Hey there! If you're new here, you may want to subscribe to my RSS feed to keep updated. Thanks for visiting!

Image via CrunchBase, source unknown

Shared by natadd

Very important!! You should always use SSL (https://) for Gmail!

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mail accounts has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

When you log in to Gmail the website sends a cookie (a text file) containing your session ID to the browser. This file makes it possible for the website to know that you are authenticated and keep you logged in for two weeks, unless you manually hit the sign out button. When you hit sign out this cookie is cleared.

Even though when you log in, Gmail forces the authentication over SSL (Secure Socket Layer), you are not secure because it reverts back to a regular unencrypted connection after the authentication is done. According to Google this behavior was chosen because of Read the rest of this entry &raquo

Since we started the first Android Developer Challenge late last year, we all have been eager to see who the winners of $275,000 and $100,000 would be. All 50 applications that emerged from Round 1 of ADC I showed great promise, and these teams have been working intensely for the past several months to polish their apps for the final round.

Similar to round 1 we sent laptops preconfigured with the judging environment, emulator, and all entries to each of our seven judges. In this round, each judge reviewed all 50 applications, took collaborative notes and gave initial scores. Then, all judges met together over conference calls to discuss and debate these applications, finally coming to consensus on which applications should receive $275,000 and which should receive $100,000.

We’re pleased to present all of the winners and finalists in our detailed ADC gallery. Peruse and enjoy — there are awesome applications and unique uses of the Android platform. We would like to congratulate the winners and thank all the entrants for their hard work!

The WSJ is reporting that Google is set to launch a venture fund to give it the option of investing in startups instead of just flat out buying them. The fund will be led by Google’s SVP Corporate Development David Drummond and Bill Maris, a long time business friend of Anne Wojcicki, Sergey Brin’s wife. Maris is a tech entrepreneur with a degree in neuroscience and worked with Wojcicki at a San Francisco-based for-profit company called Catalytic Health. This hasn’t been confirmed by Google, and it’s clear they’ve been thinking about a fund off and on for years. From the article:

The move would make Google the latest technology giant to take on a more-formal role in seeding start-ups. Intel Corp. has had a large venture-capital arm for years, as have Motorola Inc., Comcast Corp. and many others. In the consumer-Internet area, Walt Disney Co.’s Steamboat Ventures has invested in a number of Web start-ups. So has Amazon.com Inc., which has funded a number of young companies without

Read the rest of this entry &raquo

July 29, 2008 — Microsoft is incubating a componentized non-Windows operating system known as Midori, which is being architected from the ground up to tackle challenges that Redmond has determined cannot be met by simply evolving its existing technology.

SD Times has viewed internal Microsoft documents that outline Midori’s proposed design, which is Internet-centric and predicated on the prevalence of connected systems.

Midori is an offshoot of Microsoft Research’s Singularity operating system, the tools and libraries of which are completely managed code. Midori is designed to run directly on native hardware (x86, x64 and ARM), be hosted on the Windows Hyper-V hypervisor, or even be hosted by a Windows process.

According to published reports, Eric Rudder, senior vice president for technical strategy at Microsoft and an alumnus of Bill Gates’ technical staff, is heading up the effort. Rudder served as senior vice president of Microsoft’s Servers and Tools group until 2005. A Microsoft spokesperson refused comment.

“That sounds possible—I’ve heard rumors to the effect that he [Rudder] had an OS project in place,” said Rob Helm, director of research at Directions on Microsoft. He noted that it is quite possible that the project is just exploratory, but conceivably a step above what Microsoft Research does.

One of Microsoft’s goals is to provide options for Midori applications to co-exist with and interoperate with existing Windows applications, as well as to provide a migration path.

Building Midori from the ground up to be connected underscores how much computing has changed since Microsoft’s engineers first designed Windows; there was no Internet as we understand it today, the PC was the user’s sole device and concurrency was a research topic.

Today, users move across multiple devices, consume and share resources remotely, and the applications that they use are a composite of local and remote components and services. To that end, Midori will focus on concurrency, both for distributed applications and local ones.

According to the documentation, Midori will be built with an Read the rest of this entry &raquo

This morning a 5.8 5.4 magnitude earthquake struck Southern California near Los Angeles. Well before the information was anywhere on the major news outlets, tweets (Twitter messages) were flowing in at a rapid clip. I say again, events such as this showcase the power of the micro-messaging service Twitter.

When natural disasters strike, people want news ASAP. Twitter is simply very fast at disseminating information. We saw this when a large 7.8 earthquake struck China back in May and we’re seeing it again today. Today, it was especially true when used in conjunction with the social conversation and aggregation site FriendFeed. Minutes after the quake, I had various accounts of it and maps of its epicenter.

Twitter’s new search site (formerly Summize) is also an incredible tool for getting information. It used to take a little while for information on these events to trickle down depending on who you were following on Twitter. Now you can simply open Twitter Search and do a query for “earthquake” and get thousands of results. Within minutes of me opening the site up, I was alerted that there were already hundreds of updates on the earthquake — the information was coming in fast.

It takes reporters time to set up and get the story, but Twitter turns thousands of regular people into citizen journalists — all of whom are on the scene. Of course one has to worry about Read the rest of this entry &raquo

Though a distant third place to Google, Microsoft thinks it can teach its rival a thing or two about searching the Internet.

A big part of Google’s rise to search engine leadership was an algorithm called PageRank that assesses a specific page’s importance by how many other Web pages link to it and by the importance of those linking pages. Microsoft researchers and academic collaborators, though, detailed an idea this week it calls BrowseRank that seeks to bring more of a human touch to that assessment.

Microsoft likes the results BrowseRank, which assigning Web page priority based on how people actually use the site.

(Credit: Microsoft ResearchA Asia)

Essentially, the researchers tested out a system that replaces PageRanks’ link graph–a mathematical model of the hyperlinked connections of the Internet–with what they call a user browsing graph that ranks Web pages by people’s behavior.

“The more visits of the page made by the users and the longer time periods spent by the users on the page, the more likely the page is important. We can leverage hundreds of millions of users’ implicit voting on page importance,” the researchers said in BrowseRank: Letting Web Users Vote for Page Importance, a paper from the SIGIR (Special Interest Group on Information Retrieval) conference this week in Singapore. Authors are Bin Gao, Tie-Yan Liu, and Hang Li from Microsoft Research Asia and Ying Zhang of Nankai University, Zhiming Ma of the Chinese Academy of Sciences, and Shuyuan He of Peking University.

Search is of tremendous importance to the Internet for Read the rest of this entry &raquo

BoomTown is flatly fascinated by the rather incredible memo Microsoft CEO Steve Ballmer penned to his troops yesterday, with news of the reorganization of its massive Platforms and Services Division and the departure of its president, Kevin Johnson.

In the memo, in a very rare public airing of its less-clean laundry, Ballmer actually casts Microsoft’s two major rivals, Apple and Google, in a somewhat positive light, while still vowing to best them.

It is not often that Ballmer or even Microsoft Founder Bill Gates mentions either company in public. More to the point, what neither typically does is acknowledge that they do anything right.

But Ballmer did so yesterday in the memo, perhaps a sign that Microsoft (MSFT) realizes it has trouble on its hands and needs to publicly declare tough enemies to pump itself up to fight.

The memo should be Topic A for financial analysts, who are gathering at Microsoft’s Redmond, Wash., headquarters today for their annual meeting with company leaders.

“It’s going to be a rocky day,” said one Microsoft source.

And how! Especially given the need to explain the memo in more detail, including plans for beating back incursions by more nimble companies like Apple (AAPL) and Google (GOOG).

Ballmer took a baby step in that direction in the strategy email to employees.

About Apple, for example, Ballmer wrote:

In the competition between PCs and Macs, we outsell Apple 30-to-1. But there is no doubt that Apple is thriving. Why? Because they are good at providing an experience that is narrow but complete, while our commitment to choice often comes with some compromises to the Read the rest of this entry &raquo

What is cloud computing? We recently asked a number of people in our industry, and got back a range of interesting, and sometimes self-referential, responses. You can see them here. According to our respondents, cloud computing means anything from a single-tenant, multi-user application cloud (also known as software-as-a-service or “Saas”) to multi-tenant, general purpose, on-demand clouds (sometimes called platform-as-a-service or “PaaS”). Joyent provides an example of the former in our Connector product. We also do the latter in our Accelerator product. I think the world of computing, generally, is moving away from a do-it-yourself approach to accomplish “shared” computing (and by computing is meant anything having to do with servers, in general) towards embracing or, better, stepping into the cloud for most computing the isn’t on the edge of the network. The migration has begun from dedicated, collocated servers to the cloud. Buyers don’t want to take possession of servers, routers, switches, network drops, racks; they want this from the cloud. But what is the cloud? What sort of cloud computer(s) should we be building or expecting from vendors? Are there issues of lock-in that should concern customers of either SaaS clouds or PaaS clouds? I’ve been thinking about this problem as the CEO of a PaaS cloud computing company for some time. Clouds should be open. They shouldn’t be proprietary. More broadly, I believe no vendor currently does everything that’s required to serve customers well. What’s required for such a cloud? I think an ideal PaaS cloud would have the following nine features:

1) Virtualization Layer Network Stability

Cloud computers must operate on some sort of virtualization technology for many of the following features to even be feasible. But as general purpose computing moves from dedicated hardware to on-demand computing, one key feature of the dedicated model for web applications is a stable, static IP address. If the virtualization layer borks (and this happens), when the cloud has recovered the cloud instances of compute, the developer should be able to rely on the web application just working without having to re-jigger network settings.

2) API for Creation, Deletion, Cloning of Instances

Developers should be able to interact with the cloud computer, to do business with it, without having to get on the phone with a sales person, or submit a help ticket. In other words, the customer should be able to truly get on-demand computing when they demand, whenever they demand. Joyent only began to offer this recently through Aptana and their Aptana Studio product. However, the API is only available to Aptana at this point. The API needs to be publicly available to everyone. Provide a credit card (that works and is yours) and you should get compute, storage, and RAM on-demand. The challenges for cloud computing companies is to figure the Read the rest of this entry &raquo

Read the rest of this entry &raquo

Kevin Mitnick is going to tell his side of the story. And he's going to get paid for it. 

Speaking to an adoring crowd of 800 at the Hackers On Planet Earth conference, Mitnick, once described as the “most wanted computer hacker in the world,” announced that he had signed a deal with Little, Brown and Company to tell his life story. “Finally I get to tell my side,” he said, saying the conditions of his parole kept him from profiting from his crimes — including writing a biography — for the past seven years.

Mitnick was convicted of computer crimes in 1999. At sentencing, prosecutors argued Mitnick should be subject to special treatment while incarcerated because the hacker could “start a nuclear war by whistling into a telephone.” A judge agreed, and Mitnick was sentenced to solitary confinement. The perceived unfairness of the sentence made Mitnick a cause célèbre within the hacker community, and sites like freekevin.com sprang up on the Internet.

Mitnick promised the new book will be a tell-all about his hacking stunts, which relied on his speciality of “social engineering” — hacker-speak for tricks that rely less on technical wizardry and more on duping human beings into giving up information. But Mitnick, who now makes an honest living as a computer security consultant, also enjoys finding holes in software. At HOPE, he showed off his latest hack, which involves scripting the “asterisk” open-source telephony program to show Caller ID information for anyone who calls him, even if that phone’s Caller ID is set to “private.”

Photo: Eric Krangel / Silicon Alley Insider