Month: March 2015

I love my 17 inch MacBook Pro, but I use Parallels rather than Boot Camp. But, this is still a bummer for those that do!

Latest Apple MacBooks Will Not Have Windows 7 Boot Camp Support

Tech times – By: Judy Mottl – “Apple MacBook lovers likely won’t be loving the latest news regarding the impending revamped 13-inch MacBook Pro or how it impacts MacBook Air. Apple is eliminating Boot Camp support for installing Windows 7 on the two laptops.

The move means MacBook Pro and MacBook Air owners will either have to upgrade to Windows 8, hang tough until the arrival of Windows 10, which is due to arrive sometime in the second half of this year, or tap third-party virtualization software.

The Apple support page, which doesn’t offer insight or an explanation of the move, does provide very easy to follow instructions on installing Windows on the Mac using Boot Camp. It does advise laptop owners to use the software update option to ensure that OS X and the laptop’s firmware are up to date. Boot Camp, which is Apple’s tool for installing Windows, will work with Windows 8 and later versions.

The 2014 MacBook Air and 2014 MacBook Pro are the only Apple notebooks that will now be supporting Windows 7. Yet, the OS can be used on newer MacBooks if virtualization technology, such as Vmware Fusion and Parallels, is used.

The news isn’t likely good, given that many consumers have stuck with Windows 7, and even Windows XP, which Microsoft doesn’t even support any longer, given the headaches that came with Windows 8 and even Windows 8.1. Many consumers did not like Microsoft’s new tile desktop design and new user interface changes. However, holding onto an old OS — Windows 7 debuted in 2009, after all — isn’t a good thing either, given compatibility issues with new apps and new system requirements on hardware. Yet, Windows 7 is the most relied on Microsoft OS at this point.

It is extremely likely there will be a huge Windows migration move by consumers and even enterprises when Windows 10 arrives, as it promises to bring back many interface elements Windows users liked. Microsoft has said it will provide a free upgrade to Windows 7, 8 and 8.1 users when it launches Windows 10.

For now, those who jumped on the 13-inch MacBook Pro with Retina display or the two options (11-inch and 13-inch) MacBook Air laptops have a decision to make regarding use of a Windows OS.”

You aren’t going to believe this, but Microsoft is turning out Open Source projects! What?! Yep, check it out!

Virtual Router

“What is Virtual Router?

Virtual Router is a free, open source software based router for PCs running Windows 8, Windows 7 or Windows Server 2008 R2. Using Virtual Router, users can wirelessly share any internet connection (Wifi, LAN, Cable Modem, Dial-up, Cellular, etc.) with any Wifi device (Laptop, Smart Phone, iPod Touch, iPhone, Android Phone, Zune, Netbook, wireless printer, etc.) These devices connect to Virtual Router just like any other access point, and the connection is completely secured using WPA2 (the most secure wireless encryption.)
Where can Virtual Router be used?

• Anywhere you are!
• Home
• Office
• School
• Airport
• Bus Station
• The Park
• Grandmas House
• The In-Laws
• Absolutely Anywhere!
• No Advertising, No Hassle

Unlike similar applications, Virtual Router is not only completely Free, but will not annoy you with any advertisements. Also, since Virtual Router is not ad-supported, it does not track your web traffic the way other ad-supported applications do/can.

The Wireless Network create/shared with Virtual Router uses WPA2 Encryption, and there is not way to turn off that encryption. This is actually a feature of the Wireless Hosted Network API’s built into Windows 7 and 2008 R2 to ensure the best security possible.

You can give your ‘virtual’ wireless network any name you want, and also set the password to anything. Just make sure the password is at least 8 characters.

BTW, this project is written entirely in C#.”

Cross-Posted from the Hand Hand Hack – Move over Siri! Now, there’s an Open Source alternative for Linux users!

Meet Sirius, the open-source Siri clone that runs on Ubuntu

PC World – By: Chris Hoffman – “Sirius is an open-source virtual assistant, a bit like Apple’s Siri (pictured above), Google’s Google Now, or Microsoft’s Cortana. But unlike those well-known helpers—and like Linux itself—Sirius is an open platform anyone can use and contribute to, from universities to startups. It’s currently being tested on Ubuntu, and you can download and install it on your own Linux PC today… if you’re particularly adventurous.

How it works
Sirius includes speech recognition, image recognition, and text recognition components. Ask it a question, and Sirius will analyze the meaning of the words, then extract the relevant knowledge from Wikipedia.

One big feature Sirius offers is the image recognition integration. For example, you could take a photo of the Eiffel Tower and ask ‘when was this built?’ Sirius would analyze the image, determine it was the Eiffel Tower, and then go find out when the Eiffel Tower was built. The big commercial assistant programs don’t yet offer a similar feature. This University of Michigan video provides a good introduction.

Organizations like Google, the Defense Advanced Research Projects Agency (DARPA), and the National Science Foundation (NSF) are funding this project, but don’t expect Google to replace Google Now any time soon. Instead, it’s being developed by researchers at the University of Michigan’s Clarity Lab, and technologies from it may one day make it into the commercial virtual assistants.

But Sirius isn’t just a dry research project—it’s actual software you can download and run today.

Get the code
This project is licensed under the BSD license and hosted on GitHub, so anyone can contribute and play with the code. You’ll also find a ‘Sirius Suite’ download package, which you should use if you want to install this stuff on your own Linux PC.

sirius interface from video
This isn’t a piece of ready-made consumer software, so getting it on your own PC involves compiling the code from source. Sirius is built from many other open-source projects, including Carnegie Mellon University’s Sphinx for recognizing speech and UC Berkeley’s Caffe deep learning framework software. For image recognition, it uses OpenCV’s SURF. To answer all your questions, Sirius uses Carnegie Mellon’s OpenEphyra software. All of these bits of software are included in the Sirius Suite package.

Linux desktop environments and distributions could one day integrate this software with a pretty graphical interface, providing their own alternative to Siri, Google Now, and Cortana.

Yes, you could use this stuff on your own Linux PC today and impress your friends. Cortana integration is still in development in Windows 10, and Apple hasn’t made any moves to add Siri to Mac OS X. Currently, the best you can do on Windows and Mac OS X—and yes, Linux too—is use Google Now in Google Chrome.

But Sirius isn’t just a cool little open-source program to install. It’s a long-term vision for ‘the Linux of virtual assistants,’ an open project anyone can improve and use for their own needs. That’s something worth supporting—and something worth looking forward to.”

Yes, they ARE tracking you, if you open your email! Be aware, and be safe!

A Clever Way to Tell Which of Your Emails are Being Tracked

Wired – By: Brian Barrett – “While you’ve likely never heard of companies like Yesware, Bananatag, and Streak, they almost certainly know a good deal about you. Specifically, they know when you’ve opened an email sent by one of their clients, where you are, what sort of device you’re on, and whether you’ve clicked a link, all without your awareness or consent.

That sort of email tracking is more common than you might think. A Chrome extension called Ugly Mail shows you who’s guilty of doing it to your inbox.

Sonny Tulyaganov, Ugly Mail’s creator, says he was inspired to write the ‘tiny script’ when a friend told him about Streak, an email-tracking service whose Chrome extension has upwards of 300,000 users. Tulyaganov was appalled.

‘[Streak] allowed users track emails, see when, where and what device were used to view email,’ he recalled to WIRED. ‘I tried it out and found it very disturbing, so decided to see who is actually tracking emails in my inbox.’ Once the idea for Ugly Mail was born, it only took a few hours to make it a reality.

The reason it was so easy to create is that the kind of tracking it monitors is itself a simple procedure. Marketers—or anyone who’s inspired to snoop—simply insert a transparent 1×1 image into an email. When that email is opened, the image pings the server it originated from with information like the time, your location, and the device you’re using. It’s a read receipt on steroids that you never signed up for.

Pixel tracking is a long-established practice, and there’s nothing remotely illegal or even particularly discouraged about it; Google even has a support page dedicated to guiding advertisers through the process. That doesn’t make it any less unsettling to see just how closely your inbox activity is being monitored.

Using Ugly Mail is as simple as the service is effective. Once you’ve installed it, the code identifies emails that include tracking pixels from any of the three services mentioned above. Those messages will appear in your inbox with an eye icon next to the subject heading, letting you know that once clicked, it will alert the sender. Tulyaganov also confirmed to WIRED that Ugly Mail also doesn’t store, save, or transmit any data from your Gmail account or computer; everything takes place on the user’s end.

Ugly Mail appears to work as advertised in our test, but it has its limitations. It’s only built for Gmail (sorry… Outlookers?) and is only available for Chrome, although Tulyaganov says that Firefox and Safari versions are in the works. And while it’s effective against Yesware, Bananatag, and Streak, those are just three pixel-tracking providers in a sea of sneaking marketers. Tulyaganov has indicated that Ugly Mail will continue to add more tracking services to its list, but it’s not clear yet how long that might take. The onrush of users after receiving top billing on Product Hunt may help speed up the process.

If you’d like take take the extra step of just blocking pixel tracking altogether, another Chrome extension called PixelBlock—also referenced on Product Hunt—automatically prevents all attempts, instead of Ugly Mail’s more passive strategy of simply informing you that they’re happening.

Pixel tracking isn’t going away any time soon, and Ugly Mail is an imperfect way to prevent it. But it still offers a valuable glimpse at the marketing machinations we’re all exposed to every day, whether we’re aware of them or not.”

This year, everyone got hacked! It was an awesome event!

HP Awards $240K for Firefox, IE, Chrome and Safari Exploits

eWeek – By Sean Michael Kerner – “On March 19, the second day of the Hewlett-Packard Zero Day Initiative (ZDI) sponsored Pwn2Own hacking challenge at the CanSecWest conference in Vancouver, B.C., security researchers were able to successfully exploit Mozilla Firefox, Microsoft Internet Explorer, Google Chrome and Apple Safari.

HP awarded the researchers a total of $240,000 in prize money on the second day, bringing the two-day award total to $557,500.

On the first day of the Pwn2Own event, HP awarded $317,500 for exploits against Adobe Flash, Adobe Reader, Microsoft IE 11 and Firefox. The second day saw no new Adobe exploits, as researchers turned their attention back to the browsers, with new exploits reported against Firefox, IE, Chrome and Safari.

A security researcher identified by HP only as ilxu1a delivered the first exploit of the day with an out-of-bounds memory vulnerability in Firefox that took less than one second to execute. For his efforts, ilxu1a was awarded $15,000.

All told, Mozilla Firefox was exploited twice at the Pwn2own 2015 event, with exploits demonstrated on both days of the event, for a total payout of $70,000. Mozilla is no stranger to Pwn2Own and is often the first vendor to patch issues that are first disclosed at a Pwn2own event.

‘We are on-site and have gotten the bug details from HP,’ Daniel Veditz, principal security engineer at Mozilla, told eWEEK. ‘The details have been filed, and Mozilla engineers back home are working on patches.’

Veditz said that while the flaws were first demonstrated on March 18 and 19, Mozilla’s plan is to release updates for Firefox Desktop, Firefox for Android and Firefox ESR (Extended Support Release) on Friday, March 20.

Both the exploits against Firefox at Pwn2Own 2015 were executed in less than one second, but that doesn’t necessarily indicate that the exploits were easy to develop. Veditz said that the exploits were certainly not created in a second.

‘Contestants showed up to claim all the prizes offered at Pwn2Own, and given the expense of travel to the conference, it is not surprising they have working exploits before coming,’ Veditz said. ‘Computers are very fast, and it is not surprising that a well-crafted exploit written in advance would not take much execution time.’

The second day of Pwn2Own also saw security researcher JungHoon Lee, also known as lokihardt, demonstrate three different browser exploits against IE 11, Chrome and Apple Safari.

Lee’s successful exploit of Microsoft’s IE 11 earned him a $65,000 award, while the Apple Safari exploit yielded a $50,000 award. Lee was also able to successfully exploit Google Chrome for $75,000 as well as earning a bonus of $25,000 for demonstrating a privilege-escalation bug. HP also awarded a bonus of $10,000 to Lee for demonstrating his Chrome exploit on a beta version of Chrome.

Overall, Brian Gorenc, manager of vulnerability research for HP Security Research, said that one of the surprises at the Pwn2Own 2015 event was the amount of Windows kernel vulnerabilities that showed up, though he noted that HP, in a way, expected it.

‘We put a premium on system-level privilege escalations,’ Gorenc said. ‘We believe they are the most interesting, and potentially dangerous, bugs that come through Pwn2Own.’

At the 2015 event, every browser was exploited, even though all the browsers had been patched by their respective vendors. Although all the browsers were exploited, Gorenc noted that it’s important to remember that the people who come out to compete at Pwn2Own are some of the best security researchers in the world.

‘Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches,’ Gorenc said. ‘One of our goals with the contest is to get this information to the vendors so they can make their browsers more secure and even harder to hack the next year.'”

Impulse Drive from Star Trek is here! Awesome sauce!

NASA successfully tests engine that uses no fuel, violates the laws of physics

Examiner – By: Wan Hu – “Very quietly, NASA has tested a space drive that does not use propellant and according to the laws of physics should not work, according to a Thursday story in Wired.UK. The problem is that the drive, called the ‘Cannae Drive’ by its inventor Guiddo Fetta, did work in the NASA directed test. If the efficacy of the drive is confirmed, the implications for space travel are profound. It seems that another technology from Star Trek may be about to become reality.

The Cannae Drive is apparently based on the work of a British scientist named Roger Shawyer called the EMDrive. It is said to work by bouncing microwaves in an enclosed chamber and thus creating thrust. Despite having built a number of demonstration models, Shawyer has not been able to get anyone interested in his device. Critics reject his relativity explanation for how it works and point out that it violates the conservation of motion.

However it appears that the Chinese quietly tested their own version of the EMDrive up to about 72 grams of thrust, enough to be a satellite thruster. The test was not widely reported in the West, possibly because few if any people believed it was possible. That seems to have changed thanks of the test of the Cannae Drive.

The Cannae Drive seems to have been developed independently of the EmDrive, though it seems to have a similar mechanism. The NASA test, which was presented at the 50th Joint Propulsion Conference in Cleveland, Ohio, showed that the Cannae drive was able to produce a thrust of less than one thousandth of the Chinese model. Nevertheless it constitutes a third test of a working propellant-less engine.

What are the physics behind these devices? NASA’s explanation follows:

‘Test results indicate that the RF resonant cavity thruster design, which is unique as an electric propulsion device, is producing a force that is not attributable to any classical electromagnetic phenomenon and therefore is potentially demonstrating an interaction with the quantum vacuum virtual plasma.’

In other words, no one knows for sure. Wired speculates that the process involves ‘pushing against the ghostly cloud of particles and anti-particles that are constantly popping into being and disappearing again in empty space.’ But finding out for sure and determining whether this kind of drive can be scaled up to something that can propel a spacecraft will be the work of some years.

But what if it does work and can be scaled up? Much of the weight of a spacecraft, whether it is propelled by a chemical rocket, an ion thruster, or nuclear thermal engines consists of fuel. If something like the EMDrive or the Cannae Drive becomes practical, larger spacecraft can be launched into space without the added weight of fuel and because the thrust is low but constant, like an ion rocket, trip times throughout the Solar System suddenly become weeks instead of months.

This is not the warp drive from Star Trek (a different project at NASA.) It does look a lot like impulse power that propelled the USS Enterprise when the warp engines were down. It would be enough to open the solar system for exploration and eventual colonization.”