Peer-To-Peer News - The Week In Review - October 29th, '11

[JackSpratts]

Since 2002


































"Teaching is a human experience. Technology is a distraction when we need literacy, numeracy and critical thinking." – Paul Thomas

October 29th, 2011




Righthaven Ordered to Pay Nearly $120,000 in Attorney Fees, Court Costs
Steve Green

Newspaper copyright infringement lawsuit filer Righthaven LLC of Las Vegas was hit Wednesday with an order to pay $119,488 in attorney's fees and costs in its failed lawsuit against former federal prosecutor Thomas DiBiase.

This was by far the largest fee award against Righthaven, but likely will be dwarfed by an upcoming award in Righthaven's failed suit against the Democratic Underground. Before Wednesday the largest fee award against Righthaven was for $34,045 — an amount Righthaven says it's having trouble paying or even posting a bond to cover.

DiBiase has a website covering no-body murder cases, or cases where a murder is suspected but the victim's remains have not been located. He was sued by Righthaven last year over allegations he posted without authorization a story on such a murder case by the Las Vegas Review-Journal.

U.S. District Judge Roger Hunt in Las Vegas dismissed Righthaven's suit against DiBiase this summer because Righthaven lacked standing to sue him under its flawed lawsuit contract with R-J owner Stephens Media LLC.

The DiBiase case was noteworthy because his attorneys at the Electronic Frontier Foundation in San Francisco said DiBiase's nonprofit website performed a public service assisting law enforcement officials in bringing justice to crime victims — and that his post was protected by the fair use concept of copyright law.

Case law created by the Righthaven lawsuits suggests DiBiase’s use of the story would be protected by fair use as it was noncommercial and judges have found there can be no market harm to Righthaven for such uses since there is no market for copyrights Righthaven obtains for lawsuit purposes.

Hunt didn't rule on the fair use claim, but in the DiBiase case he ruled Righthaven had wrongly been claiming it had the right in its lawsuits to seize defendants' website domain names.

That standard lawsuit demand was criticized by defense attorneys who said it was meant to bully defendants into settling, though Righthaven insisted it was a legitimate demand especially against copyright infringers who wouldn't stop infringing or who failed to pay a court judgment to Righthaven.

Righthaven, as its custom, will likely appeal Wednesday's fee award in favor of DiBiase.

"The Copyright Act states that prevailing parties may recover `a reasonable attorney’s fee' along with `full costs.' Mr. DiBiase is a prevailing party based on this court’s order granting his motion to dismiss for lack of subject matter jurisdiction based on Righthaven’s lack of ownership of the copyright and consequent lack of standing,'' Hunt wrote in his ruling Wednesday, adding he also looked at other factors in Righthaven's lawsuit including "frivolousness,'' "motivation'' and the "objective reasonableness'' of Righthaven's suit.

DiBiase's attorneys received every dollar they asked for in their fee request.

"Righthaven’s lawsuit against Mr. DiBiase was a shameless attempt to extract a nuisance value settlement from someone who spends his free time trying to assist prosecutors and investigators by maintaining a one-stop Internet resource for information about `no-body’ murder cases. Mr. DiBiase prevailed in this action because he demonstrated that Righthaven could not — as a matter of law — establish the first element of a valid copyright infringement claim: ownership of a copyright. Righthaven’s case was objectively unreasonable from the outset and motivated by improper purposes throughout," their fee request said.
http://www.lasvegassun.com/news/2011...nearly-120000/





Creditor Moves to Dismantle Copyright Troll Righthaven
David Kravets

The financial woes of Las Vegas-based copyright trolling firm Righthaven worsened Saturday when one of the defendants it unsuccessfully sued for infringement asked a judge to allow seizure of the firm’s assets — with the help of the U.S. Marshals, if necessary.

The legal filing dropped moments after the Friday deadline expired for the litigation factory to pay defendant Wayne Hoehn $34,000 in legal fees. Hoehn successfully defended himself against a Righthaven copyright lawsuit seeking large damages for posting the entirety of a Las Vegas Review-Journal editorial to a small online message board.

Righthaven had asked U.S. District Judge Philip Pro of Nevada to stay the fee award, saying it might slip into bankruptcy if forced to pay.

An earlier deadline passed last month, prompting Judge Pro to reset it for Friday, a decision a federal appeals court let stand last week.

“Righthaven has exhausted any benefit of the doubt that it could be afforded, and it is time for it to pay the consequences for its actions – starting with Hoehn’s lawful judgment plus the accrued costs and fees expended in the (so far) futile attempts to compel Righthaven to take this court’s orders seriously,” Marc Randazza, Hoehn’s attorney, wrote the court.

A filing in the case shows that Randazza wants the court to “authorize the U.S. Marshalls to execute Hoehn’s judgment through seizure of Righthaven’s bank accounts, real and personal property, and intangible intellectual property rights for levy, lien, auction or other treatment appropriate for satisfaction of Hoehn’s judgment.”

Struggling after several courtroom setbacks, Righthaven has ceased filing new lawsuits pending resolution of the Hoehn case and others on appeal. Righthaven was hit with a separate order Wednesday to pay $120,000 in legal fees in another case it had lost.
Borrowing a page from patent trolls, in the spring of 2010 Righthaven was formed with the idea of suing blogs and websites that re-post those newspaper articles without permission.

Righthaven initially was winning and settling dozens of cases as defendants paid a few thousand dollars each to make the cases go away. But Righthaven has never prevailed in a case that was defended in court.

The U.S. Copyright Act allows damages of up to $150,000 per infringement, but also grants legal fees and costs to the “prevailing party.” More fee awards against Righthaven are expected.

Righthaven’s bleak financial picture also threatens its ability to continue with appellate court review of important copyright cases.

Some of the appeals question Righthaven’s legal standing to even bring lawsuits.

Another questions Judge Pro’s ruling in the Hoehn case that re-posting an entire news story was fair use and not infringement.

The lawsuit against Hoehn, one of Righthaven’s roughly 275 cases, targeted the Vietnam veteran who posted all 19 paragraphs of a November editorial from the Las Vegas Review-Journal. Hoehn posted the article, and its headline, “Public Employee Pensions: We Can’t Afford Them” on medjacksports.com to prompt discussion about the financial affairs of the nation.

Righthaven’s first client, Stephens Media of Las Vegas and operator of the Review-Journal, invested $500,000 into the Righthaven operation last year.

Righthaven’s only other client, MediaNews of Denver and the publisher of the Denver Post and 50 other newspapers, dropped Righthaven in September.

The other big issue on appeal is the complicated arrangement between Righthaven and its newspaper clients.

The arrangements hit a major snag in June when Chief U.S. District Judge Roger Hunt of Nevada threw out a copyright lawsuit against the Democratic Underground blog for allegedly clipping four paragraphs from a 34-paragraph story published by the Review-Journal, Stephens Media’s flagship paper.

As it turns out, Righthaven didn’t own the copyrights it was filing suit over. Instead, Stephens Media granted Righthaven permission to sue over the newspaper chain’s content in exchange for a 50 percent cut of all the settlements and jury awards: the agreement did not grant Righthaven license to use the content in any other way. The Electronic Frontier Foundation called the arrangement a “sham,” and judges hearing Righthaven cases began to take notice.

Judge Hunt ruled in the case that a “copyright owner cannot assign a bare right to sue.”

Righthaven’s other client, Denver Post publisher MediaNews Group, had a similar relationship with Righthaven, and some three dozen Righthaven lawsuits over Denver Post content have been dismissed over the standing issue.

Steve Gibson, Righthaven’s chief executive and one of its few remaining employees, did not immediately respond for comment.
http://www.wired.com/threatlevel/201...or-righthaven/





Rumors of Tor's Compromise are Greatly Exaggerated
phobos

There are two recent stories claiming the Tor network is compromised. It seems it is easier to get press than to publish research, work with us on the details, and propose solutions. Our comments here are based upon the same stories you are reading. We have no insider information.

The first story has been around 'Freedom Hosting' and their hosting of child abuse materials as exposed by Anonymous Operation Darknet. We're reading the press articles, pastebin urls, and talking to the same people as you. It appears 'Anonymous' cracked the Apache/PHP/MySQL setup at Freedom Hosting and published some, or all, of their users in the database. These sites happened to be hosted on a Tor hidden service. Further, 'Anonymous' used a somewhat recent RAM-exhaustion denial of service attack on the 'Freedom Hosting' Apache server. It's a simple resource starvation attack that can be conducted over low bandwidth, low resource requirement connections to individual hosts. This isn't an attack on Tor, but rather an attack on some software behind a Tor hidden service. This attack was discussed in a thread on the tor-talk mailing list starting October 19th.

The second story is around Eric Filiol's claims of compromising the Tor network leading up to his Hackers to Hackers talk in Brazil in a few days. This claim was initially announced by some French websites; however, it has spread further, such as this Hacker News story.

Again, the tor-talk mailing list had the first discussions of these attacks back on October 13th. To be clear, neither Eric nor his researchers have disclosed anything about this attack to us. They have not talked to us, nor shared any data with us — despite some mail exchanges where we reminded him about the phrase "responsible disclosure".

Here's the attack as we understand it, from reading the various press reports:

They enumerated 6000 IP addresses that they think are Tor relays. There aren't that many Tor relays in the world — 2500 is a more accurate number. We're not sure what caused them to overcount so much. Perhaps they watched the Tor network over a matter of weeks and collected a bunch of addresses that aren't relays anymore? The set of relays is public information, so there's no reason to collect your own list and certainly no reason to end up with a wrong list.

One-third of the machines on those IP addresses are vulnerable to operating system or other system level attacks, meaning he can break in. That's quite a few! We wonder if that's true with the real Tor network, or just their simulated one? Even ignoring the question of what these 3500 extra IP addresses are, it's important to remember that one-third by number is not at all the same as one-third by capacity: Tor clients load-balance over relays based on the relay capacity, so any useful statement should be about how much of the capacity of the Tor network is vulnerable. It would indeed be shocking if one-third of the Tor network by capacity is vulnerable to external attacks.

(There's also an aside about enumerating bridges. They say they found 181 bridges, and then there's a quote saying they "now have a complete picture of the topography of Tor", which is a particularly unfortunate time for that quote since there are currently around 600 bridges running.)

We expect the talk will include discussion about some cool Windows trick that can modify the crypto keys in a running Tor relay that you have local system access to; but it's simpler and smarter just to say that when the attacker has local system access to a Tor relay, the attacker controls the relay.

Once they've broken into some relays, they do congestion attacks like packet spinning to congest the relays they couldn't compromise, to drive users toward the relays they own. It's unclear how many resources are needed to keep the rest of the relays continuously occupied long enough to keep the user from using them. There are probably some better heuristics that clients can use to distinguish between a loaded relay and an unavailable relay; we look forward to learning how well their attack here actually worked.

From there, the attack gets vague. The only hint we have is this nonsense sentence from the article:

The remaining flow can then be decrypted via a fully method of attack called "to clear unknown" based on statistical analysis.

Do they have a new attack on AES, or on OpenSSL's implementation of it, or on our use of OpenSSL? Or are they instead doing some sort of timing attack, where if you own the client's first hop and also the destination you can use statistics to confirm that the two flows are on the same circuit? There's a history of confused researchers proclaiming some sort of novel active attack when passive correlation attacks are much simpler and just as effective.

So the summary of the attack might be "take control of the nodes you can, then congest the other ones so your targets avoid them and use the nodes you control. Then do some unspecified magic crypto attack to defeat the layers of encryption for later hops in the circuit." But really, these are just guesses based on the same news articles you're reading. We look forwarding to finding out if there's actually an attack we can fix, or if they are just playing all the journalists to get attention.

More generally, there are two broader lessons to remember here. First, research into anonymity-breaking attacks is how the field moves forward, and using Tor for your target is common because a) it's resistant to all the simpler attacks and b) we make it really easy to do your research on. And second, remember that most other anonymity systems out there fall to these attacks so quickly and thoroughly that no researchers even talk about it anymore. For some recent examples, see the single-hop proxy discussions in How Much Anonymity does Network Latency Leak? and Website Fingerprinting in Onion Routing Based Anonymization Networks.

I thank Roger, Nick, and Runa for helping with this post.
https://blog.torproject.org/blog/rum...ly-exaggerated





Google Music to Support Peer-To-Peer File Sharing
Jolie O'Dell

Google Music‘s upcoming online store will let you share songs with your friends, according to music industry sources, an unprecedented selling point for the fledgling service.

Peer-to-peer file sharing has been the bane of the music industry for the past decade. So how is Google getting away with making it into a feature?

One source said users who buy songs will be able to share those songs with friends, and those friends will be able to play the songs a limited number of times without purchasing the songs themselves, Business Insider reports.

So it’s not a Napster-esque torrenting free-for-all, but it accomplishes a happy medium between what consumers seem to want (more music and more sharing) and what record labels and musicians want (more money).

The deal bears some resemblance to Facebook’s music integrations, which launched at f8 this year. On Facebook, you can listen along with friends via music-streaming services such as Spotify. However, what Google is reportedly proposing puts a lot more control in users’ hands and leaves less to serendipity.

We’ve known the music store was coming since Google Music’s launch this spring at I/O, the company’s developer conference.

However, yesterday, Google’s Android chief Andy Rubin told attendees at the AsiaD conference in Hong Kong that not only was the store coming quite soon, but that it would incorporate “a little twist – it will have a little Google in it. It won’t just be selling 99-cent tracks.”

While we’ve never questioned that Google intended to deliver an innovative product to its users, we have scratched our heads over how the company was planning to deal with record labels, most of which already have agreements with heavyweight competitors such as Apple and Amazon.

However, being able to negotiate such a compromise that appeases two diametrically opposed interests is innovation in itself. We’ll see if the deal is sealed when the Google Music Store actually launches.
http://venturebeat.com/2011/10/20/go...-file-sharing/





A Million Chinese Employed to Crack Down on Fake Goods
Courtney Trenwith

Cheap fake goods from China will soon be wiped out, the head of Chinese international trade said in Perth yesterday.

In a sign of the Chinese Government's intention to crack down on the black market, there were about 1 million people employed to remove fake goods from Chinese streets, according to the vice-chairman of the China Council for the Promotion of International Trade, Wang Jinzhen.

China is arguably the counterfeit capital of the world, attracting much criticism from high-profile designers and entrepreneurs for the proliferation of replica items as vast as t-shirts, CDs and DVDs, handbags and jewellery.
Advertisement: Story continues below

In response to a question from a delegate at the Commonwealth Business Forum yesterday, Mr Wang said the industry would soon die out in China as technology, equipment and economic prosperity improved.

Businesses themselves were beginning to realise this.

"If you rely [on] export[ing] those lower quality products then there is no future for the company themselves and I know they know it right now - you'll see less and less tendency in this regard," he said.

"If you really want to develop you have to rely on high technology products and [for] lower technology products, or even fake products, there will be no future.

"The Chinese government is very serious in this regard."

However, Mr Wang said it would be difficult to completely stamp out the industry.

"I don't think it will be completely corrected, but still it will be eased," he said.

"That's good for China and the company and for everyone in the world."
http://www.smh.com.au/wa-news/a-mill...025-1mi5w.html





Valve: Piracy Is More About Convenience Than Price
Frank Cifaldi

From the perspective of Valve, software piracy is caused more by convenience than it is by the cost of games.

That's according to co-founder Gabe Newell, who recently spoke at the North to Innovation conference in Seattle, giving a very frank and open outline of the modern economics of video games.

According to Newell, Russia -- which is often ignored as a market due to its high level of piracy -- is one of Steam's highest grossing countries.

"Russia now outside of Germany is our largest continental European market," said Newell, adding that "the people who are telling you that Russians pirate everything are the people who wait six months to localize their product into Russian."

"The easiest way to stop piracy is not by putting antipiracy technology to work. It’s by giving those people a service that’s better than what they’re receiving from the pirates," he said.

Valve's Surprising Free-To-Play Numbers

Earlier this year, Valve officially went "free-to-play" by offering its popular Team Fortress 2 as a microtransaction-supported game.

According to Newell, the move increased the game's online userbase by a factor of five. Surprisingly, where most companies are claiming free-to-play conversion rates -- that is, the percentage of players who end up spending money on in-game transactions -- are between 1 and 3 percent, Newell said Team Fortress 2 players convert far more frequently.

"We see about a 20 to 30 percent conversion rate of people who are playing those games who buy something," he revealed.

"We don’t understand what’s going on," he admitted. "All we know is we’re going to keep running these experiments to try and understand better what it is that our customers are telling us."
http://www.gamasutra.com/view/news/3...Than_Price.php





Ofcom: Illegal File-Sharing Warning Letters to be Issued in 2013

Regulatory body says three-strikes measures will go ahead despite concerns over DEA
Carrie-Ann Skinner

Ofcom says illegal file-sharers will begin receiving warning letters regarding their online activities as early as summer 2013.

The warning letters are the first-step in the 'three-strikes' rule set out in the Digital Economy Act in a bid to tackle net piracy. The Act, which was made law in April last year, states that those thought to have illegally file-shared digital files will be issued with a warning letter in a bid to 'educate' the recipient that their online activities are illegal. Repeat offenders could also be faced with 'technical measures' including having their net connection throttled or even be disconnected from the web.

Ofcom was tasked with setting out an 'obligations code' and under its proposals, which have yet to finalised, the letters will notify web users that their connection has been used to illegally share files and how they can protect their net connection if they think its been hijacked and used by someone else to obtain the illegal content.

Furthermore, ISPs will be required to monitor web users thought to be illegally file-sharing and prove they can match their personal details to the IP address being used.

According to Tech Radar, Campbell Cowie, director of internet policy at Ofcom revealed the time scale a Westminster eForum on the Digital Economy Act.

Cowie also said that he expects ISPs to begin implement the technology to fulfil the measure as well as creating an independent appeals body next year.

He also said that this timeline would remain in place despite the fact BT and TalkTalk recently had a request to appeal against the Digital Economy Act granted, after the pair said the act had been subject to "insufficient scrutiny" . A hearing is expected to take place next year.

However, at the same eForum, PC Pro said TalkTalk's head of strategy and regulation, Andrew Heaney, said the letters were "frankly little better than the bullying and threats that's gone on by ACS Law and those other solicitors".

"In attempting to target and deter infringers, it will catch innocent subscribers."
http://www.pcadvisor.co.uk/news/inte...ssued-in-2013/





Campus File-Sharing Draws Attention

Software program DC++ slows on-campus Internet and risks spreading computer viruses across the network
Terra-Ann Arnone

Major film companies lodge an average of eight complaints a day with Queen’s officials. The emails are always in response to illegal file sharing on the University’s server.

Under Canadian law, users can be charged up to $20,000 for every illegally downloaded file.

Approximately 20 terabytes of copyrighted digital content is exchanged over the campus file-sharing program, DC++, every day — about 40,000 hours of video or 20 million minutes of audio.

DC++ and its offspring program Shakespeer use peer-to-peer file sharing to distribute media across campus to users with a Queen’s Internet Protocol (IP) address.

Unlike BitTorrent downloading sites that take small parts of a file from multiple users, DC++ transfers full files from one computer to another.

Queen’s DC++ hub is run by a team of administrators, operators and web hosts who change year-to-year.

The staff mask their identities with usernames.

The administrators did not respond to emails from the Journal.

Guelph, Laurier and McMaster Universities also have versions of DC++ operating on their campus servers.

For nearly a decade DC++ has fostered illegal downloading of audio, video and software files at Queen’s.

Information Technology Services reported that administration hasn’t attempted to shut down the program.

According to Queen’s copyright specialist Mark Swartz, Bill C-11 is the latest incarnation in a long line of legislature which has sought to amend the Canadian Copyright Act.

The bill was presented to the House of Commons last month to “update the rights and protections of copyright owners to better address the challenges and opportunities of the Internet, so as to be in line with international standards.”

The House of Commons hasn’t made a decision on the tabled bill.

“What the new copyright bill does is try to crack down on the people that provide these services rather than the users of these services,” Swartz said, adding that the current legislature “was made before the Internet was the way it is today.” A clause known as fair dealing allows for the legal downloading of legitimate files, like academic resources, on the Internet.

Swartz said he thinks the bill is a step in the right direction for Canada, but finds one clause disconcerting.

He cited a part of the bill that makes it illegal to break embedded locks on media files.

Locks are meant to prevent illegal copying, but Swartz said this clause doesn’t consider media files broken for legal use — like research or educational resources.

While the US has seen almost a decade of mass litigation against illegal film downloading, this September marked the first time Canadian file-sharers took a hit.

Three Internet Service Providers (ISPs) in Quebec were ordered to hand over the names and IP addresses of customers who illegally downloaded Kathryn Bigelow’s film The Hurt Locker in 2008.

The case hasn’t been resolved, but if Bill C-11 is passed, defendants will face smaller fines.

Under the new legislature, users would be liable to pay $5,000 for each illegally downloaded file. Currently, they can be charged up to $20,000.

File-sharing through mechanisms like DC++ will still be legal under Canadian law if Bill C-11 passes.

Dreamworks, Paramount, Sony Entertainment and Lionsgate send their complaints about DC++ file sharing to Queen’s Systems and Storage Co-ordinator Ray Pengelly.

“File-sharing has a major performance impact on our network,” he said. “When you see your on-campus Internet slowing down, this is why.”

All students using Queen’s wireless are bound by the Computer User Code of Ethics.

The Code directly prohibits illegal file-sharing and students in violation will likely hear from ITS after a downloading spree.

It’s easy for ITS to find a perpetrator. Complaints against the university list the user’s IP address, the illegally downloaded file and time of download.

“If they’re in residence where DC++ is running, we have a way of going in, finding their IP address and temporarily suspending their access to the network,” Pengelly said.

Last month, IT sent 45 emails to students in residence, warning them that their use of DC++ was in violation of Canadian copyright laws.

Pengelly said if illegal Internet use continues after the warning email, IT can temporarily suspend the student’s Internet access.

But viruses should be a student’s main concern when using the program, he said.

“We try to set up our network so that if a virus in one area attacks, it won’t affect the campus as a whole,” Pengelly said. “But there are times where we’ve seen them distribute out across all computers across campus and have a major, major impact on our network.

“It ends up being a very large resource constraint on the university.”

Programs like DC++ make good hosts for viruses on campus.

“These things just crawl across DC++,” he said. “You could be talking about every computer in residence starting an attack across campus.”

Researchers share files with users at other universities, making viruses on the Queen’s network a risk to people off-campus as well.

“Our focus is more on ensuring that people use it fairly so the researchers, the students doing their academic work, don’t get bogged down by people who are trying to do things like file sharing,” Pengelly said.

Despite large bandwidth on the campus network, system stress is still an issue at the University.

“It’s not like we have so much bandwidth that it can’t be saturated,” he said, referencing a network crash at Stauffer Library last week due to a system overload.

Pengelly said if administration has any plans to quell file-sharing on DC++, he doesn’t know about it.

“There’ve been many discussions about it internally and what the best course of action is against it,” he said. “But it’s a very fine line what’s going on here, and that’s all I can say.”

Pengelly said he hopes students will see beyond the convenience of file-sharing to its unethical nature.

“There’s a lot of legitimate use of file-sharing, but they aren’t using DC++ to do it,” he said. “Let’s not be naive.”
http://queensjournal.ca/story/2011-1...aws-attention/





Local File-Sharing Company Closes Amid Copyright Row
Jeffrey Wu

A local file-sharing company popular in Taiwan has closed its peer-to-peer file-sharing Foxy program after a long-term dispute over copyright.

Foxy Media Inc. said Saturday it decided to terminate services because they could help users to illegally download files.

"Foxy's strong file-sharing function has resulted in severe leakage of confidential information, as some users were using the program improperly. For this reason, a court in Taiwan has ruled it to be controversial software," Foxy Media said in a statement.

In April 2009, Foxy Media President Li Hsien-ming was charged with violating the Copyright Act.

Prosecutors argued that the Foxy file exchange website and the file-sharing program infringed upon the music copyrights of What's Music International Inc. and Universal Music Group and the film copyrights of Disney, Warner Brothers and 20th Century Fox.
http://focustaiwan.tw/ShowNews/WebNe...D=201110230006





Op-ed: The Shocking Strangeness of Our 25-Year-Old Digital Privacy Law
Jim Dempsey

Op-ed: Twenty-five years after it was passed, the Electronic Communications Privacy Act still governs much of our privacy online, and the Center for Democracy and Technology argues that ECPA needs an overhaul. The opinions in this post do not necessarily reflect the views of Ars Technica.

Cell phones the size of bricks, "portable" computers weighing 20 pounds, Ferris Bueller's Day Off, and the federal statute that lays down the rules for government monitoring of mobile phones and Internet traffic all have one thing in common: each is celebrating its 25th anniversary this year.

The Electronic Communications Privacy Act (ECPA) was signed into law on October 21, 1986. Although it was forward-looking at the time, ECPA’s privacy protections have remained stuck in the past while technology has raced ahead, providing us means of communication that not too long ago existed only in the minds of science fiction writers.

Citing ECPA, the government claims it can track your movements without having to get a warrant from a judge, using the signal your mobile phone silently sends out every few seconds. The government also claims it can read your e-mail and sneak a peek at your online calendar and the private photos you have stored in “the cloud," all without a warrant.

The government admits that if it wants to seize photos on your hard drive, it needs a warrant from a judge. And if it wants to intercept your e-mail en route, well, it needs a warrant for that, too. But once the data comes to rest on the Internet’s servers, the government claims you’ve lost your privacy rights in it. Same data, different rules.

Sound illogical? Out of step with the way people use technology today? It is. Most people assume the Constitution protects them against unreasonable searches and seizures, regardless of technology. The Justice Department thinks differently. It argues that the Fourth Amendment's warrant requirement does not apply to data stored online.

That’s the same argument the government made about telephones 80 years ago. If you really wanted your privacy, the government argued, you wouldn’t use the telephone. Unfortunately, in 1928 the Supreme Court agreed and said that wiretapping was not covered by the Constitution. It took the Court 40 years to rule that ordinary telephone calls were protected.

The courts have been equally slow in recognizing the significance of the Internet. The Supreme Court still has never ruled on whether e-mail is protected by the Constitution. Next month, the Supreme Court will hear oral argument in a case involving GPS tracking; let’s hope it doesn’t tell us we have to wait 40 years for the Constitution to cover GPS. But whatever the outcome in that case, it is unlikely to resolve all the issues associated with the new technologies we depend on now in our daily lives.

Search, but with a warrant

It’s time for Congress to update ECPA to require a warrant whenever the government reads our e-mail or tracks our movements. No competent programmer would be content to release version 1.0 of a program and then just walk away, ignoring bug reports and refusing all requests for upgraded features. Why should Congress be content with version 1.0 of our digital privacy law?

The good news is that an upgrade is in the works. Leading Internet companies and public interest groups from the left and the right have founded the Digital Due Process coalition to press Congress to enact reforms to ECPA. DDP's chief request is that, just as the government needs a warrant to enter your house or seize your computer, it should get a warrant before gaining access to your private communications stored online or to track you via your mobile phone.

Congress has taken note. Earlier this week, Senators Ron Wyden (D-OR) and Mark Kirk (R-IL) held a press conference to highlight their bi-partisan sponsorship of a bill requiring government agents to get a warrant before using technological means to track an individual. The press conference was held amid a "Retro Tech Fair" that displayed a dazzling array of 1986-era computers—highlighting just how far technology has come since ECPA was passed.

Just yesterday, Sen. Patrick Leahy (D-VT), the original author of ECPA, announced his intention to schedule a Committee markup before year's end on his ECPA reform bill.

These are encouraging steps, but you can be sure that the Justice Department will put up a fight. Prosecutors would rather act on their own, without going before a judge. They will raise all kinds of arguments about why the standard set in the Constitution over 200 years ago should not apply to the Internet.

Proponents of stronger privacy protection are gearing up, too. A left-right coalition spanning political ideologies has launched a campaign where individuals can add their name to a petition urging Congress to enact strong privacy protections.

You can get nostalgic for a 25-year-old movie, but there's nothing endearing about a 25-year-old digital privacy law.
http://arstechnica.com/tech-policy/n...rivacy-law.ars





New Law Would Require Warrants for GPS Surveillance
Marshall Kirkpatrick

Location data produced by modern technology like GPS and cell phones can today be accessed by law enforcement agents without probably cause and a warrant, but Oregon Senator Ron Wyden has introduced legislation that would change that.

Senator Ron Wyden (D-Ore.) this week welcomed U.S. Senator Mark Kirk (R- Ill.) as a cosponsor of the Geolocation Privacy and Surveillance Act (GPS), making the joint announcement at a Retro Tech Fair sponsored by the Center for Democracy in Technology commemorating the 25th anniversary of the Electronic Communications Privacy Act (ECPA). The new Act would require law enforcement to get a warrant before accessing historical or real-time location data about an individual from a technology provider or device, except in cases of national security, theft or fraud.

This is no trivial matter, either. Google, for example, reported today that it now gets an average of 31 US government requests for information about Google users every day, which is up 29% over the last 6 month period. The company says it complies with 93% of those requests. The percentage of those requests that involve location isn't broken out. For what it's worth, Google doesn't tell the governments of Turkey or Russia anything.

Data and location are both potential software development platforms with incredible, world-changing potential. They need to feel safe enough for users to engage with and for companies to trade in, if we're ever going to see that innovative potential realized.

The proposed US federal act announcement today was made with support from the ACLU on the Left and the Competitive Enterprise Institute on the political Right.

Laura W. Murphy, director of the ACLU's Washington Legislative Office, said, "As we live more and more of our lives online, it's crucial that our information and communications receive vigorous constitutional protections. We have seen how rapidly technology has outpaced our privacy rights and Sen. Wyden and Kirk's bill is a good first step toward rectifying that disparity."

Ryan Radia of the Competitive Enterprise Institute put it like this: "The reforms proposed in the GPS Act would benefit American businesses that offer innovative mobile ecosystems and the consumers who enjoy these platforms. If the burgeoning mobile marketplace is to realize its full potential, firms must have the freedom to offer robust privacy assurances to their users. The GPS Act would mark a major step forward in that direction."

Aaron Parecki, co-founder of Portland, Oregon's Geoloqi, one of the most interesting new location tracking startups online, said that the passage of the act would be a relief to him as a technology startup. "It's great because it requires law enforcement to get a warrant so that we don't have to worry about being pressured into giving out our users' location data," he told ReadWriteWeb.

Data and location are both potential software development platforms with incredible, world-changing potential. They need to feel safe enough for users to engage with and for companies to trade in, if we're ever going to see that innovative potential realized.
https://www.readwriteweb.com/archive...urveillanc.php





Syria Using American Software to Censor Internet, Experts Say
Sari Horwitz,

Syria is using equipment and software developed by an American company to censor the Internet and conduct surveillance of its citizens, according to data analyzed by technology experts and advocates for Syrian dissidents.

The equipment, developed by California-based Blue Coat Systems, is allegedly being used by Syria’s autocratic government to block access to the Internet and crack down on dissidents who have been protesting against President Bashar al-Assad for nearly eight months, the experts and advocates say.

U.S. officials say they are reviewing reports that Syria’s government is using the company’s products. “The issue of Blue Coat’s technology being used in Syria is one that the State Department is taking very seriously and is very concerned about,” said a State Department official who would discuss the matter only on the condition of anonymity.

A senior administration official, also speaking on the condition of anonymity, noted that sanctions restrict U.S. companies from trade with Syria. “Our sanctions provide for some exceptions for certain software,” the official said. “Anything exported that is not covered by exceptions would violate sanctions.”

Blue Coat, based in Sunnyvale, said it has not sold equipment or software to the Syrian government, but a spokesman did not deny that Syria could have obtained the products through a third party.

“Blue Coat does not sell to Syria,” spokesman Steve Schick said in an e-mail. “We comply with U.S. export laws, and we do not allow our partners to sell to embargoed countries.” Sales by U.S. companies to Syria are illegal under sanctions imposed by President George W. Bush in 2004.

Eric King of Privacy International, a London-based nonprofit group that challenges government surveillance, said the company’s products can enable a government to monitor the Internet activity of large numbers of people. “In the wrong hands, Blue Coat technology can all too easily be used as a tool of political control,” he said.

Given the nature of the gray market for surveillance and monitoring equipment, Syria may have acquired the Blue Coat equipment indirectly, according to Pratap Chatterjee of London’s Bureau of Investigative Journalism, which is probing the allegations.

“A lot of the manufacturers don’t know or don’t want to know who’s buying their technology because they could be subject to fines or prosecution in their countries,” Chatterjee said.

Reports of Syria’s alleged use of Blue Coat products originated with Telecomix, a group founded by Swedish hackers in 2006 that has been providing support to dissidents in the Middle East.

Telecomix released electronic records from the Syria Telecommunications Establishment, which the group said showed that the government was using Blue Coat equipment to prohibit its citizens from browsing certain Web sites and social media. In August, Telecomix activists said they downloaded 54 gigabytes of Syrian telecommunications data that indicated that the Blue Coat technology was being used to filter Internet communications in the country.

“These devices are clearly manufactured by Blue Coat, and they are clearly in Syria and administered by the state telecommunications company,” said Peter Fein, a computer programmer with Telecomix. “They are being used to block Syrians of every political stripe, and even those not politically active, of accessing sites that we in the West take for granted, things like Facebook and Twitter. They are also being used to monitor the communications of peaceful dissidents.”

Amr Al-Azm, a Syrian activist who fled to the United States in 2006 and has played an active role in organizing the uprisings in Syria this year, called the ability to spread information via the Internet “the tools of our trade.”

“It is vital that the U.S. finds ways to restrict regimes like the Assad regime in getting this technology,” said Al-Azm, who is now an assistant professor of history at Shawnee State University in Ohio. “These uprisings are meant to be peaceful, so our primary weapon is our ability to spread information.”

Blue Coat promotes itself as a leading provider of Web security and management. Founded in 1996, the company sells to more than 15,000 customers worldwide, according to its Web site. The company, originally called CacheFlow, had revenue of $487.1 million in 2010. It sells high-end computer security systems, which give some of the world’s biggest corporations the tools to do sophisticated “data management” by blocking users from accessing certain sites and tracking users who try to access such sites.

The company’s biggest customer in the Middle East is Saudi Arabia, with major sales in United Arab Emirates, Qatar, Kuwait, Oman and Yemen, according to a Blue Coat news release.

In recent months, technology experts have alleged that Western companies are knowingly or unknowingly selling technology to authoritarian regimes.

“Hundreds of Western companies are pitching these kinds of surveillance technologies to some of the most authoritarian regimes in the world, turning a blind eye to the ways in which these dangerous technologies are being used to monitor and oppress,” King said. “Stricter regulation of this trade is desperately needed.”

Staff writer Shyamantha Asokan and researcher Julie Tate in Washington contributed to this report.
http://www.washingtonpost.com/world/...r7L_story.html





BT Ordered to Block Newzbin2 Filesharing Site Within 14 Days

High court ruling at request of Hollywood studios could set precedent for widespread blocking of illegal filesharing websites
Mark Sweney

BT has been given 14 days to block access to a website accused of promoting illegal filesharing "on a grand scale" by Hollywood studios, in the first high court ruling of its kind under UK copyright law.

Justice Arnold handed down a written judgment to BT – which, with about 6 million customers, is the UK's biggest internet service provider – to block its customers' access to the website Newzbin2 at the high court in London.

The judge backed the argument brought by a coalition of Hollywood studios, including Warner Bros, Paramount, Disney, Universal, Fox and Columbia, which have argued that Newzbin2 has made millions profiting from exploiting other people's work.

Wednesday's court order also allows for the blocking of any other IP or internet address that the operators of the Newzbin2 site might look to use to continue to offer copyrighted content to users.

The judge said that limiting the blocking order to the Newzbin2 site would be "too easily circumvented to be effective" because the site's owners have already made available software that could allow users to get around a BT block.

He backed the studios' proposal that BT should also move to block "any other IP address or URL whose sole or predominant purpose is to enable or facilitate access to the Newzbin[2] website".

"Furthermore, I do not consider that the studios should be obliged to return to court for an order in respect of every single IP address or URL that the operators of Newzbin2 may use," he added.

The court said BT must foot the bill for the cost of implementing the web block on Newzbin2.

BT, which argued that the creative industries should pay, has estimated the cost to be about £5,000 and £100 for each subsequent notification.

Arnold rejected an attempt by BT to include an undertaking for the studios to reimburse the telecoms company for any losses it might incur from a site being blocked, such as from any legal action to fight the move.

The judge also said BT customers would not be able to make claims against the company for breach of contract because its broadband package is covered under an acceptable use policy that explicitly says copyright must not be infringed.

The order is viewed by the creative industries as a landmark that could set a precedent for the widespread blocking of illegal filesharing websites by ISPs, helping to stem the flow of digital piracy in the UK.

"The law is clear. Industrial online piracy is illegal and can be stopped," said Lord Puttnam, president of the Film Distributors' Association.

Chris Marcich, managing director of film industry trade body the MPA, said today's "win" would allow for more investment in digital services from TV, film, music and publishing companies.

"Securing the intervention of the ISPs was the only way to put the commercial pirates out of reach for the majority of consumers," Marcich added. "This move means that we can invest more in our own digital offerings, delivering higher quality and more variety of products to the consumer."

BT said it is "helpful" to have a court order to bring "clarity" to the site blocking process.
http://www.guardian.co.uk/technology...lesharing-site





Group: New Version of PROTECT IP May Target Legal Sites

Supposed House version of the bill would hold websites legally liable for users' infringement, a group says
Grant Gross

An upcoming version of U.S. legislation designed to combat copyright infringement on the Web may include provisions that hold online services such as Twitter, Facebook and YouTube legally responsible for infringing material posted by users, according to one group opposed to the bill.

Two members of the U.S. House of Representatives are expected to introduce a new version of the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (the PROTECT IP Act or PIPA) this week. The bill could be similar to a version of the PROTECT IP Act approved by the Senate Judiciary Committee in May, but could include new legal liabilities for websites and online services that host user-generated content, said Demand Progress, a liberal civil liberties group opposed to the legislation.

The Senate version of the bill would allow the U.S. Department of Justice to seek court orders requiring search engines and ISPs to stop sending traffic to websites accused of infringing copyright. The Senate bill would also allow copyright holders to seek court orders requiring payment processors and online ad networks to stop doing business with allegedly infringing websites.

If Demand Progress is correct about the House version of PROTECT IP, the bill would overturn parts of the 13-year-old Digital Millennium Copyright Act that protect websites and ISPs from copyright lawsuits for the infringing activity of their users. "Our allies on [Capitol] Hill say the bill's so bad that it could effectively destroy Youtube, Twitter, and other sites that rely on user-generated content by making the sites' owners legally responsible for everything their users post," the group said in an alert to members.

More than 30,000 U.S. residents sent messages to their lawmakers early Tuesday, Demand Progress said, after the group called on its members to ask their elected representatives to refuse to sponsor the House version of PROTECT IP. The House version is expected to be introduced this week by Representatives Bob Goodlatte, a Virginia Republican, and Lamar Smith, a Texas Republican.

Demand Progress will oppose the House bill if it looks like the Senate version, said David Segal, Demand Progress' executive director. "We ask even those lawmakers who are leaning towards supporting it to hold back for now, decline cosponsorship, and listen to opponents' concerns," he said in an email. "The Senate version of PROTECT IP will stifle free speech and innovation -- and all indications are that the House version will be even worse."

A spokeswoman for Goodlatte declined to comment on the legislation, referring questions to the House Judiciary Committee, where Smith is chairman. A spokeswoman for Smith didn't respond to a request for information about the bill.

Supporters of PROTECT IP say the bill would help shut down foreign websites that sell counterfeit, and sometimes dangerous, products. PROTECT IP would save U.S. jobs by shutting down online sales of counterfeit products, Steve Tepp, chief intellectual property counsel for the Global Intellectual Property Center at the U.S. Chamber of Commerce, wrote in a blog post last month.

"Rogue sites ... flood the U.S. marketplace with dangerously defective products, attract more than 53 billion visits per year, and have total disregard for U.S. laws which are designed to protect consumer safety and intellectual property," Tepp wrote. "Consumers should be able to rely on trust and good faith in buying legitimate products online. Rogue sites and online criminals abuse this trust for their illicit gain."

Several other groups have raised concerns about PROTECT IP. On Monday, trade groups the Consumer Electronics Association, the Computer and Communications Industry Association and NetCoalition sent a letter to Smith, Goodlatte and other House Judiciary Committee members, asking them to hold off on legislation and wait for more input from affected groups.

The three trade groups also sent a letter to other House members, asking them to consider potential "collateral damage" to the Internet before co-sponsoring PROTECT IP. The stakes are high, the letter said. "The technology industry is leading America out of the recession, and inadvertent damage to the tech sector could not happen at a worse time."
http://www.techworld.com.au/article/...t_legal_sites/





House Takes Senate's Bad Internet Censorship Bill, Tries Making it Worse
Nate Anderson

Imagine a world in which any intellectual property holder can, without ever appearing before a judge or setting foot in a courtroom, shut down any website's online advertising programs and block access to credit card payments. The credit card processors and the advertising networks would be required to take quick action against the named website; only the filing of a “counter notification” by the website could get service restored.

It's the world envisioned by Rep. Lamar Hunt (R-TX) in today's introduction of the Stop Online Piracy Act in the US House of Representatives. This isn't some off-the-wall piece of legislation with no chance of passing, either; it's the House equivalent to the Senate's PROTECT IP Act, which would officially bring Internet censorship to the US as a matter of law.

Calling its plan a “market-based system to protect US customers and prevent US funding of sites dedicated to theft of US property,” the new bill gives broad powers to private actors. Any holder of intellectual property rights could simply send a letter to ad network operators like Google and to payment processors like MasterCard, Visa, and PayPal, demanding these companies cut off access to any site the IP holder names as an infringer.

The scheme is much like the Digital Millennium Copyright Act's (DMCA) "takedown notices," in which a copyright holder can demand some piece of content be removed from sites like YouTube with a letter. The content will be removed unless the person who posted the content objects; at that point, the copyright holder can decide if it wants to take the person to court over the issue.

Here, though, the stakes are higher. Rather than requesting the takedown of certain hosted material, intellectual property owners can go directly for the jugular: marketing and revenue for the entire site. So long as the intellectual property holders include some “specific facts” supporting their infringement claim, ad networks and payment processors will have five days to cut off contact with the website in question.

The scheme is largely targeted at foreign websites which do not recognize US law, and which therefore will often refuse to comply with takedown requests. But the potential for abuse—even inadvertent abuse—here is astonishing, given the terrifically outsized stick with which content owners can now beat on suspected infringers.

Blockade

One thing private actors can't do under the new bill is actually block a site from the Internet, though it hardly matters, because the government has agreed to do it for them. The bill gives government lawyers the power to go to court and obtain an injunction against any foreign website based on a generally single-sided presentation to a judge. Once that happens, Internet providers have 5 days to “prevent access by its subscribers located within the United States to the foreign infringing site.”

The government can also go after anyone who builds a tool designed for the "circumvention or bypassing" of the Internet block. Such tools already exist as a result of the US government's ongoing campaign to seize Internet domain names it believes host infringing content; they can redirect visitors who enter the site's address to its new location. The government has already asked Web browser makers like Mozilla to remove access to these sorts of tools. Mozilla refused, so the new bill just tries to ban such tools completely. (Pointing your computer's browser to a foreign DNS server in order to view a less-censored Internet still appears to be legal.)

Search engines, too, are affected, with the duty to prevent the site in question “from being served as a direct hypertext link.” Payment processors and ad networks would also have to cut off the site.

Finally, and for good measure, Internet service providers and payment processors get the green light to simply block access to sites on their own volition—no content owner notification even needed. So long as they believe the site is “dedicated to the theft of US property,” Internet providers and payment processors can't be sued.

"Industry norms"

The House bill is shockingly sympathetic to a narrow subsection of business interests. For instance, buried deep in the back of the >70-page document is a requirement that the US Intellectual Property Enforcement Coordinator prepare a study for Congress. That study should analyze “notorious foreign infringers” and attempt to quantify the “significant harm inflicted by notorious foreign infringers.” (Talk about assuming your conclusions before you start.)

The report, which is specifically charged to give weight to the views of content owners, requests a set of specific policy recommendations that might “encourage foreign businesses to adopt industry norms to promote the protection of intellectual property globally.” Should the bill pass, the US government would be explicitly charged with promoting private “industry norms”—not actual laws or treaties—around the world.

In the request for the report, we can also see the IP maximalist lobby preparing for its next move: shutting off access to US capital markets and preventing companies from "offering stock for sale to the public" in the US.

Call it what it is

Not all censorship is bad—but we need to have an honest discussion about when and how to deploy it, rather than wrapping an unprecedented set of censorship tools in meaningless terms like "rogue site," or by calling a key section of the new bill the "E-PARASITE Act."

You don't have to support piracy—and we don't—to see the many problems with this new approach. Just today, the RIAA submitted to the US government a list of "notorious markets." As part of that list, the RIAA included "cyberlockers" like MegaUpload, which are "notorious services" that "thumb their noses at international laws, all while pocketing significant advertising revenues from trafficking in free, unlicensed copyrighted materials."

It's not hard to imagine how long it would take before such sites--which certainly do host plenty of user-uploaded infringing content--are targeted under the new law. Yet they have a host of legal uses, and cyberlockers like RapidShare have been declared legal by both US and European courts.

Not surprisingly, the new bill is getting pushback from groups like NetCoalition, which counts Google, Yahoo, and small ISPs among its members. "As leading brands of the Internet, we strongly oppose offshore 'rogue' websites and share policymakers' goal of combating online infringement of copyrights and trademarks," said executive director Markham Erickson in a statement.

"However, we do not believe that the solution lies in regulating the Internet and comprising its stability and security. We do not believe that it is worth overturning a decade of settled law that has formed the legal foundation for all social media. And finally, we do not believe that it is worth restricting free speech or providing comfort to totalitarian regimes that seek to control and restrict the Internet freedoms of their own citizens."

Dozens of law professors have also claimed the original PROTECT IP Act, which contains most of the same ideas, is unconstitutional. But the drumbeat for some sort of censorship is growing louder.
http://arstechnica.com/tech-policy/n...s-it-worse.ars





Disastrous IP Legislation Is Back – And It’s Worse than Ever
EFF

We've reported here often on efforts to ram through Congress legislation that would authorize massive interference with the Internet, all in the name of a fruitless quest to stamp out all infringement online. Today Representative Lamar upped the ante, introducing legislation, called the Stop Online Piracy Act, or "SOPA," that would not only sabotage the domain name system but would also threaten to effectively eliminate the DMCA safe harbors that, while imperfect, have spurred much economic growth and online creativity.

As with its Senate-side evil sister, PROTECT-IP, SOPA would require service providers to “disappear” certain websites, endangering Internet security and sending a troubling message to the world: it’s okay to interfere with the Internet, even effectively blacklisting entire domains, as long as you do it in the name of IP enforcement. Of course blacklisting entire domains can mean turning off thousands of underlying websites that may have done nothing wrong. And in what has to be an ironic touch, the very first clause of SOPA states that it shall not be “construed to impose a prior restraint on free speech.” As if that little recitation could prevent the obvious constitutional problem in what the statute actually does.

But it gets worse. Under this bill, service providers (including hosting services) would be under new pressure to monitor and police their users’ activities. Websites that simply don’t do enough to police infringement (and it is not at all clear what would qualify as “enough”) are now under threat, even though the DMCA expressly does not require affirmative policing. It creates new enforcement tools against folks who dare to help users access sites that may have been “blacklisted,” even without any kind of court hearing. The bill also requires that search engines, payment providers (such as credit card companies and PayPal), and advertising services join in the fun in shutting down entire websites. In fact, the bill seems mainly aimed at creating an end-run around the DMCA safe harbors. Instead of complying with the DMCA, a copyright owner may now be able to use these new provisions to effectively shut down a site by cutting off access to its domain name, its search engine hits, its ads, and its other financing even if the safe harbors would apply.

And that’s only the beginning: we haven’t even started on the streaming provisions.

We’ll have more details on the bill in the next several days but suffice it to say, this is the worst piece of IP legislation we’ve seen in the last decade — and that’s saying something. This would be a good time to contact your Congressional representative and tell them to oppose this bill!
https://www.eff.org/deeplinks/2011/1...99s-worse-ever





Google Declines To Remove Police Brutality Videos, Still Complies With 63% Of Gov’t Takedown Requests
Devin Coldewey

What happens when you’re the de facto distribution platform for something like Occupy Wall St and other events that run afoul of the police? Well, you end up getting an email through semi-official channels saying “Would you please remove the video of Officer Pounder allegedly overstepping his authority” — and there’s not much of a choice. As much as Google would like to avoid antagonizing local police forces, the backlash that would occur if they forcibly took down, say, Officer Bologna (Tony Bologna no less) pepper spraying those girls, would be lethal to the YouTube brand. Up it stays.

On the other hand, there are plenty of legitimate takedown requests that come from governments when a video or other Google-hosted item is in fact illegal, so down they must come, whether they like it or not. It’s a fine line to walk, and Google has hoped to make their position clear with their Transparency Report. The report corresponding to the first half of 2011 has an interesting little extra tidbit: “We received a request from a local law enforcement agency to remove YouTube videos of police brutality, which we did not remove.”

Why so specific? The statement continues, saying that other videos of police were requested to be taken down for defamation reasons, and were also not removed. I think that in this time of turmoil, Google is saying very quietly what it wouldn’t really be tactful to say loudly: “Put your sensitive and controversial video data here.” Certainly a site like LiveLeak is also an option, but YouTube finds itself the center of attention more frequently, and being more of a popular culture community, it wants to emphasize its legitimacy in matters like this. The transparency report is a way for them to encourage users to trust them, and perhaps, governments to respect them.

The official or district that requested the brutality video be taken down is not specified (and at the level of disclosure Google seems to prefer, I doubt it ever will be), but it’s worth noting that it’s a “local” law enforcement agency. That is to say, Google did not receive a letter from a federal judge and decide to contest it. Hopefully this little display of gusto won’t be overpowered if the stakes get raised and that does happen. In the meantime, as I wrote, our responsibilities as documentarians of everything around us are increasing, and knowing YouTube is an asset we can trust is a good thing.

On a related note, the trends of takedowns aren’t really notable this year; though The Guardian points out that there was a 70% increase in takedown requests versus the previous six-month period (92 vs. 54), they neglect to note that the six-month period before that (i.e. January-June 2010) had a whopping 128. Google has started classifying takedown requests by reason, however (defamation, privacy, hate speech, etc), which will be an interesting set of data to track.

US Government requests for user data jumped, however: 5950 versus 4287 during the same period in 2010, asking for information on 11,057 users. 93% of these were complied with, “fully or partially.” So while they’re making something of a stand on removing data, they don’t seem to have any trouble giving it out.
http://techcrunch.com/2011/10/26/goo...down-requests/





Broadband Company’s Demise Puts Taxpayers on Hook for $74 Million Loan
Cecilia Kang,

As the government prepares Thursday to commit billions of dollars to bring high-speed Internet to rural areas, the biggest-#ever such project has collapsed.

The company Open Range, backed by a commitment of $267 million in loans from the Agriculture Department, filed for bankruptcy this month. Taxpayers are on the hook for $74 million that the upstart hasn’t repaid. And now the company, some analysts and a senior government official are blaming poor judgment and Washington bureaucracy as the reasons Open Range failed.

The two agencies that oversaw the venture defended their roles in Open Range’s demise, saying the circumstances that led to the bankruptcy were out of their control and highly unusual.

The decline of the Greenville, Colo., company comes as Republicans are criticizing the Obama administration for throwing taxpayer money at unproven ventures. The furor was sparked by the high-profile failure of solar-panel manufacturer Solyndra, which filed for bankruptcy after getting more than $535 million in federal loan guarantees.

While Solyndra has grabbed headlines, the spotlight on Open Range’s failure is intensifying. On Wednesday, Democrats called for the company to be included in a House investigation into the Solyndra affair.

Like Solyndra, Open Range aimed to use cutting-edge technology with a fragile business model, some analysts said.

“When trying to subsidize broadband in rural areas, there will be failures,” said Richard Bennett, a senior research fellow at Information Technology and Innovation Foundation, a think tank supported by major telecommunications companies. “That’s why technologies need to be carefully vetted — especially when they are unconventional, like in the case of Open Range.”

Goal deemed worthy

The federal loan given to Open Range was part of a long-standing policy objective, pushed by both the George W. Bush and Obama administrations, to extend high-speed Internet service to the most isolated parts of the country.

Advocates say the goal is worthy. Building the networks brings jobs, while greater access to the Internet can turn around local economies. And private companies have been reluctant to invest the resources to bring service to rural areas.

“There is a real role for government to play here,” said Joel Kelsey, a policy analyst at the public interest group Free Press.

The Federal Communications Commission will vote Thursday on diverting $4.5 billion, generated by consumer fees, to private companies that need the money to bring high-speed Internet service to the 18 million Americans who lack such access.

High-speed Internet “has gone from being a luxury to a necessity for full participation in our economy and society,” FCC Chairman Julius Genachowski said in a speech this month.

Yet, even supporters of the initiative caution that the government has had mixed success on such projects. In many cases, Kelsey said, cell towers are erected and miles of fiber are placed beneath roadways but consumers do not end up using the service.

The government has a “spotty track record,” Kelsey said. “When handing out ratepayer or taxpayer dollars, this need to be right.”

Open Range’s loan was originally granted by the Bush administration. In 2008, the USDA’s administrator of Rural Utilities Services grants, Bush appointee James Andrews, touted Open Range’s unique plan to get broadband to neglected areas by using a network of satellites owned by a company called Globalstar.

Special waiver sought

Open Range and Globalstar needed a special waiver from the FCC to partner on the project. Three of the agency’s commissioners approved the request, saying it wanted to support the USDA’s loan. Those who disagreed said it was inappropriate to give one company special favors.

One FCC official added: “It was bad all around. Open Range had bad technology, and Globalstar’s request was extraordinary. . . . We had no idea why the USDA approved this thing, and even staff at [the USDA] were telling us they were concerned about it.” The official spoke on the condition of anonymity because of the controversy surrounding the firms.

Problems at the companies quickly emerged. An equipment partner provided shoddy technology, according to Open Range’s bankruptcy filing. The USDA’s money was dispersed slowly and inefficiently, the filing said.

Globalstar also ran into delays in launching its satellites and failed to meet deadlines set by the FCC. On several occasions, Globalstar asked for more time.

In September 2010, as it looked increasingly clear that the FCC was not going to give the venture an extension, the USDA administrator of the loan, Jonathan Adelstein, sent a letter to Genachowski warning that its entire loan was at risk if more time was not granted.

“Such a result could severely curtail the program and would be contrary to the . . . shared goal of expanding broadband throughout the U.S., especially during the time of constricted private capital,” Adelstein wrote.

The FCC turned the request down a few days later. That led the USDA to slash its original loan commitment of $267 million to Open Range in half. Over the following year, the company fired the majority of its staff, including its chief executive Bill Beans. Although Globalstar has remained in business, Open Range filed for bankruptcy Oct. 6.

FCC promotes new venture

The FCC said it didn’t have a choice.

“Globalstar conceded failure to comply with its obligation to provide nationwide satellite service, which led to the agency’s decision to deny its extension request,” said Tammy Sun, a spokeswoman for the FCC.

Adelstein’s spokesperson declined to make him available for this report. In a prepared statement, Adelstein said that he was “disappointed” Open Range went bankrupt and that 99 percent of all USDA broadband loans are paid back.

Open Range did not respond to several requests for comment. Globalstar declined to comment.

The FCC’s handling of the matter has come under scrutiny by lawmakers partly because the agency promoted a similar venture called LightSquared about the same time it was turning its back on Open Range. Critics of the FCC have accused the agency of favoring LightSquared because it is backed by Democratically connected hedge fund financier Philip Falcone.

“There is clearly the perception of favoritism,” said Tim Farrar, an independent analyst at TMF Associates. Farrar said his consultancy has no financial interests in LightSquared or Open Range’s venture. A similar charge was levied by Globalstar in a recent letter to the FCC.

But unlike Open Range and Globalstar, LightSquared so far has followed through with its obligations, the FCC said.

“Comparing the two is like comparing apples and oranges,” Sun said.
http://www.washingtonpost.com/busine...FKM_story.html





Coldplay Latest Act to Freeze Out Streaming Services (scoop)
Greg Sandoval

Coldplay, one of the world's biggest music acts, has declined to offer songs from the company's new album "Mylo Xyloto," to streaming services such as Spotify, Rdio and Rhapsody, multiple sources told CNET.

EMI, the band's record label, acknowledged that Coldplay, known for such songs as "Yellow" and "Clocks," will not distribute through streaming services for "Mylo Xyloto," but did not detail the reasons for the decision. "We always work with our artists and management on a case by case basis to deliver the best outcome for each release," EMI said in a statement.

"Mylo Xyloto," however, has been streamed online. Coldplay, which has sold more than 50 million records since debuting in 1996, offered a new track from the album each day last week through iTunes. Coldplay representatives were not immediately available for comment.

EMI, the smallest of the four largest record companies, is a little embarrassed by the band's decision, according to the sources who spoke with CNET. All four of the major labels have thrown their support behind streaming services and it is one of the ways the industry has seen a modest amount of success at convincing fans to again pay for music after a decade-long era of rampant music piracy.

Losing a band with the marquee value of Coldplay is a blow to the streaming sector but it is only the most recent act to follow a no-streaming strategy amid concerns over payouts.

The management team of singer-actor Tom Waits has informed services such as Spotify, Rhapsody, and MOG, that it will not be distributing his new album, "Bad As Me," through them, according to industry sources. The album "21," from British songstress Adele, is one of the best selling of the year but the music can't be found on Spotify.

While Spotify offers millions of tracks, there are other bands as well missing its catalog. What's going on?

"We have strong support from the music industry," Spotify said in a statement. "We of course respect the decision of any artist who chooses not to have their music on Spotify for whatever reason. We do however hope that they will change their minds as we believe that the Spotify model is adding, and will continue to add, huge value to the music industry. Right now we have already convinced millions of consumers to pay for music again, and that they are generating real revenue for the music business."

Jaimee Steele, a spokeswoman for Rhapsody, said that artists must remember this is a new segment and that it will take time to produce the kind of sales volume as say iTunes and music downloads. But she also cautioned that streaming is where the public is going. And for artists, streaming is likely to be more profitable over the longer term.

"Artists are getting paid every time one of their tracks is being played," Steele said. "A download is sold and the revenue is distributed, but the artist doesn't see any more money from future plays of that song. With streaming, if someone plays a song a million times, the artist will earn money from that. Music acts could potentially make more money.

Coldplay's handlers are telling some of the services they won't stream because they believe "Mylo Xyloto" should be heard as one cohesive work, according to one industry insider with knowledge of the discussions. They don't want the album to be broken up into singles.

If that's true, how often have we heard this before? Acts such as AC/DC, Kid Rock, and Pink Floyd have all eschewed digital sales at one point and claimed that their music should be heard in its entirety.

That's fine, but forcing people to buy music that they may not want is taking us back to the days of the CD, when fans people required to plunk down $15 for one or two good songs. It was anti-consumer then and it is anti-consumer now.
http://news.cnet.com/8301-31001_3-20...ervices-scoop/





Report: Netflix Hogs 32 Percent of Peak Internet Bandwidth
Chikodi Chima

Netflix again leads the pack as North America’s largest consumer of Internet bandwidth, creating 32 percent of peak downstream traffic, according to the 2011 Sandvine Internet Phenomena Report, which was released today.

The top four largest Internet services in North America account for 64.4 percent of all network traffic, according to the report. They are Netflix, HTTP, YouTube and BitTorrent, according to the report’s executive summary.

The video-streaming component of Netflix is responsible for nearly 28 percent of all bandwidth usage nationally. Real-time entertainment services are the primary drivers of traffic, with especially heavy bandwidth consumption for music and video content.

The report also highlighted the rapid shift of Internet traffic away from desktop devices such as PCs, to all other forms of net-connected devices, such as set-top boxes, game consoles like the Xbox 360, the Playstation 3, smart phones and tablet devices. Only 45 percent of Internet traffic on fixed networks now goes to laptops or desktop computers, according to the report.

“The fact that more video traffic is going to devices other than a PC should be a wake-up call that counting bytes is no longer sufficient for network planning” said Dave Caputo chief executive officer of Sandvine. “Communications Service Providers need to have detailed business intelligence on not only the devices being used but also the quality and length of the videos being watched so they can engineer for a high subscriber quality of experience and not simply adding capacity through continuous capital investment.”

In spite of its prodigious consumption of North America’s broadband Internet resources, things have not been rose for the company with delightful red envelope. Netflix lost 800,000 customers during the 3rd Quarter, and Bloomberg reported today that the company has laid off 15 of its staff, mostly in human resources.
http://venturebeat.com/2011/10/26/sandvine-2011-report/





How Netflix Lost 800,000 Members, and Good Will
Nick Wingfield and Brian Stelter

Reed Hastings was soaking in a hot tub with a friend last month when he shared a secret: his company, Netflix, was about to announce a plan to divide its movie rental service into two — one offering streaming movies over the Internet, the other offering old-fashioned DVDs in the mail.

“That is awful,” the friend, who was also a Netflix subscriber, told him under a starry sky in the Bay Area, according to Mr. Hastings. “I don’t want to deal with two accounts.”

Mr. Hastings ignored the warning, believing that chief executives should generally discount what their friends say.

He has since regretted it. Subscribers revolted and many dropped the service. The plan further tarnished a once widely respected Internet service that had already been wounded by an unpopular price increase in the summer. Mr. Hastings was forced to reverse the planned split — but not the price increase — three weeks later and apologized.

On Monday, the company revealed the damage that had been done. It told investors that it ended the third quarter of the year with 800,000 fewer subscribers in the United States than in the previous quarter, its first decline in years. The stock plummeted more than 25 percent in after-hours trading.

Despite the decline in subscribers, the company did well financially in the quarter. It reported net income of $62.5 million, or $1.16, a share, compared with $38 million, or 70 cents a share, in the year-earlier quarter. Revenue rose 49 percent to $822 million. Both revenue and income topped analysts’ expectations.

Like many other companies built in Silicon Valley, Netflix prides itself on its analytical, data-driven approach to making decisions. But it made a classic business misstep. In its reliance on data and long-term strategy, the company underestimated the unquantifiable emotions of subscribers who still want those little red envelopes, even if they forget to ever watch the DVDs inside.

Mr. Hastings said in an interview last week, his most detailed discussion yet of the bruising period, that he had been guilty of overconfidence and of “moving too quickly.” But he said he still believed — as do nearly all investors and analysts — that Netflix’s future lay not in DVDs but in streaming over the Internet. “We still need to move quickly in streaming,” he said.

Twice in the interview, Mr. Hastings linked the hostility toward Netflix’s price change and proposed breakup to the angry mood of the country, even citing the Tea Party and the Occupy Wall Street movement by name.

He said — and repeated it on a conference call for investors on Monday evening — that subscribers had been bothered more by the summer price shock than by the breakup plan. Until September, a combination of video streams and DVDs cost as little as $10 a month; now, that same package costs $16. “We are done with pricing changes,” Netflix said Monday in a letter to shareholders.

Mr. Hastings said he was not sure whether the plan to split the company had been presented to customer focus groups before it was made public. Mr. Hastings said he assumed it had been. But he said he did not recall what those focus groups had said about the plan.

He said Netflix was now trying to slow its decision-making to ensure that there was more room for debate about major changes at the company.

How Netflix came to be so out of touch with its customers is a cautionary tale for other companies that try to transform to new media from old. As the company’s streaming Internet service caught on with consumers, subscriber numbers soared and, with them, the company’s stock, rising ninefold from the start of 2009 to peak above $300 in July.

Last year, Fortune magazine put Mr. Hastings, 51, on its cover as the businessperson of the year after he seemed to pull off the rare feat of finessing the “innovator’s dilemma” by navigating Netflix to the digital future from its DVD rental business.

A key to its success was the way it blended its new and legacy businesses. While the library of material available for streaming was relatively sparse because of Hollywood licensing restrictions, Netflix customers could find many of those missing movies, especially new releases, in the company’s far larger DVD selection.

But Netflix needed to spend more money to license additional material for its streaming service. Collecting $10 a month from subscribers was insufficient as costs ballooned. Mr. Hastings defended the increase last week and again on Monday, but he said it was “too big a price change all at once.” Hubris played a big role in the errors, he said.

For well over a year, all the signs seemed to indicate to Netflix that customers were ready to move quickly to a future in which movies and TV shows would come to them instantly over the Internet instead of in the mail. Mr. Hastings said the decision to form Qwikster, as the mailed DVD company was to be called, had been based in part on data that showed a faster-than-anticipated increase in streaming by its customers.

In the first quarter of this year, for the first time, DVD shipments were down year over year, leading Netflix to declare that the DVD business had peaked. “Very few” new subscribers were choosing to get DVDs in the mail, Mr. Hastings said.

Stuart Skorman, a Bay Area entrepreneur who previously ran a chain of movie rental stores and an Internet movie venture, last year worked with Netflix managers after licensing to the company a database of movie recommendations. He said he was struck at that time by how little Netflix seemed to care about its DVD rental business.

“I think they should have been paying much more attention to it because that was their customer base,” he said. “That’s what made them special.”

Steve Swasey, a Netflix spokesman, disputed the idea that the company did not care about its DVD business, saying it was still acquiring discs for the service and was focused on speedy delivery of movies.

The breakup announcement in September seemed “very data-driven,” said Rich Greenfield, a media analyst for BTIG Research. “I think the company thought, because many people aren’t watching the DVDs, let’s accelerate the transition.”

What the company seemed not to respect was the premium that consumers place on having options — even if they don’t actually take advantage of all those options. Just ask any all-you-can-eat buffet operator, or a gym owner who sells six-month memberships.

Netflix’s red envelopes “were basically occupying slots in between the couch cushions for long periods of time,” Mr. Greenfield said. “But even if there wasn’t usage of the DVDs, there was a perception of value.”

Mr. Hastings said he expected that the DVD-by-mail business would “last a long time.” He identified two long-term markets for it: rural customers who cannot or do not have broadband Internet access for streaming, and “film school types” who want a comprehensive catalog of old films.

The scrapped plan to form Qwikster has led to speculation among analysts and executives, like Mr. Skorman, that Mr. Hastings wants to sell Netflix. While Netflix beat big rivals in the DVD rental business, like Blockbuster and Wal-Mart, it faces an increasing phalanx of formidable players in streaming movies, like Apple, Amazon and Hulu.

Mr. Hastings denied he had any such plans. “Mercenary C.E.O.’s are always preparing for a sale, and missionary ones are always preparing for the long term,” he said. “I’m clearly in the latter camp.”
https://www.nytimes.com/2011/10/25/t...plit-plan.html





Netflix Isn't Doomed

TV is not a winner-take-all business. That's why, in the future, you'll still have to settle for what's on.
Holman W. Jenkins, JR.

Reed Hastings has not studied the aphorisms of Henry Ford II, the forbidding yet much gossiped-about scion of the famous motor family. "Never complain, never explain," he once said, in a stoicism that seemed obsolete even in the 1970s, when he uttered the words.

Explaining is what Mr. Hastings, the CEO of Netflix, has been doing a lot of lately. The company's stock price is down by 70% since July, partly on the fumbles that made him a household name. Mr. Hastings annoyed royally his customers by introducing a price hike that, in itself, hit only those who use both the streaming and mail-order sides of the business. Then he tried to separate the two businesses altogether, slapping dual users with the need to manage two accounts and pay two bills (though he backed off this part).

"So what?" is a question not as easy to answer as it seems. Investors and Wall Street analysts, if not awarding brownie points for execution, have universally endorsed Mr. Hastings's strategic thinking. Some in the media accuse him of rolling out a New Coke or Edsel. A better analogy would be Steve Jobs thumbing his nose at those who wanted a floppy drive with their iMac or Bob Dylan blowing off the folkies and playing rock and roll.

Mr. Hastings has been trying to mold his company to the future, not the past. You can't blame him for that. But then the company reported a shocking subscriber loss of 800,000 on Monday, and some of those who left are pure streaming customers who shouldn't have cared about a price hike aimed at DVD users. No wonder shareholders are panicking.

The real problem exposed here isn't that Netflix subscribers are a surly and sentimental lot, even if they are—especially the seniors who live for the red envelopes. The real problem is that Netflix doesn't license nearly as much content for streaming as it does on disk. On Netflix's streaming service, there's always something to watch, but seldom the thing you want to watch.

Take it from a customer. Nine times out of 10 the program you're seeking is available only on disk. You may not order the disk. You may order it and never watch it. But its very availability on disk, in the minds of many customers, seemed to imply it was only a matter of time until Netflix's huge DVD library would be available for streaming.

Wrong. That spell has been broken, as Mr. Hastings belatedly seemed to acknowledge in a letter to shareholders Monday. Breaking the spell will be a good thing in the long run.

Netflix bears have all along argued that Netflix was destined to fade to irrelevance because its customers wouldn't allow it to raise prices enough for Netflix to afford premium streaming content. But the obvious rejoinder is: Whose customers will? Implicitly the critique blamed Netflix for not being able to win a race that nobody will win, in which all the stuff we want comes from one source at one price.

Forget about it. That world isn't coming. The hidden lesson of Netflix's fall from grace is that content markets will remain fragmented. In the future, you'll still need a search engine and a credit card, and you still won't find what you're looking for. In such a world, there's no reason Netflix can't survive and prosper with a streaming proposition that amounts to "all the content that $8 per month will get you."

In such a world, it will become clear that Netflix's great innovation was not the discovery that there's a market for streamed content (which surprised nobody). Netflix's great innovation was a price point—a bunch of choices for less than the price of a movie ticket. One strength of this business model is that others with TV ambitions (Apple, Amazon, Google, HBO, the cablers) won't feel a need to challenge it directly. They'll do better to make their own niches and charge a price that rewards them for being different.

Henry Ford II's advice was categorical, and perhaps categorically bad. Mr. Hastings's real failure was to explain too late and too little, and not to complain enough, especially about his customers.

After all, there is nothing wrong with hiking prices on customers who aren't carrying their weight. Businesses do it all the time. Credit card companies work hard to get rid of clients who don't use their cards often enough or don't run a balance.

Mr. Hastings was absolutely right to try to get more money out of disk users—money he needs to acquire content for the streaming business. How much content will be enough? That question will yield only to experience and revelations yet to come about who else plays in this market and how they play. The biggest risk today for Netflix may be short-term: Running out of cash and investor confidence even while a winning position is still potentially within its grasp.

But here's another guess: When content suppliers discover that the future won't be winner-take-all, they'll be more willing to support Netflix in its niche by making shows available at a price that works for Netflix.
http://online.wsj.com/article/SB1000...551430322.html





Limits of Magical Thinking
Maureen Dowd

Steve Jobs, the mad perfectionist, even perfected his stare.

He wanted it to be hypnotic. He wanted the other person to blink first. He wanted it to be, like Dracula’s saturnine gaze, a force that could bend your will to his and subsume your reality in his.

There’s an arresting picture of Jobs staring out, challenging us to blink, on the cover of Walter Isaacson’s new biography, “Steve Jobs.” The writer begins the book by comparing the moody lord of Silicon Valley to Shakespeare’s Henry V — a “callous but sentimental, inspiring but flawed king.”

Certainly, Jobs created what Shakespeare called “the brightest heaven of invention.” But his life sounded like the darkest hell of volatility.

An Apple C.E.O. who jousted with Jobs wondered if he had a mild bipolarity.

“Sometimes he would be ecstatic, at other times he was depressed,” Isaacson writes. There were Rasputin-like seductions followed by raging tirades. Everyone was either a hero or bozo.

As Jobs’s famous ad campaign for Apple said, “Here’s to the crazy ones. ... They push the human race forward.”

The monstre sacré fancied himself an “enlightened being,” but he was capable of frightening coldness, even with his oldest collaborators and family. Yet he often sobbed uncontrollably.

Isaacson told me that Jobs yearned to be a saint; but one of the colleagues he ousted from Apple mordantly noted that the petulant and aesthetic Jobs would have made an excellent King of France.

His extremes left everyone around him with vertigo.

He embraced Zen minimalism and anti-materialism. First, he lived in an unfurnished mansion, then a house so modest that Bill Gates, on a visit, was astonished that the whole Jobs family could fit in it. And Jobs scorned security, often leaving his back door unlocked.

Yet his genius was designing alluring products that would create a country of technology addicts. He demanded laser-like focus from employees to create an A.D.D. world.

He was abandoned by parents who conceived him out of wedlock at 23, and he then abandoned a daughter for many years that he conceived out of wedlock at 23.

Chrisann Brennan, the mother of Jobs’s oldest child, Lisa, told Isaacson that being put up for adoption left Jobs “full of broken glass.” He very belatedly acknowledged Lisa and their relationship was built, Isaacson says, on “layers of resentment.”

He could be hard on women. Two exes scrawled mean messages on his walls. As soon as he learned that his beautiful, willowy, blonde girlfriend, Laurene Powell, was pregnant in 1991, he began musing that he might still be in love with the previous beautiful, willowy, blonde girlfriend, Tina Redse.

“He surprised a wide swath of friends and even acquaintances by asking them what he should do,” Isaacson writes. “ ‘Who was prettier,’ he would ask, ‘Tina or Laurene?’ ” And “who should he marry?”

Isaacson notes that Jobs could be distant at times with the two daughters he had with Laurene (though not the son). When one daughter dreamed of going to the Oscars with him, he blew her off.

Andy Hertzfeld, a friend and former Apple engineer, lent Lisa $20,000 when she thought her father was not going to pay her Harvard tuition. Jobs paid it back to his friend, but Lisa did not invite him to her Harvard graduation.

“The key question about Steve is why he can’t control himself at times from being so reflexively cruel and harmful to some people,” Hertzfeld said. “That goes back to being abandoned at birth.”

He almost always wore black turtlenecks and jeans. (Early on, he scorned deodorant and went barefoot and had a disturbing habit of soaking his feet in the office toilet.)

Yet he sometimes tried to ply his exquisite taste to remake the women in his life.

When he was dating the much older Joan Baez — enthralled by her relationship with his idol, Bob Dylan — he drove her to a Ralph Lauren store in the Stanford mall to show her a red dress that would be “perfect” for her. But one of the world’s richest men merely showed her the dress, even after she told him she “couldn’t really afford it,” while he bought shirts.

When he met his sister, Mona Simpson, a struggling novelist, as an adult, he berated her for not wearing clothes that were “fetching enough” and then sent her a box of Issey Miyake pantsuits “in flattering colors,” she said.

He was a control freak, yet when he learned he had a rare form of pancreatic cancer that would respond to surgery, he ignored his wife, doctors and friends and put the surgery off for nine months, trying to heal himself with wacky fruit diets, hydrotherapy, a psychic and expressing his negative feelings. (As though he had to be encouraged.)

Addicted to fasting because he felt it produced euphoria and ecstasy, he refused to eat when he needed protein to fight his cancer.

The Da Vinci of Apple could be self-aware. “I know that living with me,” he told Isaacson as he was dying, “was not a bowl of cherries.”
https://www.nytimes.com/2011/10/26/o...-thinking.html





The Original iPod, 10 Years Later: a Re-Review
Jacqui Cheng

Don't look now, but the iPod—yes, the original, less-space-than-a-Nomad iPod—just turned 10 years old. That makes the device older than Facebook, YouTube, Crocs, Vibram FiveFingers, and the Motorola RAZR, to name a few brands and devices that have penetrated general culture over the last decade. But unlike old flip phones and tacky footwear, the iPod's overall design remains iconic and its effect on our consumption of music remains pervasive. It was not the first MP3 player on the market, but it was the one whose industrial and UI design would influence handheld gadgets for far longer than its product lifetime.

In fact, it's not hard to argue that the original iPod is still with us. It can be found most obviously in the iPod classic, but its influences are also found in iOS and even third-party smartphones and music players. Hell, even though the original iPod is 10 years old, you could almost still use it today as your go-to music player... or can you? Ars got its hands on an original 5GB iPod from back in 2001 so that we could re-review it with some 2011 flair—clickwheel and all.

Form factor and navigation

Let's face it: this thing is bulky. It was bulky in 2001 and it's still bulky now. Back then, the iPod was being compared against MP3 players with 4MB of built-in Flash memory and an external SD card slot. It was already bad enough then, but today, carrying around an original iPod in your pocket is almost akin to putting those velcro weights on your ankles and then riding a unicycle to work.

Okay, now we're just being mean. The iPod couldn't help being what it was in 2001, as hard drive based MP3 players were only starting to become popular. The thing is, aside from the obvious bulk in thickness, the iPod itself still feels decent in the hand—the width of the device is almost the same as an iPhone 4, a detail that makes us wonder whether Apple planned the iPhone this way.

The navigation on this thing is, well, very iPoddish. (iPodesque?) The click wheel, used to adjust volume and navigate playlists, was a new thing for Apple—and the rest of the music player world—in 2001 and despite its novel shape, it really appealed to the general public. Let's be honest: the click wheel is fun to play with. You can even flip the lock switch and then scroll around with abandon just for fun if you want to. (Not saying we did this but… we did.)

The idea that one might need to use the scroll wheel to navigate playlists was indeed novel when the iPod was first introduced and it worked well for many years—in fact, the iPod classic still does this (albeit without a moving click wheel), and up until 2010, so did the ever-popular iPod nano. Nowadays though, with the advent of fancy touchscreen music players built into our iPhones and Android devices, the concept seems old fashioned. That's okay though, because decade-old technology is allowed to be a little old fashioned as long as we can still use it intuitively, which we can.

Syncing

Shockingly, the latest version of iTunes (as of this writing) can still connect to and interface with the original iPod, assuming you have the right cable. I had to buy a special Firewire 800 to Firewire 400 cable (you can get one for $4.75 at Monoprice) in order to connect the iPod to my 27" iMac because, well, no one has Firewire 400 in a computer anymore. In fact, if I wanted to connect the iPod to an even newer and more minimalist machine—such as my 11" MacBook Air—well, it would near impossible.

Regardless, when you plug in an original iPod to a modern version of iTunes, you can sync it just like you would a modern iPod, an iPhone, or iPad. In fact, the sync screen looks exactly the same, almost leading one to believe that the original iPod will continue to be supported for long after its current form factor (the iPod classic) is discontinued.

Durability

The word "durability" means something different today than it did in 2001. There were plenty of handheld electronics that could withstand a decent beating back then, but their moving parts still left them more vulnerable to disaster than many of their modern equivalents.

This is definitely the case with the original iPod. The device is a beast—it's near impossible to destroy to the same level as, say, a plastic Walkman cassette player—but its moving click wheel and "old fashioned" hard drive, spinning disk and all, mean that it can face some unpleasant realities. Over the years, we've seen many gunked-up click wheels and even more failed hard drives, so it's certainly a good thing that Apple has since moved onto static (if existent at all) click wheels and flash storage.

That said, a halfway-careful owner can keep an original iPod alive forever. The one we have in our possession was sent over by an Ars reader who took great care of his devices over the years, and this one is no different. Having spent its whole life inside of a leather case, there are almost no scratches on the front or back of the iPod and everything works as if it were still new. I have full confidence that, pending any catastrophic drops or possibly being run over by a car, this thing will easily last for another 10 years. Or until Apple ends iTunes support for it, whichever comes first.

Battery life and extras

"But Jacqui," you're yelling at the screen, "aside from the hard drive and click wheel, the battery is the next most likely thing to die over time!" This does tend to be true, especially of battery tech from 10 years ago. But the original iPod in its heyday was no wimp—Apple bragged of a 10-hour battery life, which was impressive by 2001 MP3 player standards. We hardly expected to get 10 hours out of a 10-year-old battery, but when messing with our little Apple artifact, we did manage to squeeze out a solid eight hours of music jamming before it petered out. Not bad, iPod, not bad.

Nowadays, the iPod classic can allegedly squeeze 36 hours out of a full charge, the iPod touch 40 hours, and iPod nano 24 hours. The original iPod does not fare too well by comparison, but if you're listening to music on an original iPod, you're likely not doing it for the advanced battery technology.

Lest you think that the original iPod can't do some of the fancy features of the newer iPods, this decade-old device can still sync your iCal calendar items and contacts from your computer—tethered, of course. And remember back when everyone used to use their iPods as pocketable Firewire hard drives that mount on the desktop? Mac OS X Lion graciously still recognizes the original iPod as such, so file away.

Conclusion

The original iPod wasn't the first MP3 player, but it's the one that will end up marking the point in history when MP3 players became all the rage. Its unique controls, playlist functionality, easy syncing ability with iTunes, and of course the iTunes Music Store helped to put the iPod and its successors into millions of hands. Even today, 10 years after its first debut, the original iPod can still function as a real, usable music player, even if it does lack the fancy touchscreen and wireless syncing capabilities of its more modern counterparts.

The original iPod set the stage for a decade's worth of Apple devices, and although we don't expect the modern replica of the iPod (the iPod classic) to stay around forever, Apple will undoubtedly continue to use the iPod as an influence when creating newer, even more popular gadgets.

Oh, and if you still have one of these original ones lying around, find a FireWire cable and plug it in. You might be surprised at how well it still works.
http://arstechnica.com/apple/reviews...ginal-ipod.ars





Android Blows Past Apple To Take The Lead In Market Share For App Downloads
Jay Yarow

According to fresh data from ABI Research, more Android apps were downloaded in Q2 2011 than iOS apps.

Makes sense since Android is a bigger platform, but we think this is a first for the rival mobile platforms.

The good news for Apple: It still gets more downloads per user than Android.

And, ABI says, "Apple’s superior monetization policies attracted good developers within its ranks, thus creating a better catalog of apps and customer experience."

This is key for Apple. As Android grows and grows, the iOS platform is put at risk. If developers start flocking to Android with its greater user base -- or if developers just built Android apps first -- then Apple's software advantage dissapears. For now, developers are still happier with iOS despite the smaller user base and smaller number of total downloads.

Here's the full release:

Android Overtakes Apple with 44% Worldwide Share of Mobile App Downloads


SINGAPORE - October 24, 2011 -
In Q2 2011, Android overtook iOS to become the market share leader in mobile application downloads. The market shares of Android and iOS were 44% and 31%, respectively.

“Android’s open source strategy is the main factor for its success,” says Lim Shiyang, research associate. “Being a free platform has expanded the Android device install base, which in turn has driven growth in the number of third party multi-platform and mobile operator app stores. These conditions alone explain why Android is the new leader in the mobile application market.”

Recent quarterly shipment growth figures also explain Android’s ascent to the top app download position. iPhone shipment growth in Q2 2011 slowed to 9% from 15% a quarter earlier. In contrast, Android smartphone shipments increased 36% in Q2 2011, compared to 20% in Q1. Android’s install base now exceeds iOS by a factor of 2.4-to-1 worldwide; by 2016 this factor will grow to 3-to-1.

“Despite leading in total mobile application downloads, Android’s app downloads per user still lag behind Apple’s by 2-to-1,” adds Dan Shey, practice director, mobile services. “Apple’s superior monetization policies attracted good developers within its ranks, thus creating a better catalog of apps and customer experience.”

Global app downloads for year-end 2011 are expected to balloon to 29 billion, compared to only nine billion in 2010. Such stellar increases are largely due to the proliferation of smartphones around the world. The total smartphone install base is expected to grow 46% in 2011.

ABI Research’s “Mobile Applications Market Data” tracks mobile application downloads and revenues segmented by mobile operating system platform. The database includes historical data and forecasts for application downloads for all major mobile OSs. It also provides mobile application revenue forecasts and an overview of the major mobile application storefronts.
http://www.businessinsider.com/andro...s-2011-10?op=1





It is Illegal for Verizon to Lock Some Bootloaders (Updated)
azrienoch

Verizon Wireless breaks the law if the bootloaders are locked on some phones. By the end of this article, you’ll know why.

As I was recording my show for XDA TV this week, I had a moment. You can see it for yourself. I was recapping my article about Motorola and Verizon not unlocking the bootloader for the Droid RAZR. The line I delivered was, “The international version of the Droid RAZR will be shipping with an unlocked bootloader. Now, this could be that Motorola wants to compete with the Galaxy Nexus…” That’s when I had my moment, and added, “which is funny because that’s also going on Verizon.”

In that moment, I realized that Motorola must be lying. Why can some devices and manufacturers unlock their bootloaders, and not others? But I was wrong. (Congratulations, Motorola, on your newfound sense of freedom!) The Galaxy Nexus is special for two reasons. First, it’s Google’s phone. Second, it’s likely that the Galaxy Nexus’ LTE radio uses Block C frequencies.

Not many people know what the C Block is. I didn’t either. Andrew Krug of AndroidActivists told me about it, and we spent the night poring over research. Verizon has the largest 4G network because they bought it in 2008. At the time, the 700 MHz radio frequencies brought you your favorite broadcast television shows. When television switched from analog to digital, they became your 4G networks.

When the Federal Communications Commission announced the auction to sell the 700 MHz band, they broke it into five different “blocks”, each with different regulations according to how widespread they are. This created a Goldilocks sort of situation. Block D has the largest area, but comes with more clauses than malls have during the Christmas season. Plus, you’re supposed to be a public service agency. Blocks A, B, and E are small potatoes. But Block C was just right. Few regulations, lots of breadth.

It was so good, in fact, that the FCC tacked on a few more regulations, encouraged by Google. Unless Block C sold for less than $4.6 billion, it comes with an open access provision. Google pledged $4.6 billion to ensure Block C comes with the open access provision. The open access provision requires Verizon to “not deny, limit, or restrict the ability of their customers to use the devices and applications of their choice on the licensee’s C Block network.” It goes on to say, “The potential for excessive bandwidth demand alone shall not constitute grounds for denying, limiting or restricting access to the network.” Verizon bought Block C and tried to have the provisions removed. They failed. The provisions are still there, Verizon has the Block C license. That means if a device uses the Block C frequencies, Verizon cannot insist what apps or firmware it runs. It also means they can’t limit data plans for those devices. Which is odd, because I remember Verizon dropping unlimited data plans back in July 2011.

So the question is, do any devices use Block C frequencies? Yes. Some are called Hotspots. Others are called the HTC Thunderbolt. There may be more, those are simply the two I know about and confirmed. The Hotspots are a non-issue. They comply with FCC regulations as far as I’m aware. The HTC Thunderbolt, on the other hand, does not. In the list of rules and exceptions for the Block C license, it says this:

Handset locking prohibited. No licensee may disable features on handsets it provides to customers, to the extent such features are compliant with the licensee’s standards pursuant to paragraph (b) of this section, nor configure handsets it provides to prohibit use of such handsets on other providers’ networks.

In case you’re wondering, Paragraph (b) is what I previously quoted from the FCC’s open access provisions document. Last I checked, HTCdev does not offer a bootloader unlocking solution for the HTC Thunderbolt. Is this HTC’s fault? No. Their website states, “HTC is committed to assisting customers in unlocking bootloaders for HTC devices. However, certain models may not be unlockable due to operator restrictions.” And having personally met the HTCdev team, I believe them.

That leaves Verizon. Good ol’ Verizon. Breaking the law since May, at the latest. If you owned a Thunderbolt, please file a complaint with the FCC. Select Wireless Telephone > Billing, Service, Privacy, Number Portability and other issues > Online Form. Fill out your information, scroll down, fill out 1 and 2, skip 3 and 4. Then in 5, tell the FCC that your phone’s bootloader was sold to you locked and still is, even though it uses Block C (reag) frequencies.

Don’t worry. The FCC said they’re committed to enforcing the open access provision. We’ll see how fast Verizon turns things around. If you know of any other devices that use frequencies between 746 and 757 MHz, and also 776 to 787 MHz, please send a message to me or any Portal News Writer. Thanks.

UPDATE: David Ruddock over at Android Police was kind enough to further explain the situation. For those of you coming from his article, or who share his criticisms, this article is not erroneous or short-sighted. David’s article does an excellent job of sobering us to how difficult the struggle will be to get the FCC to move. The loophole Verizon will undoubtedly use to excuse their actions is in the phrase, “reasonable network management,” from paragraph (b)(1), though we don’t know that for sure because Verizon has never addressed the issue. But David’s points do not invalidate this article for two reasons:

1) David’s assessment of the standards by which “reasonable network management” is determined are fairly simple, and I say fairly accurate. Do the other major cellular providers use the same security and management standards? Yes. Okay, seems reasonable. But locking bootloaders is not “reasonable” by the same standard. Most carriers do not exact this method of network management. Therefore, not necessarily reasonable.

2) The issue of Verizon’s double-standard concerning bootloaders is entirely ignored, even though this article began with it, and is based on it. Verizon will supposedly defend locking bootloaders because rooting and flashing pose a threat to network security and management (which is debatable), and therefore reasonable to do. However, they do not require the bootloaders to be locked on all their devices. Samsung’s bootloaders are unlocked, including on phones like the Galaxy Nexus and the Samsung Droid Charge. Why not allow HTC, Motorola, LG, etc. to unlock their devices? This double-standard invalidates the “reasonable network management” defense.

These questions must be satisfied for Verizon to be within the law.
http://www.xda-developers.com/androi...e-bootloaders/





Cabinet Office Backs Trusted Computing

Official says relevant technology can play a part in cyber security strategy
Mark Say

One of the government's leading IT security officials has said trusted computing will play a significant role within the forthcoming cyber security strategy.

Owen Pengelly, deputy director of policy at the Office for Cyber Security and Information Assurance in the Cabinet Office, said the strategy will involve four key elements and that trusted computing technology is integral to at least three.

The technology, developed by companies within the Trusted Computing Group, is installed on laptops and servers and uses cryptography to authenticate devices, encrypt data and verify that only authorised code runs on a system.

Speaking at a seminar on the subject organised by Wave Systems, Pengelly said the cyber security strategy, expected to be published in mid-November, will revolve around four key objectives. These are making the public safe online and ensuring the country is one of the best in the world for online business; making the UK more resilient in the face of cyber attack and better able to protect its interests; proving a more "open and vibrant" cyber security environment; and having the knowledge, skills and capability to underpin these.

"Building the most resilient cyber defences in the world will not help if you are suffering from intellectual property theft," he said. "Trusted computing underpins security and can underpin growth, providing confidence in transactions, expanding markets and making them function more efficiently."

Pengelly added that he is now working with a cyber security team in the Department of Business, Innovation and Skills to work out what incentives the government could provide to encourage the take-up of the relevant standards.
http://www.guardian.co.uk/government...sted-computing





Science Fiction-Style Sabotage a Fear in New Hacks
AP

When a computer attack hobbled Iran's unfinished nuclear power plant last year, it was assumed to be a military-grade strike, the handiwork of elite hacking professionals with nation-state backing.

Yet for all its science fiction sophistication, key elements have now been replicated in laboratory settings by security experts with little time, money or specialized skill. It is an alarming development that shows how technical advances are eroding the barrier that has long prevented computer assaults from leaping from the digital to the physical world.

The techniques demonstrated in recent months highlight the danger to operators of power plants, water systems and other critical infrastructure around the world.

"Things that sounded extremely unlikely a few years ago are now coming along," said Scott Borg, director of the U.S. Cyber Consequences Unit, a nonprofit group that helps the U.S. government prepare for future attacks.

While the experiments have been performed in laboratory settings, and the findings presented at security conferences or in technical papers, the danger of another real-world attack such as the one on Iran is profound.

The team behind the so-called Stuxnet worm that was used to attack the Iranian nuclear facility may still be active. New malicious software with some of Stuxnet's original code and behavior has surfaced, suggesting ongoing reconnaissance against industrial control systems.

And attacks on critical infrastructure are increasing. The Idaho National Laboratory, home to secretive defense labs intended to protect the nation's power grids, water systems and other critical infrastructure, has responded to triple the number of computer attacks from clients this year over last, the U.S. Department of Homeland Security has revealed.

For years, ill-intentioned hackers have dreamed of plaguing the world's infrastructure with a brand of sabotage reserved for Hollywood. They've mused about wreaking havoc in industrial settings by burning out power plants, bursting oil and gas pipelines, or stalling manufacturing plants.

But a key roadblock has prevented them from causing widespread destruction: they've lacked a way to take remote control of the electronic "controller" boxes that serve as the nerve centers for heavy machinery.

The attack on Iran changed all that. Now, security experts — and presumably, malicious hackers — are racing to find weaknesses. They've found a slew of vulnerabilities.

Think of the new findings as the hacking equivalent of Moore's Law, the famous rule about computing power that it roughly doubles every couple of years. Just as better computer chips have accelerated the spread of PCs and consumer electronics over the past 40 years, new hacking techniques are making all kinds of critical infrastructure — even prisons — more vulnerable to attacks.

One thing all of the findings have in common is that mitigating the threat requires organizations to bridge a cultural divide that exists in many facilities. Among other things, separate teams responsible for computer and physical security need to start talking to each other and coordinate efforts.

Many of the threats at these facilities involve electronic equipment known as controllers. These devices take computer commands and send instructions to physical machinery, such as regulating how fast a conveyor belt moves.

They function as bridges between the computer and physical worlds. Computer hackers can exploit them to take over physical infrastructure. Stuxnet, for example, was designed to damage centrifuges in the nuclear plant being built in Iran by affecting how fast the controllers instructed the centrifuges to spin. Iran has blamed the U.S. and Israel for trying to sabotage what it says is a peaceful program.

Security researcher Dillon Beresford said it took him just two months and $20,000 in equipment to find more than a dozen vulnerabilities in the same type of electronic controllers used in Iran. The vulnerabilities, which included weak password protections, allowed him to take remote control of the devices and reprogram them.

"What all this is saying is you don't have to be a nation-state to do this stuff. That's very scary," said Joe Weiss, an industrial control system expert. "There's a perception barrier, and I think Dillon crashed that barrier."

One of the biggest makers of industrial controllers is Siemens AG, which made the controllers in question. The company said it has alerted customers, fixed some of the problems and is working closely with CERT, the cybersecurity arm of the U.S. Department of Homeland Security.

Siemens said the issue largely affects older models of controllers. Even with those, the company said, a hacker would have to bypass passwords and other security measures that operators should have in place. Siemens said it knows of no actual break-ins using the techniques identified by Beresford, who works in Austin, Texas, for NSS Labs Inc.,

Yet because the devices are designed to last for decades, replacing or updating them isn't always easy. And the more research that comes out, the more likely attacks become.

One of the foremost Stuxnet experts, Ralph Langner, a security consultant in Hamburg, Germany, has come up with what he calls a "time bomb" of just four lines of programming code. He called it the most basic copycat attack that a Stuxnet-inspired prankster, criminal or terrorist could come up with.

"As low-level as these results may be, they will spread through the hacker community and will attract others who continue digging," Langer said in an email.

The threat isn't limited to power plants. Even prisons and jails are vulnerable.

Another research team, based in Virginia, was allowed to inspect a correctional facility — it won't say which one — and found vulnerabilities that would allow it to open and close the facility's doors, suppress alarms and tamper with video surveillance feeds.

During a tour of the facility, the researchers noticed controllers like the ones in Iran. They used knowledge of the facility's network and that controller to demonstrate weaknesses.

They said it was crucial to isolate critical control systems from the Internet to prevent such attacks.

"People need to deem what's critical infrastructure in their facilities and who might come in contact with those," Teague Newman, one of the three behind the research.

Another example involves a Southern California power company that wanted to test the controllers used throughout its substations. It hired Mocana Corp., a San Francisco-based security firm, to do the evaluation.

Kurt Stammberger, a vice president at Mocana, told The Associated Press that his firm found multiple vulnerabilities that would allow a hacker to control any piece of equipment connected to the controllers.

"We've never looked at a device like this before, and we were able to find this in the first day," Stammberger said. "These were big, major problems, and problems frankly that have been known about for at least a year and a half, but the utility had no clue."

He wouldn't name the utility or the device maker. But he said it wasn't a Siemens device, which points to an industrywide problem, not one limited to a single manufacturer.

Mocana is working with the device maker on a fix, Stammberger said. His firm presented its findings at the ICS Cyber Security Conference in September.

Even if a manufacturer fixes the problem in new devices, there's no easy way to fix it in older units, short of installing new equipment. Industrial facilities are loath to do that because of the costs of even temporarily shutting its operations.

"The situation is not at all as bad as it was five to six years ago, but there's much that remains to be done," said Ulf Lindqvist, an expert on industrial control systems with SRI International. "We need to be as innovative and organized on the good-guy side as the bad guys can be."
https://www.nytimes.com/aponline/201...l-Systems.html





Exclusive: Medtronic Probes Insulin Pump Risks
Jim Finkle

Medtronic Inc has asked software security experts to investigate the safety of its insulin pumps, as a new claim surfaced that at least one of its devices could be hacked to dose diabetes patients with potentially lethal amounts of insulin.

While there are no known examples of such a cyber attack on a medical device, Medtronic told Reuters that it was doing "everything it can" to address the security flaws.

Security software maker McAfee, which has a health industry business, exposed the new vulnerability in one model of the Medtronic Paradigm insulin pump on Friday and believes there could be similar risks in others.

Medtronic and McAfee declined to say which model is involved or how many such pumps are currently used by patients. It has two models of insulin pumps on the market and supports six older versions, with about 200,000 currently in use by patients.

The finding points to a broader issue -- the potential for cyber attacks on medical devices ranging from diagnostic equipment to pumps and heart defibrillators, which rely on software and wireless technology to work.

"This is an evolution from having to think about security and safety as a healthcare company, and really about keeping people safe on our therapy, to this different question about keeping people safe around criminal or malicious intent," Catherine Szyman, president of Medtronic's diabetes division, said in an interview.

Szyman, whose nephew uses a wearable Medtronic insulin pump, said the company turned to McAfee rival Symantec Corp and other security firms after an independent researcher exposed less serious vulnerabilities in the pumps in August.

Since then, a research team at Intel Corp's McAfee said it has developed code that allows it to gain complete control of the functions of one Medtronic insulin pump model from as far away as 300 feet.

"We found a way around all the restrictions and all the limitations," said Stuart McClure, a senior vice president with McAfee who heads up the research team.

McClure, formerly a security expert at healthcare giant Kaiser Permanente, says he is exposing such problems to draw them to the attention of manufacturers and regulators.

McClure's team used a Windows PC and an antennae that communicates with the medical device over the same radio spectrum used for some cordless phones.

The type of vulnerability discovered by McAfee could theoretically be used as a new cyber weapon. A hacker could launch a "drive-by" attack aimed at a high-profile target, such as a politician or corporate executive, who uses this type of insulin pump, McAfee researchers said.

In August, Medtronic acknowledged that security flaws in its implanted insulin pumps could allow hackers to remotely take control of the devices.

The U.S. Food and Drug Administration noted that there is no evidence of widespread problems from medical device security breaches. It says that device manufacturers are responsible for the safety of their software.

"Any system with wireless communication can be subject to interception of data and compromised privacy as well as interference with performance that can compromise the safety and effectiveness of the device," FDA spokeswoman Erica Jefferson said. "We continue to closely monitor for safety or security problems."

Hostile Actors

Medtronic is a leading makers of insulin pumps along with Johnson & Johnson's Animas Corp and Insulet Corp. McAfee did not report vulnerabilities in models from other manufacturers.

The fresh concerns over the pumps made by Medtronic, the world's largest medical device maker, follow a high-profile recall of heart defibrillator leads in 2007 and a more recent Senate probe into whether doctors it had paid failed to report problems from a spinal surgery product.

The company said it is also consulting with McAfee and has informed patients, through its website, to check their insulin pumps if they have a suspicious encounter with another person.

Medtronic officials have said it would be difficult to make changes to pumps already in use because of FDA regulations that require device makers to get agency approval before altering their products, including issuing software patches.

The company would likely have to first get FDA approval and then recall each pump, which uses wireless communications technology dating back 12 to 15 years, so that technicians could install the new software and check the equipment to make sure that it still accurately delivers doses of insulin.

Szyman said she could not say how long it would take Medtronic to come up with a fix for the vulnerabilities because its investigation is still ongoing. It is also unclear how long it might take the FDA to approve changes to the pumps.

"There's different pathways to approval," she told Reuters, noting that the agency typically takes six to 12 months to approve a new medical device.

Medtronic's diabetes products, which includes its insulin pumps, accounted for more than $1.3 billion in revenue in its last fiscal year, out of a total of nearly $16 billion.

The Medtronic pump vulnerability was discovered by Barnaby Jack, a well-known security expert who joined McAfee last year after gaining notoriety by finding ways to hack into ATMs used at convenience stores, then force them to literally spit out cash. The manufacturers have since fixed the flaw by updating the software that runs those machines.

The nightmare scenario, according to McAfee, involves a hostile actor launching a potentially fatal attack by taking control of an insulin pump, then ordering it to dump all the insulin in its canister.

That is something that was hard to imagine when the product was first designed - long before the recent rash of hacking attacks: "We are talking about code that was written over ten years ago," said Jack. "They never expected anybody to pop these devices open and look under the hood. We are trying to spark some change and get a secure initiative under way and get these devices fixed."

Insulin is a hormone secreted by the pancreas that converts glucose into energy. In patients with diabetes, the body makes no insulin, or insulin levels are too low. This can cause the amount of glucose in the bloodstream to rise, a condition known as hyperglycemia.

When too much insulin is released into the blood stream, a person's blood sugar can become too low, a condition known as hypoglycemia. Symptoms of hypoglycemia range from nausea and confusion to, in severe cases, seizures, coma and death.

McClure declined to say how many models in Medtronic's line of insulin pumps were vulnerable. He said there is no evidence anybody else has identified the flaw or tried to exploit it.

"We just tested one model number," McClure said. "But we believe that more than that are vulnerable." His team demonstrated the vulnerability at a McAfee users conference in Las Vegas on Friday.

McAfee has consulted with experts at the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT. That agency works with private companies in industries including healthcare to help investigate potential cyber vulnerabilities in their products.

Officials with ICS-CERT and Symantec could not be reached for comment.

(Reporting by Jim Finkle in Boston. Additional reporting by Toni Clarke in Boston, Anna Yukhananov in Washington and Susan Kelly in Chicago; Editing by Michele Gershberg, Edward Tobin and Martin Howell)
http://www.reuters.com/article/2011/...79O8EP20111025





OMGWTF: Passwords of 93,000 Politicians, Reporters, Bloggers Leaked

In what is arguably the largest-scale security breach so far in Sweden that didn’t come in the form of a parliamentary decision, a leak of 93,678 password-email combinations became public today. The accounts belong to all the top reporters, politicians, and bloggers in Sweden.

Somebody trolled the entire establishment with gleeful precision in using this data. William Petzäll, a high-profile defected Sweden Democrat (Sverigedemokrat) who is now an independent Member of Parliament, started tweeting an apparent revenge on his former party this morning.

Petzäll claimed that the leadership of the Sweden Democratic party (“SD”) had had access to most reporters’ and competing politicans’ email accounts for years, and that this was how they navigated their way into Parliament last year. To prove his point, he tweeted a number of MD5 password hashes and matching email addresses. As pretty much the entire political press was already paying attention to his tweets, this sent off an earthquake, followed by several confirmations dropping in quickly that the passwords were correct.

The biggest political scandal to ever hit northern Europe was escalating quickly.

My password was among the ones listed — I was specifically mentioned as a target by Petzäll in his tweets since I had been party leader for a competing party during the last two elections. Five seconds after this hit Twitter, my cellphone went crazy with all national media asking for comments, and I had not even had a chance to verify the MD5 sum tweeted. Once I had, I knew that this was indeed one of my passwords, but a weak garbage password that I had used years ago for untrusted, insensitive trash sites. No data had been leaked. None. From me, at least.

Others were not so lucky, and had practiced heavy password reuse between trusted, untrusted, sensitive, and insensitive systems. Reporters, in particular, were coming on in a steady stream, reporting that their email systems had been compromised all over the country and from all the major newspapers and TV stations.

Then, confusion hit for real. William Petzäll was discovered to be locked away on nonvoluntary drug rehabilitation without access to net connectivity.

So who had been tweeting the passwords, then? Had the SD leadership had access to the email accounts or not? Was it all just made up? Or not?

One plausible explanation was near at hand — it was not unrealistic that somebody was sitting on a pile of large passwords including Petzäll’s, who had been reusing it for his Twitter account, and this somebody had decided to troll the entire political establishment while sending everybody on a wild goose chase and panic all at once. Masterful trolling, indeed. Illegal as a kite is high, but still masterful.

It wasn’t until two hours later that the actual source of the leak surfaced — a blog ranking site known as Bloggtoppen (closed as of today) that had been breached through a SQL injection and had its users table dumped, with combinations of MD5′d passwords and emails, and uploaded to a hosting site. 93,678 rows of email/password combinations. This being a blog ranking site, pretty much everybody involved in the competition of building public opinion had accounts there: reporters, politicians, bloggers. Not your average XBox gamer: your average suit and tie running the country.

However, news of that leak and the complete dump was posted one full month ago to the board Flashback. Anybody could have discovered it in the meantime and just waited for the right moment to troll the living daylights out of every newsroom in the country.

The person or people using the leaked credentials to tweet in Petzäll’s name remain unknown, as does the extent to which decisionmakers and reporters have had data compromised.

What do we learn from this?

First, understanding of information hygiene is crucial. When you choose a password on a site, you give that password to the site’s administrator. People, not machines, stand behind every website. If you have used that password somewhere else, the administrator can now impersonate you there.

Therefore, as a user, always silo off passwords. You don’t need unique passwords for every site. But you do need unique passwords for every site where you can’t afford to be impersonated by somebody with hostile intent. In this case, Bloggtoppen was a site where somebody logged in as me would be able to download a blog badge which, when displayed, boosted my blog’s rankings. Yeah. Yawn. Big deal. But if I had used the same password as on the Pirate Party’s admin systems, an attacker would have had complete control of the party’s finances, projects, mail, membership and activist rosters, and communications. That would have been bad.

Second, as a website designer, defend in depth. Assume a breach will happen, and that the code you’re writing at the moment is the last piece of code standing. This was a SQL injection that gave read access to the database. Fair enough; even under strong security protocols, a user impersonated under a SQL injection will have read access. The passwords were MD5-hashed, which is a better practice than Sony had when hacked by LulzSec, but they were not salted. People having the MD5 hashes could, in many cases, find the cleartext password just by googling the hash. A much better practice would have been to salt the password with some small component, which would at least make it ungooglable. Better yet, make the salt user-dependent to follow proper security practices and disable the prospect of a rainbow attack.

Third, some very real whistleblowers were identified today due to bad security hygiene on behalf of reporters in a country with the strongest whistleblower protections in the world. This compromises those whistleblowers beyond repair, and could potentially put them in harm’s way. This shows very clearly that strong legislation is not enough to protect transparency and privacy against corruption; applied technology to protect sources is also necessary, combined with understanding of that technology.
http://falkvinge.net/2011/10/26/omgw...oggers-leaked/





Founder Says WikiLeaks, Starved of Cash, May Close
John F. Burns

Julian Assange, the founder of WikiLeaks, said on Monday that his Web site could be forced to shut down by the end of the year because a 10-month-old “financial blockade” had sharply reduced the donations on which it depends.

Calling the blockade a “dangerous, oppressive and undemocratic” attack led by the United States, Mr. Assange said at a news conference here that it had deprived his organization of “tens of millions of dollars,” and warned, “If WikiLeaks does not find a way to remove this blockade, we will not be able to continue by the turn of the new year.”

Since the end of 2010, financial intermediaries, including Visa, MasterCard, PayPal and Western Union, have refused to allow donations to WikiLeaks to flow through their systems, he said, blocking “95 percent” of the Web site’s revenue and leaving it to operate on its cash reserves for the past 10 months. An aide said that WikiLeaks was now receiving less than $10,000 a month in donations.

Mr. Assange said WikiLeaks had been forced to halt work on the processing of tens of thousands of secret documents that it had received, and to turn its attention instead to lawsuits it had filed in the United States, Australia, Scandinavian countries and elsewhere, as well as to a formal petition to the European Commission to try to restore donors’ ability to send it money through normal channels.

WikiLeaks receives and publishes confidential documents from whistle-blowers and leakers, who are eager to see the site continue with the publishing sensations that drew worldwide attention last year. WikiLeaks released and passed to news organizations huge quantities of secret United States military and diplomatic cables on the wars in Afghanistan and Iraq and other subjects. Among the organizations the group worked with were The New York Times; Der Spiegel, a German newsmagazine; and The Guardian, a British newspaper.

Mr. Assange held the news conference while on a brief break from his effective house arrest on a country estate 100 miles outside London. Limits on his movements are part of the bail conditions imposed on him last year while British courts decide whether to extradite him to Sweden. The authorities there want him to answer questions related to accusations that he sexually abused two women during a visit to Stockholm in the summer of 2010. A British appeals court ruling on the extradition, pending for months, is expected at any time.

At the news conference on Monday, Mr. Assange said he and WikiLeaks were victims of a “conspiracy to smear and destroy” them, led by the United States Treasury, American intelligence agencies and “right-wing” forces in the United States, including powerful corporations led by Bank of America and Visa. He said the attack had also included “high-level calls” to assassinate him and other WikiLeaks associates, but offered no specifics to support the allegation.

The finances of WikiLeaks, and of Mr. Assange personally, have been part of the controversy that has swirled around the organization for the past year. Internal disputes have prompted several of Mr. Assange’s closest associates to quit the organization, and one of the issues they have raised concerns the tight, even secretive, control he maintained over its money.

This year, the Wau Holland Foundation, an organization that has operated as a channel for WikiLeaks donations and as a keeper of the organization’s books, issued a report saying that WikiLeaks raised $1.8 million in 2010, and spent slightly more than $550,000, leaving an apparent surplus of about $1.3 million at the start of 2011. A representative of Wau Holland who appeared with Mr. Assange on Monday at the Frontline Club in London said that its work for WikiLeaks had also been halted by the American financial measures. Asked in an e-mail after the news conference for details of WikiLeaks’ current financial status, Wau Holland said it would respond by the end of the week.

A signal that WikiLeaks was in increasing financial distress came last month when a collection of memorabilia associated with Mr. Assange was put up for sale to raise money for WikiLeaks. The items included a sachet of prison coffee he said he had smuggled out of the Wandsworth jail, where he was briefly held last year before bail was set in the extradition case, and an “exclusive” photograph of Mr. Assange at Ellingham Hall in eastern England, where he has lived since then.

One standout item in the sale was a laptop computer said to have been used in the preparation of the secret American government cables that WikiLeaks released; it was posted at a “buy it now” price of more than $550,000, with the highest early bid coming in at $6,000, according to a BBC report at the time. In a Twitter posting, WikiLeaks vaunted the attractions of the laptop, telling potential buyers, “In this exclusive auction item, you will get the full set of WikiLeaks cables, the WikiLeaks computer and its passwords.”

Mr. Assange responded brusquely on Monday when a reporter asked whether donations to WikiLeaks had been used to finance his extradition battle, with legal bills running into hundreds of thousands of dollars. A posting on the WikiLeaks Web site invites donations to the WikiLeaks and Julian Assange Defense Fund, but Mr. Assange said that no money intended for WikiLeaks had been used for his legal defense.

Last month, Canongate Books, based in Edinburgh, published a 340-page biography of Mr. Assange based on 50 hours of interviews he gave to a writer, Andrew O’Hagan, that were initially intended to yield a memoir. Mr. Assange later repudiated his book contract and, according to newspaper reports, refused to return a $650,000 advance; sales of the book have been sluggish.

Ravi Somaiya contributed reporting.
https://www.nytimes.com/2011/10/25/w...nge-warns.html





Congress Asked to Investigate Internet “Supercookies”
David M. Silverman

Two Congressmen have written a letter to the Federal Trade Commission (FTC) asking the FTC to investigate certain websites’ use of “supercookies” to track the activities of website visitors after they have left the website and without their knowledge. The letter, written by Congressmen Joe Barton (R-TX) and Ed Markey (D-MA), is based on an August Wall Street Journal article discussing their use. The cookies have become a key issue based on concerns they may be placed without knowledge of computer users and are practically invisible to them. Such so-called “supercookies” differ from traditional HTTP cookies that track user data in that they are small files hidden within Adobe Flash and elsewhere that remain on users’ computers even when browsing history and cache are cleared, and can be picked up even when browsing in “private browsing” mode.

A recent study conducted by researchers found 100 Flash cookies placed on users’ computers by 37 of the top 100 websites. Some can even “respawn” traditional HTTP cookies after those cookies have been deleted. However, it appears many of the Flash or “super” cookies are not placed by the owners of the sites where they are obtained, but rather by third party tracking companies utilizing user data for their own purposes. For example, third party trackers were found to have placed cookies on various news and shopping sites. It is unclear whether or to what extent site owners have knowledge of this.

A few years ago, a class action lawsuit was filed in California federal court against various online defendants based on surreptitious placement of Flash cookies, but that suit was settled earlier this year. Since July of this year, however, new class action lawsuits have been filed against other media companies and tracking services for these same activities. Just a couple of weeks ago, the most recent class action lawsuit was filed against Kissmetrics and others for surreptitious placement of cookies and similar files or devices that permit behavioral tracking, based on alleged violations of the Computer Fraud and Abuse, Electronic Communications, and Video Privacy Protection Acts, as well as several state laws.

Those aware of their existence can remove Flash cookies through the “Website Storage Settings Panel” accessible through a computer’s Adobe Flash player. But before computer users begin deleting Flash cookies, they first need to know that they exist. And deleting Flash cookies may not eliminate all tracking files and other devices hidden within the files of users’ computers. It will be interesting to see what comes of the FTC investigation requested by Congressmen Barton and Markey, the pending lawsuits, or perhaps action by Congress itself.
http://oregonbusinessreport.com/2011...-supercookies/





Solar PV Rapidly Becoming the Cheapest Option to Generate Electricity
Kees van der Leun

For a long time, the holy grail of solar photovoltaics (PV) has been "grid parity," the point at which it would be as cheap to generate one's own solar electricity as it is to buy electricity from the grid. And that is indeed an important market milestone, being achieved now in many places around the world. But recently it has become clear that PV is set to go beyond grid parity and become the cheapest way to generate electricity.

Whenever I say this I encounter incredulity, even vehement opposition, from friends and foes of renewable energy alike. Apparently, knowledge of the rapid developments of the last few years has not been widely disseminated. But it's happening, right under our noses! It is essential to understand this so that we can leverage it to rapidly switch to a global energy system fully based on renewable energy.

Solar cells.A hundred solar cells, good for 380 watts of solar PV power.Photo: Ariane van DijkWorking on solar PV energy at Ecofys since 1986, I have seen steady progression: efficiency goes up, cost goes down. But it was only on a 2004 visit to Q-Cells' solar cell factory in Thalheim, Germany, that it dawned on me that PV could become very cheap indeed. They gave me a stack of 100 silicon solar cells, each capable of producing 3.8 watts of power in full sunshine. I still have it in the office; it's only an inch high!

That's when I realized how little silicon was needed to supply the annual electricity consumption of an average European family (4,000 kWh). Under European solar radiation, it would take 1,400 cells, totaling less than 30 pounds of silicon.

Of course, you need to cover the cells with some glass and add a frame, a support structure, some cables, and an inverter. But the fact that 30 pounds of silicon, an amount that costs $700 to produce, is enough to generate a lifetime of household electricity baffled me. Over 25 years, the family would pay at least $25,000 for the same 100,000 kilowatt-hours (kWh) of electricity from fossil fuels -- and its generation cost alone would total over $6,000!

At a very large scale, the cost of manufacturing anything drops to just above the cost of its base materials. As scale goes up, per-unit costs come down. This is known as a "learning curve" -- the price per unit of capacity comes down by x percent for every doubling of cumulatively installed capacity. For solar PV modules, the learning rate has been exceptionally high, averaging 22 percent for the past two decades. The cost of the "balance of system," i.e., all other components needed, follows this trend line closely. So this is what we see happening now in PV:

To unleash the power of a steep learning curve, you need a market driver when costs are still high; we should all be grateful to Germany for playing that role since the introduction of a feed-in tariff there in the year 2000.

Under the German renewable energy scheme, a family or company investing in a solar PV system receives a fixed amount per kWh of solar electricity supplied to the grid. The additional costs are distributed over all users of the grid, nationwide. Successive governments, in varying coalitions, have kept the principle alive, continuously lowering the tariffs as scale went up and cost came down. Contrary to what some believe, competition on the German PV market has always been fierce, which of course is a driving factor behind the ensuing cost (and price) reductions.

In 2004, the feed-in tariff was $0.77 per kWh. For 2012, the tariff for large, ground-based systems is already down to $0.23 per kWh, in spite of eight years of inflation. Expectations are that, even at this low tariff, between 3,500 and 5,000 megawatts of new PV capacity will be installed in Germany next year. This means that the PV supply chain and investors can earn a living at $0.23 per kWh, including operation and maintenance cost, margins, and return on capital.

But that's in Germany. The funny thing is: Germany is not very sunny! Average annual solar radiation in the sunniest parts of the country, where most PV systems are installed, is 1,000 to 1,100 kWh per 10.8 square feet, measured on a horizontal plane. The world map below shows that this is substantially less than in most of the world. In a sunnier region, like the southwestern U.S., solar radiation is double Germany's, so the same installed capacity (in watts) will produce twice as much solar electricity (in kWh). As a consequence, the cost of a solar PV kWh in Arizona is only half of the cost in Germany, i.e., already below $0.12. That's right now, without any subsidies or tax breaks.

But what of the competition? Aside from PV, the bulk of new power plants these days are either natural gas-fired, coal-fired, or wind energy. Nuclear is a would-be competitor, but so little of it has been built in recent decades that real cost data are scarce; the trend seems to be sharply up, however, and little is known about the cost of additional post-Fukushima safety measures.

Costs vary per country, and fossil fuels mostly don't get the right costs allocated for their CO2 emissions, but let's take two recent studies for the U.S. here. The Brattle Group published the Connecticut Integrated Resource Plan in 2008. They found levelized cost per kWh for natural gas-fired power plants to be $0.076 to $0.092, and for coal, $0.086, both without carbon capture and storage. And in 2009, MIT issued its Update on the Cost of Nuclear Power, in which they found levelized cost per kWh for nuclear's competitors of $0.062 (coal) and $0.065 (natural gas), without any charge for CO2 emissions.

The cost of wind energy is already close to competitive with gas and coal. The recent Global Status Report by REN21 states its kWh-cost for suitable locations as $0.05 to $0.09, for an average of $0.07. Wind power cost is still decreasing, due to learning effects, but at a much lower rate than the cost of PV.

It is highly unlikely that fossil fuels will get away without any charge for CO2 emissions in the long run. In a growing number of countries, such as the 27 countries of the European Union and Australia, this market distortion has already (mostly) come to an end. But let's assume that the cost of solar PV electricity needs to drop to below $0.06 per kWh to live up to the claim that it's the cheapest source of electricity. In sunny regions, we will need to halve the cost of PV power again to make that happen. Three doublings of cumulative capacity will do, since, according to PV's rapid learning curve, every doubling of capacity leads to a cost reduction of 22 percent. After three doublings the cost will be multiplied by 0.78 * 0.78 * 0.78 = 0.47.

Cumulative installed PV capacity globally was 40 gigawatts (GW) at the end of last year. Three doublings mean this has to grow by a factor of eight, to 320 GW, to achieve the necessary halving of cost. From 2005 to 2010, PV capacity installed annually grew by an average of 49 percent per year. Even if this slows down to 25 percent per year in the near future, we will reach 320 GW in 2018 -- that's only seven years from now!

To be sure, that was starting from a present PV kWh cost of $0.12, valid for sunny regions like the Southwest U.S. As can be seen from the solar map above, the regions with at least comparable solar radiation include most of Latin America, Africa, the Middle East, Australia, and large swaths of Asia, including all of India. For all those regions, PV will be the cheapest option by 2018. After that, further increases in cumulatively installed capacity will drive PV cost further down, making it grow swiftly in the regions in which it is the cheapest option to generate electricity.

This development does not, in itself, make life easy. Developing a world energy system that runs on 100 percent renewable energy by 2050 is a major and complex global effort, involving large investments in energy efficiency, renewable energy, and infrastructure, as we have shown in "The Energy Report" [PDF]. But it sure helps a lot!
http://www.grist.org/solar-power/201...te-electricity





US to Fund Aggressive Technology that Cuts Solar Power Costs 75%

In 10 years, the Department of Energy wants to get to solar power costs down to 6¢/kWh from current 21¢/kWh
Layer 8

nasa sun shotThe US Department of Energy wants researchers and scientists to "think outside the box" and come up "highly disruptive Concentrating Solar Power technologies that will meet 6¢/kWh cost targets by the end of the decade."

The DOE's "SunShot Concentrating Solar Power R&D" is a multimillion dollar endeavor that intends to look beyond what it calls incremental near-term to support research into transformative technologies that will break through performance barriers known today such as efficiency and temperature limitations.

More on energy: 10 hot energy projects that could electrify the world

The SunShot initiative expects researchers to demonstrate and prove new concepts in the solar collector, receiver, and power cycle subsystems, including associated hardware. The DOE says the CSP realm is composed of a variety of technologies, which convert sunlight into thermal energy, and then use this thermal energy to generate electricity.

There are four demonstrated types of CSP systems: collector field, receiver, thermal storage, and power block. All of involve converting sunlight into thermal energy for use in a heat-driven engine and all must be revolutionized if the cost of solar energy are to be reduced. The DOE noted that the collector field technologies typically represent the largest single capital investment in a CSP plant and is typically composed of many individual collectors, and as such advanced manufacturing, assembly, and installation processes will be considered for Sunshot.

"The overarching goal of the SunShot Initiative is reaching cost parity with baseload energy rates, estimated to be 6¢/kWh without economic support, which would pave the way for rapid and large-scale adoption of solar electricity across the United States. SunShot aims to reduce the total costs of solar energy systems by about 75% by the end of the decade. Beyond the technical goal of reducing total cost by 75%, the objectives of the SunShot Initiative are to boost the US economic competitiveness and manufacturing of solar technologies within the US," the DOE stated.

SunShot-level cost reductions likely include an increase in system efficiency by moving to higher-temperature operation, such as maximizing power-cycle efficiency without sacrificing efficiency elsewhere in the system (minimizing optical and thermal efficiency losses). Likewise, reducing the cost of the solar field and developing high-temperature thermal energy storage compatible with high-efficiency, high-temperature power cycles are critical to driving costs down further, the DOE stated.

The DOE cited a few examples of potential project areas for development:

• Alternative or optimized collector support structures.
• Novel materials for collector structures.
• Low-cost drives and accurate controls.
• Autonomous collector power and control.
• Alternative receiver designs for high-temperature operation.
• Novel receiver materials and selective coatings.
• High-efficiency, high-temperature power cycles.
• Innovative combined-cycle configurations.
• High temperature heat exchangers compatible with advanced power cycles.
• Advanced designs and materials for hardware (e.g. pumps, valves/packing, piping).
• Highly automated collector field manufacturing facilities and equipment.
• Rapid field installation and minimal site preparation techniques.
• Novel CSP components and systems.

https://www.networkworld.com/communi...uts-solar-powe





Corning's New Lotus Glass Promises Higher-Resolution Displays, More
Casey Johnston

Corning, the developers of Gorilla Glass, announced the launch of a new display material named Lotus Glass for use with LCD and OLED screens today in a press release. The company says Lotus Glass has more "thermal and dimensional stability," which will allow it to better withstand the process of attaching high-resolution displays and implementing “tighter design rules.”

LCD glass substrates can require intense heating and cooling cycles to create screens, particularly for higher-resolution displays, Corning says. Lotus Glass has a higher annealing point than Gorilla Glass, meaning more heat is required for the material to relax internal stresses and forces.

Because Lotus Glass can withstand heat better, it’s in less danger of warping or sagging while “advanced backplanes” are applied (backplanes on screens contain the circuits that control the pixels on the screen). Very hot temperatures aren’t required to make nice displays—for instance, AMOLED displays can use low-temperature (150ºC) poly-silicone as a backplane—but more resilient glass could reduce the current rate of screen imperfections.

According to Corning, Lotus Glass will allow for screens with “higher resolution and faster response times.” We’re not sure it's just the Gorilla Glass that is holding these specs back on the current crop of smartphones and tablets, but every little bit helps. Corning did not respond to requests for comment on which manufacturers, if any, it has locked down for Lotus Glass contracts, but its press release states that the glass “has been qualified and is in production.”
http://arstechnica.com/gadgets/news/...plays-more.ars





John McCarthy, 84, Dies; Computer Design Pioneer
John Markoff

John McCarthy, a computer scientist who helped design the foundation of today’s Internet-based computing and who is widely credited with coining the term for a frontier of research he helped pioneer, Artificial Intelligence, or A.I., died on Monday at his home in Stanford, Calif. He was 84.

The cause was complications of heart disease, his daughter Sarah McCarthy said.

Dr. McCarthy’s career followed the arc of modern computing. Trained as a mathematician, he was responsible for seminal advances in the field and was often called the father of computer time-sharing, a major development of the 1960s that enabled many people and organizations to draw simultaneously from a single computer source, like a mainframe, without having to own one.

By lowering costs, it allowed more people to use computers and laid the groundwork for the interactive computing of today.

Though he did not foresee the rise of the personal computer, Dr. McCarthy was prophetic in describing the implications of other technological advances decades before they gained currency.

“In the early 1970s, he presented a paper in France on buying and selling by computer, what is now called electronic commerce,” said Whitfield Diffie, an Internet security expert who worked as a researcher for Dr. McCarthy at the Stanford Artificial Intelligence Laboratory.

And in the study of artificial intelligence, “no one is more influential than John,” Mr. Diffie said.

While teaching mathematics at Dartmouth in 1956, Dr. McCarthy was the principal organizer of the first Dartmouth Conference on Artificial Intelligence.

The idea of simulating human intelligence had been discussed for decades, but the term “artificial intelligence” — originally used to help raise funds to support the conference — stuck.

In 1958, Dr. McCarthy moved to the Massachusetts Institute of Technology, where, with Marvin Minsky, he founded the Artificial Intelligence Laboratory. It was at M.I.T. that he began working on what he called List Processing Language, or Lisp, a computer language that became the standard tool for artificial intelligence research and design.

Around the same time he came up with a technique called garbage collection, in which pieces of computer code that are not needed by a running computation are automatically removed from the computer’s random access memory.

He developed the technique in 1959 and added it to Lisp. That technique is now routinely used in Java and other programming languages.

His M.I.T. work also led to fundamental advances in software and operating systems. In one, he was instrumental in developing the first time-sharing system for mainframe computers.

The power of that invention would come to shape Dr. McCarthy’s worldview to such an extent that when the first personal computers emerged with local computing and storage in the 1970s, he belittled them as toys.

Rather, he predicted, wrongly, that in the future everyone would have a relatively simple and inexpensive computer terminal in the home linked to a shared, centralized mainframe and use it as an electronic portal to the worlds of commerce and news and entertainment media.

Dr. McCarthy, who taught briefly at Stanford in the early 1950s, returned there in 1962 and in 1964 became the founding director of the Stanford Artificial Intelligence Laboratory, or SAIL. Its optimistic, space-age goal, with financial backing from the Pentagon, was to create a working artificial intelligence system within a decade.

Years later he developed a healthy respect for the challenge, saying that creating a “thinking machine” would require “1.8 Einsteins and one-tenth the resources of the Manhattan Project.”

Artificial intelligence is still thought to be far in the future, though tremendous progress has been made in systems that mimic many human skills, including vision, listening, reasoning and, in robotics, the movements of limbs. From the mid-’60s to the mid-’70s, the Stanford lab played a vital role in creating some of these technologies, including robotics and machine-vision natural language.

In 1972, the laboratory drew national attention when Stewart Brand, the founder of The Whole Earth Catalog, wrote about it in Rolling Stone magazine under the headline “SPACEWAR: Fanatic Life and Symbolic Death Among the Computer Bums.” The article evoked the esprit de corps of a group of researchers who had been freed to create their own virtual worlds, foreshadowing the emergence of cyberspace. “Ready or not, computers are coming to the people,” Mr. Brand wrote.

Dr. McCarthy had begun inviting the Homebrew Computer Club, a Silicon Valley hobbyist group, to meet at the Stanford lab. Among its growing membership were Steven P. Jobs and Steven Wozniak, who would go on to found Apple. Mr. Wozniak designed his first personal computer prototype, the Apple 1, to share with his Homebrew friends.

But Dr. McCarthy still cast a jaundiced eye on personal computing. In the second Homebrew newsletter, he suggested the formation of a “Bay Area Home Terminal Club,” to provide computer access on a shared Digital Equipment computer. He thought a user fee of $75 a month would be reasonable.

Though Dr. McCarthy would initially miss the significance of the PC, his early thinking on electronic commerce would influence Mr. Diffie at the Stanford lab. Drawing on those ideas, Mr. Diffie began thinking about what would replace the paper personal check in an all-electronic world.

He and two other researchers went on to develop the basic idea of public key cryptography, which is now the basis of all modern electronic banking and commerce, providing secure interaction between a consumer and a business.

A chess enthusiast, Dr. McCarthy had begun working on chess-playing computer programs in the 1950s at Dartmouth. Shortly after joining the Stanford lab, he engaged a group of Soviet computer scientists in an intercontinental chess match after he discovered they had a chess-playing computer. Played by telegraph, the match consisted of four games and lasted almost a year. The Soviet scientists won.

John McCarthy was born on Sept. 4, 1927, into a politically engaged family in Boston. His father, John Patrick McCarthy, was an Irish immigrant and a labor organizer.

His mother, the former Ida Glatt, a Lithuanian Jewish immigrant, was active in the suffrage movement. Both parents were members of the Communist Party. The family later moved to Los Angeles in part because of John’s respiratory problems.

He entered the California Institute of Technology in 1944 and went on to graduate studies at Princeton, where he was a colleague of John Forbes Nash Jr., the Nobel Prize-winning economist and subject of Sylvia Nasar’s book “A Beautiful Mind,” which was adapted into a movie.

At Princeton, in 1949, he briefly joined the local Communist Party cell, which had two other members: a cleaning woman and a gardener, he told an interviewer. But he quit the party shortly afterward.

In the ’60s, as the Vietnam War escalated, his politics took a conservative turn as he grew disenchanted with leftist politics.

In 1971 Dr. McCarthy received the Turing Award, the most prestigious given by the Association of Computing Machinery, for his work in artificial intelligence. He was awarded the Kyoto Prize in 1988, the National Medal of Science in 1991 and the Benjamin Franklin Medal in 2003.

Dr. McCarthy was married three times. His second wife, Vera Watson, a member of the American Women’s Himalayan Expedition, died in a climbing accident on Annapurna in 1978.

Besides his daughter Sarah, of Nevada City, Calif., he is survived by his wife, Carolyn Talcott, of Stanford; another daughter, Susan McCarthy, of San Francisco; and a son, Timothy, of Stanford.

He remained an independent thinker throughout his life. Some years ago, one of his daughters presented him with a license plate bearing one of his favorite aphorisms: “Do the arithmetic or be doomed to talk nonsense.”
https://www.nytimes.com/2011/10/26/s...6mccarthy.html





A Silicon Valley School That Doesn’t Compute
Matt Richtel

The chief technology officer of eBay sends his children to a nine-classroom school here. So do employees of Silicon Valley giants like Google, Apple, Yahoo and Hewlett-Packard.

But the school’s chief teaching tools are anything but high-tech: pens and paper, knitting needles and, occasionally, mud. Not a computer to be found. No screens at all. They are not allowed in the classroom, and the school even frowns on their use at home.

Schools nationwide have rushed to supply their classrooms with computers, and many policy makers say it is foolish to do otherwise. But the contrarian point of view can be found at the epicenter of the tech economy, where some parents and educators have a message: computers and schools don’t mix.

This is the Waldorf School of the Peninsula, one of around 160 Waldorf schools in the country that subscribe to a teaching philosophy focused on physical activity and learning through creative, hands-on tasks. Those who endorse this approach say computers inhibit creative thinking, movement, human interaction and attention spans.

The Waldorf method is nearly a century old, but its foothold here among the digerati puts into sharp relief an intensifying debate about the role of computers in education.

“I fundamentally reject the notion you need technology aids in grammar school,” said Alan Eagle, 50, whose daughter, Andie, is one of the 196 children at the Waldorf elementary school; his son William, 13, is at the nearby middle school. “The idea that an app on an iPad can better teach my kids to read or do arithmetic, that’s ridiculous.”

Mr. Eagle knows a bit about technology. He holds a computer science degree from Dartmouth and works in executive communications at Google, where he has written speeches for the chairman, Eric E. Schmidt. He uses an iPad and a smartphone. But he says his daughter, a fifth grader, “doesn’t know how to use Google,” and his son is just learning. (Starting in eighth grade, the school endorses the limited use of gadgets.)

Three-quarters of the students here have parents with a strong high-tech connection. Mr. Eagle, like other parents, sees no contradiction. Technology, he says, has its time and place: “If I worked at Miramax and made good, artsy, rated R movies, I wouldn’t want my kids to see them until they were 17.”

While other schools in the region brag about their wired classrooms, the Waldorf school embraces a simple, retro look — blackboards with colorful chalk, bookshelves with encyclopedias, wooden desks filled with workbooks and No. 2 pencils.

On a recent Tuesday, Andie Eagle and her fifth-grade classmates refreshed their knitting skills, crisscrossing wooden needles around balls of yarn, making fabric swatches. It’s an activity the school says helps develop problem-solving, patterning, math skills and coordination. The long-term goal: make socks.

Down the hall, a teacher drilled third-graders on multiplication by asking them to pretend to turn their bodies into lightning bolts. She asked them a math problem — four times five — and, in unison, they shouted “20” and zapped their fingers at the number on the blackboard. A roomful of human calculators.

In second grade, students standing in a circle learned language skills by repeating verses after the teacher, while simultaneously playing catch with bean bags. It’s an exercise aimed at synchronizing body and brain. Here, as in other classes, the day can start with a recitation or verse about God that reflects a nondenominational emphasis on the divine.

Andie’s teacher, Cathy Waheed, who is a former computer engineer, tries to make learning both irresistible and highly tactile. Last year she taught fractions by having the children cut up food — apples, quesadillas, cake — into quarters, halves and sixteenths.

“For three weeks, we ate our way through fractions,” she said. “When I made enough fractional pieces of cake to feed everyone, do you think I had their attention?”

Some education experts say that the push to equip classrooms with computers is unwarranted because studies do not clearly show that this leads to better test scores or other measurable gains.

Is learning through cake fractions and knitting any better? The Waldorf advocates make it tough to compare, partly because as private schools they administer no standardized tests in elementary grades. And they would be the first to admit that their early-grade students may not score well on such tests because, they say, they don’t drill them on a standardized math and reading curriculum.

When asked for evidence of the schools’ effectiveness, the Association of Waldorf Schools of North America points to research by an affiliated group showing that 94 percent of students graduating from Waldorf high schools in the United States between 1994 and 2004 attended college, with many heading to prestigious institutions like Oberlin, Berkeley and Vassar.

Of course, that figure may not be surprising, given that these are students from families that value education highly enough to seek out a selective private school, and usually have the means to pay for it. And it is difficult to separate the effects of the low-tech instructional methods from other factors. For example, parents of students at the Los Altos school say it attracts great teachers who go through extensive training in the Waldorf approach, creating a strong sense of mission that can be lacking in other schools.

Absent clear evidence, the debate comes down to subjectivity, parental choice and a difference of opinion over a single world: engagement. Advocates for equipping schools with technology say computers can hold students’ attention and, in fact, that young people who have been weaned on electronic devices will not tune in without them.

Ann Flynn, director of education technology for the National School Boards Association, which represents school boards nationwide, said computers were essential. “If schools have access to the tools and can afford them, but are not using the tools, they are cheating our children,” Ms. Flynn said.

Paul Thomas, a former teacher and an associate professor of education at Furman University, who has written 12 books about public educational methods, disagreed, saying that “a spare approach to technology in the classroom will always benefit learning.”

“Teaching is a human experience,” he said. “Technology is a distraction when we need literacy, numeracy and critical thinking.”

And Waldorf parents argue that real engagement comes from great teachers with interesting lesson plans.

“Engagement is about human contact, the contact with the teacher, the contact with their peers,” said Pierre Laurent, 50, who works at a high-tech start-up and formerly worked at Intel and Microsoft. He has three children in Waldorf schools, which so impressed the family that his wife, Monica, joined one as a teacher in 2006.

And where advocates for stocking classrooms with technology say children need computer time to compete in the modern world, Waldorf parents counter: what’s the rush, given how easy it is to pick up those skills?

“It’s supereasy. It’s like learning to use toothpaste,” Mr. Eagle said. “At Google and all these places, we make technology as brain-dead easy to use as possible. There’s no reason why kids can’t figure it out when they get older.”

There are also plenty of high-tech parents at a Waldorf school in San Francisco and just north of it at the Greenwood School in Mill Valley, which doesn’t have Waldorf accreditation but is inspired by its principles.

California has some 40 Waldorf schools, giving it a disproportionate share — perhaps because the movement is growing roots here, said Lucy Wurtz, who, along with her husband, Brad, helped found the Waldorf high school in Los Altos in 2007. Mr. Wurtz is chief executive of Power Assure, which helps computer data centers reduce their energy load.

The Waldorf experience does not come cheap: annual tuition at the Silicon Valley schools is $17,750 for kindergarten through eighth grade and $24,400 for high school, though Ms. Wurtz said financial assistance was available. She says the typical Waldorf parent, who has a range of elite private and public schools to choose from, tends to be liberal and highly educated, with strong views about education; they also have a knowledge that when they are ready to teach their children about technology they have ample access and expertise at home.

The students, meanwhile, say they don’t pine for technology, nor have they gone completely cold turkey. Andie Eagle and her fifth-grade classmates say they occasionally watch movies. One girl, whose father works as an Apple engineer, says he sometimes asks her to test games he is debugging. One boy plays with flight-simulator programs on weekends.

The students say they can become frustrated when their parents and relatives get so wrapped up in phones and other devices. Aurad Kamkar, 11, said he recently went to visit cousins and found himself sitting around with five of them playing with their gadgets, not paying attention to him or each other. He started waving his arms at them: “I said: ‘Hello guys, I’m here.’ ”

Finn Heilig, 10, whose father works at Google, says he liked learning with pen and paper — rather than on a computer — because he could monitor his progress over the years.

“You can look back and see how sloppy your handwriting was in first grade. You can’t do that with computers ’cause all the letters are the same,” Finn said. “Besides, if you learn to write on paper, you can still write if water spills on the computer or the power goes out.”
https://www.nytimes.com/2011/10/23/t...-can-wait.html





Like the Best Zombies, VHS Just Won’t Die
Erik Piepenburg

FOR horror fans like Evan Husney, a movie that looks like it’s been art-directed to death is a real killer.

“It’s hard to get into the aesthetic of shakycam, pretty people, safe scares — like something jumping out at you — and the digital photography and CG blood,” he said.

Mr. Husney, the director of the independent distribution company Drafthouse Films, is part of a small but devoted subset of fans, distributors and programmers who thrill to low-budget horror from the movies of the 1980s: the kind in which brains were made of Jell-O and the cast was paid in wine coolers. These fans aren’t watching movies on a tablet or DVD. Instead they’re blowing the dust off their VCRs and sliding in movies that have been newly released on the behemoths known as VHS tapes.

David A. Prior’s shot-on-tape slasher film “Sledgehammer” (1983), released by Intervision on VHS (and DVD) this year, is a good example of the appeal of neo-VHS. The plot is Horror 101: Young people spend a night at a remote house unaware that a shape-shifting, maniacal man-child is out for blood. Originally shot on tape, the movie has the dime-store feel so appreciated by VHS fans: With spotty lighting and a droning synthesizer for a score, the slow-mo is extra slow, the blood is too runny, and the set looks like taped-together plywood. The acting is equally wooden.

“I enjoy the aesthetics of VHS,” said Josh Schafer, the founder of the horror magazine Lunchmeat. “I like putting it in the VCR and rewinding and pausing and fast-forwarding. It’s an experience nobody gets to do anymore because they consider VHS dead.”

To meet the demands of the video-obsessed horror consumer — many of whom weren’t even born when VCRs were in their heyday — several distributors are releasing (or rereleasing) selected ’80s titles on VHS as well as DVD. Intervision also recently put out VHS versions of “Things” (1989), a Canadian exploitation film about a bloodthirsty alien that grows from a woman’s womb. Camp Motion Pictures, which specializes in ’80s DIY cinema, is selling a five-movie boxed set of schlock horror that includes a red cassette copy of Timothy O’Rawe’s never-before-released “Basement” (1989), an anthology of horror shorts similar to “Tales From the Crypt.”

More recent films are also embracing the VHS new wave. Andrew Copp’s exploitation film “The Mutilation Man” (1998) came out on VHS this month. Wild Eye Releasing will be putting out four titles, including “The Bloody Ape,” a 1997 Super-8 version of “Murders in the Rue Morgue,” on VHS in January. Ti West’s 2009 retro-horror film “House of the Devil” is one the few bigger-budget, critically acclaimed titles currently available on the format.

Dan Kinem, who writes for a blog devoted to VHS culture, said the terrible quality of VHS “works well” for the horror genre.

“You just don’t get the same feeling in a pristine print of a DVD,” Mr. Kinem said. “With VHS it’s like I’m experiencing an old grind-house movie theater. I would never watch them on a computer.” The distribution arm of the blog for which he writes will release the 1986 micro-budget horror film “Gore-Met Zombie Chef From Hell” on VHS this year.

Paige Kay Davis, the director of business development for Camp Motion Pictures, chalked up the popularity of the format — sales of “The Basement” exceeded her company’s expectations, though she wouldn’t give figures — to a mix of nostalgia, remorse and discovery.

“VHS represents a period when you could walk into a mom-and-pop video store, and what you could rent was limited to what was right in front of you,” Ms. Davis said. “There were these amazing illustrations on the big boxes, and no one had any idea what the movie was. You were taking a gamble. It’s the opposite of instant gratification.”

Releasing films on VHS can be a chore. The titles tend to be obscure, and many were shot only on low-quality video to begin with. It can be hard to track down who owns the rights. Hiring a company to produce boxes and labels for a product that was thought to be obsolete can be expensive.

Willing to deal with those hassles is a small cottage industry of microdistributors. Louis Justin, the 21-year-old owner of the one-man company Massacre Video, in Michigan, released Wally Koz’s 1988 splatter video “555” this month on VHS and a limited-edition DVD packaged to look like something that would be found at that mom-and-pop store.

“I was not around during the main VHS boom, but I’ve never liked DVDs,” said Mr. Justin, who has a VHS tape tattooed on his arm. “When I was younger and I went to the record store, my parents would push me to get the CD, but I wanted the cassette. I’m an analog nerd.”

At a time when movies live in digital clouds, holding a VHS release in your hands — eye-popping artwork! liner notes! foldout posters! — is an experience that fans who grew up in the DVD era say is a lost pleasure.

“VHS is cumbersome,” said Mr. Husney (who was creative director of Intervision before moving to Drafthouse). “You have to maintain it. It has to fit on a shelf. You may have to dust it off. But you also get to interact with a piece of art on a personal level.”

He isn’t alone in his view that this is art. Joseph Ziemba, the founder of the horror film Web site bleedingskull.com, said watching ’80s horror on VHS is akin to “the fulfillment of a Chaplin or Cassavetes film.”

“They put me in a place that no other films can put me,” Mr. Ziemba, 34, said. “They are so disconnected from reality. They feel as if they are not crafted by humans, but they are.”

Tapping into this market, VHS nights are being programmed at a handful of theaters across the country, including Cinefamily in Los Angeles; the Alamo Drafthouse in Austin, Tex.; and, in Williamsburg, Brooklyn, at the Spectacle Theater and Nighthawk Cinema (where films are sometimes projected via VCR).

“The best way to watch is to know nothing about how it was created, like it was a tape that was found buried in a ditch or was found unmarked at a Goodwill,” Mr. Husney advised. “You don’t want to know it was a bunch of drunk friends making a movie.”
https://www.nytimes.com/2011/10/30/m...-vhs-tape.html
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 22nd, October 15th, October 8th, October 1st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black