Email from Robert Tyler: Dear Dr. Shurtz: Could you explain the recent incident involving certificate authority DigiNotar? Could you also explain what a certificate authority is and how this relates to security on the internet and World Wide Web? I never miss an episode of Tech Talk and I’m listening to all your previous podcasts via itunes. Thank you for such a great broadcast. Robert Tyler
Tech Talk Responds:
A Certificate Authority (CA) issues digital certificates that contain a public key and the identity of the owner. The matching private key is not made available publicly, but kept secret by the end user who generated the key pair.The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate.
A CA’s obligation in such schemes is to verify an applicant’s credentials, so that users and relying parties can trust the information in the CA’s certificates. CAs use a variety of standards and tests to do so. In essence, the Certificate Authority is responsible for saying this person is who they say they are, and we, the CA, verify that. If the user trusts the CA and can verify the CA’s signature, then he can also verify that a certain public key does indeed belong to whoever is identified in the certificate.
Email from Margaret: Dear Dr. Richard Shurtz. There appears to be a lot of Issues with this Squeezebox Internet Radio. For about a week now I can’t access Bloomberg Business Radio on my internet radio I bought from Logitech. This station is THE reason I purchased the squeezebox product–it is the main station I NEED to access daily. When I press the preset button I assigned to Bloomberg Business Radio station, I TODAY get a recording telling me my setup is not compatible with this station–Bloomberg Business Radio. I just found out that Bloomberg changed their website to Flash Media. I am told that Logitech must update its firmware to support Flash. HOW do I get this fixed? I am most appreciative if you can solve and explain this and tell me how to again access your station. I have to listen to this station daily for my job! so this is a nightmare! All the Best, Margaret
Tech Talk Responds: Everyone is having your problem. It is not a SB issue. Sometimes the station owners aren’t clueless — they know people are listening in other ways (internet radios, Smartphones apps like TuneIn) and don’t like it. They want people to see the ads in their flash players. That may be their motivation.
I found this response on their website:
Please accept my apologies for any frustration we may have caused with the changes we made recently to the Windows Media streams for Bloomberg Radio and TV. What’s going on is that we’ve been in a year-long process of upgrading our web audio and video streams to higher quality. At some point, it was time to decommission the old infrastructure, so we did that. We were unaware of the usage by (and don’t have any syndication deal with) the Squeezebox folks.
Our programming is still available at Bloomberg.com and we do hope you continue to tune in, but we also hope you understand the goal of providing the highest audio and video quality. If anyone here is from Logitech, I can put you in touch with our head of syndication.
Email from Snake Eyes: Dr. Richard Shurtz, Do you ever do book reviews, or, why not profile this Physics professor? I’m interested in knowing more:
A Harvard professor of physics, Randall, author of Warped Passages, has earned praise for both her science and her skill at making it accessible to the general reader. Here she proves a fascinating guide to the latest discoveries and challenges in theoretical physics. Thanks, Snake Eyes
Tech Talk Responds: This is not normally the type of person I feature. If she did some original research that lead to innovation she would be a candidate. By the way, I am looking for suggestions for all listeners on possible people to feature. This week’s Profile came from an earlier listener suggestion.
Email from Howard: I have accidentally deleted everything inside my hard drive. How could I restore them? Thanks, Howard.
Tech Talk Responds: Restore your most recent backup if you have one.Once restored, you’ve only lost whatever has changed in the time since that backup was taken. You probably don’t have a backup.Stop using the drive, remove it and make it an external drive on another computer. Every time you write on the disk you may lose even more data.With the drive attached as a second or external drive, use a free data recovery tool, like Recuva. Recuva, and other tools like it, scan the drive media looking for deleted, but possibly recoverable files, and allow you to specify which should be restored.
The problem is that file recovery tools don’t know the difference between files that you just recently deleted by accident and files that you deleted before that on purpose. Copy the files to be recovered to a different drive. This should avoid writing to the original drive at all.
David Friend is co-founder and CEO of Carbonite which provides online backup for personal computers. Carbonite is his sixth startup company.
David Friend was born in 1950 and grew up in Westchester, NY.
David holds a bachelor’s degree in engineering from Yale University.
He attended the Princeton University Graduate School of Engineering where he was a David Sarnoff Fellow.
In 1970, he dropped out of graduate school at Princeton University to co-found musical synthesizer developer ARP Instruments Inc.
The business required Friend, who had a double major of music and engineering at Yale University as an undergraduate, to travel the country pitching the synthesizer to bands — one of the highlights of a highlight-filled career.
After ARP was acquired by CBS Musical Instruments in the late 1970s, Friend co-founded Computer Pictures Corp., a graphics software company.
While at Computer Pictures, Friend recruited eventual business partner on four companies, Jeff Flowers, after reading about Flowers’ programming work at Prime Computer Inc.
After Computer Pictures was acquired in 1983 by Westwood-based Cullinet Software Inc., Friend started business intelligence software maker Pilot Software Inc. in 1984.
Pilot was bought by Dun & Bradstreet Corp. in 1994
Friend then started FaxNet Corp., a provider of fax-to-e-mail and e-mail-to-fax services. He sold FaxNet Corp $240M.
His next company was Sonexis Inc., an audio and web conferencing company.
After departing Sonexis in 2003, Friend considered starting a venture capital firm with Flowers and raising a $75 million fund.
They realized that funding startup companies was not as enjoyable as starting them.
They started Carbonite in 2005, after family members who lost photos and music in separate incidents on their PCs.
Flower’s wife had her laptop stolen with two years of baby photos. Then two weeks later, Friends daughter hard drive crashed and she lost an important term paper.
She sent her drive out to one of these clean labs and they charged her $800 to recover about 60% of what was on the disk. The term paper, unfortunately, was lost.
They named the company after carbonite, the fictional substance used to freeze Han Solo in Star Wars: The Empire Strikes Back.
Carbonite raised $67M in venture capital through several rounds of financing starting in 2006 and ending in 2010.
In May 2011, Carbonite filed with the SEC to raise up to $100 million in an IPO. They raised only $62.5M in a very volatile market. Market cap is less than $300M.
Friend’s stake was 9.7% and Flowers’ stake is 8.3% in the company at the time.
David has been a lecturer at MIT’s Sloan School of Management and is an active supporter of music and the arts in Boston.
He is a trustee of the New England Conservatory (emeritus), Berklee College of Music, and the Brookings Institution in Washington, D.C.
David is an avid marathoner, distance cyclist, windsurfer, and hiker.
Space Exploration Roadmap
NASA and the space agencies of a variety of countries, including members of the European Union, Canada, Japan, Russia, India, the Ukraine, and South Korea, have released a Space Exploration Roadmap.
NASA and its partners have created two scenarios, called ‘Asteroid Next’ and ‘Moon Next.’
This represents the continuing argument over which destination astronaut explorers should go to first. Should it be an Earth approaching asteroid? Or should it be the moon?
In any event, all roads lead to Mars in the current plan.
Both visits to an asteroid and to the moon are considered practice runs for what will be needed to go to Mars.
The FCC has finalized its proposed rules regarding net neutrality in a 155 page report.
The rules go into effect on 20 November, nearly a year after they passed in a 3-2 vote.
The FCC’s statement (PDF) summarizes the rules as follows
First, transparency: fixed and mobile broadband providers must disclose the network management practices, performance characteristics, and commercial terms of their broadband services.
Second, no blocking: fixed broadband providers may not block lawful content, applications, services, or non-harmful devices; mobile broadband providers may not block lawful websites, or block applications that compete with their voice or video telephony services.
Third, no unreasonable discrimination: fixed broadband providers may not unreasonably discriminate in transmitting lawful network traffic.’
It should be noted that some of the language is a little ambiguous; who is to decide what constitutes ‘unreasonable discrimination?
Google not to choose between the two options, but to tackle both at the same time.
A collaborative process is important, because Google isn’t the only company with a stake in the future of client-side Web development.
For example, Intel wants to allow Web applications to take better advantage of modern, multicore processor designs.
Internet access via smart phones are another issue.
Smartphone app platforms such as iOS tend to be closed, vertically integrated, and proprietary — precisely the opposite of the open, standards-based Web. Google is trying to attack that marketplace too.
Feds Pays IT Contractors Nearly Twice As Much As Its Own IT Workers
The federal government pays IT outsourcing companies nearly twice as much for computer engineering services as it pays its own computer engineers and 1.5 times more for IT management work, according to the Project on Government Oversight.
The study, released this week by the Project on Government Oversight (POGO), compared the total annual compensation for federal and private sector employees with federal contractor billing rates in 35 occupational categories in order to determine "whether the current costs of federal service contracting serves the public interest."
In all but two job categories, government employees were less expensive than contractors, and average private sector compensation was lower than contractor billing rates in all 35 occupational classifications, according to the study.
In the information technology category, POGO found that the federal government is paying contractors to provide computer engineers an average of $268,653 per year. That’s nearly twice the average $136,456 it pays its own computer engineers and nearly twice the average private sector salary of $131,415.
For information technology management services, the government pays average annual rates of $198,411 for contractors, according to the study. That’s 1.59 times the $124,663 average that the government pays its own federal IT managers and 1.73 times the $114,818 average at which private sector companies compensate their employees.
The study points out that IT specifically is widely outsourced throughout the federal government because of the assumption that IT companies provide vastly superior skills and cost savings.
NASA’s six-ton Upper Atmosphere Research Satellite (UARS) satellite entered the earth’s atmosphere over the Pacific Ocean early this morning..
The Joint Space Operations Center at Vandenberg Air Force Base in California said the satellite penetrated the atmosphere over the Pacific Ocean. The precise re-entry time and location are not yet known with certainty.
The Upper Atmosphere Research Satellite (UARS) is the largest American space agency satellite to return uncontrolled into the atmosphere in about 30 years.
There have been some unconfirmed reports on Twitter that suggested debris might have fallen in western Canada.
Most of the decommissioned spacecraft should simply have burnt up, but modeling work indicated perhaps 500kg could have survived to the surface.
Any pieces of debris should have been scattered over a 800km path; but with more than 70% of the Earth’s surface covered by water, many experts said the pieces were most likely to end up in the ocean.
UARS was deployed in 1991 from the space shuttle Discovery on a mission to study the Earth’s upper atmosphere.
Under the terms of the Outer Space Treaty of 1967, the US government retains ownership of the debris and could, if it so wished, seek to take possession of any items found on the ground.
With those ownership rights also comes absolute liability if a piece of UARS is found to have damage property or injured someone.
Tracking stations will typically witness the uncontrolled return of at least one piece of space debris every day; and on average, one intact defunct spacecraft or old rocket body will come back into the atmosphere every week.
DigiNotar dies from certificate hack caper
The Dutch company that was hacked earlier this summer by certificate thieves has shut down.
DigiNotar filed for bankruptcy in a Netherland court on Monday, and its assets will be liquidated by a court-appointed trustee.
Vasco Data Security International, the Chicago company purchased DigiNotar last January for $13.1 million.
In late August, DigiNotar admitted that hackers had illegally generated numerous SSL (secure socket layer) certificates, including one for google.com that was later found to have been used to spy on some 300,000 Iranians through their Gmail accounts.
DigiNotar confirmed that it had first discovered the intrusion on July 19, but had not disclosed the breach to browser makers, the Dutch government — which used DigiNotar certificates to validate the identities of many of its websites — or other customers until more than a month later.
An investigation sponsored by the Dutch government revealed that the hacker or hackers first compromised DigiNotar’s servers in mid-June and made off with more than 500 certificates.
After DigiNotar went public, all five of the major browser makers — Apple, Google, Microsoft, Mozilla and Opera — issued updates that barred users from reaching sites secured with DigiNotar-issued certificates.
Dutch Independent Post and Telecommunications Authority (OPTA) terminated DigiNotar as a certificate authority (CA), preventing it from issuing any further certificates.
DigiNotar’s filing for bankruptcy was not unexpected.