Tag: newstrack

Qualcomm is in denial

bad-dogQualcomm, under investigation for possible monopolistic practices in China, said it had no direct financial links with an antitrust expert.

Zhang Xinzhu, a member of the Chinese Academy of Social Sciences (CASS) and one of China’s leading antitrust experts was sacked from a government advisory post after state media reported he had received payments from Qualcomm.

Qualcomm is being investigated by the National Development and Reform Commission (NDRC), one of China’s three antitrust regulators, over how the company licenses its patents and prices its chipsets.

The chipmaker did not hire Zhang directly. When it was investigated by the NDRC it hired Global Economics Group to produce an economic analysis for submission to the regulator. Global Economics Group employed Zhang Xinzhu.

The official Xinhua News Agency reported on Wednesday that Zhang had been fired from the State Council’s expert commission on competition issues for taking “huge rewards” from Qualcomm. The implication was that Qualcomm had been bribing Zhang to suggest that the regulators should be nice to the American chipmaker.

Qualcomm paid Global Economics its standard rates for the firm’s services,” Trimble said, and did not have “any financial dealings” with Zhang directly.

Qualcomm’s analysis was submitted to the NDRC in May and had three principal authors, including Zhang.

The Chinese said that Zhang had “contravened work discipline” and been removed from his position on the anti-monopoly committee.

The news agency said “certain multinational companies” had been attempting to delay antitrust probes, including spending money to gain support on experts groups and complaining of being picked on for being foreign.

“Against this backdrop, hiring relevant ‘experts’ from government departments to ‘speak on behalf of foreign companies’ is a violation of discipline … This matter should be gotten to the bottom of and bought to light,” Xinhua said.

The 21-member anti-monopoly academic experts group from which Zhang was dismissed was established in 2011. The group is seen to serve the principal role of providing the bureaucracy with the supporting arguments needed to justify its industrial policy aims.

But Zhang has been critical of the NDRC, and claimed that the regulator had acted outside of its jurisdiction and misused antitrust principles. It appears that the regulator, might just want him out of the way.

Don’t plug an iPhone into a PC

Apple_iPhone_5_white-330x330Security experts at the Georgia Institute of Technology have discovered that Apple’s already dismal record on security on its iPhone is made worse when the shiny toy is plugged into a  computer.

The attack takes advantage of design problems in iOS in which for some reason the Apple geniuses believed that they should trust anyone who connects to the phone with a USB,

Tielei Wang, a co-author of the study and research scientist at the institute said that Apple overtrusted the USB connection.

It all started when Wan and his team developed some malware called Jekyll, an iPhone application with well-masked malicious functions that passed Apple’s inspection and briefly ended up on its App Store.

However, that was not good enough, as it was pointed out that no one could see his or her malware in the huge App store.

Wang said they set out to find a way to infect a large number of iOS devices and one that didn’t rely on people downloading their malicious app.  The attack required the use of “botnet herders” to install malware onto PCs.

Apple requires a person to be logged into his account in order to download an application from the App Store. Wang and the researchers developed a man-in-the-middle attack that tricked the Apple device that’s connected to a computer into authorising the download of an application using someone else’s Apple ID.

As long as the application still has Apple’s digital signature, it does not even need to still be in the App Store and can be supplied from elsewhere.

To stop Apple refusing to publish the malware on its App store Wang’s team found they could sneak a developer-provisioning file onto an iOS device when it was connected via USB to a computer.

This allows a self-signed malicious application to be installed. Legitimate applications could also be removed and substituted for look-alike malicious ones. All this can be done without a user knowing.

While it sounds convoluted, it is worthwhile if you are attempting to take over a large number of iOS devices.

It is also worthwhile if you are state-sponsored hackers wanting to carry out a targeted attacks aimed at just a few users.

Apple has known about the problem for nearly a year now and is yet to fix it.  At the moment, Wang said, the best advice is to not connect your phone to a computer, especially if you think the computer might be infected with malware.

 

“Murderer” relied on Apple to hide body

appleThe award for the most stupid Apple fanboy of the year has to go to a bloke who relied on Apple’s Siri to find him a good place to hide the body of his murder victim.

A Florida man currently on trial for murder reportedly attempted to use Siri to garther ideas about where to bury the body of his dead roommate, a court was told.

Prosecutors said that a University of Florida student named Pedro Bravo was incandescent with rage with his roommate in late September of 2012 over a dispute involving an ex- girlfriend and strangled him

Bravo then turned on Siri on his iPhone and entered the following query, “I need to hide my roommate”.

Siri was rather helpful and asked him what kind of place he was looking for? Swamps. Reservoirs. Metal Foundries. Dumps.

Following Siri’s advice, police say he buried the body in a makeshift grave in a forest close to Bravo’s apartment. During the same period he asked Siri for advice on where to hide the body, also used a flashlight app nine times which detectives think helped him see while he buried the body.

What Bravo did not know was that during a murder inquiry, Siri will squeal like a stuck pig to the cops and all computer records are handed over.

The trial is continuing, and even if Bravo didn’t do it, his conversation with Siri makes him look a little suspicious.

 

Senators fire rocket at SpaceX

spacex-grasshopperIt seems that SpaceX has rattled the chains of the defence establishment and is doing its job a little too well.

SpaceX’s Falcon 9 rocket is putting payloads into orbit for less money than the big government contractors charge and it appears that has angered those in the defence community who have been making a fair bit of dosh flogging more expensive projects and gear to NASA.

In the US when a corporate feels threatened it uses one of its tame lobby senators to go on the attack and so far their weapon of choice has been Senator Richard Shelby. He threw needless layers of bureaucracy at SpaceX .

Now it appears that more senators have been drawn in on the side of the other defence contractors.

Three House members—Mike Coffman, Mo Brooks, and Cory Gardner have sent a memo to NASA demanding that the agency investigate what they call “an epidemic of anomalies” with SpaceX missions.

The three are insisting that as a contractor, the company should be accountable to the American taxpayer. On this they are on a sticky wicket. According to Space News, NASA did not actually pay for the development of the Falcon 9; Elon Musk did so there is no public funds being used to develop the rockets in the first place.

The three senators are also moaning that SpaceX has experienced launch delays and other problems that has prevented payloads getting into space. However that is normal and it is unlikely that NASA could have done any better.

The congressmen’s complaint that SpaceX is behind schedule is also deeply ironic when the Sentator’s chum’s own project NASA’s Space Launch System—a next generation rocket that is supposed to replace the Shuttle—is also delayed.

Space expert Phil Plait  thinks that what the big defence contractors are worried about is that the space launch system is so behind that  SpaceX is catching up with its Dragon V2 and the Falcon Heavy which will launch next year.  The Space Launch System will not test launch until 2017.

Plait said that it is a transparent attempt from members of our Congress to hinder a privately owned company that threatens their own interests.

Boeing, which is the major SLS contractor has a big plant in Alabama, Brooks’ and Shelby’s home state. The United Launch Alliance has its HQ in Colorado, home to Gardner and Coffman – coincidence perhaps?

 

App promises to shut up Satan

devilA phone App is marketing itself with the magical ability of causing the Satan, the Prince of Darkness, and infernal ruler of the world, to stop speaking.

The Shut Up, Devil! App, is based on the concept that whenever the Devil shows up, a good Christian user is unable to remember a pithy bible verse which can be guaranteed to send Satan back to where he lives.  Our last known contact address for Satan was the troubled Northborough Estate in Slough.

While Christians cannot carry a bible with them, they do always have a mobile phone, which makes it apparently appropriate to use to call an invisible friend to deal with an invisible enemy.

It is bible search with a category for just about any issue you face—anxiety, depression, fear, lustful thoughts about your neighbour’s dog etc.

Select a category and you’re presented with related cards. Each card features a relevant scripture and a personalised version designed for you to read aloud like a magic spell to make the devil run away. You can share a card with your friends on your social networks which will make sure that you keep them.

The press release we have says:

“Thousands already use the app and report transformed thinking and great victory in spiritual warfare. I know that you’ll experience the same, and in just a short time you’ll realize that you’re no longer under attack—you are on the attack!”

The app conception stemmed from Charisma House’s upcoming book, Silence Satan by Kyle Winkler, which releases in September. Winkler is founder of Kyle Winkler Ministries, a media and teaching ministry broadcasting on the Christian Television Network. It is available on the iPhone and Android so is truly interdenominational.

Satan was too busy running a Tea party meeting in Texas to respond to our calls.

 

Firmware has more holes than Blackburn Lancashire

the_beatles_yellow_submarineA team of security experts has discovered that the code for firmware is so badly constructed that it could form an attack vector of cyber attacks.

Researchers with Eurecom, a technology-focused graduate school in France, developed a web crawler that plucked more than 30,000 firmware images from the websites of manufacturers including Siemens, Xerox, Bosch, Philips, D-Link, Samsung, LG and Belkin.

They found code which contained poorly-protected encryption mechanisms and backdoors that could allow access to devices. They reported all the problems to the vendors, but it had not been realised how bad the problem really was until now.

In one instance, the researchers found a Linux kernel that was 10 years out of date bundled in a recently released firmware image.

Aurélien Francillon, a coauthor of the study and an assistant professor in the networking and security department at Eurecom said that most of the firmware analysed was in consumer devices, a competitive arena where companies often release products quickly to stay ahead of rivals.

This has an ethos of being first and cheap and to do that you don’t want a secure device.

Intel talks about Core-M

Intel-Core-MIntel has finally split the beans on the chip it hopes will start to make an impact on the tablet market.

Broadwell-based processors will carry the brand name, Core M, and they will target tablets that are less than nine millimeters thick and need no fans.

If it all works, it means that tablets will finally get a PC-class processor if it fails then mobile users will have a hot melted ball of plastic in their laps.

For those who came in late Broadwell uses Chipzilla’s Intel’s 14-nm manufacturing process. Getting the secret sauce right has been tricky, Broadwell has been delayed several times due to some teething problems with this new process.

Intel claims it has got the process right and is now ready for volume production.

Intel VP and Director of 14-nm Technology Development Sanjay Natarajan provided Tech Report   with some details about Broadwell.

Most importantly, he said that the new 14-nm process provides true scaling from the prior 22-nm node, with virtually all of the traditional benefits of Moore’s Law intact. So rather than giving up on Moore’s Law, Chipzilla is doing its best to prop it up.

This 14-nm process uses second generation tri-gate transistors or FinFETs. This actually puts Intel well ahead of rivals which have not even come up with first-generation FinFET silicon.

Looking at the fins comprising Intel’s tri-grate transistors, they appear to have become closer together at the 14-nm node with something called the fin pitch reduced from 60 to 42 nm.  The fins themselves have grown taller and thinner. This improves density, while the new fin structure allows for increased drive current and thus better performance. It all means that Intel can use fewer fins for some on-chip structures, further increasing the effective density of the process. Fewer fins means the chips are more power efficient.

The gate pitch has been reduced from 90 to 70 nm and, as shown above, the spacing of the smallest interconnects has dropped even more dramatically, from 80 to 52 nm.

Natarajan said the new chip can flip bits at higher speeds than prior generations while losing less power in the form of leakage along the way.

What he suggests also is that Intel will eventually have to move beyond Moore’s Law if it is going to evolve. The reason is not the technology, but the cost of following Moore’s Law.

Chipmakers have had to use ever more exotic techniques like double-patterning—creating two separate masks for photolithography and exposing them at a slight offset—in order to achieve higher densities. Doing so increases costs.

If moving to finer process nodes cannot reduce the cost per transistor, the march of ever-more-complex microelectronics could slow down. Some chipmakers have hinted that we will be approaching that point very soon.

Intel claims that so far there is no problem and the math continues to work well. Currently there is a steady decrease in cost per transistor through the 14-nm node and this should flow into the 10-nm process.

Broadwell’s CPU cores have received a number of tweaks over Haswell’s which Intel claims has increased instruction throughput per clock by about five percent. In keeping with Broadwell’s mobile focus, Intel’s architects set a high standard for any added features in this revision of the architecture.  Now a new feature must contribute two per cent more performance for every  per cent of added power use. In the good old days a 1:1 was considered great.

Intel has done a fair bit on the graphics too. Broadwell-Y’s IGP is an increase in the number of modular “slices” of graphics resources included.  There are three versus two in Haswell. Each slice has its own L1 cache, texture cache, and texture sampling/filtering hardware.

All this means is that Broadwell’s display block can drive 4K displays and can using fixed-function hardware in conjunction with the graphics EUs to process H.265 video.  This means that H.265 decoding on Broadwell-Y is “fast enough for 4K” and the chip can handle 4K resolutions at 30 Hz.

Xiaomi says sorry for spying

eclipse-chinaCheap as chips smartphone maker Xiaomi has said sorry for spying on its users address books.

The outfit said it has upgraded its operating system to ensure users knew it was collecting data from their address books.

Security firm F-Secure Oyg said the Chinese budget smartphone maker was taking personal data without permission.

Xiaomi said it was a terrible mistake and it had fixed a loophole in its cloud messaging system that had triggered the unauthorized data transfer and that the operating system upgrade had been rolled out on Sunday.

Part of the problem was that Xiaomi lets users avoid SMS charges by routing messages over the Internet rather than through a carrier’s network.  The way this is set up was similar to the system that got Apple into such hot water.

In a lengthy blogpost on Google Plus, Xiaomi Vice President Hugo Barra said sorry for the unauthorised data collection and said the company only collects phone numbers in users’ address books to see if the users are online.

He said the smartphone’s messaging system would now only activate on an “opt-in” basis and that any phone numbers sent back to Xiaomi servers would be encrypted and not stored.

Apple changed its iPhone operating system so that app developers would have to ask explicitly for permission before accessing address book data.

US Patent Office is lazy

lazyThe US Patent Office has found out that one of the reasons why so many obvious patents are awarded to trolls might be because the US Patent Office is jolly lazy.

Following several whistleblower complaints, the US Patent and Trademark Office began an internal investigation two years ago into a programme which allowed employees to work from home.

Some of the 8,300 patent examiners, about half of whom work from home full time, lied about  hours they were putting in and received bonuses for work they didn’t do. While supervisors knew what they were doing, top agency officials blocked their efforts.

Effectively examiners could do what they like, when they liked, and charge what they like and do basically nothing.

To make matters worse, when it came time last summer for the patent office to turn over the findings to its outside watchdog, the most damaging revelations had “disappeared.”

The final report sent to Commerce Department Inspector General Todd Zinser concluded that it was impossible to know if the whistle-blowers’ allegations of systemic abuses were true.  This was different from the original USPO report which described systematic abuse of the system.

The agency’s army of examiners and other officials has been falling behind, with a backlog of patent applications swelling to more than 600,000 and estimated waiting times of more than five years.

Chief communications officer Todd Elmer called the original report a “rough draft for discussion purposes” that was an “initial attempt to describe the full investigation record”.

We guess he means that the first report got his department into so much trouble it was better to prepare a report that said there were not problems here and no one would have be fired.

Elmer said that the original report was looked at by a lawyer who said that most of the allegations were unproved so they had to be ignored. This is a little odd because both versions of the report were written by chief administrative officer Frederick Steckler.

Our guess is that the US Patent Office will be providing material for trolls for many years at this rate.

Apple makes more tablets

tabletDespite losing ground to more reasonably priced tablets, the fruity cargo cult is bashing out some more.

According to Bloomberg  Apple’s suppliers have begun manufacturing new iPad tablets in a desperate bid to revive flagging sales.

Apple has seen growth plummet from 2012, as larger phones became more popular and people delayed replacing their tablets.

Bloomberg said that mass production of the iPad with a 9.7-inch (24.6-cm) screen has already started, and it is likely to be unveiled by the end of current quarter or early next quarter.

A new version of the 7.9-inch iPad mini is also entering production and is likely to be available by the end of the year, Bloomberg said.

Even if the tablets don’t make any impact on the consumer market, Apple must be hoping that its partnership with IBM might net a few more sales by entering into a largely untapped corporate market.

That is if IBM can convince corporations that they really want less secure Apple gear on networks which are mostly based around Microsoft.

Apple shipped 13.2 million iPads in the June quarter, 8 percent less than a year earlier. Sales of the devices, which accounted for 15 percent of Job’s Mobs’  revenue, fell short of Wall Street’s expectations for the second quarter in a row.

McDonald’s takes control of lost satellite

mcdonaldsAn independent team of boffins, working from an abandoned McDonalds, is taking control of a a NASA satellite and running a crowdfunded mission. The entire project uses old radio parts from eBay and a salvaged flat screen TV.

The ISEE-3 is a disco-era satellite that used to measure space weather like solar wind and radiation, but went out of commission decades ago.

Now, a small team led by a former NASA employee Keith Cowing,  has taken control of the satellite with NASA’s blessing.

The satellite’s battery has been dead for over 20 years, but it had solar panels to power 98 percent of the satellite’s full capabilities. When it was working it ran missions around the Moon and Earth, and flew through the tail of a comet.

Everyone knew it would come back in 2014, but NASA was not sure it was a project worth rescuing.

Since the satellite went offline, the team had retired, the documentation was lost and the equipment became outdated.

A crowdfunding campaign raised $160,000 to get the satellite back into service.

At the outset of the crowdfunding campaign, they brought the idea to NASA, but there was no precedent on which to base an agreement. No external organization has ever taken command of a spacecraft, but NASA didn’t want to say no, so they asked the team if they needed any help.

Their new control centre, has been dubbed “McMoon’s.” For their console, they pulled a broken flatscreen TV from a government dumpster and fixed the power supply. The other pieces are from eBay, including a Mac laptop and some radio parts.

With just those bare-bones pieces, they were able to MacGyver a computer-radio hybrid that made contact with the ISEE-3.

Once they were able to communicate with the satellite, they established a new orbit around the Sun, slightly larger than the Earth’s orbit. This will allow more testing. It will be providing solar weather data and then open sourcing it.

Google has been helping the team build a site that will open up the data to the world. Everything coming from the satellite will be available in different formats and packages so that anyone can get it.

 

Microsoft’s bottom line stripped

spankingMicrosoft is being seriously spanked by people buying naked PCs and installing pirated versions of its operating system, particularly in China.

Vole said that too few people in emerging markets are willing to pay for legitimate copies and this is holding back the spread of its newest Windows 8 version.

Ironically analysts say even buyers of pirate software prefer older versions and more than 90 percent of PCs in China, are running pre-8 versions of Windows.

Microsoft is trying to tackle the problem by offering Windows 8 at a discount to PC manufacturers who install its Bing search engine as the default. And it’s giving away versions of Windows 8 for phones and some tablets.

However Reuters  thinks that masks the fact that Redmond never really worked out how to get people in emerging markets to pay for its software.

In 2011, then CEO Steve Ballmer told employees that, because of piracy, Microsoft earned less revenue in China than in the Netherlands even though China bought as many computers as the United States.

This hurts Microsoft because 56 percent of its global revenue and 78 percent of operating profit came from Windows and Office.

In China PC makers working on wafer-thin margins see the operating system is one of the costliest parts of the machine.

The result is that up to 60 percent of PCs shipped in the emerging markets of Asia, have no Windows operating system pre-installed and carry some free, open source operating system like Linux. However once the owners get them home they just download a hot copy of Windows and Office.

Some Chinese retailers even offer “bundles” of pirated copies of Microsoft software alongside the main sale.

Microsoft has had a job getting respected firms like Lenovo to stop shipping naked PCs, but the Chinese firm countered that its margins were too low. China announced a new law requiring PCs to be shipped with operating systems. That merely dented piracy rates, which fell to 79 percent in 2009 from 92 percent in 2004.

Lenovo has reached an agreement with Microsoft in June to ensure that Lenovo PCs sold in China would come pre-installed with a genuine Windows operating system.

The way Microsoft has done this is to push the price of Windows low enough to make it worth a PC maker’s while. The cost of a Windows license has fallen to below $50 from as high as $150.  So far it is not clear if that has worked.

 

NSA makes many become one

shoe phoneBoffins at Carnegie Mellon University, sponsored by the US’s number one spying outfit, has come up with a programming Esperanto which unites all different programming languages under a single umbrella.

Any excitement about the development is that since it is funded by the NSA it will be full of backdoors which can harvest personal details on behalf of the US government, but you can still admire the technology.

Dubbed Wyvern which was a mythical dragon-like thing that only has two legs instead of four it helps programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.

Jonathan Aldrich, the researcher developing the language, wrote in his blog that Web applications are written as a poorly-coordinated mishmash of artifacts written in different languages, file formats, and technologies. For example, a web application may consist of JavaScript code on the client, HTML for structure, CSS for presentation, XML for AJAX-style communication, and a mixture of Java, plain text configuration files, and database software on the server.

“This diversity increases the cost of developers learning these technologies. It also means that ensuring system-wide safety and security properties in this setting is difficult, he said.

This creates security problems, which was why the NSA was interested. After all it has protect its own systems from hackers.

Wyvern can automatically tell what language a person is programming in, based solely on the type of data that’s being manipulated. That means that if the language detects you are editing a database, for instance, it’ll automatically assume you’re using SQL. The language is still a prototype and is all open saucy

Megacorps get the hard word

Judge-DreedA settlement between Apple, three other IT outfits and their employees has been rejected by a judge saying it was too low given the strength of the case against the employers.

Apple, Google, Intel  and Adobe failed to persuade  US District Judge Lucy Koh to sign off on a $324.5 million settlement to resolve a lawsuit by tech workers, who accused the firms of conspiring to avoid poaching each other’s employees.

Koh in San Jose, California, said there was “substantial and compelling evidence” that Apple Messiage founder Steve Jobs “was a, if not the, central figure in the alleged conspiracy,” Koh wrote

In their 2011 lawsuit, the tech employees said the conspiracy had limited their job mobility and, as a result, kept a lid on salaries. The case has been closely watched because of the possibility of big damages being awarded and for the opportunity to peek into the world of some of America’s elite tech outfits.

The whole case was based largely on emails in which Jobs and Google’s  Eric Schmidt hatched plans to avoid poaching each other’s prized engineers.

In rejecting the settlement, Koh referred to one email exchange which occurred after a Google recruiter solicited an Apple employee. Schmidt told Jobs that the recruiter would be fired. Jobs then forwarded Schmidt’s note to a top Apple human resources executive with a smiley face.

The four companies agreed to settle with the workers in April shortly before trial. The plaintiffs had planned to ask for about $3 billion in damages at trial, which could have tripled to $9 billion under antitrust law.

The plaintiffs are worried because workers faced serious risks on appeal had the case gone forward.

But Koh repeatedly referred to a related settlement last year involving Disney and Intuit. Apple and Google workers got proportionally less in the latest deal compared to the one involving Disney under the settlement.

To match the earlier settlement, the latest deal “would need to total at least $380 million,” Koh wrote.

A further hearing in the case is scheduled for September 10.

Shark hunter says Ellison needs a bigger boat

jawsTop security analyst David Litchfield has returned to hunting holes in Oracle software, after a comparatively less daunting task of finding Great White Sharks, and he apparently found  Larry Ellison’s team has not improved during his time off.

Litchfield retired a few years ago from his job of creating major headaches for Oracle and went scuba diving and looking for sharks. Apparently, the sharks gig was dull in comparison to his job hunting holes in Oracle software so he returned to dry land.

Litchfield has been looking at Ellison’s new data redaction service called the Oracle 12c. The service is designed to allow administrators to mask sensitive data, such as credit card numbers or health information, during certain operations.

However Litchfield told the Black Hat USA conference that it is packed with trivially exploitable vulnerabilities

If Oracle had followed any sort of software development life cycle instead of just paying lip service to it, every one of these flaws would have been caught. It is kindergarten stuff, he said.

Litchfield found several methods for bypassing the data redaction service and tricking the system into returning data that should be masked.

Litchfield said that it was so simple to hack the service he did not feel right calling them exploits.

He said Oracle was still not learning he lessons that people were leaning in 2003. He said that in the space of a few minutes he could find a bunch of things that I can send to Oracle as exploitable.

The data redaction bypasses that Litchfield found have been patched, but he said he recently sent Oracle a critical flaw that enables a user gain control of the database. That flaw is not patched yet but is coming.