Followers

Thursday, August 7, 2008

E-Passports Can Be Hacked and Cloned in Minutes


Tests conducted for the UK's Times Online have concluded that the new high-tech e-passports being distributed around the world can be hacked and cloned within minutes. A computer researcher proved it by cloning the chips in two British passports and then implanting digital images of Osama bin Laden and a suicide bomber. Both passports passed as genuine by UN approved passport reader software. The entire process took less than an hour.

Initially, the assumption was that cloned chips would be spotted because their key codes would not match those stored in an international database. However, only 10 of the 45 countries participating in the e-passport program have signed up to for the Public Key Directory (PKD) code system, and only five are currently using it. On top of all that, the research also suggests that biometric data could also be manipulated and implemented into fake passports.

At this point, there has been no evidence to suggest that an e-passport has been successfully cloned and passed off as genuine in a real-life situation—but it is bound to happen unless every country buys into the PKD. Even then, I still have my doubts about long-term security. We all know that it's only a matter of time before someone figures out how to manipulate the system.
Original here

US cracks 'biggest ID fraud case'

The US authorities have charged 11 people in connection with the theft of credit-card details in the country's largest-ever identity theft case.

They are accused of stealing more than 40 million credit and debit card numbers before selling the information.

They allegedly hacked into the computer systems of several major US retailers and installed software to access account details and passwords.

Prosecutors said the alleged fraud was an "international conspiracy".

'Increasing vulnerability'

Three of those charged are US citizens. The others come from Estonia, Ukraine, Belarus and China.

The 11 suspects are alleged to have obtained card numbers, account information and password details by driving around neighbourhoods and hacking into wireless equipment.

They are said to have then concealed the information in computer servers both in the US and Europe.

This case highlights our increasing vulnerability to the theft of personal information
US Attorney General Michael Mukasey.

The Department of Justice said the scam caused "widespread" losses among banks, retailers and ordinary consumers - although it did not put a precise figure on the financial damage.

Retailers targeted included fashion store TJ Maxx and Barnes & Noble.

The justice department urged people worried about the safety of their personal information to contact their banks.

It said this was "the single largest and most complex identity theft case" ever to result in charges being brought.

"This case highlights our increasing vulnerability to the theft of personal information," said US Attorney General Michael Mukasey.

"Cases like these send a clear message to those who might be tempted to abuse our computer networks to steal information and harm law-abiding people and businesses.

"If you do, we will track you down wherever you are in the world, we will arrest you and we will send you to jail."

Global investigation

The accused targeted at least nine retail chains, prosecutors allege.

Those affected were TJX Corporation - which operates the TJ Maxx chain of shops - BJ's Wholesale Club, Barnes and Noble, Sports Authority, Boston Market, Office Max, Dave and Busters, DSW shoe stores and Forever 21.

TJX Corporation, which has shops around the world, revealed that it had been the victim of a massive identity fraud last year.

US Attorney General Michael B Mukasey described the scale of the fraud

More than 45 million credit cards were at risk of being compromised as a result of a breach of its computer systems which began in 2005.

The firm has since reached an agreement to compensate banks which are part of the Visa and Mastercard networks for the cost incurred in replacing cards and dealing with fraud inquiries.

Law enforcement agencies around the world, including in Turkey and Germany, co-operated with the investigation.

There are concerns that identity theft is costing the US billions every year.

In 2006, the Bush administration set up an identity theft task force comprising 17 federal departments and agencies.

Orignal here

A fast, fast-booting, implementation of GNOME aimed at netbooks and older hardware has emerged, and shows "a lot of promise." LXDE has already stacked up a heap of distribution partners.
The LXDE project has released its lightweight Linux desktop for general use. Built into the latest gOS 3 Gadget distro, LXDE is touted as being fast, fast-booting, compatible with old computers, and designed so that "every component can be used without LXDE," say the developers.

The GTK+ 2-based LXDE (Lightweight X11 Desktop Environment) first emerged in late 2006 when two Taiwanese Linux distributions adopted an early version. First came B2D Linux, which apparently no longer uses LXDE, and then came the Ubuntu-based PUD GNU/Linux, which does. Since then, the group, which appears to also be based in Taiwan, has been pretty quiet, but behind the scenes, they have been racking up bundling deals with a number of small Linux distributions that use all or parts of the LXDE code.

LXDE was catapulted into the spotlight in the latest gOS release, announced this week at LinuxWorld. gOS 3 Gadget swapped out Enlightenment E17 in favor of the LXDE desktop. It is not clear that the release will see commercial use, as LXDE is a young project that is not yet complete. However, gOS Founder David Liu said he believes the project has "a lot of promise," describing it as a "scaled-down version of GNOME."


PCManFM file manager
(Click to enlarge)

The full list of distro partners includes:
  • PUD GNU/Linux -- Installable Live CD includes full LXDE
  • TinyMe -- PCLinuxOS-based distro uses some components
  • Slitaz -- Minimalist Live CD distro uses most components
  • Greenie -- Slovakian Ubuntu-based OS uses both LXDE and GNOME
  • Ubuntulite -- Member of Ubuntu Derivatives features full LXDE
  • Vectorlinux LITE -- LITE edition uses complete package
  • Myah OS 3.0 Box Edition -- Uses customized version
  • gOS 3 Gadget -- Latest version of distro in Everex's popular Linux netbooks uses full release
Aside from its lightweight characteristics, one reason LXDE appears to be so popular with Linux distribution makers is that it's highly modular. Explains a LXDE web page: "We don't tightly integrate every component. Instead, we tried to make all components independent, and each of them can be used independently with few dependencies."


LXAppearance, the GTK+ theme switcher
(Click to enlarge)

The LXDE components include:
  • PCManFM -- File manager with tabbed-browsing and desktop icons

  • LXPanel -- Desktop panel with configuration done via GUI

  • LXSession -- This standards-compliant X11 session manager offers
    shutdown/reboot/suspend support via HAL and gdm. An LXSession Lite version skips on the X11 support, but is "more stable."

  • LXAppearance -- This GTK+ theme switcher can change themes, icon themes, and fonts.

  • Openbox -- This third-party window manager can be swapped out.

  • GPicView -- Image viewer featuring immediate startup

  • Leafpad -- Third-party text editor

  • LXTerminal -- Desktop-independent VTE-based terminal emulator

  • XArchiver -- Third-party desktop-independent file archiver based on GTK+

  • LXNM -- Still under construction, this network connection helper daemon supports wireless connections

GPicView image viewer
(Click to enlarge)

Finally, here are some choice quotes from the LXDE FAQ:
  • On why they went with good 'ol GTK+: "The only toolkits with really good i18n supports are gtk+ 2 and Qt, among which gtk+ 2 is lighter. gtk+ is a better choice if portability is important. Writing programs with gtk+ is really a pain, though."

  • "If Windows 98 and xp work quite well on old machines, why my Linux desktop needs a 1.0 GHz CPU + 1GB RAM?"

  • "Not everyone on this earth is rich. There must be a nice desktop environment for those who can't afford new fancy hardware, and we have the ability to help them."

  • "Reinventing the wheel is cool, and we love it!"
Availability

LXDE (version unspecified except for build date) is available now for free from the LXDE site.

The price difference between Macs and PCs widens

For some time, Mac fans have argued that, feature-for-feature, Apple's computers aren't really that much more expensive than their PC competitors. When the processors, memory, hard drive and screens are all matched up, the price premium on a Mac was negligible, they insist, and sometimes non-existent.

But eWeek's Joe Wilcox says that, while he wasn't looking, that has changed. Windows-based computers -- and particularly notebooks -- are now much more powerful than Macs, and a lot cheaper. He thinks Apple not only must lower prices, but is actually planning on it.

On Saturday, Aug. 2, I got to wondering about Mac versus Windows PC pricing after seeing two HP notebooks on sale at the local Target. One of them, a 14-inch model, the HP DV2946NR, sold for $699.99 and packed 4GB of memory and a 320GB hard drive. Capacity for both features is twice that of the $1,299 MacBook--and shared graphics is 356MB compared with a meager 144MB for the MacBook. I wondered: If Vista notebooks are selling for so little and packing so much, how does this compare with Mac desktops and notebooks?

Today I contacted Stephen Baker, NPD's vice president of industry analysis, about computer average selling prices at retail. That HP notebook is right on mark: ASP for retail Windows notebooks is $700. Mac laptops: $1,515. Yeah, right, they're more than twice as much. But there's more: The ASP for Mac desktops is more than $1,000 greater than for Windows PCs, and Mac desktop ASPs were higher in June than they were two years ago.

Wilcox also pulled together some specs on desktop PCs and Macs, just to make sure it wasn't an aberration in the notebook market:

iMac: $1,199; 2.4GHz Intel Core Duo processor, 20-inch widescreen display (integrated), 1GB DDR memory, 128MB ATI Radeon HD 2400 XT graphics, 250GB hard drive, 8x double-layer DVD burner, Bluetooth 2.1, 802.11 g Wi-Fi, Webcam and Mac OS X 10.5.

Inspiron 518: $739 (after $150 instant savings); 2.4GHz Intel Core 2 Quad processor, 19-inch widescreen monitor, 3GB DDR memory, Intel GMA X3100 graphics, 500GB hard drive, 8x DVD burner and Windows Vista Home Premium Service Pack 1.

One of the most interesting aspects of comparing Macs to PCs at the moment is memory. More and more, I'm seeing Windows-based desktops and notebooks with 3GB or more of RAM selling for well under $1,000 -- often in the $700-$800 price range. Macs, meanwhile, start at $1,100, usually with only 2 GB of RAM, and adding Apple memory is a notoriously pricey proposition. Adding 2 GB of RAM to an iMac costs $200, which is about four times what it would cost if you were to buy 2 GB from, say, Crucial.com. That's a lot less than Apple used to charge for memory, but still way too much.

PC makers, meanwhile, charge a lot less to add memory at the factory. Dell's cost to add 2 GB to an XPS 420 desktop is $50 -- about what you'd pay to buy it at Crucial.

Memory is one of the biggest factors in a well-performing computer. The more, the better, so the cost of adding RAM is not a trivial consideration.

Apple has told financial analysts to expect the company's profit margins to drop, and Wilcox believes that's going to happen because its product specs have to go up while prices must come down:

Back to average selling prices, the gulf between Windows PCs and Macs is simply stunning--and desktop Mac ASPs are $111 higher in 2008 than 2006. No wonder, Apple has such high margins. But they can't last, and I believe Apple realizes it.

Windows computer ASPs have reached a plateau from which manufacturers are building bulkier systems. If Apple is going to continue its market share gains, or simply maintain that 8.5 percent U.S. share, prices must go down and configurations bulk up. The math is simply undeniable.

Of course, Mac fans will tell you -- ad nauseum -- that Apple computers have other benefits, ranging from better reliability and stability, to great service and support, to fewer hassles with security malware. There's also the fact that Macs can also run Windows, but the reverse isn't true (unless you're willing do some hacking and violate some EULAs). But then, when your budget is the bottom line, those secondary benefits become, well, secondary . . .

Wilcox's piece appears in his Apple Watch column, and he's got a companion piece that looks at just how much PC prices have dropped, while specs have improved, in his Microsoft Watch.

If you're interested in buying a new computer and are considering becoming a part of the growing Macintosh tide, you should read both of them.

Orignal here

2 IP addresses, 40 matches: Tufts tries to cut RIAA driftnet

One of the problems with the RIAA's lawsuit campaign is that it's heavily reliant on the assumption that tying an IP address to a person sitting at a PC at a particular time is a trivial matter. The reality is much messier, as a case involving 11 students at Tufts University in Massachusetts demonstrates. A vice president at the school has written to a federal judge, pointing out the difficulty of tying the 11 IP addresses logged by MediaSentry to specific MAC addresses (and users).

Under a March court order, Tufts (and other schools and ISPs in that particular district) are supposed to provide the court with a list of all possible matches when unable to determine the identity of the user sought by the RIAA to a "reasonable degree of technical certainty." The judge then reviews the list and makes a determination on how to proceed. In the case of Zomba Recording v. Does 1-11, Tufts argues that there are just too many possible users involved, which has implications for this particular RIAA fishing expedition.

While Tufts can tie three IP addresses to particular MAC addresses with reasonable certainty, two of the other IP addresses fingered by MediaSentry could have been used by as many as forty users during the time in question. "It is therefore difficult to conclude with any reasonable level of certainty that any one of those users was actually using the IP address in question at the relevant time," writes the university. "We believe, in these two instances, that it would be unfair to identify all possible individuals meeting the plaintiffs' criteria, given the low likelihood of identifying the guilty party."

Tufts University LogoTufts keeps data on MAC addresses—all of which are registered to particular users—for a period of years. The IP addresses assigned to those MAC addresses via DHCP, however, are only kept for 10 days before being overwritten. The school also uses Address Resolution Protocol to grab entries from routers around the campus at various intervals, but as it only records the first and last times a particular user is assigned an IP address, it is an imprecise and incomplete record.

In other cases where a school is only able to narrow down the list of possible P2P users to a dorm room with two or more residents, the RIAA has typically sought to obtain the names of all possible infringers in an attempt to discover the identity of the P2P user in question. With 40 possible users for two IP addresses, such an approach is impractical. Moreover, there are privacy implications for the at least 38 innocent students involved. We asked the RIAA how it would handle the situation with the two Tufts IP addresses. "As we do in all of our cases when issues are presented, we will work with the school to determine the most reasonable course of action to prevent further abuse of its network," an RIAA spokesperson told Ars.

One way to solve this problem from the RIAA's perspective would be tighter record-keeping and networking monitoring by the schools themselves. Tufts even admits that it could do a better job with data retention: "We recognize the inherent limitations of the network data retention system that we are currently using, and are actively looking at possible adjustments." The RIAA has joined the MPAA in pushing for legislation on the federal and state level that would require colleges to crack down on P2P use on campus, which would presumably involve longer retention times for network data. The recently passed College Opportunity and Affordability Act will require colleges to start working on formal piracy deterrence plans, and Big Content has also been lobbying states to pass more stringent antipiracy laws.

Original here

EFF Supports TorrentSpy in Electronic Privacy Case

After it was ruled that a hacker who obtained unauthorized emails from TorrentSpy on behalf of the MPAA did not technically intercept them under the WireTap Act, the EFF has filed a friend-of-the-court brief. EFF describes the recent decision as a “dangerous attempt to circumvent privacy laws,” and wants to see it overturned.
he case, Bunnell v. Motion Picture Association of America, was brought against the MPAA by Justin Bunnell, the owner of TorrentSpy, who found out that the MPAA had intercepted his email communication.

In 2005, an associate of TorrentSpy, Robert Anderson, ‘changed sides’ after an internal dispute and decided to work with the MPAA instead, gathering evidence against the BitTorrent site.

The man configured the TorrentSpy mail server to copy and forward all of the site’s email to his own Gmail account. He later sold the 34 pages of information to the MPAA for around $15,000 but later relented and went back to work with the torrent site, telling them what he knew. The same man also spied on The Pirate Bay.

The EFF had filed a brief with the 9th US Circuit Court of Appeals, arguing that federal wiretap laws protect emails from interception while they are stored on the mail servers that work to transmit them. However, the federal district court ruled that because the emails were momentarily stored on the server during the delivery process, under the Wiretap Act they were not technically intercepted. The ruling itself only applies to the 9th District, but could have relevance at other courts in the US.

In its friend-of-the-court brief, the EFF states this ruling is incorrect and must be reviewed, since it could allow the government to spy on other people’s emails in the future, without the need for a court order.

“The district court’s decision, if upheld, would have dangerous repercussions far beyond this single case,” Senior Staff Attorney Kevin Bankston at the EFF said. “That court opinion — holding that the secret and unauthorized copying and forwarding of emails while they pass through an email server is not an illegal interception of those emails — threatens to wholly eviscerate federal privacy protections against Internet wiretapping and to authorize the government to conduct similar email surveillance without getting a wiretapping order from a judge.”

It appears that, as long as emails aren’t actually intercepted en-route, it could be legal for the government to request that an ISP copies an individual’s emails after they arrive on the mail server. This would not be classed as a breach of wiretap laws, which is a worryingly easy circumvention of vital privacy laws according to the EFF.

The EFF asks the Court to vacate the district court decision, and and rule that the MPAA hacker did “intercept” email communication from TorrentSpy owner Justin Bunnell. The full amicus brief can be viewed here.

University wants cease-and-desist order for MediaSentry

Allegations of conducting unlicensed investigations continue to dog MediaSentry, the company hired by the RIAA to seek out and download music over P2P networks as part of the group's legal campaign. Mary Roy, the Assistant General Counsel of Central Michigan University, has filed a complaint with the Michigan Department of Labor and Economic Growth (DLEG), accusing MediaSentry of conducting investigations without a Private Investigator license.

The complaint (PDF) was filed in mid-July and was just uncovered by attorney Ray Beckerman on his blog. In it, MediaSentry is accused of continuing its "unlicensed and illegal actions" in Michigan even after being informed by the DLEG in February 2008 that its activities could be in violation of state law.

Under Michigan state law, a private investigator is defined as an entity that investigates "the identity, habits, conduct, business, occupation,... activity,... transactions, acts,... or character of a person" or secures "evidence to be used before a court."

CMU points out in its complaint that the fruit of MediaSentry's labor is exhibits attached to RIAA complaints, and CMU lists eight Doe cases involving 99 suspected P2P users filed in Michigan federal courts between May 3, 2007 and May 28, 2008. In each of the lawsuits, the RIAA referred to MediaSentry as a "third-party investigator" that gathers evidence of copyright infringement.

"All of the above-noted sworn statements regarding the activities of MediaSentry would clearly establish that its activities fall within the scope of the investigative activities regulated by the PDLA [Private Detective License Act]," reads the complaint. "Nevertheless, MediaSentry has ignored any suggestion by the DLEG that it secure a license to continue its investigative activities within the state of Michigan."

The RIAA has consistently held that MediaSentry is not an "investigator" according to state law. All the company does, according to the RIAA, is harvest data from publicly-available sources (e.g., P2P networks). Even so, MediaSentry's corporate parent SafeNet decided to give the MediaSentry web site an "overdue" redesign this past February, removing all references to litigation and prosecution.

Since the issue of MediaSentry's status as a private investigator was first raised, the company has been given a cease-and-desist order by the Massachusetts State Police, while a handful of P2P defendants have argued that the evidence collected by the company should be barred. To our knowledge, there has yet to be a ruling on the issue of the admissibility of evidence collected by MediaSentry, but with a North Carolina judge deciding to look at MediaSentry's status as a private investigator in that state as part of a "fresh look" at the RIAA's Doe lawsuits, that may be about to change.

Orignal here

Comcast Offers You A $500 Credit After Digging Up Your Lawn


Reader Kyle says that his dispute with Comcast has resulting in something of a happy ending, though they're still working out that pesky easement issue. Comcast is under the impression that it has an easement on Kyle's property, while Kyle's records show that they do not. According to Kyle, Comcast has agreed to mail him some paperwork about the easement and has offered him a credit of $500.

Kyle says:

I wanted to send an update to the story regarding Comcast digging in my yard and their CSR subsequently hanging up on me when I called to get more details.

Mr. Comcast (Frank) called me the same day that this story was posted, took some details about the story and put me in touch with Kelly Hill, a very pleasant woman and the regional VP for my area. My conversation with Ms. Hill was very productive and she referred me to a member of her team who has been equally nice, John Braisher (sp?), with whom I've played phone tag for the past few days.

Today, John and I were able to have a conversation regarding the digging and the rude CSR. According to John, Comcast does in fact have an easement on my property, one that extends 15 feet from the curb. However, according to my records (the same that are on file with my local government), there is no easement on my property. I asked for proof of this easement and their rightful ability to access it, and John will be mailing it to me.

Regarding the CSR who hung up on me, the good news is that John apprised me that there will be a $500 credit made to my account (he initially tried to buy me off at $250). The bad news is that he says that I am currently under a promotional rate with Comcast, one that provides me with a $14 monthly credit. I say that this is bad news because when I signed up for Comcast services, I specifically asked if this was a promo rate and was told that it was not. John has promised to look into extending my promo rate, and to call me back within an hour regarding the new rate at the end of my current one, and its duration. Of course, I asked that all of this information be sent to me, in writing, should any discrepancies develop in the future.

I am admittedly skeptical the evidence they intend to show me regarding the easement on my property and their right of way to it, especially since the copies of my plat obtained from my local government show nothing regarding an easement. I understand that if there is in fact an easement and that they have rightful access to it, there is nothing I can do about the digging. However, if their proof is not satisfactory, John knows that I will be back in touch to revisit this issue once more.

In my conversation with John, I told him that I would be writing to the Consumerist with updates regarding my situation, both good and bad. Comcast gets a lot of negative press (deservedly so), but in this particular instance, it appears that they are taking the steps to make this right.

Many thanks,

Kyle

Thanks, Kyle. We're very happy to know that this situation is getting sorted out amicably.

Google backs ISP-guaranteed minimum data rates

One side effect of the FCC's recent move against Comcast's P2P "delaying" technology has been to make discussions about the dark art of network management even more pressing (and they were pretty pressing before). If Comcast can't use TCP reset packets to limit the number of BitTorrent connections a client can spawn, what legitimate techniques can ISPs use to deal with congestion ? Google's Vint Cerf, one of the grandfathers of the Internet, today weighed in with his answer: transmission rate caps.

Cerf, writing on the company's official policy blog, is down on usage-based billing, an idea which has been gaining traction among some ISPs (Bell Canada, Time Warner, and others are experimenting with it). But billing by the bit provides a strong disincentive to use the Internet for "non-essential" services and could cripple sites like YouTube, for instance, or the broader shift of video content onto sites like Hulu. It would certainly reduce overall traffic, but at the cost of discouraging Internet use—potentially a huge price to pay when you consider the innovations wrought by the Internet.

Cerf calls this "a kind of volume cap, which I do not find to be a very useful practice." He suggests instead a rate cap where users can "purchase access to the Internet at a given minimum data rate and be free to transfer data at at least up to that rate in any way they wish."

Quick show of hands? How many Internet users already think this is what they're paying for?

The return of the reserved pipe?

They aren't, of course, as consumer-level, $40-a-month broadband doesn't come with Service Level Agreements (SLAs) or other guarantees. Cerf's model would have ISPs guarantee a base level of bandwidth, with more made available only if network conditions allow. Users would be free to do whatever they like with their bandwidth. ISPs would also know exactly the minimum amount of bandwidth needed to serve customers and could plan accordingly, though this would force cable operators to offer huge upgrades over current practice, which involves sharing low-bandwidth upload links with entire neighborhoods.

Cerf also indicated that Comcast's move to protocol-agnostic management techniques is a step in the right direction, and he revealed that he has been in contact with Comcast engineers as the company's trial deployments take place. In a statement that will sound like music to the ears of Comcast executives, Cerf also said that "the real question for today's broadband networks is not whether they need to be managed, but rather how."

That point was also made on Friday by Kurt Dobbins at Arbor Networks, a provider of deep-packet inspection gear used for some kinds of network management. In a blog posting in the wake of the FCC decision, Dobbins blasted the "myths" of the net neutrality debate and said that management of some sort was an absolute necessity.

"Unmanaged networks result in serious degradation of service availability and quality for all users," he wrote. "It will also means that customers will be paying more for less, as providers are forced to continually build out their networks to stay ahead of the massive bandwidth consumption growth."

Exaflood redux

This sort of rhetoric fits in perfectly with recent talk of an "exaflood" of bandwidth, as though using the Internet more is something to be feared and possibly discouraged. As we've noted when discussing the concept, though, the Internet core has plenty of capacity and is in no danger of being overwhelmed; the problem, especially in the US, is in last-mile links.

In South Korea and Japan, 100Mbps fiber links to the home are common, rubbishing the idea that US ISPs just can't give Americans the insane speeds they seem to want. They certainly could; it's just that no one but Verizon has been willing to bite the bullet and pay for fiber to the home. Such $20 billion projects aren't good for short-term profits (though FiOS has made Verizon the only real forward-looking telco).

ISPs in favor of throttling and other controls generally argue that they are in danger of being "overwhelmed," which again isn't a necessary condition but the result of business decisions (offering 400 homes one 12Mbps upload pipe, for instance, was never going to deliver really spectacular service). While they can't truly be "overwhelmed" (cable modems and DSLAMs cap upload and download speeds based on how much a user pays per month, so the maximum data rate is well known), ISPs don't want to pay for huge amounts of peak capacity that will sit unused much of the time. ISPs oversold service on the premise that they operate like roads and most cars wouldn't be on the highway at once.

As unattended apps like P2P and network backup utilities tie up a portion of bandwidth for ever longer periods of time, the old solutions aren't working as well and congestion is one result. Cerf's idea would take us back to the old "circuit-switched" days in the sense that each Internet user would instead get a guaranteed line with a minimum guaranteed rate at all times. This would answer consumer complaints about "not getting what I paid for," but would cost ISPs more cash.

Original here

Researchers craft curved, eyelike electronic camera

Drawing inspiration from the simple design of the human eye, Illinois engineers have invented a new kind of eyelike camera that avoids some pitfalls of ordinary cameras and could lead to a host of novel devices based on flexible electronics.

The electronic eye made by researchers at the University of Illinois at Urbana-Champaign and Northwestern University collects light on a curved screen resembling a retina, in contrast to digital cameras that use lenses to focus images on a flat sheet of light detectors. A curved surface reduces the need for multiple lenses and cuts down on distortion that comes from projecting the light on a flat surface.

That allows for a compact camera with low distortion and a wide field of view, much like a natural eye, according to a study published in Thursday's edition of the journal Nature.

Making curved arrays of electronics is far tougher than it sounds, experts say. Until now, nearly all complex electronics have been etched on flat wafers, with even slight curves posing a steep engineering and production challenge.
"The whole technology is based on flat and rigid systems," said Max Lagally, a professor of materials science and engineering at the University of Wisconsin at Madison.

Bionic eyes based on the design are not yet on the horizon. But other teams are studying how to get digital signals into the brain's vision centers, and the new camera could be useful in such efforts. The camera may be most useful in military surveillance or space missions.

But the potential for a new era of flexible electronics sparks the imagination of engineers who have used stiff circuit boards for decades, said lead study author John Rogers, a professor of materials sciences and engineering at the U. of I.'s Beckman Institute.

Rogers is teaming with bioengineers at the University of Pennsylvania to make rubbery sheets of electronic components that could monitor or even correct neuron misfirings in the brains of epilepsy patients.

"These flexible electronics have tremendous capacity for making brain-computer interfaces," said Dr. Brian Litt, a professor of neurology and bioengineering at Penn who is collaborating with Rogers' group.

To make the curved array of electronics, Rogers' team started with a small amount of elastic material in the shape of a dome. They stretched the elastic until it was taut and flat, then transferred the mesh of photodetectors to that flat surface. When they released the elastic, it snapped back to its curved shape with the electronics in place.

Such bending often breaks the brittle semiconductors in circuits, but the group overcame that by using very small photodetectors connected by thin wires on flexible plastic strips. Those tiny plastic bridges absorbed the strain of the change in shape, said study co-author Yonggang Huang, a professor of engineering at Northwestern.

The curved camera design makes it easier to get a good image across a given field of view, experts said. A normal digital camera tends to have the best image quality at the center of an image, with more distortion at the edges.

But the new design makes it possible to get sharp focus all the way to the edge of the image, without the need for fancy optics.

Bendable electronics would free camera designers to mimic other kinds of natural inventions, including "insect-like compound eyes" and fisheyes with a 360-degree field of view, wrote University of Tokyo electronics researcher Takao Someya in an accompanying editorial in Nature.

Most experts doubted the new camera design would have immediate applications for consumers, in part because existing digital cameras are already relatively cheap and serve most people's needs. But Lagally of Wisconsin, who has collaborated with Rogers on other projects, said there may be other uses that require only another leap of imagination.

"I won't be surprised if [Rogers] comes up with something really magical in short order," Lagally said.

Orignal here

The $1000 iPhone app

Yesterday developer Armin Heinrich posted an iPhone app to the App Store called I Am Rich. The program displays a red gem, has no function but to display your wealth to others through ownership, and costs $1000. It has since been removed from the App Store, although no one knows whether Apple or Heinrich pulled it.

I Am Rich isn't the most clever piece of art, but it's not bad either. For some, the iPhone is already an obvious display of wealth and I Am Rich is commenting on that. Plus, buying more than you need as an indication of wealth is practically an American core value for a growing segment of the population. Is paying $5000 for a wristwatch or $50,000 for a car when much cheaper alternatives exist really all that different than paying $1000 for an iPhone app?

When news of the app got out onto the web, the outcry came swiftly. VentureBeat implored Apple to pull it from the App Store, as did several other humorless blogs. Blog commenters were even more harsh in their assessments. What I can't understand is: why should Apple pull I Am Rich from the App Store? They have to approve each app but presumably that's to guard against apps which crash iPhones, misrepresent their function, go against Apple's terms of service, or introduce malicious code to the iPhone.

Excluding I Am Rich would be excluding for taste...because some feel that it costs too much for what it does. (And this isn't the only example. There have been many cries of too many poor quality (but otherwise functional) apps in the store and that Apple should address the problem.) App Store shoppers should get to make the choice of whether or not to buy an iPhone app, not Apple, particularly since the App Store is the only way to legitimately purchase consumer iPhone apps. Imagine if Apple chose which music they stocked in the iTunes store based on the company's taste. No Kanye because Jay-Z is better. No Dylan because it's too whiney. Of course they don't do that; they stock a crapload of different music and let the buyer decide. We should deride Apple for that type of behavior, not cheering them on.

iPhone Coders Muzzled, Miffed by Apple’s NDA

The iPhone development community is growing rapidly, but Apple’s treatment of some of its

BrokeniPhone by JefferySimpson via Flickr

biggest supporters is drawing more ire than kudos.

Because of the company’s restrictive non-disclosure agreement (NDA), iPhone developers are legally banned from sharing programming tips, discussing code or asking questions of one another in forums or over e-mail.

They feel as if they’re coding with their hands tied, and the frustration is enough to make iPhone programmers want to curse loudly in the direction of Cupertino.

“FUCKING NDA” has become a mantra on Twitter. Every time a developer posts about his or her latest run-in with the metaphorical brick wall that is Apple’s NDA, the capitalized expletive is sounded off. “FUCKING NDA” has become such a phenomenon, a website has sprung up at FuckingNDA.com to track the twisted tweets.

A sampling of FuckingNDA.com’s vitriolic nuggets:

“I can’t get a feature of this iPhone app work. The result is I’m going to settle on an inferior approach. App won’t be as good. FUCKING NDA.” - Marcel Molina

“The FUCKING NDA is here to stay. It has certainly crushed my enthusiasm for the platform. Big time.” - Jonathan Eunice

“Re: the FUCKING NDA: It’s pretty clear that this is being done for competitive reasons. At the cost of A LOT of developer productivity.” - Craig Hockenberry

Apple’s software development kit (SDK) for the iPhone is the primary set of tools for building apps for the iPhone, especially if the creations are to be included for sale in the device’s App Store. The NDA, which must be agreed to before the SDK can be downloaded, prevents programmers from discussing the finer points of their code.

Justin Williams, a developer for Second Gear created FuckingNDA.com as a way to showcase his fellow developers’ frustration with Apple.

“It started out as a joke on Twitter with the iPhone community,” Williams says of the site’s launch in late July. “I figured I would get about 10,000 visitors a day and it would go away in about a week. The site has been linked to and commented on Twitter ever since.”

NDAs are commonplace in software development, but many see Apple’s restrictions as excessive, and even as a roadblock in iPhone application advancement.

“There is no legal way for developers to talk about they are developing,” Williams laments. “No way to post tutorials. No way to give code away. It’s hard to interact with other developers and to write code without reinventing the wheel. Normally, you could post [a coding question] on Twitter and get an answer within minutes.”

Why the secrecy?

“[It has] something to do with keeping competitors from looking into it and finding out what [Apple] did,” Williams says. “Or something else over my head.”

Brian Dear of Eventful praised Apples’ tools and developer evangelist team, but felt there was more he could do with his company’s event-listing iPhone application had it not been for the NDA.

“With the NDA, we’re unable to talk with one another,” Dear says. “We want the developer community to be a lot like the open source developing community where you can help and talk to one another about the best way to do these things.”

In an e-mail, Dear says his team had to abandon a certain user interface enhancement simply because they couldn’t figure out how to implement it.

“[We] weren’t able to get anywhere with Apple, and had nowhere else to turn,” he says. “We couldn’t talk to other developers to see if anyone else knew of a way to do it.”

The open source community is an example where open communication has been proven to foster problem-solving and collaboration. Bugs, issues and coding methods for open source applications are discussed regularly on IRC, over e-mail or in forums.

“I would urge Apple to transition from its current position to one of supporting and encouraging a thriving, open, developer ecosystem for the iPhone,” Dear says.

Before the iPhone 3G was released, when the SDK was in beta, the NDA made sense — it contained some sneak peaks into the hardware and software functionalities of the not-yet released product. But now that the new iPhone and its software have shipped, Apple’s motivation is in question. Still, there is nothing keeping anyone from downloading the SDK and its NDA. All that’s required is an Apple login and a download from its developer site.

“I don’t know the reasons why Apple chose to go the NDA route, but there must be reasons,” Dear says. “I hope that in time those reasons will become less important or even moot, and we can get to an open environment.”

Original here

Apple's secret to selling iPhones: Windows Mobile

After a rocky iPhone 3G launch, Apple's store operations have returned to a model of efficiency. One of Steve Jobs's secrets: roving sales clerks who use mobile devices to ring up orders anywhere in the store, not just at the cash register. Ah, but which devices? Motorola MC75 handhelds running Microsoft's Windows Mobile operating system.

Original here

Apple Receives Six New Patents: New MacBook, Dock Designs Coming?

Apple today received not one but six patents for a variety of items, including an iPhone/iPod touch stand, an amplification system, a form of speech synthesis, and something it calls a "computing device" that looks a lot like a MacBook to us. Also, a new earbud/lanyard design, and a new backlighting scheme. Keep in mind, some of these patents might be for things Apple already sells, it's a common practice and is responsible for the "patent pending" phrase on some products. Others, though, like the stand, haven't been seen by eyes outside Apple, and it makes us curious if we ever will.

Original here

iPhone Nano: I'm Everywhere Around You...

Apple's iPhone-App-Approval Mouse Falls Off Treadmill: Buy The $1000 App That Does Nothing

While many of the apps in Apple's (AAPL) iPhone App Store are useful, some are utter crap. And the latest, spotted by John Gruber, is an insult to all the well-meaning developers that Apple made wait/are still waiting to get into the iPhone developer program.

i-am-rich-screen.jpgBehold: "I Am Rich," a $999.99 app from Armin Heinrich, which just displays a red gem on the phone's screen -- nothing else.

"The red icon on your iPhone or iPod touch always reminds you (and others when you show it to them) that you were rich enough to afford this," the app's information page says in iTunes. "It's a work of art with no hidden function at all."

The upside for Apple: $300, or 30%, of all purchases. The downside: Good luck enforcing that "all sales final" policy on this scam.

Original here