Monday, 29 July 2013

Leap Motion Controller review: A touchscreen interface without the touching..

It's 'Minority Report' meets Microsoft Kinetic as virtual interactivity comes to the PC. Cool, yes, but does it have any practical value?

Computerworld - Anyone who's ever stood in front of a Kinetic-equipped Xbox knows the fun of virtual control, of using your hands to manipulate what you see on the screen without touching anything but air.
The Leap Motion Controller endows your PC with that same air-powered interactivity, allowing you to bypass mouse and keyboard in favor of hand-waving control of apps, games and even various PC operations.
Leap Motion Controller
The Leap Motion Controller sits between keyboard and monitor.
It's a cool concept, and Leap Motion pulls off the execution reasonably well -- for the surprisingly low price of $80. But it definitely raises a few questions, starting with: What would you actually use this thing for? And does it have any practical business value?

Plug and playtime

Not much larger than an average flash drive, the Leap Motion Controller has a glossy black top with a silver band wrapped around the sides. It's attractive and surprisingly compact, which is good considering it's designed to sit below your monitor (or, if you're using a laptop, in front of the keyboard). A USB 2.0 cable provides both power and connectivity. Leap Motion supplies both short (two feet) and long (five feet) cables to accommodate various computing configurations.
I tested the Leap Motion Controller with a Lenovo IdeaPad U310 Touch laptop and Samsung Series 9 ultrabook. Although the controller itself didn't get in the way, I disliked the look of the USB cable snaking around the side. This thing really begs for a rechargeable battery and wireless connection, which would emulate the somewhat disingenuous promo video where you see only the sensor, not the cable.
But installation couldn't have been much simpler. After loading the Windows client (it's also available for OS X) and plugging in the controller, I raised my hands and instantly saw their movement reflected in the introductory visualizer app. As a regular Kinect user, however, for me the effect was less "Wow!" and more, "Okay, it works."
Even so, when I tried the calibration process, during which you point the top of the controller at a reflective surface (a glossy screen is recommended) and move it around, I found it nearly impossible to achieve the required "pass" score of 80. Eventually I managed it with the IdeaPad, which has a glossy display, but I never hit 80 on the matte-finished display of the Series 9. The sensor still worked as expected, but I couldn't shake the feeling it wasn't operating optimally.

Space oddity

The controller generates a kind of virtual-space bubble in front of your PC, one large enough to accommodate your two hands (though many apps require only one). Imagine a 10-point multitouch interface, like you'd find on a touchscreen, but in three-dimensional space. The sensors track not only the positions of your hands and fingers, but also their movements. Thus you're able to "interact" with onscreen objects without actually touching anything.
Let me just pause right here to note that any business user hoping for a Leap Motion-powered productivity edge will be disappointed. You cannot design industrial components a la Tony Stark in Iron Man, nor can you sift through virtual files like Tom Cruise in Minority Report. We are a long, long way from that.

Apps for air

The Leap Motion Controller runs on apps, and there's already a decent collection of them in the Airspace Store -- about 75 as of this writing. These run the gamut from games to drawing tools to music makers, with a smattering of productivity apps for good measure. Some are free, while others cost a couple of bucks. A few will seem familiar to anyone with a tablet or smartphone, including Cut the Rope and Google Earth.
I started with Cyber Science - Motion, which displays a photorealistic model of a human skull and lets you rotate it, zoom in and out and remove individual pieces -- all through a combination of hand and finger motions. It's really cool, and one could see where a student -- one studying anatomy, anyway -- might find this a helpful educational tool.

At a Glance

Leap Motion Controller
Leap Motion
Price: $79.99
Pros: Compact, inexpensive, easy to set up
Cons: Little productivity value, it's challenging to use some apps effectively
Google Earth, on the other hand, proved an exercise in frustration. Unless you maneuver your hand with slow, exacting precision, the globe spins hopelessly out of control. That's because it responds to every single hand movement: toward the screen, away from the screen, up, down, tilted left, tilted right and so on. Without considerable practice, it's impossible to get where you want to go -- or even just take a simple flight across the mountains.
Then there's Touchless, which effectively turns your hand into a mouse. You can click, drag, zoom, scroll and more, all via a couple of fingers mirroring what you'd do on a touchpad or touchscreen. It works, though air taps and drags can be difficult to pull off, and the lack of any tactical feedback makes for agonizingly slow navigation.
A just-announced app, DexType, will create a virtual keyboard for two-fingered air typing. It's a neat concept, and potentially a boon for someone who's physically impaired (although I expect it will be slow compared with a traditional keyboard).

Bottom line

And that's really the key issue here: In what ways is the Leap Motion Controller better than a mouse or touchscreen or keyboard? For the moment, it's not. It's more toy than tool, more science fiction than practical addition.
I do find it impressive that Leap Motion managed to pack so much functionality into such a compact package, especially given the unit's impulse-buy price. But unless you're an app developer, physically challenged computer user or gadget lover, this is one Leap not worth taking -- at least, not quite yet.
Company video demonstrating the Leap Motion Controller.
Rick Broida has written about technology for nearly 25 years. He pens the popular Cheapskate blog and writes for Computerworld, PC World, Popular Science and Wired.

Monday, 22 July 2013

SIM cards vulnerable to hacking, says researcher

Millions of phones could be at risk due to the use of a 1970s-era encryption standard.

IDG News Service - Millions of mobile phones may be vulnerable to spying due to the use of outdated, 1970s-era cryptography, according to new research due to be presented at the Black Hat security conference.
Karsten Nohl, an expert cryptographer with Security Research Labs, has found a way to trick mobile phones into granting access to the device's location, SMS functions and allow changes to a person's voicemail number.
Nohl's research looked at a mobile phones' SIM (Subscriber Identification Module), the small card inserted into a device that ties it to a phone number and authenticates software updates and commands sent over-the-air from an operator.
More than 7 billion SIM cards are in use worldwide. To ensure privacy and security, SIM cards use encryption when communicating with an operator, but the encryption standards use vary widely.
A mobile communication trade group, the GSM Association, said in a statement that only a "minority" of SIM cards that use older encryption standards would appear to be vulnerable.
"There is no evidence to suggest that today's more secure SIMs, which are used to support a range of advanced services, will be affected," GSMA said.
Nohl's research found that many SIMs use a weak encryption standard dating from the 1970s called DES (Data Encryption Standard), according to a preview posted on his company's blog.
DES has long been considered a weak form of encryption, and many mobile operators have upgraded now to more secure forms. It is relatively easy to discover the private key used to sign content encrypted with DES.
In its experiment, Security Research Labs sent a binary code over SMS to a device using a SIM with DES. Since the binary code wasn't properly cryptographically signed, it would not run on the device.
But while rejecting the code, the phone's SIM makes a crucial mistake: it sends back over SMS an error code that carries its own encrypted 56-bit private key, according to the company. Because DES is considered a very weak form of encryption, it's possible to decrypt the private key using known cracking techniques.
Security Research Labs did it in about two minutes on a regular computer with the help of a rainbow table, a mathematical chart that helps convert an encrypted private key or password hash into its original form faster.
With the private DES key in hand, it is then possible to "sign" malicious software updates with the key, and send those updates to the device. The device believes the software comes from a legitimate source and then grants access to sensitive data.
GSMA said that it has not seen the full details of Nohl's research but that use of the DES algorithm has been "discontinued in over the air (OTA) standards for several years."
Security Research Labs outlined an attack scenario against SIM cards that run some form of Java virtual machine, a software framework for Java applications.
Using the SIM's private key, an attacker could force the SIM to download Java applets, which are essentially very small programs that perform some function. Those applets would be "allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions."
"These capabilities alone provide plenty of potential for abuse," the company wrote.

Possible remedies to the problem including ensuring SIM cards use state-of-the-art cryptography and also using Java virtual machines that restrict applets' access to certain information.
GSMA said it has already provided guidance to network operators and SIM vendors that might be affected by Nohl's findings.
Nohl's presentation, "Rooting SIM cards," will take place at the Black Hat security conference in Las Vegas on July 31.
Report by Jeremy Kirk, Computer World. Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Monday, 8 July 2013

What is cloud computing?

Cloud – the buzz word that everyone is saying, and arguably the future for many aspects of IT. So what is cloud computing?

mySchoolBackup - Well fundamentally it’s all about where data is stored. In the early days of computing all your data was stored on your computer’s hard disk drive, or media such as floppy disk or tapes. This included the data that was used to make your computer work – software such as the operating system and programs.  Up until the last few years this was still the way most home users operated.
Then came networks – for businesses and organisations networks provide a more efficient way of working.  Instead of each individualmachine in a business (possibly hundreds or thousands) keeping data on its hard drive, data is stored centrally on a server.  This gives advantages of being able to share data easily, backup this data in one place instead of many and much more flexible storage expansion.  Software like the operating system and programs are still stored on individual PCs but can be installed via the central server, rather than manually with disks.
Now the cloud – instead of storing data on a PC or a locally managed server, data is stored in a remote datacenter (a large group of servers in a secure location) run by a cloud provider.  The data is then accessed over the internet from anywhere with an internet connection.  This datacenter is so far removed from the end user that their data appears to be stored in a “cloud” on the internet.
You’re probably already using it – The most common reason most of us have used the cloud is to store our data, either to easily share and sync data between our PCs and devices using a service such as Dropbox, with our music collection on iTunes, our pictures on Flickr or a social network like Facebook.
But it’s not only our data that can sit in the cloud, our applications can as well – Gmail, Yahoo mail, Hotmail – are all email applications that sit in the cloud, you never have to install them and you can access them from anywhere.
Pacific Northwest electric utilities are handling the energy-intensive loads of data centers owned by Google, Facebook and others. (Photo By: iStockphoto)
Pacific Northwest electric utilities are handling the energy-intensive loads of data centers owned by Google, Facebook and others. (Photo By: iStockphoto)

So those are the bits of the cloud you’ve probably heard of and used, even if you didn’t know it at the time!  So what else can the cloud do?  Well pretty much anything you can do locally, here’s how cloud services are broken down with some examples:
Software-as-a-service – SaaS – equivalent to programs
Instead of installing software on your computer you log in and use it online, such as webmail, Google Docs and customer relationship management software eg Salesforce.
Platform-as-a-service – PaaS – equivalent to the operating system
This is a base from which software developers can build applications, eg Google Apps or for Salesforce.
Infrastructure-as-a-service – equivalent to servers
Some things you might just need a whole server for, but why not have that server in the cloud?  Infrastructure-as-a-service does just that, provides virtual servers that you can log into remotely and control in a similar fashion as you would your local server.  Amazon and Microsoft provide such services.
We hope this article has given you a greater understanding of cloud computing, in future articles we’ll look into the benefits of cloud computing, and our area of specialisation, cloud backup.

Data Management. Finding Value in Business Outcomes..

A discussion on how having a sound Recovery Management strategy that focuses on Data Protection and High Availability technologies can help organisations avoid downtime, which often impacts productivity, reputation and profitability.

CA Technologies - The cloud file-sharing service Dropbox is immensely popular among consumer and enterprise users – and not because it’s free.
Despite its insecurities, Dropbox is a favorite among 200 million users because it does what it advertises, and it does it well. It’s simple, drag-and-drop functionality makes moving files between users and devices a snap. And, in some regards, it provides data protection against loss and corruption.
Dropbox isn’t the system most enterprises would typically choose. It doesn't have the management features, account administration controls, reporting mechanisms or security most enterprises desire. It doesn't have “feature creep” (the continual addition of features and functions), and it doesn't need them.
Now, I’m not advocating Dropbox as an enterprise solution. But it is a good example of how simple, straightforward IT products and services often have more enterprise value because they do what they’re designed to do with ease.

Enterprise expectations are changing for what technology is supposed to deliver. Notions that IT is about automation and cost savings are evaporating in the heat of need for growth in productivity, revenue and profits.
In other words, enterprises want technology that results in better outcomes.
IT decision-makers are fatigued by the features wars – the escalation of new functions, interface improvements and reporting mechanisms that may improve the look and feel of an application/system, but do little to effectuate net-gain outcomes.
For years, the technology industry has used the features wars to entice customers into upgrading applications and migrating to new platforms. The process worked: Incremental improvements were enough to justify spending. However, enterprises have caught on that these feature wars mean they’re paying for features they rarely or never use.
Instead of new features, enterprises want applications and systems that produce better results, regardless of the underlying interface or discrete feature options. We see this today in backup and data protection systems. The market is flooded with cloud, hybrid and on-premises products differentiated by interface features rather than those that solve real problems, such as recovery time objectives and recovery point objectives.
Think about backup for a moment. Cool reporting functions and a slick user interface are good, but they aren't the same as having assurances that RTO and RPO are absolutely achievable. After all, data integrity and availability are paramount to normal business operations and continuity.
The same thing can be said in virtualization. With nearly 60 percent of the server install base virtualized, we’re fast approaching the point where the benefits of this technology are shifting from machine consolidation to operational performance. To the enterprise, performance and outcome are about how well a virtualized environment is backed up, is replicated and fails over. However, many of the tools available in market promote add-ons that don’t always have definable value.
As Stephen Covey, author of “The 7 Habits of Highly Effective People,” believes outcomes still matter. Rather than focusing on what goes into the technology, vendors and solution providers should help their customers achieve higher levels of performance and results. Or, as he succinctly says, “We must always start with the end in mind.”
Making things simple and valuable isn't easy – but making things easier, allowing for technical agility based on business objectives, increasing value and reducing operational costs are more valuable to an enterprise than a new blinking light or colorful dashboard.
Too often, we get caught up in the features rather than the goal. When the dust settles on the current or next hype cycle, we all need to be mindful that we serve one purpose: organizational outcomes.

Michael Crest is general manager for the Data Management customer solutions unit at CA Technologies, responsible for the team that develops, markets, sells and supports the company’s ARCserve and ERwin product lines.

Friday, 5 July 2013

IE10 pushes past predecessor to take second place among Microsoft's browsers

If trend continues, IE9 will soon slip under ancient IE6 in user share.

Computerworld - Internet Explorer 10 (IE10) jumped into second place among Microsoft's browsers last month, pushing past IE9 through an enforced upgrade.
IE10's user share climbed from 16.5% to a record 24% of all copies of Internet Explorer in June, according to Web measurement firm Net Applications.
Among Microsoft's five supported browsers, IE10 was the second-most-used, leapfrogging the two-year-old IE9, which shed user share to end June with 20.9% of all copies of Internet Explorer. The 12-year-old IE6 was fourth with 10.9%, while 2009's IE8 remained in first with 40.4%.
IE10's climb has accelerated: June's user share increase was the largest since the browser's introduction on Windows 7 in February. As in previous months, June's jump was fueled by the automatic update from IE9 to IE10 on Windows 7 that kicked in last winter.
Windows 8's gradual if not dramatic rise in user share also contributed to IE10's increase, since that and Windows RT come with IE10: Windows 8's share grew in June by the largest amount since its October 2012 launch.
IE10's climb was mirrored by a large fall in IE9's user share; the browser that once threatened IE8's dominance plunged from 27.5% of all copies of IE to 20.9%. IE9 peaked in February 2013 at 38.8%, but unless Microsoft soon runs out of Windows 7 PCs to upgrade, the browser could be eclipsed by the still-surviving IE6 within a couple of months.
Overall, IE remained flat with approximately 56% of the user share of all browsers, implying that few if any of IE10's gains came from people switching browser brands. About 39% of all Windows users ran a non-Microsoft browser in June, slightly less than in May.
IE8 lost about seven-tenths of a percentage point in June -- the largest decrease since December 2012 -- to end with a 40.4% share of all copies of Internet Explorer. IE8 will remain the most popular of Microsoft's browsers for some time, experts have said, because as the most modern version available for Windows XP it's been made the standard in enterprises supporting heterogeneous environments with both Windows XP and Windows 7 systems.

The rapid rise in IE10's user share has been unprecedented in Microsoft's experience. It has been much more akin to the quick turnover by rivals like Chrome and Firefox, which also automatically upgrade users, than any previous edition of Internet Explorer, showing that the Redmond, Wash. developer can, if it wants, migrate large numbers of users to a newer browser.
But IE10's time as a climber will probably be short lived: Microsoft haspromised to deliver IE11 for Windows 7, which will trigger a downturn in IE10's user share and corresponding rise in IE11.
Other browsers stayed in their long-inhabited positions in Net Applications' measurements, with Chrome exiting June with 17.2%, an increase of 1.4 percentage points, and Firefox dropping by 1.5 points to 19.2%. Apple's Safari and Opera Software's Opera remained flat at 5.6% and 1.6%, respectively.
IE10 chart
Credit Microsoft's automatic upgrade of Windows 7 PCs from IE9 to IE10 for the quick climb in the latter's user share fortunes. (Data: Net Applications.)
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter@gkeizer, or subscribe to Gregg's RSS feed Keizer RSS. His email address

Wednesday, 3 July 2013

With BlackBerry reportedly hacked, is anything secure?

You have to wonder what level of encryption can withstand the brute-force computing power that is cheaply available today.

Computerworld - Is anything secure anymore? The National Security Agency (NSA) leaks have produced a number of side effects. What we assumed was a safe form of communications is perhaps not so secure after all. The gold standard of secure mobile messaging, BlackBerry, may have been compromised!
Apparently, the NSA and Britain's spy agency GCHQ (and/or other governments/agencies) were able to hack into the BlackBerry streams of government officials attending a G20 summit in London. If true, this raises a bigger question: Is any encrypted communication safe anymore given the massive amount of brute-force computing power that can be applied to code-breaking and pattern recognition?
Low-cost GPUs (graphical processer units) that are being configured into massively parallel systems are far better at code-breaking than traditional CPUs. When the encryption algorithms were originally created, people reported it would take tens or hundreds of years in brute-force computing power to break them. But they never envisioned the relatively cheap, massively parallel systems available today using hundreds or thousands of NVidia or AMD GPU cores. These parallel processing machines are really effective at finding patterns and hence decrypting data streams. Indeed, some "researchers" have demonstrated ways of breaking the security of wireless transmissions like Wi-Fi, Bluetooth, etc.
Do we need to re-evaluate what secure mobile messaging is all about? For years, Research In Motion has said its BlackBerry system was secure. There's no reason to doubt that RIM is being honest when it confirms that there is no back door designed into its systems to allow decoding of user data streams. But that does not mean it can't be done by other means, perhaps by monitoring the data and then deciphering it, and not necessarily in real time. (Recording in real time than processing the data in massive supercomputing systems is common practice.) What may have taken tens or hundreds of years to brute-force when algorithms were designed may no longer be an accurate estimate for those players able to devote enough resources to their defeat. And the cost and availability of those resources is dropping rapidly.
So should organizations, even ones that believe they are highly secure (and perhaps even FIPS-compliant), assume they are safe? Should stand-alone or PC-installed encrypted storage devices be assumed unbreakable? Should highly encrypted mobile messaging be assumed unreadable by prying eyes? They're safe from most hacking, probably. From all hacking and various government agencies, U.S. and otherwise, not necessarily. Don't forget, Enigma, the most ambitious and secure "unbreakable" system of its day, was defeated.
The NSA disclosures should raise red flags. We are entering a new era of security where decryption of secure systems is something that can be accomplished on multiple levels and with relatively easily available technology. Mobile users with highly sensitive data should be concerned, both with mobile data transfers and also data at rest that may be stolen (e.g., while laptops remain in a hotel room and the owner goes out). There is no longer an absolute guarantee of confidentiality. This is not paranoia. Moore's Law's exponential expansion applies as well to the brute-force hacking of encryption as it does to other computing tasks.

There will be a continuous struggle to find more secure encryption algorithms, or use increasingly longer bit-lengths to enhance security and make it more difficult to defeat. But this may also require more onboard resources to do the encryption/decryption and raise the cost of devices. Ultimately security isn't free.
Bottom line: Complacency is the enemy. All organizations must be vigilant and review what level of data encryption and levels of security they employ, especially if the technologies are more than one or two years old and the companies are in highly regulated and/or sensitive industries. Only the most current security-enabled products should be utilized, but that may not be enough to prevent a data breech by those groups/agencies with enough resources to apply to the task.
Jack Gold is the founder and principal analyst at J.Gold Associates, an information technology analyst firm based in Northborough, Mass.

Monday, 1 July 2013

Microsoft updates new Windows 8 to Windows 8.1 and makes other significant changes...

Microsoft CEO Steve Ballmer speaks Wednesday during the keynote address during the Microsoft Build Conference in San Francisco.

The newest version of Windows is getting some changes. Among them? A little dose of old Windows.
Microsoft is making adjustments to its Windows 8 operating system, beginning with the resurrection of the Start button.
The changes, announced today at the Microsoft Build developer conference in San Francisco, address some of the complaints leveled at the hybrid tablet and PC operating system that surfaced when it was released late last year.
The company also unveiled improvements to its Bing search engine, built-in support for 3-D printers, an updated Xbox Music app, and new tools for developers making WIndows 8 applications.
"The PC, the Windows device of today, doesn't look a lot like the PC of 10 years ago or of 15 years ago," said Microsoft CEO Steve Ballmer at a keynote address kicking off the conference.
Microsoft brings back 'start' button
Windows 8 tiles pose challenge for users
Ballmer outlined some of the new changes to Windows 8.1, which he described as a "refined blend."
When the radically different, touchscreen-optimized system came out eight months ago, many Windows users were upset about radical departure from the typical Windows interface, especially the lack of a Start button. The button is back, and now it leads to a list of all your applications.
The company announced a few new applications for Windows 8, including an official Facebook app, Flipboard and NFL Fantasy football. Though there was a brief preview of a new version of PowerPoint for WIndows 8, the next version of the Microsoft Office suite won't be released until 2014.
The speedy Windows 8 update is part of Microsoft's new approach to releasing fixes and adding features to products.
The software and hardware company is now focused on a "rapid release" cycle, which will let it roll out changes to software in a matter of months instead of years. It has already released a number of changes to Windows 8, but this version is the biggest overhaul so far.
A free preview version of the Windows 8.1 update for developers is available to anyone interested in installing it. The version for regular consumers will come out later this year.
Other changes include the ability to boot directly into the desktop, more flexibility with the tiles on the Start screen, support for high-resolution displays, and greater Bing integration.
"Search is not just a list of links, it's things you can do," said Julie Larson-Green, corporate vice president of Windows, who demonstrated some new Bing features.
Developers can now tap into Bing, which has opened up access to its 3-D maps, entities and knowledge database, and natural user interfaces.
The big Xbox Music update is a radio feature that builds a station for listeners based on a song, much like Pandora.
As part of a feature coming later this year, people will be able to automatically create Xbox Music playlists based on Web pages, like a Pitchfork list of top songs of the year.
Microsoft also highlighted a few of the of the 3,000 Windows 8 certified tablets, PCs and hybrids, including an 18-inch Dell tablet. It highlighted more touchscreen devices, "workhorse" 2-in-1 tablets and smaller tablets.
"We're going to see a proliferation of Windows 8 small tablet devices over the next few months," said Ballmer.

Microsoft's own entry in to the hardware world wasn't forgotten. After some scripted banter about how much they loved their own Surface tablets, presenters announced that developers attending the conference would all receive free Surface Pros. Attendees will also get Acer Iconia W3 tablets.