Don't you hate waiting on hold, and navigating through IVR menus trying to reach an actual human?
The following QuickBase will show you how to get to a human quickly for the most popular consumer companies in the USA:
Thursday, September 29, 2005
Sunday, September 25, 2005
personal computer is increasingly becoming a relic
Jonathan Schwartz, president of server and software maker Sun Microsystems, said that the personal computer is increasingly becoming a relic. Instead, what has become important are Web services on the Internet and the majority of the world will first experience the Internet through their mobile phones." From the article: "Schwartz points to the increasing wealth and power of companies, like eBay, Google, Yahoo and Amazon.com, that profit from free services available over the network. Among his audience, many more people said they'd rather have access to Internet services than their desktop computing applications. And Microsoft--the company with the biggest financial stake in the PC software business--has struggled to cope with the arrival of Web services."
Saturday, September 24, 2005
Are we alone?
The Milky Way is the galaxy which is the home of our Solar System(mercury, Venus, Earth,Mars, and so on) together with at least 200 billion other stars(suns) (more recent estimates have given numbers around 400 billion) and their planets and thousands of clusters and nebulae, including at least almost all objects of Messier's catalog which are not galaxies on their own (one might consider two globular clusters as possible exceptions, as probably they are just being, or have recently been, incorporated or imported into our Galaxy from dwarf galaxies which are currently in close encounters with the Milky Way: M54 from SagDEG, and possibly M79 from the Canis Major Dwarf).
Read more at http://www.seds.org/messier/more/mw.html
with so meny planets and suns, how can we be alone?
Read more at http://www.seds.org/messier/more/mw.html
with so meny planets and suns, how can we be alone?
Friday, September 23, 2005
Intel's Pentium 4 600 series processors has 169 million transistors
A LITTLE OVER A YEAR ago, while media attention was affixed firmly on the Superbowl, Intel discreetly let slip a brand-new, vastly rearchitected CPU core that, by all rights, should have been called the Pentium 5. The "Prescott" CPU core, as we now know, became somewhat infamous for its particular combination of tepid performance and gluttonous appetite for power (and corresponding prodigious heat production). This was the processor that was supposed to make it to 4GHz and never did, the CPU that convinced Intel that the future was in dual-core designs and "platformization." It may not have been a resounding success or a complete failure, but it was certainly consequential, despite its quiet introduction.
Today, in the dead of early Sunday morning, Intel is meekly unveiling another new Pentium 4 processor core, and it may be just as consequential. The Pentium 4 600 series is a new tier of performance-oriented Pentium 4 processors that will be sold alongside the existing P4 500 series. Based on the Prescott design, the 600-series core adds key features intended to pep up Prescott's performance and curb its power consumption. Not only that, but these are 64-bit CPUs. With the introduction of a 64-bit version of Windows approaching, Intel has finally turned on Prescott's dormant support for the 64-bit extensions to the x86 instruction set pioneered by AMD.
Recent lottery winners will also be pleased to learn of the emergence of a new Pentium 4 Extreme Edition processor. Based on the same new CPU core as the 600 series, this puppy runs at 3.73GHz on a 1066MHz front-side bus, and it has 64-bit support, as well.
Can this new variation of the Prescott core help Intel recapture its supremacy in desktop processor performance? We've had Intel's new CPUs on the test bench for over a week now, and we have some answers.
 |
Intel's new CPU core packs fistful of enhancements over the original Prescott core. I'm gonna bust out the bullet points in order to give you the highlights.
- 2MB of L2 cache — In terms of performance, this is the number-one change. The 600 series and the new Extreme Edition both pack a robust 2MB of L2 cache now, twice as much as older P4s. The extra on-board cache memory will boost performance in situations where the CPU can avoid accessing slower main memory in order to complete a task. The benefits of extra cache RAM aren't universal, though. Some programs cycle through quite a bit more data than 2MB, and won't benefit from additional cache. Others already fit nicely into a smaller cache, and therefore aren't helped by more of the same. We'll explore this dynamic in our performance tests, of course.
The addition of another meg of L2 cache raises the new core's transistor count to roughly 169 million, well above the 125 million transistors in the original Prescott core. Thanks to Intel's 90-nanometer manufacturing process, the chip isn't incredibly large by today's standards. Die size is up from 122mm2 to 135mm2. Larger chips generally tend to consume more power and generate more heat, all other things being equal. In this case, though, other things are not entirely equal.
- Enhanced power management — The 600 series finally brings Intel's Enhanced SpeedStep technology to the desktop. Previously used in Intel's mobile processors, SpeedStep dynamically scales CPU clock speed and voltage in response to load. The new core also includes the enhanced halt state from the Pentium 4 500J-series processors we reviewed not long ago. I'll explain more about how these new power management features interact shortly.
- 64-bit extensions — Intel has dubbed its 64-bit extensions EM64T, for Extended Memory 64 Technology, but they are really just a functional clone of AMD's AMD64 extensions, first implemented in the Opteron processor a couple of years ago. With these extensions and the right software, including a 64-bit operating system and applications compiled to use 64-bit extensions, the Pentium 4 gains the ability to address more than 4GB of RAM (without any workarounds). AMD64 and EM64T also include some additional registers, or local slots on the chip for storing data, that should provide a bit of a performance boost in 64-bit applications. The move to 64-bit computing won't bring revolutionary new heights of CPU performance overnight, but it will prevent us all from bumping our heads on the 4GB memory address space limitation in the next few years.
- Execute Disable Bit support — Like the 500J series processors, the new Intel core includes support for the Execute Disable Bit, also called the No Execute (NX) bit by AMD. Operating systems can use this "no execute" capability to help minimize the risks of certain types of security threats, such as buffer overflow exploits.
Speaking of which, the Pentium 4 3.73GHz Extreme Edition is quite a change from the 3.46GHz model. This new Extreme Edition is based on the same Prescott-derived CPU core as the 600 series, while previous Extremes were based on the pre-Prescott "Gallatin" core. That means the new Extreme Edition now has a longer, 31-stage main pipeline and lower clock-for-clock performance. The old EE's L3 cache is gone by the wayside, replaced by the beefy 2MB of L2 cache in this new core. The new EE can also do the 64-bit dance, but it doesn't have the fancy power management or enhanced halt state that the 600 series does. The EE 3.73GHz ought to outperform the 600 series thanks to its 1066MHz bus and higher clock speed, but whether it can outperform the EE 3.46GHz is another question.
Wednesday, September 21, 2005
New attack that targets AOL customers
A new attack that targets AOL customers. Users receive a spoofed email from the security department at AOL. The email claims that AOL had a security breach over the weekend and that confidential information may have been compromised. The email also requests that users connect to a website to download and install a new security patch, which will protect their information.
When users click on the link, they are redirected to a fraudulent website which is hosted in Scotland. This site hosts a piece of malicious code, named patch.scr, which is written in Visual Basic and uses Yoda Crypt. When the file is run, a wizard opens to guide users through the disclosure of their confidential account and billing information, including their account limit.
Once this information is obtained, it is sent in a text file via FTP to an account at a hosting facility.
Email Body:
from: mandatoryupdate@aol. com
Valued AOL Member:
Over this past weekend America Online fell victim to attacks from hackers. Thousands
of people were affected as personal and private information was illegally stolen
from them off of our servers. We are still unable to identify everyone who was
affected by these attacks.
To prevent this from happening to you or to correct the problem if you have fallen victim to such an attack, we have created a new Security Patch a new, required update for members of all versions of America Online Software.
Failure to download this Security Patch with in the next 48 hours will result in the temporary suspension of your America Online account. At this point we will send you a Security Patch CD in the mail. Upon installing it, your account will be reactivated. Instead of that, you can download our Security Patch right here, or by visiting the following URL: (URL removed)
After logging in you will be prompted to Run the above Security Patch.
We thank you for your cooperation and look forward to continue to serve you.
When users click on the link, they are redirected to a fraudulent website which is hosted in Scotland. This site hosts a piece of malicious code, named patch.scr, which is written in Visual Basic and uses Yoda Crypt. When the file is run, a wizard opens to guide users through the disclosure of their confidential account and billing information, including their account limit.
Once this information is obtained, it is sent in a text file via FTP to an account at a hosting facility.
Email Body:
from: mandatoryupdate@aol. com
Valued AOL Member:
Over this past weekend America Online fell victim to attacks from hackers. Thousands
of people were affected as personal and private information was illegally stolen
from them off of our servers. We are still unable to identify everyone who was
affected by these attacks.
To prevent this from happening to you or to correct the problem if you have fallen victim to such an attack, we have created a new Security Patch
Failure to download
After logging in you will be prompted to Run the above Security Patch.
We thank you for your cooperation and look forward to continue to serve you.
How to Repair Scratched CDs
 For the cost of one CD, you can repair many with a CD-repair kit. These work on audio CDs, CD-ROM discs and DVDs. | |||||
| | |||||
| | |||||
 | Steps: | ||||
| 1. | Determine the nature of the problem. Turn over the CD and look first for a smudge (see "Clean CDs" under Related eHows). If you notice a scratch, however, continue on to step 2. | ||||
| 2. | Buy a fluid-based CD scratch-repair kit. (Image 1) | ||||
| 3. | Get a soft, lint-free cloth, such as one made for cleaning eyeglasses, if your scratch-repair kit doesn't come with cloths or swabs. (Image 2) | ||||
| 4. | Follow the manufacturer's instructions. Wipe across the CD, working from the inside out in straight lines. Never wipe in a circular pattern. (Image 3) | ||||
| 5. | Repeat the process, if necessary. | ||||
| | |||||
| |||||
 | Tips: | ||||
 | Use a cleaner rather than a repair kit if the scratches are minor but cause skipping or stopping. | ||||
| Avoid using alcohol, abrasive cleaners, petroleum-based products, ammonia, commercial plastic cleaners or toothpaste, and avoid scrubbing, polishing or buffing. | ||||
| If you experience problems when using a disc on other play-back units, try rerecording at a different speed. | ||||
 | Warnings: | ||||
| Household cleaning products - including alcohol, abrasive cleaners, petroleum-based products, ammonia and commercial plastic cleaners - may harm CDs. | ||||
| Scrubbing, polishing or buffing CDs may damage them. | ||||
| Avoid home remedies that suggest using toothpaste. Toothpaste is a mild abrasive and acts as a light sandpaper. While it may sometimes buff out scratches, more often it will cause additional scratches. | ||||
| Even a successful repair may still make it difficult for the laser to read the CD properly, resulting in lower sound quality. | ||||
 | Tips from eHow Users: | ||||
| Boiling water by Eric Get a small pot and fill it with water. Put your stove on high and let the water come to a boil. Get a piece of sewing thread and insert it into the middle of the CD. Place the CD in the boiling water for a few minutes (holding onto the thread), this will temporarily soften the plastic, filling in minor scratches and steam cleaning all smudges and liquids off the surface of the CD. Do not place the CD in cold water (it will crack) or wipe it dry afterward (you'll ruin the plastic), let it air dry. Also, don't keep the CD in the water for too long, a few minutes should do it. Make sure it's fully dried when you want to use it again, excess moisture could damage the disc reading mechanism. | ||||
;)
;)
;)
Tuesday, September 20, 2005
It takes only about 5-10 seconds to make a store bought CD
You listen to them on your stereo, play them in your computer, or watch movies on them. Compact discs (CDs) and their faster cousin, video discs (DVDs), are everywhere. Only a few millimeters thick, they provide hours of entertainment and hold huge volumes of information. But do you ever stop to think about how CDs and DVDs are made, what materials are used, or what happens to these discs
when you don't want them anymore?
Making products like CDs and DVDs consumes natural resources, produces waste, and uses energy. CDs and DVDs are created from many different materials, including metals, plastics, and dyes. The discs are packaged in clear or colored plastic cases or cardboard boxes, wrapped in plastic, and sent to distribution centers and retail outlets around the world. If properly stored and handled, most CDs and DVDs will last for decades, and probably centuries. Depending on their condition, unwanted discs can be reused or recycled instead of thrown away, saving energy and valuable resources.
The entire process of encoding music onto a CD takes only about 5-10 seconds. A high-pressure stamper embeds the digital information into tiny indentations on a polycarbonate plastic blank, which is later coated with metal.
In 2000, more than 700 compact disc factories were operating worldwide.
When CDs were first introduced in the United States in 1983, 800,000 discs were sold. By 1990, this number had grown to close to 1 billion.
Between 1983 and 1996, the average price of a music CD in the U.S. fell by more than 40 percent.
The European market for music CDs is expanding rapidly, with almost 2.9 billion compact discs produced in Western Europe in 1998.
Each month, more than 45 tons of CDs become obsolete—outdated, useless, or unwanted.
Each year, more than 55 million boxes of software go to landfills and incinerators, and people throw away millions of music CDs.
Google I/G home page
If you love using google and how dose not, then you will love Google I/G.
Google I/G is a great home page. Not only do you have the very useful google search but any and every thing you could want on a home page. Things like weather, news, bookmarks, access to your gmail if you have one. This thing is loaded, it is worth checking out. google.com/ig
Google I/G is a great home page. Not only do you have the very useful google search but any and every thing you could want on a home page. Things like weather, news, bookmarks, access to your gmail if you have one. This thing is loaded, it is worth checking out. google.com/ig
Google Earth Helps Find Ancient Ruins
"Alex sez, "A computer programmer found a Roman ruin near his home in Italy when he was playing around with Google Earth & Google Maps."
His eye was caught by unusual 'rectangular shadows' nearby. Curious, he analysed the image further, and concluded that the lines must represent a buried structure of human origin. Eventually, he traced out what looked like the inner courtyards of a villa.
Mori, who describes the finding on his blog, QuellĂ Della Bassa, contacted archaeologists, including experts at the National Archaeological Museum of Parma. They confirmed the find. At first it was thought to be a Bronze Age village, but an inspection of the site turned up ceramic pieces that indicated it was a Roman villa."
The story was originally found at News at Nature.com, the Best in Science Journalism, a pretty interesting site.
So now how many of you are off to play with Google Earth and Google Maps to see if you've got any ancient ruins in your backyard?
Worm poses as Google
September 19, 2005
A new worm has been discovered that apes Google's search site and tunes the results to benefit hackers, not Web surfers.
A new worm has been discovered that apes Google's search site and tunes the results to benefit hackers, not Web surfers.
The P2Load.A virus modifies the HOSTS file on a PC so that when users try to access Google, they are redirected to a page that looks exactly the same as Google, but is not controlled by the company. Instead, the exact copy of Google even supports the 17 languages that Google does and redirects typos such as www.googel.com or www.gogle.com, in such a fashion that users are not aware of the change, according to security firm PandaLabs.
Once users inadvertently download P2Load.A, the next time they go to Google, the spoofed page comes up. Some of the search results are selectively changed, and the fake ads are swapped in place of Google's AdWords.
The Register quotes a Panda executive saying that the motivation of P2Load.A's creator is purely financial -- in the form of increased visits to untrusted Web pages.
PCWorld reports that users looking for a free Star Wars game may, instead, install the worm.
P2Load.A strikes both IE and Firefox, Panda said.
Some sites are calling for Google to offer a bounty on the virus writers, much the way Microsoft has done.
Full disclosure: PCWorld is owned by IDG, the parent company of InfoWorld.
Monday, September 19, 2005
I am sorry that the site looks odd
I am sorry that the site looks odd. I added a line of code that I found that should have allowed people to subscribe to a rss feed of my site, instead it screwed up the site and I lost a lot of sidebar links. I will try to get them all back as soon as I can providing that I can remember what all of them where.
Sunday, September 18, 2005
What's A Podcast?
Podcasting is a great new way of distributing audio automatically. When a site offers a podcast feed you can subscribe to the feed using podcasting software and any new items will be automatically downloaded to your computer. As the name implies, if you have a portable audio player, the files can also be copied to the player.
However, and this is a common area of confusion, no iPod or other MP3 player is required. You can listen to the audio on your computer just as you would any MP3.
If you decide you want to listen to a show every time it comes out, you can subscribe to the feed using podcasting software. Think of it as Tivo for Internet audio. You subscribe to content you want by visiting the web site and getting the podcast URL. Your podcast software automatically downloads any new shows and copies them to your MP3 player. There's always something new and interesting to listen to and you never have to check the web to see when a new show is available.
Visit Wikipedia for more information about podcasting.
You'll find a directory of available podcasts and podcasting software at ipodder.org.
Friday, September 16, 2005
Microsoft Windows Anti-Spyware
A look at Giant Antispyware
If you set it up correctly, you'll never see the AntiSpyware application after your first manual spyware scan, because it will sit resident in your system and automatically deal with most spyware attacks, prompting you only with pop-up windows occasionally as needed. However, Giant AntiSpyware, unlike some other spyware solutions, presents a pleasant, easily-navigated user interface that is similar, in some ways, to a Microsoft taskpad or activity center.
Spyware Scanning
There are three main screens. From the Spyware Scan screen, you can initiate a manual spyware scan, set scan options, and view information about prior scans (Figure). If you choose to run a scan now, Giant AntiSpyware can perform a number of scan types, including a deep scan, which scans all files and folders, and a more typical intelligent scan, which will just test common entry points for spyware. When a scan is complete, you can view the scan results (Figure) and then optionally decide what to do with any found spyware (Figure); spyware can be ignored, quarantined, removed (the default), or always ignored.
Real-time Protection
In the Real-time Protection screen (Figure), you can configure whether the real-time protection feature is active and view the status of Giant AntiSpyware's three agent types (Internet, System, and Application). The Internet Agents prevent applications from modifying or monitoring your Internet connection and settings. The System Agents prevent against threats making unauthorized or hazardous changes to your system, including alerting security permissions. The Application Agents prevent threats from installing, deleting, or modifying Internet Explorer or downloading ActiveX controls, which can contain malicious code.
Currently, these three agent types protect 58 so-called system checkpoints, entry-points in your system where malicious code can be inserted. For example, one typical checkpoint is called process execution. This checkpoint prevents spyware from executing processes (applications or services) on your PC. If an unknown process attempts to execute on your computer, the process will be blocked and you will receive an alert, which lets you remove the process. This is, possibly, the most critical function of this software: It blocks errant software from executing on your system, before it happens.
From the Real-time Protection screen, you can also access information about blocked events, which are changes to your system that you have chosen to block.
Advanced Tools
The third screen, Advanced Tools (Figure), provides you with links to numerous other functions, including System Explorers, which are system settings that are often hard or impossible to otherwise configure. For example, you may be familiar with the new Manage Add-ons functionality that is included with the Windows XP SP2 version of Internet Explorer; this feature lets you enable or disable Browser Helper Objects and other IE plug-ins. However, the Internet Explorer System Explorer in Giant AntiSpyware also lets you permanently remove such add-ons, which, frankly, is exactly what you need (Figure). There are all kinds of System Explorers in Giant AntiSpyware, and if you're interested in security, you should spend some time here. You can configure such things as which applications run when Windows starts, which ActiveX controls are installed, and which processes are currently running. It's a wonderful set of functionality that Microsoft should bubble up more obviously from within Windows itself.
Other Advanced Tools include System Inoculation, which examines your PC for possible security holes (Figure); Browser Hijack Restore, which helps restore features of IE that have been hijacked by malware (Figure), Tracks Eraser, which can be used to remove the history of your activities in a surprisingly wide range of applications and system services, such as Adobe Acrobat Reader, Microsoft's Windows Common Dialog, the Google Toolbar (Figure); and Secure File Shredder, a wonderful utility that can be used to completely eliminate files from your PC using US Department of Justice (DOJ) recommendations for secure file destruction (Figure). How this product doesn't have the word "suite" in its title is beyond me.
AntiSpyware pop-ups
Like a firewall or anti-virus application, Giant AntiSpyware more typically makes itself known by popping up the occasional pop-up window in the lower right corner of your desktop. These pop-ups arrive when the product detects a potential spyware attack, or, by default, when it's completed a spyware scan (you can turn that latter feature off, which I recommend).
Some of the pop-ups are innocuous. For example, you may upgrade a product to a newer version. In such a case, Giant AntiSpyware will typically note that an acceptable application change has occurred and let you get on with your life without having to approve the change (Figure).
Some of the pop-ups, however, warn of more dangerous problems. Perhaps you've navigated to a malicious Web site that is attempting to install some spyware. Or maybe you or an application is attempting a system configuration change with which Giant Spyware is not familiar. In such a case, you're provided with information about the change and prompted to Allow or Block it.
Microsoft Windows AntiSpyware Beta: Changes from the Giant product
So now that Microsoft has purchased Giant and its anti-spyware solution, attention logically turns toward what the company will do with it. Previously, Microsoft had revealed that it would release an anti-spyware solution in 2005, a year ahead of the mid-2006 release of Longhorn (where its anti-spyware solution was originally set to appear). The company has internal anti-spyware and malware projects, codenamed Strider and GhostBuster, respectively, which would have fulfilled those goals, and sources I've spoken with suggest that Microsoft understands, perhaps better than anyone, how today's malicious spyware is now hooking into Windows systems and intends to rectify that situation. In late 2004, Microsoft started beta testing an internal version of Giant AntiSpyware, codenamed "Atlanta," that was only a minor revision over the version Giant last released (Figure).
Since posting my initial version of this preview, Microsoft has shipped two public beta releases of what it's now calling Windows AntiSpyware (Figure). The first, which arrived in January 2005, less than a month after the Giant acquisition, was visually identical to the Giant release, but lacked a few interesting features from the original. Specifically, Windows AntiSpyware does not include the File Shredder and System Inoculation features, both of which were excellent. The result is a less full-featured Advanced Tools area in the Windows AntiSpyware UI (Figure).
"We removed the Secure File Shredder and System Inoculation tools because they were not essential, and overlap in functionality with the Microsoft Baseline Security Advisor tool," Paul Brian, the Director of Product Management for the Security Business and Technology Unit, AntiSpyware at Microsoft told me recently. "We've also removed the cookie tracking functionality because we're formulating how we want to tackle that one."
Other than that, the Windows AntiSpyware beta is very similar, visually, to the Giant product. That will change, Brian told me. "We've kept the same UI for the beta release in order to get it out quickly," he said. "We will change it. We're getting feedback from customers about what kinds of things they want to see improved, and we definitely have a lot of work to do: Localization, making it more accessible, that kind of thing. Giant wasn’t big enough to do that. But spyware is a serious enough issue that we did want to get the product out as quickly as possible. We'll improve it over time."
In February 2005, Microsoft shipped a second public beta version of Windows AntiSpyware that features "enhanced real-time protection agents, new threat categories, and improved stability and performance." It does not appear to be much different from the previous beta version.
And what about the good folks from Giant? Brian told me that cofounders Ron Franczyk and Andrew Newman and the rest of Giant are now working for Microsoft, and the entire Giant organization will eventually be working in Redmond. Franczyk and Newman are in the engineering group within the Security Business and Technology Unit, working on Windows AntiSpyware, similar to their work before the acquisition.
Licensing and pricing
In February 2005, Microsoft announced that it would provide Windows AntiSpyware to consumers for free when the final version is release. However, unlike Giant AntiSpyware, Windows AntiSpyware will only be made available to Windows XP SP2 users as one of the benefits of using that platform. A managed corporate version, first revealed in this preview, will be made available later, but will not be free. Instead, the corporate version of Windows AntiSpyware will be licensed on a subscription basis. Microsoft has not revealed the timing for the final release.
Conclusions
Like Giant AntiSpyware before it, Windows AntiSpyware is an excellent product and is inarguably the finest anti-spyware product made available thus far. Given its price (free) and its excellent functionality, Windows XP SP2 users would be crazy not to install this product, even in beta form, and leaving it monitoring their systems. However, as many spyware experts have noted, no one anti-spyware product catches all malware and spyware. For this reason, I also recommend that you download and manually run another anti-spyware product regularly. The best non-Microsoft solution is Webroot Spy Sweeper, which I use and recommend, but if you'd rather not pay for protection, the free version of Lavasoft Ad-aware is decent but not excellent. Between Windows AntiSpyware beta and one of these products, you should see a marked decrease in spyware on your systems. The best way to avoid spyware, of course, is to use a safer Web browser. On that note, I strongly recommend Mozilla Firefox over Internet Explorer.
New Firefox, Mozilla releases to fix bugs
The Mozilla Foundation plans to "shortly" release new versions of its Firefox and Mozilla Web browsers to address a recently disclosed serious security bug as well as several additional flaws, a representative said Wednesday.
The decision for new, so-called point releases was made after the disclosure last week of a problem in the way the browsers handle International Domain Names, or IDNs, Web addresses that use international characters. The vulnerability could let attackers secretly run malicious software on users' PCs. Hackers have been working on exploits for the flaw.
"As soon as we got the report that users might be impacted, we began evaluating our options," said Mike Schroepfer, director of engineering at the Mozilla Foundation. Firefox version 1.0.7 and Mozilla version 1.7.12, which fix the IDN flaw, are now being tested, he said. "We're releasing as soon as we possibly can."
The testing process is to make sure the updates don't introduce any compatibility problems, he said.
In addition to patching the IDN bug, the new releases include one functionality fix and a handful of fixes for yet undisclosed security problems, Schroepfer said.
The Mozilla Foundation, which distributes and coordinates the development of Firefox and Mozilla, responded swiftly to the IDN bug disclosure last week and within 24 hours provided a temporary fix. Though the fix disables support for IDNs, the new updates that are now being tested will actually fix the vulnerability and re-enable IDNs, Schroepfer said.
IDNs have caused trouble for Mozilla in the past. A Firefox security update in February fixed a flaw that would allow domain spoofing using the special domain names.
As the Mozilla Foundation and the open-source community were working on fixing the IDN flaw, the discoverer of that bug reported yet another issue with Firefox. Security researcher Tom Ferris on Wednesday said that Firefox1.5 beta 1 is vulnerable to a problem similar to the IDN bug he disclosed last week.
Another Firefox flaw?
Even with the fix that disables IDN installed, a buffer overflow vulnerability exists in Firefox 1.5 beta 1, Ferris wrote on his Security Protocols Web site. The problem is a variant of the original IDN bug, he wrote.
Buffer overflows are a commonly exploited security problem. They occur when a program allows data to be written beyond the allocated end of a buffer in memory. A computer can be made to execute potentially malicious code by feeding in extra data that is designed to flood over the buffer.
Firefox 1.5 beta 1 was released last week and is a test version of a new Firefox browser due out by year's end.
The Mozilla Foundation is investigating Ferris' latest report, Schroepfer said. "At this time, we're not sure whether it is a vulnerability," he said.
The latest problem occurs only in the beta release, which is meant for testing only and typically has bugs. The beta has been downloaded about 500,000 times, according to Schroepfer.
Firefox has risen in popularity in recent years as a viable alternative to Microsoft's Internet Explorer. Though its market share slipped slightly recently, researchers estimate that between 8 percent and 9 percent of the Internet population uses the open-source browser.
Security has been a main selling point for Firefox over Internet Explorer. However, Firefox has had its own security woes. Numerous serious holes in the browser have been plugged since its official release, and experts have said that safe Web browsers don't exist.
The decision for new, so-called point releases was made after the disclosure last week of a problem in the way the browsers handle International Domain Names, or IDNs, Web addresses that use international characters. The vulnerability could let attackers secretly run malicious software on users' PCs. Hackers have been working on exploits for the flaw.
"As soon as we got the report that users might be impacted, we began evaluating our options," said Mike Schroepfer, director of engineering at the Mozilla Foundation. Firefox version 1.0.7 and Mozilla version 1.7.12, which fix the IDN flaw, are now being tested, he said. "We're releasing as soon as we possibly can."
The testing process is to make sure the updates don't introduce any compatibility problems, he said.
In addition to patching the IDN bug, the new releases include one functionality fix and a handful of fixes for yet undisclosed security problems, Schroepfer said.
The Mozilla Foundation, which distributes and coordinates the development of Firefox and Mozilla, responded swiftly to the IDN bug disclosure last week and within 24 hours provided a temporary fix. Though the fix disables support for IDNs, the new updates that are now being tested will actually fix the vulnerability and re-enable IDNs, Schroepfer said.
IDNs have caused trouble for Mozilla in the past. A Firefox security update in February fixed a flaw that would allow domain spoofing using the special domain names.
As the Mozilla Foundation and the open-source community were working on fixing the IDN flaw, the discoverer of that bug reported yet another issue with Firefox. Security researcher Tom Ferris on Wednesday said that Firefox1.5 beta 1 is vulnerable to a problem similar to the IDN bug he disclosed last week.
Another Firefox flaw?
Even with the fix that disables IDN installed, a buffer overflow vulnerability exists in Firefox 1.5 beta 1, Ferris wrote on his Security Protocols Web site. The problem is a variant of the original IDN bug, he wrote.
Buffer overflows are a commonly exploited security problem. They occur when a program allows data to be written beyond the allocated end of a buffer in memory. A computer can be made to execute potentially malicious code by feeding in extra data that is designed to flood over the buffer.
Firefox 1.5 beta 1 was released last week and is a test version of a new Firefox browser due out by year's end.
The Mozilla Foundation is investigating Ferris' latest report, Schroepfer said. "At this time, we're not sure whether it is a vulnerability," he said.
The latest problem occurs only in the beta release, which is meant for testing only and typically has bugs. The beta has been downloaded about 500,000 times, according to Schroepfer.
Firefox has risen in popularity in recent years as a viable alternative to Microsoft's Internet Explorer. Though its market share slipped slightly recently, researchers estimate that between 8 percent and 9 percent of the Internet population uses the open-source browser.
Security has been a main selling point for Firefox over Internet Explorer. However, Firefox has had its own security woes. Numerous serious holes in the browser have been plugged since its official release, and experts have said that safe Web browsers don't exist.
CPUs smarter than 'every human brain combined' by 2060
Computers will be able to out-think the entire world population put together within the next 60 years, the head of Lucent's research division has forecast.
First, though, phones will be able to tell how their owners smell, Jeong Kim, Bell Labs' president told reporters in Seoul yesterday.
Kim's comments, conveyed by local paper Joong Ang Daily, make scary reading.
Smell-o-vision phones will come in five to ten years, Kim believes, sampling the odour of the caller and transmitting it to the recipient via the airwaves and an odour-releasing device on the handset. In the same timeframe, handsets will be able to scan for changes in a caller's facial expression.
We're not sure why you'd want that: surely by 2015 we'll all be using videophones, so we'll be able to see the caller's expression. Or maybe by then we'll be dialling numbers that way, using nods and winks to signal numbers and letters. Given the differences between cultures around the world, such a system would make cheap grey imports far too embarrassing to use.
He also said phones will eventually respond to mental commands.
Making all this possible will be what Kim refers to as "nanotechnology", on the subject of which he makes his most startling prediction:
"If nanotechnology maintains its current pace of development, it will give birth to a computer that has the information processing capacity equivalent to every human brain combined by 2060."
If Kim is correct, computers will clearly be smart enough to know you want to make a call before you yourself do. If they're that clever, they'll be able to work out the answer before the call's recipient can. Pretty soon they'll realise there's no need to bother with the human element in the first place - particularly if they detect one or both of the participants hasn't taken a shower recently and all they do is wink at each other.
First, though, phones will be able to tell how their owners smell, Jeong Kim, Bell Labs' president told reporters in Seoul yesterday.
Kim's comments, conveyed by local paper Joong Ang Daily, make scary reading.
Smell-o-vision phones will come in five to ten years, Kim believes, sampling the odour of the caller and transmitting it to the recipient via the airwaves and an odour-releasing device on the handset. In the same timeframe, handsets will be able to scan for changes in a caller's facial expression.
We're not sure why you'd want that: surely by 2015 we'll all be using videophones, so we'll be able to see the caller's expression. Or maybe by then we'll be dialling numbers that way, using nods and winks to signal numbers and letters. Given the differences between cultures around the world, such a system would make cheap grey imports far too embarrassing to use.
He also said phones will eventually respond to mental commands.
Making all this possible will be what Kim refers to as "nanotechnology", on the subject of which he makes his most startling prediction:
"If nanotechnology maintains its current pace of development, it will give birth to a computer that has the information processing capacity equivalent to every human brain combined by 2060."
If Kim is correct, computers will clearly be smart enough to know you want to make a call before you yourself do. If they're that clever, they'll be able to work out the answer before the call's recipient can. Pretty soon they'll realise there's no need to bother with the human element in the first place - particularly if they detect one or both of the participants hasn't taken a shower recently and all they do is wink at each other.
FAA OK's Preliminary Space Elevator Tests
Washington, DC -- The LiftPort Group, the space elevator companies, announced September 9 that it has received a waiver from the Federal Aviation Administration (FAA) to use airspace to conduct preliminary tests of its high altitude robotic "lifters."
The lifters are early prototypes of the technology that the company is developing for use in its commercial space elevator to ferry cargo back and forth into space.
The tests, which are planned for early fall, will simulate a working space elevator by launching a model elevator "ribbon" attached to moored balloon initially up to a mile high. The robotic lifters will then be tested in their ability to climb up and down the free-hanging ribbon, marking the first-ever test of this technology in the development of the space elevator concept.
According to Michael Laine, president of the LiftPort Group in Bremerton, Washington, the FAA go-ahead is a "critical step" in the ultimate developing of the group's LiftPort Space Elevator concept.
The lifters are early prototypes of the technology that the company is developing for use in its commercial space elevator to ferry cargo back and forth into space.
The tests, which are planned for early fall, will simulate a working space elevator by launching a model elevator "ribbon" attached to moored balloon initially up to a mile high. The robotic lifters will then be tested in their ability to climb up and down the free-hanging ribbon, marking the first-ever test of this technology in the development of the space elevator concept.
According to Michael Laine, president of the LiftPort Group in Bremerton, Washington, the FAA go-ahead is a "critical step" in the ultimate developing of the group's LiftPort Space Elevator concept.
Xbox 360 to Launch in U.S. Nov. 22
The next version of Microsoft Corp.'s Xbox game console will be available in the United States two days before Thanksgiving, in time for the important holiday shopping season, the company said Wednesday.
The Nov. 22 launch of Xbox 360 in North America will be followed by a Dec. 2 launch in Europe and a Dec. 10 launch in Japan.
Microsoft executive officer Yoshihiro Maruyama speaks a he announces price and the date of the sale for the Xbox 360 in Tokyo Thursday, Sept. 15, 2005. The next version of Microsoft Corp.'s Xbox game console will be available in Japan Dec. 10 at the price of 37,900 yen ($344). (AP Photo/Junji Kurokawa)
Microsoft executive officer Yoshihiro Maruyama speaks a he announces price and the date of the sale for the Xbox 360 in Tokyo Thursday, Sept. 15, 2005. The next version of Microsoft Corp.'s Xbox game console will be available in Japan Dec. 10 at the price of 37,900 yen ($344). (AP Photo/Junji Kurokawa) (Junji Kurokawa - AP)
The releases will allow the Redmond-based software maker to get a head start over rival Sony's PlayStation 3, which is slated to replace the market-leading PlayStation 2 next spring.
The Japanese unit will cost 37,900 yen, or about $345 _ slightly less than the $399.99 the company is charging in the U.S., Canada and Mexico. Microsoft had previously disclosed the U.S. price, as well as the European price of 399.99 euros.
Microsoft also is selling a scaled-back version, dubbed "Xbox 360 Core System," for $299.99 in North America and 299.99 euros in Europe. But David Reid, director of platform marketing for Xbox, said the company had decided there wouldn't be enough demand to immediately launch that cheaper system in Japan.
Reid said the company priced the Xboxes relative to what other, similar gadgets cost in the respective countries. He said the decision to charge less in Japan than the United States did not have anything to do with the fact that the first version of the Xbox has not been as successful in Japan as Microsoft had hoped.
This time around, Reid said the company is hoping it will have more success because it plans to have more games available that Japanese consumers will like.
In general, Reid acknowledged that the company will initially sell the new version of Xbox at a loss. But he said he expects some components of the product will get cheaper over time, allowing the company to eventually make money on the Xbox 360 even though it plans to eventually discount the price.
Microsoft is initially targeting the Xbox 360 to hardcore gamers, but it is hoping a sleek design and user-friendly features will eventually make it alluring to more mainstream users.
"The price is going to decline over time and be more broadly appealing to a broader range of consumers," he said.
Microsoft has already begun producing "millions of units" at three facilities in southern China, Reid said, although he would not provide a specific number of units that will be available at launch.
The Nov. 22 launch of Xbox 360 in North America will be followed by a Dec. 2 launch in Europe and a Dec. 10 launch in Japan.
Microsoft executive officer Yoshihiro Maruyama speaks a he announces price and the date of the sale for the Xbox 360 in Tokyo Thursday, Sept. 15, 2005. The next version of Microsoft Corp.'s Xbox game console will be available in Japan Dec. 10 at the price of 37,900 yen ($344). (AP Photo/Junji Kurokawa)
Microsoft executive officer Yoshihiro Maruyama speaks a he announces price and the date of the sale for the Xbox 360 in Tokyo Thursday, Sept. 15, 2005. The next version of Microsoft Corp.'s Xbox game console will be available in Japan Dec. 10 at the price of 37,900 yen ($344). (AP Photo/Junji Kurokawa) (Junji Kurokawa - AP)
The releases will allow the Redmond-based software maker to get a head start over rival Sony's PlayStation 3, which is slated to replace the market-leading PlayStation 2 next spring.
The Japanese unit will cost 37,900 yen, or about $345 _ slightly less than the $399.99 the company is charging in the U.S., Canada and Mexico. Microsoft had previously disclosed the U.S. price, as well as the European price of 399.99 euros.
Microsoft also is selling a scaled-back version, dubbed "Xbox 360 Core System," for $299.99 in North America and 299.99 euros in Europe. But David Reid, director of platform marketing for Xbox, said the company had decided there wouldn't be enough demand to immediately launch that cheaper system in Japan.
Reid said the company priced the Xboxes relative to what other, similar gadgets cost in the respective countries. He said the decision to charge less in Japan than the United States did not have anything to do with the fact that the first version of the Xbox has not been as successful in Japan as Microsoft had hoped.
This time around, Reid said the company is hoping it will have more success because it plans to have more games available that Japanese consumers will like.
In general, Reid acknowledged that the company will initially sell the new version of Xbox at a loss. But he said he expects some components of the product will get cheaper over time, allowing the company to eventually make money on the Xbox 360 even though it plans to eventually discount the price.
Microsoft is initially targeting the Xbox 360 to hardcore gamers, but it is hoping a sleek design and user-friendly features will eventually make it alluring to more mainstream users.
"The price is going to decline over time and be more broadly appealing to a broader range of consumers," he said.
Microsoft has already begun producing "millions of units" at three facilities in southern China, Reid said, although he would not provide a specific number of units that will be available at launch.
Tuesday, September 13, 2005
Mario Turns 20
They grow up so fast.
On Sept. 13th 2005 Mario turned 20 years old. The birth date they are going with is the 1985 release date and not Donkey Kong (in which his likeness appears as Jump Man)
Happy Birthday Mario!
Monday, September 12, 2005
No Microsoft Patches This Month After All
Quality issue with patch prompts 'Patch Tuesday' cancellation.
Microsoft has decided not to go ahead with its monthly security update after encountering an unspecified quality issue with the software patch it had planned to release next Tuesday.
Microsoft yesterday said it would be offering a patch to a critical flaw in its Windows operating system next week.
Today, however, company representatives said that Microsoft had changed its mind and would not be releasing any security patches this month after all.
Microsoft releases most software patches on the second Tuesday of each month, a date that has come to be known as "Patch Tuesday" by security professionals.
Little Explanation
The software vendor declined to say exactly what had caused the last-minute change in plans.
"It was a quality issue," said a Microsoft spokesperson. "They found something that made them realize that it was best not to release [the patch] this month," she said, adding that the company's security team decided it needed to put the Windows patch through additional testing.
This is the second time that Microsoft has changed its mind about releasing a patch since the company began giving customers advance notification of its monthly patches late last year, the spokeswoman said.
Saturday, September 10, 2005
Microsoft aims for hack-proof 360
Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack.
The 360 will have security built directly into the hardware, said Xbox engineer Chris Satchell.
Fans have modified the first Xbox to turn it into a media centre, upgrade the hard drive or allow it to play imported games.
Modifying a console is illegal in the UK if this is intended to get around anti-piracy measures on the Xbox.
Consoles such as the Xbox and PlayStation 2 can be modified by chips that are soldered to a console's main circuit board to bypass copyright controls.
The chips allow people to play games purchased legitimately in other countries, as well as running backup copies or bootleg discs.
Shortly after the first Xbox came out, computer scientists, smart amateur engineers and others started taking it apart and creating modification chips and software for the machine to make it do things Microsoft never intended it to.
Custom design
Such actions are frowned upon by the hardware manufacturers. In July last year, Sony won a court case to ban the selling of mod chips for its PlayStation 2 in the UK.
In July of this year, a 22-year-old man became the first person in the UK to be convicted for modifying a video games console. 
There are going to be levels of security in this box that the hacker community has never seen before 
Chris Satchell, Xbox
With the 360, Microsoft is aiming to make it as hard as possible to hack.
"We've taken security to the hardware level and built it in from the ground up," said Chris Satchell from the Xbox Advanced Technology Group.
"One of the reasons we went with custom hardware design for all our silicon is that it allows us to build security at the silicon level," he told the BBC News website.
"There are going to be levels of security in this box that the hacker community has never seen before."
Part of the motivation behind this is to prevent people from using the 360 to watch pirated films or TV shows.
But Mr Satchell admitted no system was fool-proof and that, with enough time and dedication, the security on the Xbox 360 would be broken.
"There're some really bright people in the world with some really expensive hardware," he said.
"I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine."
Microsoft's 360 is set to be the first of the new wave of games machines to hit the shops sometime before Christmas.
The basic Xbox 360, dubbed the Core System, will retail for $299 in the US, 299 euros in Europe and £209 in the UK.
The fully loaded console with all the accessories will sell for $399, 399 euros and £279. Sony's PlayStation 3 is due to be released early next year, with Nintendo's Revolution following later.
Saturday, September 03, 2005
Malicious Website / Malicious Code: Katrina News Email Scam
Websense Security Labs(TM) has received multiple reports of a new email scam, which attempts to lure users into visiting a malicious website. The message gives a brief news update on Hurricane Katrina and provides a link to the full news story. This website contains encoded JavaScript, which attempts to exploit two HTML Help vulnerabilities. Microsoft has addressed these vulnerabilities with Security Bulletin MS05-001.
In the event that either of the exploits are successful, a Trojan downloader is placed on the workstation. The Trojan begins downloading a second malicious file, which is also a Trojan. The second Trojan has backdoor functionality that gives the attacker complete control of the workstation.
The technique, exploit, and Trojan used in this attack are nearly identical to the Iraqi News Email Scam that began circulating in early August.
The first website involved in the attack is hosted in Mexico; the second is in the United States. Both were online at the time of this alert.
Websense Security Labs(TM) has also observed several hundred new websites, which are requesting donations for Hurricane Katrina relief. Many of these sites are believed to be fraudulent. We strongly recommend you verify the authenticity of any charity before making a donation.
Sample email text:
Just before daybreak Tuesday, Katrina, now a tropical storm, was 35 miles northeast of Tupelo, Miss., moving north-northeast with winds of 50 mph.
Forecasters at the National Hurricane Center said the amount of rainfall has been adjusted downward Monday.
Mississippi Gov. Haley Barbour said Tuesday that Hurricane Katrina killed as many as 80 people in his state and burst levees in Louisiana flooded New Orleans.
In the event that either of the exploits are successful, a Trojan downloader is placed on the workstation. The Trojan begins downloading a second malicious file, which is also a Trojan. The second Trojan has backdoor functionality that gives the attacker complete control of the workstation.
The technique, exploit, and Trojan used in this attack are nearly identical to the Iraqi News Email Scam that began circulating in early August.
The first website involved in the attack is hosted in Mexico; the second is in the United States. Both were online at the time of this alert.
Websense Security Labs(TM) has also observed several hundred new websites, which are requesting donations for Hurricane Katrina relief. Many of these sites are believed to be fraudulent. We strongly recommend you verify the authenticity of any charity before making a donation.
Sample email text:
Just before daybreak Tuesday, Katrina, now a tropical storm, was 35 miles northeast of Tupelo, Miss., moving north-northeast with winds of 50 mph.
Forecasters at the National Hurricane Center said the amount of rainfall has been adjusted downward Monday.
Mississippi Gov. Haley Barbour said Tuesday that Hurricane Katrina killed as many as 80 people in his state and burst levees in Louisiana flooded New Orleans.
Subscribe to:
Posts (Atom)
