Author: Nick Farrell

Car industry can’t do computer security

Posted on March 11, 2015 by - News

jalopyWhile every tech company and its dog is trying to slam their technology into cars, it is starting to look like the automotive industry can’t cope with the need for security.

A Dallas law firm has filed a lawsuit against three major automakers claiming they have failed to take basic measures to secure their vehicles from hackers.

The lawsuit, filed in the US District Court for the Northern District of California by attorney Marc Stanley, is on behalf of three vehicle owners and “all others similarly situated”. It alleges that the cars are open to hackers who can take control of basic functions and endanger the safety of the driver and passengers.

“Toyota, Ford and GM have deliberately hidden the dangers associated with car computer systems, misleading consumers,” Stanley said in a statement.

But the case is bringing to light problems which may bedevil the car industry in the future. After all if they are having problems with the security on cars now, how are they going to manage when autodriven vehicles are in charge.

Modern cars and light trucks contain less than 50 separate electronic control units (ECUs) — small computers connected through a controller area network (CAN) or other network such as Local Interconnect Networks or Flexray.

New high tech cars will contain shedloads of them, and if hacked could be driven by hackers into walls or other cars.

The court case claims that the car companies are also habitually secretive about these sorts of problems – something that does not bode well if you are sitting in the back of a self drive taxi.

“Disturbingly, as defendants have known, their CAN bus-equipped vehicles for years have been (and currently are) susceptible to hacking, and their ECUs cannot detect and stop hacker attacks on the CAN buses. For this reason, defendants’ vehicles are not secure, and are therefore not safe,” the lawsuit states.

Last year, at the Black Hat security conference in Las Vegas, two industry experts released a 92-page report revealing “the 20 most hackable cars.”

DARPA reported that the defect represents a “real threat to the physical well-being of drivers and passengers.” Before releasing its study, DARPA shared its finding with car manufacturers so they could address the vulnerabilities, “but they did nothing,” the lawsuit states.

HP creates cloud server line

Posted on March 11, 2015 by - News

Every silver has a cloudy liningThe maker of expensive printer ink, HP said that it is creating a server family for cloud providers.

The project is being done as a joint venture with Foxconn, a partnership announced last year to create cloud-optimised servers. HP has been building servers from Foxconn for a year, but is now giving a name to its server line: Cloudline.

According to HP, its systems are based on standards-based principles and use rack scale computing.

With rack scale systems, functions that were previous located in the server, such as cooling and power, may be part of the rack. The systems will likely be deployed in multi-vendor environments, although users want uniformity in controls.

HP will use the Intelligent Platform Management Interface (IPMI), an open management platform, and other systems that help provide a uniform way of managing hardware.

The hyperscale x86 server market has been growing fast, and this has led to increasing numbers of original design manufacturers (ODM), such as Taiwan’s Quanta entering the game.

HP is announcing these OpenStack systems at the Open Compute Summit and will begin taking orders on some of the systems at the end of this month. The systems use Intel Xeon E5 v3 processors and come in five configurations, including a two-socket (2P) server sled configuration and 1U configurations. No word on pricing yet.

Why did Minecraft get the works?

Posted on March 11, 2015 by - News

turkTurkey has been fast becoming a place where anything can get banned from the internet for the lamest excuses.

You can be banned for insulting the dead hero Atatürk, you can be blocked for revealing tapes proving government corruption and not it seems you can be censored for playing Minecraft.

A Turkish ministry claims that the game is “too violent” after a report from Turkey’s Family and Social Policies Ministry.

The decision whether or not to band Minecraft is currently in the hands of the Turkish courts as the ministry has submitted their report of the game being too violent to the legal affairs department, as well as instructions for the legal process to begin the ban.

A portion of the report was said to say:  “Although the game can be seen as encouraging creativity in children by letting them build houses, farmlands and bridges, mobs [hostile creatures] must be killed in order to protect these structures. In short, the game is based on violence.”

It seems that the Ministry is little concerned that kids might grow up confusing the game world and reality, possibly even “going as far as torturing animals without knowing what kind of pain they’re causing the creature”.

We guess that like other countries concerned about game violence, Turkey is a peaceful place which does not have any violence at all. Any that happens of course is not born out of a frustration with a corrupt, increasingly autocratic government, but Angry Birds or Tetris which were never banned.

Intel’s Xeon SoC to ARM wrestle

Posted on March 10, 2015 by - News, Products

arm-wrestlingIntel has lifted the veil on a new Xeon D family of processors which are the company’s first ever Xeon-based System-on-Chip (SoC).

The news is bad for ARM because it is wanted to dominate the microserver market and this package is exactly what it does not want out there.

The Xeon D line is built on Intel’s 14nm process technology and combines the performance of Xeon chips with the size and power savings of a SoC.

Intel says the Xeon D delivers up to 3.4x faster performance node and up to 1.7x better performance per watt compared to the company’s Atom C2750, which is part of Intel’s second-generation 64-bit SoC family.

Xeon D is the third generation and it’s actually based on Intel’s 14nm Broadwell architecture.

This puts Intel in the running for those customers who want low-power, high density infrastructure products. In fact Intel says that it can deliver  server class reliability, availability, and serviceability (RAS) features in an ultra-dense, low-power device.

Cisco, HP, NEC, Quanta Cloud Technology, Sugon, and Supermicro have sworn their loyalty to the chip, before all their dark gods, and are committed to building microserves based on Intel’s new Xeon D options.

This means ARM has not got much time before actual products are out there.

Diane Bryant, senior vice president and general manager of the Data Center Group at Intel said that the growth of connected devices and demand for more digital services has created new opportunities for information and communication technology,” said.

“By bringing Intel Xeon processor performance to a low-power SoC, we’re delivering the best of both worlds and enabling our customers to deliver exciting new services.”

Intel’s kicking things off with two Xeon D processors, the D-1540 with 8 cores, 16 threads, 2GHz, 45W TDP and D-1520 with its 4 cores, 8 threads, 2.2GHz, 45W TDP. These have memory controllers capable of up to 128GB of addressable memory.

They also feature an integrated platform controller hub (PCH), integrated I/Os, and two integrated 10 Gigabit Ethernet ports.

All of this is based on Intel’s Broadwell so should give a reasonable performance per watt.

Sharp Display will remain independent

Posted on March 10, 2015 by - News

keep-calm-and-stay-sharp-5Sharp has given up on an idea which would see it merging its troubled display business with rival Japan Display.

Apparently the company has a technological advantage over its competitors so it makes sense to keep going.

Norikazu Hohshi, the head of Sharp’s device business ,told reporters at a briefing that looking at its  overall display business he believed it should be on its own.

Sharp is due to post its third annual net loss in four years, hurt by aggressive competition from its rival and weaker-than-expected Chinese smartphone demand.

That is not to say that Sharp has not got a cunning plan to pull its nadgers out of the fire. Apparently executives are compiling a new business plan and considering investing in new nadger pulling equipment.

Chief Executive Kozo Takahashi met with officials from its main lenders Mizuho Bank and Bank of Tokyo-Mitsubishi UFJ last Thursday, although he did not request specific amounts or make promises about restructuring.

The difficulty is that Sharp is really short of cash and may need help.

The banks agreed in September 2012 to rescue Sharp with loans and credit lines worth 360 billion yen, or $3 billion at today’s exchange rates, in exchange for promises to return to the black by this year.

Sharp then exited the European TV market and closed solar-panel businesses in Europe and the United States. However things do not appear to have become any better,

Googler takes over Patent Office

Posted on March 10, 2015 by - News

William_Hemsley_The_young_poacher_1874In a classic poacher turned game keeper scenario, a former Google executive has taken over the US Patent Office.

The US Senate confirmed former Google Inc executive Michelle Lee will head the US Patent and Trademark Office. No one has taken the job for two years ever since David Kappos, a former IBM suit, left in February 2013.

Lee was a lawyer and head of patents and patent strategy at Google, and had been the acting director of the office. The patent office has been slammed for approving what some say are weak software related-patents that have given ground to Patent Trolls.

Lee’s main task will be to improve the quality of patents granted by the agency and send the trolls back to live under their bridges.

Another complaint has been the agency’s long backlog in examining patents. In December 2011, the unexamined backlog was almost 722,000 patents. It currently stands at 602,265, according to the agency’s website.

 

Cameron told to sling his hook on Tor

Posted on March 10, 2015 by - News

David CameronMonths after Prime Minister David “One is an Ordinary Bloke” Cameron said he wants to ban encryption and online anonymity, a Parliamentary report has told him to shutup.

A briefing issued by the Parliamentary Office of Science and Technology saying that the such an act is “neither acceptable nor technically feasible” which is about as close as you can get to telling Cameron to shut up short of a coup and a guillotine.

The briefing specifically referenced the Tor anonymity network and its ability to slide right around such censorship schemes.

While briefings from the Parliamentary Office of Science and Technology are not legally binding it does mean that if Cameron pushes through any censorship bill it will be without the science behind him.

The briefing does explicitly state that there is “widespread agreement” banning Tor is not acceptable policy nor is it feasible technologically.

Tor has about 100,000 users at any given moment within the United Kingdom.

“There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK,” the briefing explained. “Even if it were, there would be technical challenges.”

In 2012, UK police moaned that the Tor anonymity service was used by “many” pedophiles in order to trade child abuse images. However now it appears that they have changed their minds.

The briefing, quoting Britain’s Parliament by the Child Exploitation and Online Protection Command (CEOP) of the UK National Crime Agency said that Tor “plays only a minor role in the online viewing and distribution of indecent images of children,” according to the briefing,

Coppers have worked out that Tor is less popular among offenders because it decreases the speed at which images can be downloaded.

Apple’s iWatch disappoints

Posted on March 10, 2015 by - News, Opinions

tim-cook-glareOne thing that is weird about the Tame Apple Press is that if Apple makes a big cock up it really has nothing to say.

If Apple’s iWatch was even a little bit interesting, the press would have been over the top in its enthusiasm. There would have been a ton of coverage and lots of snaps of  the grimly smiling Tim Cook looking like an evil magician on his way to a baby boiling conference.

Sure there was the usual staged Nuremberg rally, where Apple staffers, fanboys and the Tame Apple Press cheered the arrival of the iPhone with the usual standing ovulation. But they would have done that anyway.

What was interesting was how muted the rest of the press coverage was. Warning signs tipped up when the Italian television news, which only reports bollocks like this,  gave the iWatch a token 30 seconds. Most of that 30 seconds was a free advert for the iPhone and hardly mentioned the watch at all. By contrast the iPhone 6 got 15 minutes when it launched and Prime Minister of Italy Matteo Renzi smuggly umming and erring his way through a 20 minute speech was covered verbatim.

A search through the wires this morning showed the usual suspects giving an uncharacteristically muted coverage. The News Republic did not even mention the watch, and instead talked about Cook’s tweet about not sleeping before the launch.

So why the disappointed response? Apple’s iWatch has arrived nearly two years behind its rivals and it basically has nothing to offer for its huge price tag $350 price tag.

Apple to enter this limited market had to really wow people with new functionality and it simply didn’t. Jobs’ Mob’s first real “innovation” since the death of Steve was an overpriced copy of what was already on the market.

What could have improved the watch’s chances was a killer app involving health care readings, but beyond a basic heart rate meter Apple could not get it to go.

Another thing which could have made it more interesting was it being independent from its iPhone.
However the watch needs the phone to function, meaning that if you are Christy Turlington Burns and you take the thing on your run you have to lug your heavy iphone with you. If you are carrying the phablet version of the phone that is really heavy. It might make you a better runner to carry all that weight, but since most iPhone users are carrying a few extra pounds anyway it is probably not a good idea.

So if you want the watch for sport, the iWatch does some of what you want, less efficiently, for three times the price of a sports product.

If you want the watch to complement your iPhone then it fails there too. Why do you need something on your wrist that your iPhone already has in your pocket?

All this does not mean the iWatch will fail. In fact it is a screaming indictment of modern civilisation that the iWatch will probably sell in reasonable numbers. Apple might be able to save the product in version two by getting the health functionality going. But they are empty sales. They are people buying something they don’t need, because it has an Apple logo. You can only get away with that so often.

But this is not the sort of product that even the Tame Apple Press wants to peddle. Instead they are wandering away whistling, not daring to point out this Emperor has no clothes on in case Apple blacklists them.

But smarter minds, who are worried that Apple has run out of ideas, are selling their shares. A mate of mine who has had them since the iPhone, dumped the lot when he heard that Apple had removed a ton of health functionality from the product. He reasons that ultimately Apple will fail because it has become too big and run out of ideas. The iWatch proves it.

Lenovo still distributing Superfish

Posted on March 9, 2015 by - News

1413884897_463198Lenovo is still peddling notebooks pre-installed with dangerous, HTTPS-breaking adware, despite saying it had abandoned the practice.

Initially, Lenovo said the Superfish ad-injector posed no threat, a position it quickly reversed and then said the company stopped bundling the software in December.

Executives promised to release a removal tool that would delete all code and data associated with the adware.

However it looks like Lenovo might not have have told the full truth.

Ars Technica found that a new $550 Lenovo G510 notebook which was ordered in early February more than four weeks after Lenovo said it stopped bundling Superfish, still had the software.

It was not as if it was old stock stuck in the channel either, the onboard Windows had a December build date.

The next promise was about the official Superfish removal tool, which the PC maker states will “ensure complete removal of Superfish and certificates for all major browsers.”

While the tool removed the dangerous certificate—and as a result closed the serious man-in-the-middle vulnerability it posed—Lenovo’s software didn’t remove all Superfish-related data.

A Lenovo spokesman wrote in an e-mail to Ars: “If an individual customer has a specific question about their experience with the removal tool, they should contact the Lenovo Service line directly.”

Tor wants government freedom

Posted on March 9, 2015 by - News

tor-browsingSecurity outfit Tor has said it wants to wean itself off US government cash.

In 2013, Tor received more than $1.8 million from the US government, about 75 percent of the $2.4 million in total annual expenses, according to their latest publicly available tax returns.

While Tor is grateful for the cash, it is worried that conspiracy theorists claim that the US spooks have the system wired up to be a honeypot.

The premise is that while  Tor is meant to keep you anonymous on the Internet but it’s funded in large part by the US government who does not want you to be anonymous. So it must be a way that the government locates those who want to be anonymous and tracks them down.

Technically this is tricky, but it is probably better for Tor if it was free of a government involvement – particularly when that government has been seen as a big fan of snooping.

Developers recently discussed the push to diversify funding at Tor’s biannual meeting in Spain, including setting a goal of 50 percent non-U.S. government funding by 2016.

Tor developers at the meeting also brought up the possibility of lobbying foreign governments within, for instance, the European Union.

However, increasing non-governmental funding is a major priority. Individual donations rose significantly in the last year and Tor plans on soliciting them much more aggressively in 2015. Every new download of Tor—there were 120 million in 2014—will be asked to donate to the project, a change expected to take place in the near future.

Tor is launching a crowdfunding campaign in May of this year.

UK considers copying US on piracy

Posted on March 9, 2015 by - News

stupid cameronThe UK government is so impressed that the US has managed to increase piracy while locking up so much of its pirates it thinks it might try it.

Current thinking in David “One is an ordinary bloke” Cameron’s cabinet is that piracy crimes happen because the penalties are too light. And  the US where P2P pirates face huge sentences for getting caught, has no problem with pirates at all.

A new Intellectual Property Office (IPO) report reveals that many major rightsholders believe criminal sanctions for copyright infringement available under the Copyright, Designs and Patents Act 1988 (CDPA 1988) should be a lot tougher.

While the Digital Economy Act 2010 increased financial penalties up to a maximum of £50,000, in broad terms the main ‘offline’ copyright offenses carry sentences of up to 10 years in jail while those carried out online carry a maximum of ‘just’ two.

In 2014, Mike Weatherley MP, then IP advisor to the Prime Minister, said that this disparity “sends all the wrong messages”, a position that was supported by many major rightsholders. The current report examines data from 2006 to 2013 alongside stakeholder submissions, both for and against a change in the law.

It is important that you understand some of the language here. The word “stakeholder” actually means wealthy movie or recording studio which wants the government to tackle copyright infringement so it does not pay for it. Asking them if they think P2P pirates should receive tougher penalties is like asking UKZIP if Romanians should be sent home. In fact if you asked the stakeholders, “do you think that P2P pirates should be publically hung, drawn and quartered and boiled in oil?” they would nod enthusiastically.

“Many industry bodies argue that higher penalties are necessary and desirable and that there is no justification for treating physical and online crime differently. Other stakeholders suggest that these offenses are in fact different, and raise concerns about a possible ‘chilling effect’ on innovation,” the report reads.

But the report actually seemed to lean away from tougher penalties.

Court data from 2006-2013 reveals that prosecutions under the CDPA have actually been going down and that online offenses actually constitute “a small, and apparently decreasing, fraction of copyright prosecution activity as a whole.”

The Crown Prosecution Service didn’t bring a single case under the online provisions of the CDPA 1988 during the period examined.

This lack of case law is problematic by the Federation Against Copyright Theft. ACT has stepped away from public prosecutions under copyright law in order to pursue private prosecutions, because of this problem.

But making sentences tougher causes another problem. The Open Rights Group is worried that overly aggressive punishments that not only have the potential to affect those operating on the boundaries, but also those seeking to innovate.

In other words a person working on a new sharing technology which pushes the boundaries of current legality might face themselves being jailed for years.

“Many internet innovators, prosumers, online creative communities that create non-profit derivative works, fandom producers, etc. All these people – many of whom technically breach copyright in their activities – could find themselves facing prison sentences if making available carried a maximum sentence of ten years.”

 

Intel 730-series SSDs dogged by rumour

Posted on March 9, 2015 by - News

watchdogIntel’s 730-series SSDs, which received glowing reviews, has been dogged by a rumour that it lacks power loss data protection, a feature which was highlighted in Intel’s review guides.

The rumour was confirmed by Intel’s customer support department which made the mistake of implying that the SDD’s spec had changed.

The customer support person said that the SSD 730 was never built with the capacitor for the power loss data protection.

This means, the SSD does not have the capacitors at all, therefore the Intel’s website has the correct information of the drive.

Power data loss protection is a relatively important feature for anyone buying these drives and it puts reviewers such as Toms’ Hardware on the spot for not noticing it. The only problem is that when Toms’ reviewed the Intel 730 240GB SSD, it spotted it had two large capacitors on the PCB.

After all the fact that Intel included such technology on a mass-market drive was news.

Intel moved to kill the rumours this week. Jeff Fick, Product Marketing Engineer on the Intel SSD 730 Series insisted that the Intel SSD 730 Series incorporates power loss protection circuitry, capacitors and firmware support to help protect user data.

He said that Intel customer support got it wrong.  In fact it looks like contrary to Intel’s tech support’s statements, the capacitors do indeed exist and do provide a level of protection rarely seen on enthusiast-level SSDs.

AMD to release life preserver

Posted on March 9, 2015 by - News

titanic-life-preserverThe troubled chipmaker AMD is about to fight back against Nvidia dominence with its upcoming AMD Radeon R9 300-series graphics cards.

Specifications of the cards started to leak last month and now there are new rumours of an official announcement at the Computex show.

AMD is planning to introduce the new cards during Computex in June and there will be a single new card at CeBIT and a few re-branded cards before Computex.

Managers at AMD apparently want a “full line up” of cards to be released at the same time. I needs this to cover the ground lost to rival Nvidia over the last year.

Nvidia took a significant market share in the GPU market but AMD CFO Devinder Kumar was confident that in the the second half of 2015 there would be a launch of a new graphics product which would set everything right.

“We will gain back the market share which is low from my standpoint and historically,” he claimed.
There is nothing really on the roadmap other than the AMD Radeon R9 300-series that can do that, so it looks like this rumour has legs.

AMD leans on ARM for next phase

Posted on March 6, 2015 by - News


arm-wrestlingAMD is pinning its hopes on ARM servers and custom designs to pull its nadgers out of the fire, sources inside the company are saying.

New CEO Lisa Su has said ARM servers will account for as much as 15 percent of the total server market in less than five years and AMD wants a slice of that.

It is a long term gamble, and one which is a move away from AMD’s traditional x86 plans.

What is also strange about the plan is that it does create rivals from companies that are also bidding to put ARM in the data centre.

There is also the problem that ARM adoption in the server space is new and lacks the software and driver maturity of x86 – something which AMD actually knows rather a lot about.

To keep the flag flying. AMD plans to increase its custom semi-design business. AMD has recently signed a number of new customers up to its “semicustom” practice, which it expects to grow into a business worth as much as $1 billion in much-needed new revenues.

Canadian’s club spammer

Posted on March 6, 2015 by - News

mountie-maintain-rightManon Bombardier, the Canadian Radio-television and Telecommunications Commission’s (CRTC’s) Chief Compliance and Enforcement Officer has fined an outfit $1.1 million for spamming.

Compu-Finder has 30 days to object or pay up.

After an investigation, CRTC found Compu-Finder sent out spam in which the unsubscribe mechanisms did not function properly.
The emails sent by Compu-Finder promoted various training courses to businesses,

The four violations happened last year between July 2, 2014 and September 16, 2014. Compu-Finder spam accounted for 26 per cent of all complaints submitted last year.

Canada’s anti-spam legislation was adopted by Parliament on December 2010 and came into force on July 1, 2014.

Bombardier said that Compu-Finder flagrantly violated the basic principles of the law by continuing to send unsolicited commercial electronic messages after the law came into force to email addresses it found by scouring websites.

Complaints submitted to the Spam Reporting Centre clearly indicate that consumers didn’t find Compu-Finder’s offerings relevant to them, he said.