G$earch

The Download Blog: Software tips, news, and opinions from Download.com editors

Posted by Harshad

The Download Blog: Software tips, news, and opinions from Download.com editors


Lightning officially returns to Thunderbird 3

Posted: 13 Jan 2010 04:31 PM PST

One of the biggest disappointments of Mozilla e-mail client Thunderbird 3 was that plans to bake in the calendaring extension Lightning were abandoned. When Thunderbird 3 debuted, users got a bit of a shock: Lightning wasn't compatible with the upgrade. Although there was a work-around through the Lightning nightly updates, the official build wasn't going to graduate.

Lightning 1 beta 1

(Credit: Screenshot by Seth Rosenblatt/CNET)

Lightning 1.0 beta 1 fixes that, and also introduces to stable build users features that have been available in the nightly for some time. Lightning now displays the calendar and accompanying task manager in tabs, offers support for SeaMonkey 2, allows you to set multiple alarms for one event, and improves CalDAV interoperability. The full change log can be read here.

The Provider for Google Calendar also hasn't been compatible with Thunderbird 3 until now. Although there are several add-ons that provide bi-directional Google Calendar access, the Provider is preferred for Lightning users because it offers seamless integration between the two calendars. Basically, the only reason not to upgrade Lightning is if you don't plan on upgrading from Thunderbird 2.

Thunderbird 3 is available for Windows, Mac, and Linux. The Lightning and Provider for Google Calendar add-ons will work on all three platforms.

Skype to BlackBerry users: Sit tight

Posted: 13 Jan 2010 02:32 PM PST

Skype logo

It's been about nine months since Skype announced its intention to release a version of Skype for BlackBerry smartphones. So where is it?

True to its word, the VoIP communications company signed on testers for a closed beta version of Skype Lite last May.

The free Skype Lite bores down to the app's core calling and IM features without support for the more advanced Skype calling tricks that you find for Windows Mobile--like file transferring and sending SMS messages. Owners of certain feature phones made by Nokia, Samsung, Motorola, and Sony Ericsson can pick up Skype Lite for free, and can use Skype on data networks slower than Wi-Fi and 3G.

As for BlackBerry users, Skype's only advice is to keep waiting. Russ Shaw, General Manager of mobile at Skype, apologetically blogged at the close of 2009 that Skype has "faced delays beyond our control" in moving its BlackBerry build out of private beta testing.

Skype isn't sharing its release schedule for BlackBerry, nor has it expanded its private beta to admit new testers. In the meantime, Russ Shaw has said that Skype is continuing development on iPhone, and hints at future mobile releases. We're going out on a limb and guessing that an Android app is among them.

Microsoft brings kids developer tool to the PC

Posted: 13 Jan 2010 02:20 PM PST

Microsoft is bringing its Kodu development tool from the Xbox to the PC.

(Credit: Microsoft)

Microsoft researcher Matt MacLaurin came up for the idea for Kodu in his kitchen in the fall of 2006, noticing the way his three-year-old daughter watched her mom browse away on Facebook. MacLaurin saw how different computing is now than when he was a kid. While his Commodore Pet was like a lump of clay that he could mold by writing software in Basic, his daughter's generation is using computers whose functions are already set in stone.

So he set about creating a new developer language that would appeal to the current generation of kids. He settled on one that would work with just a game controller, using basic rules to do things like move an apple across the screen.

A few months later, the idea was working code. MacLaurin had created Boku, an all new programming language that could be run on an Xbox using only the console's controller to craft basic logic. MacLaurin showed it at the 2007 TechFest internal science fair and later that year at an emerging technology conference.

"That's just in our DNA," MacLaurin said. "We don't really trust something until it is on our screen."

Kodu, the final name for Boku, got its big-time debut in 2009, when Microsoft CEO Steve Ballmer showed the program, as part of his keynote at the Consumer Electronics Show in Las Vegas.

Now, Microsoft is bringing Kodu to the PC.

MacLaurin said the company had to do a fair amount of work to make Kodu work with a mouse as opposed to the controller. Most of that work is done, he said, but the company is releasing the PC version of Kodu as a technology preview to get more feedback before declaring the release final.

Already in its current form, Kodu has found its way into 200 schools and there have been more than 200,000 downloads of the free software. MacLaurin said moving the tool to the PC and mouse will allow schools to use it without needing any special hardware.

The software has also become popular in his own home, where he and his daughter work on Kodu tasks together.

"We use it together," he said, noting that at 5, his daughter is still younger than the 9-year-old age at which kids really start gravitating to Kodu. What he likes, though, is the logic skills it teaches her and the kinds of questions it creates in her mind. "It's an opportunity to have conversations you don't really have in other settings," MacLaurin said.

MacLaurin, who worked at Apple for five years, left after working on the Newton to form his own company and joined Microsoft in 2003. After spending most of his tenure in Microsoft's research labs, he recently moved to become part of Lili Cheng's Fuse Labs project.

Originally posted at Beyond Binary

Hands on: Pocket BLU app serves up Blu-ray extras

Posted: 13 Jan 2010 09:16 AM PST

Pop Tarantino's latest into select Blu-ray players, and Pocket BLU instantly delivers bonus content to your iPhone.

(Credit: Rick Broida)

Here's a neat idea: an app that links your iPhone or iPod Touch to whatever Blu-ray movie you're watching and serves up extra content, a remote control, a soundtrack listing, and even Facebook integration so you can tell friends about the movie.

Pocket BLU is that app. It's free, it works, and it's pretty cool--but it suffers from two major limitations.

The first is that it works only with Blu-ray players that have Wi-Fi. I can understand the need for a network connection, but what's wrong with Ethernet? Save for PlayStation 3s, few modern players incorporate Wi-Fi.

Second, Pocket BLU doesn't work with all Blu-ray movies. Rather, it's limited to certain Universal Studios titles, of which there are only about seven right now. These include "Funny People," "Inglourious Basterds," and "Public Enemies."

I tested a few PB-compatible titles on a Windows Media Center PC. To my surprise, the app quickly detected the selected movie and immediately unlocked its corresponding bonus content (deleted scenes, making-of features, etc.).

In the case of Tarantino's "'Basterds," that content consisted of four of the same video featurettes that appear on the Blu-ray disc--all of which you can stream to your iPhone or save for offline viewing.

If you're not seeing much point in viewing these extras on a small screen instead of a TV, well, I have to agree. Obviously Pocket BLU would be a lot more compelling if it delivered extras not included elsewhere.

I can't complain about its remote-control features, however, which are generally excellent. You get not only a touch-friendly assortment of menu and playback controls, but also an interactive timeline (which appears when you rotate your device). The latter's great for "scrubbing" to a particular spot in the movie.

The app's Now Playing button didn't do anything in the movies I watched, instead just returning a "this feature not available" message. Where's the movie synopsis, the IMDB links, the cast bios, and all that good stuff? That's what an interactive movie app should offer. Pocket BLU doesn't.

Not yet, anyway. Developer Deluxe Digital Studios says more features are coming soon. Let's hope so, because right now, Pocket BLU is little more than a novelty that only a smattering of movie fans will be able to enjoy. Everyone else will be left feeling, well, a little blue.

Originally posted at iPhone Atlas

Firefox 3.6 due this month; next comes 'Lorentz'

Posted: 13 Jan 2010 06:57 AM PST

Mozilla hopes to release the final version of Firefox 3.6 later this month and a stability-improving update code-named Lorentz by March as part of a revised updating strategy.

Mike Beltzner, Mozilla's director of Firefox, said Tuesday that he's pleased so far with his scrutiny of test data from the more than 1 million people using the first release candidate of Firefox 3.6, which came out late last week.

"So far we haven't found showstoppers," he said. If no more major issues are uncovered, "we're looking at releasing somewhere in the last two weeks of January," he said.

The most visible change with Firefox 3.6 is Personas, a mechanism to customize the browser's appearance with artwork, sports team logos, movie imagery, and other graphics. It had been available as a plug-in. Another change blocks third-party software from encroaching on Firefox's file system turf to increase stability. Support for a technology called the Web Open Font Format means many non-English browser users should have a faster time loading Web pages with downloadable fonts.

And perhaps most significantly given the competitive threat from Google Chrome, the new version is designed to launch and load pages faster, offer a more responsive user interface, and run Web-based JavaScript programs about 20 percent faster than the current Firefox 3.5, Mozilla said.

Under the hood, Firefox 3.6 gets support for the File interface, which can help with tasks such as uploading multiple photos and is part of the draft HTML5 standard effort. Another deeper change is running scripts asynchronously, which can help load a Web page faster by putting off some work until the high-priority chores are complete. Google and Facebook are among the sites taking advantage of the asynchronous feature, which requires Web developers support but isn't hard to add, Beltzner said.

Browser market on fire
Mozilla had hoped to release Firefox 3.6 in 2009 but gave itself a bit more time for Firefox 3.6 and 4.0. The open-source browser--used by about a quarter of Net surfers worldwide, according to Net Applications--has significantly challenged the dominant browser, Microsoft's Internet Explorer.

However, Google's Chrome is on the rise, edging past Apple's Safari in usage 15 months after its debut. Chrome, it should be noted, comes from a company borne of the Web with many cloud-computing projects such as Gmail and Google Docs, and therefore represents a qualitatively different challenge than IE and Safari, both of which came from operating system companies. Like Mozilla, Chrome is open-source software.

Mozilla has plenty of ideas in the pipeline. Next on Mozilla's agenda is an update to Firefox 3.6 code-named Lorentz, a release that embodies a new attempt to speed up the frequency of Firefox updates.

The big feature of Lorentz, which likely will get the official number of Firefox 3.6.5, is out-of-process plug-ins (OOPP), which isolate execution of Adobe Systems' Flash or Apple's Quicktime into a separate computing process from the main browser process.

The result is that when Flash programs crash--a common cause of problems in Firefox--the user is presented with an error message in a browser tab rather than a browser that completely crashes and restarts, Beltzner said.

"It's something we want to get into users' hands. It's a noninvasive change, and not a change to the interaction of the browser," Beltzner said. "We'd like to ship it as a minor update."

OOPP is a first stage of a project called Electrolysis to split the browser into separate processes. The next phase, Beltzner said, is to separate the processes of content-handling and user interface. After that, Mozilla is examining the possibility of splitting browser tabs into more separate processes, he said.

Mozilla hopes to freeze the code base for Lorentz soon, begin testing work, then potentially release a beta in early February.

"We're hoping to get the out-of-process plug-ins update executed within this quarter--probably later toward the end of this quarter," Beltzner said.

Faster release cycle?
Mozilla has been trying to speed up the frequency of Firefox releases, and Lorentz represents a new tactic in the strategy.

One tricky part of updating the browser is bringing along all the involved parties without breaking anything. That includes not just users who can be irritated or confused by changing software, but also Web developers who don't want their sites to malfunction and third-party programmers who develop browser add-ons.

Right now, Firefox proceeds more cautiously when something significant changes for these groups; new releases from, say, Firefox 3.5.6 to 3.5.7 come when bugs and security holes need fixing.

But starting with Lorentz, Mozilla hopes to release non-intrusive changes as well. The motivation for minor updates will be not just security and stability but also what Beltzner called enablement.

"If we prove the success of this model, it takes some of the pressure off releasing short cycles. We can spend more time on interactive changes and package a bunch of them together" as a major release, he said.

Roadmap update coming
The new approach likely will mean flux for work going on for versions that had been called Firefox 3.7 and 4.0, he said.

"People in their heads have bunch of features tied to those version numbers--some features with 3.7, some with 4.0. This is always a moving target. As we gain confidence we'll finish a feature in a certain timeframe, the shape of the release may change, and the release [date] may change," Beltzner said.

He and Mike Shaver, Mozilla's vice president of engineering, hope to release a new roadmap that reflects the changes, he said. What's currently called Firefox 3.7--with features including the new Jetpack add-on foundation--could arrive in beta form in the second quarter and in final form in the third quarter--but it may have a different version number, including 4.0

It may sound like moving the goalposts, but Mozilla is more concerned with updating the browser smoothly and quickly than with labeling. Ultimately, Beltzner said, the approach might, for example, accelerate the shift that had been planned for Firefox 4.0 to a refreshed user interface that devotes more real estate to content.

Originally posted at Deep Tech

McAfee in deal to power Facebook security ops

Posted: 12 Jan 2010 09:00 PM PST

In a move to show its 350 million members that it's serious about their safety, Facebook has launched a partnership with security firm McAfee: six months of McAfee's Internet Security Suite software, a discount subscription after that, and custom security software and education materials on Facebook.

"Facebook is applying all financial incentives from this partnership to the benefit of its users and will not be taking a share of any revenue from user subscriptions," a release explained. McAfee has also developed a free tool for Facebook users to clean their hard drives in the event that their Facebook accounts are compromised through a malicious attack.

McAfee will also be providing content for Facebook's security home page.

Right now, Facebook users in the U.S., Canada, Mexico, Brazil, the U.K., Australia, Italy, Germany, Netherlands, Spain, and France are eligible for the free McAfee software promotion, and the release explained that more countries will be eligible over the next few months. The downloadable software "protects users' PCs from online threats, viruses, spyware, hackers, online scammers, identity thieves and other cybercriminals" and currently retails for about $35 per year through a discount on McAfee's Web site.

The partnership comes at a time when viruses and scams on Facebook have drummed up pages' worth of bad press for the social network; while it's been relatively vigilant about disarming viruses as they spread through "wall" posts and messages, they continue to plague Facebook as they do the Web at large. The company's in need of some image repair in addition to legitimate battle plans.

Facebook, the release explained, had been actively searching for a partner in this security initiative before choosing McAfee.

Originally posted at The Social

Unpatched Adobe holes link Google and earlier attacks

Posted: 12 Jan 2010 08:11 PM PST

The targeted attacks on Google and more than 30 other U.S. companies late last year bear striking similarities to targeted attacks on 100 U.S. companies last summer, a security researcher familiar with the attacks said Tuesday.

Last July, workers at about 100 U.S. technology companies were targeted with e-mails containing malicious PDF files that exploited a zero-day vulnerability in Adobe Reader. The attacks were detected early and there were no serious consequences, said Eli Jellenc, head of international cyberintelligence at VeriSign iDefense.

In mid-December, Google, Adobe Systems, and a host of other Silicon Valley companies were targeted by attacks originating in China, prompting Google on Tuesday to say that it will stop censoring its Chinese search results and to threaten to pull out of that market. The latest attacks also involved malicious PDF files in e-mail attachments and the code was similar to the previous attack, Jellenc said.

Google said the companies targeted in the attack numbered more than 20, but iDefense put the number at 34, including Google. In many of the cases, the attack was successful, Jellenc said. The attacks were targeting source code repositories, according to iDefense.

Coincidentally, Adobe on Tuesday patched a zero-day vulnerability in Reader and Acrobat that was discovered in mid-December and was being exploited by attacks in the wild to deliver Trojan horse programs that install backdoor access on computers. Jellenc said he could not say for sure whether that was the vulnerability targeted in the attacks on Google and the others.

Reader was found to be one of the buggiest programs in 2009 and has been the target of numerous zero-day exploits in the wild.

The code samples obtained by iDefense from the two attacks are different but have very similar characteristics, he said. They contact two similar hosts for command-and-control communication to receive instructions from the attackers once the target machines are infected, according to iDefense. The servers used in both attacks employ the HomeLinux DynamicDNS provider and they both currently point to IP addresses owned by Linode, a U.S.-based company that offers virtual private server hosting, iDefense said. In addition, the IP addresses from both attacks are within the same subnet and they are six IP addresses apart, the company said in a statement.

"Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July," iDefense said.

Jellenc said his company started helping some of the victimized companies with the investigation on Thursday night, providing information on characteristics of attacks launched by Chinese groups.

Examining the attacks
Google noticed the malicious code in its system in mid-December and then followed it back to the drop servers and determined that other companies--including at least two financial companies and one major defense contractor--had been targeted, Jellenc said citing sources familiar with the investigation.

Google also may have been able to see a target list of IP addresses in the code, he said. (Google has declined to provide more details about the attacks beyond what they have publicly stated.)

The attackers stored data acquired in the attacks at Texas-based hosting provider Rackspace and had command-and-control servers based in Taiwan that are commonly used by "actors out of the People's Republic of China," he said.

A Rackspace spokeswoman confirmed early Wednesday that a server at the company had been affected. "In this case, a server at Rackspace was compromised, disabled, and we actively assisted in the investigation of the cyberattack, fully cooperating with all affected parties," she said. The hosting company runs the servers and operating systems for its customers' Web sites, but customers run their own applications on the servers, she said.

Jellenc said that iDefense "confirmed with some clients and partners of ours in the defense contracting community that the IP addresses used to launch the attacks are known to be associated with previous attacks from groups that are either directly employed agents of the Chinese state or amateur hackers that are proxies for them that have attacked other U.S. companies in the past."

At Google, attackers not only wanted intellectual property, but they tried to access Gmail accounts of Chinese human rights activists, Google said. Only two Gmail accounts appear to have been accessed and only limited account information, and not e-mail contents, was visible, according to Google. In addition, accounts of dozens of Gmail users in the U.S., China, and Europe who advocate human rights were accessed routinely by third parties, probably via phishing or malware located on the user's computer, Google said.

While attacks can be traced back to a country of origin, it's very difficult to prove that it was the work of a government agency, said John Bumgarner, chief technology officer of the U.S. Cyber Consequences Unit, which does independent research for the U.S. government.

The latest attacks are just the latest in a series of attacks from China on nonmilitary Web sites, according to Alan Paller, director of research at the SANS Institute. In November 2007, U.K. and U.S. companies doing business in China were targeted for proprietary information, he said. And in May 2008, Chinese entities hacked into organizations working for freedom in Tibet, he said.

"The interesting thing about this is somebody big is fighting back," Paller said.

These types of attacks happen every day, said George Kurtz, chief technology officer at McAfee. "What we're seeing is really the tip of the iceberg," he said. "This is going to be bigger than originally anticipated."

Jellenc and other security experts said they did not believe the targeted attacks were at all related to an attack Tuesday on Baidu, China's largest search provider. In that attack, visitors to the Baidu site were re-directed to a site where a group calling itself the "Iranian Cyber Army" claimed responsibility for the attack. The same group had taken credit for a similar attack on Twitter last month.

Dan Kaminsky, director of penetration testing at IOActive whose research has helped improve the security of the Internet infrastructure, predicted the attacks would prompt references to a Digital Pearl Harbor.

"I don't know how accurate or how fair that is but certainly something of note has occurred that has not occurred in previous years," he said.

"I think everybody is surprised by the utterly unambiguous response," Kaminsky added. "This definitely is 'shot heard round the world' territory, at least in our [security] community."

Updated 8:18 a.m. PST January 13 with Rackspace comment.

Originally posted at InSecurity Complex

0 comments:

Post a Comment