhabi, last month was named “Cleantech leader of the year,” at last week’s Cleantech Forum. The fund is behind Masdar City, which is being called the first sustainable city.

For IBM, the joint nanotechnology lab is part of the company’s Big Green Innovations initiative to develop environmental technology.

commentary

Paul Kedrosky notices an impressive feat for Microsoft: for the first time in a long time, its stock has outperformed Google’s this week, this month, and this year.

Granted, this is like calling Microsoft the sexiest nun in the convent, given how poor its performance has been, but it’s also an indication that Microsoft may have more life in it than widely assumed.

commentary

SAN FRANCISCO–In case you weren’t able to attend the Open Source Business Conference today, or simply arrived too late to hear my opening remarks, I shared this video to illustrate how open source is rising…even as the economy falls.

Enjoy.

OSBC2009 - Welcome Video.

MIT students Alessandro Chiesa, R.J. Ryan, and Zack Anderson show up at, but do not speak at, the Defcon conference in Las Vegas on Saturday.

(Credit:
Declan McCullagh/News.com)

The state of Massachusetts plans to ask a federal judge on Thursday to keep in place a restraining order that prevents three MIT students from publicly discussing vulnerabilities they discovered in subway card security.

U.S. District Judge George O’Toole in Boston is scheduled to hear arguments at 11 a.m. ET on whether to modify or eliminate the temporary restraining order, which attorneys for the students characterize as a prior restraint in violation of decades of First Amendment precedent.

A different judge who was on duty on Saturday gave the Massachusetts Bay Transportation Authority an order prohibiting the students from discussing or publishing information that might let anyone “circumvent or otherwise attack the security of the Fare Media System.”

In an effort to lessen the sting of free speech complaints, MBTA’s attorneys now are asking O’Toole to reword the order to apply only to “nonpublic” information, recognizing that the presentation slides are circulating online. But they insist the rest of the order must remain intact because the agency is greatly “concerned with the core issue of immediate concern in this case–the security and integrity of its Fare Media System.”

O’Toole has until August 19 to extend the order in the form of a preliminary injunction or let it expire.

Security researchers are paying close attention to this case because it could eventually set a precedent weighing their First Amendment rights to publish freely–against the desires of vendors to keep embarrassing and potentially explosive details secret.

The Electronic Frontier Foundation, which is providing a legal defense to the MIT students–Zack Anderson, R.J. Ryan, and Alessandro Chiesa–plans on Thursday to ask O’Toole to dissolve the restraining order completely.

EFF is offering three main arguments for its position: First, the Defcon conference is over and the presentation and separate analysis (PDF) have been widely circulated online (unfortunately for MBTA, a copy of the presentation was in the materials distributed to conference attendees).

Second, EFF says, the Computer Fraud and Abuse Act’s prohibition on the “transmission of…information” that may damage a computer was never intended to encompass a public presentation and was not written to do so. Third, the restraining order is an unconstitutional prior restraint; if the Supreme Court permitted the publication of the Pentagon Papers in 1971 over the heated objections of the Nixon administration, why should a student presentation not also qualify?

“The TRO as initially granted restricted the students from providing true, publicly known, legally acquired information about the MBTA’s CharlieCards and CharlieTickets in violation of the First Amendment,” the EFF said in a legal brief. “The current TRO as the MBTA suggests that it be modified still restricts the students from providing true, legally acquired information about these cards This restriction also violates the First Amendment.”

EFF has enlisted some high-profile academics to help it make the case that the restraining order is antithetical to security research. Carnegie Mellon University’s David Farber, Columbia’s Steven Bellovin, Berkeley’s David Wagner, and the University of Pennsylvania’s Matt Blaze are among the academics who signed a letter to the judge on Monday. It says:

We are concerned that the pall cast by the temporary restraining order will stifle research efforts and weaken academic computing research programs. In turn, we fear the shadow of the law’s ambiguities will reduce our ability to contribute to industrial research in security technologies at the heart of our information infrastructure. We urge that you reconsider and remove the temporary restraining order issued on August 10, 2008.

For its part, the MBTA says it’s willing to negotiate. It’s offered to engage in “non-binding” professional mediation, without “preconditions,” as an alternative to proceeding with Thursday’s hearing. (See our related story).

In an e-mail message to EFF on Monday, Ieuan-Gael Mahony, a partner at the Holland & Knight law firm, wrote:

In a mediation process, for example, we would hope to discuss and obtain an understanding of the information, if any, the MIT Undgrads hold that might threaten Fare Media System security. We do not set preconditions on a mediation, however, as we stongly believe — again - that discussions between reasonable parties toward a resolution are preferable to an externally imposed resolution… There are countless examples from large to small of relationships that are polarized and entrenched-hostile because of bad choices by both sides shortly after the rift began. We would like to avoid this here, if possible. We think talking in a non-binding, professionally mediated environment is the best way to avoid further misunderstanding, and potential “bad choices.” … You request, in an “on/off” manner, that we now “shut off’ the TRO. This is traditional advocacy, where the goal is to “win all” and avoid “lose all.” With our mediation proposal, we look for, and are willing to accept, gradations between these poles.

EFF appears to have rejected the request for a mediation. EFF attorney Marcia Hofmann refused to answer our questions, saying only that: “We decline to discuss our ongoing communications with counsel for the MBTA. Our priority at this point is to ensure that the temporary restraining order is lifted…”

In a testy e-mail exchange with MBTA’s lawyer, EFF has suggested that he made a tactical error by filing both the presentation and the summary marked “confidential” as publicly available court exhibits. Read on for more details.

[Editor's Note: Below is the text of a e-mail thread between EFF's Jennifer Granick and MBTA attorney Ieuan-Gael Mahony. One topic is whether the EFF will agree to enter into nonbinding mediation, which MBTA would prefer. Another is MBTA's complaint about a "large amount of misinformation" circulating in the press. Any transcription errors arising from placing the e-mail messages into HTML format are ours, not theirs.]

From: Mahony, leuan (BOS - X75835)
Sent: Monday, August 11, 2008 3:36 PM
To: ‘jennifer@eff.org’
Cc: ‘cindy@eff.org’; ‘kurt@eff.org’; ‘marcia@eff.org’; JSwope@eadplaw.com; ‘WMitchell@mbta.com’; ‘SDarling@mbta.com’
Subject: RE: CRITICAL INFORMATION: MBTA v Anderson et al

Jennifer:
We are unwilling to lift the TRO in the binary “on/off” manner you state, and respond more fully to your email as follows:
(A) Removing the TRO Is Not a Tailored Solution We are willing to discuss tailored solutions to the underlying problem, and have proposed a formal mediation process for these discussions. You have given no response to our proposal for mediation. You recall that I asked for a negotiated solution before the Saturday hearing. I confirmed these inquiries to you in email, and these emails are public record and freely available on the web. See http://www-tech.mit.edu/V128/N30/subway.html. You did not respond meaningfully to those requests, either.
(B) Misinformation Threatens To Cloud the Issues In following the DEFCON-related press, it is clear that a large amount of misinformation has been circulated concerning the meaning of the TRO, and related points. For example, you know, because Judge Woodlock asked you these questions in open court, that the primary concern was with the content the students might or might not supply to go with the literal expression embodied in the Presentation, as well as the Report. Press reports suggest that the TRO banned circulation of the paper materials themselves. You know this is incorrect.
Yet your email relies on this theme. We made it clear in our papers: based on the information we have (a large part of which you intentionally withheld from us until 4:38 AM Saturday morning) we do not know what your clients have done or are capable of doing. Their broad statements concerning “free subway rides for life” suggest they are capable of a lot. This is the concern. We would like to create an environment, immediately, where all parties can share the information they feel is warranted, in order to quantify and assess this risk. We would like to “re-do” the August 5 (or 4) meeting, but with more sensitivity, hopefully all around, as to the mutual stakes.
We think a mediated solution presents mutual benefits. The structure of non-binding mediation assures mutual benefits - or at a minimum a clear assessment of the alternatives to a negotiated solution. In a mediation process, for example, we would hope to discuss and obtain an understanding of the information, if any, the MIT Undgrads hold that might threaten Fare Media System security. We do not set preconditions on a mediation, however, as we stongly believe - again - that discussions between reasonable parties toward a resolution are preferable to an externally imposed resolution, where it is possible to avoid such an external resolution.
(C) We Are Very Sensitive To Your Clients’ Concerns Over The Restraint Finally, we believe we understand the point in your email that the TRO “continues to hang over our clients’ heads, making them uncertain what if anything they can say about their research and this case.” One goal with a mediated solution, working together, would be to reduce or eliminate uncertainty (to the extent uncertainty from a legal or practical perspective exists). Another goal of a mediated solution would be to determine other parameters of responsible disclosure under these circumstances. Yet another goal with a mediated solution might be to “make amends” on all sides, whatever that might mean here. There are countless examples from large to small of relationships that are polarized and entrenched-hostile because of bad choices by both sides shortly after the rift began. We would like to avoid this here, if possible. We think talking in a non-binding, professionally mediated environment is the best way to avoid further misunderstanding, and potential “bad choices.”
(D) Conclusion: Renewed Request for Mediation You request, in an “on/off” manner, that we now “shut off’ the TRO. This is traditional advocacy, where the goal is to “win all” and avoid “lose all.” With our mediation proposal, we look for, and are willing to accept, gradations between these poles. We believe - whether in light or not in light of recent history - that reasonable “win-win” solutions are available, if the parties meet and work through options. We ask that you confer carefully with your clients, and respond to our mediation proposal. We believe that mediation should commence as soon as possible. We have made this proposal to MIT counsel as well.
Let me know
leuan

From: Mahony, leuan (BOS - X75835)
Sent: Monday, August 11, 2008 11:37 AM
To: ‘jennifer@eff.org’
Cc: ‘cindy@eff.org’; ‘kurt@eff.org’; ‘marcia@eff.org’; ‘WMitchell@mbta.com’; ‘SDarling@mbta.com’
Subject: Re: CRITICAL INFORMATION: MBTA v Anderson et al

Jennifer:
We are considering your proposal. We are having a meeting of senior management on this and related issues this afternoon at 1:30 eastern. I will report our response as soon as it is complete.
I will continue to keep you posted,
leuan
Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net)

From: Jennifer Granick
To: Mahony, leuan (BOS - X75835)
Cc: cindy@eff.org ; kurt@eff.org ; marcia@eff.org ; WMitchell@mbta.com ; SDarling@mbta.com
Sent: Mon Aug 11 00:26:42 2008
Subject: Re: CRITICAL INFORMATION: MBTA v Anderson et al

Dear leuan:

Thank you for your thoughts. I’m surprised your client feels that the Report does not pose a risk, given that it contains information my clients intended to keep confidential. It appears my clients are more cautious about disclosing vulnerability information than yours are. Moving forward, both the slides from our client’s intended presentation and the confidential Report are now publicly available. This constitutes more information than the students would have presented at their Defcon talk. Furthermore, your client reportedly does not feel that the security risk posed by the availability of this information warrants emergency measures. Finally, Defcon is over and the students did not give their talk. Under these circumstances, would your client be willing to stipulate to lifting the TRO at this time? While the protection it provides is now moot as to your client’s concerns, it continues to hang over our clients’ heads, making them uncertain what if anything they can say about their research and this case. Please let me know right away.

Thank you,
Jennifer
Civil Liberties Director
Electronic Frontier Foundation
454 Shotwell Street
San Francisco, CA 94110
415.436.9333 x 134
fax 415.436.9993
jennifer@eff.org

On Aug 10, 2008, at 12:18 PM, wrote:
Dear Jennifer:
Let me address your email and phone call from yesterday, and also return to earlier discussions over a “moving-forward” relationship between the parties.
(A) Your Email First, we want to thank you for your concern. Second, as I indicated earlier today, the MBTA, along with a system vendor, has completed its review of your email, and re-reviewed the three page summary report attached as Exhibit 1 to Scott Henderson’s Declaration (the “Report”). This review does not alter the original assessment of the Report, provided by Mr. Henderson in his declaration. Yet it is the case that (a) the quantity and quality of information provided by the three page Report, standing alone, is less than (b) the quantity and quality of the information provided by the Report read in combination with the Students’ 87 page presentation entitled “Anatomy of a Subway Hack” (the “Presentation”). If the MBTA had been given the Presentation when first requested (or even at the time when the Presentation , we understand, was made available to DEFCON attendees), the “(b)” circumstance might have been avoided. In any event, the MBTA’s evaluators do not assess the risk of this information at the level you set in your email. The MBTA, with vendor support, has begun work on internal responses to the potential security risks at issue. It is our view that an internal, technical and personnel response is the best long-term solution. Accordingly, we do not share your view that legal “emergency measures” are required. We do not think that seeking court relief on this issue and at this point is appropriate. Again, thank you for your concern.
(B) Moving-Forward Relationships We can see from your clients’ statements in the press, and the EFF’s public statements, that the lawsuit generally, and Temporary Restraining Order in particular, do not from your perspectives represent a fair or balanced situation. From my first conversations with Marcia and Kurt, and then later with you, Jennifer, I stated my view that parties, acting reasonably, will invariably develop and implement a resolution of a dispute that is substantially better tailored to their interests than a resolution imposed on them by an external authority. We think we should continue discussions, to see if we can find a solution that is better tailored to all parties’ interests. In my view, Judge Woodlock, in his findings and rulings, directed the parties to work toward a solution perhaps more “creative” and “outside the box” than the standard “keep fighting in court over abstract issues while life goes by”. The goal would be to shift from an adversarial mode to a cooperative, discussion mode, if possible. We respect your clients’ continued statements that their goal remains to provide solutions to security risks. We propose formal mediation as the process for seeking a more optimal going-forward solution. We think we should reserve a full day, or perhaps two. We suggest that the mediation take place in Boston. Other issues, such as mediator costs, whether formal “written submissions” are exchanged, and the like we can discuss.
Let us know your thoughts.
Thanks
leuan

From: Mahony, leuan (BOS - X75835)
Sent: Sunday, August 10, 2008 9:27 AM
To: ‘Jennifer Granick’
Cc: Cindy Conn; Kurt Opsahl; Marcia Hofmann; Mahony, leuan (BOS - X75835)
Subject: RE: CRITICAL INFORMATION: MBTA v Anderson et al

Jennifer:
The MBTA and one of its vendors have completed review per your email, below. I’ll have results to you later today.
I’ll continue to keep you informed.
Thanks
leuan

From: Jennifer Granick [mailto:jennifer@eff.org]
Sent: Saturday, August 09, 2008 5:14 PM
To: Mahony, leuan (BOS - X75835)
Cc: Cindy Conn; Kurt Opsahl; Marcia Hofmann
Subject: CRITICAL INFORMATION: MBTA v Anderson et al

Dear Mr. Mahony:

This email is to follow up on my phone call to you of just a few minutes ago. As you know, Mr. Anderson, Mr. Ryan and Mr. Chiesa provided your client MBTA with a confidential three page summary of their research and recommendations for securing the fare collection system. It has just come to our attention through third parties at the Defcon conference that plaintiffs have made this report publicly available on the court’s pacer website by filing the document as an exhibit. This confidential document contains the checksum information without which an attacker can not create a forged card. This information is highly sensitive, which is why my clients planned to withhold it from their presentation. We strongly urge you to take emergency measures to have it removed expeditiously.

Best wishes,
Jennifer Granick
Civil Liberties Director
Electronic Frontier Foundation
454 Shotwell Street
San Francisco, CA 94110
415.436.9333×134
fax 415.436.9993
jennifer@eff.org

LAS VEGAS–Speaking before a packed audience, researcher Dan Kaminsky explained the urgency in having everyone patch their systems: virtually everything we do on the Internet involves a Domain Name System request and therefore is vulnerable.

Expectations were running high before Wednesday morning as Kaminsky, director of penetration testing for IOActive, had revealed little about his DNS vulnerability up till then. That didn’t stop others from trying to figure it out. But that actually helped Kaminsky in the end; it meant during his speech, he was able to skip the what and go directly to the why.

Security researchers always thought it was hard to poison DNS records, but Kaminsky said to think of the process as a race, with a good guy and bad guy each trying to get a secret number transaction ID. “You can get there first,” he said, “but you can’t cross finish line unless you have the secret number.”

The question is why would someone bother? Well, Kaminsky talked about how deeply embedded DNS is in our lives. Kaminsky said there are three ages in computer hacking. The first was attacking servers (for example FTP and Telnet). The second was attacking the browsers (for example Javascript and ActiveX). We’re now about to enter the third age, where attacking Everything Else is possible.

We know that if we type a name.com into a browser, the DNS resolves it to its numerical address. But what we don’t realize is that same process occurs when we send e-mail or when we log onto a Web site. These also require DNS lookup.

Kaminsky then detailed how various security methods on the Web can be defeated if one owns the DNS. For example, if a site wants to establish a Trust Authority Certificate with the Certificate Authorities, they use e-mail to confirm the identity of the requester. He also said that it’s possible to poison Google Analytics and even Google AdSense, which also rely on DNS lookup.

Prior to the patch, the bad guy had a 1 in 65,000 chance of getting it because the transaction ID is based, in part, on the port number used. With the patch, the chances decrease to 1 in 2,147,483,648. Kaminsky said it’s not perfect, but it’s a good enough start.

Click here for full coverage of Black Hat 2008.

Sure, the YouTube video “Where the Hell is Matt 2008″ is clever and maybe even inspirational, but what’s been overlooked in all the hoopla over the clip is how technology contributed to its popularity.

Matt Harding first earned fame two years ago by filming himself dancing in exotic locales all over the world and posting the video montage to YouTube. Everyone from the The New York Times to National Public Radio has swooned over Harding’s latest clip since it first appeared on YouTube three weeks ago.

In less than a month, the video has been viewed more than 5 million times.

While much of the mainstream press is just discovering Harding, he has been well known among the early adopter crowd for some time. His first installment of “Where The Hell Is Matt” was one of YouTube’s earliest viral-video blockbusters.

In an interview with CNET News, Harding, a former video-game developer, describes himself as a tech enthusiast and credits software, gadgets, and the Internet with helping to turn his videos into blockbusters.

For example, go to Wherethehellismatt.com and check out how much better the YouTube embeddable player appears on his site than it does at YouTube. Harding doesn’t like to talk about it but he went online and found a piece of script that improved the quality of YouTube’s embeddable player.

“There is a way to force high quality into YouTube’s embed,” Harding said. “I felt a little bad about doing it.”

A screen shot of Matt Harding's Web site. The dancing videographer found a way to "force quality" into YouTube's embeddable player

(Credit:
Wherethehellismatt.com)

A screen shot of Harding's video as it appears on YouTube.

(Credit:
YouTube)

Here’s something else that Harding was sheepish about talking about. In addition to YouTube, he posted the clip to Vimeo, a YouTube competitor. He says if people want to watch the video in the highest quality, they should watch it there. “Vimeo’s video looks phenomenal,” he said.

Who can blame him for being less than loyal to YouTube? He danced his ass off for 14 months in 46 countries (4 didn’t make the final movie) and shot everything in high definition. Don’t all filmmakers want to showcase their work in the best possible quality?

To this end, Harding upgraded his camera for this world tour. He shot his original 4-minute clip with a point-and-shoot camera, the Canon Powershot SD500. He loved that it was small and easy to carry. This time, however, Harding decided to pay $800 for a Sony Handycam HDR-SR8.

Harding only had good things to say about the camera’s durability and ease of use. The hard disk drive camera did have one drawback, but it’s one that only someone like Harding is going to encounter.

A safety feature prevents the camera from writing to the hard drive anytime it senses the camera is falling. This proved to be an obstacle when Harding was flying above Nellis Airspace, Nev., during a weightlessness exercise.

“The camera always thought it was falling and wouldn’t record,” Harding said. “I had to go up again with a solid-state memory card and we recorded with that.”

Aside from the gadgets, technology’s most important contribution, of course, was turning someone like Harding into star in the first place. He’s a former video-game developer from Connecticut. He’s neither a trained filmmaker nor dancer (that won’t surprise anyone who’s seen him dance).

Yet, Harding has earned a modest level of international celebrity from his videos. Fans showed up to dance with Harding in places like Seoul, Lisbon, and Tel Aviv. He said more than 2,000 people in total (Madrid saw the biggest turnout, with 200).

That may not sound like a lot, but Harding didn’t do much advertising other than announce on his blog where and when he was showing up.

Harding’s real significance is that he’s one of the best examples of how YouTube enables anyone to communicate with audiences across the globe. And what’s the message Harding is trying to communicate?

“Some people will probably accuse me of spreading humanist propaganda,” Harding said. “Everybody knows that we can all be small-minded and petty. But we also like to be reminded once and a while about what we can be at our best.”

The BackBeat Pros are available now for $99.99.

(Credit:
Altec Lansing)

When we reviewed Altec Lansing’s line of BackBeat earphones, we were pleasantly surprised that they sounded as good as they did for what they cost. Expounding on the bang-for-the-buck theme, Altec’s now introduced the line-topping BackBeat Pro UHP606 for $99.99.

Altec says the earphones include “high-end armature technology, engineered to deliver an in-studio sound experience at a price level far below competing headphones costing several hundreds more.”

The press release goes on to discuss how great this technology is and how it helps achieve professional “studio quality.” In other words, Altec’s setting the bar pretty high, so let’s hope the BackBeat Pros deliver when we get our hands on a pair.

These earphones are are actually shipping now–they’re available at Best Buy and www.alteclansing.com.

The following products are available:

On Sale Now: $22.99 - $24.46
View the latest prices for Altec Lansing BackBeat Pro UHP606 headphones

On Sale Now: $25.00
View the latest prices for Altec Lansing BackBeat Titanium 326 headphones

On Sale Now: $23.49
View the latest prices for Altec Lansing BackBeat Plus UHP206 - headphones

On Sale Now: $10.95
View the latest prices for Altec Lansing BackBeat Classic UHP106 headphones