A lot of interesting stuff going on today, most of it I don’t have time to comment on, just read.
Internet Explorer 8 and Acid2: A Milestone As a team, we’ve spent the last year heads down working hard on IE8. Last week, we achieved an important milestone that should interest web developers. IE8 now renders the “Acid2 Face” correctly in IE8 standards mode.
Duke Nukem Forever Teaser Debuts on Shacknews Following yesterday’s screenshot release, Shacknews is pleased to premiere the first new Duke Nukem Forever teaser trailer in over six years. According to George Broussard of developer 3D Realms, the approximately minute-long video was originally created internally for the purpose of holiday festivities and marks the beginning of further media unveilings surrounding the notoriously long-in-development first- person shooter.
Antivirus firm: Google text ad Trojan detected Advertisements placed by Google in Web pages are being hijacked by so-called Trojan horse software that replaces the intended text with ads from a different provider, Romanian antivirus company BitDefender says.
The Trojan redirects queries meant to be sent to Google servers to a rogue server, which displays ads from a third party instead of ads from Google, BitDefender said in a statement.
The Ultimate Fate of Supplemental Results In 2003, Google introduced a “supplemental index” as a way of showing more documents to users. Most webmasters will probably snicker about that statement, since supplemental docs were famous for refreshing less often and showing up in search results less often. But the supplemental index served an important purpose: it stored unusual documents that we would search in more depth for harder or more esoteric queries.
Worm Hits Google’s Orkut Google’s Orkut social networking site appeared to have been hit by a relatively harmless worm, but one that demonstrated the continuing vulnerability of Web applications.
The People Inside Google’s Black Box After I wrote about Google’s search technology earlier this year, I got an e-mail from an engineer at another search engine telling me not to believe Google when it said its search results were simply the product of fancy formulas. Google, he said, has human beings helping to pick the best sites for many queries.
Intel to delay launch of three 45nm quad-core CPUs on poor AMD performance Intel has recently adjusted its product strategy and will postpone three 45nm quad-core CPUs that were originally scheduled to launch in January next year, according to sources at motherboard makers.
Intel has already notified its partners that it will push back the launch of the three CPUs to February or March next year, depending on AMD’s schedule for triple-core and the upcoming Phenom CPUs.
Firefox 3 Beta 2 now available for download Firefox 3 Beta 2 is now available for download. This is the tenth developer milestone focused on testing the core functionality provided by many new features and changes to the platform scheduled for Firefox 3. Ongoing planning for Firefox 3 can be followed at the Firefox 3 Planning Center.
Source: tipsdr
Tuesday, December 25, 2007
Software errors to delay hybrid drive takeoff
A report from market researcher Objective Analysis predicts that only about 13 million of the hybrid hard disks that incorporate NAND flash for caching key data will ship in 2008 due to software errors.
"Microsoft has a good concept with its ReadyDrive software, but they can't devote attention to it because they have diverted energy to fixing Vista bugs," said Jim Handy, principal of Objective Analysis.
Early benchmarks of the drives have given them mixed results so far, Handy said, indicating performance tuning is needed. "Some of the benchmarks suggest the hybrid drives run some software faster and other software slower," he said.
The new drives, aimed primarily at notebook computers, "will become significant but not next year, and their success is contingent on Microsoft putting adequate attention on the software issues," Handy said.
The firm estimates fewer than one million hybrid drives will ship this year and only about 13 million in 2008. However, shipments could rise to 90 million in 2009 and 220 million in 2010.
Only Samsung and Seagate current have shipping hybrid drives. Both companies have models with 256Mbyte NAND cache and drive capacity of 80-, 120- or 160Gbyte. Other drive makers are waiting for market demand to pick up before launching the products, he said.
Using software in Vista, the hybrid drives are geared to slash the time for booting a system or loading applications. The code can also cache frequently accessed data.
In addition, the hybrid drives may hamper the rise of solid-state drives (SSD) that use flash memory and aim to give a bigger boost in performance and reliability but at a steeper cost. Handy estimated a hybrid drive carries a premium of about $10 while a SSD carries a premium of as much as $300.
"Hybrids offer 80 percent of more of the performance of solid-state drives at a much lower cost," he said.
Source: EETASIA
"Microsoft has a good concept with its ReadyDrive software, but they can't devote attention to it because they have diverted energy to fixing Vista bugs," said Jim Handy, principal of Objective Analysis.
Early benchmarks of the drives have given them mixed results so far, Handy said, indicating performance tuning is needed. "Some of the benchmarks suggest the hybrid drives run some software faster and other software slower," he said.
The new drives, aimed primarily at notebook computers, "will become significant but not next year, and their success is contingent on Microsoft putting adequate attention on the software issues," Handy said.
The firm estimates fewer than one million hybrid drives will ship this year and only about 13 million in 2008. However, shipments could rise to 90 million in 2009 and 220 million in 2010.
Only Samsung and Seagate current have shipping hybrid drives. Both companies have models with 256Mbyte NAND cache and drive capacity of 80-, 120- or 160Gbyte. Other drive makers are waiting for market demand to pick up before launching the products, he said.
Using software in Vista, the hybrid drives are geared to slash the time for booting a system or loading applications. The code can also cache frequently accessed data.
In addition, the hybrid drives may hamper the rise of solid-state drives (SSD) that use flash memory and aim to give a bigger boost in performance and reliability but at a steeper cost. Handy estimated a hybrid drive carries a premium of about $10 while a SSD carries a premium of as much as $300.
"Hybrids offer 80 percent of more of the performance of solid-state drives at a much lower cost," he said.
Source: EETASIA
Wednesday, December 19, 2007
Latest Version of Firefox 3.0 Goes to Developers
Christmas came a little early for developers this year. Mozilla on Wednesday released the second beta version of Firefox 3.0 that promises enhanced security features and performance capabilities.
The release features an enhanced location bar that matches against page titles and addresses from local history, bookmarks and tags. It also incorporates feedback about security from Beta 1 testers, and includes an "effective top-level domain" that ensures that cookies and other Web content is only visible in a single domain, Mozilla said.
The company cautioned that the release is only geared toward Web developers and Mozilla's testing community, and is not intended for the average Web user.
"We encourage testers to download and install the Beta 2 release to test it against the Web sites they normally visit, and provide feedback about any incompatibilities," Mozilla said in a statement. "It is intended for testing purposes only."
Additional enhancements include more easily decipherable security notices, and a password manager that checks to make sure the correct password has been entered before Mozilla saves it. There is also an automatic check for insecure plugins, extensions and Java, and anti-virus integration with the new download manager.
Beta 2 also includes revamped personalization tools, improved text and graphics rendering, support for offline browsing and Web-based protocol handlers, and full-page zooming, Mozilla said.
Developers interested in testing out the release can visit the Mozilla developer center for more information.
Mozilla released version one of 3.0 in November. It later said it would fix only 20 percent of its known bugs before the latest version of the browser is released in its final version next year. Mike Shaver, Mozilla director of ecosystem development, subsequently penned a blog post that said that 20 percent prediction was a misunderstanding.
Source: PCMAG
The release features an enhanced location bar that matches against page titles and addresses from local history, bookmarks and tags. It also incorporates feedback about security from Beta 1 testers, and includes an "effective top-level domain" that ensures that cookies and other Web content is only visible in a single domain, Mozilla said.
The company cautioned that the release is only geared toward Web developers and Mozilla's testing community, and is not intended for the average Web user.
"We encourage testers to download and install the Beta 2 release to test it against the Web sites they normally visit, and provide feedback about any incompatibilities," Mozilla said in a statement. "It is intended for testing purposes only."
Additional enhancements include more easily decipherable security notices, and a password manager that checks to make sure the correct password has been entered before Mozilla saves it. There is also an automatic check for insecure plugins, extensions and Java, and anti-virus integration with the new download manager.
Beta 2 also includes revamped personalization tools, improved text and graphics rendering, support for offline browsing and Web-based protocol handlers, and full-page zooming, Mozilla said.
Developers interested in testing out the release can visit the Mozilla developer center for more information.
Mozilla released version one of 3.0 in November. It later said it would fix only 20 percent of its known bugs before the latest version of the browser is released in its final version next year. Mike Shaver, Mozilla director of ecosystem development, subsequently penned a blog post that said that 20 percent prediction was a misunderstanding.
Source: PCMAG
Tuesday, December 11, 2007
Drive to use legal computer software
Domestic enterprises wanting to go public should aim to use legal computer software, an official said Monday.
The country will work strenuously to encourage and supervise enterprises to build a sound environment for the software industry, head of copyright administration Liu Binjie added at a national legal software conference.
"Strengthening protection for legal software and creating a conducive environment is a significant part of the national intellectual property rights (IPR) strategy", said Vice-Premier Wu Yi, who is also head of the national IPR working team, in a letter to the conference.
Initiated last year by nine authorities including the copyright and information industry, commerce, finance administrations and regulators of banks, insurances and securities firms, the ongoing campaign targeting enterprises is seen as a powerful government effort to realize the wide use of legal software.
Domestic enterprises are responding positively to the country's call to use legal computer software since then, Liu said.
More than 1,500 large enterprises with annual sales of over 300 million yuan ($40.5 million) are currently using legal computer software, a result of the nine ministries' efforts to weed out software piracy nationwide.
The groups include the headquarters of the major 157 State-owned enterprisessuch as Sinopec and Huaneng Group, and their subsidiaries across China.
Another 1,300 large-scale en-terprises are reportedly speeding up efforts to install licensed software on the operating system of their computers.
Source: China Daily
The country will work strenuously to encourage and supervise enterprises to build a sound environment for the software industry, head of copyright administration Liu Binjie added at a national legal software conference.
"Strengthening protection for legal software and creating a conducive environment is a significant part of the national intellectual property rights (IPR) strategy", said Vice-Premier Wu Yi, who is also head of the national IPR working team, in a letter to the conference.
Initiated last year by nine authorities including the copyright and information industry, commerce, finance administrations and regulators of banks, insurances and securities firms, the ongoing campaign targeting enterprises is seen as a powerful government effort to realize the wide use of legal software.
Domestic enterprises are responding positively to the country's call to use legal computer software since then, Liu said.
More than 1,500 large enterprises with annual sales of over 300 million yuan ($40.5 million) are currently using legal computer software, a result of the nine ministries' efforts to weed out software piracy nationwide.
The groups include the headquarters of the major 157 State-owned enterprisessuch as Sinopec and Huaneng Group, and their subsidiaries across China.
Another 1,300 large-scale en-terprises are reportedly speeding up efforts to install licensed software on the operating system of their computers.
Source: China Daily
Monday, December 3, 2007
IE Expecting Threats from Hackers
Microsoft Corp said Monday that a flaw in the way its Windows operating system looks up other computers on the Internet has resurfaced, and could expose some customers to online attacks.
The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect victims to a malicious Web site.
Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and subsequently publicized at a recent hacker conference in New Zealand. "This is a variation of that previously reported vulnerability that manifests when certain client-side settings are made," said Mike Reavey, a group manager at Microsoft's Security Response Center.
The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.
Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.
Here's how the attack would work: When a Windows system is specially configured with its own DNS Suffix, it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim's own network.
WPAD servers are used to cut down on the manual configuration required to get Windows systems working on the network. DNS suffixes are used to associate computers with certain domains of the network and to simplify administration.
To make it easier for the PC to find a WPAD server, Windows uses a technique called DNS devolution to search the network for the server. For example, if an IDG PC was given a DNS suffix of corp.idg.co.uk, it would automatically look for a WPAD server at wpad.corp.idg.co.uk. If that failed, it would try wpad.idg.co.uk and then wpad.co.uk.
And that's where the problem lies. By looking for DNS information on wpad.co.uk, the Windows machine has now left the IDG network and is doing a DNS look-up on an untrusted PC.
Reavey says that this problem only affects customers whose domain names begin with a "third-level or deeper" domain, meaning that even with the DNS suffix, users on networks like idg.com or dhs.gov are not affected.
Attackers who registered "wpad" domains within second-level domains such as co.uk or co.nz could redirect victims to malicious Web sites without their knowledge -- a "man in the middle" attack." An victim might think he was visiting his bank's Web site, but in reality, he could be sent to a phishing site.
"It's particularly insidious because a lot of people don't realize that this is happening," said Cricket Liu, vice president of architecture with DNS appliance vendor Infoblox. To date, Microsoft has heard of no such attacks actually being carried out, Reavey said.
Customers who have set their own proxy server or who have a WPAD server on their network are not at risk, Microsoft said.
Still, according to the New Zealand security researcher who discovered this flaw, many customers could be affected. Beau Butler, who also happens to own the wpad.co.nz, domain estimates that about 160,000 PCs are affected by the problem in New Zealand alone, according to a published report. Butler could not be reached immediately for comment on this story, but in a note on a local Linux group Web site, he said he is collecting Web server data from this domain.
The flaw primarily affects corporate users outside of the U.S. It could theoretically be exploited by attackers to silently redirect victims to a malicious Web site.
Microsoft originally patched this flaw in 1999, but it was rediscovered recently in later versions of Windows and subsequently publicized at a recent hacker conference in New Zealand. "This is a variation of that previously reported vulnerability that manifests when certain client-side settings are made," said Mike Reavey, a group manager at Microsoft's Security Response Center.
The bug has to do with the way Windows systems look for DNS (Directory Name Service) information under certain configurations.
Any version of Windows could theoretically be affected by the flaw, but Microsoft issued an advisory Monday explaining which Windows configurations are at risk and offering some possible workarounds for customers. The company said it is working to release a security patch for the problem.
Here's how the attack would work: When a Windows system is specially configured with its own DNS Suffix, it will automatically search the network for DNS information on a Web Proxy Auto-Discovery (WPAD) server. Typically this server would be a trusted machine, running on the victim's own network.
WPAD servers are used to cut down on the manual configuration required to get Windows systems working on the network. DNS suffixes are used to associate computers with certain domains of the network and to simplify administration.
To make it easier for the PC to find a WPAD server, Windows uses a technique called DNS devolution to search the network for the server. For example, if an IDG PC was given a DNS suffix of corp.idg.co.uk, it would automatically look for a WPAD server at wpad.corp.idg.co.uk. If that failed, it would try wpad.idg.co.uk and then wpad.co.uk.
And that's where the problem lies. By looking for DNS information on wpad.co.uk, the Windows machine has now left the IDG network and is doing a DNS look-up on an untrusted PC.
Reavey says that this problem only affects customers whose domain names begin with a "third-level or deeper" domain, meaning that even with the DNS suffix, users on networks like idg.com or dhs.gov are not affected.
Attackers who registered "wpad" domains within second-level domains such as co.uk or co.nz could redirect victims to malicious Web sites without their knowledge -- a "man in the middle" attack." An victim might think he was visiting his bank's Web site, but in reality, he could be sent to a phishing site.
"It's particularly insidious because a lot of people don't realize that this is happening," said Cricket Liu, vice president of architecture with DNS appliance vendor Infoblox. To date, Microsoft has heard of no such attacks actually being carried out, Reavey said.
Customers who have set their own proxy server or who have a WPAD server on their network are not at risk, Microsoft said.
Still, according to the New Zealand security researcher who discovered this flaw, many customers could be affected. Beau Butler, who also happens to own the wpad.co.nz, domain estimates that about 160,000 PCs are affected by the problem in New Zealand alone, according to a published report. Butler could not be reached immediately for comment on this story, but in a note on a local Linux group Web site, he said he is collecting Web server data from this domain.
Subscribe to:
Posts (Atom)