Verzeichnis
NewsThe Art of Technology
iOS is beginning to take over Mac OS X in Web traffic share for at least one online ad firm. In a new report published on Friday, Chitika said that Apple's record phone and tablet sales have propelled iOS to surpass Mac OS X when it comes to Web requests to Chitika's ad network. Though it's unlikely these stats signal the downfall of the Mac, they do show that iOS is seeing strong growth on certain networks to coincide with its sales growth over the last several months.
First things first: Chitika's network mainly targets mobile devices and, as such, its data is skewed more heavily towards iOS than the rest of the Web at large. For example, when looking at Ars Technica's own user agent stats for the month of January 2012—mobile and desktop combined—we saw 22.93 percent of our users on Mac OS X and 5.76 percent on various iOS devices (iPad, iPhone, and iPod). When split out among those devices, the iPad grabbed the highest chunk at 4.85 percent of our total. So although some networks like Chitika are seeing a complete takeover of iOS compared to Mac OS X, it's worth keeping in mind that it's not necessarily representative of the entire Internet.
Read the comments on this post
The success of efforts that target polio have raised hopes that it could be the next human disease to be eradicated within the decade. But that's not the only disease that public health officials have targeted. The UN has actually set a goal of eliminating all deaths caused by malaria—by 2015. To reach that goal, development agencies boosted spending on malaria control efforts to over $1 billion annually over the course of the past decade. That has definitely had a significant impact on the disease, as all estimates of deaths due to malaria indicate it has been going down since about 2005. But the latest study of the disease suggests that we've been significantly underestimating how many people it has been killing.
Malaria is an extremely difficult parasite to control, in part because it's a complex organism. In contrast to viral and bacterial pathogens, malaria is caused by eukaryotes (from the genus Plasmodium), which have larger and more complex genomes. The parasites' complex genomes have helped them evolve various mechanisms for avoiding the immune system, as well as evolve resistance to most of the therapies we've developed.
Plasmodium also has a complex life cycle, spreading via mosquitos rather than direct, person-to-person contact. Although this lets us limit the spread of the disease by targeting mosquitos, those organisms have also evolved resistance to the chemicals that once killed them. For example, DDT was once used so indiscriminately that it's now useless against mosquitos in many tropical regions.
Read the comments on this post
The Iranian government is reportedly blocking access to websites that use the HTTPS security protocol, and preventing the use of software residents use to bypass the state-run firewall.
From post on Hacker News today, apparently written by an Iranian resident:
Since Thursday Iranian government has shutted [sic] down the https protocol which has caused almost all google services (gmail, and google.com itself) to become inaccessible. Almost all websites that reply on Google APIs (like wolfram alpha) won't work. Accessing to any website that replies on https (just imaging how many websites use this protocol, from Arch Wiki to bank websites). Also accessing many proxies is also impossible.
Several Hacker News users confirmed the original post's statement that Iran is blocking encrypted Internet traffic. "I live in Iran. The fact about the shut down is correct," one person wrote. Another said "They drop all encrypted connections. This means no https, no IMAP over TLS and no SSH connections. (Im in Iran)."
People are debating whether the shutdown is related to the 33rd anniversary of the Islamic Revolution, which is being celebrated by the government but has spurred protests in years past. This may not be the case, as one person writes "SSH has been disabled for a few months."
According to the Washington Post, Internet users are increasingly seeing the error message "According to computer crime regulations, access to this Web site is denied." The Post's bureau chief in Tehran, Thomas Erdbrink, says that software Iranians use to bypass Iran's firewall recently stopped working. "Many fear that the disabling of the software used to bypass the state-run firewall heralds the coming of what authorities have labeled the National Internet," Erdbrink wrote.
It's not clear how widespread the blockages are. Reports from some Twitter users earlier this week indicate that all non-Iranian websites had been censored. However, checking out the "Blocked In Iran" tool today shows no blockages of Google sites. Assuming the reports are true, it wouldn't be the first time websites have been blocked in Iran—Ars itself was blocked in October 2010 following coverage of the Stuxnet malware that targeted Iran.
Read the comments on this post
Every graphical and technical advance the game industry has seen from Pong to Crysis has been a small step toward the end goal of a real-time, photorealistic 3D world that is truly indistinguishable from a real-world scene. Speaking at the DICE Summit Thursday, Epic Games founder and programmer Tim Sweeney examined the speed and direction of computing improvements and determined that we "might expect, over the course of our lifetime, we'd get to amounts of computing power that come very close to simulating reality."
Read the comments on this post
A large group of European nations signed ACTA two weeks ago, sparking outrage across the continent. But not all European nations signed onto the agreement. Several countries, including Germany, had not finished their internal processes for approving the treaty, but vowed to sign on shortly.
But on Friday, the German government signaled it was having second thoughts. According to Der Spiegel, the German government now plans to wait and see how the European Parliament votes before Germany makes a decision on the treaty itself.
Germany's move comes on the heels of a similar move in Poland last week. As we reported then, the treaty must be approved by all 27 member states in order to go into effect anywhere in Europe. Germany is one of the wealthiest and most populous nations in Europe, so its move is likely to have a big impact on the handful of other European nations that have not signed onto the treaty.
Germany's change of heart was likely influenced by the growing grassroots backlash against the copyright treaty. Organizers are planning ACTA protests in 200 cities across Europe on Saturday.
The United States has already signed ACTA. The Obama administration has argued that because ACTA is an "executive agreement" and does not require changing US law, it does not need to be submitted to the Senate for ratification.
Read the comments on this post
You'd think that Tomonobu Itagaki, the rock star developer of successful game franchises like Dead or Alive and Ninja Gaiden series, wouldn't have much to be sad about. But, in a surprisingly personal DICE presentation today, Itagaki shared how a crucial mistake in the game development process sent him into a spiraling depression—and how the movie Armageddon helped bring him out of it.
Read the comments on this post
For decades now, large parts of the game industry have been striving to create games that are more meaningful—games that can speak to the human condition and tell an impactful story that's deeper than "remember when I shot that guy?" At a DICE Summit presentation today, Twisted Metal designer David Jaffe made an impassioned argument that such efforts have been misguided, and a huge waste of the industry's time and resources.
Read the comments on this post
There's good news for people who love bad news about the security of industrial control systems. At the SCADA Security Scientific Symposium (S4) in Miami Beach in January, there were a host of new security vulnerabilities unearthed in popular programmable logic controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems, the devices and software that are used to control all manner of critical infrastructure and industrial plants. And now, one researcher is preparing a tool to demonstrate the vulnerability of another manufacturer's systems—just in time for Valentine's Day.
SCADA platforms such as those from Siemens have been the subject of concerns of Homeland Security officials and others in government and industry, even before the Stuxnet worm's impact on Iran's nuclear program demonstrated that vulnerabilities in them could be used to cause real physical damage as part of a "cyber war." But many vendors have failed to improve the security of their SCADA products. That, and a general lack of pushback from SCADA customers, was the reason for S4's Project Basecamp, a SCADA hacking project intended to demonstrate the vulnerability of some of the most common control systems in use and provide tools to help companies assess their level of risk.
Digital Bond's Reid Wightman and others participating in Basecamp uncovered a number of vulnerabilities in several SCADA systems, including the GE D20ME, a controller common to the electrical utility industry. A set of "Metasploit" modules for the GE D20ME, including a module that downloads and stores the complete configuration of the D20ME, including usernames and passwords in plain text using the Trivial File Transfer Protocol (TFTP).
But there were also a number of vulnerabilities discovered in the ECOM Ethernet modules for DirectLOGIC PLCs from Koyo Electronics Industries of Japan, another very common controller used across a number of industries. In a blog post, Wightman said that those vulnerabilities include a limited size for passwords and no lockout or timeout after bad authentication attempts. That leaves the system open to brute-force password attacks, which is part of the toolset Digital Bond is releasing on Valentine's Day. "This should save end users money," Wightman wrote, because according to an FAQ on the modules, "a lost password means that the end user must send the device in for a reset."
In the ECOM100 modules for Koyo's systems, which Wightman said were less common, there is an even larger set of vulnerabilities—these have a built-in web server that requires no authentication to connect to and allows remote changes to be made to the PLC's configuration, including its network address. "To top things off, the server does not properly validate user input, and is vulnerable to cross-site scripting attacks," he wrote.
Read the comments on this post
Google says its bug bounty program, which awards hefty cash rewards for privately reported security vulnerabilities in its Chrome browser and online services, has been such a success that the company will expand it to include Chrome OS.
To date, Google has shelled out $729,000 under the program, which was initiated two years ago for its Chrome browser and 15 months ago for YouTube, Blogger, and its other Web services. Over the course of the latter program, Google received 1,100 legitimate reports from more than 200 individuals, Adam Mein, technical program manager on Google's security team, blogged. Of the 730 bugs that qualified for a reward, about half were contained in software developed by one of 50 or so companies Google has acquired. In all, Google has paid $429,000 under that program.
The remaining $300,000 was paid under the older bounty program for the Chrome browser, according to a separate post published on Google's Chromium blog. Reported flaws have covered the gamut of browser components, including Windows kernel and Mac OS X graphics libraries, code for the underlying Chromium and WebKit browser libraries, and open-source libraries such as libxml and ffmpeg. The post said "dozens of researchers" had submitted reports.
Google said it will now open up the program to those reporting "high-severity Chromium OS security bugs" that are present when the system's developer mode is turned off. Eligible issues include renderer sandbox escapes using Linux kernel flaws, memory corruptions or cross-origin issues inside the Pepper Flash plugin, and violations of the verified boot path will all qualify.
Started in early 2010, the bug bounty program for the Chrome browser was one of the first times a software developer had agreed to pay cash rewards in return for vulnerability reports. (Mozilla and DNS software developer Daniel J. Bernstein both preceded Google.) In July, Facebook initiated its own rewards program. So far, Microsoft, Apple and Oracle have declined to pay rewards, despite the considerable—and free—help they receive from some of the world's most talented security researchers.
Read the comments on this post
An East Texas patent case that has attracted the attention of the technology world came to a screeching halt Thursday as the jury ruled that the key patent in the case is invalid. Eolas, a patent troll that has been shaking down technology companies for the better part of a decade, now faces the prospect of losing the patent.
As our sister site Wired reported yesterday, the case centers on a biologist, Michael Doyle, who claims to have invented the concept of interactive websites back in 1993. He applied for a patent, which was granted in 1998.
But Doyle's claims are sharply disputed by many in the Internet community, including World Wide Web inventor Tim Berners-Lee. They've pointed to prior art, including Viola, an early Web browser created by Pei-Yuan Wei.
Berners-Lee took to Twitter to cheer the decision. "Texas jury agreed Eolas 906 patent invalid," he wrote. "Good thing too!"
Companies that depend on the open Web hailed the verdict. "We are pleased that the court found the patents invalid, as it affirms our assertion that the claims are without merit," a Google spokesperson told Ars.
Indeed, the sighs of relief likely extend beyond Silicon Valley. In addition to traditional technology companies, Eolas had also sued a number of others firms, ranging from Frito-Lay to Playboy.
Read the comments on this post
Labor group: Apple has comparatively decent record in China, but could do moreThu, 09 Feb 2012 15:49:00 -0600
Fair labor activists across the globe are continuing to pressure Apple to do more to improve working conditions and labor standards in China. Despite Apple's efforts to make its suppliers adhere to its own supplier "code of conduct," activists in the US and China believe Apple could use just a small portion of its massive profits to make meaningful change.
Factories in China pump out hundreds of thousands of iPhones, iPads, and Macs annually—indeed, China is responsible for manufacturing a vast majority of consumer electronics and other products sold here in the US. Stories of poor working conditions, labor law violations, and widespread environmental contamination are nothing new, but have gained more attention lately thanks to increased mainstream media coverage.
Read the comments on this post
Google building "home entertainment system" for wireless music streamingThu, 09 Feb 2012 15:35:00 -0600
Google is building a "home-entertainment system that streams music wirelessly throughout the home and would be marketed under the company's own brand," according to a report today in the Wall Street Journal. While the move has not been confirmed by Google, it would build upon the Google Music streaming service and music store.
It would also likely integrate with Android—the Journal describes it in one paragraph as the "Google Android entertainment system," and says it is being developed by Google's Android unit for unveiling later this year. The system "would let people download digital media such as music and stream it to Google-made speakers or other Web-connected devices in people's homes," and could be operated using a smartphone or tablet, the Journal reported, citing anonymous sources.
Google has also targeted home media with Google TV, but with limited success. The Journal report says the upcoming home entertainment system could support streaming media in addition to music, presumably including videos. In possibly related moves, Google previewed its Android@Home project at last year's Google I/O conference, and is asking the Federal Communications Commission for permission to test a WiFi and Bluetooth-enabled entertainment device in four US cities.
Read the comments on this post
Windows 8 on ARM: the desktop is there, so's Office, but not much moreThu, 09 Feb 2012 15:25:00 -0600
Ending months of speculation on the matter, Microsoft has revealed that Windows 8 on ARM will indeed contain a desktop—and that desktop versions of Word, Excel, PowerPoint and OneNote will all be pre-installed.
Microsoft insists that the desktop holds real value, and that it makes Windows less valuable to users if it was missing (a view we're sympathetic to). To that end, Windows 8 on ARM ("WOA") will have a desktop, with a taskbar, that includes Explorer, most of the current desktop utilities that ship with Windows (though not all, and Microsoft hasn't said what won't be included), and supports applications. All WOA machines will support USB and Bluetooth mice and keyboards, so users who want to will be able to use the desktop in a traditional way.
Read the comments on this post
Microsoft has started to talk in detail about Windows on ARM: what it will do, what it won't do, and how it has been put together in its latest post on its Building Windows 8 blog. The focus of the lengthy post is the work Microsoft has done to bring Windows to ARM: building a common ARM platform that works the same way, whether using a processor from NVIDIA, Texas Instruments, or Qualcomm. This was a substantial undertaking: unlike desktop PCs, ARM systems are all wildly different.
Windows on ARM, or "WOA" as Microsoft is calling it, is substantially identical to Windows on x86/x64. The difference between ARM systems and x86 systems is more than just the instruction set of the processor. x86/x64 systems are almost all built in the same way. The system uses BIOS or UEFI to initialize hardware and hand over control to the operating system, they use ACPI for enumerating hardware and power management, major system devices like the video card and storage controllers are connected to PCI or PCIe with other peripherals attached to USB, and storage is either SATA or SCSI.
Read the comments on this post
If there's anyone who can make sense of the recent, meteoric rise of mobile and social games, it's probably the people behind the golden age of arcade gaming in the early '80s. Just such a group drew a lot of parallels between the two gaming eras at a DICE session today, while also offering some cautionary warnings about following in the arcade's footsteps.
Read the comments on this post
Linking correlation to causation with power laws and scale free systemsThu, 09 Feb 2012 13:30:19 -0600
An essential part of science involves finding correlations between two sets of measurements and seeking explanations for those correlations. However, relationships can be suggested by data even when they don't actually exist, and correlations may occur due to random fluctuations rather than a deep underlying principle (as the infamous "correlation does not equal causation" cliché suggests). These errors are easy to make, and the scientific literature is full of them.
So how can researchers establish if a correlation is both real and meaningful? In a Perspective in the February 10 issue of Science, Michael P.H. Stumpf and Mason A. Porter examine the type of correlation known as a power law, where one set of measurements is related to a second via an exponent. They argue that two things must be in place for a power law to be valid as a predictive model: it must hold over a wide range of data to eliminate chance associations, and it must have a plausible mechanism to explain why the correlation showed up in the data.
Read the comments on this post
GPS air traffic navigation system would be crippled by LightSquared network, Congress is toldThu, 09 Feb 2012 12:45:36 -0600
Airline industry representatives and a US transportation official told members of Congress yesterday that LightSquared's planned 4G LTE network would interfere with a GPS-based navigation system that government and industry has invested $8 billion in.
The Federal Aviation Administration and industry "have invested as much as $8 billion into NextGen," which is designed to "transform America’s air traffic control system from the aging groundbased system of today to a satellite-based system of the future," US Department of Transportation Deputy Secretary John Porcari said in testimony given at a Transportation and Infrastructure subcommittee hearing.
Read the comments on this post
In 2010, South Yorkshire police showed up at the workplace of 26-year old Paul Chambers and arrested him. His crime: posting a frustrated joke to Twitter after his girlfriend's flight was delayed due to snow at the local airport.
“Crap! Robin Hood airport is closed," he wrote. "You’ve got a week and a bit to get your shit together otherwise I’m blowing the airport sky high!!”
This was perhaps unfortunately phrased, but was it "menacing"? Even police didn't think so. As Chambers's lawyer describes the chain of events leading to his arrest:
[The tweet] was not sent to the airport, and when it was found in a search some days later it was graded as “non-credible” by the airport security manager. However, the process in place meant that it was referred to the airport police, who did nothing, and then to South Yorkshire police, who arrested Paul at his workplace for a suspected "bomb hoax." The police in turn realised after interview that it was intended as no more than a joke; but they had to refer it to the Crown Prosecution Service for a decision.
The CPS agreed that it was not a bomb hoax offence, but they decided it was in the public interest to prosecute Paul under section 127. This seems the first time... that this offence had been used in respect of an internet communication.
Chambers was fined £400 plus costs (now over £3,000). But he has appealed the case, which was heard in London this week, and the ruling will set precedent as the first time an appellate court has considered this sort of issue related to social media.
The UK isn't the only government not sure how to handle tweets. Two weeks ago, British tabloid The Sun interviewed a man and woman who had been sent back home after long flights to California, where Homeland Security agents pointed to a recent tweet from the man saying, "Free this week, for quick gossip/prep before I go and destroy America."
If it all seems a bit over the top—what person actually out to "destroy America" would write such a thing publicly, on Twitter, and in English?—it could be far worse if you live in Saudi Arabia.
Read the comments on this post
For the last several years, research funded by the National Institutes of Health has been subject to its public access policy, which ensures that resulting research publications are made open access within a year of their publication. For almost as long, some members of Congress have been trying to overturn that policy, which some publishers fear will cut into their revenues. The latest attempt, the Research Works Act, was introduced in January, and would allow any publisher to keep papers in its journals from being made open access.
Today, some members of Congress have introduced a bill that would not only support the NIH policy, but expand it. The Federal Research Public Access Act is being introduced in both the House and Senate, with a bipartisan group of sponsors in each body. The act would significantly shorten the waiting period between publication in a subscription journal and the point where a paper is made open access, dropping it from a year to six months. It would also expand the scope of the policy, applying it to any federal agency with a budget of $100 million or more.
The bill argues that "the research, if shared and effectively disseminated, will advance science and improve the lives and welfare of people of the United States and around the world." To that end, each agency will be required to ensure that publication doesn't interfere with their right to reproduce the paper, and create a online public repository that will house the works once they become open access. Preliminary data, such as lab notes and meeting presentations, are specifically excluded from this requirement.
Read the comments on this post
Did you know that Apple cofounder Steve Jobs was considered for an appointment with the US government under George Herbert Walker Bush? Now you do—along with the rest of the world—thanks to newly released documents by the Federal Bureau of Investigation. The FBI posted on Thursday a 161-page document of its extensive background check on Jobs as a result of a Freedom of Information Act request filed by the Wall Street Journal—the document doesn't otherwise contain much new information that wasn't covered in Walter Isaacson's recently released biography on Jobs, though it does highlight Jobs' influence among even his obvious enemies. After all, nearly everyone the FBI interviewed recommended him for the position, including those who felt screwed over by Jobs.
George H.W. Bush had apparently considered appointing Jobs to the President's Export Council in 1991, resulting in a Level III full field investigation into Jobs' professional and personal life. The appointment clearly didn't work out—Jobs never ended up working for President Bush in the '90s and instead went back to Apple in 1997 to help pull the company out of near-bankruptcy. Jobs eventually stepped down as Apple CEO in August of 2011 and passed away in October of the same year.
Read the comments on this post
Suspicion of Google's outside influence on copyright policy isn't just limited to the US, where supporters of the Stop Online Piracy Act have bashed the company for months and where critics have charged the Obama administration is too close to the giant advertising company.
In the UK, members of parliament this week debated the same issue. Pete Wishart, a Scottish MP from Perth and a member of the only "parliamentary rock band" MP4, took to the floor of the Commons on Tuesday to take on both digital rights groups and companies like Google.
Read the comments on this post
Privacy group demands FTC force Google to roll back privacy policy changesThu, 09 Feb 2012 11:44:00 -0600
The Electronic Privacy Information Center (EPIC) filed a lawsuit Wednesday against the Federal Trade Commission over Google's upcoming privacy policy changes, according to a posting on the EPIC site. EPIC says that the new privacy policy is in clear violation of a consent order the company signed with the FTC in March 2011 that was created in reaction to the Google Buzz privacy fiasco.
Google's privacy policy changes, to go into effect March 1, let the company synchronize data it collects from users across all of its services. Google claims this benefits its customers with better service integration; for instance, if your Android phone's GPS can see your Calendar, it can alert you that you will be late to an appointment if you're too distant from a meeting location. The business benefit is that user information gleaned from Google Wallet, Docs, and YouTube can be synthesized and used to target ads.
Read the comments on this post
Hackers target iPhone manufacturer to protest harsh working conditionsThu, 09 Feb 2012 10:49:00 -0600
Hackers protesting harsh working conditions at iPhone manufacturer Foxconn dumped what they said were megabytes of private data belonging to the outsourcing giant.
"Note: The passwords inside these files could allow individuals to make fraudulent orders under big companies like Microsoft, Apple, IBM, Intel, and Dell," a group calling itself Swagg Security wrote in a message posted to Pastebin. "Be careful." The purported contents were made available in a torrent on The Pirate Bay.
The group said Foxconn's network was protected by "an appropriate firewall, but fortunately to our intent, we were able to bypass it almost flawlessly." Over several days, the hackers claimed, they were able to access most data of significance. It didn't take long after the dump for images such as this one to circulate that suggested Foxconn systems were configured in ways that revealed key information about its internal topology.
Several Foxconn servers were reportedly taken offline over the past day.
The stunt coincided with protests planned at a half-dozen of Apple retail stores around the world by demonstrators opposing the conditions of workers who manufacture iPhones and other Apple hardware. A recent series carried by The New York Times documented long hours, low pay, and an explosion that killed several workers at Foxconn, which also makes hardware for Cisco, Dell, Sony, HP, and others.
Read the comments on this post
It is war between the National Cable and Telecommunications Association and Boxee over a Federal Communications Commission proposal that would allow cable companies to encrypt or scramble their "basic tier" streams on all-digital systems. Time Warner Cable and Comcast say go for it. But Boxee is calling for a time-out on the idea.
Up until now, basic tier consumers have not needed de-scrambling set-top boxes to connect to basic tier (which usually just offer the over-the-air channels), the company's latest blog post warns. Big cable's real motivation in pushing this rule "is to prevent you from being able to connect the cable from the wall directly to your TV or Boxee Box. You will need to rent a set-top box from your cable provider, pay an extra $5-15 per month and it will no longer work with your Boxee Box or similar devices."
Read the comments on this post
GDrive at last? Google reportedly ready to launch online storage serviceThu, 09 Feb 2012 10:25:00 -0600
Rumors of Google launching a cloud storage service known as "GDrive" have been coming and going for years, with no actual product ever making its way to consumers. But the Wall Street Journal says Google is, finally, perhaps only weeks away from launching the service, now simply called "Drive."
Drive could have been pretty revolutionary, especially if it had launched back in 2007 when the Journal also said it was ready to be unveiled within a few months. Now, Google will have to compete against Dropbox and other well-established storage services. Still, Google could make an impact simply by redirecting its existing users to the new service, and undercutting the competition in price.
Google Docs already offers free storage for any type of file, with each user given up to 1GB of free space, compared to 2GB from Dropbox. But Google Docs users can purchase an extra 20GB of storage for a mere $5 a year, or 80GB for $20 a year, considerably cheaper than Dropbox rates of $9.99 per month for 50GB and $19.99 per month for 100GB. Presumably, Google Drive would be far more convenient to use than Google Docs storage, but an article in ExtremeTech speculates that Google will use similar pricing in Drive to attract users.
But given that the actual service's existence has been rumored for years without coming to fruition, it's still all speculation until Google confirms it.
Read the comments on this post
