refusingstructures.net

And The New York Times site vulnerability could have allowed an attacker to harvest e-mail addresses of people who use a feature on the site to e-mail articles to other people. The victim’s e-mail address could then be used for spamming.

The sites have all fixed the holes after being notified by the report’s (PDF) researchers, William Zeller and renowned security and privacy researcher and Princeton computer science professor Edward Felten.

Updated at 1:30 p.m. PDT with the New York Times saying they fixed the hole.

A new report from researchers at Princeton University reveals serious Web site security holes that could have been exploited to steal ING customers’ money and compromise user privacy on YouTube, The New York Times’ Web site, and MetaFilter.

In this illustration of a cross-site request forgery attack, a malicious Web site causes a user's browser to send a request to a trusted site. The trusted site sees a valid, authenticated request from the browser and does what is asked. "CSRF attacks are possible because Web sites authenticate the web browser, not the user," the report says.

The vulnerability arises from a coding flaw that could allow someone to do a cross-site request forgery (CSRF) attack in which a “malicious Web site causes a user’s Web browser to perform an unwanted action on a trusted site,” according to the report.

(Via IDG News Service.)

The YouTube hole could have allowed an attacker to add videos to a user’s “favorites,” join the user’s “friend” or “family” list, send messages on behalf of the user, flag videos as inappropriate and share video with the user’s contacts, among other things.

On blogging site MetaFilter, an attacker could have exploited the vulnerability to take control of a user’s account.

“We take the security of our site and our users very seriously and act quickly to address any vulnerabilities,” she said in a statement. “The issues outlined in the report have been resolved. We were notified last year by Ed Felten about ‘E-mail This’ and fixed the problem he outlined then within days. On Tuesday, we were alerted to a more complicated variant of the same problem (in their blog post) and we closed that security hole immediately.”

“These attacks have been called the ’sleeping giant’ of web-based vulnerabilities, because many sites on the Internet fail to protect against them and because they have been largely ignored by the web development and security communities,” Zeller and Felten wrote.

On the ING site, the vulnerability could have allowed an attacker to open an account on behalf of a customer and transfer funds from the customer’s legitimate account into that account.

The report says The New York Times site had not been entirely fixed. However, a New York Times spokeswoman said it now has been.

(Credit:
William Zeller and Edward Felten)

The researchers suggest fixes that Web sites can make on their servers to close the security hole and they released a
Firefox plug-in that can protect consumer PCs even if sites have not fixed the vulnerability.

Jive is backed by Sequoia, the same firm that recently warned its portfolio companies to manage cash prudently through the downturn. Jive grew at a frenetic pace over the past year–this move is a way to return to prudent, more profitable growth. Jive has been profitable since its 2001 launch.

The only open question for me is why Jive would can its vice president of Sales if things are going well. I’ve heard that Jive is doing well financially, but you don’t fire your sales head when money is pouring in. Anyone have any insight into this?

Jive, while not an open-source company, has dabbled in open source and makes good products. I’m glad to see the company managing its business to survive and thrive in the downturn. Had Jive made this announcement six months from today, it would probably portend bad news. But this strikes me as Jive getting its financial house in order in advance of potential problems.

TechCrunch is reporting that Jive Software, an emerging collaboration leader, has cut one-third of its headcount. Sam Lawrence, Jive’s chief marketing officer, has confirmed the news. Normally this wouldn’t be inspiring news for Jive customers and prospects, but in this case I think it’s actually a reason to be optimistic if you fall into one of these camps.

commentary

We asked Hillary Clinton whether she supported a permanent ban on Internet taxes, but she evaded the question. (Clinton said only that she supported a temporary moratorium, which is an answer to a different question.) We asked John McCain whether he supported forcing Internet service providers to retain data on their users’ activities. He replied only that he wants to find the “best path forward”–which might be forgivable obfuscation from a neophyte, but not from the former chairman of the Senate committee overseeing this area of Internet law.

The short answer: it depends. Do you like the idea of Net neutrality so much that you’d hand the Federal Communications Commission the authority to levy open-ended Internet regulations? Do you support pro-fair use changes to copyright law, which many programmers and computer scientists do–but which practically all software and video game companies oppose?

The questions we asked the candidates that are summarized in the chart’s columns are these:

On the Republican side, Paul is definitely libertarian-leaning: He doesn’t want the government involved in Internet taxation or regulation — even if it’s supposedly done to protect children. If something is pro-law enforcement, like Real ID or retroactive immunity for telephone companies, McCain’s a fan.

The source for this chart is the 2008 Voters’ Guide we published last month. To create it, we contacted all the leading candidates and reproduced their replies verbatim. Mitt Romney and Mike Huckabee, by the way, refused to respond even though we gave them more than a month, so their positions are gleaned where possible from other news coverage. Because those are our interpretations of their positions, they’re marked with an asterisk.

To help clear things up for our readers living in the 24 states that are holding primaries or caucuses on Tuesday, we’ve assembled a sketch of the leading contenders’ technology-related positions in the following chart.

Even with the missing answers, these positions seem to reflect the candidates’ broader philosophies. Obama appears more liberal than Clinton, flatly opposing the Real ID Act while she’s less forceful, saying it needs to be reviewed. Both engage in a careful lapse in memory: unlike Paul, Clinton and Obama voted for Real ID as part of a broader “Global War on Terror” spending bill three years ago before turning around and criticizing it.

In Romney’s case, his major Internet platform seems to be pledging to “fight the modern plague of Internet pornography.” Huckabee seems to be sympathetic to Internet taxes (his counter-argument is here). He also appears to endorse Net neutrality on “fairness” grounds — though his answer was vague — and has criticized warrantless wiretapping.

Q: The 1998 Digital Millennium Copyright Act’s section restricting the “circumvention” of copy protection measures is supported by many copyright holders but has been criticized by some technologists as hindering innovation. Would you support changing the DMCA to permit Americans to make a single backup copy of a DVD, Blu-ray Disc DVD, HD DVD, or video game disc they have legally purchased?

Q: Do you support enacting federal laws providing for an increase in the current limits on H-1B visas?

Q: The Department of Homeland Security has proposed extensive Real ID requirements restricting which state ID cards can be accepted at federal buildings and airports. Do you support those regulations as written, would you want to repeal Real ID, or would you prefer something in between?

It’s true that the questions we asked the candidates were limited; we didn’t include some that we could have (and maybe, in retrospect, should have) on topics like Internet service providers detecting copyrighted material, the problems of doing business in China, and so on. But even with their limitations, we hope our 2008 Voters’ Guide and the above chart will help you out if you’re voting on Tuesday–assuming, that is, that you bother voting at all.

And to stave off the usual objections in advance, we know that the economy, the occupation of Iraq, and so on are more pressing topics than these. We know that there are many methods of evaluating candidates. But this chart provides a useful glimpse of a politician’s core beliefs, including what the role of the federal government should be, and those are important beyond what we write about here at News.com.

Q: The Bush administration has supported legally requiring Internet service providers, and perhaps search engines and social-networking Web sites as well, to keep logs on who their users are and what they do. Do you support federal legislation, such as HR 837, to mandate data retention?

Q: Telecommunications companies such as AT&T have been accused in court of opening their networks to the government in violation of federal privacy law. Do you support giving them retroactive immunity for any illicit cooperation with intelligence agencies or law enforcement, which was proposed by the Senate Intelligence Committee this fall (S 2248)?

Q: Congress has considered Net neutrality legislation, but it never became law. Do you support the legislation that was re-introduced in 2007 (S 215), which gives the FCC the power to punish “discriminatory” conduct by broadband providers?

Q: Do you support enacting federal laws providing for a permanent moratorium on Internet access taxes?

Net neutrality legislation
Telecom spying immunity
DMCA fair use reform
Supports Real ID Act
ISP data retention required
Permanent Net-tax ban
Increased H1-B visas Clinton
Strong yes
No
Ducked question
Maybe
Ducked question
Ducked question
Probably yes Huckabee
Maybe*
Ducked question
Ducked question
Ducked question
Ducked question
Probably not*
Ducked question McCain
No
Probably yes
Ducked question
Strong yes
Ducked question
Yes
Strong yes Obama
Strong yes
No
Probably yes
No
No
Yes
Probably yes Paul
No
Strong no
Probably yes
Strong no
No
Yes
Yes Romney
Ducked question
Ducked question
Ducked question
Yes*
Ducked question
Yes*
Yes*

Who would be the most tech-friendly president?

Anyway, the first thing you probably noticed in the chart is that even candidates who answered some questions ducked others, which is deeply disappointing. Any would-be president should be able to answer without equivocation. Only Barack Obama and Ron Paul gave us forthright replies, and they deserve credit for their directness.

Apple doesn’t have to fight off that negative perception from its users or the industry. Macs have been selling better than ever and there is no sense that will slow down anytime soon.

“It’s really immaterial the degree of the rewrite in the operating system,” Ross Rubin, director of analysis for market research firm NPD, told CNET. “The key is the consumer benefit.”

(Credit:
Jim Dalrymple)

Apple and Microsoft are fighting for the mindshare of consumers as both companies prepare to roll out upgrades to their operating systems later this year.

Apple on Monday showed Worldwide Developers Conference attendees Snow Leopard, the next major version of Mac OS X. Apple has been very open about the fact that
Snow Leopard is meant to be an under-the-hood maintenance release, focusing on performance enhancements to the operating system.

Apple is coming from a strong position with Mac OS X Leopard, so upgrades to its newest Snow Leopard release should be very strong.

Apple introduces Mac OS X Snow Leopard at the WWDC.

While early testing of
Windows 7 seems to bear out improvements in the operating system, Microsoft is coming off a very bad consumer experience with Windows Vista. That is not a trivial obstacle for it to overcome.

Apple said Snow Leopard is expected to ship in September. Microsoft will release Windows 7 in October.

“The OS war is on in a big way,” said Michael Gartenberg, vice president of Strategy and Analysis at Interpret. “Charging $29 won’t win Apple any converts, but Microsoft is going to look really bad with its upgrade pricing.”

It’s clear that Microsoft has a much bigger channel to push Windows 7 to customers, but we’ve seen with the Vista release that doesn’t always mean success for an operating system.

Microsoft will have to fight the industry perception that Windows 7 is just Vista with a few fixes. That could certainly lead to slower adoption of the new operating system out of the gate.

Windows 7 is essentially Microsoft’s maintenance release for Vista, that according to many accounts was a failure for the company. Putting aside all of the back and forth between the two companies, one industry analyst feels it comes down to the consumer.

Typically, Apple sells its new operating systems for $129. That’s a flat fee. Everyone gets the same version that includes all features and enhancements. However, Leopard users will be offered an upgrade to Snow Leopard for $29. Microsoft has yet to release its upgrade pricing, but it is expected to be much higher.

Apple on the other hand is coming off one of the most successful operating system launches in the company’s history. Mac OS X Leopard was a solid release, packed with features. Overall, Leopard had relatively few problems throughout its life cycle.

Micro is the new macro

The only marketing program that matters: Identify the micro-verses of your multiple audiences, track their constant evolution, and provide content (information and entertainment) that is relevant at a specific point in time, for a specific person, in a specific context. Other than that, it’s all tactics and only little strategy. Change your marketing mix every week, every day, every hour — and your voyage through the customer universe will be fantastic.

One of the most entertaining pieces in this genre is Fantastic Voyage, a science-fiction movie from 1966, which — albeit not free of some severe logical flaws — has lost none of its original appeal. Fantastic Voyage tells the story of a CIA-led group of agents and surgeons who attempt to save the life of a dying diplomat. The medical team gets on board a submarine that is miniaturized to one micrometer in length and then injected into the diplomat’s body. The group has just one hour to repair the life-threatening clot; after that, the submarine will begin to revert to its normal size and become large enough for the diplomat’s immune system to detect and attack.

This effect suggests a very different time horizon for marketers. Rather than planning and conducting long-term campaigns aimed at rubbing in a consistent message through prominence and repetition, marketers need to stay above the fray (or below the fray) by consistently varying their message and diversifying their communication channels. Rather than relying on one major focused traditional above-the-line program, they need to employ a combination of different tactics below-the-line. I call this new model “marketing 0.1″ (as opposed to marketing 101), and the charts below may help illustrate the contrast:

The miniaturization of matter has long been a human desire, and viewing the world from a smaller perspective is the core of many novels and movies. The idea of shrinking people for the purpose of traveling inside another human’s body, in particular, has been frequently used in animated cartoons, including The Simpsons, Futurama, Beetlejuice, and SpongeBob SquarePants.

What does Fantastic Voyage have to do with marketing? A couple of things: First of all, in the movie, shrinking the matter (that is, the submarine and its passengers) is the only way to reach objects that occur on an entirely different scale. The same is very much true for today’s marketing: In the attention-saturated, atomized markets of today, audiences recognize messages and events only within the blink of an eye and on a miniature scale. They happen for nanoseconds in the always-on presence of today’s perception apparatus but they rarely have staying power. It is not the billboard we’re seeing; it is the ad embedded in the news feed on Facebook. It is not the TV commercial we’re recalling; it is the intimate party conversation. But the clots that pollute consumers’ ability to pay attention are so small that we have to down-scale our marketing programs if we want to remove them and reach the audience. “Scaling a campaign” has taken on the opposite meaning: it now means down-sizing messages and the way they are communicated. Think of the influential bloggers whom you want to have evangelize your brand. Identifying and engaging them is like finding the needle in the haystack, and you can’t find that from the bird’s eye perspective. Moreover, in a second parallel to the movie, the “window of opportunity” is smaller. Because of shrinking attention-spans, the slots for marketers to grab attention are shrinking as well — you need to get the submarine out before it will revert to its original size.

(Credit: frog design) (Credit: frog design)

Marketing 0.1

(Credit: SF Fan)

Have a great weekend, and happy Mother’s Day!

Driving through West Hollywood earlier today, I found myself stopped by a gaggle of paparazzi standing in the middle of the road. I’m not sure who they were trying to shoot, but for the first time I kind of understood how they felt. I mean, we here at CNET were all over the Lenovo IdeaPad U110 like a ‘razzo on a starlet. First, there was the news that it had arrived in CNET Labs. Then we posted our initial impressions after using the laptop for a day. And finally, the full Lenovo IdeaPad U110 review. But who were we to resist? The little laptop is simply the most beautiful laptop we’ve seen in years.

Also this week, Consumer Reports issued the results of its annual assessment of the computer industry, and we were combing the brand repair history to figure out who makes the most reliable laptops. The conclusion? No one brand stands out particularly prone to problems. That’s happy news for Dell, who announced this week that it will fix the funky keyboards that showed up on some Vostros, and for Apple, who announced that it would issue refunds to consumers who had to buy a replacement power adapter for their iBook or PowerBook.

Other stories worth reading: Hitachi busted out a 320GB notebook hard drive; Dell got in touch with its artsy side by issuing a special edition Inspiron 1525; NEC introduced a tough ultraportable in Singapore; and we checked out two kinds of laptop sleeve, both DIY and high-design.

(Credit:
Michelle Thatcher/CNET Networks)

Other laptop-related reviews we posted this week include the Averatec 2575, a reasonably priced 12.1-inch ultraportable, and the Lapworks Futura laptop desk. We also saw more leaks about Dell’s new Inspiron line, and the 9-inch Asus Eee PC landed in our Labs.

In non-laptop-related news, I visited an open house NASA’s Jet Propulsion Laboratory last weekend and posted a slide show of rover prototypes that were on display. I also put together a short list of tech gift ideas for Mother’s Day, many of which can be picked up at your local retailer.

It looks like the leaks were pretty much dead-on, and Sony does indeed have a brand-new ultraportable laptop called the Vaio TT. It’s a thin, lightweight 11-inch model, available in two different shades of black, plus red or gold.

We’re especially interested in the Vaio TT because it’s the successor to Sony’s Vaio TZ line, one of our all-time favorite ultraportable laptops, and a reminder that even though they’re similar in size, there’s a big difference between what a $500 Netbook and a $2,000-plus fully featured ultraportable laptop can do.

The basic Vaio TT runs about $2,000, while the Blu-ray version is $2,700. A version with a single 128GB SSD drive will cost $2,750. The system is available for order starting today, and should ship to retail stores sometime later this fall.

Sony says the new system has a lightweight carbon-fiber chassis that weighs about 2.87 pounds and measures less than one inch thick. Unlike Netbooks, the Vaio TT (and other ultraportables such as the Toshiba R500) has room for an optical drive, and there’s even a Blu-ray option. Yes, that seems rather pointless, but at least there’s an HDMI output for sending the Blu-ray signal to a larger display. Solid state hard drives are also available, including dual 128GB drives (making for a sizable 256GB of SSD storage).

(Credit:
Sony)

Sony’s new Vaio TT ultraportable.

(Credit:
Sony)

So, how do you chose a size for the page file? As Chico Marx once said to Groucho - wrong every time.

So, how big should your paging file be? The article says “The paging file should be set to at least 1.5 times the amount of RAM onboard.” This is an old wives tale. It is a rule of thumb, not gospel.

The article suggests that setting the page file Initial Size and Maximum Size to the same number will “avoid serious defragmentation”. While this does avoid the paging file growing in size, the file can still be fragmented when it’s initially allocated. So, if you’re going to do this, you should defrag the hard disk first.

But, how can you tell if the page file is fragmented? And if it is, what can you do about it?

Don’t be misled by Task Manager in Windows XP. The Performance tab claims to show the page file usage, but it does not. The screen shot above shows a page file usage of 655MB. The page file on that computer was 300MB at the time.

But, not allowing the page file to grow, is a questionable decision. If you make the page file too small, Windows may just stop - think of it like
car without gas. If you make the page file too large, you are wasting part of the hard disk.

Page Defrag is a great little program from Mark Russinovich, formerly of Sysinternals and now with
Microsoft. The program is free, portable and from a trustworthy source. While initially designed just for the page file, the current version also defrags the registry, the event logs and the hibernation file. In other words, all the system files that normally can’t be defragged.

In fact, the computer where this screen shot was taken, serves to illustrate how poor a rule of thumb can be. It was running Windows XP and had been used for three straight days without rebooting. It had 1.2 gigabytes of RAM. The initial page size was 300 megabytes and the maximum was 550MB. The page file never grows from the initial 300MB allocation. The rule of thumb would have allocated a page file of almost 2 gigabytes. But, of course, your mileage will vary.

That said, I would start by making the initial size the same as the amount of ram in the computer and the maximum size a bit larger. At the end of your computing day, check how big the file is (in Windows XP, the file name is pagefile.sys and, by default, it is in the root directory of the C disk). If it hasn’t grown, you’re fine. If it consistently grows, then make the initial size larger.

Note that according to the documentation,
Windows Vista is not supported by Page Defrag.

If, after a few days of checking, the page file has not once grown in size, then, for extra credit, you can lower the initial size, assuming you are willing to check it for growth all over again. Changing the initial size requires a reboot.

An article from earlier today at Download.com about defragging the Windows paging file (Quick Fix: Put your paging file to work) needs some tweaking.

Page Defrag

See a summary of all my Defensive Computing postings.

The fact is, there is no way to know how large to make the page file. It is a function of the amount of ram available to Windows and the software being used. No single rule can ever be right for everyone. Thus, the page file is designed to grow, should the need arise.

When you run the program it reports the number of fragments for each of these files. In the best case scenario, shown above, they are all one. To defrag these system files, simply turn on the radio button for “Defragment at next boot”. Since these files are always in use by Windows, they can only be defragged before Windows is fully up and running.

AmazonWireless currently offers more than 120 phones, including a large selection of high-end smartphones, as well as the latest budget models. Customers can use their existing Amazon accounts to upgrade their phones or shop by carrier, phone feature, price, color, and brand. You’ll also find other familiar Amazon features, such as bestseller lists, product descriptions, and customer reviews.

During this beta-testing phase, Amazon plans to expand the selection of phones and services as well as add carriers. It will also be testing features and gathering input from customers.

According to Paul Ryder, Amazon’s vice president of consumer electronics, AmazonWireless is designed for both existing cell phone customers who want to upgrade and those who want start a cell phone service.

Amazon announced Thursday its beta launch of AmazonWireless, a new Web site that offers cell phones and service plans from, for now, AT&T and Verizon Wireless. The online store features Amazon-style shopping, without the rebate hassles that cell phone carriers are notorious for, and free two-day shipping on a large selection of phones.

(Credit:
Dong Ngo/CNET)

It’s important to note that not every phone offered by the carriers is listed. For example, I checked for the
iPhone 3GS just now and it wasn’t even mentioned.

If you want to quickly buy a phone, or just check out what AT&T and Verizon Wireless have to offer, it just got a little more convenient.

Philips SA054 with classical time to market a product not less, in the user group achieved good reputation in the market quotations for the 4GB/479 yuan, slightly lower price. Following the SA053 Philips SA054 has a very popular after the video MP3 player, Philips SA054 with a 2.8-inch screen, top of the screen covered with acrylic material protection panel and the back is brushed metal back design, feel good, the color black appears more compact machine, drew much people love fashion.

Philips SA054 continue to use the SA53 classic designs and color, great taste of the black body silver inlay border,, IML coating light panel. The drawing processing of the black back, both non-slip, and better feel. Philips SA054 carrying high-precision 2.8-inch screen, brightness, contrast and color saturation performance is superb, can enjoy the comfort in the move a clear viewing experience. Aspects of mainstream music, SA054 full support for Philips patent FullSound Acoustic audio, MP3 music can fix the maximum compression in the digital conversion process in detail is lost, restore the CD-like quality music. In addition, added to the APE, FLAC lossless compression format, double the support to bring users exceptional high-quality music experience. Video playback, it can be directly decode 720×480 resolution level rmvb and avi video live, most of the online video do not undergo transformation, directly on it for playback. In addition SA054 also has FM FM, recording, picture browsing, lyrics synchronization, e-book reading and other functions to support the music album art display, photo album can be automatically set to the song playing the background, while supporting image navigation feature that can reduce Preview thumbnail form, retrieve photos, very human. Philips SA054 video playback time up to 4 hours, music playback over 20 hours.

Product Comments: The Philips SA054 compact stylish appearance and function is also more comprehensive, but also a very good sound quality, the current version of the 479 yuan price of 4G pretty good, like a friend can contact the following businesses.

For wholesale mp4 player and MP3 player about tamom.com and registration for a wholesale buyer account, visit http://www.tamom.com/MP4-players/