Monday, June 30, 2008

Cool Dalek security camera

Need a few hundred to rove the streets of Detroit to fight crime. Exterminate, Exterminate!!!!

Thursday, June 26, 2008

Ubuntu MID Edition ships Jun. 25, 2008

Ubuntu MID Edition ships Jun. 25, 2008

[Updated Jun. 26] --Canonical Ltd. has quietly launched a full "developers release" of Ubuntu 8.04 ("Hardy Heron") for MIDs (mobile Internet devices). Desktop and embedded Linux developers can now begin porting applications to the platform, which will be pre-installed on MIDs by OEMs, Canonical hopes.

Spread the word:
digg this story
Ubuntu MID Edition is based on the Canonical-sponsored Ubuntu Mobile and Embedded (UME) community project, in cooperation with the Intel sponsored Moblin-org project.

Ubuntu MID Edition is also a modified version of the new Ubuntu Desktop Edition 8.04, optimized for handheld MID devices. The initial developer release is available for both Intel Centrino Atom ("Menlow") and Intel's A100/110 ("McCaslin") platform (targeting the Samsung Q1U ultra-mobile PC). Additionally, a handy KVM image and launcher shell script let users easily try out the stack on desktop PCs running Linux. It runs fairly quickly on systems with hardware virtualization support and Linux's the KVM (kernel virtual machine) loadable kernel module.

Ubuntu Mobile and Embedded 8.04
(Click any image to enlarge)

The free, open-source Ubuntu MID Edition offers modifications for displaying on smaller 4- to 6-inch MID displays and for making applications "finger friendly for touch screens," says a UME blog that appeared yesterday from David Mandala, UME Project Manager.

Canonical Ltd. announced the UME project in May 2007, and then issued a roadmap for the project a month later. The Ubuntu MID Edition is based in part on technology from the Moblin community, which has developed a Linux kernel, UI framework, browser, multimedia framework, and embedded Linux image creation tools designed for MIDs and other mobile devices. Ubuntu MID also includes a browser based on Mozilla's Gecko, which offers a zoom function and contains applications for email, calendaring, document reading, contacts, and a media player.

According to Mandala, Ubuntu MID will be pre-installed on MIDs by their manufacturers, who will typically add drivers and new applications, or even modify the user interface. Users will be able to download and install additional applications developed by the UME community and Meanwhile, developers are invited to port Ubuntu Desktop Edition applications to UME, and they are encouraged to share their work with the communities.


Ubuntu MID Edition is available for download now, says Canonical. Along with an image built to run on a KVM virtual machine [download link], there's an installable "McCaslin" image, and an image targeting Intel's Atom-based Crown Beach development station. The latter Menlow version is not available for direct install on any OEM device, Mandala adds, and adapting it for Menlow platforms is said to require "substantial modifications," and is not recommended.

Ubuntu MID will start synching up with the normal Ubuntu 6 monthly release cycle starting with version 8.10, says Canonical. More general information may be found here and information on UME for developers can be found here.

Obama Is Linked In

Obama Is Linked In

by Michael Hickins

Barack Obama may or may not get elected to the position of CEO of the United States in November, but he is showing other CEOs how to use Web 2.0 to drive innovation and buy-in.

Obama, who has a LinkedIn profile, used the Questions feature on LinkedIn to ask for suggestions on rebuilding the country's infrastructure. Last time I checked, he'd received over 2,500 answers.

If that seems like a small number compared with the thousands of unsolicited e-mails that politicians of every stripe receive every week from constituents and special interest groups, think again.

For one thing, Obama is controlling the conversation by asking for input on a particular problem. He has defined the parameters of what he's looking for.

For another, people answering the questions are part of a defined, filtered group. It is a self-selecting group, for sure, but it is nonetheless a more controlled group than you might ordinarily think of when you hear the word "social network."

Finally, and most importantly in my opinion, the people answering the questions are not only not anonymous, but their names are displayed prominently next to their answers.

In other words, they have strong incentives to provide thoughtful and intelligent-sounding answers.

Moreover, these are professionals taking time to answer a question that has no direct bearing on their immediate standing or compensation. Experts have questioned whether busy, knowledgeable people would take the time to contribute to wikis and other similar tools.

Nicholas Carr's comments in 2006 about more traditional knowledge management tools noted:

Using them turns out to be more trouble than it's worth--particularly for those employees who have the most valuable knowledge--and the platforms and repositories fall into disuse and are eventually, and quietly, dismantled. People go back to using efficient, direct conversations--through meetings, or phone calls, or e-mails, or instant messages--to exchange useful knowledge.

Clearly, as this LinkedIn example shows, Enterprise 2.0 is being adopted in droves. The issue isn't so much "Will people use it," but rather, "Will their inputs be useful?"

Thus it's no small thing to note that the answers Obama received are of tremendous quality. For instance, one director of marketing wrote (I'm excerpting only a portion of this answer!):

Industrial Strategy: Increasingly, most high-tech devices, including ones that were invented here (night-vision, storage playback, etc) are not made, researched, or designed in America anymore. As more and more production naturally moved overseas to find the lowest cost manufacturer, the iterative cycle of development soon followed and much of the R&D began to follow overseas as well. In order to continue to thrive as a nation, these well-paying, and high-value engineering jobs must have a natural home in America. To do this, as a nation we must be thinking about which strategic industries and areas that we wish to have their epicenter here, and invest accordingly. China, South Korea, etc have over the last 20+ years done this with excellence. We must think long-term, and think about the "linkages" between R&D and manufacturing. Alternative energy is obviously what most nations are gravitating towards as they think of this question today.

Obama is using a tool that any leader can use to solicit input from a group of people who perceive that answering is in their interests--even though there is no direct or immediate pecuniary interest.

What they do get is the benefit of feeling involved and of participating in a project that may produce significant long-term benefits.

I've written before about Obama's use of modern technology to advance his candidacy. He's not cutting-edge for a normal person, but he is the opposite of George H. Bush, who famously expressed astonishment at the existence of supermarket scanners in 1991, in the run-up to his failed reelection bid.

If Obama wins in November, I think it won't be as much for his policies as for the image he projects of being touch with the modern tools and technologies that affect the lives of most Americans.

Business leaders can't afford to project any less to their employees and customers.

Wednesday, June 25, 2008

Nokia buys rest of Symbian, will make code open source

Nokia buys rest of Symbian, will make code open source

Nokia on Tuesday announced it plans to acquire all of Symbian, which develops an operating system for mobile phones. The Finnish phone giant currently owns about 48 per cent and will pay €264 million ($410 million) for the rest.

It has received thumbs up from Sony Ericsson, Ericsson, Panasonic Mobile Communications and Siemens, which represents about 91 percent of the Symbian shares subject to the offer, according to a statement from Nokia.

Samsung Electronics, a partial stakeholder in Symbian, hasn't commented yet, but Nokia said it expects the company to agree to the sale.

The deal doesn't come as a surprise to Geoff Blaber, an analyst at CCS Insight.

"Nokia paid out more than $250 million in Symbian license fees last year, so it makes commercial sense to buy Symbian for about $410 million, rather than keep paying what is effectively a subsidy to the other shareholders," Blaber wrote in a company blog.

But that isn't the only explanation: Competition in the mobile phone market is intensifying.

"I think Nokia was more worried about the risk that Symbian's structure would erode its competitive position," said Blaber.

Symbian is being challenged by a number of new contenders, including the open-source operating system from the LiMo Foundation and Google's Android platform, which are challenging existing commercial models, according to Blaber.

Also announced on Tuesday was the formation of the Symbian Foundation, with members Nokia, Sony Ericsson, Motorola, NTT DoCoMo, AT&T, LG Electronics, Samsung Electronics, STMicroelectronics, Texas Instruments and Vodafone Group. All will get access to the Symbian operating system under a royalty-free license.

The deal will unite Symbian's OS, S60, UIQ and MOAP (which is the software platform for NTT DoCoMo's FOMA service) to create one open mobile software platform and a stronger competitor in the battle with other platforms.

To compete with Google and LiMo on an equal footing, the Symbian Foundation will make some parts of the operating system available as open-source code at launch. More code from the project will be made available over the next two years under the Eclipse Public License, according to a statement.

If Nokia's new approach works, it could greatly benefit the Symbian platform, Blaber said. With wider input from network operators and chip manufacturers as well as closer integration of the operating system and user interface, Symbian's operating system could become more stable and attractive to operators, developers and consumers, Blaber said.

Nokia expects the acquisition to be completed during the fourth quarter of 2008

Monday, June 23, 2008

Blogger launches 'Google bomb' at McCain

You can bet that someone will attack Barack Obama using this technique.

Let the cyberpolitical wars begin...

Blogger launches 'Google bomb' at McCain

By Heather Havenstein

A political blogger is using a technique known as " Google bombing" to enlist the aid of fellow partisan bloggers to boost the search engine rankings of nine news stories that reflect poorly on Republican presidential candidate John McCain.

Chris Bowers, managing editor of the progressive blog OpenLeft, is launching the Google bombs by encouraging bloggers to embed Web links to the nine news stories about McCain in their blogs, which helps raise their ranking in Google search results. Bowers is reprising a 2006 effort when he undertook a similar Google bombing effort against 52 different Congressional candidates.

The articles Bowers is using range from a story about McCain voting to filibuster a minimum wage hike to an item about the Senate passing an expanded GI bill despite opposition from McCain. Between June 6 and Tuesday, the first story had risen eight slots in Google's rankings to the 42nd result returned on searches for "John McCain." The second story is up 16 slots during the same 11-day period to the 35th result in a search for "John McCain."

The McCain campaign did respond to a request for comment on Bowers' project.

Bowers is aiming by Labor Day to have three of the nine articles appear in the top 10 search results for "John McCain" and "McCain," three in results 11 through 20 and three more in 21 through 30. When he began his quest three weeks ago, none of the articles were in the top 100 search results for either keyword search, he noted. Now, all nine are in the top 60 for "John McCain" searches and eight are in the top 60 for searches of "McCain."

Bowers said that he is operating independently and is not affiliated with the campaign of Democratic candidate Barack Obama.

He said he is targeting Google because search was the most common political action taken by voters during the 2004 campaign. "We're basically targeting the most common key words on the most common search engine for the most common form of political activity people are taking online," Bowers said in an interview.

In the project he spearheaded in 2006, Bowers said 700,000 people in key Congressional districts were exposed to negative articles. That effort was launched just three weeks before election day, he added.

Bowers chose the news articles by matching the topics to existing polling data that shows what issues likely will turn voters off to McCain. He also makes sure that the articles come from news organizations like, which already are highly ranked in Google search results, he added.

"We're just using McCain's own words -- everything we are targeting are things McCain has done or said himself. There's no bias at all. There are no opinion pieces. They are all news pieces that quote McCain himself. Obviously it is manipulating, but search engines are not public forums and unless you act to use them for your own benefit your opponent's information is going to get out there. This is the sort of 'Do It Yourself' activism that is very much in line with the tone of this campaign," Bowers said.

Julie Barko Germany, director of The Institute of Politics, Democracy and the Internet at George Washington University, said that while Bowers is probably not the only person to use such tactics, he is the first person she knows of to admit it publicly. She added that while they would be loathe to admit it, the campaigns themselves are likely using similar strategies.

"We know where Americans go first to search for information," she added. "They turn to a search engine. A Google bomb strategy is an interesting way to push negative or positive articles to the attention of the public."

While people who use the Internet regularly - especially younger voters - are not likely to be influenced by this type of a tactic, people who don't go online often may be influenced by stories that appear high in search results, she added. "That is an audience you'd worry about," she added. "They don't understand the subtleties of what is going on online."

In addition, she added that both the McCain and Obama campaigns have spent a lot of time, energy and money on search engine optimization strategies.

"If I were the McCain camp I would be a little bit worried about it," she said. "When you have something like this, it could potentially be seen as sabotaging what you're doing in a subtle way. I don't necessarily see it as a major threat but more as a subtle threat."

Friday, June 20, 2008

Employers who check out job candidates on MySpace could be legally liable

If a potential employer uses a social networking site to check out a job candidate and then rejects that person based on what they see, he or she could be charged with discrimination.


According to, a site that helps HR reps stay current with all matters HR, employers who use the data available on social networking sites like Facebook and MySpace to make hiring decisions could be subject to charges of employment discrimination and litigation.

Employers could be accused of using the data on such sites to cull minorities, homosexuals, and other applicants who are members of protected class. It is even illegal in some states to make a job decision based on applicants’ political activities, a factor that would be easy to find out on a social networking site.

From the site:

A survey of about 350 employers in October 2007 by New York-based, a media company focused on careers, found that 44% of employers use social networking sites to examine the profiles of job candidates, and 39% have looked up the profile of a current employee.

Although “failure to hire” lawsuits are rarer than other kinds of employment litigation, their numbers are expected to increase due to the growing use of social networking sites. There’s always a time lapse between problems that arise because of technology and legal precedents that address them.

Tuesday, June 17, 2008

How to salvage data lost to Gpcode.ak encryptor virus

This is scary. Using encryption for evil purposes....

How to salvage data lost to Gpcode.ak encryptor virus

Kaspersky unable to crack code, but says file-recovery utilities may save lost data
By Ellen Messmer

The Gpcode.ak virus, which encrypts files on the victim's desktop and demands a ransom to decrypt them, uses encryption that so far has proven too strong to crack. But Kaspersky Lab, which first identified Gpcode.ak earlier this month, says there is a way for most victims to at least recover their files.

Kaspersky says Gpcode.ak works by making a copy of the original file it wishes to kidnap using 1,028-bit encryption, then deleting the original. However, "it doesn't wipe the file from the system," says Roel Schouwenberg, senior antivirus research analyst at the security company.

Kaspersky is recommending the most cost-effective tools it determined can recover files, the freely available PhotoRec utility in conjunction with a free utility Kaspersky has designed called StopGPcode that restores the original file name and full paths of the recovered files. Kaspersky is recommending that anyone using the free PhotoRec utility for this purpose make a volunteer donation for its use in the open source spirit.

Various commercial file-recovery software packages may be able to find this kind of deleted file, too.

But any of these file-recovery methods could still prove ineffective in some cases.

"Some variables that come into play are that in re-booting the system or using it a lot, there's a higher chance you won't be able to recover the files," Schouwenberg says.

The underlying concern is that the unknown malware creator may create another version that does a better job of fully purging files after a copy of them has been encrypted.

While there hasn't been a massive Gpcode outbreak, the virus appears to slowly be gaining steam with a few thousand infections identified so far, including at a hospital outside the United States.

Kaspersky hasn't yet determined exactly how GPcode.ak spreads since first surfacing in early June, but a trail of clues is leading to suspect Blogspot spam and Usenet spam, Schouwenberg says.

Monday, June 16, 2008

UM Microchip Sets Low Power Record With 'Extreme Sleep'

UM Microchip Sets Low Power Record With 'Extreme Sleep'

A low-power microchip developed at the University of Michigan uses 30,000 times less power in sleep mode and 10 times less in active mode than comparable chips now on the market.

The Phoenix Processor, which sets a low-power record, is intended for use in cutting-edge sensor-based devices such as medical implants, environment monitors or surveillance equipment.

The chip consumes just 30 picowatts during sleep mode. A picowatt is one-trillionth of a watt. Theoretically, the energy stored in a watch battery would be enough to run the Phoenix for 263 years.

Scott Hanson, a doctoral student in the UM Department of Electrical Engineering and Computer Science, will present the design Friday, June 20 at the Institute of Electrical and Electronics Engineers' Symposium on VLSI Circuits. Hanson jointly leads this project with Mingoo Seok, a doctoral student in the same department.

Phoenix measures one square millimeter. There's nothing special about its size, as chips in many modern sensors and electronics are one square millimeter and smaller. But Phoenix is the same size as its thin-film battery, marking a major achievement.

In most cases, batteries are much larger than the processors they power, drastically expanding the size and cost of the entire system, said David Blaauw, a professor in the Department of Electrical Engineering and Computer Science. For instance, the battery in a laptop computer is about 5,000 times larger than the processor and it provides only a few hours of power.

"Low power consumption allows us to reduce battery size and thereby overall system size," Blaauw said. "Our system, including the battery, is projected to be 1,000 times smaller than the smallest known sensing system today. It could allow for a host of new sensor applications."

A group of UM researchers is putting the Phoenix in a biomedical sensor to monitor eye pressure in glaucoma patients. Engineers envision that chips like this could also be sprinkled around to make a nearly invisible sensor network to monitor air or water or detect movement. They could be mixed into concrete to sense the structural integrity of new buildings and bridges. And they could power a robust pacemaker that could take more detailed readings of a patient's health, researchers say.

To achieve such low power, Phoenix engineers focused on sleep mode, where sensors can spend more than 99 percent of their lives. Sensors wake only briefly to compute at regular intervals.

"Sleep mode power dominates in sensors, so we designed this device from the ground up with an efficient sleep mode as the No. 1 goal. That's not been done before," said Dennis Sylvester, an associate professor in the Department of Electrical Engineering and Computer Science.

The system defaults to sleep. A low-power timer acts as an alarm clock on perpetual snooze, waking Phoenix every ten minutes for 1/10th of a second to run a set of 2,000 instructions. The list includes checking the sensor for new data, processing it, compressing it into a sort of short-hand, and storing it before going back to sleep.

The timer "isn't an atomic clock," Hanson said. "We keep time to 10 minutes plus or minus a few tenths of a second. For the applications this is designed for, that's okay. You don't need absolute accuracy in a sensor. We've traded that for enormous power savings."

A unique power gate design is an important part of the sleep strategy. Power gates block the electric current from parts of a chip not essential for memory during sleep.

In typical state-of-the-art chips, power gates are wide with low resistance to let through as much electric current as possible when the device is turned on. These chips wake up quickly and run fast, but a significant amount of electric current leaks through in sleep mode.

Phoenix engineers used much narrower power gates that restrict the flow of electric current. That strategy, coupled with the deliberate use of an older process technology, cut down on energy leaks.

"A power gate of such a small size is unheard of in traditional design since it severely limits the performance of the chip," Seok said.

To address this performance loss, the Michigan team increased the chip's operating voltage, increasing the baseline power by approximately 20 percent when the chip is awake. But Phoenix still runs at 0.5 volts, rather than the 1 to 1.2 volts typical chips require.

For more information on Sylvester, visit: Sylvester can be reached at (734) 546-3178 or

NSBE-DAE 2008 June Kick-off Summer Networking Event

NSBE-DAE 2008 June Kick-off Summer Networking Event

Date: Friday, June 20th
Time: 5 - 8 PM
Location: Greektown Casino - Trapper's Patio Downtown Detroit

Additional details: Must be over 21 & Up to attend this event. Happy Hour Specials are available!!!

Parking: Please park in the FREE Parking Structure conveniently located right off I-375. Simply take the East Lafayette exit and make an immediate right into our parking structure. Crossover through the walkway and you should see signs for Trapper's Patio.

Also we will be collecting membership dues for 2008-2009 calendar year. Local dues are only $25.
National dues are $50 and FREE for RECENT GRAD first year. National dues can be paid on, go to NSBE ON LINE (NOL) and be sure to indicate DETROIT ALUMNI CHAPTER as your home chapter.

Friday, June 13, 2008

BDPA Job Recruiting event.


BDPA-Detroit with VisionIT

Are you looking for a job? Are tired of your current job? In need of a career change? If so, this event is just for you.... For more than 11 years, VisionIT has provided world-class information technology (IT) staffing and solutions to major corporations and government agencies, matching the right talent with their distinct individual needs. Their experience, coupled with our F.A.S.T. value-system, has helped them to become a national leader in the areas of IT staffing, outsourcing, and vendor management. With eight offices and personnel operating in some 30 states, they have staffed thousands of IT positions across the United States, becoming one of the industry's fastest-growing firms and earning the distinction of being listed multiple times as part of the Inc 500 as one of the fastest-growing privately held companies in North America. The future of VisionIT is filled with endless possibilities. The future of VisionIT is filled with endless possibilities. Whether you are a seasoned IT professional searching for a new career or a talented IT contractor looking to build your resume with more engaging projects, we at VisionIT are prepared to help you meet your individual needs and goals. Let us put our dynamic recruiting team to work for you.
Some of the Open positions we are working on locally are:

Site Support Specialist
PMO Manager
Technical Project Manager
BMS Infrastructure Engineer

Also a complete listing of our openings can be found on our website at

VisionIT Recruiting Event

You are invited to meet VisionIT's recruiting staff at Tech Town on June 19th @ 6:00 PM. Recruiters from VisionIT will present information on their company AND accept resumes! If you or someone you know are looking for employment or a career change, please come to this event with your resume!!

Tech Town is located on 440 Burroughs in Detroit, MI 48202

Tech Town -- 440 Burroughs -
Detroit, Michigan 48202

Cell phone radiation levels

Cell phone radiation levels
By CNET staff

What it all means
According to the Cellular Telecommunications Industry Association (CTIA), specific absorption rate, or SAR, is "a way of measuring the quantity of radiofrequency (RF) energy that is absorbed by the body." For a phone to pass FCC certification, that phone's maximum SAR level must be less than 1.6W/kg (watts per kilogram). In Europe, the level is capped at 2W/kg while Canada allows a maximum of 1.6W/kg. The SAR level listed in our charts represents the highest SAR level with the phone next to the ear as tested by the FCC. Keep in mind that it is possible for the SAR level to vary between different transmission bands and that different testing bodies can obtain different results. Also, it's possible for results to vary between different editions of the same phone (such as a handset that's offered by multiple carriers).

It's important to note that in publishing this list are we in no way implying that cell phone use is or isn't harmful to your health. While research abounds and some tests have shown that cell phone radiofrequency (RF) could accelerate cancer in laboratory animals, the studies have not been replicated. Cell phones can affect internal pacemakers, but there is not conclusive or demonstrated evidence that they cause adverse health affects in humans. Conversely, there is not conclusive or demonstrated evidence that they don't cause adverse health affects in humans. So, in short, the jury is still out, research is ongoing, and we will continue to monitor its results.

If your phone isn't listed here (U.S. customers) and you've purchased it within the last few years (the FCC Web site currently does not provide information on models certified before 1998), you can request the SAR information from the manufacturer or your carrier. You'll need the model number and FCC ID number, which is usually but not always listed in your owner's manual or under your phone's battery (you must pop the battery out). For links to the FCC's Web site, please see the More Resources section below. We'll continue to update the list as new phones are announced. To be the first to know when we've added more phones, subscribe to the On Call Newsletter.

New Firefox Web browser

New Firefox Web browser to be released Tuesday

-- A new version of the Firefox Web browser is scheduled for release Tuesday with improvements in security, speed and design. Many of the enhancements in Firefox 3 involve bookmarks. The new version lets Web surfers add keywords, or tags, to sort bookmarks by topic. A new "Places" feature lets users quickly access sites they recently bookmarked or tagged and pages they visit frequently but haven't bookmarked. There's also a new star button for easily adding sites to your bookmark list - similar to what's already available on Microsoft Corp.'s Internet Explorer 7 browser.

Other new features include the ability to resume downloads midway if the connection is interrupted and an updated password manager that doesn't disrupt the log-in process. In a nod to the growing use of Web-based e-mail, the browser can be set to launch Yahoo Inc.'s service when clicking a "mailto" link in a Web page, the ones you might come across clicking on a name or a "contact us" link. Previously such links could only open a standalone, desktop e-mail program. Yahoo is the only Web service initially supported. To use rivals like Google Inc.'s Gmail and Microsoft Corp.'s Hotmail, developers of those services will have to enable that capability first. Firefox also will start blocking rather than simply warning about sites known to engage in "phishing" scams that try to trick users into revealing passwords and other sensitive information.

The new version adds protection from sites known to distribute viruses and other malicious software. The list of suspicious sites come from Google Inc. and, a project headed by legal scholars at Harvard and Oxford universities. Security researchers who need access to problem sites can manually turn the feature off. Firefox 3 also offers speed and design improvements - the back button is now larger than the forward button, for instance, because people tend to return to a previous page more often, said Mike Schroepfer, the project's vice president of engineering. Firefox is the No. 2 Web browser behind Microsoft Corp.'s Internet Explorer. It comes from Mozilla, an open-source community in which thousands of people, mostly volunteers, collectively develop free products. Mozilla has been developing Firefox 3 for nearly three years and has been publicly testing it since November for Windows, Mac and Linux computers.

Its supporters are organizing launch parties around the world next week, and Mozilla is trying to set a world record for most software downloads in a 24-hour period. Microsoft is currently testing Internet Explorer 8, while Opera Software ASA released Opera 9.5 on Thursday. --- On the Net:

Monday, June 09, 2008

Old School network security attack

It isn't often that old hacking methods make significant news, but an ARP attack received widespread attention earlier this week, more so for the perceived target than for the actual attack itself.

In the seven layer OSI networking model, the second layer includes support for protocols like Address Resolution Protocol (ARP), which is what helps networking devices work out which specific piece of hardware should receive network traffic being sent to a particular network address.

Known attacks against this protocol include ARP spoofing, which allows an attacker who carries out a successful attack to completely intercept or otherwise manipulate traffic to a target system and completely remove it from a network.

In the recently reported attack, H D Moore's Metasploit Project had all Internet traffic redirected to a defaced page, announcing that a group called sunwear had hacked the site for fun. When H D Moore initially received reports of the defacement, he was able to verify that the site itself was completely functional, which hinted at a network-based attack at some point upstream of his server.

Given that it was affecting all network traffic headed for Metasploit, it had to be a close network node, and it turned out that another system in the same VLAN that held the Metasploit systems had been compromised and then used to carry out an ARP spoofing attack against Metasploit and the 200-plus other sites on the same VLAN.

H D Moore was able to address the issue by hardcoding his service provider's router MAC address into his ARP cache, but it didn't solve the problem for the other sites affected (who would have to carry out similar steps to overcome the issue or rely upon the service provider to do so).

According to a posting from Moore to the Full Disclosure mailing list, the ARP spoofing attack coincided with a broad denial-of-service attack (syn floods) against various services associated with the site.

The group claiming responsibility for the attack are a well-known Chinese group, but there doesn't appear to be much more to the attack than an effort to make a public statement of capability.

Some observers have pointed out that older style attacks and probes have largely been forgotten in the rush to focus on application-level attacks and threats, so this case should be a good wakeup call for most security service providers. It also highlights the risks that can be associated with outsourcing data and hosting services to external providers

Friday, June 06, 2008

Obama’s IT strategy

Obama’s IT strategy: The Facebook connection and the scale challenge

by Larry Dignan

Barack Obama has sealed the Democratic party nomination with the help of social networking, a Facebook staffer and an off-the-shelf IT strategy.

obama1.pngThose are some of the takeaways from a case study by David Carr at CIOZone, a site started by a bunch of my former Baseline magazine colleagues.

Carr, who has parachuted in on the IT strategies of MySpace and Google to name a few, also has an interesting perspective given he’s an Obama volunteer too. Carr has a long detailed case study, but here are some of the technology takeaways:

Obama kept his IT strategy simple. The campaign didn’t customize heavily and it didn’t look for bleeding edge technology. It used the same stuff the rest of the blogging world does–Movable Type, PHP, MySQL with a dose of community. The competitive advantage came from using social networking to “empower a highly decentralized, largely self-organizing, network of volunteers,” reports Carr.

He found a few community experts. According to Carr:

The Obama campaign has Chris Hughes, who was one of the three co-founders of Facebook and now runs the campaign’s, which itself is a sort of social network. Hughes is not a software developer (it was his Harvard roommate Mark Zuckerberg who wrote the original Facebook code), but he brought an appreciation how to nurture and manage online communities.

Decentralize the workforce (in this case volunteers) and give them autonomy. Obama’s campaign is the typical manage from the bottom up approach. This has enabled volunteers organize in states even when he hasn’t directly targeted those areas.

Scaling is always a challenge. Exhibit A is an application–provided by a consulting firm Blue State Digital–that the Obama campaign uses to make phone calls from home–a critical capability since the campaign relies so heavily on volunteers. Carr reports:

One key application that Blue State provided is the tool for making phone calls from home. It was a new component of the software suite, so it was “in pretty rough shape when I got here,” Hughes says, and has gone through “all sorts of modifications” to make it more useful, including tools for better management of the scripts and lists, and better back-end integration with voter databases.

In its default interactive mode, the tool presents the first name and phone number of a person to call, and sends the user down a different path through the call script depending on whether the volunteer reaches the voter, and, if so, whether that person likes or dislikes Obama or is undecided. Volunteers also record bad and disconnected numbers, which helps to clean up the voter list for future use.

One important improvement has been the ability to preview the script (including all its conditional branches) so the volunteer can run through it before starting to make calls. Alternatively, if the volunteer has a shaky Internet connection, or the Web site is overloaded and responding slowly, the site lets users print the script and a list of numbers to call offline, then post the results of those calls later.

Scalability, however, has sometimes been a problem. In the days leading up to February’s Super Tuesday primaries, the phone banking tool “was completely overwhelmed to the point where it was almost useless,” says Michael Spitzer-Rubenstein, a campaign volunteer from Los Angeles.

Can these systems hold up in a general election? Carr noted that data management will become a problem for Obama now that his campaign will have to hook up with the Democratic national campaign. One software and quality assurance pro said that she sees flaws in the Obama systems that could become a problem in the general election. The biggest issue: The campaign switches between two or three different systems to track voter contact. Bottom line: Data integrity will be an issue.

But like any other startup, Obama’s campaign will have to figure out how to scale quickly and handle peak loads.

Focus Hope User Group Meeting June 6, 2008

Tuesday, June 03, 2008

Watch your debit card transactions.

Listen to this Podcast cast from MPMG on how the banks are ripping us off when you use a Debit card.

5 Easy Ways To Commit Career Suicide

Watch out for these career-derailing missteps

By Calvin Sun

BANG! Without warning, the rifle discharged, tearing a hole through the floorboard of the car of an Army colonel. The rifle belonged to a young lieutenant who had been invited to go hunting with the colonel.

Though no one was hurt, the incident left everyone in the car shaken. Worse, the lieutenant hindered his own promotion, according to executive coach Bruce Sillers, who was a member of that same battalion at the time of the incident.

You may never have committed as grave a faux pas as this lieutenant, and if so, be thankful. Nonetheless, we're all capable of making mistakes that can send us straight to the career doghouse. Here are five big no-nos to watch out for.

1. Sending inappropriate e-mail

Most of us are bright enough to realize that chain letters or off-color jokes have no place in business communications. Where most office workers get into trouble is with the over-hasty e-mail reply.

Ever read an e-mail too quickly and fired off an angry reply, only to discover later that you had misinterpreted the first sender's message? You end up not only wasting everyone's time, but poisoning your work relationships -- perhaps permanently.

Before you reply to an e-mail that has elevated your blood pressure, apply one of these useful tests: Ask yourself, "Would I feel comfortable explaining my response on a witness stand?" or "Would I want my response to be published on the front page of The New York Times?"

If the answer is no, take time to cool off. Store the message in a drafts folder and review it later. Are you sure this is what you want to say, especially if you're directly insulting the recipient? Can your words be interpreted more negatively than you intended? And finally, would you want this message to find its way to your boss -- or to the HR director?

By the way, don't rely on any "unsend" feature, either. That feature will fail when you need it most. And be very careful of hitting Reply All -- or your supposedly personal conversation could be the talk of the office.

2. Putting down co-workers

Having done a significant amount of work for a particular client, I decided one day to try to expand my presence there. I called an executive in another part of that organization, introduced myself and said that "Carl" (a fictitious name for the IT executive with whom I had been working) was pleased with my work.

That executive responded, "Why should I care what Carl thinks?"

Not smart -- especially when said to someone outside the organization. If Carl had heard about this remark -- and these things do get around -- it could have created a Grand Canyon-size rift between him and his indiscreet co-worker. More critically, remarks like this damage the credibility of the organization.

Here's another example: Suppose you're the person the help desk elevates problems to when they are unable to resolve them. You find out, while talking to a customer, that the staffer she talked to gave her some really poor information. At this point, you may think the staffer is an idiot, but it's not a good idea to say so.

For one thing, if word gets to your boss that you're bad-mouthing your co-workers to the customers, you could be in big trouble. CIO Denny Brown of electric utility provider Arizona Public Service makes no bones about it: Such behavior constitutes insubordination, and therefore is "grounds for termination," he says.

It's a much better idea to maintain a united company front when dealing with the customer. Resolve the issue with your IT colleague privately.

3. Contradicting the boss in public

Suppose that your boss, while giving a presentation, makes a factual error. Should you jump in and correct the error immediately, secure in the knowledge that your boss will thank you for underlining the mistake in front of an entire room of people?

Um ... no.

Correcting your boss in public will hardly endear you to him. More likely, he will be upset at being made to look foolish, and may even wonder why you didn't catch the error yourself prior to the presentation.

When may one safely contradict the boss in public? I can think of only two instances:

First, if the building is on fire and your boss is pointing people to the wrong exit, you probably can speak up with few repercussions.

Second, if the boss makes a mistake about making a mistake, you can speak up -- the louder, the better. So, if your boss identifies the correct vendor for your off-site backup, then mistakenly says, "Sorry, that was wrong," you absolutely may say, "No boss, you were right to begin with." You don't get these chances very often, so take advantage of them.

Otherwise, exercise extreme discretion when your boss misspeaks in public. If the matter is truly important (for example, the CIO gives the wrong date for your SAP go-live), approach him during a break and quietly mention the mistake. A smart and gracious CIO, upon resumption of the session, will identify the error, apologize and credit you with the correction.

If a break isn't forthcoming soon, try to catch your boss' eye and talk privately. But you really don't want to shout out the correction in front of the whole group.

4. Committing social blunders at a company event

Staff misbehavior at office parties has been a cliché since the 1950s, but that doesn't mean people still don't make fools of themselves. Don Michalak, co-author of Making the Training Process Work and a consultant for companies such as Ford, KPMG and Marsh & McLennan Co., stresses that such functions are not purely social events. "Don't do anything you wouldn't do at the office or at a client's office," he says.

Yes, the party will have food. Go ahead and eat some, but don't draw attention to yourself by parking at the shrimp cocktail table. (Right or wrong, people will judge you if you pig out.) Consider eating something before you get to the party to avoid looking famished when you arrive. Be careful if the party offers alcohol; you know what can happen when a person drinks too much.

If you bring a guest, ask that person beforehand to be careful about his words. You don't want your guest to say to your boss, for example, "Oh, you're not as bald as they said you were!"

By the way, no matter how well you get along with your co-workers, the party is no time to complain about all the overtime you had to put in on the SAP rollout. If you do talk about the hours or the project, try to keep things positive, as in, "It was tough, but we did it."

5. Burning bridges when you resign

Many of us fantasize about telling off the boss when we quit a job -- but before you let loose, think twice. Remember the '90s Internet bubble? Many IT people left traditional companies with visions of pulling in millions from Internet start-ups, only to be rudely surprised when their new companies went under. Those who left on good terms with their former employers had a better chance of being rehired.

Christian Bass is a firm believer in maintaining good relationships with previous employers. Until 2006, Bass served as director of academic technologies at George Washington University. After leaving GWU, he spent two years as an employee of a consulting company; he then formed his own company, Successant LLC, in 2008. He recently negotiated a consulting contract with -- you guessed it -- his old boss at GWU.

When asked how he handled his GWU resignation, Bass said he emphasized that he was leaving for positive rather than negative reasons. "If something was bothering me at work," he said, "I resolved it, rather than letting it be the factor that led me to leave." He also stressed the importance of leaving with a good reputation and a record of solid accomplishments.

So, when you leave, keep things as gracious as you can. When you make the Big Announcement, stress the advantages of the new job, not the shortcomings of the current one. Conversely, come up with reasons to be grateful to have worked at the latter, but be sincere and don't make things up.

If you learned something from your boss or co-workers, let them know. Even if you had difficulties with someone, you still could say, "Thanks for teaching me how to benchmark an Active Directory environment." Leaving on good terms can only help you if you encounter these folks later.

Career suicide can happen all too easily, in several different ways. Fortunately, by taking common-sense steps, you can reduce its chances of happening.

Monday, June 02, 2008

The ignorance of America

Thanks to The Villager for this post.

Court finds Dell guilty of fraud

Oh NO. Dell acting like AOL....

By Nancy Gohring

Dell was found guilty on Tuesday of fraud, false advertising, deceptive business practices and abusive debt collection practices in a case brought by the New York attorney general.

The Albany County Supreme Court found that Dell deprived customers of technical support that they bought or were eligible for under warranty in several ways, including by requiring people to wait for very long times on the phone, repeatedly transferring their calls and frequently disconnecting their calls.

Dell also often failed to provide onsite repairs for customers who bought contracts for such support and often blamed software when hardware was actually the problem, the court found. The company also sometimes refused to offer support when a support contract ended, even though the user had first complained about a problem before the end of the contract. Subscribers to a "next-day" repair service sometimes waited as long as a year for support, the court found.

Dell and affiliate Dell Financial Services also advertised special no-interest financing, but denied almost everyone those terms. It often sold customers products without informing them that they didn't qualify for the special financing terms and then charged them interest rates as high as 30 percent, the court said.

Dell and DFS also often incorrectly billed people for canceled orders and for accounts they didn't authorize. The companies then harassed the people for payment, using illegal billing and collection practices, the court said.

The court will determine how much Dell will have to pay in restitution to affected customers and will also require Dell to pay the state of New York the profits it made on these deceptive practices. In addition, the ruling prohibits Dell and DFS from continuing to engage in the fraudulent activities.

Dell did not immediately reply to a request for comment on the ruling.