Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Has Google's Privacy Policy Protected Us From Government Surveillance?
By Andy Dornan
Mar 20, 2006 at 05:17 PM ET
http://www.informationweek.com/blog/main/archives/2006/03/has_googles_pri.html
The District Court ruling that Google doesn’t have to turn over any search records to the Bush administration isn’t just a victory for Web surfers who don’t like the thought of being tracked by the government. It's a victory for anyone who stores data and doesn’t want to be harassed by lawyers or federal agents.
Google claimed from the start that the case was about privacy rights, citing both its users’ right not to have their searches revealed and Google’s own right to make sure its trade secrets stayed that way. Both of these are important and were enough to win in court. But the implications for both personal and corporate privacy go much further than that.
For individuals, the greatest threat to privacy isn’t so much the search records as what the Bush administration wanted to do with them--that is, bolster its legal argument in favor of the Child Online Protection Act. Despite the name, COPA has nothing to do with protecting children online. Rather, it requires all Web sites that contain potentially sexual content to track visitors and verify that they're over 17. The intent is to censor porn, but sexual content is defined so vaguely that just about every Web site could end up requiring age verification.
According to COPA, Web publishers have the option of two tracking mechanisms. The low-tech solution is to ask all visitors for their credit card details, which makes the law an even greater gift than Internet Explorer to the phishing industry. (Some sites already use the Act as an excuse to demand credit card numbers.) The high-tech one is to have the PC itself provide a digital certificate that identifies the user, probably through a combination of Trusted Computing chips and biometric sensors.
Google’s victory won’t in itself stop COPA, of course. And stopping it might not even be necessary. In 2001, the Supreme Court decided that the law was unconstitutional (see PDF or Google cached HTML) following a challenge from a group of online publishers led by the ACLU. But it left open the possibility that future technological advances could change this.
I don’t quite understand how technology can make censorship and tracking constitutional, let alone how a list of search queries can prove it, but that appears to be the Bush administration’s case. If it's somehow valid, Google’s refusal probably won't make any difference. Microsoft and Yahoo both acquiesced without a fight. AOL also provided some data, so the White House already has much of what it wanted.
However, the legal argument that the District Court relied on in its ruling (PDF only, so far) could help bolster the ACLU’s case, as well as that of other organizations that store data and need to stand up to a subpoena. The Bush administration’s lawyers had argued that it needs Google’s search records because many people use Google to search for porn. District Judge James Ware eventually relied on the same argument, but turned it in favor of Google.
The Judge’s reasoning is that people have a right to keep their porn searches private, even if they might not mind Google sharing some other less embarrassing search terms. (This is contrary to the stated premise of COPA, which is that everyone who surfs for smut needs to be tracked.) Because so much of Google’s business supposedly involves porn, the District Court was concerned that forcing Google to violate its privacy policy could hurt the site’s popularity. So privacy policies aren’t meaningless and unenforceable; they can actually stand up in court, provided that the company that wrote the policy is willing to stand up, too.
Unfortunately, the Court didn’t get a chance to rule on Google’s claims about trade secrets. The Bush administration had already dropped its previous demands (see PDF of the subpoena posted by SearchEngineWatch, or Google cached HTML), which covered details such as how many servers Google has and what each one of them does. But the ruling does show that the Court is concerned about the effect on Google’s business. And the case itself shows that stored data can become a liability, even if it's successfully protected against black-hat hackers, malicious insiders, and all the other traditional security threats.
Google and the other search engines weren't originally involved in the COPA case; it was just between the Bush administration and the ACLU-led group. (Unlike most Web sites, Google wouldn’t even be affected by COPA because it specifically excludes search engines.) But they became involved once the government saw that their vast stores of data might prove useful.
Most organizations don’t store as much information as Google, but their databases could still be tempting, especially with the growing overlap between people's business and personal lives. The riskiest is location data, which both prosecutors and defense attorneys regularly demand from cellular carriers. Businesses that track and store customers’ or employees’ movements (online or offline) could find themselves in a similar position, dragged into both civil and criminal suits.
As Google shows, the best defense is a strong privacy policy, but it needs to be backed up by a strong legal department and a willingness to fight. Without those, businesses may be better off not storing sensitive data at all.
Wave System Tutorials
http://www.wave.com/freelaptop/index.html
see the links on the right side:
Wave and
Trusted Computing
Play duration:
02:57 mins
-----------------------------
Strong Authentication
to a VPN
Play duration:
02:44 mins
I don't recall seeing this either:
http://www.wave.com/solutions/Secured_VPN_Access.html
Secure VPN Access
Most companies today require a way for employees to access their networks remotely. VPNs, or Virtual Private Networks, are the most common solution for remote access. Almost all VPN solutions provide the standard user name and password authentication but this typically does not satisfy the corporation's security requirements for remote users who are outside of the network's traditional security perimeter. In the search for stronger authentication – to identity the user and ensure that he is who he says he is – many advanced authentication solutions exist in the market today.
Wave's secured VPN access solution easily works in conjunction with the top VPN solutions and also uses the same basic technology for the other Trusted Computing solutions. The result is a significantly reduced cost of entry and ownership and an easier to manage VPN and security environment. If you are investigating lower cost alternatives for secure access to your corporate VPN, contact us by email at sales@wavesys.com or by phone at (877) 228-WAVE.
Intel Developer Forum (IDF), Spring 2006, SAN FRANCISCO, March 6
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/03-06-2006/0004313807&...
/PRNewswire-FirstCall/ -- Seagate Technology (NYSE: STX), the world's number
one hard drive maker, will demonstrate new storage technologies and
capabilities for everything from handheld consumer electronics devices to
external storage arrays at the Intel Developer Forum, March 7-9 at San
Francisco's Moscone Center.
"The rapid spread of digital content in our personal and work lives
continues to drive strong demand for consumer electronics devices and
computing systems with higher storage capacity, performance, security and new
capabilities that make storage easier and more cost-effective to deploy and
use," said Brian Dexheimer, executive vice president of worldwide sales and
marketing at Seagate. "Seagate continues to invest in technologies that give
customers more freedom to move, manage and protect information used in
computing and consumer electronics applications."
Seagate will stage the following product and technology demonstrations at
IDF:
Seagate Technology - booth 549
* Barracuda 7200.9 low power spin-up drive -- The industry's only 3.5-inch
low-power spin-up disc drive for external storage enclosures. Built with
Barracuda's signature reliability, these drives deliver the industry's
lowest start-up current to increase system design flexibility and
prevent system crashes or other start-up problems caused by the huge
power draw when powering up external enclosures.
* Momentus 5400.3 -- Designed for mainstream and high-capacity notebook
and tablet PCs, the industry's first 2.5-inch disc drive to use
perpendicular recording technology and deliver the highest areal
density, 132 Gbits per square inch. The drive delivers up to 160GB of
capacity, the highest available in a mobile form factor, and
industry-leading shock tolerances.
* Momentus 5400 FDE -- A hardware-based full disc encryption (FDE)
solution that delivers strong protection for data stored on lost or
stolen notebook PCs. The 2.5-inch hard drive, which encrypts and
decrypts all data at full interface speed, provides advanced security
capabilities for enterprise deployments including strong user
authentication, instant erase, and key and password management.
* Wireless USB portable external hard drive -- Seagate's popular 2.5-inch
Portable External Hard Drive with a wireless USB connection. Wireless
USB hard drives will eventually recognize any computer using standard
wireless USB chipsets for easy file download and backup.
* CE-ATA interface -- CE-ATA is the emerging a standard interface standard
for new devices integrating 1-inch hard disc drives. CE-ATA uses a
highly simplified, efficient command set and physical interface that
will make it significantly easier to integrate hard drives into consumer
electronics devices such as PDAs and cell phones. Seagate's
implementation supports Intel XScale(TM) technology.
SATA-IO - booth 135
* Momentus 7200.1 100GB Serial ATA (SATA) hard drives -- The world's first
2.5-inch 7200-rpm notebook drive with 100GB of capacity, the Seagate
Momentus 7200.1 SATA hard drive will be shown powering a small form
factor media server. Momentus 7200.1 is designed for high-performance
laptops such as gaming and media systems and workstations where high
data transfer rates are key.
Trusted Computing Group - booth 143
* Momentus 5400 FDE - Seagate and Wave Systems demonstrating notebook PC
data protection integrating the Seagate Momentus 5400 FDE drive with
Wave's Trusted Drive Manager, a plug-in module to Wave's Embassy Trust
Suite. The suite of security tools provides access to the advanced
security capabilities of Seagate FDE drives.
Seagate is the worldwide leader in the design, manufacture and marketing
of hard disc drives, providing products for a wide-range of Enterprise,
Desktop, Mobile Computing, and Consumer Electronics applications. Seagate's
business model leverages technology leadership and world-class manufacturing
to deliver industry-leading innovation and quality to its global customers,
and to be the low cost producer in all markets in which it participates. The
company is committed to providing award-winning products, customer support and
reliability to meet the world's growing demand for information storage.
Seagate was named 2006 Company of the Year by Forbes Magazine. Seagate can be
found around the globe and at http://www.seagate.com.
NOTE: Seagate, Seagate Technology and the Wave logo are registered
trademarks of Seagate Technology LLC. Barracuda and Momentus are trademarks or
registered trademarks of Seagate Technology LLC. When referring to drive
capacity one gigabyte, or GB, equals one billion bytes. Accessible capacity
may vary depending on operating environment formatting.
SOURCE Seagate Technology LLC
Web Site: http://www.seagate.com
Trusted Computing Group at CeBit
http://www.networkworld.com/weblogs/nos/011356.html
By John Fontana, NetworkWorld.com, 03/03/06
Users have heard a lot from Microsoft about Trustworthy Computing, but you can hear a lot more from the horse’s mouth if you plan to attend next week’s CeBit show in Germany.
The Trusted Computing Group (TCG) will present a Business Community Day educational session, a half-day tutorial for developers and IT managers interested in learning more about trusted computing and its applications in the enterprise. TCG is an industry standards body that develops open standards for trusted computing and security technologies across multiple platforms, peripherals, and devices. Microsoft’s Trust Platform Module Services, expected to ship with Longhorn Server, incorporate many of the TCG’s specifications and concepts. In Germany, TCG’s focus will be on Trusted Computing architecture and its implementation across diverse products and technologies, an overview of Trusted Platforms, usage scenarios, Trusted Computing in wired and wireless environments, securing endpoints, and privacy and control options. Speakers include Thomas Rosteck, Infineon; Thorsten Stremlau, Lenovo; Janne Uusilehto, Nokia; Alexander Koehler, Seagate Technology; and Bruno Leconte, Wave Systems. The meeting takes place on March 14.
Storage Networking World, 2006
http://www.snwusa.com/agenda.html
WEDNESDAY, APRIL 5, 2006
2:10–2:55 p.m
Deployable Solutions: Security
Trusted Storage
Dr. Robert Thibadeau, Director of Security Architectures, Seagate Research/Trusted Computing Group
Malware moves up, goes commercial
2/25/2006 12:21:57 PM, by Peter Pollack
http://arstechnica.com/news.ars/post/20060225-6264.html
Let's face facts. We knew this was coming for years, we just didn't want to admit it to ourselves. Virus programmers—the real kind, not the script kiddies—are far too competent at what they do to have remained noncommercialized forever. No longer merely an ugly toy for troublemakers, the 21st century virus is poised to climb the economic ladder and establish itself as a commercial tool of choice for identity thieves and financial fraudsters.
Engineers at Panda Software, while in the process of researching a new trojan, uncovered evidence this week that led them to a web site touting custom-built viruses for sale. For the low, low price of only US$990, a user gets his or her own pet trojan horse, complete with tech support. If the file is discovered—as this current model was—the designer provides a guarantee to alter it so that it may continue to avoid detection in the face of updated antivirus software.
The trojan goes by the moniker Trj/Briz.A, and scans the user's hard drive for information that could be used for financial and identity data. It then sends that information to an attacker working behind the scenes. Additional features include the ability to gather IP addresses and in some cases, the physical location of infected computers. It can also modify the machine to prevent access to web sites devoted to antivirus products.
The file that causes the Trj/Briz.A infection is called "iexplore.exe" It uses this name to pass itself off as Internet Explorer. When it is run, it downloads different files and stops and deactivates Windows Security Center services and Shared Internet Access. It also collects information on programs like Outlook, Eudora and The Bat, which it sends to the attacker.
It seems notable that the trojan attacks The Bat, an application which touts itself as a "Virus-proof Email System ... to make your e-communication safe and easy." The Bat is not exactly the most common e-mail program around, and history has shown that viruses which target Outlook alone are certainly damaging enough. Perhaps the creator of Trj/Briz.A, although making a bold move into the world of commercial criminal software, still bears enough hacker pride to bother going after a more uncommon application just because it is touted as "virus-proof."
An investigation has begun into those behind Trj/Briz.A. PandaLabs has joined forces with unspecified "other companies" and "international agencies" to track down the creators, starting with the server to which Trj/Briz.A sends its information. It is believed that the server is a front for a much larger network, and that more malware may be on the way.
While [Panda Chief Technology Officer Patrick Hinojosa] does not believe that the organization offering the trojan horse service has released other malware so far, he mentioned that Trj/Briz.A is not a proof of concept. "This code is written heavily towards the goal of data theft and aims at extracting personal financial information," he said. "We believe someone may have bought this trojan horse."
Viruses that wrest user data from infected computers have been around for decades, and malicious programmers have done customized work for hire before, but Trj/Briz.A's combination of detection avoidance coupled with brash commerciality put it in a class by itself. As more schemes like this start to show up—and they undoubtedly will—it will only encourage the push for better user authentication and trusted computing. http://arstechnica.com/news.ars/post/20060225-6264.html
Still, a price of only US$990 is something of a bargain, given the support system and customized nature of the software. With some high-end boxed applications running US$500 to US$2,000 or more, the programmer of Trj/Briz.A may want to look into hiring an agent. For all the financial gain the software bring to the purchaser, it seems ironic that the virus designer might be the one getting taken to the cleaners.
Gateway M465-E
http://abcnews.go.com/Technology/ZDM/story?id=1648810&technology=true
New components (including a dual-core processor), enhanced security, and improved battery life are just some of things the Gateway M465-E offers.
The Gateway M465-E is not just a conventional business notebook, although its design might say otherwise. With Intel's latest Core Duo components, a solid security platform, and long battery life, it packs a wallop. If raising the performance bar is your company's motto or if you're a tireless workaholic, then the M465-E is worth considering.
On the outside, the M465-E retains the same bland design as the Gateway M460 (and every other laptop the company makes). Newer components trim the weight down to 6.3 pounds (from the M460's 6.8 pounds), but the Lenovo ThinkPad Z60t (5.5 pounds) is still a lighter traveling companion.
The M465-E 15.4 inches of screen space is plenty for viewing Microsoft Word and Excel files side by side. On the input from, the touch pad is responsive, but the pointing stick is less so—stiff, in fact. The ThinkPad Z60t's TrackPoint technology is still unmatched.
If you're tired of seeing your antivirus software bog down other applications, then dual-core processing is for you. The 1.83-GHz Intel Core Duo T2400 is a notch below the Core Duo processors in the Acer TravelMate 8204WLMi and the Dell Inspiron E1705, but the results are still impressive. We simultaneously rendered a high-resolution image using Adobe Photoshop CS2 and transcoded a video file using Windows Media Encoder 9—and both tasks ran smoothly with Norton AntiVirus scanning in the background.
The M465-E's SYSmark 2004 SE scores were slightly below those of another recent dual-core notebook, the HP Pavilion dv1000t, which has twice as much RAM and a faster Core Duo processor. Overall on these tests, the M465-E outperformed the M460 (which has a single-core processor) by 25 percent. Windows Media Encoder test results were on a par with those of the other dual-core notebooks we've tested, but Photoshop scores were not as impressive because of the somewhat stingier allotment of RAM (512MB).
Battery life was a bright spot for the M465-E: It outlasted the competition on our MobileMark 2005 tests. The system's 6-cell, 57-Wh battery chugged along for 4 hours 4 minutes, besting the dv1000t's 3:47. If 240 minutes isn't enough, Gateway offers a 12-cell, 98-Wh battery that lasts an astonishing 7:09. The larger battery brings the system weight up to 6.9 pounds, but if you're in meetings all day, the extra weight—and $120—is worthwhile.
For I/O, you'll find four USB ports, all on the right side of the notebook, and you'll also get FireWire, S-Video Out, and VGA ports. The M465-E comes with a modular dual-layer DVD±R drive and a 5-in-1 memory card reader. The standard 60GB hard drive is adequate for business use, but you can also upgrade to a 100GB drive for $135.
The machine doesn't have a fingerprint reader, but it does include a TPM (Trusted Platform Module) chip, the first Gateway notebook to have one. This means that you can store and encrypt passwords and security keys at the hardware level, which is much safer than having them stored in Microsoft Windows. The M465-E also integrates its own proprietary recovery suite, which we found easy to use, but the laptop still lacks a comprehensive set of management tools such as Lenovo ThinkPads offer. In a very small business or a home office, you might not need all those management tools, though.
The Gateway M465-E is significantly more powerful than its predecessor, the M460. Although its design won't turn any heads, the new security features and excellent battery life will have corporate buyers thinking "upgrade."
See how the Gateway M465-E measures up to similar machines in our laptop comparison chart.
Check out the M465-E's benchmark test results.
Softex Introduces Version 4.0 of Its OmniPass Identity and Access Management Suite
http://biz.yahoo.com/prnews/060209/dath018.html?.v=44
Thursday February 9, 2:43 pm ET
AUSTIN, Texas, Feb. 9 /PRNewswire/ -- Softex Incorporated today announced version 4.0 of its OmniPass Identity and Access Management Suite, a complete, standards-based solution for automating and integrating identity and access management across enterprise environments.
ADVERTISEMENT
With the introduction of OmniPass 4.0, the product has now evolved to a full enterprise class security product. The password manager of OmniPass 4.0 can now support all enterprise level applications, such as terminal emulators, SAP, Oracle, and others. OmniPass 4.0 also becomes the first product in the market to support the Mozilla browser family (including Firefox 1.5).
The new version also integrates new security features, such as secure e-mail, secure VPN access, and secure digital certificate access. Now these functions can be setup by the user or IT administrator to require strong authentication before access to sensitive data or networks is granted.
Many new authentication devices are supported in OmniPass 4.0, more security devices than any other competitive product. OmniPass 4.0 now supports numerous biometric readers as well as multiple brands of smart cards, FIPS 201 compatible PIV cards and security tokens. OmniPass 4.0 also supports the latest Trusted Computing Group standard TPM 1.2 chips from all manufacturers. Along with support for more devices comes the need for more extensive authentication rules and OmniPass now allows any "equation" of security checks to authorize access to a user. The user's authentication policy can be set by the IT administrator using the management console in the companion OmniPass Enterprise Edition server product.
"Enterprise customers must operate and secure a wide range of applications, and face the challenge of how to establish and administer a common view of identity and entitlements. Through common administrative interfaces, audit and reporting capabilities, and standards-based interoperability, the OmniPass Family of Products provides critical components for the enterprise security architecture," said Apurva Bhansali, Founder and CEO of Softex, Inc.
About Softex Incorporated
Founded in 1992 and headquartered in Austin, Texas, Softex has become a leading provider of computer security products and services. Softex serves many of the top tier OEM companies, such as Lenovo International, Hewlett- Packard, Dell, Fujitsu, Motion Computing, Tatung, NEC-Packard Bell and Samsung, as well as many hardware vendors such as American Power Conversion, Targus and Fellowes. Softex is also a "Trusted Partner" of Phoenix Technologies for BIOS related software development and licensing. For more information: http://www.softexinc.com
Intel Developer Forum
https://www28.cplan.com/cv125/sessions_catalog.jsp?ilc=125-1&ilg=english&isort=1&is=%3CISEARCH%3E&ip=no&itrack=+&ivirtual_track=+&itarget_audience=+&idate=+&isession_id=&iabstract=trusted
CHTS002
Secure Wireless Data Services & Trusted Platforms
Wednesday
03/08/2006
15:00 - 15:50
ITRS014
Trusted Platforms enabled with Virtualization
Carlos Rozas, Intel
Wednesday
03/08/2006
16:00 - 16:50
----------------------------------------------------------------
Session ID: CHTS002
Session Title: Secure Wireless Data Services & Trusted Platforms
Session Abstract: What you will get from this session:
• Overview of issues driving need for greater wireless security
• Introduction to Intel® Wireless Trusted Platform Embedded Security Co-Processor
• Overview of WTM Security Module HW Components
• Caddo Keys
• PCA Security Software Stack
• Enablement Information:
o Authentication of Software Load
o Protection of Sensitive Information
o User and Device Authentication
Track: Cellular & Handheld Technologies
Primary Target Audience: Business Decision Makers; Developers; Technical Decison Makers & Influencers
Session Experience Level: Introductory - A Starting Point Session
Virtual Track: Mobility; Wireless Technologies
Duration: 50
Room: 2002
Speakers:
Session ID: ITRS014
Session Title: Trusted Platforms enabled with Virtualization
Session Abstract: Intended Audience: OEMs, Hardware and software developers concerned with platform security
What you will get from this session:
• Overview of motivators for creating more Trusted Platforms
• Discussion of Trusted Platform Hardware
• How to implement a Trusted Platform Module on a Virtualized Platform
• Examples of Trusted Platform functionality and benefits
Track: Intel Technology and Research - Advanced Research
Primary Target Audience: Developers
Session Experience Level: Intermediate - For Attendees With A Base Knowledge of the Topic
Virtual Track: Virtualization
Duration: 50
Room: 2003
Speakers: Carlos Rozas, Intel
DRM: Three dirty letters you won't hear in a CES keynote Posted by David Berlind @ 5:54 am
http://blogs.zdnet.com/BTL/?p=2361
Doc Searls pans Paul Otellini's CES presentation of Intel's ViiV for the media cartel it's bound to create:
Some of us (myself included) have been concerned about the DRM capabilities reportedly built into ViiV, but in his presentation Otellini made clear that Viiv has been in development with Microsoft, as a new Wintel platform for home entertainment…It's being presented as the Complete Replacement for TV…."A chance for broadcasters and rights-holders to extend their franchise"…This is an Intel-Microsoft story. All about Windows Media, but barely mentioning it….What about non-OEMs? Good luck. This is a juggernaunt.
With apologies to Doc (and in the name of transparency), the editor in me changed the order of those last two sentences. It doesn't change the context and instead only makes for a much clearer picture. I couldn't agree more with Doc (and be sure to read the bottom of this post where I repeat the OEM question in graver terms). So much so that I created a special category here on Between the Lines for that unstoppable media juggernaut.
As far as Wintel or Apptel (Apple +Intel: Doc says Apple will undoubtedly leverage ViiV too. Agreed.) becoming the central platform for home entertainment, this audiophile still thinks they have a long way to go. Just go check out a McIntosh amplifier. No, not Apple's Macintosh. The real Mcintosh. Real home entertaintment requires real sound which requires heavy metal the likes of which today's computer's don't have. If they did, they'd be triple or maybe quadruple the size and weight, draw significantly more power, and cost at least $5,000. Even more for centralized entertainment where you need something like a Xantech MRC88 that can simultaneously route both audio and video to multiple rooms, each of which is tuned into a different content source (cable box, digital audio server, DVD player, etc.) and each of which requires significant channel wattage to get sound that's half-way decent out of your speakers.
Will Apptel and Wintel will get there? Eventually. And DRM is what buys them time against the boutique entertainment gear makers who'll be driven out of business by patent driven royalty structures or even worse, refusing to even give those gear makers access to the DRM technology needed to playback all future content in the first place as Apple is doing to companies like Escient and Sonos (also see Sonos responds to Declaration of InDRMpendence) that are innovating circles around the larger slower 800 lb. gorillas. For example, at CES, Sonos just one-upped its already inventive wireless mesh network based solution with its new ZonePlayer ZP80 (makes Apple's AirTunes look like a toy). In a bit of news, that new gear supports Apple's lossless codec, but not Apple's FairPlay DRM (net net: iTunes purchased audio content won't work on Sonos' gear). Perhaps now the folks at McIntosh Labs are wishing they stood up for their trademark 20 years ago.
One final sidenote: In his story, Doc writes:
The best screens you can get in the next year will be 1080p full-HD displays. And the best source of "content" (man, I hate that word) for those screens will be high-definition camcorders. Fiber to the home is still a rarity, and even high-def digital cable and satellite aren't due to deliver 1080-grade resolution. Meaning the best source of the best-looking stuff will be: ourselves.
Meanwhile, just in case the bandwidth is there, perhaps ATI's OCUR CableCARD-compliant HDTV card (also debuted at CES) will be a market winner. But buyer beware. Before Microsoft was allowed to support CableLab's CableCARD specification (CableLabs is a consortium of cable television companies), it had to guarantee closure of the proverbial analog hole through which content pirates often sneak. Enter — you guessed it — Microsoft's DRM. This of course goes back to the elephant in the room question that Doc asked: "What about non-OEMs?" As far as I can tell, there's basically no way for Linux to support something like CableCARD because there is no official DRM that's built into Linux and there's no one that can sign (on behalf of Linux) on such a guarantee's dotted line.
Is that a PR? an interview? or did he post that himself? EOM
FBCA, FPKIPA, FPKISC, FICC
Found this interesting because it mentions ORC, Tumbleweed, Cybertrust (BeTrusted), among others
http://www.cio.gov/fbca/documents/pdval_minutes101305.pdf
Federal Bridge Certificate Authority
http://www.cio.gov/fbca/
http://www.cio.gov/fbca/documents/crosscert_method_criteria.pdf
Federal Public Key Infrastructure Policy Authority
http://www.cio.gov/fpkipa/
These members:
http://www.cio.gov/fpkipa/documents/cpwg_members.htm
may attend these meetings (Jan - Feb, 2006)
http://www.cio.gov/fpkipa/PAcalendar.htm
http://www.cio.gov/fpkipa/pameetings.htm
Federal Public Key Infrastructure Steering Committee
http://www.cio.gov/fpkisc/working_groups.htm
These meeting minutes are 2 1/2 years old, but it gives an interesting perspective. It discusses forming an interagency body for issues associated with "The Next Generation" common policy framework for Federal identity management that will be largely PKI based. It also discusses a common policy for physical and logical credentialing of Federal employees is needed. This requires a credential (smart card) policy. As well, bridge between the Federal PKI and external organizations, bridge between enterprise PKIs withing government, and enable external PKI interoperability within the Federal e-Authentication gateway (a relying party)
http://www.cio.gov/fpkisc/library/scminutes_may03.pdf
(which was obtained from here: http://www.cio.gov/fpkisc/scmeetings.htm )
Federal Identity Credentialing Committee
http://www.cio.gov/ficc/
The public comment period is now open on the Handbook (which ends February 3, 2006):
> Federal Identity Management Handbook (December 2005, Version 0.1) (2.70 MB)
Haven't read through it yet...
http://www.cio.gov/ficc/documents/FederalIdentityManagementHandbook.pdf
Report of the NSF Workshop on Research Challenges in Distributed Computer Systems
December 4, 2005
http://www.nsf.gov/cise/geni/workshop_report.pdf
Section 3.1 discusses security and mentions TPMs
I have no idea. I just found the price list today.
Anyone else know?
ORC - full price list here:
http://www.orc.com/SSP_Price_List.pdf
ORC's price list
Here is an excerpt of their price list (showing Wave's offering)
Two prices are listed. The left column pricing is Commercial. The right column pricing is Government.
The superscript of 7 indicates that bulk pricing is available
TVTonic downloads
This has got to be a misprint.
http://www.download.com/3120-20_4-0.html?tag=srch&qt=rss+video&tg=dl-20
TVTonic 3.0.4
79,569 downloads
It's been steadily increasing over the last month. Late December it was 400+ downloads. A day or two ago it was 800+.
Why is it saying 79,569 downloads today??!
Analysis: Just how different are Intel-Macs from Intel PCs?
Scott M. Fulton, III
http://www.tgdaily.com/2006/01/12/how_different_are_the_new_intel-based_macs/
and
http://www.tgdaily.com/2006/01/12/how_different_are_the_new_intel-based_macs/page2.html
12 Jan 2006 17:01
San Francisco (CA) - The very first Apple computers, distributed nationwide in 1977, had a hood you could pry off to reveal the CPU, the memory, and the motherboard. But almost three decades later, the company that pioneered "open architecture" with the Apple II, even with thousands of admirers looking on, was reluctant to pry the back panel off its new Intel Core Duo-based iMacs and MacBook Pro portables.
It isn't so much that Apple has some secretive technology they don't want us to see, believes Nathan Brookwood, principal analyst with the Insight64 consultancy. Instead, he told TG Daily this afternoon, it's more that Apple is a shy and reserved company. Up to now, it's never had to answer questions about what technologies and what chips - other than the PowerPC CPU - goes into its boxes. So with Apple formally entering the Intel realm just this week, he said, the company didn't demonstrate any willingness to change its basic personality. The lid didn't come off the back of the iMac; all that Brookwood got to see was revealed through the front end, where the screen is.
For Apple, Brookwood told us, "Making the decision to use Intel wasn't a change in business models or religion, it was simply a matter of expedience." Apple's existing PowerPC suppliers - originally IBM and Motorola, the latter replaced recently with spin-off company Freescale Semiconductor - simply could no longer deliver the chips Apple wanted, probably at the temperatures that the human race required. "Intel was there and said it could. So Apple is making zero changes in its business practices. It's still a systems supplier, it works with its customers to provide software interfaces, APIs, development tools, external interfaces like USB, FireWire, and doesn't really talk a lot about the pieces that go in its boxes."
There could be another reason Apple continues to be protective about its system specifications: The technology necessary to run a Core Duo-based computer is available to OEMs right now. What is to prevent an OEM or an enterprising system builder from using an existing Core Duo kit to effectively build himself a Macintosh?
If there's anything in the new Macs' hardware components that exclusively enables Mac OS X 10.4.4 - the version released yesterday that Jobs termed "universal" - then it would have to be in the parts Apple doesn't mention much, if at all: One candidate, it seemed when we began our investigation, was the chipset. We asked Intel to tell us the chipset used in the current Mac architecture. An Intel spokesperson confirmed to TG Daily yesterday that the new Macs use a standard Intel chipset, no different than those currently engineered to run Core Duo processors, using the Yonah architecture. But the spokesperson could not explicitly state which one...not because Intel declines to provide specifics, he said, but because he apparently hadn't been told the answer himself. During all the marshaling of Macworld-related news, he said, the question had never come up.
Perhaps it had never come up because it isn't the question existing Macintosh users - who comprise the majority of the target market for future Macintosh users - generally ask. Up to now, the chipset in the Mac motherboard is whichever one Apple exclusively designed for it; the nomenclature was never an issue, because it wasn't made available anywhere else. The only people who might possibly care, could be the sorts of people who aren't attending the show right now anyway.
Based on what information Intel could give us prior to press time, we believe all the new Macs use a standard 945 chipset. The only other potential candidate is the 975, which is typically used in Intel's Extreme Edition PCs, which is one of Intel's exclusive licensing brands. As is the case with Centrino and Viiv, the new Macs don't qualify for these umbrella brands.
The key difference between an x86 PC and an x86 Macintosh, which Nathan Brookwood could tell even without looking under the lid, is the Macs' absence of a key distinguishing PC feature: the BIOS. Instead, he told us, Apple is using Intel's Extended Firmware Interface (EFI), a next-generation bootstrap architecture that Intel had originally designed for use with Itanium architectures, and had been pleading with first-tier motherboard manufacturers to adopt for years, with no luck. Backwards compatibility and support issues were among the reasons for their refusal. But Apple had no such issues, no legacy matters to contend with. So it was an easy decision, said Brookwood, for Apple to go with EFI.
"And just by coincidence," Brookwood remarked, "the fact that their system relies on EFI, and no commodity Intel hardware at the motherboard level supports EFI, means that you can't start their stuff on a commodity board." In other words, Apple might not need fancy code to determine for Mac OS X to determine whether an attempt is being made to launch it in a non-Macintosh system. It could simply try tripping a BIOS interrupt - what developers call an "INT 13h." If it works...then OS X could easily halt itself.
The converse situation may also be true, since most Windows XP installations require the BIOS be present. However, whether an installation of Windows for Itanium systems could be made to work on a Mac Intel platform, remains to be seen.
Could the new Macs' EFI - its own bootstrap code - contain the security features that would disable any other operating system from running, including Windows and Linux? Surprisingly, Brookwood told us, he was told no. "What Apple has said to me directly," he said, "is they are doing nothing to preclude running Windows on their boxes, but neither are they doing anything to facilitate it. So if somebody could come up with the firmware environment to boot XP on those boxes, and create drivers needed to boot the system, then you could do it."
Of course, any Macintosh user reading this has probably already begun composing their response to this suggestion: Why would anyone want to run Windows on a Mac, instead of the Mac OS? And it's a perfectly valid question, especially considering the Mac is still more expensive.
No, the more likely tweak is probably the other way around: the possibility of running Mac OS X on a homemade system. And that's probably going to be much harder, Brookwood was told. "The other thing that Apple has said," he revealed, "is there may be some other things they've done to preclude OS X from booting on non-Apple machines."
We had been wondering for quirte a while whether a certain implementation of Intel's long-awaited Trusted Platform Module, known as LaGrande Technology (LT), would be making its premiere in the new Macs. Such a system, with its well-buried cryptographic keys, could make it easier for Apple to protect its intellectual property - both its operating system and the media components a user may download from iTunes. But we know that the 945 chipset does not carry LT. If it is the 945 that's running the Macs, this means that TPM won't play a role in 32-bit iMac and MacBook Pro architecture, at least for the next six months or so. If Apple truly does have something unique to hide beneath the lid of its new systems, this apparently isn't it.
---------------------------------------------------------------
The Intel 64-bit Macintosh: A lost opportunity?
We've known Apple was going to be supporting Intel for quite some time; what we did not know until yesterday was Apple's itinerary. It's possible that Apple itself didn't know that itinerary until quite recently.
While the new iMacs and MacBook Pros will be delivering dual-core processing with world-class graphics, the one key modern-day technology they will not be adopting yet is 64-bit processing. Last August, it appeared likely that Intel's upcoming 64-bit Merom architecture, with its cooler operating temperatures more suitable for notebook systems, may have been what won Apple over to Intel in the end. Since the latest "Tiger" edition of MacOS X is natively 64-bit anyway, one of the new Macs' more ingenious tricks is being able to run the OS in Apple's 32-bit compatibility mode. Nonetheless, Tuesday's announcements featured the 32-bit Yonah architecture, for obvious reasons: Sources tell TG Daily that Merom chips won't be publicly available until this September, at the earliest.
"If Merom had been available now," said Insight64's Nathan Brookwood, "[Apple] would have jumped on it now. So they had to make a tradeoff: Do they want dual-core, power-efficient performance in a 32-bit platform today, or do they want to hold off until mid-year before coming out with 64-bit platforms? I think it's clear that they decided sooner was better."
Tuesday afternoon, we spoke with IDC analyst David Daoud, who told us his company's data going back six years indicated that Apple tends to make upgrades to its Macintosh platforms every six months. With some of the new MacBook Pros probably not publicly available until early March, a September timeframe for a big upgrade seems about right.
However, Steve Jobs did provide a little bit of a hint on Tuesday that his company could be rethinking its marketing scheme, even at the high end. Referring to the reasons for the notebook name change from "PowerBook" to "MacBook Pro," he told the crowd, "We're kinda done with 'Power,' and we want Mac in the name of our products.
Jobs also stated Tuesday that Apple will complete its entire product migration to Intel platforms by the end of the year. No replacements for the PowerMac G5 systems were announced at Macworld Expo, though what had been stated to be the last new G5 upgrades - the double-dual-core PowerMac G5 Quad series - were released last October. It may be as academic a matter as it was to replace one G5 with one Core Duo for the new iMacs this month, to replace two dual-core G5s with two Core Duos this fall.
When that happens - when we can finally stack Apple's highest-performing Intel-based system against the highest horsepower Intel PC we can find or build - what will distinguish the two systems from one another most? And more importantly to the builder, will the extent of that difference be enough to prevent her from constructing a high-performance Macintosh herself? Historically, Apple has distinguished Macintosh not by its hardware, but by its software - specifically, using the "ease of use" argument. "It just works" continues to be an Apple user's motto. But couldn't it just work somewhere else?
Nathan Brookwood reminded us of perhaps the greatest single unspoken distinction between Windows and the Mac OS: Windows is designed to run on a variety of systems, with an incalculable number of permutations. By contrast, a Mac tends to be a Mac. "Part of the complexity of Windows," he told TG Daily, "is due to the fact that there are so many more choices available to you. Windows is an environment where you have more players participating, [and] those players need to have some sort of more interfaces between their product so they can interoperate, and that flexibility is a strength of the Windows environment. I'm amazed every time I install Windows XP on a new box, how most of the time, it works right. You consider the thousands of different hardware options, that it works at all! It's just a miracle to me, because I lived through all this junk when it didn't work. Apple has always had a more restrictive set of options, but if you are willing to live within those constraints, you do have an easier user experience. I don't think that's likely to change."
If Mac OS X were to try to run on just any Intel-based system, the challenge before it would be to drive whatever hardware is built into it. Windows knows how to do this; Mac OS probably doesn't.
However, Apple's shift to Intel, Brookwood believes, may mean that the company doesn't have to invest so much time and money building the hardware necessary to maintain its hardware: "Now that they are on the Intel platform," he said, "they have dramatically reduced their need to develop the hardware pieces of their system. When they were doing PowerPCs, who was making core logic for PowerPC chips to use in Macintoshes? Apple. So every time there was a new PowerPC, or they needed a new bus, 'Hey, call the core logic guys and get them to develop a new chipset.' That's not a trivial expense, especially when you're only going to sell a couple of million copies of the chip, compared with Nvidia or Via who sells a hundred million of them."
With Apple out of the core logic business - and maybe, it's rumored, out of the motherboard business is well, if Intel is indeed providing that feature - Apple's R&D expenses may have dropped dramatically, Brookwood believes. Some of that cost may have been offset by what's believed to be the higher per-processor price of the Core Duo versus the PowerPC G5. But still, Apple's declining costs and reduced headaches may enable the company to focus on the part of Macintosh that continues to distinguish it from its competition: the abilities of its software.
Meanwhile, we might have just ascertained what it is Apple doesn't want you to see that's lurking beneath the lid of its systems. It could very well be one or two more bright, new, swirly logos than you thought you'd find.
Fujitsu Siemens Computers Announces Napa-Equipped LIFEBOOK E8110 — Cormac @ 15:11
http://www.digit-life.com/news.html?05/32/70
Saturday, January 07, 2006
Fujitsu and Fujitsu Siemens Computers unveiled the new LIFEBOOK E8110 featuring Intel Napa technology at CES 2006 in Las Vegas. With a 15" monitor packed into just 2.4 kilos, the new LIFEBOOK E8110 is claimed to be the lightest, full-function notebook in its class. It also provides enhanced security features such as a separate SmartCard slot and optional fingerprint sensor. It will be available from February 2006 at prices starting ˆ2099 (e.g. in Germany, incl. VAT).
Fujitsu Siemens Computers delivers enhanced performance thanks to Intel's Napa technology boasting the Intel Core Duo processor, the first dual-core processor for notebooks.
Security functions have also been improved in the LIFEBOOK E8110. The separate SmartCard slot saves an additional adapter and optional biometric fingerprint sensor prevent unauthorized access to data. The optional Trusted Platform Module acts as a hardware store for passwords and encrypted keys.
Also, for its new device generation, Fujitsu Siemens Computers uses the latest 5200 mAh battery. The new LIFEBOOK E8110 will run off its batteries for up to 12 hours (depending on model and applications), the press release states.
Fujitsu Siemens Computers has additionally developed its original "EcoButton". This integrated software solution improves power management and can simply be switched on during use. With just a single button the battery life can be optimized to the maximum. The EcoButton will be integrated in all future-generation LIFEBOOK Series.
Fujitsu Siemens Computers has also opted for a new, more ergonomic design for its LIFEBOOK E8110. The bright palm rest now has a second set of mouse buttons above the touchpad. This enables the left and right mouse buttons to be conveniently operated with the touchstick as well.
Technical highlights:
Latest Intel Centrino Duo mobile technology:
Intel Core Duo processor: the first dual-core mobile processor
Intel 945GM chipset with integrated graphics chipset
Wireless LAN: Intel PRO/Wireless 3945 a/b/g
Memory: DDR2-667 SDRAM max. 4GB
Separate SmartCard slot, optional fingerprint sensor and TPM module
Screen: 15-inch XGA or 15-inch SXGA+
Weight: 2.4 kilograms (without drives)
All common ports like parallel and serial, plus all new port types such as ExpressCard slot and SD card slot
ECO button
Second set of mouse buttons above touchpad
Source: Fujitsu Siemens Computers
Fujitsu Enriches the Mobile Experience Announcing New Desktop Replacement Notebooks Powered by Intel Centrino Duo Mobile Technology
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/01-05-2006/0004243876&...
LifeBook N Series and LifeBook E Series Notebooks Among First Systems to Demo
New Dual-Core Mobile Processors at the 2006 International CES
LAS VEGAS, 2006 International CES, Jan. 5 /PRNewswire/ -- Fujitsu Computer
Systems today announced new LifeBook(R) N Series and LifeBook E Series desktop
replacement notebooks, among the first products powered by Intel(R)
Centrino(R) Duo mobile technology. Debuting at the 2006 International CES, the
LifeBook N6410 and LifeBook E8110 notebooks are equipped with the new
dual-core, power-efficient Intel(R) Core(TM) Duo processor, Mobile Intel(R)
945 Express Chipset and next-generation Intel(R) PRO/Wireless 3945ABG wireless
technology, which combine to deliver an outstanding entertainment experience,
advanced performance for handling multiple compute-intensive applications,
improved battery life and expanded connectivity.
"Based on Intel Centrino Duo mobile technology, these new Fujitsu
notebooks deliver a generational leap forward in power and performance," said
Keith Kressin, director of marketing, Intel's Mobile Platforms Group. "The new
Fujitsu LifeBook N Series notebooks enable an immersive entertainment
experience for consumers, while the LifeBook E Series can provide business
users with advanced performance to handle today's demanding business and
security applications while enabling improved battery life."
The flagship of the Fujitsu consumer line, the LifeBook N6410 notebook,
which features Microsoft Windows XP Media Center Edition 2005, offers the best
in home entertainment, personal productivity, creativity and mobility, while
the LifeBook E8110 notebook, the stable commercial powerhouse, provides a
highly flexible platform that can be configured to meet a diverse array of
business demands. Both notebooks will be available in the first half of 2006.
"Consumers and enterprises alike demand better performance from their
mobile systems and don't want to compromise power for portability," said Paul
Moore, director of mobile product marketing, Fujitsu Computer Systems. "With
the array of powerful features in the LifeBook N6410 and LifeBook E8110
notebooks, along with Intel Centrino Duo mobile technology, no compromise is
necessary."
The LifeBook N6410 and LifeBook E8110 notebooks deliver the performance
and reliability mobile users expect from Fujitsu, recently rated tops for
reliability among Microsoft Windows-based notebooks in PC Magazine's 18th
annual Reader Satisfaction Survey.
With Intel Centrino Duo mobile technology, the LifeBook N6410 notebook
ratchets up the digital entertainment experience delivering the incredible
responsiveness demanded by gamers, the ability to watch movies while
downloading photos, better built-in graphics and high-definition audio. Ideal
for work and play, the LifeBook N6410 notebook features its trademark
integrated sub-woofer and stereo speakers along with a 17-inch wide Color
Enhanced Crystal View Display delivering image intensity and color accuracy to
rival a CRT. With color saturation of 72 percent, the LifeBook N6410 notebook
offers razor sharp detail, rich color, and subtle shadows and shading to bring
images to life.
The LifeBook N6410 notebook gets a speed boost with the ATI Mobility(TM)
Radeon(R) x1400 graphics controller with 256MB HyperMemory(TM) to deliver a
high level of performance(1). Dazzling imagery that moves and responds
seamlessly is made possible with up to 2 GB of dual channel DDR2 667MHz
memory. The LifeBook N6410 notebook now features the largest hard drive
combination on the market -- up to 320GB with dual hard drives. With the
latest Intel PRO/Wireless 3945ABG network connection, consumers are reassured
they have the latest in 802.11x wireless connectivity.
Featuring a new stylish exterior, slimmer silhouette and lighter weight,
the LifeBook E8110 notebook satisfies the power demands of today's
multitasking professional. With Intel Centrino Duo mobile technology, the
LifeBook E8110 notebook offers improved battery life through lower power
consumption and better power management, extended connectivity options for
easy deployment, and the enhanced manageability and security essential for
professionals on the go.
The LifeBook E8110 notebook is ideal for displaying graphics-intensive
applications with its exceptionally clear 15-inch Crystal View XGA display.
For applications that require higher resolutions, Fujitsu offers a 15-inch
SXGA+ display. Battery life is extended up to 2x and a new spill-resistant
keyboard offers additional durability. Security is ironclad with BIOS-based
password and HDD protection, embedded Trusted Platform Module (TPM), and a
biometric fingerprint swipe sensor. Security is further tightened with a
dedicated Smart Card slot and Fujitsu Security Panel with more than 800,000
possible password combinations, and with supervisor and user password levels.
About Fujitsu Computer Systems Corporation
Headquartered in Sunnyvale, Calif., Fujitsu Computer Systems is a wholly
owned subsidiary of Fujitsu Limited (TSE: 6702) committed to the design,
development and delivery of advanced computer systems and managed services for
the business enterprise. The company offers a complete line of
high-performance mobile and desktop computers, scalable and reliable servers
as well as managed and professional services. Fujitsu Computer Systems
emphasizes leading-edge technology, exceptional product quality, and
productivity, as well as outstanding customer service. More information on
Fujitsu Computer Systems is available at http://us.fujitsu.com/computers .
About Fujitsu
Fujitsu is a leading provider of customer-focused IT and communications
solutions for the global marketplace. Pace-setting device technologies,
highly reliable computing and communications products, and a worldwide corps
of systems and services experts uniquely position Fujitsu to deliver
comprehensive solutions that open up infinite possibilities for its customers'
success. Headquartered in Tokyo, Fujitsu Limited (TSE: 6702) reported
consolidated revenues of 4.7 trillion yen (US$44.5 billion) for the fiscal
year ended March 31, 2005. For more information, please see: http://www.fujitsu.com.
Fujitsu, the Fujitsu logo and LifeBook are registered trademarks of
Fujitsu Limited. ATI and ATI product and product feature names are trademarks
and/or registered trademarks of ATI Technologies Inc. Intel, Centrino and Core
are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries. Microsoft and Windows
are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries. All other trademarks and product names
are the property of their respective owners.
The statements provided herein are for informational purposes only and may
be amended or altered by Fujitsu Computer Systems Corporation without notice
or liability. Product description data represents Fujitsu design objectives
and is provided for comparative purposes; actual results may vary based on a
variety of factors. Specifications are subject to change without notice.
(1) 256 MB HyperMemory(TM) is a total of 128 MB dedicated video and 128 MB
shared system memory.
Press Contact:
Jennifer McKim Wendy Grubow
Fujitsu Computer Systems Eastwick Communications
jmckim@us.fujitsu.com wendy@eastwick.com
408-746-3300 831-626-7503
Gateway Goes Dual Core
http://www.pcmag.com/article2/0,1895,1908370,00.asp
01.05.06
Total posts: 1
By Cisco Cheng
The dual-core onslaught continues with Gateway's six new models with Intel's next-generation Centrino Duo technology. The two best-selling models, the Gateway M465-E and M685-E will not see much of a design change, but the component updates are worthwhile.
The M465-E will feature three choices for the Intel Core Duo processor: the T2500 (2.0 GHz), T2400 (1.86 GHz), and T2300 (1.66 GHz). The M465-E will also include a value offering that will feature a next-generation single core processor, the Solo T1300 (1.66 GHz). The Solo T1300 operates at a lower voltage, resulting in longer battery life and a lower price tag. This model will retain its bright 15.4-inch LCD display and can be configured with up to a 100GB (5,400-rpm) hard drive. Gateway will offer discrete graphics with the newly announced ATI Mobility Radeon X1400, featuring the Avivo display technology. You can also opt for the new Intel Graphics Media Accelerator 950 integrated graphics. In addition, a built-in 6-in-1 memory card reader, integrated Bluetooth, and optional upgrade to Microsoft Windows XP Media Center Edition 2005 will be available.
The M685-E will have the same dual-core processor offerings as the M465-E, but the low-voltage Solo processors will not be available for this model. The M685-E also has a bright 17-inch LCD. Gateway is offering only hard drive capacities of up to 100GB, which is a bit surprising considering the competition's 17-inch models offer 200GB or more. The M685-E will have some powerful graphics, thanks to the nVidia GeForce Go 7800 GTX, which is similar to the card found on our Editors' Choice notebook, the Dell XPS M170. Security features such as TPM (Trusted Platform Module) 1.2 and biometrics will be available across all models. Pricing is yet to be determined.
Vista gets real
Scot Finnie, 6-Jan-2006
http://www.cmpnetasia.com/oct3_nw_viewart.cfm?Artid=28191&Catid=8&subcat=89§ion=Feat...
The December pre-beta 2 release of Windows Vista offers the first true glimpse of the OS. We have the details.
Microsoft delivered the December CTP (Community Technology Preview) beta -- Build 5270 of Windows Vista -- on December 19, 2005. The company held a brief press conference with little fanfare. The list of new features it presented is, overall, not impressive. But when you sit down and use this build, what becomes immediately clear is that literally hundreds of little things about this version of Vista are much closer to final than in any previous build. And for the first time in about year, Microsoft is describing the OS's look and feel by the codename Aero — a sign that the user-interface work is gelling. The personality of this product is beginning to emerge.
That's apparent in the new setup routine which, while still unfinished, has gotten a complete makeover. It now asks you the minimum number of questions, getting all the information it needs up front, and then runs on its own, including restarts, without any need for you to hang around. In build 5270, the setup runtime is a tad shorter in duration than the previous build's, but still longer than XP's installation.
A host of other little things almost subliminally altered my sense of Vista (for the good) in this build. Once the operating system was up and running, the first thing I noticed was the new, sculpted "porthole" Start button, whose curved top pops out of the taskbar. The right side of the Start menu contains items like Computer, Network, Control Panel, Printers, Favorites, and so on. Nothing new there. But as I rolled my mouse pointer over these items, a large 3D icon poked out of the top of the Start menu. I can hear some of you groaning about how much system overhead these graphical niceties are going to require, but that's the best part: The extra detail and imagery is fast and appears to be effortless for the OS.
The 48 Control Panel applets are far more functional than they were in previous builds. In fact, much of what's visibly new in build 5270 is to be found there. Some are completely new and useful tools, such as an AutoPlay default settings manager, File and Printer Sharing (finally, a tool that lets you turn off the overbearing security settings for peer LANs when you need to), Mobility Center, Network Center, Network Map, Parental Controls, Performance Center, and Windows Defender (anti-spyware). New applications that will be delivered in Windows Vista include Windows Calendar, Windows Collaboration, Windows DVD Maker, and Windows Mail (more on this later).
Taking Control
New system tools included with Vista include a Memory Diagnostics tool. Windows Transfer has been significantly improved, and there is an update of Windows XP's Windows Migration Wizard. Finally, utilities like System Configuration Editor and System Restore have pre-configured shortcut icons in the Start menu's System Tools folder (under Accessories).
Microsoft is following Apple's lead a bit in making Control Panel applets more than just a series of checkboxes. In Windows Vista, several Control Panels, such as Windows Defender, Performance, and Parental Controls, are more like programs than the basic settings managers that Microsoft has traditionally delivered in the Control Panel.
Windows Turnoff
The new one-click shutdown functionality finally has a user interface that makes sense. You click Start and then the red on/off button. That's it. Your monitor goes dark immediately, and while it actually takes about 20 seconds for your computer to fully park itself in Standby, you have to be paying attention very closely to notice. For all intents and purposes, Microsoft has finally delivered on the instant-off promise.
So how did they achieve that? A pinch of technology, and a large dollop of trickery. Microsoft has adopted a late 1990s sleep state known as S4 that turns off the power light and virtually everything else, but still allows the system to power back on relatively quickly. It's a sort of a hybrid between true hibernation and earlier versions of standby. When you turn off Windows Vista, it heads off into this S4 standby state. After a period of time (that Microsoft hasn't specified to the press), the standby/sleep mode automatically rolls off into full hibernation.
During the interval before the computer rolls off into hibernation, you have three-to-five-second rapid turn-on times. Not quite instant on, but as good as it's going to get on existing hardware.
This on/off procedure works with desktop PCs just fine, but it's especially great for notebooks and other portables. In the pre-Vista world, Windows users had the choice between a lame standby mode that leaves your computer very hot (especially with the screen closed) and a hibernation mode that sometimes takes longer to resume from than just starting up the computer fresh. So it's a welcome change.
But what if you're a Luddite about such changes? What if you just want to turn the darn thing off? Based on build 5270, Microsoft is getting that right, too. Right next to the on/off button is another labeled with a lock icon. Click that and you're instantly delivered to the security login screen. You're not formally logged off, but no one can use your computer unless they know your password. It's a quick, more secure way to leave your computer before going to lunch.
Beside the lock button is an up-pointing arrow which, when clicked, offers a small menu of options to Switch User, Log Off, Lock, Shutdown, and Restart. So for you skeptics about standby and hibernation, your old way of working is preserved. What's more, these are also quick-click options. They don't open another menu -- they just do what they're supposed to do.
All in all, Microsoft's reworking of the Windows on/off experience is well planned, nicely streamlined, and likely to be well received by millions of Windows Vista users when the product ships.
In Defense Of Windows
In a recent story about anti-spyware products, I offered reasons why Microsoft AntiSpyware was among the list of products installed on every computer I manage.
This build of Vista is the first to incorporate the Microsoft Windows AntiSpyware client software. Microsoft is calling it Windows Defender; it's a reduced-feature-set version of the anti-spyware client Microsoft obtained by buying Giant Software. Microsoft says Windows Defender has a new detection and removal engine. Real-time protection, the strength of Microsoft AntiSpyware, continues with an updated list of operating system checkpoints (probably to bring it in line with changes in Windows Vista).
Windows Defender, which is implemented as a Control Panel applet, has a very basic but effective user interface. Microsoft AntiSpyware users may be disappointed about just how much is stripped out of the program. I don't expect this built-in utility to diminish the need for better products, such as Webroot's Spy Sweeper and Safer Networking's Spybot, but it's probably a good thing that Vista will have some basic onboard protection.
Microsoft has been talking about adding outbound filtering to Windows Firewall for about two years. Windows Vista build 5270 is the first version to offer that functionality. The only evidence that the outbound filtering is in there is buried in a configuration menu. But, hey, we'll take it. Vista's new firewall also supports the IPSec security protocol.
Like previous versions of Windows Firewall, the best thing about this one is that it stays out of your way. For serious firewall protection, Zone Alarm and others will probably continue to be your best bet. Like Windows Defender, the Windows Vista firewall also exists as a Control Panel applet.
Yet another new Control Panel is Parental Controls. A number of third-party utilities have for several years offered this feature set, which provides a Web site content filter, time limits, specific application blocking, and activity reports. Vista's parental controls functionality can control what games can be launched based on title, content, or ESRB (Entertainment Software Rating Board) ratings.
SuperFetch And USB Flash Drives
It seems like a lot of fuss about very little. But Microsoft's Jim Allchin, Group Vice President, Platforms announced at the Microsoft Professional Developers Conference 2005 that the company had developed something called SuperFetch, a means of extending Windows' virtual memory system. SuperFetch takes a more long-term approach to gauging the data that should be stored in virtual memory, and then provides a way to easily add extra storage space.
Bottom line: SuperFetch keeps tabs on the data and applications that users access frequently, and adds them to virtual memory so that they're more readily available the next time that data is required. The more memory available to SuperFetch, the more impressive the potential results are.
In build 5270, Microsoft has added a feature that Allchin demonstrated back in September. You can use any fast-performing USB flash drive to extend your SuperFetch virtual memory. The process is pretty simple. You insert the USB flash drive. The Auto-Play Control Panel opens, and at the bottom you'll see an option to enable this technique. The menu item reads: "Speed up my system using this device." When you select this option, Windows gauges whether the USB flash drive is fast enough. If it is, a Memory properties sheet opens that lets you turn on or off the use of SuperFetch on your USB drive and also gives you a slider that lets you reserve storage space for SuperFetch.
Microsoft is actually encrypting the data it stores on your USB drive, to prevent the possibility of sensitive data being read from portable device. According to Allchin, you can also remove the USB drive at any time without causing problems for Windows.
In build 5270, it appears that only USB flash devices will support SuperFetch, and not all of them. I tested the feature with five different USB drives. Even very fast 2.5-inch and 1.0-inch platter drives were not supported. FireWire devices aren't supported. Only faster USB flash drives. In a December 19, 2005, press conference, Microsoft's Shanen Boettcher indicated that support for additional drives might be coming.
Search, And Menus De-Emphasized
Microsoft is very definitely trying to wean people away from File menus with operations like File > Open in favor of using the new integrated desktop search features.
By now you've no doubt heard ad infinitum that Windows Vista has a search-based interface that puts little search fields literally everywhere, and also adds new constructs like virtual folders and stacks. My intention is to come back and cover this area fully whenever Microsoft finally figures out how it's going to present this functionality.
In build 5270, some of the search aspects have now changed. You can, for example, search your entire computer or entire hard drive, if you prefer. In previous builds, the only areas the Search facility would address were data files. Although the new user interface for search does a better job of searching data, it does a worse job of searching the rest of your hard drives. No doubt, Microsoft would prefer if we didn't search for other things.
The new Indexing and Search Options Control Panel also makes it possible to customize the background indexing functionality so that it searches specific areas of your computer, including non-data areas.
Tsk, tsk to all you people who actually use the File and other menus to access basic functionality in operating system constructs, like the Folder windows and the many applets that come with Windows. In Windows Vista, Microsoft appears to be frowning on this. While the menus continue to exist, they are all turned off by default. Although this saves a small amount of vertical screen real estate, I continue to believe that Microsoft shouldn't be making this decision for users. The first thing I've done in every build is figure out how to turn the menus back on -- which isn't always easy, because there isn't a single switch to throw. Internet Explorer, the folder windows, and individual apps all require diligence to find the various places this setting is stored.
User Account Usability
I was relatively optimistic about Microsoft's heavy revision of user account access control and permissions when I covered it late in the summer of 2005. Now I'm beginning to wonder whether Microsoft is eating its own dog food. In build 5270, virtually everyone will be pressed to stay in the Administrator account -- because when you operate from any other administrator-level user account, you will be inundated with "Windows needs your permission to use this program" prompt. Every time you open a Control Panel or try to do even the most basic things, Windows prompts you with this inane dialog.
And there's no prompt for a password. Just Permit and Deny -- which, of course, makes it pointless. Older builds of Vista were actually further along in functionality, if not the user interface look and feel. Hopefully, this work in progress will get ironed out. But I'm beginning to have my doubts.
For my money, these prompts should only occur once during a user session. Of course, if you walk away from your PC, how would Vista know it's no longer you — the one who knows the password to your Administrator account? Over the long haul, we're just going to need fingerprint recognition on every PC. In the short run, however, I hope Microsoft doesn't make this experience so overbearing that we all just flock back to the Administrator log-in. Because I'll be the first person on that bus if this user experience makes me grimace on a daily basis.
More Changes
Microsoft has finally given up making Windows Update work specifically in Internet Explorer. Though it's clearly no less proprietary, the new Windows Update handles Windows and Microsoft application updates — including Windows Defender updates. It also runs as a Control Panel, and looks like any other Control Panel.
The functionality is, by and large, the same as the latest versions of Windows Update on Windows XP.
Windows Photo Gallery, Microsoft's new built-in photo viewer, has improved to actual usability in this version of Vista, although I still noticed some bugs. Also, it would be nice if this tool had a built-in viewer. Although you can scale up all images to a larger size, that isn't all that convenient. The slideshow is nice and all, but if I really want that, there are better tools. Windows Photo Gallery should focus on being a viewer, not a formal display tool. It should make it easy to preview, organize, and remove unwanted images before actual photo editing.
The current implementation is also a bit buggy. I tried to rotate about 20 images; only one worked. The Auto Adjust feature worked well at correcting white balance issues, but the image wouldn't save, probably because it was a .jpg. And Windows Photo Gallery ignored my raw digital files, naturally.
All in all, Windows Photo Gallery is buggy right now, seems overly ambitious, and doesn't deliver on the basics. Let's hope Microsoft gets this one right in the end.
Outlook Express users, your program's name is about to change. In build 5270, OE has been renamed Windows Mail version 7.0. The name change doesn't signal a vast reduction of features, but this is a good move because many people are confused about the differences between Outlook and Outlook Express. Calling it Windows Mail gives Outlook Express the status it has long deserved. It's a free bundled applet, like Notepad or WordPad. Although more powerful than many applets included in Windows, far too many people have glommed onto Outlook Express — to their detriment.
The Rest
I covered changes to the Windows namespace in an earlier article. Microsoft has added at least one other small change since. After removing all the user-specific folders from Windows XP's Documents and Settings folder, Microsoft has renamed that folder ProgramData. The bulk of the contents from the old Documents and Settings folder is in the new Users folder. I've already seen what appears to be some confusion on the part of application installation routines, which appear to make their own customized versions of the ProgramData folder.
The new File and Printer Sharing Control Panel delivers something that experienced small office/home office networking administrators have wanted for years: A way to turn off Microsoft's overly complex peer networking security features (especially under the NTFS file system). This is one of the Achilles' heels of Windows XP. Unfortunately, in build 5270, it's pretty tough to evaluate. Networking is extremely flaky in this build, to the point where it seems like some computers on a network just get in a bad mood and stop playing well with others. (How is this different from Windows XP?) Still, the new Control Panel is a step in the right direction.
Also included in this version of Windows Vista is BitLocker and its companion, Secure Startup, designed to take advantage of TPM (Trusted Platform Module) "security chips" which have appeared in several notebook PCs over the last two to three years. BitLocker is the new name for full-volume encryption, which is an obscure way of saying fully encrypted hard disk. BitLocker is aimed at preventing prying eyes from accessing corporate data — especially when a notebook or other PC is stolen. Secure Startup similarly protects a PC from tampering and hacking.
Windows Media Player 11 is partially implemented in this build of Windows Vista. The most apparent changes are user-interface-oriented. According to the December CTP press document, important components of Media Player 11 are absent from the program. That functionality will be added later, after it's announced at the Consumer Electronics Conference (CES), the first week of January.
Ditto that for Windows Media Center. Microsoft says that the December CTP offers updates to the look and feel of Windows XP Media Center, and adds new features. I couldn't get it to operate properly with my HP m7060n Media Center PC. What little I could see didn't look that much different; but again, features are expected to be announced and demonstrated at CES.
At a trade show last summer, Microsoft demonstrated a feature it called Flip3D, which gives you a way to see all your running programs, even the ones that might be hidden behind others. The December CTP is the first widely distributed build to offer the feature, which Microsoft has dubbed Windows Switcher. (I liked Flip3D better.) Windows Switcher lines up all your application windows as if they were supported by a file folder stand, and then twists them around in a three-dimensional view so that you see them from the side, with the front of the lead item visible.
Using your scroll-wheel mouse (or Ctrl plus an arrow button), you can move each one to the fore, rotating through all open windows. When you find the one you want, just click it. All the windows go back to their previous orientation, with the one you selected on the top. Anyone who has ever used Apple's Exposé will recognize Microsoft's recast of that feature. I like both the Apple and Microsoft renditions of this idea. (But my favorite solution is a giant screen flat-panel display.)
A companion tool to Windows Switcher is an updated version of the Alt-Tab task-switching tool, which has been with Windows since before Windows 95. Microsoft has added rich graphical thumbnails of the program windows, transparency, drop shadows, and large icons for the program association in the bottom-right corner. Windows Switcher and the new Alt-Tab perform the same function, giving you a choice. Microsoft got this right.
Still missing from the current form of Windows Vista is the Windows Sidebar, a piece of user interface that will, probably more than anything else, serve as the visual differentiator between this version of Windows and those of the past. (For a look at the sidebar, as envisioned by Microsoft in late 2003, see this 1280 x 1024-pixel picture. The Sidebar is all the way to the right.)
The Sidebar has been an on-again/off-again design goal. The last I heard, Microsoft did still intend to implement it, and it could be one of many things we see in the February CTP release, and later in Vista Beta 2.
There are likely several other features that Microsoft is working on that have not been revealed to date. So the next CTP should be intriguing. --TechWeb Desktop Pipeline
Paypad
I saw an advertisement for this in Skymall. It is launching in Jan, 2006. They are attempting to sign up merchants. It allows a consumer to perform Debit card transactions on the internet. Consumers can purchase a debit card reader for $59.95
http://www.paypad.com
Intel chipsets add support for HDMI, TPM and NAND Flash-based BIOS in 2006
http://www.tgdaily.com/2005/12/29/intel_ich8_ic9_preview/
Wolfgang Gruener
29 Dec 2005 20:48
Chicago (IL) - When Intel launches its next-generation microprocessor architecture, the company will also introduce a new chipset platform as part of what the company calls a "refresh" to take advantage of new features. Users will see several features that enable and restrict the use of High Definition content, legacy removal and an effort to relocate the BIOS into NAND Flash memory, TG Daily has learned.
2006 will be an important year for Intel to set strategies and build the foundation for all microprocessor-related products in the next four to five years. The company already announced that it will launch a new architecture by mid of next year and we recently were able to provide our readers with a longer-term outlook what is cooking in Intel's labs. But processors are only half the story, as they require chipsets to enable platform functions.
While our view on the Northbridge plans is somewhat cloudy, we recently got some insight in Intel's ideas for the Southbridge. The next-generation chipset platform, referred to as "Broadwater" will include the "ICH8" Southbridge as successor of the current "ICH7," which is part of Intel's 945, 955, 975 chipsets. ICH8, due in Q2 of 2006, will be built in a 90 nm process and bring a substantial amount of new features that, in part, are required to take advantage of High Definition content and in other parts to add components needed for Windows Vista and most likely also for Apple's transition to an Intel platform.
Most surprisingly, however, Intel apparently rethought the way how BIOS is implemented into the motherboard and how the system accesses it. While the BIOS today is stored in ROM or NOR Flash chips, the ICH8 will be able to connect to a BIOS stored in NAND Flash: In addition to simply holding the BIOS, the memory will be programmable and even be capable of holding applications and control more features of the motherboard. Think of it as much more functional core software that not only initializes hardware components, but takes over more system features. In this light, Intel's decision to create a NAND Flash joint venture with Micron begins to make sense - as Intel said that it intends to use the NAND Flash not only to supply Apple, but also for its own devices.
ICH8 will also remove support for some aging technologies such as PATA in favor of SATA. While the current ICH7 integrates 4 SATA ports, ICH8 will come with 6 on the desktop platform. PATA support will be completely removed from the desktop chipset version and only be available in the mobile ICH8. Intel also increases the number of USB connects from 8 to 10 and integrates an additional EHCI controller to improve USB bandwidth on the desktop version. AC'97, which was touted in ICH7 as enabler for 7.1 channel audio will be gone in ICH8. Instead, the new Southbridge will bring real-time HD audio processing with support for the High-Definition Multimedia Interface (HDMI) via an additional SDI link.
But High Definition does not only bring new features, but restrictions as well. ICH8 will be the first Intel Southbridge to support the firm's La Grande technology (LT), a hardware-based security and digital rights management approach that is based on the specifications developed by the Trusted Computing Group (TCG). A key part of the technology will be integrated into a "Trusted Platform Module" (TPM) that will be located on the motherboard.
This TPM is believed to be essential for Apple, as it is expected to restrict the installation of Windows software on Apple devices. For Windows users, the TPM is tied to Microsoft's Windows Vista on an operating system level: Vista will include Microsoft's "NGSCB" (Next Generation Secure Computing Base), which promises to provide an added level of protection, for example from phishing attacks, but also has all the capabilities to provide an extensive digital rights (DRM) system. It is powerful enough to let content providers determine how we will be able to use digital content such as audio, video and software.
For the second quarter of 2007, Intel plans to release ICH9 to support the desktop processors Conroe, Ridgefield, Allendale and Millville (see our article on Intel's next-gen processors) as well as upcoming versions of the Xeon DP and MP. ICH9 will also serve as initial platform for Intel's first 45 nm processor generation, which will be based on the mobile "Penryn" CPU that is scheduled to be launched in the second quarter of 2008. As of now, ICH9 appears to be a slight update for ICH8 that, however, will continue legacy removal with PATA also disappearing from the mobile version, added USB support (12 ports) and a reduced power consumption of less than 3.5W.
Army and VoIP
Interesting posts by "Ortega, Anthony C C-E LCMC HQISEC" <Tony.Ortega at us.army.mil>
http://voipsa.org/pipermail/voipsec_voipsa.org/2005-December/001004.html
http://voipsa.org/pipermail/voipsec_voipsa.org/2005-December/001005.html
Robert Thibadeau
CyLab Seminar
http://www.cylab.cmu.edu/default.aspx?id=2045
Monday, January 23, 2006
Speaker: Robert Thibadeau, Ph.D., Chief Technologist, Seagate Research
Title: Trusted Computing Technology
Time and Location: 12:00, Distributed Education Center (DEC), CIC, *L level
Abstract:
I will survey the technical vision and efforts to date by the Trusted Computing Group (TCG) including a statement of research observations and research problems that emerge from the work of the TCG.
The TCG Trusted Platform Module is now residing on the motherboards of over ten million machines offered by Lenovo, HP, Fujitsu, Micron, Intel, and is supported in Windows Vista for its secure boot. We will talk about the work being done at Seagate Research in extending the root of trust developed by the TPM into disk drives and other peripherals.
Draft DoD PKI for Non-person Entities (Devices)
Request for Information (RFI) for a U.S. Department of Defense (DoD) Enterprise-wide Public Key Infrastructure (PKI) to support Non-person Entities (Devices). Responses are due to this RFI by 4:00 PM on Monday, 9 January 2006. See section 8.0 for further information.
Trusted Platform Modules are mentioned:
http://66.102.7.104/search?q=cache:xqUsODepbPoJ:fs1.fbo.gov/EPSData/DISA/Synopses/4826/Reference-Num...
New Toshiba tablet PC released
http://mybroadband.co.za/nephp/?m=show&id=1507
By ITWeb, 2005-12-21
Rectron has released the new Toshiba Tecra M4
Rectron, the distributor of Toshiba laptop and notebook personal computer (PC) products in SA, has released the new Toshiba Tecra M4, a convertible tablet PC targeted at the business market.
The Tecra M4 features a large, 14-inch screen and breaks new ground by being larger than its class rivals, incorporating a spacious keyboard with two pointing options: an eraser-head pointing stick and a touch pad.
Each device has its own mouse button, and the touch pad features horizontal and vertical scroll zones.
Andre Rossouw, a technology specialist and Toshiba brand manager at Rectron, says that with the Tecra M4 has two distinct personalities: "It is a business computer for use in desk-top mode and - in tablet format - it's also an 'on the go' device for the mobile executive.
"In tablet mode, users can navigate and write on the screen with a pen-like stylus that produces a 'pen-on-paper' feel," he says.
A key feature of the Tecra M4 is its large format, high resolution screen which allows multiple windows to be viewed in landscape mode.
Another advantage of the Tecra M4's larger-than-normal size is that it can accommodate a mix of ports and connections. In addition to the headphone and microphone jacks, there are VGA, S-Video, four-pin FireWire, infrared, and three USB 2.0 ports.
There are also SecureDigital and Type II PC Card slots, and connections to the Internet are possible via modem, Ethernet, or 802.11b/g WiFi.
From a security perspective the The Tecra M4 has a Trusted Platform Module to help protect it from data theft. Central to this feature is a protection timer that allows users to set up a timer-activated BIOS password that will prevent system access in the event of unauthorised access attempts.
Like other Toshiba laptops, to keep data safe in the event that the unit is dropped, the Tecra M4 stops the hard drive from spinning whenever the tablet physically moves too fast.
The Tecra M4 runs Windows XP Tablet Edition, and comes with Microsoft Office OneNote, Microsoft Works 8.0, and Zinio Reader software for reading digital magazines.
Digg.com and TPM article
1972 Diggs - it's the top story of the week
Interesting to read all of the responses to the MSNBC article.
http://www.digg.com/technology/The_End_of_Internet_Anonymity
Tony's TPM matrix is even referenced in one of the posts.
Box reveals smallest-yet pen tablet
http://bjhc.co.uk/news/industry/2005/ind512003.htm
Less than one inch thick, weighing only 2.2lb and about the size of a paperback book, the industry’s smallest and lightest pen tablet, Motion LS800, is now available from Bicester-based Box Technologies.
The LS800, which runs Windows XP, has a Pentium M processor, high-speed wireless capability and an 8.4 inch display, and can be hand-held or carried on a belt. Its slim standard battery gives up to three hours of continuous use, and additional batteries are ‘warm-swappable’ when the unit is in standby mode, allowing users to change batteries without powering down or rebooting.
An embedded Trusted Platform Module enables hardware-protected encryption, as well as digital certificate storage for authentication and secure email applications. A built-in fingerprint reader, meanwhile, uses biometric data to prevent unauthorised access to applications.
Source: bjhc&im December 2005
A rootkit you can't uninstall Posted by Phil Windley @ 4:05 pm
http://blogs.zdnet.com/BTL/index.php?p=2290
December 15, 2005
Last night I was reading an article about the birth of the DC-3, one of the world's classic airplanes. What caught my attention was the fact that the DC-3 was designed and built just 30 years after the Wright brothers made their first flight. The DC-3 was arguably the first modern airliner in form and function, completely recognizable to today's passengers.
I fly and my plane is, by almost any external measure, primitive. Even so, my 1978 Turbo Arrow is still state-of-the-art in most respects by aviation industry standards and the envy of many private pilots. Except for where computers have affected the avionics, my plane is almost identical to any plane you would have found for sale in the 1940s and 1950s. A pilot from that era would feel perfectly at home in the cockpit of my plane (as long as you turned the GPS off so it didn't distract them).
So, why am I telling you about the sorry state of flying in a blog about technology? Because I think it holds a lesson for us.
The trajectory of progress represented by the drive from the Wright brothers to the DC-3 is a story that most techies to day would recognize as analogous to the progress that's been made in the first 50 years of the computer age. Most of us assume that that progress will continue unimpeded. We imagine, or try to imagine, what the world will be like in 5, 10 or 20 years given the pace with which computers have changed in our recent past.
Early aviation pioneers did the same thing–that's where those visions of flying cars come from. But I argue that if the designers of the DC-3 and their colleagues could be brought back to the first decade of the 21st century, they'd be sorely disappointed by the state of aviation.
How did we get to this moribund, stagnant state of affairs? Simple: the government decided to make flying safe. When I moderated a talk by Rick Adam, CEO of Adam Aircraft, he said that they'd spent $80 million before they ever got the first product they could deliver. Much of that was a direct result of responding to government regulation.
Admittedly, there's a trade-off here. We like to be safe. Especially when the true cost is hidden. Efforts to use digital restrictions management tools like TPM (the trusted platform module–part of the Trusted Computing Platform) to reduce identity theft are a case in point. The hidden cost in this case is the potential loss of general purpose computing platforms as we know them. With TCP technology Microsoft, Apple, or even the MPAA could become the arbiters of what will and what won't run on your system. It would be possible to construct software whitelists and blacklists under the control of someone other than the person who owns the computer. TCP is essentially a rootkit you can't uninstall. That scares me.
XenSource releases open-source virtualisation rival
By Matthew Broersma, Techworld
http://www.techworld.com/mobility/news/index.cfm?NewsID=4935
06 December 2005
XenSource has released version 3.0 of its Xen virtualisation software, the first major open-source offering to compete with the likes of VMware, Scalent and SWsoft.
At the same time, it also produced its first commercial offering, XenOptimizer, for managing virtualised deployments.
Virtualisation allows multiple instances of an operating system to run on a single machine, with cost and management benefits for system administrators. Xen's system is designed to offer high performance for large numbers of operating system instances, with the shortcoming that operating systems have to be modified to run with the Xen virtual machine motitor (called a hypervisor).
Xen 3.0 can take advantage of the Virtualisation Technology (VT) support built into recent versions of Intel chips - and soon with AMD's Pacifica - which eliminates this limitation, allowing virtualisation of unmodified operating systems (such as Windows).
Other features include support for up to 32-way SMP systems with the ability to "hot plug" CPUs, and two new addressing modes for servers with large memories. Physical Address Extension (PAE) allows 32-bit servers to address more than 4GB of memory, while support for Trusted Platform Modules adds hardware-based security.
As with previous versions, the software supports the relocation of a running guest OS from one physical server to another.
An Itanium port is included, and a PowerPC port is near completion, according to XenSource.
XenOptimizer is the first bid of XenSource - founded by the software's original developers - to make money from the project. It is aimed at enterprise data centre environments, and competes with support already offered by the likes of IBM and HP.
Scalent, SWSoft and Microsoft all recently introduced competing virtualisation systems for the data centre.
SWSoft recently introduced a new version of Virtuozzo for Windows that supports the same features as the company's Linux version. Microsoft announced an update to Virtual Server that adds some features and formalises Linux support. Both, like Xen, are designed to allow multiple instances of a server to run on a single machine.
Scalent's Virtual Operating Environment (V/OE), introduced this month, takes a different tack to increase server utilisation, aiming at better managing the commodity servers now filling most data centres. V/OE is designed to deal with the problem of "server sprawl" by allowing administrators to treat heterogeneous servers, networks and storage as a single fabric.
PSU - Networking and Security Research Center
Industry Day - October 5, 2005
http://nsrc.cse.psu.edu/events.html
http://nsrc.cse.psu.edu/slides/NSRC_enck.pdf
Vernon, R.C., "A Design For Sensing The Boot Type Of A Trusted Platform Module Enabled Computer", Masters Thesis, Naval Postgraduate School, September 2005
Abstract
http://cisr.nps.navy.mil/pubabstracts/05abstract_kane.html
Full Thesis
http://cisr.nps.navy.mil/downloads/theses/05thesis_vernon.pdf
Monterey Security Architecture (MYSEA)
http://cisr.nps.navy.mil/projects/mysea.html
The purpose of this research project is to develop high assurance security services and integrated operating system mechanisms that will protect distributed multi-domain computing environments from malicious code and other attacks. These security services and mechanisms will extend and interoperate with existing applications and open source operating systems, providing new capabilities for composing secure distributed systems using commercial off-the-shelf (COTS) components. The latter objective results from the realization that unless a secure system offers users the same sort of convenient interfaces they use when handling routine information, the secure system will fail due to lack of user acceptability.
The Monterey Security Architecture (MYSEA) project is constructing a prototype demonstration of a potential high assurance distributed operating environment for enforcing multi-domain security policies, composed of a combination of many low-assurance commercial components and relatively few specialized (e.g., high assurance) multi-domain components, based upon a security-enhanced version of the OpenBSD operating system, that supports unmodified COTS productivity applications. The demonstration architecture permits the on-going DoD and U.S. Government investment in commodity PC operating systems and applications to be integrated into a high assurance environment where enforcement of critical security policies is assigned to more trusted elements. The modularity of the architecture permits alternate configurations, for example to include an A1-evaluated high assurance multi-domain enforcement component.
Our goals are to demonstrate extended file system attributes to enforce multi-domain access controls in existing open operating systems and to demonstrate trusted interoperability for these extended capabilities with open source and COTS workstations, and office productivity applications.
For this project, we have chosen OpenBSD as the open source base which we will extend. However, the modifications we have defined are modular and conceptually simple enough that they could be accomplished on a variety of open source or evaluated high assurance platforms (e.g., Linux). We intend to demonstrate techniques for vertical integration of application security requirements with underlying security services, and we will apply an existing Quality of Security Service model and framework to the integrated security structure to better understand the overall effects on security policy, security service, and security mechanism interactions. Additionally, the MYSEA system will support trusted path communications between the user and the trusted OS, and will also support single sign-on for interaction with multiple trusted servers.
We expect that this project will result in significant new and improved security functionality for existing open source operating systems and will provide the capability to significantly reduce vulnerabilities in mission critical information systems and networks. Specifically we plan for concrete results in the following fundamental areas:
Configurable security attributes for multi-domain data
Extensions to file security attributes in an open source operating system (OpenBSD) support equivalence class domain assignments for both objects and active subjects. The rule set of the security manager can be modified to support a wide range of policies with respect to these assignments.
User access via unmodified commercial OS and applications
Users on commercial workstations will be able to access multi-domain information managed by the remote trusted OS, without modification of workstation operating systems or applications.
Transparent session-level access to multiple domains
Users can access data at and below their session level, providing simultaneous access to multiple data domains, as authorized by policy. This feature is provided by policy-aware protocol servers. A significant feature of our approach is that protocol servers for popular application protocols can be added to the system with only the minimal modification required for a typical platform port or can be made policy-aware with minimal additional effort.
Trusted path for open source multi-domain operating system
User authentication and session security attribute negotiation with the enhanced multi-domain open source OS (OpenBSD) occurs by way of a trusted path between the user and the trusted OS. Users are assured that the authentication and negotiations are with the trusted OS and not with masquerading malicious software executing on the trusted OS.
Remote trusted path access to multi-domain operating system
User authentication and session security attribute negotiation with the multi-domain open source OS (OpenBSD) occurs by way of a trusted path between the user and the trusted OS extension, as well as between the trusted OS extension and the trusted OS. Users are assured that the authentication and negotiations are with the trusted OS and not with masquerading malicious software executing in other systems on the network, on the workstation, or the trusted OS.
Policy-driven dynamic network security services
Policy changes at the middleware or application level, for example as the result of changes in network situational mode or Quality of Service considerations, are automatically manifested in network connectivity maps and communication security settings (e.g., IPsec) managed with in the trusted OS.
Single sign-on to access multiple trusted servers
From a single session, the user can access multiple application servers on different trusted OSs, without needing to reauthenticate to each of the OSs.
Review: Gateway Adds Value to a Convertible
http://weblog.infoworld.com/smbit/archives/2005/11/review_gateway.html
November 30, 2005
About four weeks ago, Gateway was kind enough to send me a notebook they qualified as a 'value' machine. Typically, that means something stripped down to bare functionality with an appropriate price tag.
Not so the M280E. Not only is it decently equipped for a notebook, it's also got an additional feature: It's a convertible. Grab the 14-inch screen, hold down the release key, turn the screen around and you're tableting.
On the notebook front, Gateway is classing the M280E as a value notebook with a price of $1,299 in its base configuration, which gets bumped up to $1408.99 when you add in a four-year service plan and a casual carrying case.
Our test unit, however, came slightly upgraded with a 1.73GHz Intel Pentium M (up from the base Celeron), 512MB of RAM, a 60GB hard disk trimmed out with both 10/100/1000 Ethernet and 802.11b/g wireless, USB 2.0, Firewire, one PC Card slot and even a handy 7-in-1 media reader built into the front. That bumps us up to $1,673.99.
If you really want a high-end unit, you can muscle the M280E up to a 2.1GHz Pentium M, 1GB of RAM, an 80GB hard disk, an ATI Mobility graphics subsystem, long-life battery and MS Office Small Business Edition, which would bring the price up to $2,6512.98 before rebates.
Our test unit didn't come with Microsoft Office pre-installed so I used this as the test system for the free software post. No additional bucks and this thing is still fully joyed as a mobile workhorse. I've been using it as my primary machine for the entire month, and so far it's been great.
Initially, I didn't think the tablet capability would be that exciting; but once you get accustomed to using a tablet it really is better for meetings. Gateway bundles Office OneNote by default, and the ability to write, draw and record sound really does make notetaking easier. The M280E's stylus was a comfortable fit in my hand as well, as it's significantly thicker than any I've previously seen. Contoured like an actual pen--a far cry from the little stick that comes in other convertibles, like the Panasonic Toughbook I reviewed earlier.
I also love the screen. It looks like it's configured for media PC use, with a widescreen TV look, and screen brightness and color quality to match. It's not HDTV-capable, but you really could use this to have a decent DVD fest on long plane rides. Speaker quality is also high-end for a notebook, furthering this tablet's fun factor.
Aside from usability, Gateway has several features specific to business users on the M280E. Chief among them is TPM (aka Trusted Platform Module) which is a standard feature and supports password and file encryption (though it wasn't installed in our slightly pre-production unit). You've also got special support and additional anti-theft options, including CompuTrace and theft insurance.
Downsides: That 14-inch screen is big, which means an appropriately big case, which means pretty decent weight. It's certainly not anti-portability, but 6+ lbs. means it's definitely not an ultra-lite. Also, I hate the touchpad, but then I hate all touchpads so that's not a ding against Gateway. Considering the high-end screen and sound, I'm a mite confused as to why there's no S-Video port, but that's a minor ding on a value notebook.
Overall, the M280E is a real solid performer even in our tested configuration. At about $1600 for a working notebook, this still classes as a value unit. Given its size, weight and performance, Gateway's done a surprisingly good job building a notebook that works both as a travel companion and desktop replacement--and still keeping to a nice price. Not to mention that it's also a tablet.
Small businesses especially should look this one over closely.
Gateway M280E
Gateway Computer
Gateway.com
Price: $1,673.99 (as tested)
Verdict: A serious contender for value-class workhorse. Check it out.
Posted by Oliver Rist on November 30, 2005 06:12 PM
TVTonic Interface 0.9.1.1 released
by Tim Whidden in TVTonic Updates
http://beta.tvtonic.com/news/?p=33#more-33
December 1st, 2005 @ 18:58
We’ve been typing and mousing our little fingers and palms to the bone over here at TVTonic HQ and our hard work is paying off in the form of… interface enhancements!
We think you’ll dig the improvements. The look has changed quiet a bit and we’ve greatly improved QuickTime playback — especially in Media Center.
All TVTonic 3.0 users will receive the new interface automatically as will new users.
Find the nitty-gritty below, and as always, let us know what you think in the forum.
Re-worked QuickTime support so that in Media Center in works more like native viewport video. In particular, you should now be able to drive QuickTime video with the MCE video control bar. The TVTonic video control bar has been removed from the MCE interface
Cleaned up some minor bugs having to do with QuickTime playback.
Major style changes.
Much more robust QuickTime version checking. You now need QuickTime version 7.0.3 (the latest version) in order to view QuickTime video in TVTonic.
The interface displays before the channel list is built. This allows you to continue to watch video until the channel list is populated.
The official version number for this interface is 0.9.1.1 beta.
Note, this is not a version upgrade for the binaries. The current version is still 3.0.1.26.
NICTA L4 MicroKernel To Utilise Select QUALCOMM Chipsets
http://www.arm.com/iqonline/news/marketnews/11144.html
29 November 2005
National ICT Australia (NICTA), Australia’s Centre of Excellence in Information and Communications Technology research is collaborating with QUALCOMM to use NICTA versions of the L4 Microkernel and the Iguana operating system together with select versions of QUALCOMM’s Mobile Station Modem (MSM) chipsets.
The NICTA’s L4 microkernel and Iguana OS will be adopted by Qualcomm for some mobile phone chipsets. It will be the first NICTA technology to be commercially adopted.
"We are pleased to be working with QUALCOMM to utilise the L4 microkernel as the foundation for a trusted computing platform on embedded wireless devices," said Professor Gernot Heiser, leader of NICTA’s Embedded, Real-Time, and Operating Systems (ERTOS) program.
“Our L4/Iguana operating system has the potential to revolutionise the use of embedded systems around the world,” added Heiser. “It is currently being evaluated for deployment by a number of small-to-medium-sized enterprises in Australia and multinational corporations.”
The L4/Iguana technology is being developed for a number of platforms, including ARM. ERTOS hopes to make the ARM version the "fastest operating system with memory protection, and the first that provides a virtual-machine environment for running Linux”
L4/Iguana is part of a general embedded OS framework developed by NICTA’s ERTOS Research Program located at the Kensington Neville Roach Research Laboratory in Sydney, Australia. The software is based on previous work conducted on the L4 microkernel by NICTA in partnership with the University of Karlsruhe in Germany and the University of New South Wales in Sydney, Australia.
More safety for Panasonic Toughbooks
http://www.financialmirror.com/more_news.php?id=2578
29/11/2005
Panasonic's Toughbook series will soon feature a new set of security chips. The Trusted Platform Module (TPM) is intended to prevent unauthorised access to sensitive data, reports the computer maker through its Frankfurt office.
The chip is comparable to a Smart Card and is soldered onto the motherboard. It is also connected to the system. It cannot be modified either physically or using software.
The chip makes processes like authorization of a computer onto a corporate network more secure than through a software solution, the company claims.
The chip also allows the user to conduct simplified encryption or decryption of data. Projected customers will initially test the technology in the Toughbooks CF-18 and CF-29. All new Toughbooks will include the chip set starting in March 2006. (dpa)
Infineon / Wintec
I saw this about a week ago. I didn't post it, because I assumed it had already been posted by others. Apparently, not everyone has seen it.
Thanks for posting.