Month: November 2011

(Cross Posted from the Hand Held Hack) A quad core CPU for hand helds! Sweet! “Project Kal-El” – gotta love the Superman reference!

Nvidia ships Tegra 3, claims it’s up to five times faster than Tegra 2

“Nvidia says its Tegra 3 processor, previously code-named ‘Kal-El,’ is now in production, making its first appearance in the Android-powered Asus Transformer Prime before the end of the year. The chip includes five ARM Cortex A9 cores, but the fifth ‘Companion core’ runs only up to 500MHz, and is optimized for saving power when running background tasks, the company says.

Nvidia introduced and demonstrated its ‘Project Kal-El’ last February. At the time, the chip was touted as the world’s first quad-core mobile processor, including four ARM-based CPU cores plus a twelve-core GeForce GPU (graphics processing unit).

But on Sept. 20, Nvidia disclosed that the Tegra 3 would actually sport five ARM Cortex-A9 cores, not four. The fifth ‘Companion Core’ is identical to the other four, except that it has been built using low power process technology and runs only from 0 to 500MHz, as opposed to the ‘0 to max GHz’ delivered by the others, according to the company.”

LibreOffice V3.4.4 (Final) is out, and it is a production (safe for business use) version. Time to upgrade!

LibreOffice Download Page

“LibreOffice is a comprehensive, professional-quality productivity suite that you can download and install for free. There is a large base of satisfied LibreOffice users worldwide, and it is available in more than 30 languages and for all major operating systems, including Microsoft Windows, Mac OS X and GNU/Linux (Debian, Ubuntu, Fedora, Mandriva, Suse, …).

You can download, install and distribute LibreOffice freely, with no fear of copyright infringement.

What’s outstanding about LibreOffice?

LibreOffice is a feature-packed and mature desktop productivity package with some really great advantages:

It’s free – no worry about license costs or annual fees.

No language barriers – it’s available in a large number of languages, with more being added continually.

LGPL public license – you can use it, customize it, hack it and copy it with free user support and developer support from our active worldwide community and our large and experienced developer team.

LibreOffice is a free software community-driven project: development is open to new talent and new ideas, and our software is tested and used daily by a large and devoted user community; you, too, can get involved and influence its future development.

LibreOffice gives you high quality:

The roots of LibreOffice go back 20 years. This long history means it’s a stable and functional product.

Thousands of users worldwide regularly take part in beta testing of new LibreOffice versions.

Because the development process is completely open, LibreOffice has been extensively tested by security experts, giving you security and peace of mind.

LibreOffice is user-friendly:

You get a simple-to-use yet powerful interface that is easy to personalize – Microsoft Office users will find the switch easy and painless, with a familiar look and feel.

Compatible with all major competitors’ file formats. You can easily import files from Microsoft Word, Excel and PowerPoint and many other formats, and can easily save to Microsoft Office and other formats when needed.

LibreOffice is supported by a big worldwide community: volunteers help newcomers, and advanced users and developers can collaborate with you to find solutions to complex issues.”

The future is here for sure! Voting on a hand held device!

Oregon Tests Using iPad as a Voting Machine

“While most Oregon residents are still voting with paper ballots this election, a select few will be voting by iPad.

The state is testing Apple’s tablet to help those with disabilities more easily cast their ballots.
Although the iPad is being used to assist with the election, those using it aren’t casting their votes electronically. Rather, the iPad allows those with visual and other challenges to better see the ballot and make their selections. Their choices are then printed out on a paper ballot, according to an Associated Press report.

Apple has donated five iPads to help with the pilot project, according to the report.
The state decided to try out the iPad because its current crop of adaptive technology is aging. According to the AP report, the iPad-based approach has the potential to lower election costs, even if the state has to purchase significant numbers of Apple tablets.”

The Duqu Zero Day Exploit is evil! Not all virus signature files have caught up yet, so try these defenses!

Five Things To Do To Defend Against Duqu

“Whether Duqu is related to Stuxnet’s authors or its source code is the least of your worries if your organization ends up in the bull’s eye of this new targeted attack. Microsoft says it considers the threat ‘low risk’ at this point. Trouble is, the names of the organizations that have been targeted thus far have been kept confidential, so we don’t know just what Duqu is after exactly, and whether it’s focused on a particular industry or region.
‘I don’t expect Duqu to stop. It looks to be manned on the inside and not on autopilot — they are actively setting up new modules, etc., to keep the operation alive,’ says Don Jackson, a director with Dell Secureworks Counter Threat Unit. ‘So [right now] it’s an intelligence game.’

Even so, there are still some things organizations can do to protect themselves while the world waits for more information on this attack, as well as for Microsoft’s patch for the zero-day flaw that was exploited and used with Word to spread the infection. Microsoft late today issued a ‘hot fix’ along with an advisory about Duqu and assured users that antivirus vendors in its MAPP program would soon be updating their products with Duqu signatures very soon.

Even if you’re not a certificate authority or manufacturing firm — the two industries cited publicly so far as having Duqu victims — security experts say there are some steps you can take to help protect your infrastructure from this new targeted attack.

1. Install the just-released ‘hot fix’ from Microsoft and workaround.
Microsoft is working on a patch, and it will do so via its regular security bulletin release — just not in time for next week’s batch. So in the meantime, Microsoft today began offering a hot fix for the threat that blocks access to t2embed.dll used in the zero-day attack in Duqu.

The flaw lays in the Win32k TrueType font parsing engine, according to Microsoft: ‘An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware,’ Microsoft said in an advisory today.

Jerry Bryant, group manager for response communications in Microsoft’s Trustworthy Computing Group, says Microsoft is closely monitoring further developments with Duqu. ‘As previously stated, the risk for customers remains low. However, that is subject to change, so we encourage customers to either apply the workaround or ensure their anti-malware vendor has added new signatures based on the information we’ve provided them to ensure protections are in place for this issue,’ he says.

2. Run updated anti-malware — and use standard security best practices.
Not all antivirus products can detect Duqu yet, but security experts say to keep updating to be sure you get protection for Duqu as soon as it’s released.

‘Detections related to Duqu are mapped to the W32.Duqu family of signatures. We also highly encourage people not to click on attachments in email that seems suspicious, even if it comes from someone they know,’ says Kevin Haley, director of product management for Symantec.

Secureworks recommends using any host-based protection in addition to the typical network monitoring and user access controls that would help thwart Duqu. Tarek Saadawi, professor of electrical engineering at The City College of New York’s Grove School of Engineering, says because Duqu sniffs keyboard strokes and tries to steal passwords to internal systems, users should also protect their home computers and networks. Aside from updating AV and Windows, be sure to update third-party applications and shut down computers at night, he says.

3. Scan or filter Word documents from unknown sources.
One handy tool here is Microsoft’s MOICE (Microsoft Office Isolated Conversion Environment), which checks for malformed Word documents, Secureworks’ Jackson says. ‘That’s how Duqu starts: with a malformed Word file. It’s playing a trick on Microsoft Word to run this code,’ he says.

Jackson suggests filtering Word documents from unknown sources and scanning them with MOICE until there’s a patch for the new zero-day attack. Another option is to use something like FireEye’s software: ‘FireEye loads the Word document inside the VM and [executes] malicious detection,’ he says.

4. Monitor for traffic from potentially infected machines trying to ‘phone home’ to Duqu.
Be on the lookout for machines trying to connect to a Duqu command-and-control (C&C) server or trying to resolve to a Duqu-related domain. Two C&C servers have been taken down thus far, but there are likely new ones. The IP addresses of the C&Cs that were found and ultimately shuttered: 206.183.111.97 and 77.241.93.160.

‘I’m confident that there are other command-and-control servers either going up now or that are already up,’ Jackson says. ‘We are a step behind them in spotting new ones.

‘Duqu has a stay-alive module … and has the ability to change itself, so anything you can do to block IP addresses will help,’ he says.

5. Watch for any Port 443 traffic that’s unencrypted, and keep an eye out for ~DQ files.
Watching for unencrypted traffic on the HTTP-S or SSL-based traffic port can help detect malware, including a possible Duqu infection. ‘If it’s not encrypted [traffic there], it’s probably bad,’ says Secureworks’ Jackson.

Meanwhile, a Duqu-infected file may start with ‘~DQ’ in the Windows temporary file directory, so be on the lookout for that as well, Secureworks recommends.”

You know I am a HUGE Star Trek fan! So, this is right down my alley! Tractor Beams! Awesome!

NASA Studying Ways to Make ‘Tractor Beams’ a Reality

“Tractor beams — the ability to trap and move objects using laser light — are the stuff of science fiction, but a team of NASA scientists has won funding to study the concept for remotely capturing planetary or atmospheric particles and delivering them to a robotic rover or orbiting spacecraft for analysis.

The NASA Office of the Chief Technologist (OCT) has awarded Principal Investigator Paul Stysley and team members Demetrios Poulios and Barry Coyle at NASA’s Goddard Space Flight Center in Greenbelt, Md., $100,000 to study three experimental methods for corralling particles and transporting them via laser light to an instrument — akin to a vacuum using suction to collect and transport dirt to a canister or bag. Once delivered, an instrument would then characterize their composition.

‘Though a mainstay in science fiction, and Star Trek in particular, laser-based trapping isn’t fanciful or beyond current technological know-how,’ Stysley said. The team has identified three different approaches for transporting particles, as well as single molecules, viruses, ribonucleic acid, and fully functioning cells, using the power of light.

‘The original thought was that we could use tractor beams for cleaning up orbital debris,’ Stysley said. ‘But to pull something that huge would be almost impossible — at least now. That’s when it bubbled up that perhaps we could use the same approach for sample collection.’

With the Phase-1 funding from OCT’s recently reestablished NASA Innovative Advanced Concepts (NIAC) program designed to spur the development of “revolutionary” space technologies, the team will study the state of the technology to determine which of the three techniques would apply best to sample collection. OCT received hundreds of proposals, ultimately selecting only 30 for initial funding.”

I like Tech News. I reckon you know that from watching “Dr. Bill – The Computer Curmudgeon!” The more tech news outlets, the better, as far as I am concerned! So, this site is quite interesting to me… and I like what I see!

The Verge – Tech News and Reviews Site

“We couldn’t be more pleased to share what we’ve been cranking away on for the last several months.

Although much of the editorial team here has been publishing content and covering events on This Is My Next, our true work has been preparing The Verge for this moment.

We’re focused on bringing you — our extremely savvy and frankly very handsome readers — the best and most comprehensive coverage of the consumer technology world. Not just the nuts and bolts, 24-hour news cycle stuff, but more in-depth coverage, bigger stories, and content that goes further.

We’re going to do that on a new product that we’re really psyched about. A site that’s not just a stagnant, fixed entity, but an evolving, growing piece of technology. We think of The Verge (and its underlying CMS) as something akin to an app. A piece of software that is being constantly developed and updated. Today we’re launching with The Verge 1.0, but 1.1 and 1.2 are just around the corner.

We’re launching with awesome tools like StoryStreams, which help us tell a narrative in a way which no one else can. It’s a technology developed in-house that allows us to stitch together disparate parts of a story in a logical timeline, and it’s incredible for reporting news.

We’re launching with design-focused, beautiful reviews and features (you can see some examples here and here). We’re launching with a robust product database with thousands of entries (and counting) and fantastic comparison tools (here, for example). We’re launching with a fast, smart community commenting and forum system, one that ties directly into the rest of our site and lets reader voices be heard in a meaningful way.”

[Cross posted from Hand Held Hack]
Ubuntu will become “touch friendly” with uTouch technology!

Ubuntu to hit smartphones, but not until 2014

“At the Ubuntu Developer Summit today, Canonical founder Mark Shuttleworth announced the company is planning on porting its popular Linux variant Ubuntu to the already crowded mobile OS market, destined for smartphones, tablets and TVs. This move has reportedly been in the works for two years, and won’t bear fruit until 2014, though the Unity UI has been remarkably mobile-friendly since last year, as shown above. Of course, it’s not easy going as a new mobile Linux in an Android-dominated market, but Ubuntu’s planning some interesting features, like shipping different versions of the OS to each device, but the ability to switch between them at will, allowing users to make their tablet handle like a computer when and if they want. We’ll see if novel ideas like this allow the new mobile version to succeed where predecessors like 2008’s Ubuntu Mobile Internet Device Edition and the unreleased Kubuntu Mobile have failed.

Individual users will be able to download and install the software, but Canonical does plan to team up with OEMs in order to get the OS built into products, so balancing between a consumer’s desire for freedom and a manufacturer’s and carrier’s desire for customization may prove to be tricky, and it’s tripped up others in the past.”