Essential networking tips

for small business

Android KitKat Unveiled

Suprising move by Google

Windows 8

Nine unanswered questions about the new OS

Pioneer 15x Blu-ray burner

coming soon for under $100

Friday, December 28, 2012

Ransomware scammers push panic button with bogus claims

No sign that newest cyber extortion racket wipes Windows PCs' hard drives, says Symantec

Cyber extortionists shilling "ransomware" have upped the ante by pushing users' panic buttons with claims that their malware will wipe hard drives, a security firm said Monday.

The claim is bogus, said Symantec, and is simply a ploy by scammers preying on people's fears.
"This is an attempt to extort money from computer users by taking advantage of human weakness when under panic and pressure," wrote Symantec researcher Jeet Morparia in a Dec. 24 blog post.

Ransomware is a long-standing label for malware that, once on a personal computer, cripples the machine or encrypts its files, then displays a ransom note that demands payment to restore control to the owner. The technique, flatly called "an extortion racket" by Symantec last month, has been in use for at least six years. Until relatively recently, it was rare and ineffective and seen mostly in Eastern Europe.

The new ransomware variant, which Symantec identified as "Trojan.Ransomlock.G" but is called "Reveton" by other antivirus vendors, claims that any move to circumvent the lockdown will trigger disaster.

"An attempt to unlock the computer by yourself will lead to the full formatting of the operating system. All the files, videos, photos, documents on your computer will be deleted," the on-screen message reads.

Not true, said Morparia, who added that Symantec's analysis found no disk wiping capability in the malware's code. More importantly, Symantec was able to remove Ransomlock.G and unlock the machine without any formatting taking place or files deleted.

The new version also featured other changes, Morparia said, including a $100 price hike, from $200 to $300, to "unlock" the PC, and a fake deadline of 48 hours shown by an on-screen countdown timer.
Symantec credited a blogger nicknamed "Kafeine" for reporting the purported wiping skills of the ransomware. In turn, Kafeine tipped a hat to another security company, Trend Micro, for finding the variant on Dec. 10.

Ransomlock poses as a message from law enforcement, and adapts to its victims' locales: For example, U.S. users see a message supposedly from the Department of Justice's FBI, while German users see one allegedly from the Bundesamt für Polizei, Germany's federal police.

The messages claim that the user has violated one or more laws. Those posing as from the FBI, for instance, listed child pornography, copyright and software licensing laws, and alleged that the victim has been monitored -- including via the computer's built-in webcam -- viewing child pornography.

In November, Symantec released a report describing the rapid expansion of ransomware into Western markets from its Eastern European origins, and the millions criminals have reaped from their scams.

Morparia urged victims not to give in to the extortionists -- "DO NOT PAY THE RANSOM," he wrote, figuratively shouting with uppercase characters -- and instead told them to remove the malware. Symantec provides a free tool, Norton Power Eraser, that seeks out and destroys ransomware and other forms of "scareware," like fake antivirus software.


Researchers find malware targeting Java HTTP servers

The malware has backdoor functionality and runs as a JavaServer Page (JSP) file

Security researchers from antivirus vendor Trend Micro have uncovered a piece of backdoor-type malware that infects Java-based HTTP servers and allows attackers to execute malicious commands on the underlying systems.

The threat, known as BKDR_JAVAWAR.JG, comes in the form of a JavaServer Page (JSP), a type of Web page that can only be deployed and served from a specialized Web server with a Java servlet container, such as Apache Tomcat.

Once this page is deployed, the attacker can access it remotely and can use its functions to browse, upload, edit, delete, download or copy files from the infected system using a Web console interface.

This is similar to the functionality provided by PHP-based backdoors, commonly known as PHP Web shells.

"Aside from gaining access to sensitive information, an attacker gains control of the infected system thru the backdoor and can carry out more malicious commands onto the vulnerable server," Trend Micro researchers said Thursday in a blog post.

This JSP backdoor can be installed by other malware already running on the system that hosts the Java-based HTTP server and Java servlet container or can be downloaded when browsing to malicious websites from such a system.

According to Trend Micro's technical notes, the malware targets systems running Windows 2000, Windows Server 2003, Windows XP, Windows Vista and Windows 7.

"Another possible attack scenario is when an attacker checks for websites powered by Apache Tomcat then attempts to access the Tomcat Web Application Manager," the Trend Micro researchers said. "Using a password cracking tool, cybercriminals are able to login and gain manager/administrative rights allowing the deployment of Web application archive (WAR) files packaged with the backdoor to the server."

In order to protect their servers from such threats, administrators should use strong passwords that cannot be easily cracked by using brute force tools, should deploy all security updates available for their systems and software and should avoid visiting unknown and untrusted websites, the Trend Micro researchers said.

By Lucian Constantin

Drones, phones and other 2012 privacy threats

New law enforcement and marketing tools and technologies keep privacy advocates on their toes

Verizon's attempt -- unsuccessful so far -- to secure a patent for a so-called 'snooping technology,' which in this case would let television advertisers target individual viewers based on what they're doing or saying in front of their sets, capped another challenging year for privacy advocates.

Verizon's snooping technology and TV ads

The Verizon technology, which includes a sensor/camera housed in a set-top box, would determine the activities of individual viewers -- eating, playing, cuddling, laughing, singing, fighting or gesturing -- and then trigger personal advertisements based on the activities.

Overall, the technology would serve targeted ads based on what the user is doing, who the user is, his or her surroundings, and any other suitable personal information, according to Verizon.

The U.S. Patent Office delivered a "non-final" rejection of Verizon's application in November.

But analysts say that because engineers are already working on such technology, it's a cinch that some kind of similar technology will be included in TV set-top boxes in the not too distant future.

Here, in no particular order, are other developments in 2012 that could have a major long-term impact on privacy:

The U.S. drone law: Eye in the sky

The Federal Aviation Administration Modernization and Reform Act of 2012, signed into law by President Barack Obama in February, was immediately slammed by rights groups, privacy advocates and lawmakers who contended that the law poses a major threat to the privacy of law-abiding citizens.

The bill, still largely unnoticed by the general public, opens up American airspace to commercial unmanned aerial vehicles (UAVs), better known as drones. Over the next few years, the FAA is expected to license the use of as many as 30,000 drones by border patrol agents, government agencies, state and local law enforcement agencies as well as businesses.

The powerful drone lobby has done much to highlight the benefits of drones in tracking fugitive criminals, managing traffic, monitoring crops, conducting land management activities, news reporting and filmmaking.

Numerous agencies, including the Department of Homeland Security, NASA, the FBI. the border patrol, and local police departments have secured licenses to operate drones in U.S. airspace.
Rights advocates argue that the law includes no meaningful guidelines for protecting privacy rights.
The advocates warn that drones equipped with facial recognition cameras, license plate scanners, thermal imaging cameras, open WiFi sniffers, and other sensors could be used for general public safety surveillance.

The Center for Democracy and Technology earlier this year noted that static surveillance technology like closed circuit television cameras cannot track individuals beyond their fields of vision. But drones, the group contended, can peek into backyards and be used -- without a warrant -- to track individuals pervasively.

A drone flying at a height of 400 feet or more would likely be considered to be operating in a public space. So, the center argues, while police would need a warrant to peer over a private fence, they would not need one to use a drone to observe an individual in his or her backyard.

Warrantless cellphone location tracking: What Fourth Amendment?

Despite a major U.S. Supreme Court ruling in January on the constitutionality of GPS tracking by law enforcement agencies, the overall issue of location tracking of individuals remained as murky as ever in 2012.

Cellphones and other mobile devices offer criminal investigators a powerful tool for tracking suspects. Local police departments often use realtime cellphone data track individuals. In addition, historical cellphone data is often gathered -- without a warrant -- by police to track past activities of suspected criminals.

In a case now being heard by the U.S Fifth Circuit Court of Appeals, federal prosecutors maintain that there can be no reasonable expectation of privacy in historical cell phone location data that is collected and maintained by phone companies.

According to prosecutors, the Stored Communications Act (SCA) of 1986 allows them to use a relatively easy-to-obtain court order to force a carrier to turn over a person's historical cell-site location information.

The Sixth Circuit Court of Appeals in August agreed with that assessment, ruling that Fourth Amendment protections do not apply to cellphone location data.

Others courts, however, have ruled that cellphone data is protected.

Privacy advocates have expressed frustration at what they call a continuing lack of clarity over the issue.

Many contend that warrantless cellphone tracking goes against all reasonable expectations of privacy and, in many cases, violates Fourth Amendment prohibitions against unreasonable search.

The advocates say that location data from cellphones and other mobile devices allow law enforcement officials to gather extremely detailed and protected information about an individual.

In a landmark ruling in June, the U.S. Supreme Court agreed with privacy advocates that law enforcement officials need to first obtain a search warrant based on probable cause before conducting some types of location tracking.

However, the court's decision pertained only to the issue of warrantless GPS tracking. It did not address the crucial and much broader issue of whether similar tracking using cellphone data and other geo-tracking devices requires a warrant.

That lack of guidance leaves the door open for all sorts of warrantless cellphone tracking by the government and all sorts of interpretation of those actions by the courts, privacy advocates say.

Internet and mobile privacy: Or the continuing lack thereof

For several years, consumer rights groups and others have been calling on Congress to create regulations governing how Internet companies, online advertisers, mobile service providers and mobile application providers can collect and use consumer data.

Despite some movement in attracting the attention of legislators, 2012 is set to close without any major changes to online consumer privacy rules.

The Consumer Privacy Bill of Rights , released by the Obama Administration in February, sought to encourage the creation of new industry standards for collecting, sharing, storing and using private data on the Internet and mobile networks.

The administration said at the time that the document is part of an effort to require that companies limit the collection of personal data, protect any sensitive data collected, and give consumers the right to access and to correct mistakes in personal data collected by Internet service providers, carriers and mobile application companies.

While many consumer rights groups and privacy advocates have praised the Administration's intent, they have expressed disappointment at the continued focus on industry self-regulation.

Many of them fear that the "multi-stakeholder process" outlined in Obama's Consumer Bill of Rights will be hijacked by deep-pocketed Internet companies with little real concern for consumer privacy.

The consumer advocacy groups continue to maintain that meaningful privacy protections can result only from strong legislation.

Predictably, industry groups such as the Digital Advertising Alliance, the Interactive Advertising Bureau and the Direct Marketers Association have cautioned against any legislation and have insisted that self-regulation is the best way forward.

NYC Domain Awareness System: Surveillance city?

A New York City-wide Domain Awareness System (DAS) rolled out by the New York Police Department (NYPD) in July has left groups like the American Civil Liberties Union uneasy about its privacy implications.

The city's data aggregation and real-time analytics tool, built in collaboration with Microsoft, is designed to combat crime and terror threats in the city.

The system gives city police a way to quickly aggregate and analyze data from 3,000 surveillance cameras, along with license plate readers, radiation detectors, 911 calls and multiple public safety databases.

Housed in the Lower Manhattan Security Initiative command center, DAS is designed to provide real-time alerts on potential security threats. Operators and analysts at the command center can use the system's graphical interface to quickly pull up and correlate public safety, geospatial, chronological and other information that might be relevant to an unfolding event.

While city officials have described the system as an invaluable security tool, the ACLU and others have expressed concern about its privacy implications.

For instance, some fear that DAS -- and especially components like its license plate readers -- make it much easier for police to track and conduct warrantless surveillance of individuals and groups.
It's too soon to measure the extent of the systems privacy threat.

City officials have insisted that they have put in various, privacy-friendly measures -- such as purging license plate data every 30 days. Even so, with other cities likely to follow New York's lead, DAS could well become a barometer of things to come.

by Jaikumar Vijayan 

Thursday, December 27, 2012

Switch your databases to Flash storage. Now. Or you're doing it wrong.

Why flash rules for databases

The economics of flash memory are staggering. If you’re not using SSD, you are doing it wrong. 
Not quite true, but close. Some small applications fit entirely in memory – less than 100GB – great for in-memory solutions. There’s a place for rotational drives (HDD) in massive streaming analytics and petabytes of data. But for the vast space between, flash has become the only sensible option. 
For example, the Samsung 840 costs $180 for 250GB. The speed rating for this drive is rated by the manufacturer at 96,000 random 4K read IOPS, and 61,000 random 4K write IOPS. The Samsung 840 is not alone at this price performance. A 300GB Intel 320 is $450. An OCZ Vertex 4 256GB is $235, with the Intel being rated as slowest, but our internal testing showing solid performance. Most datacenter chassis will accommodate four data drives, and adding four Samsung 840 creates a system with 1TB of storage, 384,000 read IOPS, 248,000 random write IOPS, for a storage street cost of $720 and adding an extra 0.3 watts to a server’s power draw.
If you have a dataset under 10TB, and you’re still using rotational drives, you’re doing it wrong. The new low cost of flash makes rotational drives useful only for the lightest of workloads.
Most operational non-analytic work loads require only a few IOPS per transaction. A good database should require just one. 
HDD as a price of about $0.10 per GB – 10x cheaper than flash – but each spindle supports about 200 IOPS--- the number of seeks per second. Until the recent advent of flash, databases were IOPS limited, requiring large arrays to reach high performance. Estimating cost per IOP is difficult, as smaller drives provide the same performance for lower cost. But achieving performance similar to the 96,000 IOPS of a $180 Samsung 840 would require over 400 HDD at a price of hundreds of thousands of dollars. 
Let’s compare the economics of memory. Dell is currently (December 2012) charging $20 per GB for DRAM (16GB DIMM at $315), and a fully loaded R720 with RDIMMs topping out at 384GB for $13,000—or $33 per GB, fully loaded. Memory doesn’t have IOPS, and main memory databases measured over 1M transactions per second. Memory is faster, but we’ll see that for most use cases, network bottlenecks will overcome RAM’s performance advantage. 
Step back: $33 per GB for RAM, $1 per GB for flash. High density 12T solutions can be built with the current Dell R720, compared to a high density 384GB memory system at about the same price ($13K/server). RAM’s power draw tips the equation even further.
Flash storage provides random access capabilities, which means your application developers are spending less time optimizing query patterns. All the queries go fast.  That fast random access results in architectural flexibility, and allows you to change your data patterns and applications rapidly. That’s priceless.

The lure of main memory databases 

Main memory sounds ideal - it’s blindingly fast for random data access patterns. Reads and writes are predictable, and memcache is one of the most loved balms to fix performance issues discovered in deployment. 
It’s easy to write a new main memory database, and to simply cache data in your application. As a programmer, you never have to write an I/O routine and never have to deal with thread context switches. Using a standard allocator and standard threading techniques—without even optimizing for memory locality (NUMA optimizations)—a database built on main memory principles will be faster than 1G and 10G networking.
In Russ’s blog post about 1M TPS on a single $5K server, he showed blistering performance on an in-memory dataset. Clustered, distributed databases utilize k-safety and allow persistence to disk, so losing your data is not an issue. A Dell R520 with 96GB of memory can be had for $6,000, and if your business problem fits in a few hundred gigabytes, main memory is a great choice.
The problems come when you scale out. You start buying a lot of RAM, and you find interesting applications that are not cost-effective – where 100GB of data was a good start, but a few terabytes of storage would create a very compelling application. 
I recently visited two modest social networking companies and found each had 4TB of memcache servers – a substantial main memory investment. As they broadened their reach and tried to build applications that spanned more variety for each user request, they just kept beefing up their cache tier. The CTOs at both companies didn’t complain about the cost. Instead, they were afraid to roll out the best user experience ideas they had—new features such as expanded friend-of-friend display—because that would expand cache requirements, thrash the caching layer, and bring down their service. Or require another several racks of servers.

With the right database, your bottleneck is the network driver, not flash

Networks are measured in bandwidth (throughput), but if your access patterns are random and low latency is required, each request is an individual network packet. Even with the improvements in Linux network processing, we find an individual core is capable of resolving about 100,000 packets per second through the Linux core. 
100,000 packets per second aligns well with the capability of flash storage at about 20,000 to 50,000 per device, and adding 4 to 10 devices fits well in current chassis. RAM is faster – in Aerospike, we can easily go past 5,000,000 TPS in main memory if we remove the network bottleneck through batching – but for most applications, batching can’t be cleanly applied.
This bottleneck still exists with high-bandwidth networks, since the bottleneck is the processing of network interrupts. As multi-queue network cards become more prevalent (not available today on many cloud servers, such as the Amazon High I/O Instances), this bottleneck will ease – and don’t think switching to UDP will help. Our experiments show TCP is 40% more efficient than UDP for small transaction use cases. 
Rotational disk drives create a bottleneck much earlier than the network. A rotational drive tops out at about 250 random transactions per second. Even with a massive RAID 10 configuration, 24 direct attach disks would create a bottleneck at about 6,000 transactions per second. Rotational disks never make sense when you are querying and seeking. However, they are appropriate for batch analytics systems, such as Hadoop, which stream data without selecting. 
With flash storage, even if you need to do 10 to 20 I/Os per database transaction, your bottleneck is the network. If you’re in memory, the bottleneck is still the network. 
If you choose the main memory path, you’ve thrown away a lot of money on RAM; you’re burning money on powering that RAM every minute of every day, and – very probably - your servers aren’t going any faster.

The top myths of flash

1. Flash is too expensive. 
Flash is 10x more expensive than rotational disk. However, you’ll make up the few thousand dollars you’re spending simply by saving the cost of the meetings to discuss the schema optimizations you’ll need to try to keep your database together. Flash goes so fast that you’ll spend less time agonizing about optimizations. 
2. I don’t know which flash drives are good.
Aerospike can help. We have developed and open-source a tool (Aerospike Certification Tool) that benchmarks drives for real-time use cases, and we’re providing our measurements for old drives. You can run these benchmarks yourself, and see which drives are best for real-time use.
3. They wear out and lose my data.
Wear patterns and flash are an issue, although rotational drives fail too. There are several answers. When a flash drive fails, you can still read the data. A clustered database and multiple copies of the data, you gain reliability – a server level of RAID. As drives fail, you replace them. Importantly, new flash technology is available every year with higher durability, such as this year’s Intel S3700 which claims each drive can be rewritten 10 times a day for 5 years before failure. Next year may bring another generation of reliability. With a clustered solution, simply upgrade drives on machines while the cluster is online.  
 4. I need the speed of in-memory
Many NoSQL databases will tell you that the only path to speed is in-memory. While in-memory is faster, a database optimized for flash using the techniques below can provide millions of transactions per second with latencies under a millisecond.

Techniques for flash optimization

Many projects work with main memory because the developers don’t know how to unleash flash’s performance. Relational databases only speed up 2x or 3x when put on a storage layer that supports 20x more I/Os. Following are three programming techniques to significantly improve performance with flash.
1. Go parallel with multiple threads and/or AIO
Different SSD drives have different controller architectures, but in every case there are multiple controllers and multiple memory banks—or the logical equivalent. Unlike a rotational drive, the core underlying technology is parallel.
You can benchmark the amount of parallelism where particular flash devices perform optimally with ACT, but we find the sweet spot is north of 8 parallel requests, and south of 64 parallel requests per device. Make sure your code can cheaply queue hundreds, if not thousands, of outstanding requests to the storage tier. If you are using your language’s asynchronous event mechanism (such as a co-routine dispatch system), make sure it is efficiently mapping to an OS primitive like asynchronous I/O, not spawning threads and waiting.
2. Don’t use someone else’s file system 
File systems are very generic beasts. As databases, with their own key-value syntax and interfaces, they have been optimized for a particular use, such as multiple names for one object and hierarchical names. The POSIX file system interface supplies only one consistency guarantee. To run at the speed of flash, you have to remove the bottleneck of existing file systems. 
Many programmers try to circumvent the file system by using direct device access and the O_DIRECT flag. Linus Torvalds famously removed the DIRECT option from the Linux kernel saying it was braindamaged. Here’s how he said it in 2007: 

Wed, 10 Jan 2007 19:05:30 -0800 (PST)
Linus Torvalds <>
Re: O_DIRECT question
The right way to do it is to just not use O_DIRECT.

The whole notion of "direct IO" is totally braindamaged. Just say no.

        This is your brain: O
        This is your brain on O_DIRECT: .

        Any questions?

Our measurements show that the page cache dramatically increases latency. At the speeds of flash storage, the page cache is disastrous. Linus agreed substantially in his own post:

Side note: the only reason O_DIRECT exists is because database people are
too used to it, because other OS's haven't had enough taste to tell them
to do it right, so they've historically hacked their OS to get out of the

As a result, our madvise and/or posix_fadvise interfaces may not be all
that strong, because people sadly don't use them that much. It's a sad
example of a totally broken interface (O_DIRECT) resulting in better
interfaces not getting used, and then not getting as much development
effort put into them.

So O_DIRECT not only is a total disaster from a design standpoint (just
look at all the crap it results in), it also indirectly has hurt better
interfaces. For example, POSIX_FADV_NOREUSE (which _could_ be a useful and
clean interface to make sure we don't pollute memory unnecessarily with
cached pages after they are all done) ends up being a no-op ;/

Sad. And it's one of those self-fulfilling prophecies. Still, I hope some
day we can just rip the damn disaster out.
In a test scenario we tried, enabling the page cache causes some requests to complete in 16 to 32 milliseconds, and a substantial portion (3% to 5%) take more than 1ms. With O_DIRECT, no request took more than 2 ms and > 99.9 requests were under 1 ms. We did not test madvise; we also found it is not hooked up correctly in some versions of Linux.
Aerospike uses O_DIRECT, because it works.
3. Use large block writes and small block reads
Flash storage is different from any other storage because it is asymmetric. Reads are different from writes, unlike RAM and unlike rotational disk. Flash chips are like an etch-a-sketch: you can draw individual lines, but to erase the entire screen requires shaking. Flash chips work in native block of sizes around 1MB, and writing at the same size as the fundamental block of the flash chip means the device keeps the simplest possible map.
Reads can be done anywhere on the device, unlike writes. You can exploit this characteristic by writing data together and reading randomly.
Over time, flash device firmware will improve, and small block writes will become more efficient and correct, but we are still early in the evolution of flash storage. Today, writing only in large blocks leads to lower write amplification and lower read latency.

Flash is better than you think; use it and prosper

Knowing how to use flash and using flash-optimized databases can provide your designs with massive competitive benefit. The problems of social metadata, graph analysis, user profile storage, massive online multiplayer games with shared social gameplay, security threat pattern analysis, real-time advertising and audience analysis, benefit from immediately available, highly random database storage.

by Brian Bulkowski, CTO and co-founder of Aerospike, a leading clustered NoSQL database, has worked in the area of high performance commodity systems since 1989.


Wednesday, December 19, 2012

Samsung Galaxy Flaw Lets Hackers Tunnel Into RAM

Samsung Galaxy Flaw Lets Hackers Tunnel Into RAMA flaw in the kernel of the Samsung processor at the heart of several Galaxy series devices allows access to the phone's RAM. It looks as if Samsung downplayed security in setting up permissions for kernel access, said Carl Howe, research vice president at the Yankee Group. 

"That's a bit concerning because it means that this may only be one of many vulnerabilities."

A new security flaw has been discovered in Samsung's vulnerability-plagued Galaxy S III. This time, the problem lies in the company's Exynos 4 series of chips.

The flaw was discovered by a hacker with the handle "Alephzain," who posted the information on the XDA Developers Forum.

Three hackers have posted solutions for the vulnerability so far.
However, Samsung has remained silent on the flaw.
Samsung did not respond to our request to comment for this story.

About the Exynos Flaw

The flaw, which is a bug in the Exynos 4 series' kernel, affects only devices running the Exynos 4210 and 4412 processors. These include the international versions of the Galaxy S III and Galaxy Note, and Galaxy Tab 2 and Galaxy Note 10.1.

However, versions of the Galaxy S III sold in the United States are not affected.
The flaw gives access to the device's RAM. This will let a malicious user download the contents of an affected device's RAM and examine them. It will also let malicious users upload new processes of their own. In theory, a malicious app concealing this exploit can root a victim's phone on the sly and send data on the phone to third parties, for example.

Such apps could be downloaded from Google Play, Alephzain warned.
While there are other ways to access a device's RAM to dump its contents or inject malicious code into its kernel, this Exynos flaw makes things easier for the bad guys, Alephzain said. It's easy to conduct exploits with native C and the Java Native Interface.

Workarounds for the Problem

Three hackers, "Chainfire," "Supercurio" and "RyanZA" have all posted solutions on the Web for the Exynos vulnerability.

Chainfire's solution lets users disable the exploit, re-enable it and disable the exploit at boot, before any Android app runs. However, Chainfire warns that this will require rooting the mobile device and is a workaround, not an actual fix.

Rooting mobile devices voids the manufacturer's warranty.
Supercurio's solution does not require rooting, doesn't modify the device's system, copy files or flash anything, can be enabled or disabled at will, and is free. It works on any device and lets users know if their device is vulnerable.

However, it breaks the proper function of the front camera on some Galaxy S III and Note II firmware when activated. Other flaws include being unable to protect efficiently against some potential attacks, Supercurio warns.

RyanZA's fix is similar to Supercurio's but allows users to toggle it on or off in order to use the camera.

Who Really Cares?

"It's not a problem in the U.S. because our Galaxy S IIIs have a different chip ... but it does sound like Samsung developers weren't concerned about security in how they set up the permissions for the virtual directory within the kernel," Carl Howe, research vice president at the Yankee Group, told TechNewsWorld. "That's a bit concerning because it means that this may only be one of many vulnerabilities."

In September, Galaxy S III and S II smartphones were discovered to be vulnerable to remote malicious resets. A single malicious line of code concealed in a Web page could remotely wipe these devices, Ravi Borgaonkar, a researcher at the Technical University Berlin, demonstrated at the Ekoparty security conference in Argentina.

However, "I don't think consumers keep up with [security issues]," Maribel Lopez, principal analyst at Lopez Research, said. "They care about whether the device has the apps they want and the screens they want."

Over time, we have become less concerned about privacy, Lopez told TechNewsWorld. Further, "two decades of PC viruses have desensitized us [to security flaws]. The average consumer assumes we'll have a patch."

Still, smartphone manufacturers have to pay attention to securing smartphones, which "have become essential computing devices for most of the world, or face backlashes from consumers," Howe suggested.

Security is an issue for consumers, according to a survey from Crossbeam Systems. More than half of the respondents said they'd consider changing providers, and another 19 percent said they'd definitely change providers if their smartphones had security issues.

By Richard Adhikari

Tuesday, December 18, 2012

Instagram says it now has the right to sell your photos

Instagram said today that it has the perpetual right to sell users' photographs without payment or notification, a dramatic policy shift that quickly sparked a public outcry.

The new intellectual property policy, which takes effect on January 16, comes three months after Facebook completed its acquisition of the popular photo-sharing site. Unless Instagram users delete their accounts before the January deadline, they cannot opt out.

Under the new policy, Facebook claims the perpetual right to license all public Instagram photos to companies or any other organization, including for advertising purposes, which would effectively transform the Web site into the world's largest stock photo agency. One irked Twitter user quipped that "Instagram is now the new iStockPhoto, except they won't have to pay you anything to use your images."

"It's asking people to agree to unspecified future commercial use of their photos," says Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation. "That makes it challenging for someone to give informed consent to that deal."

That means that a hotel in Hawaii, for instance, could write a check to Facebook to license photos taken at its resort and use them on its Web site, in TV ads, in glossy brochures, and so on -- without paying any money to the Instagram user who took the photo. The language would include not only photos of picturesque sunsets on Waikiki, but also images of young children frolicking on the beach, a result that parents might not expect, and which could trigger state privacy laws.

Facebook did not respond to repeated queries from CNET this afternoon. We'll update the article if we receive a response.

Another policy pitfall: If Instagram users continue to upload photos after January 16, 2013, and subsequently delete their account after the deadline, they may have granted Facebook an irrevocable right to sell those images in perpetuity. There's no obvious language that says deleting an account terminates Facebook's rights, EFF's Opsahl said.

Facebook's new rights to sell Instagram users' photos come from two additions to its terms of use policy. One section deletes the current phrase "limited license" and, by inserting the words "transferable" and "sub-licensable," allows Facebook to license users' photos to any other organization.

A second section allows Facebook to charge money. It says that "a business or other entity may pay us to display your... photos... in connection with paid or sponsored content or promotions, without any compensation to you." That language does not exist in the current terms of use.

Google's policy, by contrast, is far narrower and does not permit the company to sell photographs uploaded through Picasa or Google+. Its policy generally tracks the soon-to-be-replaced Instagram policy by saying: "The rights you grant in this license are for the limited purpose of operating, promoting, and improving our services." Yahoo's policies service for Flickr are similar, saying the company can use the images "solely for the purpose for which such content was submitted or made available."

Reginald Braithwaite, an author and software developer, posted a tongue-in-cheek "translation" of the new Instagram policy today: "You are not our customers, you are the cattle we drive to market and auction off to the highest bidder. Enjoy your feed and keep producing the milk."

One Instagram user dubbed the policy change "Instagram's suicide note." The photography site summarized the situation by saying: "The service itself is still a fun one, but that's a lot of red marks that have shown up over the past couple weeks. Many shooters -- even the casual ones -- probably aren't that excited to have a giant corporation out there selling their photos without being paid or even notified about it."

Another unusual addition to Instagram's new policy appears to immunize it from liability, such as class action lawsuits, if it makes supposedly private photos public. The language stresses, twice in the same paragraph, that "we will not be liable for any use or disclosure of content" and "Instagram will not be liable for any use or disclosure of any content you provide."
Yet another addition says "you acknowledge that we may not always identify paid services, sponsored content, or commercial communications as such." That appears to conflict with the Federal Trade Commission's guidelines that say advertisements should be listed as advertisements.
Such sweeping intellectual property language has been invoked before: In 1999, Yahoo claimed all rights to Geocities using language strikingly similar to Facebook's wording today, including the "non-exclusive and fully sublicensable right" to do what it wanted with its users' text and photos. But in the face of widespread protest -- and competitors advertising that their own products were free from such Draconian terms -- Yahoo backed down about a week later.

It's true, of course, that Facebook may not intend to monetize the photos taken by Instagram users, and that lawyers often draft overly broad language to permit future business opportunities that may never arise. But on the other hand, there's no obvious language that would prohibit Facebook from taking those steps, and the company's silence in the face of questions today hasn't helped.

EFF's Opsahl says the new policy runs afoul of his group's voluntary best practices for social networks. He added: "Hopefully at some point we'll get greater clarity from Facebook and Instagram."


Monday, December 17, 2012

Computers Will Smell Your Breath in Five Years, and Other IBM Predictions

IBM lays out five predictions that will change computing in the next five years.

Computer NoseWithin the next five years, PCs and cell phones will know if you're coming down with a cold or other illness, IBM says. Tiny embedded sensors will analyze orders, biomarkers, and thousands of molecules in your breath, giving doctors help in diagnosing and monitoring certain diseases and ailments, even diabetes. That's just one of five predictions IBM made as part of its seventh annual "IBM 5 in 5," which is a list of five innovations that have the potential to change the

way people work, live, and interact during the next five years.

"Due to advances in sensor and communication technologies in combination with deep learning systems, sensors can measure data in places never thought possible," IBM explains. "For example, computer systems can be used in agriculture to 'smell' or analyze the soil condition of crops. In urban environments, this technology will be used to monitor issues with refuge, sanitation and pollution – helping city agencies spot potential problems before they get out of hand."

Another prediction IBM made was that you'll be able to touch through your phone and actually feel the item you're shopping form. Haptic, infrared, and pressure sensitive technologies will advance to a point where you can discern different textures, or the weave of a fabric.

"Imagine using your smartphone to shop for your wedding dress and being able to feel the satin or silk of the gown, or the lace on the veil, all from the surface of the screen? Or to feel the beading and weave of a blanket made by a local artisan half way around the world? In five years, industries such as retail will be transformed by the ability to 'touch' a product through your mobile device," IBM says.

As far fetched as these and other IBM predictions might sound, not all of them are mere Electric Dreams; some of them are bound to come true, just as they have in the past.

by Paul Lilly 

Friday, December 14, 2012

Editorial: Does Windows Phone even have a chance without Google?

Editorial Does Windows Phone even have a chance without Google

Go ahead -- lambaste me for even mentioning it. I'll wait. Now, how's about we look beyond the surface -- the beautified tile regime and the whimsical animations -- and focus on what actually matters when looking at a smartphone platform. You don't have to look far to get a solid grasp on which platforms are soaring, which are hanging tough and which have one foot in the proverbial grave. Gartner's latest worldwide mobile report shows Android and iOS at the top, with rarely discussed terms like "Symbian" and "Bada" above some company called "Microsoft." Which brings me to a question that has been haunting me for months: "Why?"

Microsoft unveiled Windows Phone 7 Series nearly three full years ago, bringing with it an extraordinarily fresh take on a smartphone world that has grown soggy with pages of grid-mapped programs. But, as things have turned out, beauty that's only skin deep doesn't do much for market share -- even when you're pouring millions upon millions of dollars into marketing, coaxing one of the most notable names in mobile to run your OS exclusively and cutting deals with carriers like it's just some trivial affair.

I've waxed lyrical about the danger of Windows Phone losing out simply because it offers (comparably) little in terms of ecosystem glitz, but these days, I'm growing closer to putting the platform's fate on a single name: Google.


Editorial Does Windows Phone even have a chance without Google

Have you used a Windows Phone 7 or Windows Phone 8 product lately? I have. I've spent extensive time with the Lumia 900 as well as the newly introduced Lumia 920, even going so far as pulling my SIM away from the iPhone 4S and Galaxy Nexus in an attempt to live solely in a Windows Phone universe. I typically last around 72 hours before one niggle in particular just makes the experience completely untenable.

For starters, using Gmail through the Windows Phone email program is a bona fide lesson in frustration. A shockingly low amount of Gmail features even work, and even the basics feel poorly implemented. Looking for stars or labels? Keep dreaming. You could argue that not everyone uses Gmail, and you'd be right. But nearly half a billion people do, and I'd argue that of all the potential customers who would even think of giving Windows Phone a try, a huge portion of that would be a crossover audience that has also given Gmail a try. You know, common demographics.
I'd argue that of all the potential customers who would even think of giving Windows Phone a try, a huge portion of that would be a crossover audience that has also given Gmail a try.
But it goes beyond Microsoft's inability to concoct a default email application that plays nice with Gmail logins. Apple's own Mail app is a complete disgrace to hard core Gmail users. So, if that's the case, why do I find myself regularly using an iPhone? Because it's got options, man.

You see, Google has bothered to create a genuine Gmail app for iOS, and in some ways, the refreshed edition looks and feels even more elegant than what ships on Android. It supports the iPhone's push notification system and it gives me access to all of the Gmail features I'm used to. And honestly, all of that is (partly) beside the point. iOS also has things like Sparrow, Mailbox, Evomail and countless other applications en route that all look to provide exemplary Gmail experiences. Where's that kind of passion from third-party developers on the Windows Phone front? I can count four legitimate Gmail options for iPhone right now; Windows Phone doesn't even have one, and Google isn't interested in changing that.

The Missing Googleplex

Editorial Does Windows Phone even have a chance without Google

Let's act like email doesn't matter for a moment. Ever heard of a thing called "YouTube?" A few people have, or so I'm told. Turns out, Windows Phone doesn't even have a proper YouTube app... after three years on the market. Perhaps you've dabbled with a thing called Google Docs, or maybe you've started saving things to Google Drive. Both of those services are phenomenal and near universally loved. In the case of Docs, it stands a better-than-average chance at obviating the need for Office. In short, they matter -- especially to the tech-savvy crowd that would show even an ounce of interest in giving Windows Phone a legitimate whirl.

Google's Chrome browser is absolutely dominating the market share figures, from desktop right on down, and for good reason -- it's a solid, quick, stable browser that easily syncs across a litany of devices. Windows Phone excepted, of course. For the sake of time, I'm just going to run down a list of remaining mobile services that Google has a hand in: Translate, Voice, Earth, Calendar and Currents. I'm not even including things like Wallet and Latitude, which may or may not become staples in Google's own ecosystem.
Yes, third-party alternatives exist for a few of those, but let's not kid ourselves -- they're terrible.
Ask yourself what I've asked myself: how seriously can you take a mobile platform when it supports none of the above mentioned items? Yes, third-party alternatives exist for a few of those, but let's not kid ourselves -- they're terrible. The design language looks nothing like what you'd expect out of an actual, polished Google product. The best way I can find to describe the overall Google experience on Windows Phone is this: it feels KIRF'd. It's like every workaround app on the Marketplace was designed by an outfit that specializes in knockoff wares. I can't imagine that Microsoft is proud of that.

The iPhone factor

Editorial Does Windows Phone even have a chance without Google

"But," you might say, "how can you respect the iPhone when even its Google experience is one that's bolted on?" A fair question, indeed. But let's take a look at reality. Google doesn't just kowtow to iPhone users -- it builds products to be amazing on iPhone. Every single major Google product -- as well as a few minor ones -- is on its archenemy's platform. Yes, I realize Google's intentions here probably aren't pure. It's not doing it because it adores Apple. It's doing it because a Google user on any platform stands a chance at delivering both information and revenue, but the end result is a win for consumers who prefer iPhone.

You can enjoy the spoils of two of the world's most robust mobile platforms on a single piece of hardware, and with practically no exceptions, you won't even notice that Google's tools weren't designed first for iOS.

If you're still somehow doubting the power of proper Google integration, let's step back to 2007. When Apple unveiled its original iPhone, it owned 0 percent of the smartphone market. The App Store did not even exist. The entire idea of a mobile ecosystem wasn't even fully formed in the minds of most -- perhaps not even in the minds of those creating iOS. And while nearly everything changed over the five years that saw iPhone OS evolve into iOS 5, one vital piece of the original equation remained intact: Google Maps.
If you're still somehow doubting the power of proper Google integration, look at the Maps situation on iPhone.
It's easy to overlook, to take for granted. From day one, the default iOS Maps app just worked. And it got better. Way better. It was like the icon that kept on giving. Quietly, subtly, Google's mapping platform helped make the iPhone a coveted item. Before long, folks were using this to get from Point A to Point B without even giving thought to the brains behind the dotted lines and geofences.
Then, iOS 6 happened. I can count on one hand the instances where something related to iPhone resulted in violent negative reactions from the mainstream -- Antennagate, the original iPhone's sudden price drop, the "cracking" iPhone 3G syndrome, and the mass activation outages upon the launch of the 3G. Oh, and Maps.

Editorial Does Windows Phone even have a chance without Google

It took a shockingly short amount of time before -- seemingly -- the whole world was repulsed by whatever Apple had ushered into iOS 6 and dubbed "Maps." The outcry could be heard everywhere, from the local AT&T store to the evening news. To Apple, the move made all of the sense in the world. Google was becoming an even greater enemy, and at the core, Apple had essentially no leverage over how Google's Maps app acted, looked or received updates. But to the consumer, the only question left was this: "Why did Apple remove my old mapping system, and who do I have to pay to get it back?"

At once, Google's importance became comically clear. A portion of the iPhone's luster was built on a Google product, and even the most calloused of users would have a tough time arguing that the iPhone as we know it today would be "fine" without a single sprinkle of Google's magic. Seven hours after Google introduced its own Maps app into the App Store, it became the No. 1 free iPhone app. Apple itself even published that the top free iPhone app for all of 2012 was YouTube -- an app that wasn't even available to download three months ago.
In short, there's no way I'd consider using the iPhone if the only Google-made app in the iOS universe was a search program.
In short, there's no way I'd consider using the iPhone if the only Google-made app in the iOS universe was a search program. (Yes, that's the case in Windows Phone -- just a single Google app.) The iPhone would still have sold millions, sure, but one has to wonder how much less impactful it would've been without Google pushing its apps into the App Store.

Hopes, dashed

Editorial Does Windows Phone even have a chance without Google

For the better part of a year, I held onto a hope that Windows Phone 8 would be the revision that finally pushed Microsoft over the hump in the mobile world. In the recesses of my mind, I'd clung to hope that Google would extend an olive branch as it continues to do with Apple. But all of that hope evaporated after reading words from Clay Bavor, product management director at Google Apps. In a recent interview with V3, he stated the following:
"We have no plans to build out Windows apps. We are very careful about where we invest and will go where the users are but they are not on Windows Phone or Windows 8. If that changes, we would invest there, of course."

Dagger, meet heart. What most folks may not realize is just how improbable it is that Windows Phone will ever reach a place where Google could justify investing. It's the age-old chicken and egg problem. Google isn't going to waste effort on Windows Phone until Windows Phone is worth exerting effort on, but can Windows Phone elevate itself to such a point without Google investing the effort to begin with? Even the iPhone didn't have to make such a climb alone -- from day one, a pillar of the iPhone's universe was provided by Google in its Maps application.
Even the iPhone didn't have to make such a climb alone -- from day one, a pillar of the iPhone's universe was provided by Google in its Maps application.
There's a reason Microsoft is fighting tooth and nail to get Office onto iOS with an agreeable revenue split. There's also a reason that Apple couldn't care less if Pages and Keynote ever end up on Windows Phone, while Google has no interest in offering a legitimate Docs experience there. It's simply becoming impossible to believe that any mobile operating system in the modern era can thrive without a meaningful push from Google. If I'm being honest, I worry that this precise scenario will make or break BlackBerry 10, but at least RIM has a (shrinking, admittedly) enterprise market to fall back on. Microsoft is gunning for the exact same customer that Apple and Google presently hold captive. And the way I see it, it's going to need a heck of a lot of luck to win that customer over using Hotmail and Skype.

Oh, and Microsoft -- go ahead and prove me wrong. Please. We could really use the competition you're capable of providing.

By Darren Murph of Engadget

WCIT treaty includes controversial Internet proposal, keeps content out

IDG News Service - The final treaty of the World Conference on International Telecommunications in Dubai includes a new provision that does not address content-related aspects of telecommunications, but retains a controversial proposal on fostering the growth of the Internet.

The U.S., U.K., and its allies will not sign the treaty, said Terry Kramer, the head of the U.S. delegation to WCIT, on Thursday. The U.S. and other countries have tried to keep the Internet out of the treaty, alleging that member countries of the International Telecommunications Union would try to regulate the Internet.

The signing of the treaty is scheduled for later on Friday.

The proposal to add a provision that ensures that the treaty does not address content-related aspects of telecommunications came late Thursday from the chairman of the conference, Mohamed Nasser Al-Ghanim, after Australia, Poland and other countries asked that a provision on security networks should be amended to specify that only the technical network infrastructure was covered under the provision. Al-Ghanim said a lot of the sensitivity at the conference came from apprehensions that the provisions of the treaty could be misinterpreted to deal with content.

Several proposals during the conference, including from Russia, China, and some Arab countries, had proposed multinational control over the Internet, providing an equal role to all ITU member states in the management of the Internet.

Much of the control of the Internet, including its numbering and naming system is in the hands of the Internet Corporation for Assigned Names and Numbers (ICANN) under contract with the U.S. government.

The resolution to "foster an enabling environment for the greater growth of the Internet," which figures after the appendix to the draft treaty, states that the Internet is a central element of the infrastructure of the information economy, and recognizes that all governments should have an equal role and responsibility for international Internet governance, the security and stability of the Internet, and its future development.

Resolutions do not, however, have treaty status and are not in principle binding on member states, according to a guide to the treaty-making process from the ITU. They are described as the standard mechanism by which a conference instructs its subordinate organs such as ITU Council or ITU Bureaux to take some kind of action.

The preamble to the proposed treaty includes a reference to human rights obligations, which was also a contentious issue during the conference with some countries including Malaysia insisting that it did not belong in the preamble, but should instead figure in the Constitution of the ITU.

The Internet Society said in a statement late Thursday that it was disappointed at the "fundamental divides" at the conference.

"It was extremely important that this treaty not extend to content, or implicitly or explicitly undermine the principles that have made the Internet so beneficial," the organization added.

A member state can take reservations on any part of the treaty, which effectively means it is not obliged to apply that part of the treaty, according to ITU procedures. Each country has to ratify the treaty, and it needs to be passed into each country's national legislature.

By John Ribeiro of IDG

Thursday, December 13, 2012

End mind-numbing repetition

Once again, you find yourself sitting in front of your computer, eyes glazing over as you press the same sequence of buttons over and over to get something done. Maybe you had to create a complex folder hierarchy for a set of projects. Or maybe you had to copy, paste, and format the same sort of data multiple times.

Whatever the task was, it probably wasn't much fun.

The good news is that you can code your way out of such busywork, even if you're not a programmer. Here are five powerful automation tools that can help.

Directory Opus

When trying to automate something, it's wise to stop and think about the domain you're trying to work with. Does your task mainly involve repetitive text entry, or is it about moving and creating files? Narrowing the field will help you find the right tool for the job more easily—and when it comes to file operations, you can't go wrong with Directory Opus.
Directory Opus is extremely customizable and has its own simple scripting language.
Priced at $69 (in Australian dollars), Directory Opus is one of the costliest file managers around; it's considerably more expensive than, for instance, Total Commander ($44). That said, if you work with files all day, Directory Opus is worth every penny. You can customize all of your buttons, toolbars, menus, and commands, setting your own hotkeys and names for everything. You can also change the layout to look like anything from a dual-pane commander-style application to regular Windows Explorer to something uniquely yours.

This level of customization leads to easy automation: Directory Opus has its own built-in set of commands, making up a simple scripting language. For example, you can designate a single keystroke for creating a new document bearing today's date in a specific format (2012-12-13, 121213, etc.). You can arrange to select a collection of files and quickly rename all of them according to some scheme, or you can build a macro that selects all of the DOC and JPG files in the current folder, zips them up in an archive with a name and type of your choosing, and emails them. In other words, Directory Opus can help you automate just about any task that involves manipulating files, and its commands are well documented.


No article on the subject of automating daily work is complete without a mention of VBA (Visual Basic for Applications). You can't download and install VBA, but you probably already have it: It's built into Microsoft Office. If you're looking to automate any work that you do in Word, Excel, or Access, VBA is the tool you need. You can use it for just about anything, from entering text to formatting a document to working with external files to creating custom Excel functions.
Bundled with Microsoft Office, VBA lets you record macros and then customize them to do just about anything Office-related.
One of VBa's best features is that how easy it is to get started with. You can record a macro of yourself doing something (say, selecting some text and making it bold), and then use the built-in VBA editor to see what the macro looks like in code form. You can access the VBA editor by pressing Alt-F11 or by using the Developer tab on the Ribbon (though you must make that tab visible first).

The editor is a complete development environment, with built-in debugging tools, auto-completion, context-sensitive help, and more. When you're viewing a macro in the editor, you can easily customize it and gradually learn new abilities according to whatever you need for your project. In fact, working with VBA is one of the best ways to get into programming. Each macro is bite-size, and you can put it to use right away, making your work go more quickly and less tediously.


No matter what program you type into, you probably type some of the same things over and over again. Consider email greetings and signatures, or stock phrases related to your job ("Thank you for your interest," and so on). What if you could enter all of that repetitive text by pressing a key or two? This is what PhraseExpress does—and then some. It's free for personal use and $50 for business use after a 30-day free trial.
PhraseExpress can eliminate needless typing, and it supports sophisticated text macros.
Saying that PhraseExpress is a text replacement program is a bit like saying that a computer is a typewriter. Yes, you can save common snippets of text and quickly insert them with just a keystroke or two (a very useful feature); but you can do a lot more, too. For example, PhraseExpress can recognize when you correct a typo, figure out on its own certain typos that you commonly commit at the keyboard, and start offering corrections before you even notice that you've mistyped a word. It can enter dynamic information into snippets, such as today's date, or even the date six days from now. It can prompt for variables (like a person's name) and insert them in the right place in a snippet. And after installing a free add-on file from the PhraseExpress website, you can even use PhraseExpress as an inline calculator: Just type something like (10+5)*7= and the app will offer to replace that text with the correct result.

Powerful though it is, PhraseExpress has some limitations. For one thing, it's not a proper programming language: You can't easily configure variables, and the built-in editor doesn't offer line numbers or auto-completion for commands. Another problem involves the documentation: Its maker (Bartels Media) does provide some online documentation, but the information isn't especially thorough. On the other hand, PhraseExpress comes packed with useful examples—so if you like to learn by example, you might be able to find a macro similar to the one you need and then just customize it.


For years now, whenever I've needed my computer to handle something out of the ordinary, I've reached for AutoHotkey. Much like PhraseExpress, this simple (and free) script processor can respond to hotkeys and "hotstrings" (type wbr and AutoHotkey can replace it with "Best Regards"). But AutoHotkey's quick-and-dirty nature disguises a mature, powerful programming language that can handle everything from complex math operations to HTML transformations to creating whole user interfaces (windows, buttons, and all).
AutoHotkey's Window Spy lets you peer into any window on your system, to better automate it.
The most original thing I've ever attempted using AutoHotkey was a "Morse" utility: I wanted a tool that would do one thing when I hit Ctrl three times in rapid succession (dot-dot-dot), and do something else when I hit the same key in a dot-dash-dot pattern. AutoHotkey was up to the task, and I didn't even lose the Ctrl key's original functionality: All other hotkey combinations (Ctrl+S and so on) continued to work. In that case, I did struggle with the coding: Try as I might, I couldn't get the utility to work on my own, but AutoHotkey's friendly developer community came to my rescue, and a knowledgeable member created a script that did exactly what I needed.

Much like VBA, AutoHotkey is addictively easy to use right away. Your first need will likely be a simple one: to remap an annoying shortcut in an application that you use frequently, perhaps, or to create a quick macro for signing your emails. Once you see how easy such improvements are to make with a quick one-liner, you'll want to do more—which is where AutoHotkey's comprehensive documentation comes in. Full of examples and clear explanations, the bundled help file can give you a sense of what's possible, and how to achieve it. To make things even easier, AutoHotkey lets you perform many operations either in a simple syntax (a = Hello), or in a more professional way (for people who are already comfortable with coding in other languages, a := "Hello"). So, two syntaxes yield the same result, and everyone is comfortable. Add the community and its extensive collection of open-source scripts, and AutoHotkey takes automation to a new level.

Take Command

In the beginning was the command line, or so Neal Stephenson tells us. And disappointingly, not much has changed since then, at least with regard to the default Windows command processor, cmd.exe, and its bland black window. While Linux users enjoy slick semi-transparent windows that connect them to the powerful bash command processor, Windows users are stuck with an antique command line that doesn't resize properly and can't paste without a mouse command (pressing Ctrl+V will just cause ^V to print).

Microsoft's answer to this annoying situation is PowerShell, a powerful alternative command processor bundled with versions of Windows from XP SP2 to Windows 8. PowerShell can do lots of things, and its default console application is resizable, but you still can't select text via the keyboard, paste with Ctrl+V, or even resize its font quickly. In addition, the PowerShell command processor isn't easy to learn, and you may have to adjust your computer's security settings to be able to use it at all.
Take Command supports any command processor, including Bash.
Take Command, a $100 utility, proves that the Windows command line doesn't have to feel so ancient or be so complex. It takes a powerful yet simple command processor and partners it with a beautifully modern interface, for a result that leaves the default Windows interface years behind. The command processor, TCC, is a superset of the one built into Windows. So, dir is still dir, and del is still del, and everything you already know about working in the command line is still valid. But you also get lots of extra commands, and even the existing commands have switches in TCC that their cmd.exe counterparts can only dream of. As a result, like VBScript and AutoHotkey, TCC is a language you can gradually grow into; you can start with simple things, and you probably already know some of it.
The console interface is done just right. The window is tabbed, so it supports multiple console sessions at the same time. Pressing Shift and the arrow keys selects text. Pressing Ctrl+V pastes text into the console (amazing, I know!). An integrated file manager lets you see the impact of your actions on the file system in real-time. And when you're comfortable with the language and feel ready to write some batch scripts, you'll discover the best part: a built-in programmer's editor with a line-by-line debugger.

Take Command is expensive, but if you find yourself spending lots of time at the command prompt or having to troubleshoot why batch files are breaking, it's a great investment.

Which one? It's your pick

Software is a personal thing, and different users have different pet peeves. Fortunately, we don't have to create our own word processors and command-line interpreters for them to feel right. Even a simple tweak or two can go a long way towards making your software truly yours, and making your work go faster and more pleasantly. Start slow, and who knows: You might even become a coder.

By Erez Zukerman of PC World

Thursday, December 6, 2012

How Windows 8 rewrites the rules of PC gaming

PC gaming is primed for a renaissance—or at least a reinvention—like we haven’t seen since the advent of 3D acceleration in the late 1990s. For this, we can thank the mobile revolution and all its attendant technologies. Game developers can now tap into accelerometers, touchscreens, and the cloud to add new features and gameplay scenarios. And even Microsoft’s comprehensive approach to Windows—merging desktops, tablets, and smartphones under a common code base—is changing the ways in which game creators should approach their work.

All of these developments were made patently clear at the recent Microsoft Build conference. Justin Saint Clair, a Microsoft business development manager, stood before an audience of game developers and encouraged them to reset their approach. Don’t just think about graphics, themes, and plot lines, argued Saint Clair. The first question every developer should be asking is, “What is a PC?”

The very definition of the term “personal computer” has been upended over the past few years, and now PC gaming looks to be catching up at last. We’re no longer bound to keyboard and mice. We’re no longer even bound to playing the very same game—or the very same campaign within a single game—on the same device. In this article, I’ll walk you through all the new use cases that game developers are exploring. The fruits of their labor will become manifest in all genres of PC gaming, from the casual titles we play on tablets to the deep, textured 3D extravaganzas we download from Steam.

One game, multiple manifestations

When the iPad launched a couple of years ago, the tablet quickly redefined the rules of video gaming. Thanks to its built-in accelerometers and touch sensitivity, the iPad became both a game screen and a game controller. Not only could we tilt the tablet to, say, control a car’s steering in a driving game, but we could also use our fingers to directly manipulate the gameplay action.

But that was the state of the mobile gaming art in 2010, and simple accelerometer and touch tricks are now considered a given. In 2013, Microsoft will be encouraging developers to imagine tablet gaming experiences that extend beyond the tablet—in essence, single games that manifest themselves in different, creative ways across a variety of devices and platforms.
Xbox SmartGlass uses a Windows tablet as a secondary display for Xbox games.
Microsoft is working on APIs that allow developers to create a single game that plays more or less similarly on PCs and tablets, but with different control schemes and less-demanding graphics for tablet iterations. For example, the Xbox Live multiplayer API will live on both Xbox and Windows, allowing developers to build seamless multiplayer games that span platforms. Another Microsoft development path taps into the “second screen” approach, in which a single game leverages both your big-screen TV and a tablet—a scheme that’s already being realized on Windows 8 tablets running the Xbox SmartGlass app. The Xbox 360 racing game Forza Horizon, for instance, lets you (or a friend) view highway maps on your tablet, while you continue to steer the car with your console's button-oriented driving interface. In effect, the tablet allows you to have a second person in the “passenger seat,” helping you with navigation.
The PC hardware landscape is much more varied today.
Microsoft is also taking advantage of its Windows runtime platform (the underpinning of all Windows 8 Store apps) along with Xbox Live networking features to iterate a single game franchise in unprecedented ways. Take, for example, the Mass Effect series of sci-fi third-person shooters. Mass Effect 3 is already a big single-player hit on the PC, but now a companion game, Mass Effect: Infiltrator, is available for iOS, and both titles tap into the franchise’s cloud-based “Galaxy at War” system. The upshot? In Infiltrator, when you gather intelligence data, your achievements will improve your “Galactic Readiness Rating,” which is integral to the PC game.

Of course, the cloud offers simpler benefits as well. Imagine firing up a game on your PC, playing a few minutes, and then saving your progress to Microsoft’s servers. Later, you’re in a hotel room in a distant land, where you load an iteration of the same game on your tablet, and continue where you left off. Such a scheme is already available in the desktop PC gaming titles Mass Effect 3 and Dirt Showdown, but you can expect more deployments to follow. It’s also worth noting that even simple Microsoft Store apps keep their status and save games in the cloud, ensuring that the whole lot of them offer seamless starting, stopping, and restarting regardless of your physical location and of which Windows 8 device you’re using.

At the Build conference, Microsoft's Saint Clair also shared a new vision of online multiplayer gaming. He encouraged developers to imagine a single multiplayer game on PCs, Xbox 360 consoles, and Windows 8 tablets—three different platforms, but with players engaged in exactly the same online environment. This model is already available in Hydro Thunder Hurricane.

Then there's the LAN party, which is begging for redefinition. Today’s LAN party typically involves every player lugging a bulky PC or beefy gaming laptop to a common location, plugging in a bunch of cables and switches, and joining a multiplayer server. But Windows 8 running on mobile devices could dramatically reduce a bunch of logistical pain points. As Saint Clair asked, "What happens when everyone in the house has a tablet?"

The tablet changes everything

Tablet gaming isn't just PC gaming with touch control tacked on. A good tablet game will also recognize a suite of behaviors and technologies specific to modern mobile devices: touch gestures, of course, but also accelerometers, GPS, near-field sensors, gyroscopes, and more. Windows Runtime—Microsoft’s new development platform that unifies PCs, tablets, and even Windows Phone 8—incorporates all of those possibilities, enabling game developers to take advantage of new mechanics and models. As a result, any developer who is comfortable with Windows Runtime can tap into gameplay dynamics as rich as anything we see deployed on iOS.

But although tablets are rich with creative development opportunities, they often drop the ball in pure performance. Tablets and hybrid devices don't offer the raw CPU and GPU firepower of a good desktop PC, and this is a limiting factor that all traditional PC gaming developers will have to respect. Making matters worse, the GPUs inside current-generation Windows RT tablets and Windows Phone handsets don't support the full range of DirectX 11 features available to desktop PCs with modern graphics cards. Game programmers will need to ensure that Windows 8 Store games will work in Windows RT using only Direct3D 9 in their 3D content.

That doesn't mean games will look terrible on tablets, however. Low polygon counts and low-resolution textures don’t look nearly as bad on small tablet displays as they do on a large desktop display. Also, many of the games built for sale on the Windows Store will be lighter, casual fare, so performance problems likely won't be a major factor.

Minesweeper: A prime example

The updated version of Minesweeper is a shining example of a casual game that takes full advantage of the new features Windows 8 enables.
Minesweeper as it was before Windows 8.
The original Minesweeper, of course, has been available for free in every version of the OS since Windows 3.1; this single game is probably responsible for more lost productivity than any other title, except perhaps Solitaire. Microsoft wanted to completely reimagine Minesweeper and make it a showcase for what a Windows Store game could be. To that end, Microsoft hired experienced casual game developer Arkadium, and the new version of Minesweeper adds much more than just simple touch control.

First off, the game no longer runs in a window. It's now a full-screen app suitable for tablet devices, but it still works well on a desktop PC. Arkadium also added a new skin, the garden theme. Beyond that, the revamped game also has a new Adventure mode in which you explore a set of caves with a cartoony character.

Unlike in the Minesweeper of yesteryear, you don't need to clear or mark every tile to pass an Adventure level. In fact, there’s no single “perfect” way to complete a level: You can explore every inch to maximize the amount of gold you collect, or you can simply find the quickest route to the exit. It’s your choice.

Racing through an Adventure level without uncovering or marking most of the tiles nets you a lower score than exploring the level more thoroughly. Monsters and other obstacles block your travel along the way, but you also pick up tools and weapons to ease navigation.

In total, Adventure mode changes Minesweeper from a simple clear-the-map game into a sort of "roguelike" in which you explore levels and overcome challenges to get through a maze. The game also incorporates social media sharing: Each time you complete a level, you have the opportunity to share your accomplishments.
Adventure mode turns Minesweeper into a roguelike game.
Minesweeper also adds the social dimension of daily challenges and achievements. Daily challenges let you collect virtual currency for earning badges, and hold the promise of an unspecified prize. But these challenges are also saddled with advertising. Yes, in-game advertising has come to Minesweeper, usually in the form of short video clips or clickable hotspots that take you to an external site. This commercial element—along with the limitation of not being able to run Minesweeper in a window—definitely reduces the game’s fun factor. Still, there’s no debating that the new social elements show how Microsoft is trying to advance even the Windows platform’s most rudimentary games.
Sharing, achievements, and other social activities are now part of Minesweeper.

Enhanced desktop games on Windows 8

The Windows desktop is still a big part of any Windows 8 system, including tablets and hybrid PCs running the new OS. All-in-one PCs with touch capabilities are gaining prominence in the Windows 8 desktop hardware landscape; and some higher-end all-in-one PCs, such as the Dell XPS One and Lenovo A720, include discrete GPUs, which allow them to run more 3D-intensive titles.

Even desktop games can benefit from additional features built into Windows 8, such as the enhanced touch interface. Intel has worked with a couple of key developers to bring touch to desktop games. Firaxis added touch, including support for gestures, to Civilization V, one of the biggest strategy titles of the past year.
The latest Civilization 5 update adds multitouch to a classic strategy game.
At least one desktop PC game, Wargame: European Escalation by Eugen Systems, was developed from the ground up for touch. Eugen's first game, R.U.S.E., supported touch under Windows 7, but the interface was a little obtuse. In contrast, the top-down map interface of European Escalation—a real-time strategy game that takes place in a hypothetical war between the 1980s superpowers in Europe—offers tiles, rather than small buttons, as the main selectable user interface elements. Touch select and other gestures also work as expected.

Both Civilization 5 with touch support and Wargame: European Escalation work well with Windows 8. European Escalation, like Eugen's earlier game, will also work with touch-enabled Windows 7 systems.

Interestingly, both games have also been optimized for Intel's integrated HD 4000 graphics, so their performance should be adequate on Ultrabook-class hybrids and tablets. That's a reality that all game developers will face going forward: In raw performance, the graphics hardware on these sleek systems currently doesn't measure up to discrete graphics cards on desktop PCs.

A new generation

Windows 8 and Windows RT have arrived, and with it, the new generation of Windows Store games. Many of these games will be built on JavaScript, HTML 5 canvas, and Microsoft's XAML core languages, allowing easy porting between mobile and PC platforms. Higher-end titles will continue to be developed in more traditional languages.

More important for users, new gaming experiences are emerging. With many Microsoft Store apps, you'll be able to transition easily from your game when you're moving from one platform to the next. The widespread adoption of Windows 8 games on mobile devices such as Ultrabook hybrids and pure tablets will encourage the spread of certain gaming genres that have had modest traction, such as location-based or augmented-reality titles. New sensors built into tablets and hybrid laptops will allow game designers to build new control types into games, which in turn will give them the ability to create new types of games.

Although Apple iOS fans will no doubt snort, suggesting that such features have always been available on iOS, relatively few cross-platform titles exist between iOS and Mac OS. Plus, Apple's laptops seem to be evolving toward higher-end display technology, but aren't adopting touch as a key part of that OS.

The new generation of Windows games, on the other hand, will integrate titles on desktop PCs, laptops, smartphones, and even Xbox consoles, creating new experiences for users of all kinds of games, ranging from the very casual to the hard-core. It's going to be exciting to see what games emerge, given the plethora of platforms and sensors, all running on a common platform.

By Loyd Case of PC World