P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 29-09-10, 07:31 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 2nd, '10

Since 2002


































"If I had been given plum roles like this back in the old days, I would have stayed in Hollywood." – Gloria Stuart


"We expect that there will be no addresses available in our registries to give to Internet service providers by the end of 2011." – John Curran


" Q: Did Stuxnet sink Deepwater Horizon and cause the Mexican oil spill?
A: No, we do not think so. Although it does seem Deepwater Horizon indeed did have some Siemens PLC systems on it."
– Mikko



































October 2nd, 2010





ISP Sky Broadband Cuts off ACS:Law
Thomas Mennecke

In the wake of the epic email database breach which was first reported here on Slyck.com, the omnidirectional broadside against the anti-piracy law firm ACS:Law continues. The ISP Sky Broadband today stated they cut off further cooperation with ACS:Law due to the email breach and will only resume when proper security measures are taken. Although there's still a mountain of information still under analysis, at least 4,000 Sky customers had their information leaked into the wild thanks to sloppy web server administration and the lack of data encryption procedures.

The exposure of ACS:Law's database was like watching a train wreck happen at 5 miles per hour. During the morning hours (EST) of September 24, the ACS:Law website was still inoperable - the ISP had wisely taken the site offline because of a previous DDoS (Distributed Denial of Service) attack. Any attempt to visit the site was greeted by the typical "Web site cannot be found" error message that most browsers display - then the inevitable train wreck happened.

What happened next was nothing short of inexplicable madness. The site was once again resolvable, however, instead of the typical ACS:Law website being displayed, the root directory and several files were instead made available. One of those files was a backup file - all the world could do at that point is shake their head in amazement and wait until all hell broke loose. And it did.

First came news of the contents of the email - truly terrifying stuff. And not so much because of the way ACS:Law conducts business, but the ultimate exposure of thousands of individual's personal information - their IP addresses, their names, addresses, and the pornography they're accused of sharing. There is no specific total yet, but we know it's at least in the thousands with the potential to be significantly higher. In response, Privacy International, a consumer advocacy group based in the UK, has filed a complaint with the British government's ICO office.

Sky Broadband today issued a press release on the matter, identifying significant privacy concerns. Sky is one of several ISPs who have given up their data to ACS:Law - with little noticeable resistance. It appears that 4,000+ Sky customers may have been affected by ACS:Law's lack of security measures.

"We have suspended all co-operation with ACS:Law with immediate effect. This suspension will remain in place until ACS:Law demonstrates adequate measures to protect the security of personal information."

Sky might be waiting for an event that may never happen. Currently, ACS:Law is possibly facing a £500,000 fine for the serious lapse of security, with the ICO taking this situation rather gravely.

"The question we will be asking is how secure was this information and how it was so easily accessed from outside," said Christopher Graham, UK Information Commissioner to the BBC. Graham added, "I can't put ACS: Law out of business, but a company that is hit by a fine of up to half a million pounds suffers real reputation damage."

With its reputation lower than absolute zero and the potential for a £500,000 (about $750,000) fine, we question whether it’s possible for ACS:Law to ever engage in anti-piracy operations again. Don't forget, Sky is no hero here, they actively divulged their customer's information and were part of the mass monetary demand process. But at least this is a positive first step to make some kind of amends.
http://www.slyck.com/story2064_ISP_S...uts_off_ACSLaw





London Law Firm Pledges to Continue Targeting File-Sharers

Not put off by ACS: Law debacle
Linda Harrison

A firm of London solicitors has said the controversy surrounding ACS:Law will not stop it from targeting those accused of file-sharing.

Gallant Macmillan told the BBC it still planned to go to the High Court on 4 October to seek the personal details of hundreds of PlusNet users.

Simon Gallant told BBC News that he had “no problem” pursuing legal claims.

The comments came after thousands of customer details were leaked online after a security breach at ACS:Law, with ISPs pledging to take a tougher stand with law firms pursuing ‘anti-piracy’ claims.

Gallant Macmillan is reported to be seeking a court order from BT subsidiary PlusNet to get it to hand over the personal details of a “large number” of broadband users that it suspects of illegally downloading and sharing music from the record label Ministry of Sound.

The hearing is due to be heard before Chief Master Winegarten at the High Court.

According to the BBC, Gallant Macmillan sends out letters to users suspected of illegal file sharing - a method similar to that used by ACS:Law.

The letter asks for “compensation and costs” of £350 and asks the recipient to sign an undertaking not to do it again.

BT confirmed yesterday that it sent customer details to ACS:Law in unencrypted Exel spreadsheets as email attachments.

A PlusNet spokesperson told BBC News that ACS:Law’s actions had “undermined the current legal process”.

They added: "It's in everyone's interests to restore confidence in this process so that broadband users are safeguarded and we are determined to do this.

"We are actively reviewing our approach to these disclosure requests to achieve this objective and this will inform our approach to Monday's hearing”.

Mr Gallant told the BBC that, as far as he was concerned, “nothing has changed” and the company was proceeding with the application and hoped to obtain a list of customers suspected of illegal file sharing.

He said: “I am aware this type of work is contentious and we have done a great deal of due diligence and are aware of all the concerns people have raised.

"Providing a rights holder can prove to me that they have a valid legal claim, why should I - as a solicitor - have any problem representing them?"

TechEye tried to contact Mr Gallant today but we were told he was too busy to take our call.
http://www.techeye.net/business/lond...g-file-sharers





EFF Sues Newspaper Chain’s Copyright Troll
David Kravets

Righthaven, the Las Vegas-based copyright troll, may have sued one website too many. The Electronic Frontier Foundation hit the company with a lawsuit Monday alleging Righthaven is abusing copyright law by suing for excerpting or posting newspaper articles without permission.

Law firm Righthaven was formed earlier this year for the sole purpose of suing for copyright infringement. So far, its main client, Stephens Media, has publicly authorized it to sue the operators of 145 internet sites on behalf of its flagship paper, the Las Vegas Review-Journal.

San Francisco’s EFF, which has been shopping for one of the cases to take, has agreed to defend user-generated Democratic Underground, a site that says it provides “political satire and commentary for Democrats.”

It’s also filed a countersuit claiming Monday that Righthaven is a “front and sham representative” of Stephens Media with a sole mission “to seek windfall recoveries of statutory damages and to exact nuisance settlements.”

Since Righthaven was formed this spring, it has settled about 20 percent of its lawsuits for a few thousand dollars each. Righthaven even demands forfeiture of the a site’s domain, which likely fuels settlements from site owners who don’t have a lawyer or who conclude that legal fees would be more onerous than settling, said Kurt Opsahl, an EFF senior staff attorney.

“If we get the right decision from the court, it would establish good precedent that will be available to everybody,” he said in a telephone interview Wednesday.

EFF is seeking legal fees, no damages and a judgment that Democratic Underground did not infringe, he said.

Still, the facts of each of the cases vary, with some sites sued for running entire articles posted by the site operator or a third-party — with or without links. The same is true for snippets of stories. One case includes the wholesale hijacking of Review-Journal stories with a new byline inserted.

Steve Gibson, Righthaven’s owner, said he is expanding operations beyond Stephens Media. He did not immediately return a message seeking comment.

The EFF claims the Democratic Underground isn’t even close to being liable for infringement, which carries penalties of up to $150,000 per violation under the Copyright Act.

Democratic Underground is being sued for a user of the site last month posting four paragraphs and a link to a 34-paragraph Review-Journal story on Sharron Angle, the Republican Nevada candidate for Senate entitled “Tea party fuels Angle.”

Opsahl claimed the site had a fair-use right to the four paragraphs. It was posted for discussion and commentary, not for commercial gain. The article, he said, is freely available on the Review Journal’s website, which encourages readers to share it via Facebook, Twitter, e-mail and by other means.

“We don’t think they should have filed this lawsuit in the first place,” Opsahl said.

At the very least, Righthaven should have requested that the site remove the disputed content, Opsahl said.
http://www.wired.com/threatlevel/201...ghthaven-sham/





Internet Pornographers Now Suing Pirates
Samuel Axon

Hollywood film studios and record labels aren’t the only people filing lawsuits against illegal downloaders. As of a few weeks ago, porn producers banded together to file lawsuits of their own, but there’s a unique spin: embarrassment.

It’s tough to say whether or not the lawsuits filed by movie studios and record labels against a small number of users have proven effective as a deterrent to piracy, but the added embarrassment of exposing sexual fantasies to friends, family and colleagues might make the method more effective for owners of adult content.

The producers have targeted users who downloaded titles that prominently feature transsexuals and “barely legal” 18-year old girls. Since the lawsuits are on public record, the defendants’ porn-viewing habits would be exposed.

Pink Visual President Allison Vivas told the AFP, “When it comes to private sexual fantasies and fetishes, going public is probably not worth the risk that these torrent and peer-to-peer users are taking.”

The initial barrage of lawsuits began a few weeks ago, and the producers are also targeting YouTubeYouTubeYouTube-like streaming video sites (YouPorn and XTube come to mind) that deal in owned content and only remove it after receiving a take-down notice.
There’s a certain irony to the situation. Many of these producers built their careers by distributing their goods through web-based channels that challenged traditional distribution models. Now those technologies have developed to the point that the average user can simply acquire the goods for free.
http://mashable.com/2010/09/26/porn-pirates/





"Operation Payback" Attacks to Go On Until "We Stop Being Angry"
Nate Anderson

The distributed denial of service (DDoS) attacks against anti-piracy websites have gone on for a week now, with the lawyers behind the "US Copyright Group" being the latest target. And the anonymous Internet users behind "Operation Payback" aren't done acting out; in an interview yesterday with the security experts at Panda Labs, one of the organizers said that Anonymous' attacks will continue "until we stop being angry." Judging from the list of things that make him (?) angry, this could take a while.

The law firm of Dunlap, Grubb and Weaver was one of the newest targets of the attacks, organized a week ago to take down antipiracy organization around the world. Already hit: the RIAA (US), BPI (UK), MPAA (US), AFACT (Australia), BREIN (Netherlands), Aiplex (India), and Websheriff (UK). One of the smaller sites actually yielded the biggest bounty; the UK "P2P settlement letter factory" ACS Law gave up several hundred megabytes of private e-mails after being taken offline by the attack.

The organizers of Operation Payback view themselves as anarchists with a strong moral streak. In their initial attack announcement, they claimed that anarchists had already "succeeded en-masse in distributing content to the poor, the underprivileged, the restricted. The most popular pirates are the chinese, whose content filters restrict a vast amount of content from them. The second most popular, the poor, who cannot afford things like college books or entertainment."

These self-styled Robin Hoods are "strongly motivated to do what we can to fight back against things which are morally questionable," which means that they are now launching DDoS attacks in favor of piracy. "Sharing information" is the new morality—"information" in this case apparently including films like Get Him to the Greek, currently the top movie download on The Pirate Bay.

Operation Payback is the rage of those who need more attention. "What do we have to do to be heard?" asks the original call to action. "To be taken seriously? Do we have to take to the streets, throwing molotovs, raiding offices of those we oppose? Realize, you are forcing our hand by ignoring us. You forced us to DDoS when you ignored the people, ATTACKED the people, LIED TO THE PEOPLE! You are forcing us to take more drastic action as you ignore us, THE PEOPLE, now."

And the rage will continue until the perpetrators feel less angry about the "rich and powerful corporations" who run the world. "In a world where our voice is ignored, we feel we have no choice but to revert to direct action."

Or, as an attack organizer put it last week, "We are seeking to change our way of life OUTSIDE the 'basement' we are trapped in. This is just the beginning. This is only the start."
http://arstechnica.com/tech-policy/n...eing-angry.ars





Pirate Bay Appeal 'a Waste of Time': Sunde



While devoid of high-charged drama, the opening day of the Pirate Bay appeals court trial nevertheless included a few unexpected developments.

Tuesday's proceedings began with some confusion when one of the four men behind the file sharing website The Pirate Bay, Gottfrid Svartholm Warg,failed to turn up.

Fellow defendant Peter Sunde was at first unable to shed much light on Svartholm Warg's whereabouts.

"I don't know. But the last time I heard from him he was sick in hospital, a couple of weeks ago."

In response to a question over which country Svartholm Warg is currently located, Sunde replied:

"I don't think he would be too happy if I say, but it is in Asia."

Shortly thereafter, however, Svartholm Warg’s attorney Ola Salomonsson provided an update on his client's whereabouts.

"I just got a text message from his mom. It says that Gottfrid is sick and still in Cambodia. His mom is traveling there to help him," he told the Aftonbladet newspaper.

Svartholm Warg, Sunde, as well as Fredrik Neij and Carl Lundström were all convicted in April 2009 on charges of being accessories to copyright violations.

Court proceedings began at 10am at the Svea Court of Appeal on Riddarholmen in Stockholm.

Most of the day’s hearing consisted of a review the charges against the four men, as well as presenting information about the workings of the site and the associated BitTorrent technology, according to an account of the proceedings published on the website of the Svenska Dagbladet (SvD) newspaper.

Sunde was hopeful when he arrived at the court and believes that there is a good chance that he will be acquitted.

He argued that his prospects have been improved by the fact that the court of appeal deploys more judges in its hearings, as opposed to the district court which is made up of laymen.

The atmosphere outside of the court was reported to be calm and reserved, in stark contrast to the carnival atmosphere and media scrum that greeted the district court trial of the four men.

"This is a performance with three acts, where the first was important and interesting, but the middle act is perhaps less exciting," said Pirate Party leader Rick Falkvinge who was on site to blog from the courtroom.

The four defendants are appealing their conviction and sentence of 12 months imprisonment and a collective fine of 30 million kronor ($4.4 million) payable in compensation to a slew of record and film companies.

The district court judgement stated that The Pirate Bay facilitated "an unlawful transfer to the public of copyrighted works". In passing judgement, the court also wrote that the four defendants worked as a team for the maintenance of The Pirate Bay.

Lawyers for the entertainment industry argued that the four defendants should be convicted of preparation to copyright violations if they aren’t convicted of acting as accessories to copyright violations.

Meanwhile, defence attorneys for the four men all argued that their clients should be acquitted or have their penalties reduced.

Sunde also kept busy updating his Twitter account throughout the proceedings, mocking chief prosecutor Claes-Håkan Rosvall’s presentation on BitTorrent technology.

“I don’t want to be unkind toward Classe Rosvall, but he can’t show a PowerPoint presentation yet thinks #spectrial# is ‘uncomplicated,’” Sunde wrote on his Twitter account, using an abbreviation for the Pirate Bay trial which came into fashion during the district court hearings.

In the afternoon, Rosvall outlined evidence which he claimed proved the four men were all involved in either operating or financing The Pirate Bay, and that they knew the site’s purpose was to allow users to share copyrighted material.

Among the evidence presented by Rosvall was an email from Lundström to his lawyer in which the heir to the Wasa crispbread empire wrote that The Pirate Bay facilitates internet piracy.

The email also included reflections by Lundström on whether the site should be moved to another country or shut down altogether.

“We’re surrounded by the Anti-Piracy Agency (Antipiratbyrån). Should we shut it down or risk ending up in jail,” Lundström wrote in an email, according to Rosvall.

Speaking later with the Aftonbladet newspaper, Sunde made it clear he would rather be anywhere but back in a Stockholm courtroom.

“This is really boring. It’s a waste of time. It’s going to be appealed no matter what happens,” he told the newspaper.

“This is going to the Supreme Court.”

The Pirate Bay, one of the world's most popular BitTorrent trackers, meanwhile remains open and has more members than ever, despite several attempts to force its closure.

All of the four defendants are resident overseas. Carl Lundström in Switzerland, Fredrik Neij in Thailand, Peter Sunde in Germany and Svartholm Warg, in Cambodia.
http://www.thelocal.se/29294/20100928/





RIAA Takes Down Music Downloading App Mulve
enigmax

Last week an impressive new music downloading application hit the mainstream. Mulve became hugely popular and demand was so great that the site’s servers couldn’t handle the pressure and fell over. Today the site is down again, not through excessive demand, but thanks to the lawyers at the RIAA.

Last week we reported on a very impressive music downloading application. With a claimed database of 10,000,000 tracks, Mulve can give many torrent sites a good run for their money.

Choice aside, Mulve is particularly fast too. Searches yield results quickly and tracks download at excellent speeds, yet this software is not a traditional P2P app – in fact, there is no uploading required at all. Pulling its data off fast servers in Russia connected to the country’s biggest social networking site, downloading from Mulve is about as ‘safe’ as it gets.

Last week, after generating dozens of headlines and excitement around the Internet’s tech sites, Mulve’s homepage went offline, unable to cope with the demand.

TorrentFreak has learned that the site was getting more than 30,000 visitors a day and they were carrying out around 15000 searches every hour.

The site soon returned but those wanting to use the software today, however, will have problems. It is completely down, not due to excessive demand, but due to the lawyers at the RIAA.

“Just letting you know that Mulve has received a DMCA take down request from the RIAA, so it needed to be taken offline,” a Mulve spokesman told TorrentFreak.

While Mulve hosted no illegal files, it appears that the RIAA discovered that a small element of the site was hosted with US-based Hostgator. Once that element was taken down it was enough to effectively disable the site.

It is understood that Mulve has a new update in the pipeline which will improve the application, but there is currently no news on when the site and application will return. TorrentFreak is assured, however, the downtime is just temporary.

In the meantime, as we wait for news, we can ponder on the meaning behind the word ‘Mulve’.

“It is an abbreviation for Music Love,” the developers told us.
http://torrentfreak.com/riaa-takes-d...-mulve-100928/





Stop the Internet Blacklist
David Segal and Aaron Swartz

When it really matters to them, Congressmembers can come together -- with a panache and wry wit you didn't know they had. As banned books week gets underway, and President Obama admonishes oppressive regimes for their censorship of the Internet, a group of powerful Senators -- Republicans and Democrats alike -- have signed onto a bill that would vastly expand the government's power to censor the Internet.

The Combating Online Infringement and Counterfeits Act (COICA) was introduced just one week ago, but it's greased and ready to move, with a hearing in front of the Judiciary Committee this Thursday. If people don't speak out, US citizens could soon find themselves joining Iranians and Chinese in being blocked from accessing broad chunks of the public Internet.

Help us stop this bill in its tracks! Click here to sign our petition.

COICA creates two blacklists of Internet domain names. Courts could add sites to the first list; the Attorney General would have control over the second. Internet service providers and others (everyone from Comcast to PayPal to Google AdSense) would be required to block any domains on the first list. They would also receive immunity (and presumably the good favor of the government) if they block domains on the second list.

The lists are for sites "dedicated to infringing activity," but that's defined very broadly -- any domain name where counterfeit goods or copyrighted material are "central to the activity of the Internet site" could be blocked.

One example of what this means in practice: sites like YouTube could be censored in the US. Copyright holders like Viacom often argue copyrighted material is central to the activity of YouTube, but under current US law, YouTube is perfectly legal as long as they take down copyrighted material when they're informed about it -- which is why Viacom lost to YouTube in court.

But if COICA passes, Viacom wouldn't even need to prove YouTube is doing anything illegal to get it shut down -- as long as they can persuade the courts that enough other people are using it for copyright infringement, the whole site could be censored.

Perhaps even more disturbing: Even if Viacom couldn't get a court to compel censorship of a YouTube or a similar site, the DOJ could put it on the second blacklist and encourage ISPs to block it even without a court order. (ISPs have ample reason to abide the will of the powerful DOJ, even if the law doesn't formally require them to do so.)

COICA's passage would be a tremendous blow to free speech on the Internet -- and likely a first step towards much broader online censorship. Please help us fight back: The first step is signing our petition. We'll give you the tools to share it with your friends and call your Senator.
http://www.huffingtonpost.com/david-..._b_739836.html





A Look At The Technologies & Industries Senators Leahy & Hatch Would Have Banned In The Past
Mike Masnick

The more I look at the "Combating Online Infringement and Counterfeits Act," (COICA) bill proposed by Senators Patrick Leahy and Orrin Hatch (and co-sponsored by Sens. Herb Kohl, Arlen Specter, Charles Schumer, Dick Durbin, Sheldon Whitehouse, Amy Klobuchar, Evan Bayh and George Voinovich) the worse it looks. The idea behind the bill is to give the Justice Department the ability to avoid due process in shutting down or blocking access to sites deemed "dedicated to infringing activities."

With such a broad definition of offerings dedicated to infringing activities, I thought it might be worth running through a list of technologies that and services that were all deemed "dedicated to infringing activities" in their early days, to give you a sense of what these Senators would have banned in the past with such a law:

* Hollywood itself: The history of Hollywood is that it was set up on the west coast in order to avoid Thomas Edison's attempt to control the movie making business with various patents. Hollywood was very much an entire industry dedicated to infringing activities in its early years.
* The recording industry: The origins of modern copyright law in the US came out of fears by musicians that the concept of any kind of automatic playing or "recorded" music would destroy the market for real live musicians. The fear of the player piano was a big, big issue in the early days, with sheet music producers claiming that piano rolls were infringing. So, the early parts of the recording industry were very much "dedicated to infringing activities."
* Radio: When radio first came about, it too was "dedicated to infringing activities." That's because it played music on the radio without paying.
* Cable TV: The very early days of cable TV involved the cable companies offering network television without paying for -- and, even worse, they were charging customers for access to others' content. The very core of the original cable TV system was "dedicated to infringing activities." Charlton Heston denounced cable as "depriving actors of compensation."
* Photocopying machines: When the Xerox machine came on the scene in the late 1950s, it freaked out the publishing industry who denounced it as being dedicated to infringing activities. Just as the 1909 Copyright Act was mainly a response to misguided fears of the player piano, some say the 1976 Copyright Act was in response to the Xerox machine. Some of the modern concepts around fair use came about due to lawsuits from publishers claiming that the photocopier was, in fact, dedicated to infringing activities.
* The VCR: By this point, you should know the famous Jack Valenti quote: "I say to you that the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone." Yup. Dedicated to infringing activity.
* Cassette tapes: "Home taping is killing music." Need I say more?
* The MP3 player: Remember the RIAA's lawsuit against the Diamond Rio? They declared that such a device "stymies the market for . . . works and frustrates the development of legitimate digitally downloadable music." So, that iPod? Yes, it, too, was dedicated to infringing activity.
* The DVR: In 2001, a bunch of TV companies sued, claiming that the Replay TV DVR was an "unlawful scheme" that "attacks the fundamental economic underpinnings of free television and basic nonbroadcast services"

Notice a pattern yet? All sorts of new technologies tend to be berated and condemned as "dedicated to infringing activity," by legacy content industries when those new offerings first come along. It's only later on, when the industry learns to use those new tools of creating, recording, reproducing, performing, distributing, sharing and promoting that they realize those tools turned out to be quite useful in expanding, rather than shrinking, the industry.

Yet, here we are, with the list of Senators above, effectively looking to not allow that evolution to happen at all. They won't even give these new tools a fair trial (which, at the very least, was afforded to many of the tools in this list). Instead, they want to let the Justice Department (which, again, employs many former lawyers of the legacy industries) to simply put together a list of tools they believe infringe and to avoid due process in getting those tools effectively banned. The people making this list are not visionaries. They don't see how these tools can be quite useful to content creators. They're anti-visionaries. They only see how the new tools change the rules for the legacy industry. Do we really want anti-visionaries outlawing the next movie industry? Or the next VCR? Or the next iPod?
http://www.techdirt.com/articles/201...the-past.shtml





Internet Pioneers Protest Senate Anti-Piracy Bill

Some of the rock stars of Internet engineering (yes, they exist) on Tuesday protested a Senate bill aimed at fighting online piracy, saying the legislation could lead to censorship and destabilize the architecture of the Web.

In their letter to the Senate Judiciary Committee, the 89 engineers said a bill proposed by Sen. Patrick Leahy (D-Vt.) that would block the domain names for sites that engage in piracy and copyright infringement threatens to cause far-reaching harm.

Specifically, early Internet systems creator David Reed and others said the bill could destabilize the domain name system used as an underlying infrastructure for the Web. The engineers said the measure could wipe out entire domain names, which are used to translate sites like www.washingtonpost.com into the Internet addresses used by computers to communicate with each other.

“Worse, an incredible range of useful, law-abiding sites can be blacklisted under this bill,” they wrote. (Others letter signers include: Paul Vixie, president of the Internet Systems Consortium; Jim Gettys, editor of the HTTP/1.1 protocol standards; Bill Jennings, who was VP of Engineering at Cisco for 10 years; and Gene Spafford, a professor at Purdue who analyzed the first major Internet worm.)

“If enacted, this legislation will risk fragmenting the Internet's global domain name system (DNS), create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure,” according to the letter.

Called the “Combating Online Infringement and Counterfeits Act,” Leahy’s bill would allow the Justice Department to block the domain names for sites focused mainly on the sale of pirated movies and music and counterfeit pharmaceuticals and other consumer goods. Leahy, the Judiciary committee chairman, said piracy and counterfeiting have led to an estimated $100 billion in lost revenues for American businesses.

He said the legislation, introduced Sept. 20 and co-signed by senior member Orrin Hatch (R-Utah), will “protect the investment American companies make in developing brands and creating content and will protect the jobs associated with those investments.”

The Electronic Frontier Foundation, a group that opposes the bill, said there are already laws in place to take down sites that violate the law. The bill would give the Justice Department greater power to block sites, even before a court determines if they are illegally infringing copyright. Through “blacklists” of U.S. and international sites, the bill would pressure Internet service providers to block those Web pages that engage in piracy and counterfeiting, EFF said.

“This is a censorship bill that runs roughshod over freedom of speech on the Internet,” EFF legal analyst Richard Esguerra wrote last week..
http://voices.washingtonpost.com/pos...test_sena.html





Even Without COICA, White House Asking Registrars To Voluntarily Censor 'Infringing' Sites
Mike Masnick

While there's been increasing attention paid to the "Combating Online Infringement and Counterfeits Act" (COICA), the proposed law that would allow the government to require ISPs and registrars to block access to websites deemed to be "dedicated to infringing activities," it looks like the White House (which we had thought was against censoring the internet) appears to be working on a backup plan in case COICA doesn't pass.

That is, while most folks have been focused on COICA, the White House's Intellectual Property Enforcement Coordinator (IP Czar) Victoria Espinel has apparently been holding meetings with ISPs, registrars, payment processors and others to get them to agree to voluntarily do what COICA would mandate. While the meeting is carefully focused on stopping websites that sell gray market pharmaceuticals, if registrars start agreeing to censoring websites at the behest of the government, it's as if we're halfway to a COICA-style censorship regime already. ICANN, who manages the internet domain name system was asked to attend the meeting, but felt that it "was not appropriate to attend" such a meeting.

While Espinel has certainly been a lot more open to talking with those of us concerned about the state of intellectual property laws (and has actually seemed quite willing to pay attention to what we're saying -- which I appreciate), these kinds of meetings appear quite troubling. I understand why the meetings are focused on so-called "illegal pharmacies," because then everyone supporting these actions can hide behind the claim of "protecting Americans from dangerous fake drugs." But the truth is that while some online pharmacies are quite questionable, many are simply "gray market" attempts to import drugs to the US from elsewhere where the identical drugs are sold for much less. In a global economy, that should be allowed. In fact, one could argue that keeping drugs artificially expensive in the US does a lot more harm to Americans than the chance of them getting a fake pill.

On top of that, it seems out of line for the US government to be involved in pressuring these companies, whether they're ISPs, domain registrars, payment processors or ICANN itself, to "voluntarily" block websites without a trial or due process. Yes, I can recognize that there can be legitimate health concerns with some of these websites, but those are better dealt with elsewhere. If a company is selling fake or harmful drugs, then laws within that country should be able to deal with it. If there are concerns about such drugs getting across the border, then it seems like a matter for border control. Asking internet companies to act as de facto "voluntary" censors seems like a big step too far.

And, of course, if it starts with such gray market pharmacies, you can only imagine how long it will take until the RIAA/MPAA/etc. come calling for the same sort of "voluntary cooperation" from the same companies for sites "dedicated to infringing activities," potentially killing off all sorts of innovation, before the market has a chance to adapt. When world wide web inventor Tim Berners-Lee and tons of other internet luminaries have come out against COICA, shouldn't the White House be a bit more careful before trying to get various internet players to voluntarily do the same thing with even less due process?
http://www.techdirt.com/articles/201...ng-sites.shtml





Europe’s Parliament Addresses Patchwork of Copyright Laws
Eric Pfanner

Serving as a member of the European Parliament can be a thankless task. Lobbyists accost you from all corners. Tabloid newspapers complain about your expenses. And after a day of plenary sessions in Strasbourg, you might not be able to watch television shows from your home country without breaking the law.

On that last issue, at least, there may be hope for change — thanks in part to action by the Parliament.

Last week it called for a long-overdue overhaul of European copyright laws, aimed at fostering the development of a single European media market. For now, there is no such thing; even on the supposedly borderless Internet, most music and video services are fragmented according to European national boundaries.

Licensing restrictions are often to blame. Just to show a television program in one country, broadcasters need to clear a range of copyrights covering writers, musicians, actors and others. Trying to do this across all 27 E.U. countries is incredibly cumbersome and hardly cost-effective.

Parliament members and other E.U. officials in Brussels want to introduce one-size-fits-all licenses for the entire Union.

Media owners have not exactly been clamoring for this, especially in the television business. Broadcasters argue that a single European television market would undermine the value of the programming they acquire at great cost.

Why, they say, would viewers pay a domestic broadcaster to watch soccer matches, for example, if they could view the same games via the Internet, from a foreign source, at no cost?

This is a reasonable concern, but it ignores one not-so-small problem: A single media market for Europe is already developing, but in a way that provides media companies and other rights holders no benefits.

“We have effectively allowed illegal file-sharing to set up a single market where our usual policy channels have failed,” the European digital agenda commissioner, Neelie Kroes, said in a recent speech to business leaders in Brussels.

“While the Internet is borderless, Europe’s online markets are not,” she said. “It is often easier to buy something from a U.S. Web site than online from the country next door in Europe.”

To make its proposals more appealing to media companies, the Parliament gave them something last week that they had sought for a long time: a pledge of support for a coordinated crackdown on digital piracy.

“We must apply on the Internet laws that protect intellectual property,” said Marielle Gallo, the lead sponsor of the Parliament’s recommendations, which will now be forwarded to the European Commission. “Otherwise it will be a jungle, and in the jungle it is the law of the strongest that prevails.”

The fact that a majority of legislators endorsed this view is surprising, given that not long ago, the Parliament appeared to be one of the last havens for pirates in Europe.

Last year, not only did the Pirate Party of Sweden win a seat in the body, but the full legislature toyed with the idea of declaring broadband an unassailable human right. The goal was to block so-called three-strikes systems like those that are set to take effect in France and Britain, threatening persistent pirates with the suspension of their Internet connections.

Libertarian groups are not pleased by the Parliament’s about-face. They warn of sinister language in the recommendations, like a reference to “additional non-legislative measures” to enforce copyright protection.

The European Commission might now try to mandate a pan-European three-strikes system, or even more severe measures, they say.

That seems like a bit of a stretch, given that officials in several E.U. countries, including Germany, have rejected the three-strikes approach. It also remains to be seen whether the French or British authorities actually have the stomach to disconnect anyone from the Internet.

It would be especially awkward if the French anti-piracy sweep were to catch a homesick European Parliament member downloading some familiar TV shows on a lonely evening in Strasbourg. With luck, and the development of a single European market for digital media, it will never come to that.
http://www.nytimes.com/2010/09/27/bu...a/27cache.html





ISPs Profit from Coughing Up Customer Data
Stewart Mitchell

ISPs are making a tidy profit from online piracy by charging up to the £120 to provide data on their customers, according to the Federation Against Software Theft (FAST).

Intellectual property rights holders have been at loggerheads with ISPs since the beginning of peer-to-peer file sharing, blaming bandwidth suppliers for allowing subscribers to download music, video and software from the web without paying.

Under UK law, rights holders can only obtain details of who was using an IP address when copyright material was downloaded by obtaining a court order.

Once they have the necessary documentation, copyright holders can approach ISPs for information from their logs, but they have to pay a hefty charge for the service.

“In 2006, we ran Operation Tracker in which we identified about 130 users who were sharing copies of a security program over the web,” said John Lovelock, chief executive of FAST.

“In the end we got about 100 names out of them, but that cost us £12,000, and that was on top of the investigative costs and the legal fees.”

If it is a criminal case, the ISPs have to give up the information and can charge to recover costs, but in civil cases ISPs can almost name their price for the information.

“There's no uniformity - sometimes it's £85/hour or sometimes it is £100 per contact,” said Lovelock. “But they certainly charge a lot of money.”

ISPs are currently up in arms over being asked to pay 25% of the costs of establishing a system for sending out warning letters under the Digital Ecomony Act, with ISPs hinting that costs of the scheme would be passed on to customers.

Lovelock also called on Ofcom, which is involved in negotiations over how the system would work, not to allow ISPs to increase their data processing charges to cover their share of the costs.

“Ofcom is in the equation as we try to seek an agreement and ISPs will have to convince them that the systems are fair,” he said.

The ISP Association said it didn't have any limits on how ISPs should charge, but did say they had a right to recover the costs of supplying details.

"ISPA doesn’t have any agreed guidelines, but individual ISPs may have agreements with rights holders in order to cover costs of the data retrieval," a spokesperson said. "This is similar to the help ISPs give to serious law enforcement cases in which ISPs are entitled to recover their costs."
http://www.pcpro.co.uk/news/broadban...-customer-data





Sony Targets PS JailBreak, PSFreedom and PSGroove PS3 Hacks

Today garyopa at PSX-Scene.com (linked above) reports that Sony appears to be targeting the PS JailBreak, PSFreedom and PSGroove related PS3 hacks and has shared numerous court documents for those interested.

From one of the documents, to quote: "Similarly targeted document subpoenas or deposition notices to any other third party who SCEA learns may be involved in the distribution or sale of the PS Jailbreak software, known as, for example, PSGroove, OpenPSJailbreak, and PSFreedom, or who may have knowledge of the distribution or sale of this illicit software."

PS3 hacker Mathieulh is also mentioned in one of the documents as recently proclaiming to be one of 20 individuals behind PSGroove, to quote: "Mathieu Hervais told BBC News he was one of about 20 hackers involved in PSGroove's development."

Just under a month ago Sony was granted an injunction by Australian Courts on the sale of PSJailBreak PS3 modchips, followed by blocking PS JailBreak and PS3 proxy methods with the release of the PS3 Firmware 3.42 update, so only time will tell what their next move is.

Stay tuned for more PS3 Hacks news. Also be sure to drop by the PS3 Hacks Forum for updates!
http://www.ps3news.com/PS3-Hacks/son...ove-ps3-hacks/





Study: Audio Recordings of US History Fading Fast
Brett Zongker

New digital recordings of events in U.S. history and early radio shows are at risk of being lost much faster than older ones on tape and many are already gone, according to a study on sound released Wednesday.

Even recent history — such as recordings from 9/11 or the 2008 election — is at risk because digital sound files can be corrupted, and widely used CD-R discs only last three to five years before files start to fade, said study co-author Sam Brylawski.

"I think we're assuming that if it's on the Web it's going to be there forever," he said. "That's one of the biggest challenges."

The first comprehensive study of the preservation of sound recordings in the U.S., released by the Library of Congress, also found many historical recordings already have been lost or can't be accessed by the public. That includes most of radio's first decade from 1925 to 1935.

Shows by musicians Duke Ellington and Bing Crosby, as well as the earliest sports broadcasts, are already gone. There was little financial incentive for such broadcasters as CBS to save early sound files, Brylawski said.

Digital files are a blessing and a curse. Sounds can be easily recorded and transferred and the files require less and less space. But the problem, Brylawski said, is they must be constantly maintained and backed up by audio experts as technology changes. That requires active preservation, rather than simply placing files on a shelf, he said.

The study co-authored by Rob Bamberger was mandated by Congress in a 2000 preservation law.

Those old analog formats that remain are more physically stable and can survive much longer than contemporary digital recordings, the study warns. Still, the rapid change in technology to play back the recordings can make them obsolete.

Recordings saved by historical societies and family oral histories also are at risk, Brylawski said.

"Those audio cassettes are just time bombs," Brylawski said. "They're just not going to be playable."

The study recommends several solutions and its findings will be followed by a National Recording Preservation Plan being developed by the Library of Congress later this year.

New training and college degree programs for audio archivists are essential to improve preservation, the study found. Currently, no universities offer degrees in audio preservation, though several offer related courses.

The study also calls for legal reforms to enable more preservation. A hodgepodge of 20th century state anti-piracy laws has kept most sound files out of the public domain before U.S. copyright law was extended to sound recordings in 1972. The study found only 14 percent of commercially released recordings are available from rights holders.

Later this year, the library will debut a National Jukebox online after securing a license to stream sound recordings controlled by Sony Music Entertainment.

"The more copies of historical recordings are out there, the safer they are," Brylawski said.

The study also calls for changes in copyright law to help preservation. As it stands now, Brylawski said, copyright restrictions would make most audio preservation initiatives illegal, the authors wrote.

Dwindling resources also hamper preservation efforts at many smaller libraries and archives. The study calls for more coordination among preservationists to prioritize efforts and develop techniques that can be used by institutions with smaller budgets.
http://news.yahoo.com/s/ap/20100929/...tal_recordings




Digital Music Sales Flat This Year – Nielsen

The rapid rise of digital music sales has stalled in the United States, the world's biggest and most important market, with sales in the first half of 2010 flat compared with a year before.

According to research group Nielsen, digital sales were flat in the U.S. market after a 13 percent increase from 2008 to 2009 and 28 percent growth from 2007 to 2008.

Major music companies such as Vivendi's Universal Music have pinned their hopes on boosting legal digital sales to counter online piracy and the collapse in CD sales.

Jean Littolff, managing director of Nielsen Music, told Reuters the flat U.S. sales could be due to weak consumer confidence, the appeal of new music releases and confusion over the many different ways people can buy music online.

"I think this is a plateau, it doesn't mean that this digital consumption is going to drop significantly," he said. "It's a plateau, but it's not yet saturation."

The digital music market has mostly been led by a-la-carte sales on sites such as Apple's iTunes, with the sale of individual tracks or albums, and Nielsen said subscription streaming services where consumers pay for access to music were still struggling to make an impact in the mass market.

So-called audio-visual streaming sites such as YouTube however continued to be hugely popular, while mobile phone music services were getting more traction.

According to the Nielsen research, digital music sales were up 7 percent in Britain, up 13 percent in Germany and up 19 percent in France.

(Reporting by Kate Holton; Editing by David Holmes)
http://www.reuters.com/article/idUSTRE68Q2FM20100927





Court Rules Streaming Music Royalty System Flawed
FMQB

A federal appeals court said yesterday that a previous, lower court decision on calculating royalties for streaming music online is flawed. According to the Los Angeles Times, the case stems from a dispute over how much Yahoo and RealNetworks should pay out to ASCAP in streaming royalties.

In 2008, a District Court decision set a 2.5 percent royalty rate for tracks by songwriters represented by ASCAP. RealNetworks and Yahoo argued that the rate was excessive, and a panel of three judges of the U.S. 2nd Circuit Court of Appeals have agreed. The Circuit Court said the lower court decision was "unreasonable" and "imprecise" because it overstated how much the sites benefitted from having streaming music in various areas of their site.

The appeals court also noted the previous decision to "lump all of Yahoo's varying musical uses together, instead of looking into the nature and scope of Yahoo's different types of uses." For example, on-demand music streaming would have a different revenue stream than music that plays in the background of a video. The new ruling directs the District Court to come up with a new and more fair method for the calculation of royalty payments.

Jon Potter of digital media consulting firm RPG Strategies told the Times that this decision could affect all online streaming servies. "This will absolutely impact the royalty rates for all Internet radio companies and music-streaming companies, as well as any company streaming any type of media with a musical component, including videos and games," Potter said.

In a statement, Yahoo said it was "pleased with the court's decision and looks forward to the establishment of a truly reasonable royalty-license rate that properly accounts for music use on its services." On the other hand, ASCAP said in a statement it was "disappointed" in Tuesday's ruling, but added, "We anticipate that in the end, the proceeding will result in a fair and favorable license fee."
http://www.fmqb.com/article.asp?id=1968556





Shifting Online, Netflix Faces New Competition
Verne G. Kopytoff

Even though Netflix’s arch rival Blockbuster has filed for bankruptcy protection, the victory lap will have to wait. The company that filled American mailboxes with red envelopes containing DVDs is already fighting the next war.

Netflix’s competition with Blockbuster is an artifact of another age — the DVD era. The main battlefront has shifted online, where consumers are streaming movies and television. Netflix faces a number of well-financed and innovative companies like Apple, Amazon and Google, as well as the cable TV providers. This time the war will not be won by the company that perfects the logistics of moving DVDs, but by whoever can best negotiate with Hollywood studios.

“They are fighting a much different battle than Blockbuster,” said Jim Lanzone, the chief executive of Clicker, an online television guide. “Today’s war is for Internet television, and Blockbuster was never really relevant to Internet television.”

Netflix, based in Los Gatos, Calif., had an early lead in online streaming with its subscription service, Watch Instantly. Customers can watch movies or TV shows on a computer or a television, or more recently, an iPad or iPhone. (Software for Android smartphones is coming.)

Netflix has raced to become ubiquitous. In addition to PCs, more than 100 types of devices can stream Netflix movies to a TV, including game consoles and Internet TV set-top boxes like Roku and AppleTV. The company says 61 percent of its 15 million subscribers streamed movies in the second quarter.

The weakness of the streaming service is movie selection. Netflix’s catalog of 20,000 streaming movies does not include many recent Hollywood hits because Netflix has been unable to negotiate rights from all the studios. Netflix has about five times as many titles in its DVD catalog.

Many of the company’s studio deals require it to delay making titles available — either on DVD or online — until they have been on store shelves for 28 days. For example, “Robin Hood,” starring Russell Crowe, is available to stream on Amazon but will not be available on Netflix until Oct. 19. Hulu Plus has the current season of “The Office,” while the most recent episodes on Netflix are from last season.

The industry is still very young, they said, and many companies are experimenting with business models and expanding their video libraries. Streaming requires less infrastructure and therefore has lower barriers to entry than a system built on sorting machines and distribution or even brick-and-mortar stores.

“Streaming is a much more competitive environment, and Netflix’s competitors have the money it takes,” said John Blackledge, an analyst with Credit Suisse. Few weeks go by without some strategic maneuver by a company with ambitions in streaming movies or television.

YouTube signaled its larger ambitions last week by hiring a former Netflix vice president for content acquisition. YouTube, part of Google, is counting on him to license more Hollywood video to beef up its nascent online rental service, which premiered in January. YouTube has mostly small, independent movies, but it recently secured rights to more mainstream movies from Lions Gate Entertainment.

Apple unveiled an upgraded Apple TV device for streaming video to television sets. Fox and ABC agreed to make their shows available for rental at 99 cents each.

Hulu, the online video hub jointly owned by NBC Universal, the News Corporation and the Walt Disney Company, in June opened its Hulu Plus subscription service to supplement its existing free video library. Under the plan, which costs $10 a month, consumers can watch some television shows that are not available free. (Paying customers still see commercials, though.)

Netflix declined to comment for this article. But a new streaming service it began last week in Canada may be a sign of where the company is headed. Netflix is selling a subscription for online streaming only, with no DVDs. That gives Netflix a chance to conquer a second market without conquering another postal system (or building new distribution centers).

In the United States, analysts expect the company to begin closing some of its 58 distribution centers as DVD rentals decline. The company has said it is not making any more major investments in the centers.

Mr. Blackledge of Credit Suisse predicts that Netflix’s DVD business will peak in 2012 and then slowly decline. Shifting people to watching movies online will save Netflix some of the $700 million it spends annually on postage.

A streaming-only subscription is also being considered for the United States in the coming months, Reed Hastings, Netflix’s chief executive, wrote in a company blog post last week. Presumably, the plan would be cheaper than the company’s standard $9 monthly subscription because it would not include the cost of mailing DVDs.

Netflix is making less revenue per customer as streaming catches on because customers are subscribing to less expensive plans, with fewer discs and unlimited streaming. But the company is gaining subscribers at the rate of nearly 50 percent a year.

“Netflix has been very clever and good at getting good content,” Mr. Blackledge said. “It’s the virtuous cycle: They get new subscribers, which improves their finances, which allows them to get more and better content.”
http://www.nytimes.com/2010/09/27/te...27netflix.html





Adult Video-Sharing List Leaked from Law Firm
Daniel Emery

The personal details of thousands of Sky broadband customers have been leaked on to the internet, alongside a list of pornographic movies they are alleged to have shared online.

The list, seen by BBC News, details the full names and addresses of over 5,300 people thought by law firm ACS:Law to be illegally sharing adult films.

It appeared online following an attack on the ACS:Law website.

The UK's Information Commissioner said it would investigate the leak.

Privacy expert Simon Davis has called it "one of the worst breaches" of the Data Protection Act he had ever seen.

Data breach

The documents appeared online after users of the message-board 4chan attacked ACS:Law's site in retaliation for its anti-piracy efforts.

The firm has made a business out of sending thousands of letters to alleged net pirates, asking them to pay compensation of about £500 per infringement or face court.

It uses third-party firms to scour the net looking for possible infringements of music and film copyright.

Armed with IP (internet protocol) addresses - which can identify the internet connection used in any copyright infringement - its lawyers can then apply for a court order to get the physical address of the PC from the service provider whose network has allegedly been used for the file-sharing.

A BBC investigation in August found a number of people saying they were wrongly accused by ACS:Law of illegal file-sharing. UK consumer group Which? says it has also received a number of complaints. Many contest that IP addresses can be spoofed.

ACS:Law is under investigation by the Solicitors Regulation Authority over its role in sending letters to alleged pirates.

The leak contains around 1,000 confidential e-mails, along with the list, which was an attachment on one of the messages.

The collection was then uploaded to file sharing website, The Pirate Bay, where it is being shared by hundreds of users.

The confidential e-mails include personal correspondence between Andrew Crossley - who runs ACS:Law - and work colleagues, as well as lists of potential file-sharers and information on how much the firm has made through its anti-file-sharing activities.

While some of the e-mails, detailing the internal workings of the company, may prove embarrassing, the leaking of an unencrypted document - that lists the personal details of more than 5,300 BSkyB Broadband subscribers alongside a list of adult videos they may have downloaded and shared online - could be a breach of the Data Protection Act.

Speaking to BBC News, Mr Crossley said there were "legal issues" surrounding the leak.

"We were the subject of a criminal attack to our systems. The business has and remains intact and is continuing to trade," he added.

Mr Crossley said he would not comment directly on the contents of individual e-mails.
4chan attack poster A web poster encouraging users to target Mr Crossley and his firm was posted on the 4Chan message boards

"All our evidence does is identify an internet connection that has been utilised to share copyright work," he told BBC News when pressed about the BSkyB database.

"In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," he added.

Mr Crossley said he had no further comment when asked why the Excel document was unencrypted, but said he had notified the police, the ICO and was in communication with the SRA.

A spokesperson for Sky told BBC News that they were "very concerned at the apparent security breach involving data held by ACS:Law".

"At this stage of our investigation, we believe that the data included the names and addresses of around 4,000 Sky Broadband customers," they said.

"Like other broadband providers, Sky can be required by Court Order to disclose information about customers whose accounts are alleged to have been used for illegal downloading. We only ever provide such data in encrypted form."

Direct action

Simon Davis, from the watchdog Privacy International, said he would be asking the Information Commissioner to "conduct a full investigation" and hoped it would be "a test case of the Information Commissioner's new powers".

"You rarely find an aspect where almost every aspect of the Data Protection Act (DPA) has been breached, but this is one of them," said Mr Davies.

"It fits perfectly for the term 'egregious misuse' of personal data," he added.

A spokesperson for the Information Commissioners Office (ICO) told BBC News that it "takes all breaches of the DPA very seriously".

"Any organisation processing personal data must ensure that it is kept safe and secure.

"The ICO will be contacting ACS:Law to establish further facts of the case and to identify what action, if any, needs to be taken."

The attack on ACS:Law is the latest in a number of high-profile attacks by piracy activists.

Last week, hackers temporarily knocked out the websites of the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA).

The attacks were declared on notorious message-board 4chan and were reportedly in retaliation for anti-piracy efforts against file-sharing websites.

Users of 4chan are renowned for online activism and direct action. "Operation Payback", as it was known, was reportedly revenge for the MPAA and RIAA's action against The Pirate Bay.

The group has declared it will continue to target other sites involved in anti online piracy activity.
http://www.bbc.co.uk/news/technology-11418962





LA Times' Propaganda Piece Claims Piracy Hurts Filmmakers Without Any Actual Evidence
Mike Masnick

Reader jjmsan was the first of a few of you to send over this silly piece in the LA Times claiming that independent filmmakers are being hurt by unauthorized file sharing, but it's completely devoid of any actual evidence. It kicks off with the story of one indie film director who released a movie and insists that he's been harmed. But what's the evidence? Well, a lot of people have downloaded his film. Ok. So? When other movie makers saw that, they put in place smart business models to encourage people to buy something, and they did quite well because of it. By embracing file sharing and combining it with smart business models, tons of filmmakers who never would have been able to do anything with their film have now been able to build an audience and make a living.

The filmmaker in the story, Greg Carter, doesn't seem to have done any of that. He appears to have just complained about people who wanted to see his movie, rather than giving them something to buy. And while he insists that he's "lost $100,000 in revenue," he never seems to recognize that there was a good chance a lot fewer people would have cared to watch his film in the first place if it weren't for file sharing. The fact is that he failed to put in place a business model that embraced how people wanted to view the film. It's not "piracy" that's to blame, it's Greg Carter not putting in place a smart business model like a bunch of other filmmakers have done.

The article also highlights a filmmaker, Ellen Seidler, who complains about spending hours a day sending emails to file sharing sites, demanding they take down her film. Just think how much better she could be doing if she spent that same time connecting with fans and giving them a reason to buy.

What a waste of space by the LA Times, who shouldn't be misleading people like this with bogus articles. It's articles that portray these people as victims, due to their own lack of business initiative, that does real harm to filmmakers. If, instead, the LA Times focused on smart filmmakers who are in the same situation as Carter and Seidler, but instead embraced it and are making real money because of it, they'd be helping. Instead, they're just making more of a mess.
http://www.techdirt.com/articles/201...evidence.shtml





In This War, Movie Studios Are Siding With Your Couch
Brooks Barnes

SOMETIME in the next few months, there is likely to be an explosion in the movie business. The question is which studio will detonate the bomb.

Tension between studios and theater owners has been simmeringa long time, but it intensified in May, when the Federal Communications Commission issued what appeared on the surface to be an arcane ruling. After two years of prodding from Hollywood, the F.C.C. agreed to let movie studios activate technology to prevent films sold through video-on-demand systems from being copied.

Ho-hum? Hardly. The ruling gave studios the ability to pursue a new business — so-called premium V.O.D. — that may be the industry’s best hope of restoring itself to health, now that the bottom has fallen out of the DVD market.

Right now, theaters get an exclusive period — 120 days, on average — to serve up new movies. Then the releases appear on television video-on-demand services at a price of about $4.99. Armed with the new copy-blocking technology, studios want to offer new movies on video-on-demand services about 45 days after they arrive in theaters, for a premium price of $24.99.

The business opportunity is multifold. With as much as 80 percent of that early V.O.D. revenue going to the studio, movie executives see a new engine to compensate for the sputtering DVD. And for the studios, the need is urgent: DVD sales for the year are expected to total about $9.9 billion, down 30 percent from their peak in 2004, according to Adams Media Research.

Studios also want to cut marketing costs by interweaving advertising for theatrical, DVD and video-on-demand releases; reducing the exclusive “window” given to theaters would make it easier to combine those campaigns. Premium V.O.D. would also bring greater consumer awareness to regular video on demand, which has not caught on as much as other rental options like Netflix, according to a research report by Anthony DiClemente, an analyst at Barclays Capital.

Last but not least, studios are aware that consumers are growing impatient about being unable to access all movies whenever and wherever they want. Layering in an early video-on-demand option might prevent some of those frustrated customers from turning to pirated copies.

“There are people who we believe would like to see movies sooner than later and would pay a premium price to do that,” Robert A. Iger, the chief executive of the Walt Disney Company, told analysts on a conference call last month. “We are going to become aggressive.”

Cable and satellite television providers like Time Warner Cable (which is no longer connected to Warner Brothers) and DirecTV are ready to push the button on premium V.O.D. as soon as they reach a deal with studios. After all, the service would represent another revenue stream for these providers and another way to differentiate themselves with customers. The promise of the new business is one reason that Comcast is so eager for government regulators to clear its deal to take control of NBC Universal, analysts say.

SO what’s the problem? DVD retailers, for a start. The likes of Best Buy and Wal-Mart “have told studios they will retaliate against anyone who tries early-release V.O.D. because of the threat it poses to DVD sales,” Richard Greenfield, an analyst at the financial services company BTIG, wrote in a research note last Monday.

But the real wrath will come from theater owners, who have made it clear that releasing a movie early on video-on-demand services — thus cutting into their window — would be the equivalent of declaring war. Over the summer, the National Association of Theater Owners took out full-page ads in Variety and The Hollywood Reporter making its opposition clear.

The worry for theaters, of course, is that people will be more reluctant to buy movie tickets, at an average cost of almost $8, if they know they can catch the same film just a few weeks later in their living rooms, and for less money than it costs to haul the whole family to the multiplex. Considering that the average moviegoer spends more than $3 on popcorn and soda and the like, the cost of Friday night at the movies for a family of four can easily reach $45 — or much more in cities like New York — even before premium-priced 3-D screenings or possible parking fees are factored in.

“While exhibitors understand the new pressures that a weakened DVD market creates for their studio partners,” the ads read in part, “four decades of box-office growth and three straight years of record-breaking box office argue for caution in tampering with a business model that clearly works.”

The Big Three theater chains — Regal Entertainment, AMC Entertainment and Cinemark — declined to comment, but smaller theater companies have been more vocal.

“Be careful before you cook us all, yourselves included,” wrote Gregory S. Marcus, the chief executive of the Marcus Corporation — the parent of Marcus Theatres, a Midwest exhibitor — in a July opinion article in The Hollywood Reporter.

Exhibitors are also arguing that the copy-blocking technology approved by the F.C.C. won’t work. “If past is prologue, technological locks will be overcome with technological crowbars,” the ads from the National Association of Theater Owners stated.

Adding to this argument was news last week that hackers were able to crack Intel technology used to securely transmit high-definition content between televisions and set-top boxes. (Intel played down the threat, saying that a special device would need to be built to exploit the information.)

Theater owners mean business. When Sony Pictures Entertainment tried a test with “Cloudy With a Chance of Meatballs” last year — owners of Internet-connected Bravia televisions could rent that movie before it was available on DVD, for $25 for a month — some theaters yanked the film.

In a similar showdown, Disney’s decision last spring to release “Alice in Wonderland” early on DVD was greeted by boycott calls from theater owners, most forcefully in Britain.

Studio executives say they are going to risk premium V.O.D. anyway, contending that they have little choice, given the DVD downturn. Besides, analysts estimate that 90 percent of a film’s admissions revenue is now generated within 30 days of its release.

(The rebuttal from theater owners is that the data doesn’t take into account second-run and discount theaters, and that there are big exceptions: “Inception,” for instance, was still raking in millions in theaters 10 weeks after its release.)

Protecting the box office is crucial for studios, and for reasons beyond the importance of their ticket-revenue share. For a start, under long-term contracts, premium television networks like HBO and Showtime typically pay for movies using formulas based on domestic box-office revenue. So shrinking ticket sales would also mean shrinking television revenue.

Studios also rely on big theatrical runs to catapult titles into the public consciousness. Without all of the hoopla surrounding a hit at the multiplex — the lines, the marquees, the buzz in the corridors afterward — movies start to feel an awful lot like their more commodified cousin, television.

SO which studio is going to go first, and when? All six of the major studios declined to comment for this article. But multiple movie executives with deep knowledge of the landscape say the first quarter of next year is the target, in part because big Christmas releases like “The Chronicles of Narnia: The Voyage of the Dawn Treader” and “Tron: Legacy” give studios extra leverage.

The studios that seem most likely to make a move are Disney, 20th Century Fox and Warner Brothers. In part because its size gives it more muscle than other studios, Warner has historically shown a willingness to rewrite the blueprints for the home entertainment business. It was Warner, for instance, that aggressively pushed to release movies on traditional V.O.D. at the same time the DVDs arrived in stores.

One thing is certain, said a top motion picture agent who requested anonymity so as not to anger his contacts in the industry: “Studios have made it clear they are not interested in testing the waters on premium V.O.D. Once they start, they’re going to do it.”
http://www.nytimes.com/2010/09/26/business/26steal.html





Wildlife Filmmaker Chris Palmer Shows that Animals are Often Set Up to Succeed
Daniel de Vise

Not long after Chris Palmer broke into environmental filmmaking in the early 1980s, he brought home a newly completed film to show his wife, Gail.

She loved it -- especially the close-up of the grizzly bear splashing in a stream. She asked Palmer how the crew had captured the sound of water dripping from the bear's paws. He confessed: The sound guy had miked up a water basin and recorded splashing sounds made by his own hands.

She turned to him and said, "You're a big fake."

Three decades later, Palmer hasn't quite recovered. And, at 63, he has written a confessional for an entire industry. "Shooting in the Wild," published this year by Sierra Club Books, exposes the unpleasant secrets of environmental filmmaking: manufactured sounds, staged fights, wild animals that aren't quite wild filmed in nature that isn't entirely natural.

Nature documentaries "carry the promise of authenticity," Palmer said, speaking on a morning stroll through the manufactured wilderness of the National Zoo. Nature filmmakers profess to present animal life as it is lived, untouched by mankind. Yet human fingerprints are everywhere.

Palmer's book underscores the fundamental challenge of wildlife filmmaking: Nature is frequently boring. Wild animals prefer not to be seen.

"If you sit in the wild and watch wildlife, nothing happens for a very long time," said Maggie Burnette Stogner, an environmental filmmaker who works with Palmer on the American University faculty. "That's mostly what happens in wildlife."

Nature footage is hard-earned. A crew might spend six weeks in discomfort and tedium for a few moments of dramatic cinema. Certain shots -- animal births, or predators seizing prey -- are difficult to capture by chance. So some filmmakers set them up.

The lemmings that plunge to their deaths in the 1958 Disney documentary "White Wilderness" were hurled ingloriously to their doom by members of the crew, as a Canadian documentary revealed. Palmer writes that Marlin Perkins, host of television's "Wild Kingdom," was known to bait animals into combat and to film captive beasts deposited into the wild, and that the avian stars of the 2001 film "Winged Migration" were trained to fly around cameras.

Palmer asserts that manipulation pervades his field. Game farms, he writes, have built a cottage industry around supplying nature programs with exotic animals. Much of the sound in wildlife films is manufactured in the studio. Interactions between predator and prey are routinely staged.

"And if you see a bear feeding on a deer carcass in a film," Palmer writes, "it is almost certainly a tame bear searching for hidden jellybeans in the entrails of the deer's stomach."

Even David Attenborough, the dean of British environmental filmmaking, admitted arranging for scorpions to mate in a studio, "with a painted sunset and Styrofoam clouds" as a backdrop, Palmer writes.

Palmer says he believes he is the first industry insider to pen a tell-all book. Diplomatic and meticulously fair, he has won praise from across the environmental filmmaking industry.

But not unanimous praise. Erik Nelson, a prolific environmental filmmaker in Los Angeles, finds "a sort of sanctimonious smugness to his book that sets my teeth on edge."

Nelson is a glancing target in Palmer's book; the author portrays Nelson's eight-part television series "The Grizzly Man Diaries" as "sensational" and lambastes the animal-attack genre that Nelson helped to create. Nelson, in turn, asserts that Palmer has seldom actually shot a nature film -- most of Palmer's credits have come in the comparatively detached role of executive producer. He terms Palmer's ethics crusade "a giant nothingburger of an issue." (Palmer says he has been "deeply involved" in all of his films.)

And there has been other pushback. This fall, one cable channel executive rebuffed an invitation to speak to Palmer's AU filmmaking class because of the fallout.

"Chris is taking a pretty bold step in doing this," said Tom Campbell, a fellow filmmaker based in Santa Barbara, Calif. "Nobody really wants to speak out too much. If I say something bad about Discovery or Geographic, nobody's going to hire me again."

* * *

Palmer said he wanted to bare the industry's secrets at a time when filmmakers and programmers face mounting pressure to deliver footage quickly and cheaply.

The proliferation of cable channels has spawned more environmental programming, good and bad, than ever. Nature programmers, battling hundreds of niche cable competitors for viewers, want wilder wildlife on shorter deadlines.

"When I first started at [National] Geographic, filmmakers were in the field for three years," Stogner said. "Now it's compressed to 'Go out and get it in a month.' Well, it doesn't happen that way. The sharks don't show up."

Industry leaders do not dispute many of Palmer's claims. Staging, game farms and studio manipulation are widely known and freely discussed within the business.

But where to draw the line?

If there is an ethical beacon that guides the wildlife channels, it is the quest for realism. Programmers say they condone the use of captive animals as stand-ins for wildlife, and contrived meetings between species, as long as all involved are acting naturally and the viewer is seeing things that might actually happen in nature.

"It's always real behavior and real biology," said Scott Wyerman, senior vice president for standards and practices at the National Geographic Channel. "Our goal is to tell a true story."

The 2007 National Geographic film "Arctic Tale" depicted several years in the life of a polar bear and her cubs. To follow a single polar bear family for seven years "is physically impossible," Wyerman said, so Nanu the polar bear is a composite of many bears. The closing credits say so.

Fred Kaufman, executive producer of the esteemed PBS program "Nature," said the goal has always been to do "something that moves the bar scientifically." He condones the occasional use of captive animals when a filmmaker can't get the shot naturally.

"Whether it's a captive animal or a wild animal, it's an animal. It's unpredictable," he said. "I draw the line at putting someone in a gorilla suit."

Palmer has produced more than 300 hours of nature programming, including many Imax films and productions for Disney, PBS and Animal Planet.

Palmer and his crew work hard to get authentic shots. They also occasionally resort to manipulation.

For the 1996 Imax film "Whales," Palmer used recorded whale sounds to lure whales into a bay for easier filming. He invented the narrative of a humpback mother and child surviving a journey from Hawaii to Alaska, combining images of different whales.

For the Imax movie "Wolves," Palmer sent a husband-and-wife team to the Yukon for footage. "They spent six weeks," he said. "They got nothing." To complete the film, Palmer filmed captive wolves from the game farm Animals of Montana Inc. A scene of a mother wolf suckling her pups was shot on a manufactured set.

Palmer put a disclaimer in the end credits. He doubts many viewers saw it.

* * *

Born in Hong Kong to a British family, Palmer studied engineering at University College London and spent seven years in the British Navy designing warships. He emigrated in 1972 and worked at the Environmental Protection Agency in the Carter administration, then turned to lobbying. In 1982, he persuaded media mogul Ted Turner to partner with the National Audubon Society to produce wildlife programming on his TBS cable channel.

These days, Palmer worries about a new generation of wildlife reality programming, largely defined by the work of flamboyant celebrity host Steve Irwin. Before he was fatally pierced by a stingray's barb in 2006, Irwin taught cable networks how to attain high ratings with cheaply shot reality programs.

This subgenre of "fangs and claws" programming courts alpha males. A show called "Shark Bite Beach" is part of the Discovery Channel's annual Shark Week. Animal Planet offers "Untamed and Uncut," a compendium of videos depicting animal rampage.

Palmer points to a clip from the Discovery Channel program "Man vs. Wild." The host, celebrity survivalist Bear Grylls, plunges into a jungle stream, fully clothed, and captures a giant lizard. Palmer suspects the lizard has been placed there by the crew; Discovery officials deny that.

"You'll want to dispatch him," Grylls says. Then he swings the lizard around by the tail and whips its head against a tree.

A grisly scene. Then again, the point of the program is to show how to survive in the wild, partly by killing and cooking one's own food.

Discovery executives say "Man vs. Wild" and its ilk represent an entirely different genre than blue-chip nature filmmaking, and are subject to different standards. Grylls's techniques "have been credited with saving the lives of ordinary people who have found themselves in treacherous situations," said Stephen Reverand, senior vice president of development and production at the Discovery Channel.

Palmer disapproves. In his book, he proposes that every nature film might open with a disclaimer on the screen that says something like, "All the scenes in this film are real and not staged," or, more probably, "Some of the scenes depicted in this film were shot with tame, captive animals."

Not likely, say industry colleagues. Who wants to watch a tame nature film?
http://www.washingtonpost.com/wp-dyn...105782_pf.html





When Did Gekko Get So Toothless?
Joe Nocera

THERE is something a little incongruous about hearing Oliver Stone, the left-leaning, blunt-talking film director, dropping arcane Wall Street terms like “credit default swaps” and “collateralized debt obligations.” But that’s just what he was doing a few weeks ago when trying to explain why his new movie, “Wall Street: Money Never Sleeps,” was not the fictionalized version of the financial crisis of 2008 I had expected.

“I don’t know how you show a credit default swap on the screen,” Mr. Stone said. Never mind that the financial crisis was what had prompted his involvement in the first place. Or that the feelings of outrage and fear that the crisis fueled are feelings that Mr. Stone seems to share. Or that his many fans were surely expecting — like me — a movie that took on the financial crisis and eviscerated the folks responsible.

It just couldn’t be done, Mr. Stone said, not in a mainstream movie. “The idea that the entire system was dependent on a credit bubble that could pop overnight — that is really hard to convey on-screen.”

The crisis, he insisted, was merely meant to be the backdrop for a story about a handful of “complex” people — an older, wiser Gordon Gekko among them — who just happened to be operating on Wall Street around September 2008. “People won’t watch a business movie,” Mr. Stone said. The last “valid” business movie he could recall was “Executive Suite,” which starred William Holden and Barbara Stanwyck. It was released in 1954.

Truth to tell, I wasn’t really buying what Mr. Stone was selling. The more he protested, the more he sounded like a man who hadn’t pulled off what he had set out to accomplish and was now making after-the-fact excuses. Not unlike Wall Street itself in the aftermath of the financial crisis, when you come to think of it.

Besides, Mr. Stone was being far too modest about what constituted a valid business movie. Twenty-three years ago, he himself made the most memorable business movie of all: the original “Wall Street,” which captured an era and an ethos with a gleeful precision that has been matched only by that other great chronicle of 1980s Wall Street: Tom Wolfe’s novel “Bonfire of the Vanities.”

Even if you haven’t seen the original “Wall Street” lately, you can undoubtedly conjure up its indelible images: Gekko, played with delirious vigor by Michael Douglas, with his slicked-backed hair and yellow suspenders, barking out buy and sell orders that make or break companies and competitors. His acolyte, Bud Fox (Charlie Sheen), whose collars morph from button-down to English as he gains Gekko’s favor by feeding him inside information and starts to earn Wall Street-size compensation. The famous “greed is good” speech Gekko delivers to the hapless directors of a company that has become his latest prey. The scene in which Bud Fox is escorted out of his firm in handcuffs, tears running down his cheeks.

The original “Wall Street,” Mr. Stone told me, sticking with his theme du jour, “was about a kid who sells out his father.” True enough. But the events that characterized Wall Street in the 1980s were a lot more than a backdrop. They were crucial to the plot. The movie was built around insider trading and the predations of the hostile takeover movement — two things central to our image of Wall Street in the ’80s.

Ivan Boesky, a well-known Wall Street figure who went to jail for insider trading, made the original “greed is good” speech. Dennis Levine, a young Wall Street hotshot, helped run an insider trading ring. Several Wall Street executives were indeed marched out of their offices in handcuffs. Michael Milken, the inspiration, in part, for the Gekko character, financed the hostile takeover movement, throwing an annual conference known as the Predators’ Ball. Toward the end of “Wall Street,” Mr. Stone has a scene in which a disillusioned Bud Fox secretly tapes a conversation with Gekko, which helps send him to jail. In real life Mr. Boesky secretly taped conversations with Mr. Milken, which helped send Mr. Milken to jail.

In “Wall Street: Money Never Sleeps,” many of the characters — and firms — are stand-ins for real people and real companies. Frank Langella’s character is based on Jimmy Cayne, the former chief executive of Bear Stearns, the first Wall Street firm to be brought down by the crisis. Josh Brolin, who plays the villain of the piece, is meant to bear a physical resemblance to Jamie Dimon, the head of J. P. Morgan. But Mr. Brolin’s firm, Churchill Schwartz, is modeled on Goldman Sachs, ruthlessly taking advantage of competitors in ways that are — how to put this? — ethically challenged. And though Mr. Douglas returns as Gordon Gekko, he spends much of the film predicting the coming cataclysm.

When I mentioned to Mr. Stone that there weren’t a lot of people in real life predicting that it would all end badly, he had the perfect riposte: “What about Nouriel Roubini?” (Mr. Roubini, an economist, became famous by predicting the credit crisis. He gets a cameo in Mr. Stone’s new film.) Still, the problem is that, with rare exception, the characters merely talk about the things that helped bring the world’s financial system to the brink. They are never actually engaged in, say, turning rotten subprime mortgages into toxic collateralized debt obligations and peddling them to unsuspecting investors. Though this is presumably the sort of behavior that Mr. Brolin’s character would revel in — as would the younger Gekko — it takes place completely offstage. Gekko’s sermons have the quality of a Greek chorus, describing crucial events that we never see.

Instead, the plot revolves around the efforts of a young investment banker, Jake Moore (Shia LaBeouf), to get financing for an earnest clean-energy company. (The subplot revolves around Jake’s efforts to help Gekko reconnect with his estranged daughter — who happens to be Jake’s girlfriend. Sigh.) Putting aside the fact that promising clean energy companies have very little trouble raising cash these days, it seems almost beside the point.

Even the one big exception to this is instructive. With Mr. Langella’s firm on the brink of failure — thanks to the subprime securities it holds — the New York Federal Reserve calls together all the Wall Street barons in the hope of finding a way to save the firm. (Mr. Brolin’s company winds up buying it for a song, not unlike the way J. P. Morgan bought Bear Stearns for practically nothing.) But Mr. Stone told me he worried that devoting so much screen time to those meetings — seven minutes in all — could cost him some of his audience. He solved that problem by tarting them up so that they resemble nothing so much as the scene in “The Godfather” when Don Corleone calls together the dons of the other New York crime families to end a mob war.

It’s true, as Mr. Stone says, that it’s not easy to show a credit default swap on-screen. Still, the events that took place on Wall Street from the summer of 2007, when the crisis began, to the fall of 2008, when even mighty Goldman Sachs’s survival was in doubt, were inherently dramatic. The greed that Mr. Stone so vividly conveyed in his first “Wall Street” movie got completely out of hand. Much of the trading that went on in the prelude to the crisis was almost nihilistic, utterly lacking any redeeming virtue. Villains abounded. Was it really so impossible to build a movie script out of this material?

There is something a little unfair, I realize, in criticizing a director for not making the film you had hoped he would make. But fans of the original “Wall Street” will come to this new movie expecting Mr. Stone to tap into the nation’s anger by dramatizing Wall Street’s sins. They are going to be disappointed. Mr. Stone looked the crisis straight in the eye — and blinked.

One of the film’s many advisers is Olaf Rogge, a big-time London money manager, who presides over Rogge Global Partners, a firm with $45 billion in assets. Although he had not yet seen the movie when I called him recently, he had read the script in most of its iterations. During the crisis he did well, he told me, because he avoided buying “all that rubbish” — those toxic subprime securities. Like Mr. Roubini, he has a bit part in the movie.

He had high expectations for the film, he said, and was disappointed by the script Mr. Stone ultimately used to make it. At one point during their eight hours of conversations, Mr. Rogge told Mr. Stone, “Leverage is the mother of all evils.” Mr. Stone changed that line to “Speculation is the mother of all evils.” When Mr. Rogge complained, Mr. Stone would tell him that “we are here to make a film, not to make history,” Mr. Rogge said with a sigh.

“He missed a beautiful opportunity,” Mr. Rogge said finally. “He could have pointed out how we were five minutes from the brink of anarchy.”

I suspect that someone will one day make a film that captures that drama. It just won’t be Oliver Stone.
http://www.nytimes.com/2010/09/26/movies/26wall.html





Arthur Penn, Director of ‘Bonnie and Clyde,’ Dies
Dave Kehr

Arthur Penn, the stage, television and motion picture director whose revolutionary treatment of sex and violence in the 1967 film “Bonnie and Clyde” transformed the American film industry, died Tuesday night at his home in Manhattan, the day after he turned 88.

The cause was congestive heart failure, his son, Matthew, said.

A pioneering director of live television drama in the 1950s and a Broadway powerhouse in the 1960s, Mr. Penn developed an intimate, spontaneous and physically oriented method of directing actors that allowed their work to register across a range of mediums.

In 1957, he directed William Gibson’s television play “The Miracle Worker” for the CBS series “Playhouse 90” and earned Emmy nominations for himself, his writer and his star, Teresa Wright. In 1959, he restaged “The Miracle Worker” for Broadway and won Tony Awards for himself, his writer and his star, Anne Bancroft. And in 1962, he directed the film version of Mr. Gibson’s text, which won the best actress Oscar for Bancroft and the best supporting actress Oscar for her co-star, Patty Duke, as well as earning nominations for writing and directing.

Mr. Penn’s direction may also have changed the course of American history. He advised Senator John F. Kennedy during his watershed television debates with Richard M. Nixon in 1960 (and directed the broadcast of the third debate). Mr. Penn’s instructions to Kennedy — to look directly into the lens of the camera and keep his responses brief and pithy — helped give the candidate an aura of confidence and calm that created a vivid contrast to his more experienced but less telegenic Republican rival.

But it was as a film director that Mr. Penn left his mark on American culture, most indelibly with “Bonnie and Clyde.”

“Arthur Penn brought the sensibility of ’60s European art films to American movies,” the writer-director Paul Schrader said. “He paved the way for the new generation of American directors who came out of film schools.”

Many of the now-classic films of what was branded the “New American Cinema” of the 1970s — including “Taxi Driver,” directed by Martin Scorsese and written by Mr. Schrader, and “The Godfather,” directed by Francis Ford Coppola — would have been unthinkable without “Bonnie and Clyde” to point the way.

Loosely based on the story of two minor gangsters of the 1930s, Bonnie Parker and Clyde Barrow, “Bonnie and Clyde” had been conceived by its two novice screenwriters, Robert Benton and David Newman, as an homage to the rebellious sensibility and disruptive style of French New Wave films like François Truffaut’s “Shoot the Piano Player” and Jean-Luc Godard’s “Breathless.”

In Mr. Penn’s hands, it became something even more dangerous and innovative — a sympathetic portrait of two barely articulate criminals, played by Mr. Beatty and a newcomer, Faye Dunaway, that disconcertingly mixed sex, violence and hayseed comedy, set to a bouncy bluegrass score by Lester Flatt and Earl Scruggs. Not only was the film sexually explicit in ways unseen in Hollywood since the imposition of the Production Code in 1934 — when Bonnie stroked Clyde’s gun, the symbolism was unmistakable — it was violent in ways that had never been seen before. Audiences gasped when a comic bank robbery climaxed with Clyde’s shooting a bank teller in the face with a shotgun, and were stunned when this attractive outlaw couple died in a torrent of bullets, their bodies twitching in slow motion as their clothes turned red with blood.

Reporting on the film’s premiere on the opening night of the Montreal Film Festival in 1967, Bosley Crowther, the chief film critic for The New York Times, was appalled, describing “Bonnie and Clyde” as “callous and callow” and “slap-happy color film charade.” Worse, the public seemed to love it. “Just to show how delirious these festival audiences can be,” Mr. Crowther wrote, “it was wildly received with gales of laughter and given a terminal burst of applause.”

Similar reactions by other major critics followed when the film opened in the United States a few weeks later. The film, promoted by Warner Brothers with the memorable tag line, “They’re young. They’re in love. They kill people,” floundered at first but soon found an enthusiastic audience among younger filmgoers and won the support of a new generation of critics. “A milestone in the history of American movies,” wrote Roger Ebert in The Chicago Sun Times. Pauline Kael, writing her first review for The New Yorker, described it as an “excitingly American movie,” although she disliked Ms. Dunaway’s performance.

“Bonnie and Clyde” was nominated for 10 Oscars but won only two (for Burnett Guffey’s cinematography and Estelle Parson’s supporting performance), reflecting the Hollywood establishment’s ambivalence over a film that seemed to point the way out of the creative paralysis that had set in after the end of the studio system while betraying all the values — good taste and moral clarity — the studios held most dear.

But the breach had been opened: “Bonnie and Clyde” was followed by “Easy Rider,” “The Wild Bunch,” “The Graduate” and a host of other youth-oriented, taboo-breaking films that made mountains of money for Hollywood. Mr. Penn was perceived as a major film artist on the European model, opening the way for a group of star directors — including Robert Altman, Terrence Malick, Bob Rafelson and Hal Ashby — who were able to work with comparative artistic freedom through the next decade. The “film generation” had arrived.

Arthur Penn was born on Sept. 27, 1922 in Philadelphia to parents of Russian-Jewish heritage. His father, a watchmaker, and his mother, a nurse, divorced when he was three, and Arthur and his brother Irving (who would achieve fame as a photographer) went to live with their mother in New York and New Jersey, changing homes and schools frequently as she struggled to make a living.

Arthur returned to Philadelphia to live with his father when he was 14 and became interested in theater while attending high school. He joined the Army in 1943 and, while stationed at Fort Jackson in South Carolina, organized a theater troupe with his fellow soldiers; later, while stationed in Paris, he performed with the Soldiers Show Company.

After the war he took advantage of the G.I. Bill to attend the famously unconventional Black Mountain College in North Carolina, where his classmates included John Cage, Merce Cunningham and Buckminster Fuller. He went on to study at the Universities of Perugia and Florence in Italy, and returned to the states in 1948. Intrigued by the new, psychologically realistic school of acting that had grown out of the teachings of Konstantin Stanislavski — broadly known as “The Method” — he studied with the Actors Studio in New York and with Stanislavski’s rebellious disciple, Michael Chekhov, in Los Angeles.

Back in New York, Mr. Penn landed a job as a floor manager at NBC’s newly opened television studios. In 1953, an old Army buddy, Fred Coe, gave him a job as a director on “The Gulf Playhouse,” also known as “First Person,” an experimental dramatic series in which the actors directly addressed the camera. The series, broadcast live, introduced him to many of the writers who would go on to make their names in the television drama of the 1950s, including Robert Alan Aurthur, Paddy Chayefsky and Horton Foote. Of Mr. Penn’s first effort, “One Night Stand,” broadcast on July 31, 1953, Val Adams wrote in The New York Times, “Robert Alan Aurthur did the script and Arthur Penn directed. If these and others continue their good work, there is still a great deal of promise in the half-hour TV drama.”

As Mr. Coe moved on to the expanded formats of “The Philco-Goodyear Television Playhouse” and “Playhouse 90,” he took Mr. Penn with him. His “Playhouse 90” production of William Gibson’s “The Miracle Worker,” starring Patricia McCormack as Helen Keller and Teresa Wright as the blind girl’s determined teacher, Annie Sullivan, was shown on Feb. 7, 1957, and earned glowing reviews for both Mr. Gibson and Mr. Penn. Their television success allowed Mr. Penn and Mr. Gibson to return to the original arena of their ambitions, Broadway. With Fred Coe producing, they mounted Mr. Gibson’s play “Two for the Seesaw,” a two-hander about a Midwestern businessman (Henry Fonda) contemplating an adventure with a New York bohemian (Anne Bancroft). It was an immediate success upon its opening in January 1958.

Sensing themselves on a roll, Mr. Penn and Mr. Coe decided to tackle Hollywood. With Mr. Coe producing, Mr. Penn directed his first film, “The Left-Handed Gun,” for Warner Brothers. Based on a Gore Vidal television play adapted by Leslie Stevens, the project was an extension of the “Playhouse 90” aesthetic: a low-budget, black-and-white western about a troubled, inarticulate young man (Paul Newman, in a performance stamped with Actors Studio technique) who happened to be Billy the Kid.

As the critic Robin Wood wrote in his 1969 book on Mr. Penn, “The Left-Handed Gun” provides “a remarkably complete thematic exposition of Penn’s work.” Here already is the theme of the immature, unstable outsider who resorts to violence when he is rejected by an uncaring establishment — a configuration that Mr. Penn would return to again and again in his mature work.

This time, however, fortune did not smile on Mr. Penn. Warner Brothers released “The Left-Handed Gun” directly to neighborhood theaters, where it earned mediocre reviews (“Poor Mr. Newman seems to be auditioning alternately for the Moscow Art Players and the Grand Ole Opry,” Howard Thompson wrote in The Times) and quickly sank from view.

Luckily, Mr. Penn had a back-up plan. Returning to New York, he mounted “The Miracle Worker” for Broadway with Anne Bancroft as Annie Sullivan and the 13-year-old Patty Duke as Helen Keller. Mr. Penn’s highly physical approach made the show a sensation — “One of the most ferocious slugging matches in town has been waged nightly for the past eight weeks between an amateur fighter from the Bronx, standing 5 feet 6 inches tall and weighing 122 pounds, and a novice from Manhattan, standing 4 feet 4 3/4 inches tall and weighing 60 pounds,” wrote Nan Robertson in a Times story about the play — and the production went on to run for 719 performances.

During the run of “The Miracle Worker,” Mr. Penn found time to stage three more hits: Lillian Hellman’s “Toys in the Attic,” with Jason Robards, Jr. and Maureen Stapleton; “An Evening with Mike Nichols and Elaine May,” in which the popular comedy team made their Broadway debut, and “All the Way Home,” an adaptation of James Agee’s novel “A Death in the Family,” with Arthur Hill and Colleen Dewhurst.

When Hollywood beckoned again, Mr. Penn returned in strength in 1962 to direct the film version of “The Miracle Worker.” This time the film was a popular and critical success, earning Oscars for Ms. Bancroft and Ms. Duke and nominations for Mr. Penn, Mr. Gibson and the costume designer Ruth Morley.

But Mr. Penn was dismissed from his next project, “The Train,” after a few days of filming by its temperamental star, Burt Lancaster. His subsequent film, “Mickey One,” an absurdist drama about a nightclub comedian (Warren Beatty) on the run from the Mafia, wore its European art film ambitions on its sleeve and baffled most American critics, though it earned the admiration of the iconoclastic young critics of Cahiers du cinema, the influential French film magazine that championed the New Wave.

Mr. Penn had another frustrating experience with “The Chase” (1966), a multi-character drama set in a small Texas town where the local sheriff (Marlon Brando) is on the lookout for a local boy (Robert Redford) who has escaped from a state prison. Adapted from a Lillian Hellman piece by the screenwriter Horton Foote, the morally complex drama was taken away from Mr. Penn and extensively re-edited by its producer, Sam Spiegel. But “The Chase,” even in its mutilated form, remains one of Mr. Penn’s most personal and feverishly creative works.

An embittered Mr. Penn returned to Broadway, where he staged the thriller “Wait Until Dark” with Lee Remick and Robert Duvall. But he was eventually induced to return to Hollywood, summoned by his “Mickey One” collaborator, Warren Beatty, to take over the direction of a project originally offered to François Truffaut.

“Frankly, I wasn’t all that certain I wanted to make another film,” Mr. Penn wrote in an essay for Lester D. Friedman’s 2000 Cambridge University Press anthology, “Arthur Penn’s ‘Bonnie and Clyde.” “And if I were to do another film, I felt it should be a story with a broader social theme than a flick about two thirties bank robbers whose pictures I remembered as a couple of self-publicizing hoods holding guns, plastered across the front page of The Daily News.”

But Mr. Beatty, who had acquired an option on the property, persuaded Mr. Penn to join the project with promises of autonomy and the rare privilege of having the final cut.

Working with the screenwriters, Robert Benton and David Newman, Mr. Penn eliminated a sexual triangle among Bonnie, Clyde and their disciple C. W. Moss — a composite character eventually played by Michael J. Pollard — that he felt was too sophisticated for the characters. “They were farmers or children or farmers, bumpkins most of them,” Mr. Penn wrote of the 1930s gangsters who inspired the story. “They certainly did not seem to be figures that belonged in complicated sexual arrangements.” He added, “ We talked and moved in the direction of a simpler tale, one of narcissism, of bravura, and, at least from Clyde’s point of view, of sexual timidity.”

“We had the tone of the film,” Mr. Penn wrote. “It was to start as a jaunty little spree in crime, then suddenly turn serious, and finally arrive at a point that was irreversible.”

After the astonishing success of “Bonnie and Clyde,” Mr. Penn had his choice of projects. But rather than move on to big-budget Hollywood prestige productions, Mr. Penn decided to make a small, personal film, very much in the spirit of the American Independent Cinema that would emerge in the 1980s.

“Alice’s Restaurant,” released in 1969, revisited many of the social outsider themes of “Bonnie and Clyde,” but in a low key, gently skeptical, non-violent manner. Starring Arlo Guthrie and based on his best-selling narrative album about a hippie commune’s brush with the law, the film did not approximate the impact of “Bonnie and Clyde” but stands as one of Mr. Penn’s most engaging works, a warm and deeply felt miniature.

By contrast, Mr. Penn seemed to lose his way among the epic ambitions of 1970’s “Little Big Man,” a sprawling, ironic, anti-western that tried to explain American imperialism through the excessively abstract figure of Jack Crabb (Dustin Hoffman), the sole (though fictional) non-Indian survivor of the Battle of the Little Bighorn, as he bumbled through a glumly revisionist version of the Old West.

After that film’s disappointing reception, Mr. Penn laid low for a while, contributing only a segment to the 1973 documentary on the Munich Olympics, “Visions of Eight,” before returning to feature filmmaking in 1975 with the modest thriller “Night Moves.” Starring Gene Hackman as a Hollywood private detective who loses himself on a case in the Florida Keys, the film made explicit the existential despair long contained in the American film noir, ending on a daring note of irresolution.

But the audiences of 1975 were losing patience with daring notes, flocking instead to the popcorn pleasures of Steven Spielberg’s “Jaws,” that summer’s runaway hit. Suddenly, Mr. Penn’s kind of artistically ambitious, personal filmmaking was out of style. The director returned to Broadway, where he staged a pair of successes, Larry Gelbart’s “Sly Fox” with George C. Scott and William Gibson’s “Golda” with Anne Bancroft.

Mr. Penn’s subsequent film career witnessed violent ups and downs. A reunion with Marlon Brando for “The Missouri Breaks” (1976) yielded a surreal western with moments of brilliance but a meandering tone. With “Four Friends” (1981), Mr. Penn returned to the subjects of youthful uncertainty and social upheaval, working from a semi-autobiographical script by Steve Tesich. “It’s a film for which I had a lot of sympathy,” Mr. Penn told Richard Schickel in 1990, “about adolescence and a kid who was an immigrant to the United States and his inability to function with his father. In that sense there are lots of personal details that correlate with my own life.”

Less committed were “Target” (1985), a paranoid political thriller with Gene Hackman and Matt Dillon that uneasily matched a father-son conflict with conventional suspense, and “Dead of Winter” (1987), a partial remake of Joseph H. Lewis’s 1945 gothic thriller “My Name Is Julia Ross.” They seemed barely to engage its director. “I just like to flex my muscles every once in a while and do something relatively mindless,” Mr. Penn explained to Mr. Schickel.

It came as a pleasant surprise, then, when Mr. Penn uncorked the 1989 independent production “Penn and Teller Get Killed,” a black comedy in which the stage magicians Penn and Teller are pursued by a serial killer (David Patrick Kelly). Full of wild jokes, bizarre reversals and extravagant gore, this tiny film bristles with a youthful spirit of experimentation.

A dutiful drama of South African apartheid produced by Showtime, “Inside” (1996) would prove to be Mr. Penn’s last theatrically released film. He also contributed a brief segment to the 1995 anthology “Lumière and Company.”

In his last years, Mr. Penn returned to the medium that had given him his start, television. He served as an executive producer on several episodes of “Law and Order,” a series on which his son, Matthew Penn, worked as a director, and directed a 2001 episode of “100 Centre Street,” a program executive produced by Mr. Penn’s old television colleague, the director Sidney Lumet. One of his final works for the theater was the 2002 Broadway production “Fortune’s Fool,” an adaptation of Ivan Turgenev’s 1848 play that, true to Mr. Penn’s form, duly won Tony Awards for its two stars, Alan Bates and Frank Langella.

Mr. Penn met his wife of 54 years, the actress Peggy Mauer, when he auditioned her for a television drama in the 1950s. She survives him. Besides his son, Matthew, Mr. Penn is also survived by a daughter, Molly Penn, and four grandsons. Mr. Penn’s older brother, the photographer Irving Penn, died in 2009. Throughout his long career, Mr. Penn never lost his flair for the spontaneous, his remarkable ability to capture an emotional moment in all of its pulsing ambiguity and messy vitality.

“I don’t storyboard,” Mr. Penn explained to an audience at the American Film Institute in 1970s, referring to the practice of sketching out every shot in a film before production begins. “I guess it dates back to my days in live television, where there was no possibility of storyboarding and everything was shot right on the spot — on the air, as we say — at the moment we were transmitting. I prefer to be open to what the actors do, how they interact to the given situation. So many surprising things happen on the set, and I have the feeling that storyboarding might tend to close your mind to the accidental.”

Liz Robbins contributed reporting.
http://www.nytimes.com/2010/09/30/movies/30penn.html





Gloria Stuart, Actress, Dies at 100
Aljean Harmetz and Robert Berkvist



Gloria Stuart, a glamorous blond actress in Hollywood’s golden age who was largely forgotten until she made a memorable comeback in her 80s in “Titanic,” died on Sunday at her home in West Los Angeles. She was 100.

Her daughter, Sylvia Vaughn Thompson, confirmed the death.

Ms. Stuart received her only Academy Award nomination, for best supporting actress, for her performance in James Cameron’s “Titanic” as Rose Calvert, a 101-year-old survivor of the ship’s sinking. The oldest person ever nominated for an acting Oscar, she lost to Kim Basinger. Kate Winslet, who was nominated for best actress, played Rose as a young, well-to-do, romantically restless passenger in first class who falls in love with a poor would-be artist in steerage, played by Leonardo DiCaprio.

The movie, which won 11 Oscars in 1997, was the top-grossing film of all time until it was overtaken by “Avatar,” also directed by Mr. Cameron, in 2009.

When Ms. Stuart was rediscovered by Mr. Cameron and cast as Rose, she was 86 and had long since given up on Hollywood. From 1932 to 1946 she made 46 films, but she abandoned her screen career after growing tired of being typecast as “girl reporter, girl detective, girl overboard,” Ms. Stuart told The Chicago Tribune in 1997.

“So one day, I burned everything: my scripts, my stills, everything. I made a wonderful fire in the incinerator, and it was very liberating.”

In the best of her early movies, Ms. Stuart, a petite and elegant presence, was forced to seek shelter with Boris Karloff in James Whale’s classic horror film “The Old Dark House” (1932) and was horrified when Claude Rains, her mad-scientist fiancé, tampered with nature in “The Invisible Man” (1933), also directed by Whale.

She was James Cagney’s girlfriend in “Here Comes the Navy” (1934), Warner Baxter’s faithful wife in John Ford’s “Prisoner of Shark Island” (1936), Shirley Temple’s cousin in “Rebecca of Sunnybrook Farm” (1938) and the spoiled rich girl who falls in love with penniless Dick Powell in “Gold Diggers of 1935.”

“Few actresses were so ornamental,” John Springer and Jack Hamilton wrote in “They Had Faces Then,” a book about the actresses of the 1930s. “But ‘undemanding’ is the word for most of the roles she played.”

After a small role in the limp 1946 comedy “She Wrote the Book,” Ms. Stuart had had enough and left the film world, not to be seen again until she appeared in a television movie 29 years later.

Although Screen Play magazine had called Ms. Stuart one of the 10 most beautiful women in Hollywood, she was more than a pretty face. She was a founding member of the Screen Actors Guild and helped found the Hollywood Anti-Nazi League, an early antifascist organization.

After she left Hollywood, Ms. Stuart taught herself to paint. In 1961 she had her first one-woman show, at Hammer Galleries in New York.

In 1983 the master printer Ward Ritchie taught her to print, and she started a fresh career as a respected designer of hand-printed artists’ books and broadsides. She produced illustrated books and broadsides under her own imprint, Imprenta Glorias, including “Haiku,” “Beware the Ides of March” and “The Watts Towers.”

Ms. Stuart and Mr. Ritchie also began an autumn romance that lasted until Mr. Ritchie’s death in 1996 at the age of 91. Her print work is in the collections of the Getty Museum in Los Angeles and the Victoria and Albert Museum in London.

Gloria Frances Stewart was born in Santa Monica, Calif., on July 4, 1910, two years before the Titanic sank. When she started in movies, Ms. Stuart wrote in her autobiography, “I Just Kept Hoping” (Little Brown, 1999) , a collaboration with her daughter, she shortened “Stewart” to “Stuart” “because I thought — and still do — its six letters balanced perfectly on a theater’s marquee with the six letters in ‘Gloria.’ ”

She attended the University of California, Berkeley, where she met her first husband, the sculptor Gordon Newell. Settling in Carmel, Calif., in 1930, she and Mr. Newell joined a bohemian community that included the photographer Edward Weston and the journalist Lincoln Steffens. Ms. Stuart acted at the Golden Bough Theater and wrote for a weekly newspaper.

In 1932 Mr. Ritchie, Mr. Newell’s best friend, drove Ms. Stuart to Pasadena, where she had been offered a role at the prestigious Pasadena Playhouse. “The morning after I opened in Chekhov’s ‘The Sea Gull,’ ” Ms. Stuart remembered, “I signed a seven-year contract with Universal.”

Soon came movies like “The Girl in 419” (1933), in which she played a mysterious woman who witnesses a murder. Her social circle included Dorothy Parker, Robert Benchley and other New York intellectuals who had settled at the Garden of Allah hotel while writing and acting in movies. A gourmet cook whose oxtail stew with dumplings was praised by M. F. K. Fisher in her book “The Gastronomical Me,” Ms. Stuart liked to cook Sunday dinners for them.

Ms. Stuart and Mr. Newell divorced in 1934; later that year she married Arthur Sheekman, a screenwriter who worked on Marx Brothers movies.

After Ms. Stuart gave up on Hollywood, the Sheekmans sailed around the world and settled in New York. She had a daughter with Mr. Sheekman and later moved to Italy with them and started to paint. Mr. Sheekman died in 1978.

Besides her daughter, Ms. Thompson, Ms. Stuart is survived by four grandchildren and 12 great-grandchildren.

Ms. Stuart made brief returns to film and television acting in the 1970s and had a cameo role in the 1982 film “My Favorite Year,” in which she danced with Peter O’Toole, who starred as a worn-at-the-edges film idol.

But it was “Titanic,” 15 years later, that made Ms. Stuart a celebrity again. She was nominated for a Golden Globe, interviewed on television, invited to Russia for the opening of the movie there and chosen by People magazine as one of the 50 most beautiful people in the world. Her newfound fame resulted in more film and television work into her 90s.

If she had been more famous as an actress, Ms. Stuart would never have won the role of Rose Calvert, the survivor whose memories of her love affair aboard the ship form the frame of “Titanic.” Mr. Cameron wanted a lesser-known actress for the part, one who, as Ms. Stuart said in a 1997 interview, was “still viable, not alcoholic, rheumatic or falling down.”

Ms. Stuart was so viable that it took an hour and a half each day to transform her youthful 86-year-old features into the face of a 101-year-old woman.

When the script of “Titanic” was sent to her, Ms. Stuart told The Chicago Tribune, she thought, “If I had been given plum roles like this back in the old days, I would have stayed in Hollywood.”
http://www.nytimes.com/2010/09/28/movies/28stuart.html





Sally Menke, Longtime Film Editor for Quentin Tarantino, Found Dead Near Griffith Park
Andrew Blankstein

Director Quentin Tarantino's longtime film editor, who went hiking with her dog amid the extreme heat Monday, was discovered dead early Tuesday morning by searchers in Beachwood Canyon, according to law-enforcement sources.

Award-winning film editor Sally Menke, 56, worked on such movies as "Pulp Fiction," "Kill Bill" and "Jackie Brown."

Menke had gone hiking in the morning, and her friends alerted police after she failed to come home.

Search dogs, an LAPD helicopter and officers from patrol units spent hours in Griffith Park searching for her.

Her locked car was found in a Griffith Park parking lot. Menke's dog was found alive, according to the Los Angeles Police Department.

The sources, who spoke on the condition that they not be named because the investigation was ongoing, said Menke's body was found at the bottom of a ravine near 5600 block of Green Oak Drive.

No cause of death was immediately reported, and it's unclear whether the heat was a factor.

[Updated at 8:42 a.m.: LAPD Lt. Bob Binder said Menke and a hiking buddy set out about 9 a.m. to hike a trail in Bronson Canyon, in the shadows of the Hollywood sign. An hour later, Menke's partner decided to turn back. Menke and her Labrador retriever continued on.

That was the last time she was reported seen. Friends and family contacted authorities about 4 p.m.

First on the scene were officers with the city's General Services Department, which patrols the park. Searchers with the LAPD Metro Division and Los Angeles Fire Department were called in around 6 p.m. Her family and friends aided in the search.

Menke's body was found just after 2 a.m. at the bottom of a ravine near the 5600 block of Green Oak Drive in Bronson Canyon.

Her dog was sitting next to her body, which was about a football field's length from nearby homes.

Ed Winter, assistant chief of the L.A. County coroner's office, said there did not appear to be a jump in deaths Monday because of the extreme heat.

Sources familiar with the death investigation believe Menke became disoriented and collapsed, and the weather conditions contributed to her death. Winter said the coroner's office is trying to determine whether the heat played a role in Menke's death.]
http://latimesblogs.latimes.com/lano...fith-park.html





HDCP Encryption/Decryption Code
Rob Johnson (rob@cs.sunysb.edu)
Mikhail Rubnich (rubnich@gmail.com)

This is a software implementation of the HDCP encryption algorithm. We are releasing this code in hopes that it might be useful to other people researching or implementing the HDCP protocol.

DOWNLOAD: hdcp-0.1.tgz
COMPILE: make
TEST: ./hdcp -t
(If there is any "!" in the output, then there was an error)
BENCHMARK: ./hdcp -S

The HDCP cipher is designed to be efficient when implemented in hardware, but it is terribly inefficient in software, primarily because it makes extensive use of bit operations. Our implementation uses bit-slicing to achieve high speeds by exploiting bit-level parallelism. We have created a few high-level routines to make it as easy as possible to implement HDCP, as shown in the following example.

Given Km, REPEATER, and An from the initial HDCP handshake messages, all a decryptor needs to do is:

#define NFRAMES (64) /* NFRAMES must be <= 64 */

void HDCP(uint64_t Km, uint64_t REPEATER, uint64_t An, int width, int height)
{
uint64_t Ks, R0, M0, Mi[NFRAMES], Ki[NFRAMES], Ri[NFRAMES], outputs[height][width][NFRAMES];
BS_HDCPCipherState hs;

/* Generate the session key Ks, the checksum R0, and the initial IV M0 */
HDCPAuthentication(Km, REPEATER, An, &Ks, &R0, &M0);

/* Finish HDCP handshake using R0 */
/* ... */

Mi[NFRAMES-1] = M0;
while(/* there's more video to encrypt/decrypt... */) {

/* Generate the Ki, Ri, Mi, and stream cipher outputs for the next NFRAMES frames */
HDCPInitializeMultiFrameState(NFRAMES, Ks, REPEATER, Mi[NFRAMES-1], &hs, Ki, Ri, Mi);
HDCPFrameStream(NFRAMES, height, width, &hs, outputs);

/* xor the next NFRAME frames of video data with outputs... */
/* ... */
}
}

Since our implementation is bit-sliced, it can generate the output for up to 64 frames of video in parallel. This is much faster than a non-bit-sliced implementation that generates 1 frame of stream cipher output at a time, but has the disadvantage of requiring a lot of ram to save the outputs for future frames.

The core cipher code is in hdcp_cipher.[ch]. The example program hdcp.c has two functions of interest:

* print_test_vectors() generates and prints the test vectors from HDCP 1.4, Tables A-3 and A-4. Obviously, they all pass.
* measure_hdcp_stream_speed() measures the performance for generating stream cipher output and provides an example of using the library.

Some benchmarks on 640x480 frames (using only a single core):
CPU frames/sec
Intel(R) Xeon(R) CPU 5140 @ 2.33GHz 181
Intel(R) Core(TM)2 Duo CPU P9600 @ 2.53GHz 76
Decryption of 1080p content is about 7x slower but decryption can be parallelized across multiple cores, so a high-end 64-bit CPU should be able to decrypt 30fps 1080p content using two cores and about 1.6GB of RAM.
http://www.cs.sunysb.edu/~rob/hdcp.html





Disney, CBS, Fox Sue Online Subscription Service Ivi for Streaming Shows
Don Jeffrey

Walt Disney Co.’s ABC, CBS Corp. and other broadcasters sued Ivi, an online subscription service, for streaming television programs over the Web without authorization.

The companies, also including News Corp.’s Fox, General Electric Co.’s NBC and the Public Broadcasting Service, today accused Ivi and its founder Todd Weaver of copyright infringement in a federal court complaint in New York.

“Defendants have launched their infringing Internet TV service to coincide with the start of the new fall television season,” the broadcasters said in the complaint.

Ivi, based in Seattle, began streaming TV stations there and in New York 24 hours a day to Web subscribers worldwide on Sept. 13, according to the lawsuit. Viewers would pay $4.99 a month after a 30-day free trial, the complaint said. Broadcasters have deals with companies including Hulu LLC, Netflix Inc. and Apple Inc. to stream TV shows. Hulu’s owners include NBC, Fox and ABC.

On Sept. 20, Ivi and Weaver filed suit in federal court in Seattle seeking a ruling that Ivi isn’t infringing copyrights.

“Big media is choosing to fight Internet delivery the same way they fought against cable delivery and satellite delivery, when in reality it is legal to retransmit,” Weaver said in an e-mail today.

‘Big Media’

“Broadcasters charge more in advertising due to the increase in viewers,” Weaver said. “It is too bad big media must fight innovation that is legal, pays them and increases their revenue.”

The broadcasters said that after they demanded that Ivi stop streaming their stations, the company initially responded that it was “open to engaging in discussions to explore more direct contractual agreements with certain plaintiffs.” Ivi sued several days later.

Major League Baseball, Univision, Telemundo, Cox Media, Tribune Television, Fisher Broadcasting, WPIX, WGBH and WNET.org are also plaintiffs in the New York suit.

Today’s case is WPIX Inc. v. Ivi Inc., 10-7415, U.S. District Court, Southern District of New York (Manhattan). The earlier case is Ivi Inc. v. Fisher Communications Inc., 10-1512, U.S. District Court, Western District of Washington (Seattle).
http://www.bloomberg.com/news/2010-0...ermission.html





Pentagon Destroys Thousands of Copies of Army Officer's Memoir

'Operation Dark Heart' describes Lt. Col Anthony Shaffer's time in Afghanistan leading a black-ops team.
Chris Lawrence and Padma Rama

The Department of Defense recently purchased and destroyed thousands of copies of an Army Reserve officer's memoir in an effort to safeguard state secrets, a spokeswoman said Saturday.

"DoD decided to purchase copies of the first printing because they contained information which could cause damage to national security," Pentagon spokeswoman Lt. Col. April Cunningham said.

In a statement to CNN, Cunningham said defense officials observed the September 20 destruction of about 9,500 copies of Army Reserve Lt. Col. Anthony Shaffer's new memoir "Operation Dark Heart."

Shaffer says he was notified Friday about the Pentagon's purchase.

"The whole premise smacks of retaliation," Shaffer told CNN on Saturday. "Someone buying 10,000 books to suppress a story in this digital age is ludicrous."

Shaffer's publisher, St. Martin's Press, released a second printing of the book that it said had incorporated some changes the government had sought "while redacting other text he (Shaffer) was told was classified."

From single words and names to entire paragraphs, blacked out lines appear throughout the book's 299 pages.

CNN obtained a memo from the Defense Intelligence Agency dated August 6 in which Lt. Gen. Ronald Burgess claims the DIA tried for nearly two months to get a copy of the manuscript. Burgess said the DIA's investigation "identified significant classified information, the release of which I have determined could reasonably be expected to cause serious damage to national security."

Burgess said the manuscript contained secret activities of the U.S. Special Operations Command, CIA and National Security Agency.

Shaffer's lawyer, Mark Zaid, said earlier this month that the book was reviewed by Shaffer's military superiors prior to publication.

"There was a green light from the Army Reserve Command," Zaid told CNN.

But intelligence agencies apparently raised objections when they received copies of the book.

The Pentagon contacted St. Martin's Press in early August to convey its concerns over the release of the book. According to the publisher, at that time the first printings were just about to be shipped from its warehouse. Shaffer said he and the publisher worked hard "to make sure nothing in the book would be detrimental to national security."

"When you look at what they took out (in the 2nd edition), it's lunacy," Shaffer said.

The Pentagon says Shaffer should have sought wider clearance for the memoir.

"He did clear it with Army Reserve but not with the larger Army and with Department of Defense," Department of Defense spokesman Col. David Lapan said earlier this month. "So he did not meet the requirements under Department of Defense regulations for security review."

One of the book's first lines reads, "Here I was in Afghanistan (redaction) My job: to run the Defense Intelligence Agency's operations out of (redaction) the hub for U.S. operations in country."

In chapter 15, titled "Tipping Point," 21 lines within the first two pages are blacked out.

In the memoir, Shaffer recalls his time in Afghanistan leading a black-ops team during the Bush administration. The Bronze Star medal recipient told CNN he believes the Bush administraton's biggest mistake during that time was misunderstanding the culture there.

Defense officials said they are in the process of reimbursing the publisher for the cost of the first printing and have not purchased copies of the redacted version.

At least one seller on the online auction site eBay claiming to have a first-edition printing is selling it for an asking price of nearly $2,000. The listed retail price for the second printing is $25.99.
http://edition.cnn.com/2010/US/09/25/books.destroyed/





U.S. Wants to Make It Easier to Wiretap the Internet
Charlie Savage

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.

The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally.

James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design.

“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.”

But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers.

“We’re talking about lawfully authorized intercepts,” said Valerie E. Caproni, general counsel for the Federal Bureau of Investigation. “We’re not talking expanding authority. We’re talking about preserving our ability to execute our existing authority in order to protect the public safety and national security.”

Investigators have been concerned for years that changing communications technology could damage their ability to conduct surveillance. In recent months, officials from the F.B.I., the Justice Department, the National Security Agency, the White House and other agencies have been meeting to develop a proposed solution.

There is not yet agreement on important elements, like how to word statutory language defining who counts as a communications service provider, according to several officials familiar with the deliberations.

But they want it to apply broadly, including to companies that operate from servers abroad, like Research in Motion, the Canadian maker of BlackBerry devices. In recent months, that company has come into conflict with the governments of Dubai and India over their inability to conduct surveillance of messages sent via its encrypted service.

In the United States, phone and broadband networks are already required to have interception capabilities, under a 1994 law called the Communications Assistance to Law Enforcement Act. It aimed to ensure that government surveillance abilities would remain intact during the evolution from a copper-wire phone system to digital networks and cellphones.

Often, investigators can intercept communications at a switch operated by the network company. But sometimes — like when the target uses a service that encrypts messages between his computer and its servers — they must instead serve the order on a service provider to get unscrambled versions.

Like phone companies, communication service providers are subject to wiretap orders. But the 1994 law does not apply to them. While some maintain interception capacities, others wait until they are served with orders to try to develop them.

The F.B.I.’s operational technologies division spent $9.75 million last year helping communication companies — including some subject to the 1994 law that had difficulties — do so. And its 2010 budget included $9 million for a “Going Dark Program” to bolster its electronic surveillance capabilities.

Beyond such costs, Ms. Caproni said, F.B.I. efforts to help retrofit services have a major shortcoming: the process can delay their ability to wiretap a suspect for months.

Moreover, some services encrypt messages between users, so that even the provider cannot unscramble them.

There is no public data about how often court-approved surveillance is frustrated because of a service’s technical design.

But as an example, one official said, an investigation into a drug cartel earlier this year was stymied because smugglers used peer-to-peer software, which is difficult to intercept because it is not routed through a central hub. Agents eventually installed surveillance equipment in a suspect’s office, but that tactic was “risky,” the official said, and the delay “prevented the interception of pertinent communications.”

Moreover, according to several other officials, after the failed Times Square bombing in May, investigators discovered that the suspect, Faisal Shahzad, had been communicating with a service that lacked prebuilt interception capacity. If he had aroused suspicion beforehand, there would have been a delay before he could have been wiretapped.

To counter such problems, officials are coalescing around several of the proposal’s likely requirements:

¶ Communications services that encrypt messages must have a way to unscramble them.

¶ Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.

¶ Developers of software that enables peer-to-peer communication must redesign their service to allow interception.

Providers that failed to comply would face fines or some other penalty. But the proposal is likely to direct companies to come up with their own way to meet the mandates. Writing any statute in “technologically neutral” terms would also help prevent it from becoming obsolete, officials said.

Even with such a law, some gaps could remain. It is not clear how it could compel compliance by overseas services that do no domestic business, or from a “freeware” application developed by volunteers.

In their battle with Research in Motion, countries like Dubai have sought leverage by threatening to block BlackBerry data from their networks. But Ms. Caproni said the F.B.I. did not support filtering the Internet in the United States.

Still, even a proposal that consists only of a legal mandate is likely to be controversial, said Michael A. Sussmann, a former Justice Department lawyer who advises communications providers.

“It would be an enormous change for newly covered companies,” he said. “Implementation would be a huge technology and security headache, and the investigative burden and costs will shift to providers.”

Several privacy and technology advocates argued that requiring interception capabilities would create holes that would inevitably be exploited by hackers.

Steven M. Bellovin, a Columbia University computer science professor, pointed to an episode in Greece: In 2005, it was discovered that hackers had taken advantage of a legally mandated wiretap function to spy on top officials’ phones, including the prime minister’s.

“I think it’s a disaster waiting to happen,” he said. “If they start building in all these back doors, they will be exploited.”

Susan Landau, a Radcliffe Institute of Advanced Study fellow and former Sun Microsystems engineer, argued that the proposal would raise costly impediments to innovation by small startups.

“Every engineer who is developing the wiretap system is an engineer who is not building in greater security, more features, or getting the product out faster,” she said.

Moreover, providers of services featuring user-to-user encryption are likely to object to watering it down. Similarly, in the late 1990s, encryption makers fought off a proposal to require them to include a back door enabling wiretapping, arguing it would cripple their products in the global market.

But law enforcement officials rejected such arguments. They said including an interception capability from the start was less likely to inadvertently create security holes than retrofitting it after receiving a wiretap order.

They also noted that critics predicted that the 1994 law would impede cellphone innovation, but that technology continued to improve. And their envisioned decryption mandate is modest, they contended, because service providers — not the government — would hold the key.

“No one should be promising their customers that they will thumb their nose at a U.S. court order,” Ms. Caproni said. “They can promise strong encryption. They just need to figure out how they can provide us plain text.”
http://www.nytimes.com/2010/09/27/us/27wiretap.html





FBI Drive for Encryption Backdoors is Déjà Vu for Security Experts
Ryan Singel

The FBI now wants to require all encrypted communications systems to have backdoors for surveillance, according to a New York Times report, and to the nation's top crypto experts it sounds like a battle they've fought before.

Back in the 1990s, in what's remembered as the crypto wars, the FBI and NSA argued that national security would be endangered if they did not have a way to spy on encrypted e-mails, IMs and phone calls. After a long protracted battle, the security community prevailed after mustering detailed technical studies and research that concluded that national security was actually strengthened by wide use of encryption to secure computers and sensitive business and government communications.

Now the FBI is proposing a similar requirement that would require online service providers, perhaps even software makers, to only offer encrypted communication unless the companies have a way to unlock the communications.

In the New York Times story that unveiled the drive, the FBI cited a case where a mobster was using encrypted communication, and the FBI had to sneak into his office to plant a bug. One of the named problems was RIM, the maker of BlackBerrys, which provides encrypted e-mail communications for companies and governments, and which has come under pressure from India and the United Arab Emirates to locate its severs in its countries.

According to the proposal, any company doing business in the States could not create an encrypted communication system without having a way for the government to order the company to decrypt it, and those who currently do offer that service would have to retool it. It's the equivalent of outlawing whispering in real life.

Cryptographers have long argued that backdoors aren't a feature—they are just a security hole that will inevitably be abused by hackers or adversarial governments.

The proposal also contradicts a congressionally-ordered 1996 National Research Council report that found that requiring backdoors was not a sensible policy for the government.

"While the use of encryption technologies is not a panacea for all information security problems, we believe that adoption of our recommendations would lead to enhanced protection and privacy for individuals and businesses in many areas, ranging from cellular and other wireless phone conversations to electronic transmission of sensitive business or financial documents," said committee chair Kenneth W. Dam, professor of American and foreign law at the University of Chicago. "It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages."

Moreover, cases of encryption tripping up law enforcement are extremely rare, according the government's own records. In 2009, for instance, the government got court approval for 2,376 wiretaps and encountered encryption only once—and was able to get the contents of the communication. Statistics for other years show no problems whatsoever for the government.

Jim Dempsey, the West Coast director of the Center for Democracy and Technology, told Wired.com that the FBI is now saying that the numbers are mistaken—and they'll issue new ones in the spring.

Despite that, the FBI is saying that its spying capabilities could be degraded unless the Congress requires companies using encryption to remake their current systems so that the companies have some way to spy on the communications.

The FBI did not return a call seeking comment, but the FBI's general counsel Valerie Caproni told the New York Times that companies "can promise strong encryption. They just need to figure out how they can provide us plain text.”

While the scope of the proposal isn't clear, it would seem to target Hushmail, Skype, RIM and PGP, each of which use encryption to make it possible for users to communicate without fear of being eavesdropped on by the company making the service, hackers, criminals, business competitors, and governments (authoritarian or otherwise).

There's also a number of open source software packages that might also get swept up by the proposal, including OpenPGP (an open protocol for sending encrypted e-mails), TOR (a system for disguising the origin of web traffic), and OTR (a system for encrypting instant messages).

University of Pennsylvania computer science professor Matt Blaze, a cryptography expert, coauthored a paper in 1998 about the technical limitations of requiring back doors in crypto, says he's confused by the return of the dream of perfect surveillance capabilities.

"This seems like a far more baffling battle in a lot of ways," Blaze said. "In the 1990s, the government was trying to prevent something necessary, good and inevitable."

"In this case they are trying to roll back something that already happened and that people are relying on," Blaze said.

Few 'Net users realize that they rely on cryptography every day. For instance, online shopping relies on browsers and servers communicating using SSL. Government employees, NGOs and businesses use RIM and PGP's e-mail encryption systems to safely protect diplomatic secrets, confidential business documents and human rights communications. It's not clear how those services could continue since they work by having each user create special decryption keys on their own devices, so that no one, including PGP or RIM, could decrypt the communication if they wanted to. In PGP's case, the company doesn't even run a mail server.

Skype routes calls through peer-to-peer connections in order to be able to offer free internet calls, using encryption to prevent the computers in the middle from being able to listen in. Under the FBI's proposed rules, that architecture would be illegal. Targeted calls would have to be routed through Skype.

"It would make Skype illegal," said Peter Neumann, the principal scientist at TKTK who testified to Congress in the 1990s on the earlier proposal.

"The arguments haven't changed," Neumann said. "9/11 was something long predicted and it hasn't changed the fact hat if you are going to do massive surveillance using the ability to decrypt—even with warrants, it would have to be done with enormously careful oversight. Given we don't have comp systems that are secure, the idea we will have adequate oversight is unattainable.

"Encryption has life-critical consequences," Neumann added.

The CDT's Dempsey, who spent years working on the Hill on digital policy issues, says the issue won't get to Congress until next year, and depending on the election, could face Republican backlash, especially given that the Tea Party movement is driven in part by a distrust of big government.

Most importantly, for encryption advocates is getting the government to describe in detail what their problems are and what they propose as a solution.

In the 1990s, the NSA created the Clipper chip intended for telecoms to use to encrypt phone calls. The NSA initially refused to let outsiders see the chip, which had a backdoor for the government.

"We, meaning Matt Blaze, Peter Neumann and [Columbia University professor] Steven Bellovin, got them to show us details," Dempsey said. "Then Matt broke the Clipper chip."

That put an end to that proposal.

"No disrespect to Matt, but there are 10,000 people who can do what he did, and my worry is half of them work for Moldovian criminal hacker groups," Dempsey said.

Another concern is that wiretapping requirements in software have a tendency to be used not just by governments bound to the rule of law. For instance, TKTK was lambasted last year for selling telecom equipment to Iran that included the ability to wiretap mobile phones at will. Lost in that uproar was the fact that sophisticated wiretapping capabilities became standard issue for technology thanks to the US government's CALEA rules that require all phone systems, and now broadband systems, to include these capabilities.

Blaze says he's just confused by the proposal.

"If the point is to discourage the use of encryption broadly, that contradicts the policy position of this administration and the two before it," Blaze said. "We need to protect the country's information infrastructure. I was at meeting of the White House and the very same officials backing this were talking about the rollout of DNSSEC [a technology that protects the internet's lookup system from hackers].

"So how do you reconcile that with the policy of discouraging encyrption broadly?," Blaze asked.
http://arstechnica.com/tech-policy/n...ty-experts.ars





Why the FBI's Surveillance Proposal Could Be a Disaster for the Cloud
Alex Williams

Balloon Fiesta 2006The FBI's hopes to "wiretap" the Internet show that federal officials and the Obama administration have little understanding of its implications and further almost no understanding of the technology and the way security functions in a communications environment.

It's dangerous stuff if nothing else than for its clear attempt to intrude deeper into our personal lives in the name of safety and security.

But before we get too tripped up on those silly worries about personal freedoms, let's look at what the effects would be on cloud computing and in particular, the customers who use it.

Securosis is the world's leading independent security research and advisory firm. The firm point to three reasons why the legislation would have such a detrimental impact.

In review, the proposal calls for the following:

Communications firms should be able to unscramble messages that have been encrypted.

Foreign companies must establish an office in the United States in order to perform intercepts on information traversing across its networks.

And here's the best one of them all:

Companies that provide peer-to-peer services must redesign their architecture for messages to allow for interception.

Securosis gives this assessment:

A Single Point of Security Failure

"To allow a communications service to decrypt messages, they will need an alternative decryption key (master key). This means that anyone with access to that key has access to the communications. No matter how well the system is architected, this provides a single point of security failure within organizations and companies that don't have the best security track record to begin with. That's not FUD -- it's hard technical reality."

What that means for cloud services customers: Cloud management service like EnStratus provide encryption for customers across cloud platforms. The key is kept off the network. The service provider does not get access to it, only the customer does. If the legislation passed, the government would have a key to your data, too. The back door would always be open.

Foreign Provider Requirements are Political Theater

"Requiring foreign providers to have interception offices in the US is more of a political than technical issue. Because once we require it, foreign companies will reciprocate and require the same for US providers. Want to create a new Internet communications startup? Better hope you get millions in funding before it becomes popular enough for people in other countries to use it. And that you never need to correspond with a foreigner whose government is interested in their actions."

What that means for cloud services customers: Who knows what kind of requests would come in from foreign governments about your data. That's an impediment that would cool any enterprise interest in cloud computing.

More Opportunity for Security Failures

"There are only 3 ways to enable interception in peer to peer systems: network mirroring, full redirection, or local mirroring with remote retrieval. Either you copy all communications to a central monitoring console (which either the provider or law enforcement could run), route all traffic through a central server, or log everything on the local system and provide law enforcement a means of retrieving it. Each option creates new opportunities for security failures, and is also likely to be detectable with some fairly basic techniques -- thus creating the Internet equivalent of strange clicks on the phone lines, never mind killing the bad guys' bandwidth caps."

What that means for cloud services customers: Might as well start using the telpehone. Start printing those files. That's going to be a lot of paper!

Really, this is ridiculous. What's the point of stifling innovation and the economic benefits that cloud computing provides?

We are disappointed with the Obama administration. They are now crafting legislation based upon this poorly formed proposal.

It's evident that the FBI is frustrated. Law enforcement has lagged behind the technology curve. In reaction, they have offered a proposal that would gut our infrastructure, open us to greater security threats and stifle innovation in arguably one of the fastest growing sectors of our national economy.

And one more thing - the term wiretap is another awful metaphor for the world we live. Its rampant use in the language around this proposal speaks volumes about how we continue to use terms that describe practices of another age.

Well, perhaps that's the point. The past is what we seek to recreate. The problem is - it never works.
http://www.readwriteweb.com/cloud/20...e-disaster.php





U.S. Mounting First Test of Cyber-Blitz Response Plan
Jim Wolf

The United States is launching its first test of a new plan for responding to an enemy cyber-blitz, including any attack aimed at vital services such as power, water and banks.

Thousands of cyber-security personnel from across the government and industry are to take part in the Department of Homeland Security's Cyber Storm III, a three- to four-day drill starting Tuesday.

The goals are to boost preparedness; examine incident response and enhance information-sharing among federal, state, international and private-sector partners.

"At its core, the exercise is about resiliency -- testing the nation's ability to cope with the loss or damage to basic aspects of modern life," said a release made available at DHS's National Cybersecurity and Communications Integration Center in Arlington.

The simulation tests the newly developed National Cyber Incident Response Plan, a coordinated framework ordered by President Barack Obama.

The plan is designed to be flexible and adaptable enough to mesh responders' efforts across jurisdictional lines. Refinements may be made after the exercise, DHS officials said.

The test involves 11 states, 12 foreign countries 60 private companies.

Six cabinet-level departments are taking part beside Homeland Security: Defense, Commerce, Energy, Justice, Treasury and Transportation, as well as representatives from the intelligence and law-enforcement worlds.

Cyber Storm III takes place amid mounting signs that bits and bytes of malicious computer code could soon be as central to 21st-century conflict as bullets and bombs.

"There is a real probability that in the future, this country will get hit with a destructive attack and we need to be ready for it," U.S. Army General Keith Alexander, the head of a new military cyber-warfare unit, told reporters last week, referring to computer-launched operations.

Cyber Storm III involves simulated harm only, not real impact on any network, said Brett Lambo, the exercise director.

In the drill, mock foes hijack Web security infrastructure used by businesses, government and consumers to verify and authenticate online transactions.

In so doing, they upend Internet reliability and relationships before launching major attacks against the government, certain critical infrastructure, public sector enterprises and international counterparts.

Officials did not spell out the scenario's details to preserve the surprise of exercise play.

Among the industry sectors currently represented at the 24-hour watch and warning hub are information technology, communications, energy and banking and finance, said Sean McGurk, the DHS official who directs the hub inaugurated last October.

Other participants take part from the locations where they would normally respond to a cyber-attack. The foreign "players" are from Australia, Britain, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden and Switzerland.

(Editing by Bill Trott)
http://www.reuters.com/article/idUST...technologyNews





No Govt Defence Against Cyber Attacks
Darren Pauli

The government will not lift a finger to help businesses under attack from hackers, unless the offence presents a high risk to national security, a senior Attorney-General's policy official says.

Instead, Australia's security agencies will forge a response based on the "pathology of the problem", incorporating the risk the attack poses to government and the community.

Mike Rothery, first assistant secretary for the National Security Resilience Policy Division in the Attorney-General's Department, said organisations must source their own capability to defend attacks.

"To be honest, we struggle to defend our own systems from the current threats — the idea that we can extend the envelope to protect the mining industry's SCADA (Supervisory Control and Data Acquisition) or the banking industry just doesn't fly," Rothery said.

"The people that will defend Westpac will be from Westpac, and Telstra will use people from Telstra. It won't be the Australian Army or Signals Corps."

Rothery said the government may offer some flavour of response depending on how the attack affects the community.

Moreover, those businesses that are attacked and attempt a counter-offensive "hack back" may breach federal laws.

Another aspect about attackers is that they can hijack computers to increase available resources or to obfuscate their identity.

"The problem is you will always trample through someone's network to get to the bad guy and it's possible the person attacking you is a victim."

Businesses have yet to claim self-defence after launching a counter-attack, which would likely be a weak case according to Rothery.

Yet, security professionals unanimously agree in a sly wink and nod that victims have retaliated for some time without prosecution.

The government provides some 400 critical infrastructure organisations with advanced online security alerts and shares information pertinent to national security through its Trusted Information Sharing Network.
Tomorrow, when the war begins

Contrary to suggestions from some security strategists, Rothery said existing military force paradigms cannot be retrofitted to cyber warfare.

He told security professionals in Canberra that the demarcation between civil attacks, such as domestic hacking, and those against nation-states, such as espionage, is blurry.

"The difference between hacking a system, owning it or installing a backdoor for when the war begins is a marginal issue. Whatever paradigm we choose will be wrong and will contain mistakes."

His comments follow a push by a top Pentagon chief that NATO should build a cyber-shield to protect its military and economic interests. US Deputy Defence Secretary William Lynn did not elaborate on the concept, but AFP reported that the US Government estimates some 100 foreign intelligence agencies or governments attempt to hack US systems each day.

The United States Government Senior Defence Analyst Brian Mazanec told a Canberra audience last week that the dissemination and rules of engagement of cyber attacks will likely mirror biological warfare, noting that certain targets like the SCADA systems protecting nuclear facilities would be off-limits.

Western governments are said to delegate cyber attacks between national and international enforcement agencies. For instance, in the UK, such attacks may be subject to the jurisdiction of the domestic forces or the MI5 intelligence agency.

But the Australian Government will focus on reducing the yield for cyber criminals, rather than "building walls", and will worry more about how a hacker broke into systems and what was compromised than the origins of attack.

Rothery said "pro-government acolytes, wannabes, criminal syndicates and hackers" will be handled similarly, irrespective of the source of attack.

By way of prevention, Rothery said the government invests in defence in depth , which maintains systems under the highest classification entirely offline.
Gov 2.0 a risky business

The Gov 2.0 plan hopes to open government to the public, but it is also exposing more weak websites to attack.

The websites and blogs of politicians and bureaucrats often have low security, some "barely adequate", according to Rothery, and offer scarce pickings for a hacker, but the government may still be damaged by a public defacement.

"The transactional costs of losing a website might be low, but the reputational [sic] costs are very high. It only looks at it from cost ... until it is taken down because some people don't like a minister's policy and tell the media. It is a big issue for Gov 2.0."

Rothery said politicians and public service staff should be aware that blogs and websites controlled off the government network are a security risk.

Rothery spoke at the Safeguarding Australia 2010 conference in Canberra last week.
http://www.zdnet.com.au/no-govt-defe...-339306238.htm





CYBERCOM Will Miss "Fully Operational" October 1st Deadline



The U.S. Cyber Command, scheduled to be “fully operational” by Friday, will miss that deadline. That’s what Col. Rivers J. Johnson, Cybercom spokesman told Stars and Stripes on Wednesday.US Cyber Command Fully Operational Deadline

In May 2010, Secretary of Defense Robert M. Gates announced Army Gen. Keith B. Alexander’s appointment as the first U.S. Cyber Command commander, officially establishing the initial operating capability for the new command.

A major challenge appears to be staffing the command with qualified personnel, of which it will need over 1,000 skilled employees. General Alexander told Congress his leadership staff was in place but acknowledged there were challenges in bringing in people to the rest of the organization.

The demand for IT security talent in the area is in high demand between government agencies and private companies. Just this week, SAIC opened its “Cyber Innovation” center in Columbia, Maryland.

Based at Fort Meade, Maryland, Cybercom merges the offensive and defensive sides of Department of Defense cyber world into one organization for the benefit of both sides, said Army Gen. Keith B. Alexander, who also is director of the National Security Agency.

A subunified command under U.S. Strategic Command, Cybercom has about 1,000 servicemembers and civilian employees. The command has a budget of about $120 million this year, and is scheduled to receive approximately $150 million in fiscal 2011.
http://www.securityweek.com/cybercom...r-1st-deadline





Wiretapping the Internet
Bruce Schneier

On Monday, The New York Times reported that President Obama will seek sweeping laws enabling law enforcement to more easily eavesdrop on the internet. Technologies are changing, the administration argues, and modern digital systems aren't as easy to monitor as traditional telephones.

The government wants to force companies to redesign their communications systems and information networks to facilitate surveillance, and to provide law enforcement with back doors that enable them to bypass any security measures.

The proposal may seem extreme, but -- unfortunately -- it's not unique. Just a few months ago, the governments of the United Arab Emirates, Saudi Arabia and India threatened to ban BlackBerry devices unless the company made eavesdropping easier. China has already built a massive internet surveillance system to better control its citizens.

Formerly reserved for totalitarian countries, this wholesale surveillance of citizens has moved into the democratic world as well. Governments like Sweden, Canada and the United Kingdom are debating or passing laws giving their police new powers of internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. More are passing data retention laws, forcing companies to retain customer data in case they might need to be investigated later.

Obama isn't the first U.S. president to seek expanded digital eavesdropping. The 1994 CALEA law required phone companies to build ways to better facilitate FBI eavesdropping into their digital phone switches. Since 2001, the National Security Agency has built substantial eavesdropping systems within the United States.

These laws are dangerous, both for citizens of countries like China and citizens of Western democracies. Forcing companies to redesign their communications products and services to facilitate government eavesdropping reduces privacy and liberty; that's obvious. But the laws also make us less safe. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in.

Any surveillance system invites both criminal appropriation and government abuse. Function creep is the most obvious abuse: New police powers, enacted to fight terrorism, are already used in situations of conventional nonterrorist crime. Internet surveillance and control will be no different.

Official misuses are bad enough, but the unofficial uses are far more worrisome. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and the people you don't. Any surveillance and control system must itself be secured, and we're not very good at that. Why does anyone think that only authorized law enforcement will mine collected internet data or eavesdrop on Skype and IM conversations?

These risks are not theoretical. After 9/11, the National Security Agency built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the United States. Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn't always match those rules. NSA analysts collected more data than they were authorized to and used the system to spy on wives, girlfriends and famous people like former President Bill Clinton.

The most serious known misuse of a telecommunications surveillance infrastructure took place in Greece. Between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government -- the prime minister and the ministers of defense, foreign affairs and justice -- and other prominent people. Ericsson built this wiretapping capability into Vodafone's products, but enabled it only for governments that requested it. Greece wasn't one of those governments, but some still unknown party -- a rival political group? organized crime? -- figured out how to surreptitiously turn the feature on.

Surveillance infrastructure is easy to export. Once surveillance capabilities are built into Skype or Gmail or your BlackBerry, it's easy for more totalitarian countries to demand the same access; after all, the technical work has already been done.

Western companies such as Siemens, Nokia and Secure Computing built Iran's surveillance infrastructure, and U.S. companies like L-1 Identity Solutions helped build China's electronic police state. The next generation of worldwide citizen control will be paid for by countries like the United States.

We should be embarrassed to export eavesdropping capabilities. Secure, surveillance-free systems protect the lives of people in totalitarian countries around the world. They allow people to exchange ideas even when the government wants to limit free exchange. They power citizen journalism, political movements and social change. For example, Twitter's anonymity saved the lives of Iranian dissidents -- anonymity that many governments want to eliminate.

Yes, communications technologies are used by both the good guys and the bad guys. But the good guys far outnumber the bad guys, and it's far more valuable to make sure they're secure than it is to cripple them on the off chance it might help catch a bad guy. It's like the FBI demanding that no automobiles drive above 50 mph, so they can more easily pursue getaway cars. It might or might not work -- but, regardless, the cost to society of the resulting slowdown would be enormous.

It's bad civic hygiene to build technologies that could someday be used to facilitate a police state. No matter what the eavesdroppers say, these systems cost too much and put us all at greater risk.
http://www.schneier.com/blog/archive...pping_the.html





WikiLeaks Spokesman Quits

'The Only Option Left for Me Is an Orderly Departure'
Aleks Krotoski

In an interview with SPIEGEL, Daniel Schmitt -- the 32-year-old German spokesman for WikiLeaks who is also the organization's best-known personality after Julian Assange -- discusses his falling out with the website's founder, his subsequent departure and the considerable growing pains plaguing the whistleblower organization.

SPIEGEL: Mr. Schmitt, you and WikiLeaks have been unreachable by e-mail for several weeks. What's wrong?

Schmitt: There are technical problems and no one to take care of them. WikiLeaks is stuck in a phase in which the project has to change itself. We grew insanely fast in recent months and we urgently need to become more professional and transparent in all areas. This development is being blocked internally. It is no longer clear even to me who is actually making decisions and who is answerable to them. Because of the high pressure we have all been under following the publication of the American military documents, we have not been able to restructure our organization accordingly. This has created a situation in which not all of the work is being done correctly, and that is overwhelming the project.

SPIEGEL: Is that your opinion or do all the people involved share it?

Schmitt: That is one of the points of dispute internally, but there are others. WikiLeaks, for example, was always free of discrimination. In the past we processed and published smaller submissions that were only of local importance the same way that we did more comprehensive documents that are of national or even international importance.

SPIEGEL: Why don't you do both?

Schmitt: We would like to, but unfortunately we've reached a dead-end. I have tried again and again to push for that, but Julian Assange reacted to any criticism with the allegation that I was disobedient to him and disloyal to the project. Four weeks ago, he suspended me-- acting as the prosecutor, judge and hangman in one person. Since then, for example, I have had no access to my WikiLeaks mail. So a lot of work is just sitting and other helpers are being blocked. I know that no one in our core team agreed with the move. But that doesn't seem to matter. WikiLeaks has a structural problem. I no longer want to take responsibility for it, and that's why I am leaving the project.

SPIEGEL: Why has your fight with Assange escalated to this degree?

Schmitt: We have all experienced intense stress in recent months. Mistakes happened, which is okay, as long as people learn from them. For that to happen, though, one has to admit them. Above all, though, we seem to have lost the faith that we are all pulling together.

SPIEGEL: Assange himself says that you questioned his power and wanted to take over leadership of WikiLeaks.

Schmitt: From my perspective there was no power struggle. It wasn't about personal interests, it was about our organization and its development. Only he can say why he sees things differently.

SPIEGEL: Nevertheless, you did advise him to temporarily retreat from the public eye as a result of the rape allegations lodged against him in Sweden.

Schmitt: The investigation into Julian in Sweden is, in my opinion, a personal attack against him, but they do not have anything to with WikiLeaks directly. Still, it does cost time and energy and it weighs on him. In my opinion it would have been best if he had pulled back a bit so that he could quietly deal with these problems. It would have been fine if he had continued his normal work out of the spotlight. But he clearly saw my internal proposal as an attack on his role.

SPIEGEL: What will happen now?

Schmitt: I worked on WikiLeaks because I considered the idea to be right and important. We tried numerous times to discuss all of the issues mentioned with Julian, without success. I have given more than 100 interviews to media all around the world, coordinated finances in Germany and also worked on the publication (of documents). Now I am pulling out of the project and will turn my tasks over to -- who knows?

SPIEGEL: Who are you referring to when you say "we"?

Schmitt: A handful of people in the core team, who have views about these things that are similar to mine but do not want to go public. A large amount of the work is done by people who want to remain unnamed. There is a lot of resentment there and others, like me, will leave.

SPIEGEL: You are leaving the project at a critical juncture. Do you not worry that a number of Internet activists may accuse you of betraying the cause?

Schmitt: I am aware of that, but you should assume that I have thought long and hard about the step. Nevertheless, in recent years, I have invested a considerable amount of time, money and energy into WikiLeaks. But I also have to be able to support the things for which I am publicly responsible. That is why the only option left for me at the moment is an orderly departure.

SPIEGEL: What is it that you no longer stand behind?

Schmitt: That we promise all of our sources that we will publish their material, for example. Recently, however, we have only focused on the major topics and applied practically all of our resources to them. Take the US Army Afghanistan documents at the end of July, for example. The video of the air strike in Baghdad in 2007, "Collateral Damage," was an extreme feat of strength for us. During the same period of time we also could have published dozens of other documents. And through our rising recognition in the last six months, we have again received a lot of material that urgently needs to be processed and published.

SPIEGEL: With the publication of classified Afghanistan reports, also through SPIEGEL, you have taken on the United States, a superpower. Washington is threatening to prosecute you for espionage and WikiLeaks supporters have been interrogated by the FBI. Bradley Manning, who is believed to be one of your informants, is sitting in jail. Are you afraid of the massive public pressure?

Schmitt: No, pressure from the outside is part of this. But this one-dimensional confrontation with the USA is not what we set out to do. For us it is always about uncovering corruption and abuse of power, wherever it happens -- on the smaller and larger scale -- around the world.

SPIEGEL: What does it mean for the organization now that its second most recognizable face after that of Julian Assange is leaving? Is WikiLeaks' future in jeopardy?

Schmitt: I hope not. The idea behind WikiLeaks is too important for that. There are a number of new people in Sweden and Great Britain and I hope that they will all work on something sensible. I believe in this concept that we set out to do, and I am confident that it will survive.

SPIEGEL: With a part of the WikiLeaks team now leaving, do your informants need to be concerned about what will happen with the material they submitted?

Schmitt: It is my view that material and money from donors should remain at WikiLeaks, because both were intended explicitly for this project. There are other opinions internally -- with our technical people, for example. No matter what, though, we will ensure that a clean transition happens.

SPIEGEL: You quit your job because of WikiLeaks. What will you do now?

Schmitt: I will continue to do my part to ensure that the idea of a decentralized whistleblower platform stays afloat. I will work on that now. And that, incidentally, is in line with one of our original shared convictions -- in the end, there needs to be a thousand WikiLeaks.

SPIEGEL: In your role as WikiLeaks spokesman, you have always gone by the name "Daniel Schmitt." What's your real name?

Schmmitt: It is high time that I also stop doing that and to go public with my name and my opinions. My name is Daniel Domscheit-Berg.
http://www.spiegel.de/international/...719619,00.html





Critics Say India’s Spy Plan Deters Businesses
Vikas Bajaj and Ian Austen

In the United States, law enforcement and security agencies have raised privacy concerns with a new proposal for electronic eavesdropping powers to track terrorists and criminals and unscramble their encrypted messages.

But here in India, government authorities are well beyond the proposal stage. Prompted by fears of digital-era plotters, officials are already demanding that network operators given them the ability to monitor and decrypt digital messages, whenever the Home Ministry judges the eavesdropping to be vital to national security.

Critics, though, say India’s campaign to monitor data transmission within its borders will hurt another important national goal: attracting global businesses and becoming a hub for technology innovation.

The most inflammatory part of the effort has been India’s threat to block encrypted BlackBerry services widely used by corporations unless phone companies provide access to the data in a readable format. But Indian officials have also said they will seek greater access to encrypted data sent over popular Internet services like Gmail, Skype and virtual private networks that enable users to bypass traditional telephone links or log in remotely to corporate computer systems.

Critics say such a threat could make foreigners think twice about doing business here. Especially vulnerable could be outsourcing for Western clients, like processing medical records or handling confidential research projects, information that is typically transmitted as encrypted data.

“If there is any risk to that data, those companies will look elsewhere,” said Peter Sutherland, a former Canadian ambassador to India who is now a consultant to North American companies doing business there.

S. Ramadorai, vice chairman of India’s largest outsourcing company, Tata Consultancy Services, echoed that sentiment in a newspaper column on Wednesday. “Bans and calls for bans aren’t a solution,” he wrote. “They’ll disconnect India from the rest of the world.”

Few doubt that India has valid security concerns. In recent years, attacks against India have included the use of sophisticated communications technology — as when the terrorists who stormed Mumbai two years ago communicated with their Pakistani handlers by satellite phone and the Internet. Or when Chinese hackers infiltrated India’s military computer networks this year.

But critics say that India’s security efforts, which they describe as clumsy, may do little to protect the country, even as they intrude on the privacy of companies and citizens alike.

“They will do damage by blocking highly visible systems like BlackBerry or Skype,” said Ajay Shah, a Mumbai-based economist who writes extensively about technology. “This will shift users to less visible and known platforms. Terrorists will make merry doing crypto anyway. A zillion tools for this are freely available.”

Senior Indian officials, though, argue that they have no choice but to demand the data that could help thwart and investigate terrorist attacks.

“All communications which is done by Indians or coming to and fro into India — and where we have a concern about national security — we should have access to it,” said Gopal Krishna Pillai, the secretary of India’s Home Ministry, which oversees domestic security.

During the Mumbai attacks, he said, officials could not gain access to some of the communications between the terrorists and their handlers.

Some legal experts indicate that Indian law — which has few explicit protections for personal privacy — is on the government’s side. But they also say India is trying to enforce the law in unnerving ways.

“The concern of corporate users and general users of BlackBerry is that if this is allowed, the government will become the single biggest repository of information,” said Pavan Duggal, a technology lawyer who practices before India’s Supreme Court. “And we have no idea how this information will be used and misused in the future.”

The Indian government has also clamped down on the importation of foreign telecommunications equipment, saying it wants to ensure that the technology does not contain malicious software or secret trap doors that could be used by foreign spies.

The technology and security debates playing out here are not new or unique to India.

During the 1990s, for instance, American security officials tried unsuccessfully to restrict the use of encryption because of worries that law enforcement would not be able to monitor communications. Now, in legislation the Obama administration plans to introduce next year, officials want Congress to require all services that enable communications — including encrypted e-mail systems like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically able to comply if served with a wiretap order.

Currently, other countries including the United Arab Emirates and Indonesia are trying to impose various measures similar to India’s.

The debate here, though, is complicated by the fact that despite private industry’s technology prowess in this country, in technologies like cryptography Indian law enforcement agencies still lag significantly behind their counterparts in the United States and other advanced countries.

The Indian government says it is intent on improving its code-cracking skills. But “in the interim, it has this very blunt instrument,” said Rajan S. Mathews, the director general of the Cellular Operators Association of India, a trade group. “It comes to the operators and says: ‘I’m going to make you responsible for giving me access,’ ” he said.

Mr. Pillai, the Home Ministry secretary, said the government was not opposed to the use of encryption to protect the privacy of legitimate electronic communications. But he said that as government-licensed entities, network operators were obliged to give law enforcement officials a way to decode messages when required or to block communications that they cannot decipher.

But network providers say they may not always have the technical ability to do that. In much of the world — including for business users in India — companies and individuals now often use encryption systems that generate new code keys for each message and lack a convenient master key that could unlock everything for government viewing.

Google, for its part, has enhanced the encryption for its Gmail service, making it harder for hackers and the Indian government to read messages. Mr. Pillai said his ministry had begun conversations with Google and Skype, the Internet phone company, which also uses strong encryption, to provide access to decoded data.

Representatives for Google and Skype said that they could not comment because they had not yet received formal demands from the Indian government.

Meanwhile, government officials have demanded that the maker of BlackBerry, Research in Motion of Canada, set up a server computer in India from which law enforcement agencies can gain access to unencrypted versions of messages when they need to. The government has given R.I.M. until the end of October to comply.

The company has said that it is willing to meet “the lawful access needs of law enforcement agencies.” But the company says it cannot provide unencrypted copies of messages of corporate users because of how the BlackBerry system is designed, noting that even R.I.M. cannot decode them.

“Strong encryption has become a mandatory requirement for all enterprise-class wireless e-mail services today,” R.I.M. said in a statement in late August, “and is also a fundamental commercial requirement for any country to attract and maintain international business.”

Vikas Bajaj reported from New Delhi, and Ian Austen from Ottawa. Heather Timmons contributed reporting from New Delhi.
http://www.nytimes.com/2010/09/28/bu.../28secure.html





LinkedIn Users Targeted with Fake "Contact Requests" to Spread Malware
Mike Lennon

On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users.

Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link.

According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says “PLEASE WAITING.... 4 SECONDS..” and then redirects them to Google, appearing as if nothing has happened. During those four seconds, the victim’s PC was attempted to be infected with the ZeuS Malware via a “drive-by download” – something that requires little or no user interaction to infect a system.

When Zeus infects PCs, users rarely notice any harm, and those who click on a link will may even have a chance manually download the executable file, as the malware first runs a series of browser exploits. ZeuS, also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent banking malware platform for online fraud, and has been licensed by numerous criminal organizations. The program then waits for the user to log onto a list of targeted banks and financial institutions, and then steals login credentials and other data which are immediately sent to a remote server hosted by cybercriminals. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc. A new variant recently emerged that targets mobile devices - ZeuS in the Mobile or "Ztimo"- used to overcome two-factor authentication.

"Criminals are misusing brands familiar to business users to trick them into becoming infected by data stealing malware," said Cisco Security Researcher Henry Stern. "They want to infect those users with access to large-dollar online commercial bank accounts. This attack is most interesting because of its scale. While there have been many previous attacks that impersonate social media sites, the scale of this attack, tens of billions of messages, makes it notable. The criminals behind this attack are among those who stole over US$100m from commercial bank accounts in 2009," Stern added.
http://www.securityweek.com/linkedin...spread-malware





Google Uncloaks Once-Secret Server
Stephen Shankland

Google is tight-lipped about its computing operations, but the company for the first time on Wednesday revealed the hardware at the core of its Internet might at a conference here about the increasingly prominent issue of data center efficiency.

Most companies buy servers from the likes of Dell, Hewlett-Packard, IBM, or Sun Microsystems. But Google, which has hundreds of thousands of servers and considers running them part of its core expertise, designs and builds its own. Ben Jai, who designed many of Google's servers, unveiled a modern Google server before the hungry eyes of a technically sophisticated audience.

Google's big surprise: each server has its own 12-volt battery to supply power if there's a problem with the main source of electricity. The company also revealed for the first time that since 2005, its data centers have been composed of standard shipping containers--each with 1,160 servers and a power consumption that can reach 250 kilowatts.

It may sound geeky, but a number of attendees--the kind of folks who run data centers packed with thousands of servers for a living--were surprised not only by Google's built-in battery approach, but by the fact that the company has kept it secret for years. Jai said in an interview that Google has been using the design since 2005 and now is in its sixth or seventh generation of design.

"It was our Manhattan Project," Jai said of the design.

Google has an obsessive focus on energy efficiency and now is sharing more of its experience with the world. With the recession pressuring operations budgets, environmental concerns waxing, and energy prices and constraints increasing, the time is ripe for Google to do more efficiency evangelism, said Urs Hoelzle, Google's vice president of operations.

"There wasn't much benefit in trying to preach if people weren't interested in it," said Hoelzle, but now attitudes have changed.

The company also focuses on data center issues such as power distribution, cooling, and ensuring hot and cool air don't intermingle, said Chris Malone, who's involved in the data center design and efficiency measurement. Google's data centers now have reached efficiency levels that the Environmental Protection Agency hopes will be attainable in 2011 using advanced technology.

"We've achieved this now by application of best practices and some innovations--nothing really inaccessible to the rest of the market," Malone said.

Why built-in batteries?

Why is the battery approach significant? Money.

Typical data centers rely on large, centralized machines called uninterruptible power supplies (UPS)--essentially giant batteries that kick in when the main supply fails and before generators have time to kick in. Building the power supply into the server is cheaper and means costs are matched directly to the number of servers, Jai said.

"This is much cheaper than huge centralized UPS," he said. "Therefore no wasted capacity."

Efficiency is another financial factor. Large UPSs can reach 92 to 95 percent efficiency, meaning that a large amount of power is squandered. The server-mounted batteries do better, Jai said: "We were able to measure our actual usage to greater than 99.9 percent efficiency."

The Google server was 3.5 inches thick--2U, or 2 rack units, in data center parlance. It had two processors, two hard drives, and eight memory slots mounted on a motherboard built by Gigabyte. Google uses x86 processors from both AMD and Intel, Jai said, and Google uses the battery design on its network equipment, too.

Efficiency is important not just because improving it cuts power consumption costs, but also because inefficiencies typically produce waste heat that requires yet more expense in cooling.

Costs add up

Google operates servers at a tremendous scale, and these costs add up quickly.

Jai has borne a lot of the burden himself. He was the only electrical engineer on the server design job from 2003 to 2005, he said. "I worked 14-hour days for two and a half years," he said, before more employees were hired to share the work.

Google has patents on the built-in battery design, "but I think we'd be willing to license them to vendors," Hoelzle said.

Another illustration of Google's obsession with efficiency comes through power supply design. Power supplies convert conventional AC (alternating current--what you get from a wall socket) electricity into the DC (direct current--what you get from a battery) electricity, and typical power supplies provide computers with both 5-volt and 12-volt DC power. Google's designs supply only 12-volt power, with the necessary conversions taking place on the motherboard.

That adds $1 or $2 to the cost of the motherboard, but it's worth it not just because the power supply is cheaper, but because the power supply can be run closer to its peak capacity, which means it runs much more efficiently. Google even pays attention to the greater efficiency of transmitting power over copper wires at 12 volts compared to 5 volts.

Google also revealed new performance results for data center energy efficiency measured by a standard called power usage effectiveness. PUE, developed by a consortium called the Green Grid, measures how much power goes directly to computing compared to ancillary services such as lighting and cooling. A perfect score of 1 means no power goes to the extra costs; 1.5 means that ancillary services consume half the power devoted to computing.

Google's PUE scores are enviably low, but the company is working to lower them further. In the third quarter of 2008, Google's PUE was 1.21, but it dropped to 1.20 for the fourth quarter and to 1.19 for the first quarter of 2009 through March 15, Malone said.

Older Google facilities generally have higher PUEs, he said; the best has a score of 1.12. When the weather gets warmer, Google notices is that it's harder to keep servers cool.

Shipping containers

Most people buy computers one at a time, but Google thinks on a very different scale. Jimmy Clidaras revealed that the core of the company's data centers are composed of standard 1AAA shipping containers packed with 1,160 servers each, with many containers in each data center.

Modular data centers are not unique to Google; Sun Microsystems and Rackable Systems both sell them. But Google started using them in 2005.

Google's first experiments had some rough patches, though, Clidaras said--for example when they found the first crane they used wasn't big enough to actually lift one.

Overall, Google's choices have been driven by a broad analysis on cost that encompasses software, hardware, and facilities.

"Early on, there was an emphasis on the dollar per (search) query," Hoelzle said. "We were forced to focus. Revenue per query is very low."

Mainstream servers with x86 processors were the only option, he added. "Ten years ago...it was clear the only way to make (search) work as free product was to run on relatively cheap hardware. You can't run it on a mainframe. The margins just don't work out," he said.

Operating at Google's scale has its challenges, but it also has its silver linings. For example, a given investment on research can be applied to a larger amount of infrastructure, yielding return faster, Hoelzle said.
http://news.cnet.com/8301-1001_3-10209580-92.html





Friends Without Benefits

The sad truth about Facebook.
Daniel Lyons

The people who run Facebook, the social-networking company, are furious about a new movie that takes lots of liberties in its depiction of how Facebook came into existence. They’re upset because much of The Social Network, which opens Oct. 1, is just completely made up. That’s fair enough. But to me, the really interesting thing about this movie is that while much of the tale is invented, the story tells a larger truth about Silicon Valley’s get-rich-quick culture and the kind of people—like Facebook’s 26-year-old founder and CEO, Mark Zuckerberg—who thrive in this environment.

The Valley used to be a place run by scientists and engineers, people like Robert Noyce, the Ph.D. physicist who helped invent the integrated circuit and cofounded Intel. The Valley, in those days, was focused on hard science and making things. At first there were semiconductors, which is how Silicon Valley got its name; then came computers and software. But now the Valley has become a casino, a place where smart kids arrive hoping to make an easy fortune building companies that seem, if not pointless, at least not as serious as, say, old-guard companies like HP, Intel, Cisco, and Apple.

The three hottest tech companies today are Facebook, Twitter, and Zynga. What, exactly, do they do? Facebook lets you keep in touch with your friends; for this profound service to mankind it will generate about $1.5 billion in revenue this year by bombarding its 500 million members with ads. Twitter is a noisy circus of spats and celebrity watching, and its hapless founders still can’t figure out how to make money. That hasn’t stopped venture capitalists from funding dozens of companies that make little apps that work with Twitter, just as they’re also funding countless companies that make apps for Apple’s iPhone, and just as, a few years ago, they were all funding companies that made applications to run on Facebook. Zynga, the biggest of those Facebook app-makers, reportedly will rake in $500 million this year by getting people addicted to cheesy games like Farmville and Mafia Wars, then selling “virtual goods” to use inside the games.

Meanwhile, among some longtime techies, there’s a sense that something important has been lost.

“The old Silicon Valley was about solving really hard problems, making technical bets. But there’s no real technical bet being made with Facebook or Zynga,” says Nathan Myhrvold, the former chief technology officer at Microsoft who now runs an invention lab in Seattle. “Today almost everyone in the Valley will tell you there is too much ‘me-tooism,’ too much looking for a gold rush and not enough people who are looking to solve really hard problems.”

Sure, there are still entrepreneurs and investors chasing serious technology challenges in the Valley. And Myhrvold says he means no disrespect to Facebook and Zynga, which have had clever ideas and are making loads of money.

“What bothers me is the zillions of wannabes who will follow along, and the expectation that every company ought to be focused on doing really short-term, easy things to achieve giant paydays. I think that’s unrealistic, and it’s not healthy,” Myhrvold says.

His company, Intellectual Ventures, intentionally runs counter to the prevailing trend in Silicon Valley. The only problems it tries to solve are ones that seem overwhelmingly difficult. These include creating a new kind of nuclear reactor and developing technologies that could address climate change and eradicate malaria.
Face-to-Facebook Friend Feed: We talk to Facebook users (and self-proclaimed addicts) about how the social networking site fits into their lives

Myhrvold doesn’t have problems raising money. He made a fortune at Microsoft and is a close friend of Bill Gates. But he worries about “the unknown engineers and professors who have good ideas. Are those people going to get funded or will they be talked out of it and told they should do something like Zynga, because virtual goods is where it’s at these days?”

The risk is that by focusing an entire generation of bright young entrepreneurs on such silly things, we’ll fall behind in creating the fundamental building blocks of our economy. The transistor and the integrated circuit gave rise to the last half century of prosperity. But what comes next? “If we distract people with the lure of easy money, with making companies that don’t solve anything hard, we’re going to wind up derailing the thing that has been driving our economy,” Myhrvold says.

We’ve already fallen behind in areas like alternative energy, better batteries, and nanotechnology. Instead of racing to catch up, we’re buying seeds and garden gnomes on Facebook. This won’t end well.
http://www.newsweek.com/2010/09/24/t...ook-movie.html





Apple's Weakest Link is at its Core

iTunes is out of date and needs to be redesigned from the ground up
John Naughton

One of my children is starting at university this month and it was solemnly and jointly agreed that a) she needed a new laptop and b) that Dad would pay for it. So we headed off to the Apple store.

We were careful to go on a weekday, because bitter experience has taught us that the weekends are a no-go area in that particular establishment, which doubles as a free internet cafe, teenage rendezvous and Facebook updating station. Yet when we arrived, around 11am, the place was heaving, with a queue of people snaking into the street.

I was resigning myself to purchasing online rather than endure a two-hour wait when an Apple salesman approached. "We want to buy a MacBook," I said, "but don't have time to wait that long." "Oh," he said, "I can get you a computer straight away. The queue is for the iPhone 4."

After he'd departed to fetch the laptop, I stared at the queue. It was overwhelmingly male in composition, and – if the languages spoken were any guide – made up mostly of people who were not British citizens.

"Wow!" I said to the returning salesman, "it looks as though Apple really underestimated the demand for the iPhone." He looked at me pityingly. "They're not buying for themselves," he said. "They're buying them to flog back home. I sold four to one guy this morning for £2,400. In cash."

It turns out that a sim-free 32GB iPhone purchased in the UK for £599 can be effortlessly unloaded in Dubai or Beijing or Abu Dhabi – or any other market where there is rampant wealth and Apple hasn't yet officially launched the device – for several times the UK price.

While the laptop transaction was going through, I had a good look round the heaving store. It was an amazing sight, thronged with people of all ages – from chirpy young girls gushing over the new iPod range, to teenage boys pompously explaining the merits of onboard video cards to one another, to thirtysomething business people investigating iPads, to baby-boomer parents buying laptops for their kids or iPods for their grandchildren. There was a buzz I haven't seen in any other retail outlet since Richard Branson launched the first Virgin Megastore way back at the end of – when was it? – the Precambrian era.

This retail phenomenon is the monster that Steve Jobs has unleashed on the world. He has positioned Apple at a pivotal point in a series of exploding markets and he controls the toll gate through which everything flows – the iTunes store. No wonder he is loathed and feared (in equal measure) by the industries – music, movies, mobile phones – whose fates he now controls.

At the centre of the Appleverse sits a single, crucial piece of desktop software – iTunes. You can do very little with an Apple device without hooking it up to iTunes. Until now, this has given Apple a key strategic advantage over all other competitors. But, as Britain discovered with the Suez canal in the 1950s, being unduly dependent on a single strategic asset can also have serious downsides.

The problem is that iTunes is now a pretty ancient piece of software. When it first appeared in 2001 as a reworking of SoundJam, a program Apple bought from a Californian company in 1999, it provided an elegant way of doing just one thing: getting songs from CDs on to your computer's hard drive. But over the years, more and more functions have been added: first the management of iPods, then the Apple online store. Then iTunes became the conduit for managing one's iPhone. The latest addition is the Ping social-networking function.

This is what the industry calls "feature creep" on an heroic scale. One seasoned commentator, Wade Roush, reckons that iTunes is now called upon to perform 27 distinct functions – which leads him to call it "the Leaning Tower of Ping". "Adding a social-networking interface, on top of all of iTunes' other functions," he says, "is like grafting another limb to the forehead of an octopus. It's just too much."

He's right. It's inconceivable that Apple doesn't know this too. So somewhere in Cupertino there must be a team working on redesigning iTunes from the ground up. And if there isn't, then perhaps Steve Jobs ought to check out the Wikipedia entry for the Suez crisis.
http://www.guardian.co.uk/technology...n-itunes-apple





News Corp. Donates $1 Million to U.S. Chamber of Commerce
Jim Rutenberg

The News Corporation, whose holdings include The Wall Street Journal and the Fox News Channel, has donated $1 million to the United States Chamber of Commerce, the business advocacy group that is among the heaviest anti-Democratic advertisers in this year’s elections.

The donation, first reported by The Politico last night and confirmed by a person with knowledge of the transaction, is News Corp.’s second known contribution to a group that is advertising heavily to support Republicans this year. In August, News Corp. confirmed that it had donated $1 million to the Republican Governors Association.

The second donation is sure to add to the political heat that surrounds News Corp. and its potent corporate offspring, the Fox News Channel, which has come under increasing fire from Democrats who have questioned its political motives — accusations that have received especially full-throated answers from the network’s stable of opinionated hosts this election season.

In the latest salvo, in an interview published by Rolling Stone this week, President Obama described Fox News as having “a point of view that I think is ultimately destructive for the long-term growth of a country that has a vibrant middle class and is competitive in the world.”

Referring to the interview on her show on Tuesday, the Fox News Channel host Greta Van Susteren asked a guest, the pollster Doug Schoen, “Thin-skinned or good tactic to come after us?’’ He answered, “I think it’s thin-skinned and self destructive.” The same night, the Fox News conservative host Sean Hannity said on his program, “Mr. President, put your pants on, sit at the table, man-up,” adding, “I am tired of him whining, complaining and blaming everybody — as he does in this article — but himself.”

Officials with News Corp. and the Fox News Channel had no comment on the Chamber donation late last night.

After news of the Republican Governor’s Association donation broke in August, company officials had said, “News Corporation has always believed in the power of free markets, and organizations like the R.G.A., which have a pro-business agenda, support our priorities at this most critical time for our economy.” News Corp. controls a wide array of companies, including the Fox broadcast television network, the HarperCollins publishing house, and the Twentieth Century Fox movie studio.

When the R.G.A. donation was disclosed, company officials said their news gathering organizations were not involved in the decision to give the money, and that their operations would not be affected by it.

The Chamber has vowed to spend around $75 million on this year’s elections, and the effort has overwhelmingly focused on defeating Democrats, though the Chamber has made exceptions in some races.

News Corporation has a political action committee that has donated to both parties this year, as have those of Comcast (which is in the process of acquiring a 51 percent stake in the company that holds NBC News and MSNBC). Time Warner (whose holdings include CNN and Time magazine). and CBS Corp (parent of CBS News).

But nothing on record is on the order of the $2 million the News Corporation is now known to have given to the Republican Governor’s Association and the U.S. Chamber of Commerce.
http://thecaucus.blogs.nytimes.com/2...crat-group/?hp





Fake Pimp from ACORN Videos Tries to 'Punk' CNN Correspondent
Scott Zamost

• Conservative activist James O'Keefe planned elaborate sting for CNN, documents show
• Document shows a CNN correspondent would be "seduced on camera"
• O'Keefe is best known for fake "pimp" videos that helped end activist group
• "Right On The Edge" airs this Saturday and Sunday at 8 p.m. and 11 p.m. EST

Editor's note: CNN takes an unprecedented look inside the young conservative activist movement in the documentary "Right On The Edge," which airs Oct. 2 and 3 at 8 p.m. and 11 p.m. EST.

Lusby, Maryland (CNN) -- A conservative activist known for making undercover videos plotted to embarrass a CNN correspondent by recording a meeting on hidden cameras aboard a floating "palace of pleasure" and making sexually suggestive comments, e-mails and a planning document show.

James O'Keefe, best known for hitting the community organizing group ACORN with an undercover video sting, hoped to get CNN Investigative Correspondent Abbie Boudreau onto a boat filled with sexually explicit props and then record the session, those documents show.

The plan apparently was thwarted after Boudreau was warned minutes before it was supposed to happen.

"I never intended to become part of the story," Boudreau said. "But things suddenly took a very strange turn."

O'Keefe is best known for making a series of undercover videos inside ACORN offices around the country in 2009. The 40-year-old liberal group was crippled by scandal after O'Keefe and fellow activist Hannah Giles allegedly solicited advice from ACORN workers on setting up a brothel and evading taxes.

The videos led to some of the employees being fired and contributed to the disbanding of ACORN, which advocated for low- and middle-income and worked to register voters.

But prosecutors in New York and California eventually found no evidence of wrongdoing by the group, and the California probe found the videos had been heavily and selectively edited.

O'Keefe's next big splash ended with his arrest after he taped associates entering Louisiana Sen. Mary Landrieu's office in New Orleans posing as telephone repairmen. He ended up pleading guilty to a misdemeanor charge of entering a federal office under false pretenses and is now on probation.

But he continues to do undercover projects through his organization, which is called Project Veritas.

The incident occurred in August, when Boudreau agreed to meet O'Keefe to discuss CNN's request to be present on set for a music video shoot in which O'Keefe stars.

Boudreau in her own words

For months, CNN had been following a group of young conservative activists, including Christian Hartsock, the director of the music video. The activists will be featured in a documentary, "Right On The Edge," that will air October 2 and 3.

Hartsock said O'Keefe did not want CNN to shoot on the set of the music video, but said he would encourage O'Keefe to call CNN to discuss the request.

O'Keefe called Boudreau on August 10. During the conversation, he said he preferred that Boudreau meet him in person in Maryland and asked that she come alone.

"I just want to talk," O'Keefe told Boudreau on the phone. "I just want to have a, you know, meeting with you, and talk to you face to face about this. Because, I don't, I feel sort of, let's just say reserved about, about letting people into my sort of inner sanctum, about letting, letting people sort of take a glimpse into, into, behind the scenes, so that's why you know, I just feel more comfortable if it was just me and you and we just had a face-to-face meeting before I agree to, to let you guys come out and shoot the video shoot out there."

The phone call was recorded without Boudreau's knowledge, but CNN obtained a copy of the recording after O'Keefe e-mailed it to friends and colleagues. Boudreau agreed to the meeting, which she understood would be in his office.

"The purpose of the meeting was to explain [the CNN story] in person to James," Boudreau said.

CNN was forwarded an e-mail, sent from O'Keefe's e-mail address, to the executive director of Project Veritas, Izzy Santa; and two conservative activists, Ben Wetmore of New Orleans and Jonathon Burns of St. Louis, Missouri, dated after the call with Boudreau.

"Getting Closer," the e-mail states. "Audio attached conversation with Abbie. What do you think of her reaction guys. She said she could do it Monday, Tuesday. Ben, you think I could get her on the boat?"

Boudreau flew to Baltimore, Maryland, on August 17, rented a car, and drove to suburban Lusby, where O'Keefe wanted to meet. O'Keefe sent a text message to Boudreau that morning, saying that Santa would meet her when she got there.

When Boudreau arrived at the address, a house located on a tributary of the Patuxent River, Santa approached her with a tape recorder in her hand and said she wanted to talk in the car, Boudreau said.

"I noticed she had a little bit of dirt on her face, her lip was shaking, she seemed really uncomfortable and I asked her if she was OK," Boudreau said. "The first thing she basically said to me was, 'I'm not recording you, I'm not recording you. Are you recording me?' I said, 'No, I'm not recording you,' and she showed me her digital recorder and it was not recording."

Santa told Boudreau that O'Keefe planned to "punk" her by getting on a boat where hidden cameras were set up. Boudreau said she would not get on the boat and asked Santa why O'Keefe wanted her there.

"Izzy told me that James was going to be dressed up and have strawberries and champagne on the boat, and he was going to hit on me the whole time," Boudreau said.

A short time later, O'Keefe emerged from a boat docked behind the house. In that brief conversation, Boudreau told O'Keefe that he did not have permission to record her, and reminded him that the meeting was solely to discuss the upcoming music video shoot, and he had never mentioned that he wanted to tape their meeting.

Boudreau ended the meeting and left. After the incident, Santa gave CNN a series of e-mails she says shows O'Keefe intended to try to embarrass both the network and Boudreau through an elaborate plan.

The day of the meeting, she wrote to someone she described as a financial donor to Project Veritas. She would not identify the individual.

"I have a problem on my hands that I think has the potential for unnecessary backlash," Santa wrote. "Today, James is meeting with a CNN correspondent today on his boat. She is doing a piece on the movement of young conservative filmmakers.

"She doesn't know she is getting on a boat but rather James' office. James has staged the boat to be a palace of pleasure with all sorts of props, wants to have a bizarre sexual conversation with her. He wants to gag CNN."

She wrote that "the idea is incredibly bad" and "the more I think about it we should not be doing this."

O'Keefe had also instructed Santa to print a "pleasure palace graphic" on a large poster, according to an e-mail.

CNN later obtained a copy of a 13-page document titled "CNN Caper," which appears to describe O'Keefe's detailed plans for that day.

Read excerpts from the document

"The plans appeared so outlandish and so juvenile in tone, I questioned whether it was part of a second attempted punk," Boudreau said.

But in a phone conversation, Santa confirmed the document was authentic. Listed under "equipment needed," is "hidden cams on the boat," and a "tripod and overt recorder near the bed, an obvious sex tape machine."

Among the props listed were a "condom jar, dildos, posters and paintings of naked women, fuzzy handcuffs" and a blindfold.

According to the document, O'Keefe was to record a video of the following script before Boudreau arrived: "My name is James. I work in video activism and journalism. I've been approached by CNN for an interview where I know what their angle is: they want to portray me and my friends as crazies, as non-journalists, as unprofessional and likely as homophobes, racists or bigots of some sort....

"Instead, I've decided to have a little fun. Instead of giving her a serious interview, I'm going to punk CNN. Abbie has been trying to seduce me to use me, in order to spin a lie about me. So, I'm going to seduce her, on camera, to use her for a video. This bubble-headed-bleach-blonde who comes on at five will get a taste of her own medicine, she'll get seduced on camera and you'll get to see the awkwardness and the aftermath.

"Please sit back and enjoy the show." Boudreau, who has won multiple awards for her investigative reporting, called the comments "ridiculous."

The document states it was written by "Ben." According to the e-mail chain obtained by CNN, Ben Wetmore sent the document to O'Keefe and Santa. In a statement e-mailed to CNN, O'Keefe wrote: "That is not my work product. When it was sent to me, I immediately found certain elements highly objectionable and inappropriate, and did not consider them for one minute following it."

He did not respond to follow-up questions. Wetmore did not respond to our questions about the document. Instead, he posted a YouTube video criticizing CNN's coverage of the ACORN story.

Burns did not respond to CNN. The "CNN Caper" document warned O'Keefe about how to handle potential problems.

"If CNN gets advance warning and you find this out, you should simply cancel the operation, period," the document states. "You're in a position of strength. Make her [Boudreau] come to you. To leave the boat kills the operation."

The document discusses the potential fallout from the operation.

"If they pursue this as you are a creep, you should play it up with them initially only to reveal that the tape was made beforehand confirming this was a gag," the document states. "If they [CNN] admit it was a gag, you should release the footage and focus on the fact they got punked, and make sure to emphasize Abbie's name and overall status to help burden her career with this video, incident and her bad judgment in pursuing you so aggressively."

Finally, "if they go on the attack, you should point out the hypocrisy in CNN using the inherent sexuality of these women to sell viewers and for ratings, passing up more esteemed and respectable journalists who aren't bubble-headed bleach blondes and keep the focus on CNN."

CNN traveled to Pasadena, California, for the music video shoot involving O'Keefe, but was not permitted on set. Since the Maryland incident, O'Keefe has transferred all of Santa's duties to one of the Project Veritas directors.

Santa's attorney, Christopher Markham, told CNN that Santa "didn't want what could have happened to occur. She thought it may have been a threat to the organization, and didn't want it to happen to [Boudreau]."

Markham said even though Santa's duties were taken away from her, she is still on the Project Veritas payroll.
http://www.cnn.com/2010/US/09/29/oke...ank/index.html





Boston Globe to Launch Separate Paid Site
Lauren Indvik

The Boston Globe announced Thursday that the online version of its newspaper will be moving from Boston.com to BostonGlobe.com, and that it will begin charging for full access to the latter beginning the second half of next year.

Print subscribers will automatically have full access to all of The Boston Globe’s daily published content at the new site; others will have to purchase a print or digital-only subscription. The price for the latter has not yet been determined.

Boston.com will transition into a free, local news site, pulling in breaking news, sports, weather and more from a variety of sources — including, of course, some from The Boston Globe. The paper is also developing a number of branded apps and other digital products for smartphones, tablets and other devices, the company announced.

“Our research shows that Boston.com currently attracts several different types of user,” Publisher Christopher Mayer said in a statement. “Some are readers whose main interest is breaking news and things to do, while others want access to the entirety of The Boston Globe. These two distinct sites will allow us to serve both types of readers with maximum effectiveness, while continuing to provide advertisers the large engaged audience they have come to expect from Boston.com,” he declared.

The strategy jumps on two emerging trends in the news industry. The first is a growing propensity among traditional print news organizations to charge readers for full access to content. A number of newspapers have placed or plan to place some or all of their content behind paywalls, including The Wall Street Journal, The London Times and The New York Times, the latter of which is owned by the same parent company as The Boston Globe.

Boston.com follows a different movement: The recent proliferation of free local news sites like ChicagoNow, owned by The Chicago Tribune and TBD.com, the content for which is sourced from other providers. These sites are filling in the void of local newspapers, more than 100 of which shut down in 2009 alone.

While the decision to split into two distinct properties may strike some as odd, it’s a wise move in a transitioning market. Faced with rising costs, falling print circulation and declining or flat advertising revenue, newspapers have been forced to explore new business models. Although digital advertising revenue is growing, the web offers nearly infinite ad space, and newspapers simply cannot command the same rates for online display ads as they could once charge for print.

The Boston Globe currently attracts about 5 million unique readers per month, making it the eighth largest newspaper website in the U.S.
http://mashable.com/2010/09/30/boston-globe-paywall/





A Conference Makes Learning Free (and Sexy)
Stephanie Rosenbloom

ONCE a year, there is a mass migration of the intelligentsia to Long Beach, Calif.

There, inside the Long Beach Performing Arts Center, a block from the Pacific Ocean, they gather for four days to share ideas and score gift bags at the TED Conference. Sold out a year in advance, the conference has scholars, scientists, musicians as speakers. They are boldface names: Bill Clinton, Steve Jobs, Jane Goodall. And as for any A-list party, an invitation is required.

The price to get in: $6,000.

Unable to meet the growing demand for access to TED, its organizers decided to democratize. They imagined a new conference that was TED but not TED, organized by local groups like schools, businesses, neighborhoods, even friends — at an unTED-like price: free.

And so last year the TED principals introduced a new concept called TEDx. They encouraged would-be organizers to apply for free licenses, and hoped for the best.

“It wasn’t clear at all that it would work,” said Chris Anderson, the curator of TED, which takes its name from the conference’s original areas of focus: technology, entertainment and design. He figured the inaugural year would bring 10 to 30 TEDx events, primarily in the United States.

To his surprise, there were 278 events last year in places as near as New Jersey and Florida, and as far as Estonia and China. There was TEDxKibera, held in one of Africa’s largest shantytowns in Nairobi, Kenya. And there was TEDxNASA, which had space-themed lectures.

Already this year there have been 531 TEDx events. Another nearly 750 are to take place this year and beyond.

“Students can’t afford to go to TED,” said Marina Kim, 27, who in 2009 organized TEDxAshokaU — part of Ashoka, a network of social entrepreneurs based in Arlington, Va. — and is planning a TEDx event for February. “The power of TEDx is that people can spread the same message but it’s user-generated,” she said.

Many TED and TEDx talks can be seen free on the Web, where they are the antipode of the viral videos of laughing cats and dancing babies that entertain millions of bored office workers each day. And yet the TED videos, too, have gone viral — viewed more than 319 million times since they went online in 2006.

There are TEDx talks about math curriculums, health care and mastering the work-life balance. Often, they capture the local flavor of the city in which they are held, like the TEDx event about breaking down walls held on and around the Great Wall of China. Rarely are they as polished as TED talks, though the best ones end up on TED.com. They can be gatherings of more than 1,000 people, or a few friends in a sparse room. But as is the case with TED, the most powerful events use multimedia, humor and audience interaction to make lectures about serious topics inspiring and easy to grasp.

Take Hans Rosling, a physician and a professor of international health at Karolinska Institute in Sweden. He has spoken at both TED and at TEDx about economic development, health and poverty by narrating eye-catching animations of United Nations statistics as if he were a sportscaster at the Kentucky Derby.

On Monday he spoke at the Paley Center for Media in New York during TEDx Change, a conference organized by the Bill & Melinda Gates Foundation, about the progress of the global health goals set forth a decade ago by the United Nations.

Behind him was a large digital graph showing the relationship between child mortality and family size. A box of countries labeled “Western” had lower child mortality rates, while a box of countries labeled “Developing” had higher child mortality rates. Visualization software he developed (known as Trendalyzer) sent orbs representing various countries floating across the graph while time fast-forwarded from 1960 to today. Dr. Rosling spoke faster and faster, narrating what was happening as time flew by: “Now you get eradication of smallpox, better education, health services — There! China comes into the Western box here! And here Brazil is in the Western box! India’s approaching! The first African country’s coming into the Western box! And we get a lot of new neighbors. Welcome to a decent life!” (Video of the presentation is on the Gates Foundation’s Web site.)

If you think that was a unique way to enliven statistics, consider the 2007 TED talk at which Dr. Rosling wanted to show attendees that the seemingly impossible was possible — so he swallowed a sword.

“We rehearse and rehearse in my hotel room,” he said in the lobby of the Paley Center after his TEDxChange talk. “Twenty-five times.” (And that was for a sword-free lecture.) Then he reached into his breast pocket and flashed a reporter a Boy Scout-style sword swallower’s badge.

Also at TEDxChange was Mechai Viravaidya, a former senator in Thailand known as Mr. Condom. He shared his unusual tactics to teach Thai people about family planning and H.I.V. and AIDS prevention, including asking police officers to dole out condoms, organizing condom-inflating competitions and selling condoms and caffeine at a Coffee & Condom stall. Efforts like these helped new H.I.V. and AIDS infections in Thailand decline by 90 percent between 1991 and 2003, he said, saving millions of lives.

When Melinda French Gates of the Bill & Melinda Gates Foundation was asked what she hoped the people watching live via Webcast in 40 countries would take away from that particular TEDx event, she replied, “that change is possible.”

The first-ever TEDx was in March 2009 at the University of Southern California, organized by Krisztina Holly, vice provost for innovation at the University of Southern California and executive director of U.S.C.’s Stevens Institute for Innovation. She held a second event this year, selling out all 1,200 available seats and turning away hundreds of people.

“Students were just beating down the door wanting to sign up,” said Ms. Holly, who goes by “Z.” “We actually had a student write in his application that the whole reason the student came to U.S.C. was TEDx.”

Yet she pointed out that just a year ago, TEDx was a major risk because TED’s organizers had to relinquish control. On the other hand, TEDx is an example of a new model of business plans that harness fans of the brand to help it evolve.

Mr. Anderson agreed, though he said the looming questions were “How do you avoid damaging the TED brand? Can you package TED in a box?”

Apparently you can. A TEDx license is required to organize an event. The rules: recipients must not be associated with a controversial or extremist group, and cannot use TEDx to promote religious or political beliefs, or to sell commercial goods. There are also rules governing the event format, including that speakers must be filmed and that they don’t speak for more than 18 minutes each. TEDx organizers cannot charge for tickets, though TED makes some exceptions for groups that need help with production costs. Organizers who want to charge a fee (which can’t exceed $100) must seek permission from TED.

Today, TED executives are looking to the next phase of growth: leveraging TEDx as an educational tool.

“We know teachers are using the talks in classrooms,” said Lara Stein, TED’s licensing director. “What could we do to move that along?”

After all, as Mr. Anderson pointed out, the rise of online video means a teacher doesn’t have to be someone sitting in front of a classroom talking to 30 people. Especially if something like TEDx can make learning and social change “sexy,” as Ms. Kim of Ashoka put it.

“It’s an experience,” she said. “It’s not a lecture. It’s transformational. That’s why people like me are hooked.”
http://www.nytimes.com/2010/09/26/fashion/26TEDX.html





Anger as a Private Company Takes Over Libraries
David Streitfeld

A private company in Maryland has taken over public libraries in ailing cities in California, Oregon, Tennessee and Texas, growing into the country’s fifth-largest library system.

Now the company, Library Systems & Services, has been hired for the first time to run a system in a relatively healthy city, setting off an intense and often acrimonious debate about the role of outsourcing in a ravaged economy.

A $4 million deal to run the three libraries here is a chance for the company to demonstrate that a dose of private management can be good for communities, whatever their financial situation. But in an era when outsourcing is most often an act of budget desperation — with janitors, police forces and even entire city halls farmed out in one town or another — the contract in Santa Clarita has touched a deep nerve and begun a round of second-guessing.

Can a municipal service like a library hold so central a place that it should be entrusted to a profit-driven contractor only as a last resort — and maybe not even then?

“There’s this American flag, apple pie thing about libraries,” said Frank A. Pezzanite, the outsourcing company’s chief executive. He has pledged to save $1 million a year in Santa Clarita, mainly by cutting overhead and replacing unionized employees. “Somehow they have been put in the category of a sacred organization.”

The company, known as L.S.S.I., runs 14 library systems operating 63 locations. Its basic pitch to cities is that it fixes broken libraries — more often than not by cleaning house.

“A lot of libraries are atrocious,” Mr. Pezzanite said. “Their policies are all about job security. That’s why the profession is nervous about us. You can go to a library for 35 years and never have to do anything and then have your retirement. We’re not running our company that way. You come to us, you’re going to have to work.”

The members of the Santa Clarita City Council who voted to hire L.S.S.I. acknowledge there was no immediate threat to the libraries. The council members say they want to ensure the libraries’ long-term survival in a state with increasingly shaky finances.
Until now, the three branch locations have been part of the Los Angeles County library system. Under the new contract, the branches will be withdrawn from county control and all operations — including hiring staff and buying books — ceded to L.S.S.I.

“The libraries are still going to be public libraries,” said the mayor pro tem, Marsha McLean. “When people say we’re privatizing libraries, that is just not a true statement, period.”

Library employees are furious about the contract. But the reaction has been mostly led by patrons who say they cannot imagine Santa Clarita with libraries run for profit.

“A library is the heart of the community,” said one opponent, Jane Hanson. “I’m in favor of private enterprise, but I can’t feel comfortable with what the city is doing here.”

Mrs. Hanson and her husband, Tom, go to their local branch every week or two to pick up tapes for the car and books to read after dinner. Mrs. Hanson recently checked out Willa Cather’s classic “Death Comes for the Archbishop,” although she was only mildly in favor of its episodic style; she has higher hopes for her current choice, on the shadowy world of North Korea.

The suggestion that a library is different — and somehow off limits to the outsourcing fever — has been echoed wherever L.S.S.I. has gone. The head of the county library system, Margaret Donnellan Todd, says L.S.S.I. is viewed as an unwelcome outsider.

“There is no local connection,” she said. “People are receiving superb service in Santa Clarita. I challenge that L.S.S.I. will be able to do much better.”

As a recent afternoon shaded into evening, there were more than a hundred patrons at the main Santa Clarita library. Students were doing their homework. Old men paged through newspapers. Children gathered up arm’s loads of picture books. It was a portrait of civic harmony and engagement.

Mrs. Hanson, who is 81 and has been a library patron for nearly 50 years, was so bothered by the outsourcing contract that she became involved in local politics for the first time since 1969, when she worked for a recall movement related to the Vietnam War.

She drew up a petition warning that the L.S.S.I. contract would result in “greater cost, fewer books and less access,” with “no benefit to the citizens.” Using a card table in front of the main library branch, she gathered 1,200 signatures in three weekends.

L.S.S.I. says none of Mrs. Hanson’s fears are warranted, but the anti-outsourcing forces continue to air their suspicions at private meetings and public forums, even wondering whether a recall election is feasible.

“Public libraries invoke images of our freedom to learn, a cornerstone of our democracy,” Deanna Hanashiro, a retired teacher, said at the most recent city council meeting.

Frank Ferry, a Santa Clarita councilman, dismisses the criticism as the work of the Service Employees International Union, which has 87 members in the libraries. The union has been distributing red shirts defending the status quo. “Union members out in red shirts in defense of union jobs,” Mr. Ferry said.

Library employees are often the most resistant to his company, said Mr. Pezzanite, a co-founder of L.S.S.I. — and, he suggested, for reasons that only reinforce the need for a new approach.

“Pensions crushed General Motors, and it is crushing the governments in California,” he said. While the company says it rehires many of the municipal librarians, they must be content with a 401(k) retirement fund and no pension.

L.S.S.I. got its start 30 years ago developing software for government use, then expanded into running libraries for federal agencies. In the mid-1990s, it moved into the municipal library market, and now, when ranked by number of branches, it places immediately after Los Angeles County, New York City, Chicago and the City of Los Angeles.

The company is majority owned by Islington Capital Partners, a private equity firm in Boston, and has about $35 million in annual revenue and 800 employees. Officials would not discuss the company’s profitability.

Some L.S.S.I. customers have ended their contracts, while in other places, opposition has faded with time. In Redding, Calif., Jim Ceragioli, a board member of the Friends of Shasta County Library, said he initially counted himself among the skeptics.

But he has since changed his mind. “I can’t think of anything that’s been lost,” Mr. Ceragioli said.

The library in Redding has expanded its services and hours. And the volunteers are still showing up — even if their assistance is now aiding a private company. “We volunteer more than ever now,” Mr. Ceragioli said.
http://www.nytimes.com/2010/09/27/bu...libraries.html





In Study, Children Cite Appeal of Digital Reading
Julie Bosman

Many children want to read books on digital devices and would read for fun more frequently if they could obtain e-books. But even if they had that access, two-thirds of them would not want to give up their traditional print books.

These are a few of the findings in a study being released on Wednesday by Scholastic, the American publisher of the Harry Potter books and the “Hunger Games” trilogy.

The report set out to explore the attitudes and behaviors of parents and children toward reading books for fun in a digital age. Scholastic surveyed more than 2,000 children ages 6 to 17, and their parents, in the spring.

Parents and educators have long worried that digital diversions like video games and cellphones cut into time that children spend reading. However, they see the potential for using technology to their advantage, introducing books to digitally savvy children through e-readers, computers and mobile devices.

About 25 percent of the children surveyed said they had already read a book on a digital device, including computers and e-readers. Fifty-seven percent between ages 9 and 17 said they were interested in doing so.

Only 6 percent of parents surveyed owned an e-reader, but 16 percent said they planned to buy one in the next year. Eighty-three percent of those parents said they would allow or encourage their children to use the e-readers.

Francie Alexander, the chief academic officer at Scholastic, called the report “a call to action.”

“I didn’t realize how quickly kids had embraced this technology,” Ms. Alexander said, referring to computers and e-readers or other portable devices that can download books. “Clearly they see them as tools for reading — not just gaming, not just texting. They see them as an opportunity to read.”

Milton Chen, a senior fellow at the George Lucas Educational Foundation, said the report made the case that children want to read on new digital platforms.

“The very same device that is used for socializing and texting and staying in touch with their friends can also be turned for another purpose,” Mr. Chen said. “That’s the hope.”

But many parents surveyed also expressed deep concerns about the distractions of video games, cellphones and television in their children’s lives. They also wondered if the modern multi-tasking adolescent had the patience to become engrossed in a long novel.

“My daughter can’t stop texting long enough to concentrate on a book,” said one parent surveyed, the mother of a 15-year-old in Texas.

Another survey participant, the mother of a 7-year-old Michigan boy, said, “I am afraid my son’s attention span will only include fast-moving ideas, and book reading will become boring to him.”

More than half the parents surveyed said they were concerned that as their children spent more time using digital devices, they would be less interested in recreational reading. The study did not try to measure whether the digital devices actually did detract from time spent reading.

The study also examined the effect of parents and teachers on children’s reading habits. Children ages 9 to 11 are more likely to be frequent readers if their parents provide interesting books to read at home and set limits on time spent using technology like video games, the report said.

The report also suggested that many children displayed an alarmingly high level of trust in information available on the Internet: 39 percent of children ages 9 to 17 said the information they found online was “always correct.”
http://www.nytimes.com/2010/09/29/books/29kids.html





Panasonic Has Big Plans for Robots
Martyn Williams

Panasonic is getting serious about robotics and has begun a push to commercialize a series of robots over the next few years.

The company formed a robotics unit last year and has its sights set on sales of panasonic robot¥100 billion (US$1.1 billion) in 2015. Panasonic achieved total sales of ¥7.8 trillion in the financial year to March so such sales would have represented a little over 1 percent of the company's overall business last year.

Panasonic hopes to reach this goal through sales of home and industrial robots and presented some of its latest research and development on Thursday at its robotics laboratory in Osaka.

For hospital and industrial use the company has developed a porter robot that can be used to assist workers in pulling heavy objects like medical carts. The robot is based on the same motor and parts used in Panasonic's electrical bicycles so is cheaper and easier to produce that something based on proprietary components. It can pull up to 200 kilograms.

Panasonic also envisages it being used for applications such as helping staff pull beds or wheelchairs. It is also possible to have the robot hook up to a wheelchair and turn the control column around so the wheelchair's occupant can move around a building without effort.

For the kitchen, the company has developed a robot that can assist with serving food and washing dishes.

It's a large robot arm with a four-fingered hand that can grip and manipulate objects such as glasses, plates and cooking utensils. In a demonstration the robot took a plate from a dishwasher and set it down on the counter, picked up a spoon and scooped some food from a pan and then dropped the food into a waiting bowl. It also took a glass from the kitchen counter and emptied it into a sink before placing it in the dishwasher for cleaning.

The robot has sensors in its fingers to make sure it doesn't grip too tightly and a camera overhead provides a view of where things are so it doesn't get confused.

At the beginning of October Panasonic demonstrated a robotic bed that can transform into a wheelchair on command from the user. It's designed for people who have limited mobility and is intended to provide an extra level of independence as it enables them to get out of bed and move around the house without assistance from others.

That bed is also something Panasonic wants to put on the market, but its launch could be held up by the lack of safety standards and liability laws concerning robots that interact with humans. Guidelines could be out as soon as 2012 paving the way for its commercialization, Panasonic said.
http://www.pcworld.com/article/17378...or_robots.html





Apple Threatens Search Giants' Mobile Ad Shares

Google, Microsoft, and Yahoo! have swiftly lost share in the U.S. mobile advertising market to Apple's new iAd. Independent rivals such as Jumptap and Millennial Media are gaining, too
Olga Kharif

Apple (AAPL) may be gaining share in the U.S. mobile advertising market this year at the expense of Google (GOOG) and Microsoft (MSFT)

Apple will end the year with 21 percent of the market, according to estimates provided to Businessweek.com by researcher IDC. Google's share will drop to 21 percent, from 27 percent last year, when combined with results from AdMob, the ad network it bought in May. Microsoft will drop to 7 percent, from 10 percent.

The companies have been upgrading ad software and buying businesses to grab a larger chunk of mobile advertising, which may more than double in the U.S., to almost $500 million in 2010, IDC said. Apple, maker of the iPhone and iPad, didn't sell mobile ads last year. In January, it bought Quattro Wireless, which had 9 percent of the market in 2009, IDC said. Chief Executive Officer Steve Jobs announced the iAd network in April and launched it in July.

"Apple's acquisition of Quattro and Steve Jobs's launch of iAd put a spotlight on mobile advertising," said Paran Johar, chief marketing officer at rival mobile ad network Jumptap.

Apple's push into mobile ads may be a reason for its rivals' market-share declines. Since June, the number of brands that have agreed to run ads through Apple's iAd network has doubled, said Natalie Kerris, a spokeswoman for Apple.

On June 7, Cupertino (Calif.)-based Apple said it had $60 million in iAd commitments from marketers, including food and personal-care product maker Unilever (UN), electronics retailer Best Buy (BBY), and satellite-television service provider DirecTV (DTV).

Unilever, whose first iAd made its debut in July, is "extremely happy" with the results of its ad campaigns, Rob Master, the company's North American media director, says in an interview. More than 20 percent of people who click on Unilever iAds—which feature video and an interactive game—check out the ad a second time, he says.

Google's mobile-ad sales are experiencing fast growth, said Jason Spero, director of mobile for the Americas at Mountain View (Calif.)-based Google. The company doesn't break out full-year mobile ad sales. Nor do other mobile ad networks.
Yahoo and Nokia ad shares down, too

"If we are losing share, this market is growing faster than any one we've seen," Spero says in an interview. Google has increased its investments in mobile advertising and AdMob will launch new features in 2011, he said.

Yahoo! (YHOO)'s share in mobile ads will drop to 9 percent this year, from 12 percent last year, while Espoo (Finland)-based Nokia (NOK) will suffer a decline to 2 percent, from 5 percent, according to IDC.

"We are confident in our strategy and focus moving forward," Scott Lahde, a spokesman for Sunnyvale (Calif.)-based Yahoo, wrote in an e-mail. Jackie Lawrence, a spokeswoman for Redmond (Wash.)-based Microsoft, and Laurie Armstrong, a Nokia spokeswoman, declined to comment.

Apple's iAd network may not be growing as fast as CEO Jobs hoped. Speaking at the company's Worldwide Developers Conference in June, Jobs said iAd would grab almost half of all projected U.S. mobile-ad spending in the second half of this year. That may be wishful thinking, says Karsten Weide, an analyst for IDC in San Mateo, Calif.

To grow even faster, iAd will need to add features, such as the ability for advertisers to target specific devices. Philippe Browning, director of mobile strategy and business development at CBS (CBS/A), says he passed on iAd when he found out Apple couldn't serve ads to iPad owners exclusively. He opted for AdMob, which offered more flexibility.

Apple and Google are also facing increased competition from smaller rivals. Cambridge (Mass.)-based Jumptap may see its share jump to 13 percent this year, from 10 percent in 2009, IDC said. Millennial Media, a Baltimore-based ad network, may climb to 11 percent, from 9 percent.

"Millennial continues to gain steam because we are seen as independent," CEO Paul Palmieri says in an interview. Google is promoting its Android mobile-operating system, while Apple sells its hardware. Their interests can clash with advertisers' interests, he says.

New competitors are trickling in. On Sept. 22, wireless-equipment maker Ericsson (ERIC) announced its own ad network, AdMarket. Overseas rival InMobi opened a U.S. office in June. BlackBerry maker Research In Motion (RIMM) has been looking to acquire a mobile ad network, IDC's Weide said. RIM didn't respond to a request for comment.

"It's not going to be a two-horse race" between Google and Apple, Weide said. "The race by no means is over."
http://www.businessweek.com/technolo...926_023792.htm





Apple Peel, Which Turns iPods into iPhones, Coming to US

The Apple Peel 520 can turn an iPod Touch into an iPhone-like device

The Apple Peel 520, a Chinese-developed product that drew the media's attention for being able to turn an iPod Touch into an iPhone-like device, is coming to America.

The add-on device, which just went on sale in China, has been billed as a more affordable option for users wanting to get their hands on an iPhone, but lack the budget. The Apple Peel is a protective case equipped with a dock connector, battery and SIM card, that slips on to an iPod Touch. Once connected and properly installed, the device will allow the iPod Touch to make phone calls and send text messages.

Earlier this month, solar technology company GoSolarUSAsigned an agreement with the Chinese developer of the Apple Peel, Yoison Technology, to develop the device, file it for a U.S. patent and distribute it in America. The first demonstration models of the Apple Peel will arrive in America this week, GoSolarUSA said in a statement on Monday.

"As soon as they arrive, we'll begin distributing demonstration models to retail buyers across the country," said GoSolarUSA CEO Tyson Rohde in a statement. "The amount of interest in this product that we've received from distributors has been staggering."

The Apple Peel features five hours of talk time and 120 hours of standby use on its battery. GoSolarUSA has yet to offer a retail price for the add-on. But Yoison Technology is selling the device in China for $US77.

Yoison could not be reached for comment. But the company plans on releasing 2,000 Apple Peels this month in China, according to Yoison's online auction site. Other knock-off versions of the device are already being sold online in China.

The release comes after Apple launched its iPhone 4 in China last week. The smartphone is so popular that its already in short supply among retail outlets selling the device. Purchasing an iPhone 4 without a contract in China is slightly more expensive than it is in America. The 16GB model costs $744, while the 32GB model costs $893.

The shortage of iPhone 4s and the high price are reasons why the Apple Peel may find a strong following in China. Prices for Apple's latest iPod Touch range from $269 for the 8GB model up to $478 for the 64 GB model.

How the Apple Peel will fare in the Chinese market will depend partly on how consumers perceive the price gap, said Flora Wu, an analyst with Beijing-based consulting firm BDA. "The iPhone 4 will decrease in price over time, and so if the price gap is small, the incentive won't be as big."

But the Apple Peel is a notable example of "reverse innovation," in which Chinese developers have found ways to tweak products from foreign countries and make them more suitable for the domestic market, Wu said.

"I think there will be a market for the device," she added. "But the market potential will depend on the price gap and how well the user experience is."
http://www.pcworld.idg.com.au/articl...nes_coming_us/





Is the Future PC a Smartphone?
Brooke Crothers

Will small, powerful, connected-to-everything devices running on non-Intel silicon become the personal computer? The CEO of graphics-chip supplier Nvidia thinks so.

The sentiment, voiced at the company's annual conference this week by chief executive Jen-Hsun Huang, has been expressed before. And like any strong strategy statement from a Silicon Valley CEO, it's self-serving. Nvidia is staking a good chunk of its future--as much as half of its business--on chips based on the ARM design.

But that doesn't mean Huang has got it all wrong, either. Indeed, ARM-based devices such as Apple's iPhone and iPad, Motorola's Droid, RIM's Blackberry, and countless future smartphones and tablets from Motorola, RIM, Apple, and others will use the ARM chip design. "ARM is the fastest-growing CPU (processor) in the world today. It's the instruction set architecture of choice of mobile computing," Huang said. "It is very clear now that mobile computing will be a completely disruptive force to all of computing."

Huang continued. "This (smartphone) is the first computer that is equipped with all kinds of sensors, cameras, microphones, GPSs, and accelerometers. This is the first computer that's context aware. Situation aware. Who knows, someday it may be self-aware," he said.

Huang raises interesting questions about the future. Will a future PC be a powerful, multi-CPU handheld device that wirelessly connects to large displays and a host of other devices--so the PC is carried around in your pocket or small satchel and then connects on the fly to larger devices and/or peripherals?

But the ARM-based vision also presumes that the largest chipmaker in the world, Intel, is standing still. Which it isn't. When asked at last week's Intel Developer Forum conference if Intel was de-emphasizing smartphones, Chief Executive Paul Otellini responded quickly. "Absolutely not. It's still a major focus of our investment. We're moving toward the launch window of a couple of major phones in 2011. And you've got to lock down before that and go through the interoperability testing with networks. And that's where we are. So, there's nothing really to say until those devices launch on the networks next year."

And Intel recently announced that it was acquiring Infineon's wireless unit, which currently supplies key 3G silicon for the iPhone and other smartphones. The company is also putting considerable resources into the MeeGo operating system, which is well suited for small devices. Broadly speaking, Intel's smartphone strategy is to match the next generation of Atom chips with Infineon baseband silicon and 4G technology to eventually offer a full smartphone chip solution. (And Intel isn't doing a bad job with its current Atom design either, which powers over 70 million tiny Netbooks, with many 3G-capable models sold through Verizon and AT&T.)

That said, Texas Instruments, Qualcomm, Samsung, Apple, Nvidia, and other ARM players will build the brains for many of these devices. But Intel and Advanced Micro Devices will too. And, to be sure, Nvidia's future in this market, considering all of the entrenched ARM competition, is probably less certain than Intel's.
http://news.cnet.com/8301-13924_3-20017585-64.html





Mobile Device Boom Sparks U.S. Net Address Shortage
Jasmin Melvin

The United States could run out of unique Internet addresses to assign to new devices by the end of next year, a telecommunications official said on Tuesday.

Internet Protocol version 4, known as IPv4, provides the dominant architecture for the Internet. It requires devices to have unique identifiers, known as an IP address, but it only has space for 4.3 billion of those addresses.

The recent profusion of mobile devices like Research in Motion's BlackBerry and Apple's iPad, and the expansion of Internet services to more homes have quickly depleted available addresses.

An upgrade to the Internet's main communications protocol with more space, called IPv6, is available, but adoption in the United States has lagged behind Europe, China and other countries.

"We now face an exhaustion of IPv4 addresses," Lawrence Strickling, administrator of the U.S. National Telecommunications and Information Administration, said at a meeting of government and industry stakeholders.

"Fortunately, IPv6 will support 340 trillion trillion trillion addresses," Strickling said, and urged businesses to deploy and integrate IPv6 widely.

But the transition may not be easy. It could cost businesses a lot of money, and the new technology might not work well with the technology they use now.

Vivek Kundra, the U.S. chief information officer, issued a directive on Tuesday requiring all U.S. government agencies to upgrade many of their servers and services like e-mail and websites to IPv6 by the end of fiscal 2012.

The memo also ordered them to upgrade internal applications that use Internet servers and make enterprise networks compatible with IPv6 by the end of fiscal 2014.

Representatives from Comcast, Verizon and Google also attended the meeting. They expressed their concerns, but also relayed an urgency to move forward to prevent delays in service for consumers.

An estimated 94.5 percent of the available IP addresses for IPv4 have already been used, and the remaining 5.5 percent are expected to be allocated among the Regional Internet Registries by next summer.

"We expect that there will be no addresses available in our registries to give to Internet service providers by the end of 2011," said John Curran, president and chief executive of the American Registry for Internet Numbers, one of five regional registries.

(Reporting by Jasmin Melvin. Editing by Robert MacMillan)
http://www.reuters.com/article/idUST...technologyNews





Forget Net Neutrality for Now

House Democrats put proposal on shelf
Joelle Tessler

House Democrats have shelved a last-ditch effort to broker a compromise between phone, cable and Internet companies on rules that would prohibit broadband providers from blocking or degrading online traffic flowing over their networks.

House Commerce Committee Chairman Henry Waxman, D-Calif., abandoned the effort late Wednesday in the face of Republican opposition to his proposed "network neutrality" rules. Those rules were intended to prevent broadband providers from becoming online gatekeepers by playing favorites with traffic.

The battle over net neutrality has pitted public interest groups and Internet companies such as Google Inc. and Skype against the nation's big phone and cable companies, including AT&T Inc., Verizon Communications Inc. and Comcast Corp.

Public interest groups and Internet companies say regulations are needed to prevent phone and cable operators from slowing or blocking Internet phone calls, online video and other Web services that compete with their core businesses. They also want rules to ensure that broadband companies cannot favor their own online traffic or the traffic of business partners that can pay for priority access.

But the phone and cable companies insist they need flexibility to manage network traffic so that high-bandwidth applications don't hog capacity and slow down their systems. They say this is particularly true for wireless networks, which have more bandwidth constraints than wired systems. The communications companies also argue that after spending billions to upgrade their networks for broadband, they need to be able earn a healthy return by offering premium services. Burdensome net neutrality rules, they say, would discourage future investments.

Waxman's proposal, the product of weeks of negotiations, attempted to carve out a middle ground by prohibiting Internet traffic discrimination over wireline networks while giving broadband providers more leeway when it comes to managing traffic on wireless networks. The plan would have given the Federal Communications Commission authority to impose fines of up to $2 million for net-neutrality violations.

For the broadband companies, Waxman's retreat is a setback. They fear the issue could now go back to the FCC, which deadlocked over the matter in August. The commission could impose more restrictive rules on the industry than a House compromise would have.

"If Congress can't act, the FCC must," Waxman said in a statement. He added that "this development is a loss for consumers."

Net neutrality was the Obama administration's top campaign pledge to the technology industry and a major priority of the current FCC chairman, Julius Genachowski, a key architect of Obama's technology platform. But frustration is growing — particularly among public interest groups — as the debate has dragged on over the past year without resolution either at the FCC or in Congress.

Waxman's proposal, in part, fell victim to today's political climate, with Republicans hoping to rack up gains in the upcoming midterm elections apparently unwilling to help Democrats make progress on such a contentious issue. With an anti-government, anti-regulation sentiment sweeping the nation — and boosting Tea Party candidates — Republicans also were reluctant to support a proposal that opponents equate to regulating the Internet.

Yet in what would have been a big victory for the phone and cable companies, Waxman's proposal would have headed off an effort by Genachowski to redefine broadband as a telecommunications service subject to "common carrier" obligations to treat all traffic equally.

The FCC has been trying to craft a new framework for regulating broadband since a federal appeals court in April threw out its current approach, which treats broadband as a lightly regulated "information service." The agency had argued that this approach gave it ample jurisdiction to mandate net neutrality.

But the U.S. Court of Appeals for the District of Columbia rejected that argument. It ruled that the agency had overstepped its authority when it ordered Comcast to stop blocking subscribers from using an online file-sharing service called BitTorrent to swap movies and other big files.

With Congress making no progress to resolve this issue, several public interest groups on Wednesday called on Genachowski to move ahead with his proposal to reclassify broadband as a telecom service.

"The FCC must act now to protect consumers by reinstating its authority over broadband," Gigi Sohn, president of the public interest group Public Knowledge, said in a statement. "We expect the FCC to do so to carry out one of the fundamental promises of the Obama administration."

But Joe Barton of Texas, the top Republican on the House Commerce Committee, said Genachowski's proposal would "stifle investment and create regulatory overhang in one of the most dynamic sectors of our economy."
http://skunkpost.com/news.sp?newsId=3291





TalkTalk, BT: We'd Put iPlayer in the Slow Lane
Barry Collins

The UK's two biggest ISPs have openly admitted they'd give priority to certain internet apps or services if companies paid them to do so.

Speaking at a Westminster eForum on net neutrality, senior executives from BT and TalkTalk said they would be happy to put selected apps into the fast lane, at the expense of their rivals.

Asked specifically if TalkTalk would afford more bandwidth to YouTube than the BBC's iPlayer if Google was prepared to pay, the company's executive director of strategy and regulation, Andrew Heaney, argued it would be "perfectly normal business practice to discriminate between them".

"We would do a deal and look at YouTube and look at the BBC, and decide," he added.

When asked the same question, BT's director of group industry policy, Simon Milner, replied: "We absolutely could see a situation when content or app providers may want to pay BT for quality of service above best efforts," although he added BT had never received such an approach.

The ISPs' stance was tacitly backed by regulator Ofcom, which has just completed a consultation on net neutrality. "We see real economic benefit for a two-sided market to emerge, especially for markets such as IPTV," said Alex Blowers, international director of Ofcom.

Blowers insisted ISPs must be transparent with customers about such arrangements.

Public service discrimination

Ofcom's consumer representatives were less enamoured with the prospect of ISPs giving some services preferential treatment. "Public services could be positively discriminated against, especially if they're high bandwidth," said Anna Bradley, chair of the Communications Consumer Panel.

"It may be that we need to consider some sort of 'must carry' obligation," for public-funded services such as the iPlayer and Government-run sites, Bradley added.

Indeed, Government officials struck a note of caution about the entire concept of blocking one site at the expense of another. "I'm a family and I sign up for a two-year contract with my ISP," theorised Nigel Hickson, head of EU and international ICT policy at the Department of Business, Innovation and Skills.

"After 18 months, my daughter comes and knocks on my door and says 'I can't get on Facebook any more' [because the ISP had given preferential access to a rival]."

"Is that acceptable?" asked Hickson. "These questions are at the heart of this debate."

No such thing as neutrality

TalkTalk's Heaney argued that the entire concept of net neutrality had long since evaporated, with varying degrees of traffic management now commonplace among all the leading ISPs. "It's a myth we have net neutrality today - we don't," he said. "There are huge levels of discrimination over traffic type. We prioritise voice traffic over our network. We shape peer-to-peer traffic and deprioritise it during the busy hour.

"If we have a blocking policy customers don't like they vote with their feet, they move," he added.

And the TalkTalk executive urged regulator Ofcom and the EU to refrain from regulating net neutrality. "We don't have a problem, so we shouldn't be considering regulation," Heaney stated. "This is just another business model. It's a legitimate and normal business practice."
http://www.pcpro.co.uk/news/broadban...-the-slow-lane





Virgin to Throttle Peer-To-Peer File Sharing

Broadband gets less broad

Virgin Media has announced that it is to start throttling the bandwidth available to users of peer-to-peer (P2P) file-sharing over its network.

Unlike the majority of DSL-based broadband providers, the cable operator has so far placed no restrictions on the use of file-sharing, only penalising specific users who hog more than their share of bandwidth under its 'fair use' policy - something it will continue to do in addition to the new regime.

Under the new rules, Virgin will cut the amount of bandwidth allocated to peer-to-peer protocols and Usenet traffic. The restrictions will be phased in between now and next summer.

The limits placed on file-sharing and Usenet traffic will vary, depending on the overall load on Virgin's network - but the company will reserve at least 75 per cent of available bandwidth at all times for ordinary browsing, as well as time-sensitive data such as streaming video.

To soften the blow, Virgin is boosting upload speeds for all users. Customers on the M and L packages will see their upload speed double from 512Kbit/s to 1Mbit/s. For XL, the thereotical maximum will become 2Mbit. Customers on Virgin's most expensive tariff, XXL, will see their upload speed rise from 1.5Mbit/s to 5 Mbit/s.

The downside for customers with XXL accounts is that, for the first time, they'll see their connection speed clobbered if they upload too much data.

Full details of the changes can be found here.
http://www.thinq.co.uk/2010/9/30/vir...-file-sharing/





Android Software Piracy Rampant Despite Google's Efforts to Curb

Long-simmering problem seems to be growing
John Cox

Android’s growing success as a smartphone operating system is bringing a long-simmering problem to light: A lot of Android applications are being pirated. The openness of the platform has made it easy for people to steal applications without paying for them.

Until very recently, it was easy to strip rudimentary copy protection from applications offered on the Android Market Web site, and then use, offer or even sell the software as your own. The problem isn’t new, and Google has taken much more aggressive steps in 2010 to make it harder to pirate Android apps.

Google defends Android Market license server, despite reported hack

But the growing popularity of the OS with enterprise users and developers is creating greater urgency, as pirated code robs developers of revenue and the incentive to remain committed Android. (See Android Set to Rule Over Apple and RIM Operating Systems.)

Network World’s Android Angle blogger, Mark Murphy, bluntly noted a year ago that “Right now, it is very straightforward — if you publish on Android Market, your application will be made available for free download outside of the Market.” He added, “This is part and parcel of having an open environment like Android.” The then-current Android Market copy protection mechanisms “have been demonstrated to be ineffective.”

One Android developer, with the handle Chimaera, reported his first app was pirated within a month, and the pirates’ download statistics were more impressive than his own. The crowning indignity: Trying to get file servers to remove the pirated software was frustratingly complicated. “They made you feel as [if] you are the offender,” he wrote.

What’s especially galling to professional developers is watching sales plunge as piracy rates soar. “The current issue we face with Android is rampant piracy, and we’re working to provide hacking counter measures, a difficult task,” says Jean Gareau, founder of VidaOne, an Austin, Texas, software company that specializes in health and fitness applications for a variety of operating systems.

One developer, “Dave,” of KeyesLabs, argued in an online forum that a “culture of cheating” was developing around the OS.

KeyesLabs created a Android utility called Screebl. In a recent blog post, the company reported: “Over time … we began to notice a dramatic increase in the number of pirated versions of Screebl Pro, accompanied by a decrease in sales. Lately our piracy rates have spiked as high as 90% on some days.” In some cases, it took only minutes after a new version was posted for pirated code to appear.

KeyesLabs created its own licensing protection, called Automatic Application Licensing (AAL), and began bundling it with Screebl Pro. “The purpose of AAL is to allow painless verification that the user of Screebl Pro actually purchased the app from the Android Market. We've taken this step to attempt to put a stop to the insane levels of piracy that Screebl has seen, and so far, things seem to be working out nicely.”

Some have argued that piracy is rampant in those countries where the online Android Market is not yet available. But a recent KeyesLabs research project suggests that may not be true. KeyesLabs created a rough methodology to track total downloads of its apps, determine which ones were pirated, and the location of the end users. The results were posted in August, along with a “heat map” showing pirate activity.

“Over the course of 90 days, the app was installed a total of 8,659 times. Of those installations only 2,831 were legitimate purchases, representing an overall piracy rate of over 67%. For my app, the largest contributor to piracy, by far, is the United States providing 4,054 or about 70% of all pirated installations of Screebl Pro.” The company concluded that of the nearly 6,000 pirated downloads, only 14% were from countries lacking access to the Android Market.

In July 2010, Google announced the Google Licensing Service, available via Android Market. Applications can include the new License Verification Library (LVL). “At run time, with the inclusion of a set of libraries provided by us, your application can query the Android Market licensing server to determine the license status of your users,” according to a blog post by Android engineer Eric Chu. “It returns information on whether your users are authorized to use the app based on stored sales records.”

It was a well-received start to securing applications, but there’s still a long way to go.

“Google is well aware of the issue and has released some feature (licensing validation), but they can easily be broken because basically, a hacker can obtain an application source code (i.e. reverse-engineering), something that cannot be done on the iPhone or Windows Mobile for instance,” says VidaOne’s Gareau.

Justin Case, at the Android Police Web site, dissected the LVL. “A minor patch to an application employing this official, Google-recommended protection system will render it completely worthless,” he concluded.

In response, Google has promised continued improvements and outlined a multipronged strategy around the new licensing service to make piracy much harder. “A determined attacker who’s willing to disassemble and reassemble code can eventually hack around the service,” acknowledged Android engineer Trevor Johns in a recent blog post.

But developers can make their work much harder by combining a cluster of techniques, he counsels: obfuscating code, modifying the licensing library to protect against common cracking techniques, designing the app to be tamper-resistant, and offloading license validation to a trusted server.

Gareau isn’t quite as convinced of the benefits of code obfuscation, though he does make use of it. He’s taken several other steps to protect his software work. One is providing a free trial version, which allows only a limited amount of data but is otherwise fully-featured. The idea: Let customers prove that the app will do everything they want, and they may be more willing to pay for it. He also provides a way to detect whether the app has been tampered with, for example, by removing the licensing checks. If yes, the app can be structured to stop working or behave erratically.

Other steps: implement the Google Java licensing scheme for apps sold on Android Market, so that people who requested and received a refund on a purchased app cannot still use the code; and using an alternative resale channel, such as www.handango.com, in locations where Android Market is not yet available.

“This is not a silver bullet, but it goes a long way to help prevent piracy,” Gareau says.
http://www.networkworld.com/news/201...id-piracy.html





About Wifi Camera

The Wifi Camera is a camera that takes "pictures" of spaces illuminated by wifi in much the same way that a traditional camera takes pictures of spaces illuminated by visible light.

The camera reveals the electromagnetic space of our devices and the shadows that we create within such spaces, in particular our wifi networks which are increasingly found in our daily lives, in coffee shops, offices and homes throughout cities of the developed world.

With the camera we can take real time "photos" of wifi (and we're working towards having video too). These show how our physical structures are illuminated by this particular electromagnetic phenomenon and we are even able to see the shadows that our bodies cast within such "hertzian" spaces.

Radio waves at wifi's wavelength behave similar to light in that they are reflected off almost all solid objects to varying degrees, just as when we see colors we see the light from a light source being reflected off an object into our eyes. And, just as with light, some materials are opaque and some materials are more or less transparent.

We do this basically by pointing a wifi antenna (or several antennas) and measuring the signal strength throughout a view - the faster we can do this, the faster we can create full-screen images.

The latest version of the wifi camera is able to create images much more quickly because it has more pixels and we have a custom built board for analysing the wifi spectrum (around 2.4GHz). The result of all this is that we can even 'see' the illumination cast by mobile phones and microwave ovens!
http://wificamera.propositions.org.uk/





Stuxnet Questions and Answers
Mikko

Stuxnet continues to be a hot topic. Here are answers to some of the questions we've received.

Q: What is Stuxnet?
A: It's a Windows worm, spreading via USB sticks. Once inside an organization, it can also spread by copying itself to network shares if they have weak passwords.

Q: Can it spread via other USB devices?
A: Sure, it can spread anything that you can mount as a drive. Like a USB hard drive, mobile phone, picture frame and so on.

Q: What does it do then?
A: It infects the system, hides itself with a rootkit and sees if the infected computer is connected to a Siemens Simatic (Step7) factory system.

Q: What does it do with Simatic?
A: It modifies commands sent from the Windows computer to the PLC. Once running on the PLC, it looks for a specific factory environment. If this is not found, it does nothing.

Q: Which factory is it looking for?
A: We don't know.

Q: Has it found the factory it's looking for?
A: We don't know.

Q: What would it do if it finds it?
A: It makes complex modifications to the system. Results of those modifications can not be detected without seeing the actual environment. So we don't know.

Q: Ok, in theory: what could it do?
A: It could adjust motors, conveyor belts, pumps. It could stop a factory. With right modifications, it could cause things to explode.

Q: Why is Stuxnet considered to be so complex?
A: It uses multiple vulnerabilities and drops its own driver to the system.

Q: How can it install its own driver? Shouldn't drivers be signed for them to work in Windows?
A: Stuxnet driver was signed with a certificate stolen from Realtek Semiconductor Corp.

Q: Has the stolen certificate been revoked?
A: Yes. Verisign revoked it on 16th of July. A modified variant signed with a certificate stolen from JMicron Technology Corporation was found on 17th of July.

Q: What's the relation between Realtek and Jmicron?
A: Nothing. But these companies have their HQs in the same office park in Taiwan. Which is weird.

Q: What vulnerabilities does Stuxnet exploit?
A: Overall, Stuxnet exploits five different vulnerabilities, four of which were 0-days:

LNK (MS10-046)
Print Spooler (MS10-061)
Server Service (MS08-067)
Privilege escalation via Keyboard layout file
Privilege escalation via Task Scheduler

Q: And these have been patched by Microsoft?
A: The two Privilege escalations have not yet been patched.

Q: Why was it so slow to analyze Stuxnet in detail?
A: It's unusually complex and unusually big. Stuxnet is over 1.5MB in size.

Q: When did Stuxnet start spreading?
A: In June 2009, or maybe even earlier. One of the components has a compile date in January 2009.

Q: When was it discovered?
A: A year later, in June 2010.

Q: How is that possible?
A: Good question.

Q: Was Stuxnet written by a government?
A: That's what it would look like, yes.

Q: How could governments get something so complex right?
A: Trick question. Nice. Next question.

Q: Was it Israel?
A: We don't know.

Q: Was it Egypt? Saudi Arabia? USA?
A: We don't know.

Q: Was the target Iran?
A: We don't know.

Q: Is it true that there's are biblical references inside Stuxnet?
A: There is a reference to "Myrtus" (which is a myrtle plant). However, this is not "hidden" in the code. It's an artifact left inside the program when it was compiled. Basically this tells us where the author stored the source code in his system. The specific path in Stuxnet is: \myrtus\src\objfre_w2k_x86\i386\guava.pdb. The authors probably did not want us to know they called their project "Myrtus", but thanks to this artifact we do. We have seen such artifacts in other malware as well. The Operation Aurora attack against Google was named Aurora after this path was found inside one of the binaries: \Aurora_Src\AuroraVNC\Avc\Release\AVC.pdb.

Q: So how exactly is "Myrtus" a biblical reference?
A: Uhh… we don't know, really.

Q: Could it mean something else?
A: Yeah: it could mean "My RTUs", not "Myrtus". RTU is an abbreviation for Remote Terminal Units, used in factory systems.

Q: How does Stuxnet know it has already infected a machine?
A: It sets a Registry key with a value "19790509" as an infection marker.

Q: What's the significance of "19790509"?
A: It's a date. 9th of May, 1979.

Q: What happened on 9th of May, 1979?
A: Maybe it's the birthday of the author? Then again, on that date a Jewish-Iranian businessman called Habib Elghanian was executed in Iran. He was accused to be spying for Israel.

Q: Oh.
A: Yeah.

Q: Is there a link between Stuxnet and Conficker?
A: It's possible. Conficker variants were found between November 2008 and April 2009. First variants of Stuxnet were found shortly after that. Both exploit the MS08-067 vulnerability. Both use USB sticks to spread. Both use weak network passwords to spread. And, of course, both are unusually complex.

Q: Is there a link to any other malware?
A: Some Zlob variants were the first to use the LNK vulnerability.

Q: Disabling AutoRun in Windows will stop USB worms, right?
A: Wrong. There are several other spreading mechanisms USB worms use. The LNK vulnerability used by Stuxnet would infect you even if AutoRun and AutoPlay were disabled.

Q: Will Stuxnet spread forever?
A: The current versions have a "kill date" of June 24, 2012. It will stop spreading on this date.

Q: How many computers did it infect?
A: Hundreds of thousands.

Q: But Siemens has announced that only 15 factories have been infected.
A: They are talking about factories. Most of the infected machines are collateral infections, i.e. normal home and office computers that are not connected to SCADA systems.

Q: How could the attackers get a trojan like this into a secure facility?
A: For example, by breaking into a home of an employee, finding his USB sticks and infecting it. Then wait for the employee to take the sticks to work and infect his work computer. The infection will spread further inside the secure facility via USB sticks, eventually hitting the target. As a side effect, it will continue spread elsewhere also. This is why Stuxnet has spread worldwide.

Q: Anything else it could do, in theory?
A: Siemens announced last year that Simatic can now also control alarm systems, access controls and doors. In theory, this could be used to gain access to top secret locations. Think Tom Cruise and Mission Impossible.

Image Copyright (c) Paramount Pictures
Image Copyright (c) Paramount Pictures

Q: Did Stuxnet sink Deepwater Horizon and cause the Mexican oil spill?
A: No, we do not think so. Although it does seem Deepwater Horizon indeed did have some Siemens PLC systems on it.

Q: Does F-Secure detect Stuxnet?
A: Yes.

Note: We have learned many of the details mentioned in this Q&A in discussions with researchers from Microsoft, Kaspersky, Symantec and other vendors.
http://www.f-secure.com/weblog/archives/00002040.html





A Silent Attack, but Not a Subtle One
John Markoff

AS in real warfare, even the most carefully aimed weapon in computer warfare leaves collateral damage.

The Stuxnet worm was no different.

The most striking aspect of the fast-spreading malicious computer program — which has turned up in industrial programs around the world and which Iran said had appeared in the computers of workers in its nuclear project — may not have been how sophisticated it was, but rather how sloppy its creators were in letting a specifically aimed attack scatter randomly around the globe.

The malware was so skillfully designed that computer security specialists who have examined it were almost certain it had been created by a government and is a prime example of clandestine digital warfare. While there have been suspicions of other government uses of computer worms and viruses, Stuxnet is the first to go after industrial systems. But unlike those other attacks, this bit of malware did not stay invisible.

If Stuxnet is the latest example of what a government organization can do, it contains some glaring shortcomings. The program was splattered on thousands of computer systems around the world, and much of its impact has been on those systems, rather than on what appears to have been its intended target, Iranian equipment. Computer security specialists are also puzzled by why it was created to spread so widely.

Global alarm over the deadly computer worm has come many months after the program was suspected of stealthily entering an Iranian nuclear enrichment plant, perhaps carried on a U.S.B. memory drive containing the malware.

Computer security specialists have speculated that once inside the factory and within the software that controls equipment, the worm reprogrammed centrifuges made by a specific company, Siemens, to make them fail in a way that would be virtually undetectable. Whether the program achieved its goal is not known.

Much speculation about the target has focused on the Iran nuclear plant at Natanz. In mid-July the Wikileaks Web site reported that it had learned of a serious nuclear accident at the plant. But international nuclear inspectors say no evidence of one exists.

The timing is intriguing because a time stamp found in the Stuxnet program says it was created in January, suggesting that any digital attack took place long before it was identified and began to attract global attention.

The head of the Bushehr nuclear plant in Iran said Sunday that the worm had affected only the personal computers of staff members, Reuters reported. Western nations say they do not believe Bushehr is being used to develop nuclear weapons. Citing the state-run newspaper Iran Daily, Reuters reported that Iran’s telecommunications minister, Reza Taghipour, said the worm had not penetrated or caused “serious damage to government systems.”

Siemens has said that the worm was found in only 15 plants around the world using its equipment and that no factory’s operations were affected. But now the malware not only is detectable, but also is continuing to spread through computer systems around the world through the Internet.

It is also raising fear of dangerous proliferation. Stuxnet has laid bare significant vulnerabilities in industrial control systems. The program is being examined for clues not only by the world’s computer security companies, but also by intelligence agencies and countless hackers.

“Proliferation is a real problem, and no country is prepared to deal with it,” said Melissa Hathaway, a former United States national cybersecurity coordinator. The widespread availability of the attack techniques revealed by the software has set off alarms among industrial control specialists, she said: “All of these guys are scared to death. We have about 90 days to fix this before some hacker begins using it.”

The ability of Stuxnet to infiltrate these systems will “require a complete reassessment” of security systems and processes, starting with federal technology standards and nuclear regulations, said Joe Weiss, a specialist in the security of industrial control systems who is managing partner at Applied Control Solutions in Cupertino, Calif.

One big question is why its creators let the software spread widely, giving up many of its secrets in the process.

One possibility is that they simply did not care. Their government may have been so eager to stop the Iranian nuclear program that the urgency of the attack trumped the tradecraft techniques that traditionally do not leave fingerprints, digital or otherwise.

While much has been made in the news media of the sophistication of Stuxnet, it is likely that there have been many other attacks of similar or even greater sophistication by intelligence agencies from many countries in the past. What sets this one apart is that it became highly visible.

Security specialists contrast Stuxnet with an intrusion discovered in the Greek cellphone network in March 2005. It also displayed a level of skill that only the intelligence agency of some foreign power would have.

A two-year investigation by the Greek government found an extremely sophisticated Trojan horse program that had been hidden by someone who was able to modify and then insert 29 secret programs into each of four telephone switching computers.

The spy system came apart only when a software upgrade provided by the manufacturer led to some text messages, sent from the system of another cellphone operator, being undelivered. The level of skill needed to pull off the operation and the targets strongly indicated that the culprit was a government. An even more remarkable set of events surrounded the 2007 Israeli Air Force attack on what was suspected of being a Syrian nuclear reactor under construction.

Accounts of the event initially indicated that sophisticated jamming technology had been used to blind the radar so Israeli aircraft went unnoticed. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source as raising the possibility that the Israelis had used a built-in kill switch to shut down the radar.

A former member of the United States intelligence community said that the attack had been the work of Israel’s equivalent of America’s National Security Agency, known as Unit 8200.

But if the attack was based on a worm or a virus, there was never a smoking gun like Stuxnet.

Kevin O’Brien contributed reporting from Berlin.
http://www.nytimes.com/2010/09/27/te...y/27virus.html





In a Computer Worm, a Possible Biblical Clue
John Markoff and David E. Sanger

Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.

That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.

Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.

There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.

“The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed,” one former intelligence official who still works on Iran issues said recently. “Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.”

So a calling card in the code could be part of a mind game, or sloppiness or whimsy from the coders.

The malicious code has appeared in many countries, notably China, India, Indonesia and Iran. But there are tantalizing hints that Iran’s nuclear program was the primary target. Officials in both the United States and Israel have made no secret of the fact that undermining the computer systems that control Iran’s huge enrichment plant at Natanz is a high priority. (The Iranians know it, too: They have never let international inspectors into the control room of the plant, the inspectors report, presumably to keep secret what kind of equipment they are using.)

The fact that Stuxnet appears designed to attack a certain type of Siemens industrial control computer, used widely to manage oil pipelines, electrical power grids and many kinds of nuclear plants, may be telling. Just last year officials in Dubai seized a large shipment of those controllers — known as the Simatic S-7 — after Western intelligence agencies warned that the shipment was bound for Iran and would likely be used in its nuclear program.

“What we were told by many sources,” said Olli Heinonen, who retired last month as the head of inspections at the International Atomic Energy Agency in Vienna, “was that the Iranian nuclear program was acquiring this kind of equipment.”

Also, starting in the summer of 2009, the Iranians began having tremendous difficulty running their centrifuges, the tall, silvery machines that spin at supersonic speed to enrich uranium — and which can explode spectacularly if they become unstable. In New York last week, Iran’s president, Mahmoud Ahmadinejad, shrugged off suggestions that the country was having trouble keeping its enrichment plants going.

Yet something — perhaps the worm or some other form of sabotage, bad parts or a dearth of skilled technicians — is indeed slowing Iran’s advance.

The reports on Iran show a fairly steady drop in the number of centrifuges used to enrich uranium at the main Natanz plant. After reaching a peak of 4,920 machines in May 2009, the numbers declined to 3,772 centrifuges this past August, the most recent reporting period. That is a decline of 23 percent. (At the same time, production of low-enriched uranium has remained fairly constant, indicating the Iranians have learned how to make better use of fewer working machines.)

Computer experts say the first versions of the worm appeared as early as 2009 and that the sophisticated version contained an internal time stamp from January of this year.

These events add up to a mass of suspicions, not proof. Moreover, the difficulty experts have had in figuring out the origin of Stuxnet points to both the appeal and the danger of computer attacks in a new age of cyberwar.

For intelligence agencies they are an almost irresistible weapon, free of fingerprints. Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and the United States has built its capacity inside the National Security Agency and inside the military, which just opened a Cyber Command.

But the near impossibility of figuring out where they came from makes deterrence a huge problem — and explains why many have warned against the use of cyberweapons. No country, President Obama was warned even before he took office, is more vulnerable to cyberattack than the United States.

For now, it is hard to determine if the worm has infected centrifuge controllers at Natanz. While the S-7 industrial controller is used widely in Iran, and many other countries, even Siemens says it does not know where it is being used. Alexander Machowetz, a spokesman in Germany for Siemens, said the company did no business with Iran’s nuclear program. “It could be that there is equipment,” he said in a telephone interview. “But we never delivered it to Natanz.”

But Siemens industrial controllers are unregulated commodities that are sold and resold all over the world — the controllers intercepted in Dubai traveled through China, according to officials familiar with the seizure.

Ralph Langner, a German computer security consultant who was the first independent expert to assert that the malware had been “weaponized” and designed to attack the Iranian centrifuge array, argues that the Stuxnet worm could have been brought into the Iranian nuclear complex by Russian contractors.

“It would be an absolute no-brainer to leave an infected USB stick near one of these guys,” he said, “and there would be more than a 50 percent chance of having him pick it up and infect his computer.”

There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.

Yossi Melman, who covers intelligence for the newspaper Haaretz and is at work on a book about Israeli intelligence over the past decade, said in a telephone interview that he suspected that Israel was involved.

He noted that Meir Dagan, head of Mossad, had his term extended last year partly because he was said to be involved in important projects. He added that in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014.

“They seem to know something, that they have more time than originally thought,” he said.

Then there is the allusion to myrtus — which may be telling, or may be a red herring.

Several of the teams of computer security researchers who have been dissecting the software found a text string that suggests that the attackers named their project Myrtus. The guava fruit is part of the Myrtus family, and one of the code modules is identified as Guava.

It was Mr. Langner who first noted that Myrtus is an allusion to the Hebrew word for Esther. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively.

“If you read the Bible you can make a guess,” said Mr. Langner, in a telephone interview from Germany on Wednesday.

Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and the Old Testament figure, noting that Queen Esther’s original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, “someone was making a learned cross-linguistic wordplay.”

But other Israeli experts said they doubted Israel’s involvement. Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”

“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”

Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.

Ethan Bronner contributed reporting from Israel, and William J. Broad from New York.
http://www.nytimes.com/2010/09/30/wo...st/30worm.html





An Alarmed Iran Asks for Outside Help to Stop Rampaging Stuxnet Malworm
DEBKAfile Exclusive Report

Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers. debkafile's intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus.

None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work. They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them. Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.

The impression debkafile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate. Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

One expert said: "The Iranians have been forced to realize that they would be better off not 'irritating' the invader because it hits back with a bigger punch."

Looking beyond Iran's predicament, he wondered whether the people responsible for planting Stuxnet in Iran - and apparently continuing to offload information from its sensitive systems - have the technology for stopping its rampage. "My impression," he said, "is that somebody outside Iran has partial control at least on its spread. Can this body stop malworm in its tracks or kill it? We don't have that information at present, he said.

As it is, the Iranian officials who turned outside for help were described by another of the experts they approached as alarmed and frustrated. It has dawned on them that the trouble cannot be waved away overnight but is around for the long haul. Finding a credible specialist with the magic code for ridding them of the cyber enemy could take several months. After their own attempts to defeat Stuxnet backfired, all the Iranians can do now is to sit back and hope for the best, helpless to predict the worm's next target and which other of their strategic industries will go down or be robbed of its secrets next.

While Tehran has given out several conflicting figures on the systems and networks struck by the malworm - 30,000 to 45,000 industrial units - debkafile's sources cite security experts as putting the figure much higher, in the region of millions. If this is true, then this cyber weapon attack on Iran would be the greatest ever.
http://www.debka.com/article/9050/





Iran Says It Arrested Computer Worm Suspects
William Yong

Iran has arrested an unspecified number of “nuclear spies” in connection with a damaging worm that has infected computers in its nuclear program, the intelligence minister, Heydar Moslehi, said Saturday.

Mr. Moslehi also told the semiofficial Mehr news agency that the ministry had achieved “complete mastery” over government computer systems and was able to counter any cyberattacks by “enemy spy services.”

Iran confirmed last week that the Stuxnet worm, a malicious self-replicating program that attacks computers that control industrial plants, had infected computers in its nuclear operations. Officials said it had been found in personal computers at the Bushehr nuclear plant, a power generator that is not believed to be part of a weapons program, and that it had not caused “serious damage” to government systems.

While the origins of the worm remain obscure, many computer security experts believe it was created by a government with the intent of sabotaging Iran’s nuclear program, which Western countries believe is aimed at creating a nuclear weapon. The United States and Israel have cyberwarfare programs and both countries have sought to undermine Iran’s nuclear enrichment program, but neither has commented on the Stuxnet worm.

Iran has portrayed the worm as a cyberattack by Western powers and Israel intended to derail the country’s nuclear program, which the government says is for peaceful purposes.

“All of the destructive activities perpetrated by the oppressors in cyberspace will be discovered quickly and means of combating these plans will be implemented,” Mr. Moslehi said. “The intelligence Ministry is aware of a range of activities being carried out against the Islamic Republic by enemy spy services.”

He provided no further details on the arrests, which could not be independently verified.

Hamid Alipour, an official at the state-run Iran Information Technology company, has said that the worm is spreading. “This is not a stable virus,” he said last week. “By the time we started to combat it three new variants had been distributed.” He said his company hoped to eliminate it within “one to two months.”
http://www.nytimes.com/2010/10/03/wo...st/03iran.html


















Until next week,

- js.



















Current Week In Review





Recent WiRs -

September 25th, September 18th, September11th, September 4th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - February 13th, '10 JackSpratts Peer to Peer 0 10-02-10 07:55 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 23rd, '10 JackSpratts Peer to Peer 0 20-01-10 09:04 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 08:15 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)