As if we needed another reason to be cautious about how much information we post on social networking sites like Facebook, a recent lawsuit over data mining reminds us once again that nothing is entirely private. Facebook filed a lawsuit earlier this year against a number of anonymous individuals responsible for hitting Facebook's servers hundreds of thousands of times in an effort to scrape information on users of the site. It has since discovered the identities of a handful of those people this month, some of whom are associated with a Canadian company that pays for affiliate referrals to porn sites.
The complaint, originally filed in June in the US District Court for the Northern District of California, says that a certain IP address attempted to access Facebook's system to harvest information between June 1 and 15 of this year. The attempts were unauthorized, says Facebook, and generated error messages. This did not stop the defendants from trying some 200,000 times, though, which caused Facebook to eventually block the IP.
More IP addresses quickly picked up where the old one had left off, however, and Facebook claims that the whole incident has cost the company over $5,000 in order to investigate the matter. By filing discovery requests with the associated ISPs, the company was able to identify a number of individuals associated with the IPs that were pillaging its servers. Brian Fabian, Josh Raskin, and Ming Wu were all fingered by the ISPs, in addition to Istra Holdings, a company responsible for SlickCash.com. Istra Holdings was listed as the owner of one of the IPs in question, and Fabian was listed as the "Manager" contact for that company.
Facebook charges that the defendants—several of whom are still anonymous John Does—violated the Computer Fraud and Abuse Act by recklessly attempting to access Facebook hundreds of thousands of times. They also allegedly violated the California Comprehensive Computer Data Access and Fraud Act and breached the Terms of Service set forth by the service that the defendants agreed to upon signing up. "The Defendants' breach of the Terms of Service have caused and continue to cause Facebook to expend resources to investigate the attempted unauthorized access and abuse of its computer network and to prevent such access or abuse from occurring," reads the amended complaint.
Facebook never indicates whether or not any information was accessed—it sounds as if it wasn't—but Istra and its employees could have been using the site to harvest e-mail addresses for "marketing" purposes (or worse, collecting more detailed identity information for other malicious reasons). Whatever the reason, Facebook wants the court to put an end to it and has asked for injunctive relief, in addition to a trial and unspecified damages.
Ever since the launch of the National Do Not Call registry, the American dinner hour has been quieter. Well, mostly. There have been a few violators here, but overall, the level of telemarketing calls has gone down significantly in recent years thanks to the registry. Both the House and Senate have passed bills this month meant to improve upon it, ensuring that the majority of your spam stays off your phone line (and remains in your inbox).
The first of the bills, the Do-Not-Call Improvement Act of 2007 (S 2096), was recently passed by the Senate, and a nearly identical version (HR 3541) was passed by the House earlier this month. As the registry functions today, users must re-register their phone numbers every five years if they want to remain on the list, but the bills change that by eliminating the automatic removal of phone numbers after a certain period of time. Now, registrants will remain on the do-not-call list indefinitely until they request to be removed, or if the number becomes no longer valid, becomes disconnected, or gets reassigned. According to the bill, the FTC can check phone numbers periodically for this, and may remove them from the list if they no longer belong to the person who registered them.
"By enacting this legislation, the Senate has taken an important step toward making the Do-Not-Call list the Never-Call list," said Senator Ted Stevens (R-AK), cosponsor of the Senate version of the bill, in a statement. Thanks, Ted.
Not having to constantly re-register is a convenient change for us at home, but that's not all Congress has in store. The Senate also passed the Do-Not-Call Registry Fee Extension Act of 2007, which will allow the FTC to continue collecting fees required to operate the registry (money, always helpful in getting things done).
As it stands now, the FTC only has the authority to collect operational fees through the end of 2007. Instead, the bill will permanently extend the FTC's ability to collect the fees, which come from telemarketing companies that are required, by law, to keep up-to-date lists on phone numbers that they cannot call. Under the new legislation, the Congressional Budget Office estimates (PDF) that the FTC will collect some $107 million over the next five years, which is a couple million per year more than the FTC makes currently (roughly $19 million was collected in 2006, for example).
Those fees are apparently being put to work in going after violators, too. Last month, the FTC slapped several companies, ranging from Craftmatic to DT, with $7.7 million in penalties for not following the requirements of the registry. The settlement with Craftmatic and its subsidiaries was the second-largest in history for Do-Not-Call violations—the largest was a settlement with DirectTV in 2005 for $5.3 million.
So here's to many more years of call-free dinners! Now, if only someone could invent a Do-Not-Call registry for annoying family members.
The results are now in from a thorough, $1.9 million test of the voting machines that Ohio has used in elections over the past few years, and they paint about as awful a picture of the state's electoral apparatus as one would expect given the stead stream of grim news out of counties like Cuyahoga. The two private-sector and three academic research teams that carried out the Evaluation & Validation of Election-Related Equipment, Standards & Testing (EVEREST) study of Ohio's e=voting systems did not mince words in the 86-page Executive report that they released this past Friday (or, if words were minced, then one can imagine that the unminced version wasn't family-friendly): "The findings of the various scientists engaged by Project EVEREST are disturbing. These findings do not lend themselves to sustained or increased confidence in Ohio's voting systems."
Ohio Secretary of State Jennifer Brunner, a woman whose recent and spectacular bungling of a Cuyahoga County recount gives ample reason to doubt her commitment to fair and accurate elections, didn't even bother trying to sugarcoat this report.
"To put it in every-day terms, the tools needed to compromise an accurate vote count could be as simple as tampering with the paper audit trail connector or using a magnet and a personal digital assistant," Brunner said in a statement. Note that Brunner here is describing machines that have been in use in Ohio since before the 2004 presidential election. This isn't some glimpse of how bad things might be in November 2008. It's a look at how bad they've been all along.
Brunner went on to make the following unintentionally funny remark, which was presumably intended to inject a note of confidence into the release of a report that could almost have been titled, Barn Door Left Open; Whereabouts of Horse In Doubt: "It's a testament to our state's boards of elections officials that elections on the new HAVA mandated voting systems have gone as smoothly as they have in light of these findings."
E-voting in Ohio has gone "smoothly"? Really?!
Speaking of damage control attempts, however feeble, Premier released this press statement in response to Friday's report that contains plenty to chuckle at. I thought this gem was particularly priceless:
"It is important to note that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States."
Given the magnitude of the vulnerabilities that the report details in Premier's systems and the impossibility of conducting a meaningful audit with those systems, this is sort of like a blind and deaf person saying, "Despite my habit of cleaning my first-floor apartment in the nude with all of the street-facing windows open, I have no documented evidence that anyone has ever seen me naked."
Almost 1,000 pages of bad news
The voting systems investigated in the study came from ES&S, Hart Intercivic, and Premier Election Systems (formerly Diebold). The researchers evaluated individual components, whole systems, and elections procedures, and the list of detailed reports on each vendor's systems that they produced described technical and procedural problems with almost every aspect of each system. Like so many of their kind that litter my hard drive after years of e-voting coverage, the EVEREST reports list of page after page of flaws, vulnerabilities, and bone-headed design decisions, many of which would boggle my mind were it not already completely boggled out on this topic by said prior coverage.
Ultimately, the voting systems got failing grades in the following main areas tested, according to the "Findings" section of the executive report:
Insufficient Security: The voting systems uniformly "failed to adequately address important threats against election data and processes," including a "failure to adequately defend an election from insiders, to prevent virally infected software… and to ensure cast votes are appropriately protected and accurately counted." Security Technology: The voting systems allow the "pervasive mis-application of security technology," including failure to follow "standard and well-known practices for the use of cryptography, key and password management, and security hardware." Auditing: The voting systems exhibit "a visible lack of trustworthy auditing capability," resulting in difficulty discovering when a security attack occurs or how to isolate or recover from an attack when detected. Software Maintenance: The voting systems' software maintenance practices are "deeply flawed," leading to "fragile software in which exploitable crashes, lockups, and failures are common in normal use."
The EVEREST executive report's conclusions summarize the findings as follows:
Unfortunately, the findings in this study indicate that the computer-based voting systems in use in Ohio do not meet computer industry security standards and are susceptible to breaches of security that may jeopardize the integrity of the voting process. Such safeguards were neither required by federal regulatory authorities, nor voluntarily applied to their systems by voting machine companies, as these products were certified for use in federal and state elections.
In lieu of my typical bullet list of outrageous report highlights—obvious admin passwords, a complete lack of encryption on critical files, a reliance on easily manipulated "security tape" to prevent tampering, the ease with which anyone can boot some of the machines into admin mode, and other typical problems that were there in spades in this report—I'll just highlight one critical flaw in an optical scan machine of the type that everyone wants to replace the touchscreens with.
The EVEREST researchers described a vulnerability in the ES&S M100 optical scanner in which simply flipping the write-protect switch on the device's CF card to "on" would result in a precinct-wide undercount that's extremely hard to detect.
If this switch is activated after the polls are opened and reset before the polls are closed…the internal counts of the m100, and the paper tape reports will be correct and the system will function normally, but the counts of the votes scanned will not be added to the electronic media delivered to the central Board of Elections… To add to the level of difficulty in detection of the exploit, while the physical ballots are in the ballot box in the correct number and the paper tape shows the correct number, the memory card is delivered to the central Board of Elections where it is read and processed. The current processes in use in most polling places are a simple review of the paper tapes, which would be correct. As such, it is likely that unless close scrutiny or recounts of the precinct were performed that surgical use of this vulnerability would go undetected.
Note that this write-protect switch is apparently easy to flip accidentally.
Obviously, turning on the write-protect for the duration of a whole election would cause that machine's precinct to report "zero" votes cast, thereby tipping off election officials that something was wrong. But if a malicious precinct worker were to just reach down periodically and flip the switch on and off during the course of a day's polling, he or she could easily cause a serious undervote that would only be detected by a hand count of the optical scan ballots.
Of course, the problems with the optical scan machines didn't end there. In an section of one report document that brought back memories of hanging chads for me, the researcher team from a company called Systest reported that the M100 also had serious problems properly recognizing votes on ballots where the ovals were less than fully filled in. "It is possible that clearly indicated votes may not be recognized by the scanner," Systest stated in their report, "and if the election is not configured to warn of undervotes, those votes will be lost. It's also possible that overvotes may not be recognized as such and warned about if made with marks that the scanner does not recognize."
Nonetheless, optical scan to the rescue
In the wake of the report, Brunner is talking about scrapping all of the direct recording electronic machines (DREs, aka "touchscreens") in the state and moving to a system in which Ohio voters manually mark optical scan ballots that are then shipped off to a centralized location for scanning. In order to give this system enough time to work, Brunner is proposing that early voting begin a full fifteen days before the election date, with polling locations open from 7am to 7pm six days a week, and from noon to 7pm on Sundays.
The move to centralize the actual ballot scanning is intended to cut down on the number of points at which attackers could influence the polling using simple tricks like the CF card "write protect" manipulation described above. Unfortunately, it would also have the effect creating fewer points of failure for the entire voting system, so that you'd need fewer bad actors willing to do the CF card trick if you wanted to steal an election. Unless the security at the centralized polling location is extremely tight and the people who are doing the ballot scanning are 100 percent trustworthy, this portion Brunner's plan could make stealing an election even easier.
Even though the long-term plan is to replace all of the DREs in the state with optical scan machines, the report admits that this won't be possible in time for the March 2008 presidential primaries. There is some hope, however, that the new system (such as it is) will be in place for the 2008 presidential election.
A new study by the NPD Group doesn't paint a great picture for the current state of online productivity suites. If the numbers from a survey of 600 US residents are to be believed, most of us have never heard of, let alone tried, products such as Google Docs or Zoho. Considering various factors such as visibility and the industry's untested waters though, these numbers could be due for a significant shift in the coming years.
According to NPD Group numbers, 73 percent of the 600 Americans surveyed have never heard of online office suites, while another 20 percent have, but simply haven't tried any for one reason or another. The remaining six percent of respondents are split between those who have heard of the suites and either haven't used them again, use them infrequently, and use both online suites and desktop apps like Microsoft Office. Based on these numbers, some have already written a eulogy for Web 2.0 office suites, but that assessment might be a bit early.
There are various reasons for the perceived limited success of online office suites, starting with their lack of visibility. As they stand right now, online office suites have a hard time getting in front of users because they aren't offered as boxed software that can adorn retail shelves. Even Google's toolbar that sits above many of its services doesn't highlight the Docs product; users have to click the More button and find Docs among a sea of other Google offerings. To try and overcome this obstacle and snag more consumer attention, however, Zoho plans to mimic successful online offerings like Apple's .Mac package by getting actual retail boxes on store shelves in 2008. The box will be virtually empty, with not much more than some starter documentation that informs customers about the site, helping to get them started with using its various web apps.
Another contributing factor to the online office suite's limited success with consumers so far is the relative infancy of the industry itself. Google Docs, for example, began life as Writely from a startup called Upstartle only in 2005. In that time, the technology behind rich web apps has only improved. Still, online office suites haven't really been around long enough to penetrate the public consciousness, a difficult task in the face of the popularity of industry titan Microsoft Office. And web-based offerings arguably still need some time to mature before they're serious competitors for full-fledged office suites like Office, OpenOffice.org, and even iWork. Google Docs was only officially launched as a customizable product for businesses, education, and consumers in August 2006, with a presentation application added just this past September.
On a larger scale though, the consumers surveyed in the NPD Group's study are likely last on the list of targets for online office suites. Just like Microsoft Office, Google and Zoho are primarily after businesses, educational institutions, and other organizations with which each company has reported strong success so far. Google's list of Apps customers has been steadily growing, including major wins like Procter & Gamble, General Electric Corporation, and Prudential.
In this light, online office suites are enjoying success in their infancy with non-consumer markets so far. As usual, consumer adoption could increase as more users experience the suite in a business setting and have the desire to bring some of those capabilities home. As online office suites mature and gain visibility through efforts like Zoho's retail boxes, home users looking for more collaboration and less feature bloat could soon begin finding the right balance with online office suites, just as they have for years with webmail and picture sharing services.
Ever since Sony released its 1.60 firmware update for the PlayStation 3 that included a [email protected] client, the machine has simply dominated the charts in the distributed computing community. Our own Jon Stokes explained why, and now Sony has released a number of nice updates to their client.
First, for those of us who want tohelp the effortbut don't like the idea of leavingmachines on all night, there is now a timer that allows you to tell the PlayStation 3 to run for a set amount of time and then shut down. The instructions are simple.
Go to Settings menu, select Automatic Shutdown and then After Current. You will see a little clock appearing on the top right hand corner of the screen. When this clock reaches zero, the machine will power off completely so you can sleep quietly through the night. In this option the machine will power off after sending the data back to Stanford University so your contribution to the project is maximized.You may also choose to shut down after a limited period of time (for example, 3 or 4 hours). To do that choose the Automatic Shutdown option and click on the “In 01h:00m” timer. You will now be able to change the timer settings. After rotating the timer to a new time, you should now see your selected timer appear at the top right corner of the screen. This timer will count all the way down to 0 and then power off the system. To disable active timer at any time, go to Settings, choose Automatic Shutdown and then Disable.
You can also now set up some background music to play as you gleefully fold your proteins. Equally easy.
To activate the music player select Music and then a channel. The channels are automatically populated with songs you have stored on your Hard Disk Drive! For holiday music I prefer to choose Dramatic (yeah!) and voila – music is playing.If you wish to skip to another track, just use a combination of X + left or right arrow. You can also change the channel by choosing X + up or down arrow. Happy listening!To stop music from playing, select Music again from the main menu and choose “disable.”Your music playback selection will be saved between consecutive runs of [email protected]
These new updates are great, and they make the PS3 [email protected] Client even easier to use. These efforts help scientists find ways to helpthosewithserious diseases including Parkinsons, Alzheimers, and some cancers. It's great that Sony is making it so easy to help out.
Also be sure, after getting the update, to contribute your cycles to Ars Technica's own Team EggRoll.
If you've been postponing yourholiday gift preparations, or if you just need a few extra gifts to stuff the stockings of friends and family, Ars is here to help. We've compiled a short list of great gifts (all under fifty bucks) that you can give without fear of disappointment.
If you're ordering online, move quick; Christmas arrival guarantees are set to expire in the next couple of days, if they haven't already. Should the deadline pass you by, there are always brick-and-mortar (gasp) stores, though these are likely to crowded with mobs of folks doing exactly the same thing you are.
eMusic gift subscription card Price: $30 for 3 months (90 tracks total)
Amazon.com gift card Price: Any (Shop.Ars)
Want to give a gift card to a music buff, but worried about the "DRM frown" when she realizes that many songs will still be encumbered? Consider a gift subscription from eMusic (for indie types) or an Amazon gift card (for more mainstream tastes). Both have a huge variety of music in MP3 format.
SanDisk 2GB Cruzer USB Flash Drive Price: $30 (Shop.Ars)
Flash drives: yes, they're everywhere, and yes, your friends and relations already have them, but who doesn't need a second one? For Vista users in particular, fast flash drives have taken on new utility now that Microsoft supports their use with its ReadyBoost caching feature. U3 functionality is an added bonus (but doesn't work in Vista).
The Lord of the Rings (DVD trilogy) Price: $20 (Shop.Ars)
Star Wars (DVD trilogy) Price: $35 (Shop.Ars)
If you've got some time over the holidays, what better way to spend it than by taking in quality geek filmmaking? Both Star Wars and Lord of the Rings are available in handsome box sets and make classic gifts for the discerning geek who doesn't yet own both.
Lego Star Wars: The Complete Saga Price: $45 (Shop.Ars)
Speaking of Star Wars, the recent release of Lego Star Wars: The Complete Saga is a perfect stocking stuffer that the whole family can enjoy. Available for the Wii, PS3, and Xbox 360, the game is an especially good choice for adults who want to play co-op with their kids. What the game lacks in difficulty it makes up for in flat-out fun and goofy humor, and when you can pick up the complete saga for under fifty bucks, even a prissy protocol droid could find little to complain about.
Although it may well be getting further Exchange support in the future, that one feature alone won't keep the iPhone from being labeled as unfit for the enterprise world. A number of arguments have been presented for and against the inclusion of the iPhone in corporate IT departments, some of which hold more water than others. Fortunately for IT departments (and unfortunately for corporate users of the iPhone), CIO has covered a recent Forrester Research study listing 10 reasons the iPhone shouldn't be supported.
Keep in mind that Forrester's report lists current shortcomings of the iPhone—even ones that -may be remedied in the future. For instance, the iPhone gets dinged for the lack of an official SDK for third-party applications, even though we know one is coming in a couple of months. The lack of extensive Exchange support is also mentioned, despite Apple job postings to the contrary. The report does make a few good points, however, by mentioning both the lack of data encryption and the lack of any ability to remotely disable iPhones if they are lost or stolen. Most of the remaining reasons listed are design flaws more than IT-specific issues, such as the non-replaceable battery, carrier locks, and the multi-touch keyboard.
The lack of any productivity data for the iPhone also gets some attention, and Forrester advises the most extensive iPhone corporate user (Apple) to release some case studies or supporting material to help convince other large companies. I think we'll eventually see evidence like this, which will cause a number of these downfalls to get crossed off the list. As with most devices, IT departments that are dead set against the iPhone will still be able to find reasons not to give it the time of day, no matter what Apple adds or changes.
We've covered Dell's less-than-stellar 2007 performance and the company's determined efforts to change it throughout 2007. Now, it seems that the Round Rock company's year-long efforts may finally be paying off. As Computerworld discusses, Dell's revisions to its direct model sales, and its parternships with multiple big box retailers are paying off, but are only the tip of the iceberg. During the company's third-quarter conference call two weeks ago, CEO Michael Dell announced the firm's new "Simplify IT" initiative aimed at cutting IT costs for various small and medium-size firms.
Actually competing in the IT management and service field will require an entirely different approach than Dell has traditionally taken with its direct sales model. At the moment, Dell is known for delivering standardized systems on standardized software. The company provides business-class hardware support and a certain amount of software training, but Dell has always focused more on selling boxes and less on selling an overall service. The company will have to build new types of relationships with its various business customers, and focus more on delivering the particular hardware and software its clients need, if it intends to compete in this new market space.
Dell may not have a current reptuation for building strong relationships with its clients or for attending closely to their needs, but that could begin to change in the coming year as the company pushes ahead with its "Simplify IT" plans. The company also continues to acquire businesses it hopes will provide it with a specialized portfolio to present to potential customers. Despite its market troubles this year, Dell is clearly thinking long-term with its acquisition of SAN vendor EqualLogic and two managed services companies—Everdream and Silverback.
Dell company may have cut its teeth in direct sales, but Michael Dell clearly isn't going to sit on his laurels even as changing market conditions leech away at Dell's once-impregnable stronghold. Whether or not this particular approach to the market will work for Dell or not remains to be seen, but I'd personally council IBM, Sun, and HP against resting easy.
A Boston man has filed a class-action lawsuit accusing hardware maker HP and office supply retailer Staples of colluding to inflate the price of printer ink cartridges in violation of federal antitrust law. According to the suit, HP allegedly paid Staples $100 million to refrain from selling inexpensive third-party ink cartridges, although the suit doesn't make it clear how plaintiff Ranjit Bedi arrived at that figure.
For most printer companies, ink is the bread and butter of their business. The price of ink for HP ink-jet printers can be as much as $8,000 per gallon, a figure that makes gas-pump price gouging look tame. HP is currently the dominant company in the printing market, and a considerable portion of the company's profits come from ink.
The printer makers have been waging an all-out war against third-party vendors that sell replacement cartridges at a fraction of the price. The tactics employed by the printer makers to maintain monopoly control over ink distribution for their printing products have become increasingly aggressive. In the past, we have seen HP, Epson, Lenovo and other companies attempt to use patents and even the Digital Millennium Copyright Act in their efforts to crush third-party ink distributors.
The companies have also turned to using the ink equivalent of DRM, the use of microchips embedded in ink cartridges that work with a corresponding technical mechanism in the printer that blocks the use of unauthorized third-party ink. Adding insult to injury, most printers are lying, filthy ink thieves, according to a recent study, misreporting that they are low on ink when they are not.
Bedi's suit asks for unspecified damages and an injunction barring the two companies from engaging in anticompetitive business practices.
Let's face it: we live in an age where it's relatively rare to run into someone who watches anything on TV at its scheduled time. Here at Ars, we have learned not to discuss things like baseball games or the votes in reality TV shows until after the last staffer has caught up. Even my parents record things on DVR or get a pay-per-view movie to watch every so often. Time-shifted viewing has definitely exploded over the last few years and will continue to do so through the next five years, according to a report by SNL Kagan.
The communications research firm said in its "Video-On-Demand: A Strategic and Economic Analysis" study that the revenue generated by video-on-demand (VOD), pay-per-view (PPV), and near-video-on-demand (NVOD) will cross the $6 billion mark within five years. It expects the average revenue per user—which includes offerings from cable, satellite, and telcos—to top $5 per month in 2010, and $6.56 per month over ten years.
"We're starting to see factors align that can enable operators to translate the rise in on-demand traffic into more significant sales," said SNL Kagan senior analyst Ian Olgeirson in a statement. Olgeirson is referring to the increase in demand for sponsorship revenue that VOD providers have seen recently—SNL Kagan notes that since 95 percent of all VOD content is currently free, advertising will play an increasingly important part in the future of VOD.
The company's predictions fall in line with previous data on the growth in demand for VOD-like services. In August, The Diffusion Group said that newer rental methods (such as Netflix, VOD, and PPV) were growing in popularity, especially among those who currently rent movies from a brick-and-mortar store. It noted that 27 percent of that group already made use of VOD or PPV services, and that number is only going up. In September, Pike & Fischer threw in its two cents, saying that one-third of TV watching would be VOD by 2012.
"Digital video is not only a competitive necessity for cable operators, but it also provides the foundation for future revenue growth," wrote SNL Kagan. It estimates that by 2011, the combined installed base of digital set-top boxes will be over 110 million.
Speaking of set-top boxes, ABI research noted this week that a "new breed" of set-top boxes have emerged recently—ones that depend upon the Internet to deliver video to the TV screen. Of those, the struggling Apple TV is apparently the most popular, going to show that Internet-based video is still having a hard time making its way into the hearts—and TV sets—of consumers. This, ABI says, has been due to high prices and a lack of content, but things are getting better. VOD services for the Xbox 360, PlayStation 3, Amazon Unbox, and perhaps even the iTunes Store (pretty please, Stevie Claus?) could continue to change the public's view of downloadable video—ABI believes that 1.2 million of these new set-top devices will sell in 2008.