Show of 12-11-2010

  • Email and Forum Questions
    • Email from Lauren: Dr. Richard Shurtz. When I wrote the first email below I was being optimistic as I hadn’t been on the interview yet and didn’t have the offer. I left the interview Fri and b/f close of business they called to offer me the Tech writer job. I am very happy! Please forget about the below email, as I now found out they have decided on Doc-to-Help. If you could please tell me your take on this Online Help authoring tool, that would be great. I learned from the interview that they do a lot of JAVA work and Doc-to-Help aligned up well with this. Best Lauren
    • Tech Talk Responds: Doc-To-Help was one of the first authoring tools for Windows Help having been around since 1991. Early versions of Doc-To-Help were based on creating a printable document within Microsoft Word and then converting that document into an online Help file.
    • The latest version of the product, Doc-To-Help 6.0, is somewhat different. Print is now just one of the targets—the others comprise a comprehensive range of online Help formats, including WinHelp, HTML Help, and JavaHelp.
    • The reason for the change is the acquisition of Doc-To-Help by ComponentOne, who have totally re-engineered the product and combined it with True Help 1.0, retaining best features of each. The interface makes for a steeper learning curve, according to some reviewers. But overall, a good choice.
    • Email from Maryland Woman: Dear Dr. Richard Shurtz, I own a dell laptop, about 4 yrs old. OS is WIN XP. I use mainly Firefox as my browser and also use Chrome. I want to be able to do the minimum amount of typing when I go to a website, esp. sites I routinely go back to. I don’t think my setting in these browsers are set in the most efficient choice & want to improve this. I recall what I am talking about are ‘smart keys’?? Are there security issues I’d be subjecting myself to if/when I change settings to afford more efficiency? I need advise on how to make the wisest choices.
    • PS Is there a tech indulgence you are hoping Santa brings you–I need gift idea?? Thanks MDWOMAN
    • Tech Talk Responds: Most website will remember your user through the use of cookies. You can ask Windows to remember your password. You can store the URL in your favorite’s column. This minimizes keystrokes, but makes you more vulnerable. You can set up browser to not to allow cookies that can be read by third parties, but to allow cookies to be set. You can set your security to moderate level and then list the sites that you frequent as trusted sites. Never do any of this on a public computer. In that case, clear all cookies before you log out.
    • Popular gifts this year: iPad, Kinect for Xbox, eBook Readers (Nook or Kindle), Smart Phone (Android OS is my choice, iPhone a close second).
    • Email from Arnie: Dear Tech Talk, I thought you would find this interesting whether you mention it on Tech Talk. The article discusses Stuxnet and is titled Mystery Surrounds Cyber Missile That Cripples Iran’s Nuclear Weapons Ambitions. Arnie McKechnie
    • Tech Talk Responds: Thanks Arnie. I will review Stuxnet later in the show. It is the open salvo in a new type of cyber-warfare. It is also an indicator of a good career choice for someone entering computer science.
    • Email from Ginger: Dear Tech Talk, I use a VPN – how and what are the protections of this versus just connecting through my ISP? What limitations does this have? Can they "see" what I’m doing (like using a Bit Torrent), and that is coming from my account? I listen every week. Thanks, Ginger.
    • Tech Talk Responds: Encryption is a way to keep someone eases dropping from understanding your conversation. You must have an encryption that both sides have and use a strong encryption algorithm. Secure Socket Layer (SSL) and HPPS both use end to end encryption and are a good option for shopping or other secure activities. However, most of your survey is unencrypted unless you use an encrypted proxy server. This set up an encrypted data path between you and the proxy. The proxy makes your web page requests. These are unencrypted so they could be intercepted but that is unlikely. At least your ISP will not know what kind of traffic you are generated, but they will be able to monitor the overall bandwidth usage and guess.
    • Email from Peter: Dear Tech Talk, I have to make presentations that are on my USB drive and worry about picking up a virus or malicious program while on the road. What do you suggest? Thanks, Peter
    • Tech Talk Responds: The most effective way to prevent malware from spreading to your USB device is to keep the machines that you connect it to clean. For machines that you control, that means the standard techniques:
      • Use a firewall, Keep the operating system and all software up to date
      • Scan for viruses and spyware regularly, Avoid bad sites, attachments, scams.
    • If there’s no malware on the machine, then there’s no malware to infect the device you plug into it, simple as that.
    • If you must connect your USB device to computers that you don’t control, get a USB device that has a "write protect" switch and ensure that the device cannot be written to when inserted into a computer that you don’t control. There are write protect program, but they can be hacked. A hardware switch is the best option.
    • If you insert a non-write-protected USB device into a computer that you can’t trust, and don’t have write protect, that USB device immediately becomes untrustworthy.Run a virus and malware check on any untrusted USB.
  • Profiles in IT: Justin Frankel
    • Justin Frankel best known for his work on the Winamp media player application and for inventing the gnutella peer-to-peer network.
    • Justin Frankel was born in 1978 and grew up in Sedona, Arizona.
    • He ran the student computer network of Verde Valley School. He wrote an email application and a keystroke logging program while in high school.
    • In 1996, he enrolled in University of Utah in 1996, majoring in Computer Science.
    • He dropped out after two quarters.
    • A few months later, he released Winamp under his company’s name Nullsoft.
    • By 1998, more than fifteen million people had downloaded the program
    • Frankel, along with Tom Pepper, released SHOUTcast, for streaming audio.
    • He created the Advanced Visualization Studio, a plugin for Winamp which enabled users to create their own music visualizations in real-time.
    • In June 1999 AOL acquired Nullsoft for $100 million. Frankel got was $59 million.
    • On March 14, 2000, Frankel released gnutella, a peer-to-peer file-sharing program without AOL’s knowledge.
    • Unlike Napster gnutella allowed users to share any type of file, not just MP3s.
    • Gnutella did not rely on any centralized servers to find out what users had what content, so once a gnutella network was created, it could not be shut off.
    • When Frankel posted Gnutella on Nullsoft’s site it came with a half-apologetic note: "See? AOL can bring you good things!" AOL was not amused
    • Since AOL was at the time merging with Time Warner, AOL ordered gnutella to be taken off the Nullsoft corporate servers.
    • The source code was released later, supposedly under the GPL. Gnutella became one of the most popular peer-to-peer file sharing networks of its time.
    • Nullsoft then released an MP3 search engine, a patch for AOL Instant Messenger to block advertisements. Both were removed from Nullsoft servers by AOL.
    • In mid-2003, as the RIAA was preparing lawsuits against random Gnutella users, Frankel concocted a counterstrike: WASTE, a private file-sharing system whose traffic is encrypted from prying eyes and whose networks are invitation only.
    • The name comes from the underground postal system in Thomas Pynchon’s The Crying of Lot 49.
    • Frankel told Rolling Stone that he tried to persuade AOL to release WASTE themselves as a way to revive their fast-falling customer base. When they refused, he released the program on the fourth anniversary of AOL’s acquisition of Nullsoft.
    • He stayed with AOL after that in order to complete Winamp version 5.0.
    • On December 9, 2003 AOL shut down Nullsoft’s San Francisco offices and laid off 450 employees. Justin resigned shortly thereafter.
    • Under his new company, Cockos, he has been developing REAPER, a multi-track audio and MIDI sequencer for Windows, with a version for Mac OS X in beta.
    • According to his weblog, Frankel is also an enthusiast bagpipe player.
    • Company website: http://www.cockos.com/
    • Justin’s blog: http://blorp.com/ 
  • Stuxnet Revisited
    • Stuxnet was discovered in June by a Belarus-based company doing business in Iran.
    • Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since its discovery.
    • Sean McGurk, the Homeland Security Department’s acting director of national cyber security and communications integration, calls the worm a “game changer.”
    • Many have called it the first “weaponized” computer virus.
    • Stuxnet is an advanced, undetectable computer worm that was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy: Iran’s nuclear enrichment program.
    • The worm attacked Iran’s nuclear facilities. Natanz, which houses the centrifuge arrays used for processing uranium into nuclear fuel, and, to aBushehr, Iran’s nuclear power plant.
    • Stuxnet was sent into the area around Iran’s Natanz nuclear power plant.to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back.
    • Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan.
    • When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)
    • Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Two of the vulnerabilities were known, but the other two had never been discovered.
    • After penetrating the Windows operating system, the code then targeted the siemens operating system that controlled the plant. Then took over the “frequency converters” that ran the centrifuges.
    • The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer.
    • It targeted a Siemens programmable logic controller.
    • Masking itself from the plant’s security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter. Estimates are that this went on for more than a year.
    • The worm reported back to two servers, one in Denmark and one in Malaysia.
    • This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines.
    • Ordinarily these experts would immediately begin tracing the worm and dissecting it, looking for clues about its origin and other details.
    • But that didn’t happen, because within minutes all the alert sites came under attack and were inoperative for 24 hours.
    • Experts, including inspectors from the International Atomic Energy Agency(IAEA,) say that, despite Iran’s claims to the contrary, the worm was successful in its goal: causing confusion among Iran’s nuclear engineers.
    • From inside Iran there have been unconfirmed reports that the head of the plant was fired shortly after the worm wended its way into the system.
    • But as the extent of the worm’s capabilities is being understood, its genius and complexity has created another perplexing question: Who did it?
    • And much of what the worm “knew” could only have come from a consortium of Western intelligence agencies, experts who have examined the code now believe.
  • WikiLeaks Update
    • Spying charges
      • US prosecutors plan to file spying charges against Julian Assange soon in connection with the publishing of secret diplomatic memos on the WikiLeaks website.
      • Assange attorney Jennifer Robinson said charges would be brought “soon” under the US Espionage Act. The law makes it a felony to receive national defense material if it’s known to be obtained illegally and could be used to harm United States interests.
      • If brought, charges against Assange would reflect a change US case law, which has never successfully prosecuted a news organization for publishing classified information.
    • OpenLeaks.org set to compete
      • Several of Julian Assange’s ex-colleagues say they’re launching a WikiLeaks-like site called OpenLeaks next week.
      • Leakers will be able to submit information to the site, but the site won’t publish it.
      • Instead, the leakers will name who – such as specific media organizations or watchdog groups – can have access to the information.
      • Those users will make their own decisions about fact-checking, editing and publishing.
      • Site still in launching stage….only shows Coming Soon now.
    • Revised military policy
      • The Pentagon has taken action to prevent the occurrence of another WikiLeaks breach.
      • According to military order, soldiers are now strictly prohibited from using CDs, DVDs, USB drives and other removable media, at the risk of being court marshaled, due to the perceived threat to national security.
  • Google unveils Chrome OS Notebook
    • Chrome OS is Google’s latest bid to challenge Microsoft’s market dominance.
    • Google has already gone after Microsoft’s Office software with Google Docs.
    • Chrome marks a departure from traditional operating systems, such as Mac OSX and Windows, by targeting users who spend most of their time on the web.
    • Google’s Sundar Pichai said the pilot scheme is aimed at early adopters, developers and users who are used to using beta software.
    • They will be given an unbranded black notebook, called the Cr-48.
    • Mr Pichai said there would be no devices on sale until next year simply because the software was not ready for prime time.
    • Machines for the pilot scheme will start shipping soon.
    • Consumer devices from Acer and Samsung are due on the market in 2011. No pricing details were given.
    • The company said that it hoped to be the first to ship a tool called "verified boot" on Chrome OS devices, which makes sure nothing on the machine has been modified or compromised.
    • Because data will be accessed through the cloud, users could loan their machines to other people.
    • Google said it has also partnered with US telecom titan Verizon to offer connectivity with Chrome notebooks when they go on sale.
    • The plans range from 100 MB of free data, to $9.99 a day for unlimited data, with no extra fees.
    • Android is also being used in tablet devices and netbooks, prompting a number of industry watchers to question Google’s twin approach in the OS market.
    • Many fear two Google operating systems will cause confusion for consumers.
    • The Chrome OS will be given free to hardware manufacturers.
  • Geminid Meteor Shower Will Peak on December 13.
    • Rocks will soon begin hitting the outer atmosphere with the arrival of the annual Geminid meteor shower.
    • The Geminids get their name because they appear to radiate from the area of the sky where the constellation Gemini stands. While there are about a dozen easily visible meteor showers each year, they are considered one of the "big three" that include:
    • The peak of the week-long shower will come just before dawn on Tuesday, but the shooting stars will also be visible across the world late in the weekend.
    • Where skies are clear, the viewing will be best "before dawn on Tuesday. It starts to get light an hour before sunrise, so any time before that is going is a good time.
    • It is expected to generate from 60 to 80 meteors an hour.
    • The peak will hit Tuesday morning at 6 a.m. Eastern time.
    • In the case of the Geminid shower, they’re tiny pieces of debris breaking off an asteroid called 3200 Phaethon as it orbits the sun.
    • Although the shower was first seen in the 1860s, the asteroid wasn’t discovered until 1983.
    • For those who can’t make it out Tuesday morning, the meteors will be visible for two days before the peak and a day or two afterwards, just not as plentiful.