Skip to main content

Home/ Open Web/ Group items tagged notes

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Gary Edwards

Combining the Best of Gmail and Zoho CRM Produces Amazing Results By James Kimmons of A... - 0 views

realestate.about.com/...gmail_zoho.htm

real-estate ZOHO mail-merge data-merge

shared by Gary Edwards on 13 Jul 12 - No Cached
  • Gary Edwards on 13 Jul 12
     
    ZOHO has demonstrated some very effective and easy to use data merging. They have also released a ZOHO Writer extension for Chrome that is awesome. The problem with "merge" is that, while full featured, the only usable data source is ZOHO CRM. Not good, but zCRM does fully integrate with ZOHO eMail, which enables the full two way transparent integration with zCRM. Easier to do than explain. Real Estate example excerpt: Zoho is smart, allowing you to integrate Gmail: The best of both worlds is available, because Zoho had the foresight to allow you to use Gmail and integrate your emails with the Zoho CRM system. Once you've set it up, you use Gmail the way you've always used it. I get to continue using all of the things I love about Gmail. But, every email, in or out of Gmail, attaches itself to the appropriate contact in the Zoho CRM system. When I send or receive an email in Gmail that is to or from one of my Zoho contacts or leads, the email automatically is picked up by Zoho and becomes a part of that contact/prospect's record, even though I never opened Zoho. If you've wondered about backing up Gmail, let Zoho do it: A bonus benefit in using Zoho mail is that you can set it up to receive all of your Gmail, sent and received, as well. It's a ready-made backup for your Gmail. So, if CRM isn't something you want to do with Zoho, at least set up the free email to copy all of your Gmail. And, if you're still using Outlook...why? The Internet is Improving Our Business at a Lower Cost: Here we have two free email systems that give you amazing flexibility and backup. Then the Zoho CRM system, with the email module installed, is only $15/month. You can do mass marketing emails, auto-responders, and take in new contacts and prospects with Web forms. Once you tie Gmail and Zoho together, your email and CRM will be top-notch, at a very low cost. Though you may wish for one, there isn't a reasonably priced "does it all" solution out there. This is an
Gary Edwards

Google's Chrome Browser Sprouts Programming Kit of the Future "Node.js" | Wired Enterpr... - 1 views

www.wired.com/...node-dot-js

Stephen-OGrady Node.JS Joyent Wired

shared by Gary Edwards on 24 Jan 12 - No Cached
  • Gary Edwards on 24 Jan 12
     
    Good article describing Node.js.  The Node.js Summitt is taking place in San Francisco on Jan 24th - 25th.  http://goo.gl/AhZTD I'm wondering if anyone has used Node.js to create real time Cloud ready compound documents?  Replacing MSOffice OLE-ODBC-ActiveX heavy productivity documents, forms and reports with Node.js event widgets, messages and database connections?  I'm thinking along the lines of a Lotus Notes alternative with a Node.js enhanced version of EverNote on the front end, and Node.js-Hadoop productivity platform on the server side? Might have to contact Stephen O'Grady on this.  He is a featured speaker at the conference. excerpt: At first, Chito Manansala (Visa & Sabre) built his Internet transaction processing systems using the venerable Java programming language. But he has since dropped Java and switched to what is widely regarded as The Next Big Thing among Silicon Valley developers. He switched to Node. Node is short for Node.js, a new-age programming platform based on a software engine at the heart of Google's Chrome browser. But it's not a browser technology. It's meant to help build software that sits on a distant server somewhere, feeding an application to your PC or smartphone, and it's particularly suited to systems like the one Chito Manansala is building - systems that juggle scads of information streaming to and from other sources. In other words, it's suited to the modern internet. Two years ago, Node was just another open source project. But it has since grown into the development platform of the moment. At Yahoo!, Node underpins "Manhattan," a fledgling online service for building and hosting mobile applications. Microsoft is offering Node atop Windows Azure, its online service for building and hosting a much beefier breed of business application. And Sabre is just one of a host of big names using the open source platform to erect applications on their own servers. Node is based on the Javascript engine at th
Gary Edwards

Telax Unveils HTML5 Software for Mac OS Contact Centers - 0 views

www.sfgate.com/...article.cgi

HTML5

shared by Gary Edwards on 05 Jan 12 - No Cached
  • Gary Edwards on 05 Jan 12
     
    Interesting development in the world of real time Web Apps.  Looks like Business processes and services in the Cloud are embracing HTML5, and moving fast to replace legacy client/server.  Note this is not Flash or Silverlight RiA.   excerpt: Telax Hosted Call Center, a leader in cloud contact center solutions announced the release of its HTML5-based Call Center Agent (CCA) today. Key to the development of the browser-based CCA was Websocket, a component of HTML5 that provides a bi-directional, full-duplex communication channel over a single Transmission Control Protocol (TCP) socket. Websocket is currently supported by the latest versions of Google Chrome, Apple Safari, and Firefox, making Telax's new CCA compatible with the most popular browsers in Mac environments. Before HTML5, real-time unified communication software was typically deployed as a local client because its browser-based counterparts were unable to deliver an acceptable user experience. Some browser-based clients use 3rd party software such as Adobe Flash or Sliverlight to operate adequately, but both solutions require software installation and are not mobile friendly.
Gary Edwards

Canonical's new partnerships for Ubuntu: A challenge in the enterprise space? | TechRep... - 1 views

www.techrepublic.com/...2026

Canonical Ubuntu Cloud-Computing

shared by Gary Edwards on 09 Nov 11 - No Cached
  • Gary Edwards on 09 Nov 11
     
    Good article that tries to explain how Canonical is changing direction, and what that will mean for Linux.  The explanation looks at a brief list of Canonical partnerships that the author believes are key to the new direction.  Interesting stuff, but you have to follow the partnership links to grasp the impact :(
  • ...1 more comment...
  • Gary Edwards on 09 Nov 11
     
    What has happened to Diigo? Where are the lists and groups in the Chrome extension dialog? One thing i would note is that i have been using the Sharaholic Chrome extension for Diigo. Much more stable than the Diigo Chrome ext. And yes, i do get flame throwing furious when the Diigo ext dialog cuts off my comments or locks up and i lose everything. Sharaholic opens up a new page, which i can unclip from Chrome, move to the half of my dual screen system, and use to comment on an article line by line. Yes, i do miss the Diigo highlighting and in-line comments at times. But stability and consistent behavior matters. If i need to highlight, i'll pull the Diigo ext.
  • Gary Edwards on 09 Nov 11
     
    I tracked the WaveMaker link and foud that they have been acquired by VMware, and will join the SpringSource - Spring Framework for Java division. Interesting stuff. Rod Johnson has a new toy! (http://bit.ly/t9bX2m) Also, i noticed that VMware has decided to open source WaveMaker entirely - available for free. This is interesting in the context of changes at Ubuntu. Perhaps WaveMaker is a Java IDE challenge to QT's dominance on Linux? QT is owned by Nokia. And Nokia has slid under the boot heel of Microsoft and the Windows 8 platform of cloud-desktop-mobile. WaveMaker Springs To VMware http://bit.ly/s80t8n Perhaps more interesting is that Canonical Ubuntu would be supporting the VMware Cloud Application Platform. http://bit.ly/suN5ic Looks like VMware is very serious about a sweeping and comprehensive Cloud Productivity Platform. Neither Amazon or RackSpace have developer tools wired in like VMWare. Google Cloud has core Apps that can't be beat. FaceBook just purchased Strobe, but that focus is on mobility app developers - not business systems developers.
  • Gary Edwards on 09 Nov 11
     
    Note to Jason Harrop: VMware needs your docx desktop-cloud conversion.
Paul Merrell

Tiny USB Stick Brings Android to PCs, TVs | Gadget Lab | Wired.com - 1 views

www.wired.com/...android-cotton-candy-fxi

Cloud-Computing Android Ubuntu TV-Internet mobile devices

shared by Paul Merrell on 20 Nov 11 - No Cached
  • Google has made no secret about its plans for Android. Smartphones and tablets are just the beginning — the company wants Android everywhere. And thanks to FXI Technologies’ Cotton Candy USB device, we may not have to wait long to see Android on more than just our mobile devices. FXI essentially built an ultra-lean computer inside a small USB stick. Stick it into any device that supports USB storage, and Cotton Candy will register as a USB drive. From there, you can run the Android OS in a secure environment inside your desktop, courtesy of a Windows/OSX/Linux-compatible virtualization client embedded in the device. Stick Cotton Candy into a computer, and Android will appear in a virtualized window on your desktop. But get this: The USB key also features an HDMI connector. This way, you can connect the stick to your TV and use Android on the big screen (though you’ll need some kind of secondary input device, like a Bluetooth mouse/keyboard combo, to get anything done.)
  • Paul Merrell on 20 Nov 11
     
    Vaporware, but interesting. More info on the developers' website at .  Basic idea is a computer on a stick that can be plugged into either other computers or into an HDMI flatscreen TV. In the latter scenario, Bluetooth connectivity for keyboard/mouse combo, provided by e.g., a smartphone. The USB connection is v. 2.0, but I'll guess that USB 3.0 would soon be an option in newer models.  According to the specs it can run either Android or Ubunutu. If you check the developer's website, they definitely have their eyes on the growth in the numbers of HDMI-equipped TVs. Note that if delivered as described, this breaks boundaries of mobile devices, tending toward a convergence of TV monitors and mobile devices in an unexpected way. 
Gary Edwards

Cloud Pricing: Amazon, Microsoft Keep Cutting - Cloud-computing - Infrastructure as a S... - 0 views

www.informationweek.com/...240001237

Cloud-Productivity-Platform amazon Microsoft-Cloud

shared by Gary Edwards on 05 Jun 12 - No Cached
  • Gary Edwards on 05 Jun 12
     
    It's game on between Amazon AWS and Microsoft Azure.  Interesting price configurations indicate that Cloud Computing is now a commodity.  One point in the article worth noting is that Cloud applications and services begin as "Cloud" apps - not desktop or client/server.  Bad news for Microsoft..... Excerpt: Microsoft, with its flagship operating system and rich line of related tools and applications, is watching the Windows developer community migrate to the cloud, but often not to its Azure cloud. AWS and Rackspace have offered cheaper raw online computing power. VMware-backed Cloud Foundry offers a development platform to build apps that can deploy on a number of vendors' clouds, and VMware recently made Cloud Foundry more Windows-friendly. Hewlett-Packard, which is just entering the cloud infrastructure market, is emphasizing its own development platform. To keep cloud app developers engaged, Microsoft must put the right resources on Azure's platform-as-a-service--developer tools, database services, and messaging services--but also make it affordable. Today's most creative new software projects often begin in a cloud, and a big reason is to keep startup costs low. Cloud computing is critical to the future of the Windows franchise.
Gary Edwards

Free CloudOn app puts your iPad to work | How To - CNET - 0 views

howto.cnet.com/...301-11310_39-57452038-285.html

MSOffice Cloud-Productivity CloudON QuickOffice

shared by Gary Edwards on 13 Jun 12 - No Cached
  • Gary Edwards on 13 Jun 12
     
    The free CloudON app for iPAD provides a very nice ribbon interface for viewing and editing MSOffice XML documents.  Supports important workgroup features like "change tracking", show or hide markup, make and view comments, restrict editing, and compare and combine versions.  Very cool. Lacks support for custom add-ons, templates, auto-correct settings, and other advanced features may limit the program's usefulness.  Time to do some testing.  Hope Florian catches this post :) excerpt: Support for Office XML file types, and a ribbon to boot ...... Speculation continues as to whether -- most say when -- Microsoft will release a version of Office for the iPad. (CNET blogger Zack Whittaker cites sources predicting a November arrival.) It's not like you have to wait months to create and edit Word, Excel, and PowerPoint files on your iPad. Last June I described how to use Google Docs and Google Cloud Connect to edit Word and Excel files on an iPad for free. The end of that story noted the likely arrival of iPad apps supporting Office file formats. One of the most popular of these is the $15 Quickoffice, a program that was recently acquired by Google. But before you shell out for an Office alternative, check out the free CloudOn app, which now connects to Google Drive and Box accounts as well as Dropbox accounts. Other new features in the latest release let you send files as e-mail attachments and open PDFs. (See Lance Whitney's post on the Internet & Media blog for more on the program's PDF features.) CloudOn's ribbon is a big departure from the Quickoffice interface, which look nothing like Office. (Of course, many people will prefer the clean, clutter-free look of Quickoffice.) None of the Office extras, but all the essentials: In a group setting CloudOn's lack of support for custom add-ons, templates, auto-correct settings, and other advanced features may limit the program's usefulness. Still, the word processor lets you track and accept changes, show or
Gary Edwards

Open Source, Android Push Evolution of Mobile Cloud Apps | Linux.com - 0 views

www.linux.com/...evolution-of-mobile-cloud-apps

OpenMobster Cloud-Computing Cloud-Productivity-Platform mobility

shared by Gary Edwards on 19 Jun 12 - No Cached
  • Gary Edwards on 19 Jun 12
     
    Nice OpenMobster graphic!  Good explanation of the Android notification advantage over iOS and Windows 7 too.  Note the exception that iOS-5 finally introduces support for JSON. excerpt: Why Android Rocks the Cloud Most open source mobile-cloud projects are still in the early stages. These include the fledgling cloud-to-mobile push notifications app, SimplePush , and the pre-alpha Mirage  "cloud operating system" which enables the creation of secure network applications across any Xen-ready cloud platform. The 2cloud Project , meanwhile, has the more ambitious goal of enabling complete mobile cloud platforms. All of the above apps support Android, and many support iOS. Among mobile OSes, Android is best equipped to support cloud applications, said Shah. Android supports sockets to help connect to remote services, and supplies a capable SQlite-based local database. It also offers a JSON (JavaScript Object Notation) interchange stack to help parse incoming cloud data -- something missing in iOS. Unlike iOS and Windows Phone 7, Android provides background processing, which is useful for building a robust push infrastructure, said Shah. Without it, he added, users need to configure the app to work with a third-party push service. Most importantly, Android is the only major mobile OS to support inter-application communications. "Mobile apps are focused, and tend to do one thing only," said Shah. "When they cannot communicate with each other, you lose innovation." Comment from Sohil Shah, CEO OpenMobster: "I spoke too soon. iOS 5 now supports JSON out of the box. I am still working with a third party library which was needed in iOS 4 and earlier, and to stay backward compatible with those versions.  Anyways, it should have been supported a lot earlier considering the fact that AFAIK, Android has had it since the very beginning. "
Gary Edwards

Cloud file-sharing for enterprise users - 1 views

www.computerweekly.com/...e-sharing-for-enterprise-users

SurDoc Sync-Share-Store sync-share-store-collaboration DropBox

shared by Gary Edwards on 30 Aug 13 - No Cached
  • Gary Edwards on 30 Aug 13
     
    Quick review of different sync-share-store services, starting with DropBox and ending with three Open Source services. Very interesting. Things have progressed since I last worked on the SurDocs project for Sursen. No mention in this review of file formats, conversion or viewing issues. I do know that CrocoDoc is used by near every sync-share-store service to convert documents to either pdf or html formats for viewing. No servie however has been able to hit the "native document" sweet spot. Not even SurDocs - which was the whole purpose behind the project!!! "Native Documents" means that the document is in it's native / original application format. That format is needed for the round tripping and reloading of the document. Although most sync-share-store services work with MSOffice OXML formatted documents, only Microsoft provides a true "native" format viewer (Office 365). Office 365 enables direct edit, view and collaboration on native documents. Which is an enormous advantage given that conversion of any sort is guaranteed to "break" a native document and disrupt any related business processes or round tripping need. It was here that SurDoc was to provide a break-through technology. Sadly, we're still waiting :( excerpt: The availability of cheap, easy-to-use and accessible cloud file-sharing services means users have more freedom and choice than ever before. Dropbox pioneered simplicity and ease of use, and so quickly picked up users inside the enterprise. Similar services have followed Dropbox's lead and now there are dozens, including well-known ones such as Google Drive, SkyDrive and Ubuntu One. cloud.jpg Valdis Filks , research director at analyst firm Gartner explained the appeal of cloud file-sharing services. Filks said: "Enterprise employees use Dropbox and Google because they are consumer products that are simple to use, can be purchased without officially requesting new infrastructure or budget expenditure, and can be installed qu
  • Paul Merrell on 11 Sep 13
     
    Odd that the reporter mentions the importance of security near the top of the article but gives that topic such short shrift in his evaluation of the services. For example, "secured by 256-bit AES encryption" is meaningless without discussing other factors such as: [i] who creates the encryption keys and on which side of the server/client divide; and [ii] the service's ability to decrypt the customer's content. Encrypt/decryt must be done on the client side using unique keys that are unknown to the service, else security is broken and if the service does business in the U.S. or any of its territories or possessions, it is subject to gagged orders to turn over the decrypted customer information. My wisdom so far is to avoid file sync services to the extent you can, boycott U.S. services until the spy agencies are encaged, and reward services that provide good security from nations with more respect for digital privacy, to give U.S.-based services an incentive to lobby *effectively* on behalf of their customer's privacy in Congress. The proof that they are not doing so is the complete absence of bills in Congress that would deal effectively with the abuse by U.S. spy agencies. From that standpoint, the Switzerland-based http://wuala.com/ file sync service is looking pretty good so far. I'm using it.
Paul Merrell

FCC's Wheeler Promises Net Neutrality Action 'Shortly' | Adweek - 0 views

www.adweek.com/...-net-neutrality-shortly-155347

net-neutrality FCC petition

shared by Paul Merrell on 31 Jan 14 - No Cached
  • Paul Merrell on 31 Jan 14
     
    Over a million signed the petition. Wow! But note that the battle is not over. The FCC could reimplement net neutrality now if it reclassified broadband internet as a telecommunications service. That the FCC has not already set this in motion raises danger flags. All it takes is for a few contracts to be signed to give the ISPs 5th Amendment taking clause claims for damages against the government for reimplementing net neutrality the right way, A "reasonable investment-backed expectation" is the relevant 5th Amendment trigger. 
Paul Merrell

Surveillance scandal rips through hacker community | Security & Privacy - CNET News - 0 views

news.cnet.com/...-rips-through-hacker-community

surveillance state NSA NSA-blowback cloud computing mobile devices privacy

shared by Paul Merrell on 06 Aug 13 - No Cached
  • One security start-up that had an encounter with the FBI was Wickr, a privacy-forward text messaging app for the iPhone with an Android version in private beta. Wickr's co-founder Nico Sell told CNET at Defcon, "Wickr has been approached by the FBI and asked for a backdoor. We said, 'No.'" The mistrust runs deep. "Even if [the NSA] stood up tomorrow and said that [they] have eliminated these programs," said Marlinspike, "How could we believe them? How can we believe that anything they say is true?" Where does security innovation go next? The immediate future of information security innovation most likely lies in software that provides an existing service but with heightened privacy protections, such as webmail that doesn't mine you for personal data.
  • Wickr's Sell thinks that her company has hit upon a privacy innovation that a few others are also doing, but many will soon follow: the company itself doesn't store user data. "[The FBI] would have to force us to build a new app. With the current app there's no way," she said, that they could incorporate backdoor access to Wickr users' texts or metadata. "Even if you trust the NSA 100 percent that they're going to use [your data] correctly," Sell said, "Do you trust that they're going to be able to keep it safe from hackers? What if somebody gets that database and posts it online?" To that end, she said, people will start seeing privacy innovation for services that don't currently provide it. Calling it "social networks 2.0," she said that social network competitors will arise that do a better job of protecting their customer's privacy and predicted that some that succeed will do so because of their emphasis on privacy. Abine's recent MaskMe browser add-on and mobile app for creating disposable e-mail addresses, phone numbers, and credit cards is another example of a service that doesn't have access to its own users' data.
  • Stamos predicted changes in services that companies with cloud storage offer, including offering customers the ability to store their data outside of the U.S. "If they want to stay competitive, they're going to have to," he said. But, he cautioned, "It's impossible to do a cloud-based ad supported service." Soghoian added, "The only way to keep a service running is to pay them money." This, he said, is going to give rise to a new wave of ad-free, privacy protective subscription services.
  • ...2 more annotations...
  • The issue with balancing privacy and surveillance is that the wireless carriers are not interested in privacy, he said. "They've been providing wiretapping for 100 years. Apple may in the next year protect voice calls," he said, and said that the best hope for ending widespread government surveillance will be the makers of mobile operating systems like Apple and Google. Not all upcoming security innovation will be focused on that kind of privacy protection. Security researcher Brandon Wiley showed off at Defcon a protocol he calls Dust that can obfuscate different kinds of network traffic, with the end goal of preventing censorship. "I only make products about letting you say what you want to say anywhere in the world," such as content critical of governments, he said. Encryption can hide the specifics of the traffic, but some governments have figured out that they can simply block all encrypted traffic, he said. The Dust protocol would change that, he said, making it hard to tell the difference between encrypted and unencrypted traffic. It's hard to build encryption into pre-existing products, Wiley said. "I think people are going to make easy-to-use, encrypted apps, and that's going to be the future."
  • Companies could face severe consequences from their security experts, said Stamos, if the in-house experts find out that they've been lied to about providing government access to customer data. You could see "lots of resignations and maybe publicly," he said. "It wouldn't hurt their reputations to go out in a blaze of glory." Perhaps not surprisingly, Marlinspike sounded a hopeful call for non-destructive activism on Defcon's 21st anniversary. "As hackers, we don't have a lot of influence on policy. I hope that's something that we can focus our energy on," he said.
  • Paul Merrell on 06 Aug 13
     
    NSA as the cause of the next major disruption in the social networking service industry?  Grief ahead for Google? Note the point made that: "It's impossible to do a cloud-based ad supported service" where the encryption/decryption takes place on the client side. 
Paul Merrell

Secret Trans-Pacific Partnership Agreement (TPP) - 0 views

wikileaks.org/tpp

TPP Trans-Pacific Partnership leaked-docs Wikileaks

shared by Paul Merrell on 14 Nov 13 - No Cached
  • Today, 13 November 2013, WikiLeaks released the secret negotiated draft text for the entire TPP (Trans-Pacific Partnership) Intellectual Property Rights Chapter. The TPP is the largest-ever economic treaty, encompassing nations representing more than 40 per cent of the world’s GDP. The WikiLeaks release of the text comes ahead of the decisive TPP Chief Negotiators summit in Salt Lake City, Utah, on 19-24 November 2013. The chapter published by WikiLeaks is perhaps the most controversial chapter of the TPP due to its wide-ranging effects on medicines, publishers, internet services, civil liberties and biological patents. Significantly, the released text includes the negotiation positions and disagreements between all 12 prospective member states.
  • The TPP is the forerunner to the equally secret US-EU pact TTIP (Transatlantic Trade and Investment Partnership), for which President Obama initiated US-EU negotiations in January 2013. Together, the TPP and TTIP will cover more than 60 per cent of global GDP. Read full press release here Download the full secret TPP treaty IP chapter as a PDF here WikiLeaks Release of Secret Trans-Pacific Partnership Agreement (TPP) Advanced Intellectual Property Chapter for All 12 Nations with Negotiating Positions (August 30 2013 consolidated bracketed negotiating text)
  • Paul Merrell on 14 Nov 13
     
    The text is leaked for the latest secretly negotiated atrocity against the Open Web and FOSS, and against much more. Note that in the U.S., treaties bypass review by the House of Representatives, needing approval only of the Senate for ratification. 
Paul Merrell

How Secret Partners Expand NSA's Surveillance Dragnet - The Intercept - 0 views

firstlook.org/...le-partners-revealed-rampart-a

surveillance state NSA NSA-partners fiber-optic

shared by Paul Merrell on 20 Jun 14 - No Cached
  • Huge volumes of private emails, phone calls, and internet chats are being intercepted by the National Security Agency with the secret cooperation of more foreign governments than previously known, according to newly disclosed documents from whistleblower Edward Snowden. The classified files, revealed today by the Danish newspaper Dagbladet Information in a reporting collaboration with The Intercept, shed light on how the NSA’s surveillance of global communications has expanded under a clandestine program, known as RAMPART-A, that depends on the participation of a growing network of intelligence agencies.
  • It has already been widely reported that the NSA works closely with eavesdropping agencies in the United Kingdom, Canada, New Zealand, and Australia as part of the so-called Five Eyes surveillance alliance. But the latest Snowden documents show that a number of other countries, described by the NSA as “third-party partners,” are playing an increasingly important role – by secretly allowing the NSA to install surveillance equipment on their fiber-optic cables. The NSA documents state that under RAMPART-A, foreign partners “provide access to cables and host U.S. equipment.” This allows the agency to covertly tap into “congestion points around the world” where it says it can intercept the content of phone calls, faxes, e-mails, internet chats, data from virtual private networks, and calls made using Voice over IP software like Skype.
  • The program, which the secret files show cost U.S. taxpayers about $170 million between 2011 and 2013, sweeps up a vast amount of communications at lightning speed. According to the intelligence community’s classified “Black Budget” for 2013, RAMPART-A enables the NSA to tap into three terabits of data every second as the data flows across the compromised cables – the equivalent of being able to download about 5,400 uncompressed high-definition movies every minute. In an emailed statement, the NSA declined to comment on the RAMPART-A program. “The fact that the U.S. government works with other nations, under specific and regulated conditions, mutually strengthens the security of all,” said NSA spokeswoman Vanee’ Vines. “NSA’s efforts are focused on ensuring the protection of the national security of the United States, its citizens, and our allies through the pursuit of valid foreign intelligence targets only.”
  • ...2 more annotations...
  • The secret documents reveal that the NSA has set up at least 13 RAMPART-A sites, nine of which were active in 2013. Three of the largest – codenamed AZUREPHOENIX, SPINNERET and MOONLIGHTPATH – mine data from some 70 different cables or networks. The precise geographic locations of the sites and the countries cooperating with the program are among the most carefully guarded of the NSA’s secrets, and these details are not contained in the Snowden files. However, the documents point towards some of the countries involved – Denmark and Germany among them. An NSA memo prepared for a 2012 meeting between the then-NSA director, Gen. Keith Alexander, and his Danish counterpart noted that the NSA had a longstanding partnership with the country’s intelligence service on a special “cable access” program. Another document, dated from 2013 and first published by Der Spiegel on Wednesday, describes a German cable access point under a program that was operated by the NSA, the German intelligence service BND, and an unnamed third partner.
  • The Danish and German operations appear to be associated with RAMPART-A because it is the only NSA cable-access initiative that depends on the cooperation of third-party partners. Other NSA operations tap cables without the consent or knowledge of the countries that host the cables, or are operated from within the United States with the assistance of American telecommunications companies that have international links. One secret NSA document notes that most of the RAMPART-A projects are operated by the partners “under the cover of an overt comsat effort,” suggesting that the tapping of the fiber-optic cables takes place at Cold War-era eavesdropping stations in the host countries, usually identifiable by their large white satellite dishes and radomes. A shortlist of other countries potentially involved in the RAMPART-A operation is contained in the Snowden archive. A classified presentation dated 2013, published recently in Intercept editor Glenn Greenwald’s book No Place To Hide, revealed that the NSA had top-secret spying agreements with 33 third-party countries, including Denmark, Germany, and 15 other European Union member states:
  • Paul Merrell on 20 Jun 14
     
    Don't miss the slide with the names of the NSA-partner nations. Lots of E.U. member nations.
Gary Edwards

CPU Wars - Intel to Play Fab for an ARM Chipmaker: Understanding What the Altera Deal M... - 0 views

www.dailytech.com/...article33659.htm

OpenWeb WinTel Intel-ARM x86-ARM CPU-GPU

shared by Gary Edwards on 04 Nov 13 - No Cached
  • Intel wants x86 to conquer all computing spaces -- including mobile -- and is trying to leverage its process lead to make that happen.  However, it's been slowed by a lack of inclusion of 4G cellular modems on-die and difficulties adapting to the mobile market's low component prices.  ARM, meanwhile, wants a piece of the PC and server markets, but has received a lukewarm response from consumers due to software compatibility concerns. The disappointing sales of (x86) tablet products using Microsoft Corp.'s (MSFT) Windows 8 and the flop of Windows RT (ARM) product in general somewhat unexpectedly had the net result of being a driver to maintain the status quo, allowing neither company to gain much ground.  For Intel, its partnership with Microsoft (the historic "Wintel" combo) has damaged its mobile efforts, as Windows 8 flopped in the tablet market.  Likewise ARM's efforts to score PC market share were stifled by the flop of Windows RT, which led to OEMs killing off ARM-based laptops and convertibles.
  • Both companies seem to have learned their lesson and are migrating away from Windows towards other platforms -- in ARM's case Chromebooks, and in Intel's case Android tablets/smartphones. But suffice it to say, ARM Holdings and Intel are still very much bitter enemies from a sales perspective.
  • III. Profit vs. Risk -- Understanding the Modern CPU Food Chain
  • ...16 more annotations...
  • Whether it's tablets or PCs, the processor is still one of the most expensive components onboard.  Aside from the discrete GPU -- if a device has one -- the CPU has the greatest earning potential for a large company like Intel because the CPU is the most complex component. Other components like the power supply or memory tend to either be lower margin or have more competitors.  The display, memory, and storage components are all sensitive to process, but see profit split between different parties (e.g. the company who makes the DRAM chips and the company who sells the stick of DRAM) and are primarily dependent on process technology. CPUs and GPUs remain the toughest product to make, as it's not enough to simply have the best process, you must also have the best architecture and the best optimization of that architecture for the space you're competing in. There's essentially five points of potential profit on the processor food chain: [CPU] Fabrication [CPU] Architecture design [CPU] Optimization OEM OS platform Of these, the fabrication/OS point is the most profitable (but is dependent on the number of OEM adopters).  The second most profitable niche is optimization (which again is dependent on OEM adopter market share), followed by OEM markups.  In terms of expense, fabrication and operating system designs requires the greatest capital investment and the highest risk.
  • In terms of difficulty/risk, the fabrication and operating system are the most difficult/risky points.  Hence in terms of combined risk, cost, and profitability the ranking of which points are "best" is arguably: Optimization Architecture design OS platfrom OEM Fabrication ...with the fabrication point being last largely because it's so high risk. In other words, the last thing Intel wants is to settle into a niche of playing fabs for everybody else's product, as that's an unsound approach.  If you can't keep up in terms of chip design, you typically spin off your fabs and opt for a different architecture direction -- just look at Advanced Micro Devices, Inc.'s (AMD) spinoff of GlobalFoundries and upcoming ARM product to see that.
  • IV. Top Firms' Role on That Food Chain
  • Apple has seen unbelievable profits due to this fundamental premise.  It controls the two most desirable points on the food chain -- OS and optimization -- while sharing some profit with its architecture designer (ARM Holdings) and a bit with the fabricator (Samsung Electronics Comp., Ltd. (KSC:005930)).  By choosing to play operating system maker, too, it adds to its profits, but also its risk.  Note that nearly every other first-party exclusive smartphone platform has failed or is about to fail (i.e. BlackBerry, Ltd. (TSE:BB) and the now-dead Palm).
  • Intel controls points 1, 2, and 5, currently, on the food chain.  Compared to Apple, Intel's points of control offer less risk, but also slightly less profitability. Its architecture control may be at risk, but even so, it's currently the top in its most risky/expensive point of control (fabrication), where as Apple's most risky/expensive point of control (OS development) is much less of a clear leader (as Android has surpassed Apple in market share).  Hence Apple might be a better short-term investment, but Intel certainly appears a better long-term investment.
  • Samsung is another top company in terms of market dominance and profit.  It occupies points 1, 3, 4, and 5 -- sometimes.  Sometimes Samsung's devices use third-party optimization firms like Qualcomm Inc. (QCOM) and NVIDIA Corp. (NVDA), which hurts profitability by removing one of the most profitable roles.  But Samsung makes up for this by being one of the largest and most successful third party manufacturers.
  • Microsoft enjoys a lot of profit due to its OS dominance, as does Google Inc. (GOOG); but both companies are limited in controlling only one point which they monetize in different ways (Microsoft by direct sales; Google by giving away OS product for free in return for web services market share and by proxy search advertising revenue).
  • Qualcomm and NVIDIA are also quite profitable operating solely as optimizers, as is ARM Holdings who serves as architecture maker to Qualcomm, NVIDIA, Apple, and Samsung.
  • V. Four Scenarios in the x86 vs. ARM Competition
  • Scenario one is that x86 proves dominant in the mobile space, assuming a comparable process.
  • A second scenario is that x86 and ARM are roughly tied, assuming a comparable process.
  • A third scenario is that x86 is inferior to ARM at a comparable process, but comparable or superior to ARM when the x86 chip is built using a superior process.  From the benchmarks I've seen to date, I personally believe this is most likely.
  • A fourth scenario is that x86 is so drastically inferior to ARM architecturally that a process lead by Intel can't make up for it.
  • This is perhaps the most interesting scenario, in the sense of thinking of how Intel would react, if not overly likely.  If Intel were faced with this scenario, I believe Intel would simply bite the bullet and start making ARM chips, leveraging its process lead to become the dominant ARM chipmaker.  To make up for the revenue it lost, paying licensing fees to ARM Holdings, it could focus its efforts in the OS space (it's Tizen Linux OS project with Samsung hints at that).  Or it could look to make up for lost revenue by expanding its production of other basic process-sensitive components (e.g. DRAM).  I think this would be Intel's best and most likely option in this scenario.
  • VI. Why Intel is Unlikely to Play Fab For ARM Chipmakers (Even if ARM is Better)
  • From Intel's point of view, there is an entrenched, but declining market for x86 chips because of Windows, and Intel will continue to support Atom chips (which will be required to run Windows 8 tablets), but growth on desktops will come from 64 bit desktop/server class non-Windows ARM devices - Chromebooks, Android laptops, possibly Apple's desktop products as well given they are going 64 bit ARM for their future iPhones. Even Windows has been trying to transition (unsuccessfully) to ARM. Again, the Windows server market is tied to x86, but Linux and FreeBSD servers will run on ARM as well, and ARM will take a chunk out of the server market when a decent 64bit ARM server chip is available as a result.
  • Gary Edwards on 04 Nov 13
     
    Excellent article explaining the CPU war for the future of computing, as Intel and ARM square off.  Intel's x86 architecture dominates the era of client/server computing, with their famed WinTel alliance monopolizing desktop, notebook and server implementations.  But Microsoft was a no show with the merging mobile computing market, and now ARM is in position transition from their mobile dominance to challenge the desktop -notebook - server markets.   WinTel lost their shot at the mobile computing market, and now their legacy platforms are in play.  Good article!!! Well worth the read time  ................
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Gary Edwards

Google Chrome 5 WebKit - Firefox - Opera Comparisons - BusinessWeek - 0 views

www.businessweek.com/...google-chrome-5.html

Chrome Chrome-5 HTML5 HTML5-CSS3-JavaScript

shared by Gary Edwards on 23 Jun 10 - Cached
  • Gary Edwards on 23 Jun 10
     
    Chrome runs as close as any browser can to the bleeding edge of Web standards. Though it uses the same open source WebKit rendering engine as Safari, it doesn't reliably support the controversial, proprietary CSS3 transformation and animation tricks that Apple's built into Safari. However, like every browser I tested, it earned a perfect score in a compatibility test for CSS3 selectors, and it joined Safari and Opera with a flawless score of 100 in the Acid3 web standards benchmark. Chrome 5 also supports both Apple's H.264 codec and Mozilla's preferred open source Ogg Theora technology for plugin-free HTML5 video, and it beautifully played back HTML5 demo videos from YouTube and Brightcove. In XHTML and CSS tests, Chrome was surprisingly slower than Safari, despite their shared rendering engine -- but the race was close. Safari rendered a local XHTML test page in 0.58 seconds to Chrome's 0.78 seconds, and a local CSS test page in 33 milliseconds to Chrome's 51 milliseconds. Note that Chrome still rendered XHTML more than twice as fast as Opera (1.67 seconds) and left Firefox (12.42 seconds--no, that's not a typo) eating its dust. In CSS, it also beat the pants off Opera (193 milliseconds) and Firefox (342 milliseconds). But Chrome shines brightest when handling JavaScript. Its V8 engine zipped through the SunSpider Javascript benchmark in 448.6 milliseconds, narrowly beating Opera's 485.8 milliseconds, and absolutely plastering Firefox's 1,161.4 milliseconds. However, Safari 5's time of 376.3 miliseconds in the SunSpider test beat Chrome 5 handily.
Paul Merrell

Closing CDF WG, Publishing Specs as Notes from Doug Schepers on 2010-07-12 (public-cdf@... - 0 views

lists.w3.org/...0000.html

W3C CDF CDFWG WICD profiles standards standardized interfaces ClosedWeb

shared by Paul Merrell on 12 Jul 10 - Cached
  • Hi, CDF folks- While we had hoped that more implementations might emerge that passed the CDF and WICD test suites [1], such that these specifications would meet the criteria as W3C Recommendations, it does not seem that this will happen in a reasonable timeframe. Despite good partial implementation experience, implementers have not show sufficient interest to justify further investment of W3C resources into this group, even at a background level. In order to clarify the status of the CDF WG specifications, including Compound Document by Reference Framework 1.0 [2], Web Integration Compound Document (WICD) Core 1.0 [3], WICD Mobile 1.0 [4], and WICD Full 1.0 [5], all in Candidate Recommendation phase since July 2007, we have decided to publish them as Working Group Notes instead, and to close the Compound Document Formats Working Group.
  • Paul Merrell on 12 Jul 10
     
    This event speaks loudly to how little interest browser developershave in interoperable web solutions. One-way compatibility wins and the ability of web applications to round-trip data loses. For those that did not realize it, the Compound Document by Reference Framework not only allowes but requires that more featureful implementations round-trip the output of less featureful implementations without data loss. See http://www.w3.org/TR/2007/CR-CDR-20070718/#conformance ("A conformant user agent of a superset profile specification must process subset profile content as if it were the superset profile content"). 
Paul Merrell

Google Sites API opens Microsoft SharePoint - Techworld.com - 1 views

news.techworld.com/...api-opens-microsoft-sharepoint

Google Sharepoint Lotus Notes Google Sites

shared by Paul Merrell on 30 Sep 09 - Cached
Gary Edwards liked it
  • Signaling an intent to compete with giants in the collaboration software space, Google unveiled an API to extend the Google Sites collaborative content development tool, featuring a capability to migrate files from workspace applications such as Microsoft SharePoint and Lotus Notes to Sites. One application already built using the Google Sites API is SharePoint Move for Google Apps, developed by LTech for migrating data and content from SharePoint to Sites. Google Sites is a free application for building and sharing websites; it is described by Google as a collaborative content creation tool to upload file attachments, information other Google applications such as Google Docs, and free-form content.
Gary Edwards

MacroView DMF™ (Document Management Framework) - 0 views

www.macroview.com.au/...cumentManagementFramework.aspx

DCMS SharePoint MacroView DMF

shared by Gary Edwards on 26 Aug 10 - Cached
  • Gary Edwards on 26 Aug 10
     
    From the NOT So OpenWeb department, MacroView provides a folder based hierarchy view of MSOffice, OutLook and PDF documents/messages.  Note that the metadata information is held at the server level - it is not part of of the document container!  Which is another way of saying that while the document might be portable, the metadata and layered components/relationships involving that document are not.  SharePoint only.  I doubt google Search will be able to access and read this metadata. intro:  Enable full function document management in Microsoft® SharePoint® 2007 and 2010 - save, browse and search from the applications that you use every day with MacroView DMF™ v7 (formerly known as MacroView WISDOM DMF)
‹ Previous 21 - 40 of 138 Next › Last »
Showing 20 items per page