Google Street View Car Gets in Fender-Bender or 3 in Indonesia

Today in international tech news: A Google Street View car reportedly plays bumper cars in Indonesia. Also: A 17-year-old uses Daddy's eBay account to buy a $33,000 server once used by Wikileaks; a Saudi prince vows to keep his Twitter shares after IPO; and China parades an online critic who says he has now seen the light.

A Google Street View car dinged a pair of public transport buses and a truck in Bogor, Indonesia.

The Google driver hit one bus and then tried to skedaddle when the driver got angry, police reported.

Alas, the getaway was thwarted when the Street View vehicle hit a second bus -- and then a truck, according to local media.

There are no reports of injuries.

Google confirmed the incident -- or at least that an incident took place, if not the ping-pong scene described by police -- and said it was working with local authorities to address the situation.

There were reports in January that a Street View car killed a donkey. Google denied such a mishap took place.

[Source: BBC]

A 17-year-old used his dad's eBay account to bid, successfully, on a server that once hosted Wikileaks.

The dad, as you can imagine, isn't pleased.

Bahnhof, a Swedish ISP that hosted Wikileaks for about eight months starting in 2010, put the server on eBay to raise money for a pair of charities (Reporters Without Borders and the 5th of July Foundation, a digital rights group).

The winning bid was $33,000, but the father in question reportedly contacted Bahnhof to nix the transaction. The "winner" of the server reportedly lives outside Lisbon, Portugal. He says his son is crazy about conspiracy theories, and that a stern talking-to was in the offing.

The kid originally bid $10,200, but followed that up with seven more bids as the price went north.

The server, whose real value is in the neighborhood of $4,000, had been sitting in the bar of a Bahnhof data center in Stockholm. Bahnhof has cleansed the server of information and sold it as a sort of souvenir.

Wikileaks, for its part, said it did not support the sale.

[Source: Wired]

Prince Alwaleed bin Talal, a billionaire from Saudi Arabia, plans to hang on to his shares of Twitter as the company prepares to go public.

Bin Talal, who is the owner of international investment firm Kingdom Holding and the nephew of Saudi Arabia's King Abdullah, invested $300 million in Twitter in 2011. Twitter is "a very strategic investment," the prince said, and has plenty of room to grow.

Twitter confirmed last week that it has filed for an initial public offering with U.S. regulators.

Although it is banned in some Arab nations, Twitter is available in Saudi Arabia -- and its Saudi user base has been growing rapidly.

[Source: 00000Reuters]

Charles Xue, a Chinese-American venture capitalist known for making controversial remarks online, appeared on Chinese state media Sunday to fess up to spreading irresponsible Internet posts.

Xue, who has 12 million followers on Twitter-ish Sina Weibo, dubbed himself irresponsible and said his musings were "a vent of negative mood." He added that "freedom of speech cannot override the law."

Xue was detained last month and accused of visiting prostitutes.

China recently stiffened penalties for those who meet Beijing's definition of rumormonger. The Supreme Court ruled that any "rumor" that was seen at least 5,000 times, or reposted at least 500 times, would subject the original poster to three years in jail.

[Source: The Guardian]

Gogo to Bring In-Flight Internet Up to Speed

One of the things that makes air travel bearable is being able to log onto the Internet, but the available services are costly, unpredictable and often slow -- way too slow to stream video. Gogo aims to change that with a ramp-up in service that will appeal not only to business travelers but also to passengers who might like to expand their entertainment possibilities while strapped in.

Gogo on Wednesday announced plans to roll out faster and more reliable in-flight Internet access to passengers, allowing them to stream digital entertainment while cruising miles above Earth.

The new Ground to Orbit service will use satellites for reception and Gogo's ground-based cellular network for the return link.

The end result will be a more robust and reliable network that will reach peak speeds of 60 Mbps, according to the company.

That's a 20-fold increase from the 3 Mbps Gogo managed upon its launch in 2008. The company has since upped its speed to 9.8 Mbps, but Gogo users are still unable to stream video and may experience slowdowns depending on how many passengers aboard an aircraft are logging on at the same time.

Virgin America will be the first airline to launch the new service, which is expected to debut during the second half of 2014.

Even just a decade ago, the thought of being able to email from above the clouds seemed like a distant dream, said industry analyst Jeff Kagan. Now that in-flight WiFi capability has become commonplace, consumer demand for faster, more reliable and affordable service is rising.

"A Gogo-type service is needed today in our Internet-centric world," Kagan told TechNewsWorld.

Airlines are recognizing the growing demand. JetBlue recently announced FAA approval of its plan to offer satellite-based in-flight connectivity by the end of the year. It partnered with ViaSat to build out the service, which will allow users to stream entertainment faster than any other WiFi option currently in the air, according to JetBlue.

United Airlines offers WiFi service on some of its flights and plans to add it to more.

That's all the more reason that Gogo needs to improve its service, said Kagan.

"Speeds are slower than we are used to," he noted. "Consistency of service is another problem. Costs have risen and are now roughly (US)$15 to $20 per day. This is still acceptable if you can use this single connection on all your devices -- however, they do not always let you do that. Paying for multiple connections is too expensive for what you get."

Faster and more reliable connections could grow Gogo's user base, said Joel Espelien, senior analyst at TDG Research.

Gogo and other in-flight wireless services largely target business travelers who need to get some work done on the plane, he noted. With more wireless capabilities, though, consumers might latch onto the entertainment possibilities.

The desire for in-flight video currently is satisfied primarily by people side-loading it onto their personal devices at home before heading to the airport, Espelien told TechNewsWorld, "but a blazing fast Internet connection might entice some Netflix customers to start using their subscriptions en route."

Providing that blazing fast connection is just one of many steps that Gogo needs to take if it wants to stay ahead in an increasingly competitive market, said Kagan. "This is still a new service with lots of room for improvement."

Web App Firewalls Blunt Attacks

Web Application Firewalls can be an effective defense against hack attacks on popular programs. "If a firewall administrator puts the time in to locking down and precisely protecting the app it's in front of, it can be very secure," said Barracuda Networks' Daniel Peck. "It's a good fail-safe midway, but eventually, if someone beats on it hard enough, they're likely to find some way around it."

Web applications have become attractive targets for hackers because they allow bad actors to maximize the reach of their mischief with a minimum of effort.

That's what originally attracted the Internet underworld to programs like Windows and Adobe Acrobat, and it's what continues to attract them to Java. A vulnerability in one of those programs can be exploited in millions of machines because those programs are so popular.

In the same way, flaws in popular Web platforms can be used to infect millions of websites with malware or malicious links. It's a problem common not only to content systems -- WordPress and Joomla, for example -- but also to programming languages like Java and PHP.

"They have vulnerabilities that need to be fixed, and they're out there everywhere so they're easy to target," NSS Labs Research Director Chris Morales told TechNewsWorld.

One way to blunt attacks leveraging flaws in Web apps is with a Web Application Firewall. Typically deployed as a net appliance, WAFs are a relatively new technology.

"They're geared toward Web apps and not network-based attacks," Mat Gangwer, an information security analyst with Rook Consulting, told TechNewsWorld. "A WAF gives you more functionality and control over the requests going to and from them."

As in any firewall, effectiveness can vary from one product to another.

"Generally, though, every WAF is going to have functionality to detect attacks on widespread Web applications," Daniel Peck, a research scientist with Barracuda Networks, told TechNewsWorld.

"If a firewall administrator puts the time in to locking down and precisely protecting the app it's in front of, it can be very secure," he continued.

WAFs are best used to stop an attack and alert a developer to a problem so it can be fixed.

"It's a good fail-safe midway," Peck said, "but eventually, if someone beats on it hard enough, they're likely to find some way around it, unless the WAF is incredibly well-tuned."

If you live in Florida, Texas or California, chances are you're receiving more mobile spam than if you live in most other states, according to an analysis released by Cloudmark last week.

Of the top 25 area codes that are mobile spam magnets, four are in the Sunshine State (954, 786, 305 and 904), four in Texas (214, 210, 512 and 817) and six in California (310, 415, 408, 510, 714 and 818).

The Florida spam is concentrated in the southern part of the state, Cloudmark's Tom Landesman noted in a company blog, and primarily comes from outfits looking for junk cars.

"The messages have been flooding mobile phones for over a year now," Landesman wrote. "The senders, looking to tow off junk vehicles, are relatively locked in to their immediate area. After a certain distance, potential leads are no longer economically viable due to the cost of towing."

Banking scams appear to be a favorite of SMS spammers. Every phishing message sent to area code 210 (Greater San Antonio), for example, claimed to be from Generations Federal Credit Union, which is based in that Texas city.

North Carolina was a hotbed for another SMS banking scam, Cloudmark noted. Those junk messages pretended to be from smiONE, a provider of prepaid payment cards.

However, the state's most densely populated city, Charlotte -- ironically a center for banking activity on the East Coast -- was spared from the smiONE campaigns. All of it was directed at less densely populated area codes 828, 910 and 919.

Why concentrate on those area codes? Apparently the phishers were looking to take food out of the mouths of babes. In North Carolina, you see, smiONE makes a prepaid debit card that's used for child support payments.

Sept. 7. ICS Collection Services, based in Chicago, in compliance with federal and state law, discloses that information on 1,344 patient claims were viewed by an unauthorized party due to glitch at the debt collector's website.Sept. 9. University of South Florida reveals it is investigating a custodial employee connected with a data breach that compromised personal data of 140 patients at Tampa General Hospital being treated by USF physicians.Sept. 10. Kaiser Permanente begins notifying patients that data containing personal information belonging to them was accidentally emailed to a person outside the company. The recipient of the data did not view it, Kaiser said, and the information has been deleted from the recipient's system.Sept. 11. Symantec and Ponemon Institute report that the average cost of data breaches to business has declined over the last year. The average cost to a company was US$188 per customer, compared to $194 last year. Average total cost to a business declined to $5.4 million from $5.5 million last year. The researchers also saw a drop of 13 percent in the number of consumers who said they'd bolt from a company that notified them their personal data had been compromised.Sept. 11. Natural Provisions, a natural foods store in Williston, Vt., cuts deal with state attorney general to spend $15,000 to upgrade its computer system in response to complaints that it failed to promptly notify customers of a data breach last year.Sept. 12. Vodaphone Germany reveals that personal information for more than 2 million mobile customers was stolen from its systems. Information stolen included customer names, addresses, bank account numbers and birth dates.Sept. 12. David Patton, executive director of the Utah Department of Health, tells state legislative committee that no cases of identity theft have been linked to a data breach at his agency last year that compromised personal information on some 780,000 people serviced by the department.Sept. 16-18. eCrime 2013. Argonaut Hotel, 495 Jefferson Street, San Francisco. Sponsored by Anti-Phishing Work Group. Registration: $475.Sept. 17. Cyber Security Think Tank. 10 a.m-3 p.m. ET. Live panel discussion sponsored Dell SecureWorks. Free.Sept. 17. The Size and Shape of Online Piracy. 9 a.m.-10:30 a.m. Room 485, Russell Senate Office Building, Constitution Ave. NE and 1st Street NE, Washington, D.C. Sponsored by The Information Technology & Innovation Foundation. Free with registration.Sept. 18-20. Gartner Security & Risk Management Summit 2013. London. Registration: 2,325 euros + VAT; government, 1,800 euros + VAT.Sept. 19. Better Security Without the Risk. 1 p.m. ET. Webinar sponsored by WatchGuard. Free with registration.Sept. 24-27. ASIS International 59th Annual Conference. McCormick Place, Chicago. Registration: Before Aug. 21, $895 member, $1,150 non-member. After Aug. 20, $995 member, $1,295 non-member.Sept. 25. Cyber Sticks and Carrots: How the NIST Cybersecurity Framework, Incentives, and the SAFETY Act Affect You. 12 noon-2 p.m. ET. Offices of Venable, 575 7th Street, NW Washington, D.C. Presentation with former Deputy Secretary of Homeland Security Jane Holl Lute. Free with registration.Sept. 25. Cyber Security Summit 2013. Hilton, New York City. Admission: $199; government, $99.Sept. 30-Oct. 4. INTEROP 2013. Javits Center, New York City. Registration: all access pass, US$3,099 (Mon.-Fri.); conference pass, $2,199 (Wed.-Fri.); Mac & iOS IT, $1,899 (Mon.-Tue.)Oct. 1-3. McAfee Focus 13 Security Conference. The Venetian/The Palazzo Resort-Hotel-Casino, 3325-3355 Las Vegas Blvd., South Las Vegas. Registration: Early Bird to July 31, $875/$775 government; Standard to Oct. 3, $995/$875 government.Oct. 2.Visa Global Security Summit -- Responsible Innovation: Building Trust in a Connected World. Ronald Reagan Building and International Trade Center, Washington, D.C. Free with registration.Oct. 5. Suits and Spooks. SOHO House, New York City. Registration: Early Bird, $395 (July 5-Aug. 31); $625 (Sept. 1 and after).Oct. 8-9. Cyber Maryland 2013. Baltimore Convention Center., Baltimore, Md. Registration: $495; government, free; academic faculty, $295; student, $55.Oct. 9. Induction Ceremonies at Cyber Security Hall of Fame for James Bidzos, David Bell, Eugene Spafford, James Anderson and Willis H. Ware. 6 p.m.-10 p.m. Hilton Baltimore, 401 W. Pratt Street, Baltimore. Dinner Admission (Black Tie Optional): $250.Oct. 17-18. 2013 Cryptologic History Symposium. Johns Hopkins Applied Physics Laboratory's Kossiakoff Conference Center, Laurel, Md. Registration information to be announced.Oct. 29-31. RSA Conference Europe. Amsterdam RAI. Registration: Early Bird to July 26, 895 euros + VAT delegate/495 euros + VAT one day pass; Discount from July 27 -Sept. 27, 995 euros + VAT delegate/595 euros + VAT one day pass; Standard from Sept. 27-Oct.27, 1,095 euros + VAT delegate/695 euros + VAT one day pass; On site from Oct. 28-31, 1,295 euros + VAT.Nov. 6. FedCyber.com Government-Industry Security Summit. Crystal Gateway Marriott, 1700 Jefferson Davis Highway, Arlington, Va. Registration: government, free; academic, $100; industry, $599.Nov. 18-20. Gartner Identity & Access Management Summit. JW Marriott at L.A. Live, 900 West Olympic Boulevard, Los Angeles, Calif. Registration: Early Bird to Sept. 27, $2,075; Standard, $2,375; Public Sector, $1,975.Dec. 4-5. MENA Business Infrastructure Protection 2013 Summit (Risk Management and Security Intelligence for companies in the Middle East and North Africa). Dubai.Dec. 9-13. Annual Computer Security Applications Conference (ACSAC). Hyatt French Quarter, New Orleans.

Goodbye, Encryption; Hello, FOSS

"For years Linux has had a false sense of security, mainly because of the 'many eyes make bugs shallow' myth," Slashdot blogger hairyfeet suggested. "Seriously, show of hands: How many have done a code audit of LibreOffice? Firefox? Chromium? The networking stack? Heck, how many here have done an extensive code audit on those bazillion little programs like screensavers and widgets and weather apps?"

Few would deny that the world has changed since the National Security Agency's PRISM surveillance program was revealed, and not for the better.

Here in the Linux blogosphere, FOSS fans have been mulling the implications ever since the unsettling news broke back in June, but just recently things have taken on an even darker cast.

Turns out not even encryption techniques can hold the NSA at bay, at least in general, leaving users of without much to defend them.

Now, vulnerability is -- or should be -- a familiar feeling to users of Windows, in particular. For those of us in Linux land, however, it comes as something of a shock. No wonder Slashdot blogger deepdive recently sought some clarification.

'Can One Still Sleep Soundly'?

"I have a basic question: What is the privacy/security health of the Linux kernel (and indeed other FOSS OSes) given all the recent stories about the NSA going in and deliberately subverting various parts of the privacy/security sub-systems?" deepdive wrote.

"Basically, can one still sleep soundly thinking that the most recent latest/greatest Ubuntu/OpenSUSE/what-have-you distro she/he downloaded is still pretty safe?" deepdive added.

Translation: Are we still relatively safe on Linux, or has the NSA blown that advantage away? Does Linux still stand tall on security?

Linux bloggers have had no shortage of opinions to share.

"That begs the question, did Linux ever stand tall on security?" offered Hyperlogos blogger Martin Espinoza, for example. "I'd argue that only OpenBSD really makes it the leading priority, but I'll still take Linux over anything closed source any day, and Linux definitely has the benefit of many eyes."

Indeed, the NSA has not cracked good crypto; what it has done is inserted backdoors and such in closed software," Google+ blogger Kevin O'Brien pointed out. "The key word here is 'closed.' That makes Linux even more important since anyone can view the code.

"I think that more people will be moving to Linux once this becomes clear," O'Brien added.

To wit: "I am sure the code makers are doing their best to revise the code and improve it -- I can't say anything like this for any other OS," agreed Google+ blogger Gonzalo Velasco C.

"You have to give them credit: The NSA has put a lot of work into spying on us night and day," began Linux Rants blogger Mike Stone. "If you want to be completely sure you're not being spied on, sell everything you own and move into a shack in the woods with a heavy canopy, because they're monitoring you if you don't. If you're not willing to go to that extreme, then you may have to just settle for reducing their field of view."

Using a secure VPN and TOR will help, "but only if you're not using an operating system that's spying on you before your traffic even leaves your router," Stone suggested. "It's 'known' that Microsoft has worked with government agencies to circumvent their own encryption, so if you're using a Microsoft operating system, you have no expectation of privacy. Microsoft will sell you out at the drop of a hat."

As for Apple, "the NSA has mocked Apple customers and even referred to Steve Jobs as 'Big Brother,'" he pointed out. "Even if both companies deny it to the ends of the Earth, how can you know for certain? The fact is, you can't. That's why open source is your best option."

It's "infinitely more difficult to hide your spy code when the code is open for everybody to read," Stone said.

"You still have to be diligent about what you use," he concluded. "If you want to be as sure as you can, I'd suggest the LFS Project, but many other Linux distributions can get you close. You may want to avoid the ones based in the United States, though."

Chris Travers, a blogger who works on the LedgerSMB project, took a similar view.

"On one hand, for now, I think we are doomed to a lack of privacy in things like email," Travers told Linux Girl. "There is too much information that is necessarily disclosed when emails are sent; same with social networking sites and the rest."

In the NSA era, however, "open source and auditable systems are more important than ever," Travers opined. "If we are to regain some semblance of privacy, we will not only need protocols designed to thwart these efforts, but we will need systems we can audit to ensure they haven't been heavily compromised.

"This means that open source operating systems like Linux, BSD and so forth will be necessary for any environment that users wish to trust," he concluded.

The NSA has contributed a lot to the Linux kernel, such as through SELinux, Google+ blogger Alessandro Ebersol pointed out, "so, yes, I'm afraid they have put a hole in our beloved OS.

"Sure, when the community can watch and examine the code, it is always better, and even a needle can be spotted," Ebersol added.

Windows, on the other hand, "phones home every week and spits its guts out to that company (and NSA)," he said.

"Oh well, we'll have to be extra careful now and watch the logs closely," Ebersol concluded.

"I really think people are overreacting, or rather reacting in the wrong way," consultant and Slashdot blogger Gerhard Mack opined. "Everything we know tells us that the NSA works around encryption by demanding the information directly from service providers or finding a way to get their hands on the encryption key.

"The only person really saying otherwise is John Gilmore, but most of his arguments are that the IPSEC standard is terrible (nothing new), but there is no actual proof the NSA was behind it behind a bad standard or that they even needed to sabotage it in the first place," Mack told Linux Girl. "His whining about NULL encryption was misplaced, since SSL has it too and any halfway-competent admin will disable weak ciphers."

Meanwhile, "if the NSA did backdoor Linux, an expert from a nonaligned country would notice and take action," he said. "It's highly unlikely that a given conspiracy would include Russian and Chinese programmers as well."

Bottom line? "If you are really worried about the NSA, the solution isn't to avoid Linux, it's to avoid hosting or using services based in the U.S. or the UK."

In fact, "Linux remains as secure as it ever was, which is to say that the security of any operating platform ultimately rests in the hands of the end user and his or her habits," Google+ blogger Brett Legree pointed out. "Similarly, your privacy is dictated by your own habits and the habits of those with whom you share any and all information, be it verbally, in print, or by any digital means."

The weakest link, in other words, "remains the human element," he suggested.

"So, while Linux may continue to offer advantages for some people to assist with security and privacy, it is not a panacea," Legree concluded.

"The weakest link is always the USER, not the OS!" Slashdot blogger hairyfeet told Linux Girl.

"For years Linux has had a false sense of security, mainly because of the 'many eyes make bugs shallow' myth, which a little common sense will invalidate easily," hairyfeet suggested.

"Seriously, show of hands: How many have done a code audit of LibreOffice? Firefox? Chromium? The networking stack?" he asked. "Heck, how many here have done an extensive code audit on those bazillion little programs like screensavers and widgets and weather apps that always end up being packed into most desktop distros?

"I bet if we looked at all the distros and found what the 100 most common programs are and then look at how many of them have their source downloaded, not audited, just downloaded, with every release you MIGHT have 10 out of 100 -- MAYBE," hairyfeet predicted.

Meanwhile, "how do you think the NSA would get backdoors in?" he added. "What volunteer project is gonna turn down a great coder with years of exp that is willing to work for free and writes great code?"

At the end of the day, "it would be no harder for the NSA to stick a backdoor in Linux than it would be for any other OS, as having source doesn't magically make the bad guys go away nor does it qualify Joe average programmer to do a security audit of the entire Linux OS, which just FYI, thanks to the insane release schedules, I seriously doubt you'd even get halfway through a single code audit before what you were auditing had been replaced by 3 new versions!" hairyfeet concluded.

Last but not least, "the NSA problem is bigger than */Linux," Robert Pogson suggested.

"The NSA probably has ways to tap into communications on the Web right in the chips of our Ethernet and Wifi ports, routers and almost any Web or cloud services," Pogson explained. "There isn't much */Linux or FLOSS can do about such corruption of the infrastructure of the Web except to pull the plug or set up a FLOSS Web vertically integrated from ARMed chips and RAM to a private network for the non-USAian world.

"I don't see that as feasible, but it just might be possible for the world to shun the USA and keep it off the Internet until human rights are respected globally by the USA," he added. "We aren't anywhere close to that, but already I and many others are doing our best to use as little of the Web controlled by USA as possible."

In short, "if enough of us shun U.S. businesses to affect the GDP," Pogson concluded, "the government of the USA may get a message from its lobbyists from big business."

Oh Quark: Intel Just Changed the Technology Market

Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 2, position 1735. Look around the room. Compared to the number of phones and PCs you have, how many light switches, light fixtures, chairs, tables windows, thermostats, doors with locks, and floors do you have? Each is a possible home for a Quark-enabled sensor, and each could be made smarter as a result. The future that Quark will enable will be very, very different.

This year, Intel held its IDF during the same week as Apple's iPhone launch, and it's not the first time these events have coincided. However, I could count the number of times Intel has had something more interesting to present than Apple on one hand -- and have five fingers left over.

That was true until last week, when Intel surprised the market with an obscure technology codenamed "Quark," which promises to change dramatically the world we live in.

Apple, in contrast, launched a slightly revised iPhone, which will now come in the color "gold," along with a minor iOS change -- and it apparently discovered colors in a cheaper offering. Mostly, Apple's big announcement was biometric fingerprint readers on its high-end iPhone, a technology PCs have had for more than a decade. For once, the Intel keynote was more interesting than Apple's.

However you need to know where Quark is going to fully understand how revolutionary it can be. I'll go into that and close with my product of the week: Dell's amazing new Venue tablet.

If I were to sum up the biggest problem with the computer industry since its inception, it is that smart devices have actually been pretty stupid. From the beginning, computers knew very little about the world they lived in and we had to adapt to them. In short, while the perception was that they were created to be our servants, the reality is we serve them -- and they don't even know that much about us.

Quark, a very small-scale embedded technology, is supposed to address the second part of that -- enabling the computerized world to better adapt to our needs automatically. It anticipates a future when most everything we touch will be computerized, sensor equipped, and able to determine automatically what it is we need to be more comfortable.

This is potentially a massive market, because it includes pretty much everything we touch that isn't currently computerized and instrumented. It also includes many of the dumb devices -- like security cameras and thermostats -- that we think are intelligent and computerized, but really are not either.

Look around the room. Compared to the number of phones and PCs you have, how many light switches, light fixtures, chairs, tables windows, thermostats, doors with locks, and floors do you have? Each is a possible home for a Quark-enabled sensor, and each could be made smarter as a result.

So this is the future that Quark will enable, and you'll see it is very, very different. Think of beds that can monitor your comfort level and heat or cool, harden or soften, and even pulse (the return of magic fingers!) in order to ensure a good night's sleep.

Imagine security systems that can not only identify you with a high degree of accuracy but also alert a medical service if it looks like you may experience a heart attack in the near future or if your child has fallen in the pool, or if anyone in your family has fallen and can't get up.

You could have lights that not only turn on when you are near but also apply ideal levels of illumination based on whether you're reading or watching TV, for example. Wearable devices will not only help you exercise by alerting you when your heart is in its target range, but also let you know if you're getting angry or impaired to assist you in avoiding road rage -- or rage in general -- or a DUI conviction.

Windows could automatically shade themselves when you're dressing or otherwise have a need for privacy and become transparent if there is something going on outside you actually want or need to see. Heating and cooling systems could adjust to accommodate the persons in the room and even target the furniture they're sitting on.

Think of entertainment systems that could adjust their sound levels and speaker coverage based not only on what you're watching or listening to, but also on specific preferences, automatically directing its efforts to please multiple listeners.

Imagine drones that auto launch when a noise is heard inside the house and report back what they have found -- auto locking the intervening doors and alerting the authorities if necessary. Imagine drones that could auto launch and guide you out of a burning house, or alert you that your small child was attempting to escape the crib or otherwise about to do something dangerous. Imagine cribs that could alter themselves to keep your child entertained and less able to climb out.

In this world, you could just say what you want, and a screen or a device near you would automatically respond and fulfill that want.

This is the instrumented, vastly smarter world that Intel will try to create with Quark -- and it makes PCs and smartphones seem so last century by comparison.

This amazing effort, or at least the focus of it, is largely the result of one of the most influential people in the world: Intel Fellow Genevieve Bell. Bell's team aims to drive Intel and the technology industry toward creating solutions like those I've described above, in the process transforming the world from one in which the humans are slaves to one in which we are the masters.

Bell is known as Intel's secret weapon, and she is its most visible human competitive advantage. Through the efforts of Bell and her team, our future will be amazing and our technology far more focused on making us happy. This is so much more powerful than a new OS, gold phone or cheap, colorful phones -- which is why I think Intel massively eclipsed Apple this year. Quark is a world changer.

Back when Windows 8 launched, you had an ugly choice of tablets. You could get a light, inexpensive, thin one with great battery life that didn't run much in the way of software but came with Office -- with the exception of the most critical app, Outlook -- or you could get a much more capable tablet that cost twice as much, had less than half the battery life and was nearly twice as heavy. Steve Jobs' ghost must have been smiling as folks bought more iPads.

Well Intel's Bay Trail processor just fixed the last part, and coupled with Windows 8.1, it promises to provide a thin, light and inexpensive tablet. I'm thinking Jobs' ghost isn't smiling anymore.

The most interesting of the products showcased on the main stage at IDF was Dell's 8-inch Venue tablet, because it pushed the limits on sexy.

This is the first Windows Tablet I might actually give up my beloved Kindle Fire for -- and over the years, I've actually started to do more email, shopping and movie viewing on my Fire and not on my phone or even my laptop.

Any product that can get me to consider an alternative to my beloved Kindle is worth being named the product of the week. This class of system will define the success or failure of Windows 8.1. We'll get more details on the Venue next month, when Windows 8.1 launches and the tablet officially becomes available, but I'm making it product of the week early. Thanks to Dell and Intel's Bay Trail processor, it is just damned sexy.

Needle in a Haystack: Harnessing Big Data for Security

Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 8653. The process of validating suspicious hosts can be cost- and resource-prohibitive. To validate threats across the entire Internet would require an army of analysts. The good news is that there are thousands of potential analysts in the security community, including security-savvy customers. The bad news is that security vendors typically keep their threat intelligence to themselves.

The combination of the polymorphic nature of malware, failure of signature-based security tools, and massive amounts of data and traffic flowing in and out of enterprise networks is making threat management using traditional approaches virtually impossible.

Until now, security has been based largely on the opinions of researchers who investigate attacks through reverse engineering, homegrown tools and general hacking. In contrast, the Big Data movement makes it possible to analyze an enormous volume of widely varied data to prevent and contain zero-day attacks without details of the exploits themselves. The four-step process outlined below illustrates how Big Data techniques lead to next-generation security intelligence.

Malware is transmitted between hosts (e.g. server, desktop, laptop, tablet, phone) only after an Internet connection is established. Every Internet connection begins with the three Rs: Request, Route and Resolve. The contextual details of the three Rs reveal how malware, botnets and phishing sites relate at the Internet-layer, not simply the network- or endpoint-layer.

Before users can publish a tweet or update a status, their device must resolve the IP address currently linked to a particular domain name (e.g., www.facebook.com) within a Domain Name System record. With extremely few exceptions, every application, whether benign or malicious, performs this step.

Multiple networks then route this request over the Internet, but any two hosts never connect directly. Internet Service Providers connect the hosts and route data using the Border Gateway Protocol. Once the connection is established, content is transmitted.

If researchers can continuously store, process, and query data gathered from BGP routing tables, they can identify associations for nearly every Internet host and publicly routable network. If they can do the same for data gathered from DNS traffic, they can learn both current and historical Host IP Address/Host Name associations across nearly the entire Internet.

By combining these two Big Data sets, researchers can relate any host's name, address, or network to another host's name, address, or network. In other words, the data describes the current and historical topology of the entire Internet -- regardless of device, application, protocol, or port used to transmit content.

While storing contextual details on a massive volume of Internet connections in real-time is no easy task, processing this data in order to extract useful information about an ever-changing threat landscape might be nearly impossible. There is an art to querying these giant data sets in order to find the needles in the haystack.

First, start with known threats. It's possible to learn about these from multiple sources, such as security technology partners or security community members that publicly share discoveries on a blog or other media site.

Second, form a hypothesis. Analyze known threats to develop theories on how criminals will continue to exploit the Internet's infrastructure to get users or their infected devices to connect to malware, botnets and phishing sites. Observing patterns and statistical variances regarding the requests, routes and resolutions for malicious hosts is one of the keys to predicting the presence and behavior of malicious hosts in the future.

Spatial patterns can reveal malicious hosts, since they often share a publicly routable network (aka ASN) with other malicious websites -- for example, same geographic location, same domain name, same IP address, same name server host storing the DNS record or other objects. Infected devices connect with these hosts more often than clean devices do.

Temporal patterns can be used to identify malicious hosts by showing evidence of irregular connection request volume or new domains with sudden high spikes in volume immediately after domain registration. Statistical variances, such as a domain name with abnormal entropy (gibberish), can also reveal malicious hosts.

Third, process the data -- repeatedly. On the Internet, threats are always changing. Processing a constant flow of new data calls for a real-time adaptable machine-learning system. It needs classifiers that are based on a hypothesis. Alternatively, the data can be clustered based on general objects and elements, and training algorithms can collect a positive set of known malicious hosts as well as a negative set of known benign hosts.

Fourth, run educated queries to reveal patterns and test hypotheses. After processing, the data becomes actionable, but there may be too much information to effectively validate hypotheses. At this stage, visualization tools can help to organize the data and bring meaning to the surface.

For instance, a researcher may query one host attribute, such as its domain name, but receive multiple scored features outputted by each classifier. Each score or score combination can be categorized as malicious, suspicious or benign and then fed back into the machine-learning system to improve threat predictions.

When a host is categorized as "suspicious," there is a possibility of a false positive, which could result in employee downtime for customers of Internet security vendors. Therefore, continuous training and retraining of the machine-learning system is required to positively determine whether a host is malicious or benign.

The process of determining whether suspicious hosts are malicious or benign can be cost- and resource-prohibitive. To validate threats across the entire Internet would require an army of analysts. The good news is that there are thousands of potential analysts in the security community, including security-savvy customers. The bad news is that security vendors typically keep their threat intelligence to themselves and guard it as core intellectual property.

A different approach is to move from unidirectional relationships with customers to multidirectional communication and communities. Crowdsourcing threat intelligence requires an extension of trust to customers, partners and other members of a security vendor's ecosystem, so the vendor must provide dedicated support to train and certify the crowdsourced researchers.

However, the upside potential is significant. Given an anointed team of researchers across the globe, the reach and visibility into real-time threats will expand, along with the ability to quickly and accurately respond, minute by minute, day by day, to evolving threats.

As for tactical requirements, the community needs access to query tools similar to those used by the vendor's own expert researchers. The simpler interface would display threat predictions with all the relevant security information, related meta-scores and data visualizations, and allow the volunteer to confirm or reject a host as malicious.

Threat intelligence derived from Big Data can prevent device infections, network breaches and data loss. As advanced threats continue to proliferate at an uncontrollable rate, it becomes vital that the security industry evolve to stay one step ahead of criminals.

The marriage of Big Data analytics, science and crowdsourcing is making it possible to achieve near real-time detection and even prediction of attacks. Big Data will continue to transform Internet security, and it's up to vendors to build products that effectively harness its power.

Bring On the Pineapple and Bone-In Ham

By Chris Maxcer
MacNewsWorld
Part of the ECT News Network
09/16/13 5:00 AM PT

We're not all born to be fancy chefs, and Kitchen Knife Skills knows it. It's designed for newbies and is therefore realistic. I appreciate that. While I thought I knew how to cut open an avocado, it turns out you can deftly whack your knife into the pit, then twist the knife to loosen and remove it. A couple of previous girlfriends might have swooned had they seen me nonchalantly use that move.

Kitchen Knife Skills: Essentials for the Confident Cook by Open Air Publishing is available in the iTunes App Store for US$4.99.

You've got to admire a person who knows how to wield a knife with confidence -- especially a chef's knife. If you're anything like me, you've stumbled upon some sort of food in the kitchen that needed to be cut up, and because you didn't know what you were doing, you just started hacking away. You probably used the wrong sort of knife, and the technique? Likely messy, even dangerous.

I remember my first pineapple. I cut off the hard skin then hacked the hulk of yellow fruit into slices, which unfortunately kept the tough center rind. How to cut that out? I ended up with a juicy mess all over the counter, and the only saving grace of the endeavor was that I learned you can throw fresh pineapple chunks at most anyone -- and they'll love it because it tastes so much better than anything from a can.

For our meat-eating friends, the same goes for a whole ham or turkey -- while you can hack it up with a caveman-like rock, there's a better way, and the Kitchen Knife Skills app will show you how through words, photos and video.

First of all, Kitchen Knife Skills: Essentials for a Confident Cook, is part app and part book -- it's more app-like than book-like, and if I have any quibbles at all, it's that the navigation is harder than I expected.

There's a mini tutorial on how to use the app; still, I must admit, sometimes I'd try to swipe left and right to turn pages when I should have been scrolling up and down. Then, when I would get to the end of a chapter, I could tap a rectangle at the bottom to continue on -- but I'd lose track of where I was, physically, within the book. Or app.

The point? You'll likely get a bit confused, too. Get over it. I did -- right after I realized that I could swipe hard from left to right multiple times to expose the chapters and their subtopic pages. So under Fruit, there's a section for Fruit in general. It's followed by Avocado; Citrus; Mango; Papaya; Pears and Apples; Pineapple; Stone Fruit: Peaches, Nectarines and Plums; and Tomato.

Similarly, there are sections on Vegetables, Poultry, Seafood and Red Meat. Each kind of food has a handy tip that shows you how best to cut or chop it up, as well as make sure you're using the right equipment.

You actually need just three kinds of knives in your kitchen -- a chef's knife, paring knife and bread knife -- according to the authors. This is covered in the Go-To Gear section, which also defines and identifies different sorts of specialty knives you may want to use, too -- like a boning knife, fillet knife, or cheese knife.

The app also covers cutting boards -- wood or plastic? -- and handy extra gear like kitchen shears (scissors to me) and a box grater -- because sometimes chopping is just not as efficient as grating.

Even though the app shows you proper cutting skills, it's designed for newbies and is therefore practical too. Realistic. We're not all born to be fancy chefs, and the tone of this app knows it. I appreciate that.

Meanwhile, how does the app actually teach you kitchen knife skills?

After showing you photos of different kinds of knives -- it turns out that my go-to chef's knife is a Japanese style that was actually made by Germans -- the app walks you through different kinds of foods and shows you a key method for cutting each.

First, you can watch a high-quality video that shows you how to say, cut up a whole raw chicken. In the app, your video instructor is Sarah Copeland, a food expert and former recipe developer for the Food Network.

In addition to walking you through a process, she will impart handy tips. For instance, you probably understand that buying a chicken whole is more economical than buying it already cut up. Cool. But, once you know what you're doing, it also means that you'll have more control over the size and shape of all the pieces and parts. Nice. I used to think a leg was just a leg. Not any more.

If you don't like a video or just want a quick reference, you can scroll down past the video section and get into the author-bookish section of the app. In the case of the chicken, you could take a guided tour of the anatomy of a raw chicken, check out the kinds of knives and tools you'll want to use, or dive into the illustrated written instructions, like separating the breast from the back. Queasy? Sorry.

You can avoid the meat sections and focus on the fruit and vegetables. For instance, while I thought I knew how to cut open an avocado, it turns out you can deftly whack your knife into the pit, then twist the knife to loosen and remove it. A couple of previous girlfriends might have swooned had they seen me nonchalantly use that move.

The best thing about Kitchen Knife Skills: Essentials for the Confident Cook is that it is thorough with excellent, high-quality photo and video. You learn a few extra tidbits here and there, and you always get just enough detail to keep you moving quickly to clearly learn a new technique.

In that sense, the app is a 100 percent success -- despite initial difficulty learning my way around the app, I have come away with new skills. For instance, I no longer fear the artichoke, much less the Thanksgiving Turkey.

Is there an app you'd like to suggest for review? Please send your iOS picks to me, and I'll consider giving them a whirl.

And use the Talkback feature below to add your comments!

MacNewsWorld columnist Chris Maxcer has been writing about the tech industry since the birth of the email newsletter, and he still remembers the clacking Mac keyboards from high school -- Apple's seed-planting strategy at work. While he enjoys elegant gear and sublime tech, there's something to be said for turning it all off -- or most of it -- to go outside. To catch him, take a "firstnamelastname" guess at WickedCoolBite.com.