Mahalo Refuses Mentors Payments

Mahalo Refuses to pay it's Mentors

To make the long story short I've been working with Mahalo as a mentor since back in July. Well things have gone pretty smoothly with the exception of payments being continuously delayed until last month. I got an email informing me that there was a discrepancy with some of the pages that I've "mentored" and they needed to discuss our payment options.

I'm informed that because I spent less than 15mins "QC'ing" some of these pages they are refusing to pay for them. Later I'm told its because there weren't enough edits or major changes. Now as I can see it from the QC process no where does it specify that there even needs to be a change made.

# To check the quality of the work, follow this process:

* STEP 1: Assess the page and make sure it looks complete and well-organized. Are there any sections it needs to have but doesn't? Is there a Guide Note, Fast Facts and related tags? If it's missing anything important or fails to follow Mahalo formatting and style rules, kick back the page.
* STEP 2: Click the "Open Links" button on the guide toolbar. Wait a few moments for all the links on the page to open. Skim quickly over all of the links. If more than 1/3 of the links look questionable or fail to meet Mahalo standards, kick back the page.
* STEP 3: Do a quick Google search. Does Google's Top 20 have quality links that you haven't yet visited? If so, kick back the page.

# If the SeRP is not acceptable, click the "Decline" button and send an email to the PTG explaining what they can do to improve the page.

They provide me with a list of about 111 pages they are willing to pay in full for but the rest are "under scrutiny". Basically it works out to 359 out of the 470 pages I reviewed during October.

I'm given two options:
1. they can do a full audit of these pages and they'll pay me for the ones they think had enough work done or have been worked on since they were added to Mahalo. I'm not told what constitutes enough work nor am I given any guidelines for their review!
2. they will pay me 1/3 of the total sum for the remaining pages, this works out to paying me $3.33 per page or $1163 out of the $3590 they owe me.

Well not being one to take things sitting down I ask them to do a full audit of these pages. Which some how they manage to audit 359 pages with 3 full time guides in less than a week. Keep in mind they've told me that its not likely that I could have done the same thing in a full months time. They inform me that they are now willing to pay me in full for an addition 120 pages. Interestingly that works out to just about the 1/3 they wanted to pay in the beginning.

So I reviewed the full list of pages they don't want to pay me for. I noticed that several of the pages we were specifically asked to QC and move to Mahalo. These were either pages from other mentors, previously QC'd page ect. And several of the pages had numerous changes made. Which leads me to believe they infact did not do a full audit of these pages and I in deed should be paid in full.


In an attempt to reach an amicable agreement I offer to review the list of pages and they could pay me in full for the ones I feel I deserve a full payment for and a lump sum or $5/page can be paid for the rest. Or they can simply pay me $5/page for the remaining 239 pages. I still didn't understand why they were refusing payment to begin with as these pages were mentored per their guidelines. I felt no matter how you cut it I worked on all these pages and I should at least be paid a little for my time spent.

I received the inevitable response in the form of a phone call (Mahalo isn't big on putting things in writing} informing me that they are simply refusing to pay anything beyond what they have already paid. I'm still waiting on the payment for the 120 they are now willing to pay. They also inform me that there was an issue with some of the pages from November and they will now be audited.

So now it looks like they are going to refuse payment of anywhere from $2400 to $3200 (maybe more). Its my understanding that at least 2 other mentors had similar issues, with one opting not to fight, and the other asking for a full audit. So I know I'm not alone in this ordeal. But what a way to be treated for someone that worked their butt off for this company.

The verdict: Leopard spanks Vista, continues OS X's reign of excellence

November 07, 2007 (Computerworld) -- This story caps off a truly comprehensive wave of Mac OS X 10.5 Leopard coverage from Computerworld. Our readers have asked for more operating system coverage, and we're delivering.

Our Week of Leopard package covers many aspects of what's new in the latest Apple operating system, everything from Leopard Server, improvements for developers and changes to user accounts to nitty-gritty details on Time Machine and the other bundled apps and utilities in OS X 10.5. We've also compiled a comprehensive image gallery of Leopard's new look and features, as well as a rundown of its highs and lows. The stories in our Leopard package have been researched and written by at least half a dozen Mac experts.

The questions that remain are these: Is Leopard a truly great OS? How does it stack up against its predecessor, Tiger, and Windows Vista? Should you get this thing for yourself? Should you recommend it for your company?

Vis-a-vis Vista

Given the timing of Mac OS X's release, the somewhat lukewarm response to Microsoft's Windows Vista by many IT shops, and even the similarity in the areas of concentration pursued by Apple and Microsoft -- a comparison between Leopard and Vista is inescapable. Both companies emphasized efforts to improve usability and add features to their bundled software.

Both added transparency to their user interfaces. Both heavily revised the structure and management of their user accounts. Both enhanced parental controls, upgraded their onboard e-mail programs and added new versions of their browsers. Both did fairly significant behind-the-scenes work to boost their video and animation capabilities, as well as to better support third-party software development.

Throughout the four years of the Vista development process, I tested and evaluated at least 15 different alphas and betas of the operating system, spending hundreds of hours evaluating the late prereleases and the final editions. Likewise, I spent countless hours testing Leopard, both in prerelease form and the final version now available to the public. What I found after all that testing is that despite their similarities on paper, Leopard and Vista are nothing alike.

Vista has a cover-Microsoft's-butt, designed-by-corporate-committee feel, while Leopard tightly adheres to Apple's well-honed user-interface design principles. In numerous small ways, Apple has improved its OS, while Microsoft has, in a plethora of ways, changed Windows -- not always for the better. (For detailed reviews of both operating systems, see Hands on: A hard look at Windows Vista and In Depth: Apple's Leopard leaps to new heights.)

Any residual sense that Apple is somehow above competing directly with Microsoft's Windows is dispelled by Leopard. With OS X 10.5, Apple is clearly going head to head with Microsoft and Vista. With the smoke clearing, it's also apparent that Apple still has a lead on Microsoft when it comes to user interface and functionality.

That doesn't make Apple and its Mac platform or even Leopard an enormous business success. But it's impossible to miss the refinement infused throughout Apple's new operating system, whereas there are compromises in Vista that impinge upon the user experience without giving something back in return. Apple is focused on the user experience, while Microsoft appears to be focused on antipiracy, overengineered security protections, and digital rights management aimed at serving its prospective third-party partners.

There's really no contest. Tiger is a better OS than Vista, and there are no long-term downsides to Leopard. Vista doesn't measure up.

Continued...
1 | 2 | NEXT

What it took to hack the iPhone

The same Safari bug is also on Mac OS X and Windows, say researchers

July 24, 2007 (Computerworld) -- The iPhone vulnerability that could let hackers steal data or commandeer the device also exists in the desktop edition of Apple Inc.'s Mac OS X operating system, the exploit's researchers said today.

Charles Miller, one of the three researchers from Baltimore-based Independent Security Evaluators (ISE) who found the bug and wrote proof-of-concept exploits, confirmed that the vulnerability in the iPhone version of Safari is also present in the desktop version of the browser. Safari is included with all Mac OS X installations.

The Windows version of Safari is also vulnerable. "[But] it may or may not be exploitable there," Miller said.

Miller, Jake Honoroff and Joshua Mason found the Safari flaw using what Miller described as "fuzzing" techniques. Fuzzing, a tactic commonly used by vulnerability researchers, drops random data into applications or operating system components to see if -- and where -- breakdowns occur. Typically, the process is automated with a fuzzer, software that hammers on application inputs.

Not that the iPhone made it easy. The lack of debugger, for example, required that Miller and the others turn to alternatives, including the Mac OS X crash reporter, which logs all crashes, for ways to probe the iPhone. "The crash reports contained the contents of registers and what libraries were loaded," giving the team some clues, Miller said. Others they gleaned by examining the phone's core applications, which they could pull off the device only using iPhoneInterface. That program, part of the results of a group effort at the iPhone Dev Wiki, lets researchers and hackers modify the phone.

"Between the crash reports and the core files, we had a good picture of the application when it crashed," said Miller. "We found a few crashes that stuck out from the rest."

With iPhoneInterface and another program named Jailbreak -- Miller called them "hacking tools" -- the three researchers were able to pull Safari off the iPhone, disassemble it on a Mac desktop machine, and modify it so that would crash at the code location where the researchers wanted. "It was trial and error," Miller admitted. Testing required the application to be returned to the iPhone, where it was run, generating another crash report.

"It was like 'fuzzing' for an exploit," said Miller.

Although the three are withholding details until Aug. 2, when Miller will reveal more at the Black Hat security conference, one security expert is betting that the Safari vulnerability is a buffer overflow bug.

Continued...
1 | 2 | NEXT

Attention turns to second-gen iPhone

Next version of iPhone will take advantage of faster 3G wireless network speeds

By Matt Hamblen, Computerworld
July 06, 2007

The first-generation iPhone is barely on the streets, but some users and analysts are already talking about when a second-generation model will be launched to take advantage of faster 3G wireless networks for speedier Internet browsing.

The first version of iPhone supports AT&T's EDGE (Enhanced Data GSM Environment), a 2.5G network advertised as providing download speeds of 70Kbps to 135Kbps. AT&T and Apple chose that network because it is the largest, reaching 270 million people, company officials said last week.

However, several analysts and reviewers believe that the next-generation iPhone, which could ship early next year in the United States, will be provisioned to handle a faster 3G network, such as AT&T's High Speed Downlink Packet Access (HSDPA), to support download speeds of 400Kbps to 700Kbps. However, AT&T and Apple would not comment Thursday on their plans or a timetable for iPhone 2.0 or AT&T's HSDPA.

AT&T spokesman Mark Siegel stressed that "HSDPA is available in 160 metro areas, and AT&T will continue to build it out through the rest of the year, so obviously we're continuing to build 3G. "

But Siegel also repeated comments made last week that iPhone users will accept the slower EDGE speeds, especially since the iPhone can access faster Wi-Fi networks when a hotspot is available at home or a coffee shop. "We haven't had many complaints about EDGE," he said. "What really matters for a real human being using the iPhone who doesn't know anything about EDGE is that this is going to be a great experience in totality, whether searching for a stock quote or a map or many other things. We think overwhelmingly that people will be thrilled using this device. The experience they have on EDGE will be a really good one."

Siegel's comments, however, don't match user consternation about EDGE speeds registered at the MacRumors forums, or concerns raised by some reviewers, including one who said it took two minutes to download the Yahoo Web site home page.

The discussion thread at MacRumors asked people to post their EDGE speeds over iPhone using a network measuring tool. Some reported speeds were higher than those advertised by AT&T, but most were slower, with 64Kbps on July 3 in San Diego and 71Kbps in Los Angeles that same day. "Boooooo!" is the only comment from the San Diego user identified as FreeState. GnarleyMarley87 reported 126Kbps in Atlanta on EDGE, but 1,245Kbps over Wi-Fi at home. Other uses weighing in on MacRumors about the differences between 3G and EDGE and why Apple is waiting indicate that iPhone users are aware that AT&T's 3G network is not widely available in the United States. Users also noted that 3G-capable phones consistently run down batteries faster than those on slower networks. One analyst, Ken Dulaney at Gartner, recently confirmed that a 3G phone can use up a battery at a rate 30 percent faster than a 2.5G phone.

Apple officials would not comment on a timetable for the next iPhone release, or even whether it will support 3G.

Two analysts tended to support the decision to release the first iPhone over EDGE in order to get the broadest network reach over higher bandwidth. "EDGE is not a show-stopper for iPhone, and I think the next version will likely have 3G," said Michael King, an analyst at Gartner.

King said some industry experts believe Apple can have a second-generation device ready by October, but that Apple won't unveil them so closely behind the first version's June 29 release. King believes AT&T's HSDPA network will be more widely available for U.S. users in late 2008. "It's a pretty usable network now," he said.

With a second-generation iPhone, Apple is also likely to support QuickTime, giving access to streaming video that uses more bandwidth and tends to require a 3G network, King said.

Shiv Bakhshi, an analyst at IDC, said that Apple was "wise to have chosen ubiquitous network reach over bandwidth ... a culture of mobile data consumption in the United States is only beginning to set in. By the time it takes hold, Apple will be out with 3G iPhones and AT&T will likely roll a 3G HSDPA network across its national footprint."

Asked when both will happen, Bakhshi said "in under a year."

But Bakhshi said that it is not clear how much current iPhone users will be downloading from the Web. Songs and video can be imported from a PC, so EDGE speeds might not be an impediment for the average user.

"Every network falls short as your expectations rise higher," he said. "Some people will always be high-end users and will find EDGE really frustrating, but for the average Joe Blow like you and me, it will suffice."

Bakhshi added, "The single biggest driver of iPhone may not be data usage."

"Instead, it might be just its ability to invoke envy in your friends."

Mahalo Greenhouse Goes Live!!

Mahalo, dubbed the human-powered “search service” has accepted yours truly to be a part time guide. Even though they went live with the beta last week, it wasn't until earlier this week that I received my confirmation. So far things are rolling right along with 6 Search Results Pages (SeRPs.) done this week.

What is Mahalo you ask well check them out Mahalo FAQ's. If you'd like to become part of the Mahalo team drop by The Greenhouse. There you can find all the information on applying to become a part time guide.

For information on the projects that I've been working on visit my profile.

15 free security programs that work

I'm just going to say I was reading this list and I was seriously disappointed. There is no mention of two of the top tools in use today, spy-bot search and destroy and adaware. Neither of which you should do with out, and both are free. However the rest of the tools listed are fairly good and are definitely recommended to use.



From the moment you switch on your PC, your system faces countless Internet-borne dangers, including spyware attacks, viruses, Trojan horses, home-page hijackers, and hackers trying to weasel their way into your system. And the Internet isn't the only source of trouble. Anyone with access to your PC can invade your privacy by prying into which Web sites you visit -- and learning a great deal more as well.
But fighting back is easy. We've found 15 great pieces of software -- firewalls, spyware busters, antivirus software, rootkit killers, and general Internet security tools -- designed to protect you against any dangers that come your way. They're free, they're powerful and they're easy to use. So what are you waiting for? Start downloading.
Preventing and Eliminating Malware
From firewalls to antivirus software to tools for combatting rootkits and spyware, here are some great downloads to protect your system against malicious attacks.
ZoneAlarm
Check Point Software's ZoneAlarm may well be the most popular free firewall on the planet, and the most recent release (finally) protects Vista machines. Arguably, ZoneAlarm is the product that made everyone conscious of the need for firewall protection. It's extremely easy to use, and its method of configuring outbound protection is particularly useful. Whenever a program tries to make an outbound Internet connection, ZoneAlarm announces it with a pop-up alert. You can then permit or disallow the connection, on a one-time basis or permanently. Configuring your level of protection is a simple matter of moving a few sliders. Though the free version of the software is exclusively a firewall, Check Point also offers for-pay security suites. But if all you're looking for is a firewall, stick with the free version.
Comodo Firewall Pro
ZoneAlarm is extremely popular, but that doesn't automatically make it the best free firewall you can find. One formidable contender is Comodo Firewall Pro, which independent testing site Matousec rated as the top firewall. Matousec found that Comodo offered the highest level of antileak protection, one measure of a firewall's effectiveness. Comodo offers true two-way firewall protection, is highly configurable, and (unlike most other firewalls) provides a great view of your system and your Internet connection.
Continued...
1 | 2 | 3 | 4 | 5 | NEXT

Beware of emails "You've received a postcard from a family member!"

Hydra-headed 'Storm' attack starts

Web-based attack poses as greeting card, tries three exploits

A new round of greeting-card spam that draws users to visit attack sites relies on a sophisticated multipronged, multiexploit strike force to infect machines, security professionals said late today.

Captured samples of the unsolicited e-mail have all borne the same subject line -- "You've received a postcard from a family member!" -- and contain links to a malicious Web site, where JavaScript determines whether the victim's browser has scripting enabled or turned off.
"If JavaScript is disabled, then they provide you a handy link to click on to exploit yourself," said an alert posted Thursday afternoon by SANS Institute's Internet Storm Center (ISC). Some users turn off scripting because it is a frequent attack vector; browsers with JavaScript enabled are simply fed a two-part package of downloader and malware.

The quick browser status exam in this attack is somewhat similar to one used in a different exploit tracked by Symantec Corp. since Tuesday, but the two are not connected, said Oliver Friedrichs, director of Symantec's security response group. "They're using two different tool kits, but they're both prime examples that exploits against browsers are more and more prevalent," he said.

Today's greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed "the Hail Mary" by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.

The ISC said several antivirus vendors had tentatively pegged the executable file, which is offered to users whose browsers have JavaScript disabled, as a variation of the Storm Trojan horse, an aggressive piece of malware that has been hijacking computers to serve as attacker bots since early this year. According to the ISC's warning, computers already compromised by Storm -- a.k.a. Peacom -- are hosting the malware, and the attackers are rotating those machines' IP addresses in the spam they're sending.

"Every Storm-infected system is potentially capable of hosting the malware and sending the spam, but only a few will be used in any given run," said the alert, "depending on how many e-mails they want sent and how many Web hits they're expecting."

Hackers haven't abandoned the practice of attaching malware to e-mail, then counting on naive users to open the file, said Friedrichs. But malware-hosting sites are the trend. "It's much more difficult to send a full malicious file," he said, because of users' learned reluctance to open suspicious files and filtering and blocking tactics by security software.
"This is widespread, and leads the user to multiple IP addresses," said Shimon Gruper, vice president at Aladdin Knowledge Systems Inc., a security company known for its eSafe antivirus software. "There's not a single server, there are multiple exploits, [and the e-mail] has no attachments. This will be very difficult to detect."

Two days ago, a Symantec honeypot captured a similar Web site-hosted attack that had an arsenal of exploits at its disposal. That attack, however, featured an unusual, if rudimentary, browser detector that sniffed out whether the target computer is running Microsoft's Internet Explorer (IE) or Mozilla Corp.'s Firefox. If the attack detects IE, it feeds the machine a Windows animated cursor exploit. If it finds Firefox, however, the sites spit out a QuickTime exploit.

Iphone set to hit shelves tomorrow

But is it going to live up to all the hype? According to most analysts no!

After five months of increasing hype, tomorrow marks the day for the consumers to find out if the Iphone is really "all that". Sink or swim? Best damn piece of consumer electronics gear ever or just another phone? We'll have to wait and see, but in the mean time we can read up on the reasons not to have Iphone envy

Iphone Drawbacks:
From a slow data network to a sealed battery, here are some of the drawbacks to consider before you buy the season's hot phone.

Limited network speeds: iPhone will not run over AT&T Inc.'s highest-speed 3G network based on high-speed downlink packet access (HSDPA) technology. The iPhone will only run over AT&T's 2.5G enhanced data rate for GSM evolution (EDGE) network. HSDPA supports download speeds of 400Kbit/sec. to 700Kbit/sec. and bursts up to 1Mbit/sec. However the
EDGE network only averages download speeds of 70Kbit/sec. to 135Kbit/sec.
AT&T has acknowledged this potential problem by announcing upgrades to its EDGE network in anticipation of the iPhone launch. And of course, the iPhone will support Wi-Fi, which will make Web page downloads much more feasible if you're in range of a hotspot.

Limited third-party apps: Lots of cell phone power users get more value out of the applications they've loaded on their handsets themselves than the often lame or expensive offerings from their carriers. When the iPhone was first announced, third-party apps seemed shut out entirely, a move that prompted one online petition of protest. Now Apple says that developers can create iPhone apps that run in Safari. Only two problems with that: First, those apps may be fairly poky given the iPhone's slower EDGE network connection. Second, many developers seem to hate writing for Safari. As PC World forums member dazeddan said, "As a developer, we have more problems designing around Safari than any other platform. I wish it would just go away."
It costs how much?! You've probably already heard about the iPhone's astronomical price: $500 for a 4GB model and $600 for 8GB. But you may not have calculated all the other costs associated with buying one. You'll have to make a two-year commitment to AT&T at a per-month cost that starts at $60, recent reports say (though that includes unlimited data access, something AT&T often charges $40 for on smart phones). And unlike with pretty much every other phone in the world, making that commitment doesn't knock down the price, it's just a requirement. Plus, if you're in the midst of a prior two-year commitment with a competing carrier, your cost of iPhone ownership could be further inflated by the early termination penalty you'll pay your current carrier. And finally, AT&T doesn't always receive high marks for its service. You may be okay with the deal now, but how will you feel in a year if the iPhone is no longer the coolest handset on the planet?
Businesspeople need not apply: It's a safe bet that many professionals will want an iPhone. But BlackBerry, Windows Mobile, Palm, and Symbian smart phones offer a long list of business-related features that the iPhone apparently won't, at least upon release. For instance, while the iPhone apparently will connect with Exchange servers, it will require some security trade-offs that could make your IT department nervous. There's no word on connecting to Domino servers. And though you can open Word and Excel files on the iPhone, you can't edit them.
Don't even try to swap that battery: Like the original iPod, the iPhone has its battery enclosed in a superslim case among tightly negotiated electronics and behind a top surface of glass--reducing the chances of a DIY battery replacement to next to nil. So if your battery life dwindles to roughly 6.5 minutes per charge, or the battery malfunctions, you'll have to send your iPhone in for repair.


Read more of pcworld's list of Potential Drawbacks

So you've changed your mind and don't want an Iphone!
Well pcworld has you covered there. Read their article comparing Iphone alternatives

Beware Harry Potter Spoilers a Phishing Scam

An attacker named "Gabriel" claims to have stolen the text of the upcoming "Harry Potter and the Deathly Hallows" from Bloomsbury Publishing by use of a phishing scam.

He has published what he claims are all of the plot points—including main characters who get killed and the final outcome of the seven-book series.

Gabriel says he used "the usual milw0rm downloaded exploit." The exploit entailed delivering to a Bloomsbury employee an e-mail with an invitation to click on a link, open a browser and click on a maliciously crafted animated icon that allowed the attacker access to the victim's system.

"It's amazing to see how much [sic] people inside the company have copies and drafts of this book," Gabriel wrote in a posting on Insecure.org. "Curiosity killed the cat." (Ed. note: Spoiler alert: Do not click on the link to read Gabriel's posting if you don't want to have the plot spoiled.)

milw0rm is a group of politically motivated "hacktivists" whose most famous exploit was penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Bombay, the primary nuclear research facility of India, on June 3, 1998. They have anti-nuclear and pro-peace agendas and, in this case, anti-Harry Potter and pro-Pope Benedict XVI.

"We did it by following the precious words of the great Pope Benedict XVI when he still was Cardinal Joseph Ratzinger," Gabriel said. "He explained why Harry Potter bring the youngs [sic] of our earth to Neo Paganism faith. So we make this spoiler to make reading of the upcoming book useless and boring."

Gabriel said he did it "to protect you and your families."

This weeks hot offerings from Dell

Prices valid 6/21-6/27

Dimension C521 featured at $419.
AMD Athlon 64 X2 Dual-Core 3600+ 1GB Dual Channel DDR2 19 inch Samsung 941BW Widescreen LCD Monitor and more!!

Inspiron 1501 featured at $549.
AMD Athlon 64 X2 Dual-Core Mobile Technology TK-53 15.4 inch Wide Screen XGA Display 1GB DDR2 and 80 gig hard drive and more

Inspiron^TM 1501 $499
AMD Turion X2 Dual-core Processor, Windows Vista^TM or Windows^® XP,15.4" Widescreen, 1GB Memory, 60GB Hard Drive, CD/DVD Burner and more

Up to $100 off select* Dell™ laser printers.

AT&T Launches $10 DSL

AT&T has quietly begun offering DSL service for $10 per month for new customers. Offered as part of the concessions made to the Federal Communications Commission in order to gain approval for its merger with BellSouth, the speed is nothing to get excited about: 768Kbps down and 128Kbps up. However for the budget minded or those in an area that will only allow these speeds its a great way to save $60/year

AT&T is doing little to publicize the new offering. In fact, most people looking for the low-price service have only been able to find it by clicking on the Terms and Conditions link at he bottom of AT&T's residential high-speed Internet product page. A note on AT&T Yahoo! High-Speed Internet buried six paragraphs down says that the "basic speed ($10.00)" tier is available to new customers only, those who have not subscribed to AT&T or BellSouth DSL during the past 12 months, and the service requires a one-year contract.

Customers must also order phone service to get the budget-priced DSL service; those looking for cheap, naked DSL should look elsewhere. Those living in BellSouth's former territory can get naked DSL for the next two-and-a-half years, however. The terms of the merger state AT&T is only required to offer the $10 per month tier for the next two-and-a-half years. After that, the company is free to make whatever changes it wants to the service.

While this is not a top notch deal, it is fairly good for those that haven't yet made the switch from dial-up, anyone on a tight budget or those of you that only browse the net and check emails.

Hackers compromise 10k sites, launch 'phenomenal' attack

The large-scale attack is based on the multiexploit hacker kit dubbed 'Mpack'

Attackers armed with an exploit tool kit have launched massive attacks in Europe from a network of at least 10,000 hacked Web sites, with infections spreading worldwide, several security companies warned today.

As early as last Friday, analysts reported the opening salvos of a large-scale attack based on the multiexploit hacker kit dubbed "Mpack." The mechanics of the attacks are complex, but essentially attackers taint each compromised site with code that then redirects visitors to a server hosting the Mpack kit -- a professional, Russian-made collection of exploits that comes complete with a management console to detail which exploits are working and against what countries' domains.

Infected computers are fed a diet of malicious code, largely keyloggers that spy out usernames and passwords for valuable accounts such as online banking sites.
"The gang behind the attack has successfully compromised the homepages of hundreds of legitimate Italian Web sites," said Symantec Corp. researcher Elia Florio in a posting to the vendor's security response blog on Friday. "The list of compromised sites is huge and from Mpack statistics this attack is working efficiently."

Florio said that Symantec is uncertain how the sites were originally hacked but that she suspects a common vulnerability or configuration problem at the hosting level.

Paul Ferguson, a network architect at Trend Micro Inc., would only guess at how sites were hijacked but said that "how" is mostly a moot question. What's important, he said, is that "the hackers seem to be able to find a lot of sites to compromise no matter where they look."
By Friday night, Symantec had pegged the number of compromised sites feeding Mpack exploits at 6,000; by today, Websense Inc., a San Diego-based Web security company, said it had tracked more than 10,000. "That's a phenomenal number," argued Ferguson, who said that previous compromised-site attacks using hacker kits could be counted as "several hundred here, a couple hundred there."

Screenshots of the Mpack management console posted by Websense on Monday and Symantec on Friday illustrate the large numbers of computers that have surfed to the compromised sites and the high success rate of the Mpack-delivered exploits. Although the bulk of the victim PCs use Italian IP addresses, U.S.-based machines are not immune.
"The lion's share of the sites we're seeing are in Italy still," said Ferguson, "but we're seeing sites all over the world as well." For instance, Trend Micro has identified hacker-controlled sites hosted in California and Illinois. The California site is hosted by a company Ferguson called "notorious," but he wouldn't divulge the hosting vendor's name.

"The usual advice we give, 'Avoid the bad neighborhoods of the Web,' just doesn't hold water anymore," when legitimate sites have been hacked and are serving up exploits left and right, Ferguson said. "Everywhere could be a bad neighborhood now."

ComputerWorld's summer gadget guide

Whether your summer plans involve hiking, lounging by the pool, hitting the road or doing absolutely nothing, ComputerWorld has yet a list of gadgets to help your summer be as "cool" as possible.

Some of my person favorites include:

EGO Waterproof iPod Case
IPod speaker docks and accessories abound. But how many let you take your iPod safely into the pool? Atlantic's EGO Waterproof Sound Case for iPod ($150) protects your iPod from water -- or even shock damage -- while blasting your tunes all over the backyard or boat through its built-in, waterproof speakers.

ATC2K Waterproof Action Camera
Oregon Scientific's underwater video camera is a perfect fit for today's record-everything society. Waterproof to a depth of 10 feet, the ATC2K captures moving images at 30 frames per second in VGA (640 by 480) resolution.

ATC2K Waterproof Action Camera

Hands-free digital recording options and several different mounting options allow the videographer to place, mount or strap on the half-pound ATC2K anywhere (within reason). It works seamlessly with most video-editing software suites, including Windows Movie Maker, iLife and Final Cut. What's best, however, is the price: At $130, it's an outright steal.

Throw this gadget into the swimming pool with your kids and they'll be occupied all summer. At the very least, it could give you some great blackmail material for later in life.

Sony to cut PS3 prices?

The chairman and chief executive of Sony, Sir Howard Stringer, has said the company was attempting to "refine" how much it could afford to reduce the price of the PS3 console by. Stringer has also been quoted as saying there was "no question" consumers wanted the price to be lower.

In an interview with the Financial Times, Stringer admitted rival console the Nintendo Wii -- which is far outselling the PS3 -- was based on a good business model.

Sony fell short of its PS3 target in the 12 months to 31 March 2007 by 500,000 units. Market analysts are predicting the games division to incur a loss of around $488 million in the current year, despite Sony's claim it has sold more than a million units in Europe and Australasia since the PS3's late March launch there.

Stringer said: "[Price cuts are] what we are studying at the moment. That's what we are trying to refine." He went on to say that he expected "energy [in PS3 sales] by Christmas, and then you will begin to see break-out games".

PS3 sales have been slow -- to be honest, the world over -- owing to its high price and slow, drip-feed supply of games, most of which have been PC game re-writes anyway. Apparently, the Japanese electronics giant has a target of shipping 11 million consoles this year, and with production costs falling many believe Sony will cut prices by USD100 before the crucial Christmas sales period.

Wireless network admins wising up

But drive-by surveys in New York, London and Paris still spot lots of unsecured hot spots


Owners of wireless hot spots are doing better at securing their networks, but about a fifth of corporate access points in London, Paris, and New York remain open to all comers, RSA Security Inc. reported Thursday.

Reprising past surveys, RSA personnel drove or walked through swaths of each city, logging each wireless access point detected by a specially-equipped laptop, and recording data including the service set identifier (SSID), security protocol, signal strength, and operational mode. In New York, for example, the team covered Manhattan's Midtown and Downtown, and parts of Uptown as far north as 125th Street.

On average, survey results were encouraging, said Toffer Winslow, a vice president of product management at RSA. "Folks are securing their access points more, and more with advanced encryption such as WPA rather than plain old WEP," he said.

Wired Equivalent Privacy (WEP) is a 1999-era data encryption standard now considered inadequate, and has been supplanted by WPA, or Wi-Fi Protected Access, which requires stronger passwords and uses a 128-bit key rather than WEP's 40-bit key. However, WEP is still offered as the default security technique by most wireless hardware.

In all three cities, the percentage of hot spots that were secured by some kind of encryption was higher than last year. In London, the numbers improved from 76% to 81%, while New York climbed from 75% to 76%, and Paris moved from 78% to 80%. WPA use also grew, Winslow said, with 49% of the business wireless networks in New York locked down with tighter security. London and Paris came in second and third, with 48% and 41% WPA usage, respectively.

But a substantial percentage of business wireless networks still run without security. Eighteen percent of the detected corporate hot spots in both Paris and London were unsecured, while New York topped that at 21%. "This strikes me as very foolish," said Winslow.

Living almost as dangerously were significant minorities of hot spots that used default SSIDs and media access control (MAC) addresses. In London, 30% of the wireless networks relied on the manufacturer's SSID -- usually the name of the hardware maker, such as Linksys -- or preset MAC address. New York ranked slightly better, at 24%, but Paris beat both by a wide margin: Only 13% of the wireless access points sniffed by RSA in the city of light used defaults.

"Change the default network settings, that's No. 1," said Winslow when asked to list recommendations for wireless users. "Use [encryption] protocols stronger than WEP, and when you're at a public hot spot, VPN is essential.

"I wouldn't even call these 'best practices' anymore" he said. "They're just the reasonable practices."

14 Great Multimedia Utilities from PcWorld.com

Need to record and clean up music, edit video or sound, burn DVDs, and handle other multimedia tasks? PcWorld has assembled some free and try-before-you-buy tools that you won't want to live without.

Your PC is an entertainment powerhouse, just waiting to be unleashed. Its talents include recording and playing music, supporting editing of audio and video files, and burning DVDs and CDs. Unfortunately, the software that came with your PC probably won't handle these tasks with maximum effectiveness. So to help you unlock your system's multimedia power, we've gathered a group of 15 downloads--most of them free, some of them try-before-you-buy--that all do great jobs.

We've chosen software in three categories: media players and burners, video software, and audio software. For working with media players, you'll find everything from Foxy Tunes (which lets you play media from within Firefox) to several superb players to Online Radio Tuner (which tunes in to Internet radio stations) to Express Burn (the best media burner you'll find anywhere).

Our video software selections include programs for saving YouTube videos to your local hard drive, for uploading YouTube videos, for editing video, for converting video to an iPod-friendly format, and for getting TV shows into your Zune.

Finally, our audio downloads offer unique tools for performing such tasks as recording music from vinyl and cassettes to your PC, and eliminating pops, hisses, and clicks.

So if you want to unlock the entertainment power of your PC, it's time to start downloading.

Next page:Media Players and Burners

PcWorlds 100 Best Products of 2007

Each year the editors of PcWorld rank the best PCs, HDTVs, components, sites, and services. Plus: the products they are looking forward to next year, and give insights as to which technologies are rising and falling.

Innovative Web applications, powerful processors, spectacular HDTVs, and creative game consoles--we asked you for your favorites and added lots of our own for our annual roundup of the best hardware, software, and services. Then we looked at each product, rating and debating its design, impact, performance, and value to create our ranking of the best tech products available, from 1 to 100.

Of course, no matter when we plan our best-products story, a few hot contenders--we're looking at you, iPhone--will end up just around the corner. So this year we took time out to run down our five most anticipated products, as well as several hot and not-so-hot technologies. Read on for all that plus slide shows, video, and more.

More on the Best Products of 2007

• The Top 100 Products, in Ranked Order


• The Top 100 Products, in Alphabetical Order


• In Pictures: The Top 20 Products of the Year


• In Pictures: Readers' Picks for Best Products of the Year


• In Pictures: Most Anticipated Products of the Year


• Video: The Best Products of 2007

The Number 1 Product of the Year
Google Apps

1. Google Apps Premier Edition
(Web applications; $50 per user per year) Google is much more than just a search engine, and with its invaluable Google Apps suite, the company is well on its way to challenging Microsoft for productivity-suite supremacy. Google's Docs & Spreadsheets (soon to be joined by a PowerPoint-esque presentation application) already makes for an interesting alternative to Microsoft Office. Combine it with Gmail, Google Talk, and Google Calendar, and suddenly nearly all of your basic productivity programs and data can be available online.

For small businesses that need more than the free versions offer, Google Apps Premier Edition adds capacity, support services, and tools for integrating existing infrastructure so that all your employees can use Google's powerful Web apps--no matter where they are. Printouts may never die, but if Google has its way, the office-less office may become a reality long before the paperless one does.

Next page:The Top 100 Products, Numbers 2 to 10

FireFox add-ons may open doors to hackers

The majority of Firefox extensions are hosted and updated from Mozilla's own SSL-secured site and are not vulnerable to this attack. However a number of broadly used third-party extensions, including Google Toolbar, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, Netcraft Anti-Phishing Toolbar and PhishTank SiteChecker are among the at-risk add-ons that update from their own unsecured servers.

Christopher Soghoian, a Ph.D. student at Indiana University, outlined how "man in the middle" attackers, especially in public wireless networks, could disguise malware as a Firefox extension and surreptitiously plant their code in lieu of a normal update to one of the vulnerable extensions.

"It's sort of a compounding of errors," Soghoian said. "Mozilla didn't tell developers that they should update from a secure link; they erred in assuming everyone would know to do that. But the add-on developers are at fault for not using a secure server."

"It was really frustrating. Firefox was fantastic, but some of the other firms, they either ignored my e-mails or didn't reply," Soghoian said. He fingered Google Inc. as especially uncooperative. Between April 16 and May 24, he sent Google's security team five e-mails but received only one reply, on May 25, that said the group was working on a fix that was to be deployed before today. As of today, however, Google Toolbar was being served from an unsecured URL.

"This was really eye-opening," said Soghoian, who interned with Google's Application Security Team last summer.

"Vendors should be doing everything possible to encourage researchers," he said. "They should be encouraging us to come to them rather than sell the vulnerabilities to iDefense or Tipping Point. Ignoring researchers isn't the best way to encourage an open dialog."

Soghoian recommended that until affected extension vendors release secure updates, users should either remove or disable all Firefox extensions and toolbars that have not been downloaded from the official Mozilla Add-Ons site.

In an e-mail today, Mozilla's director of ecosystem development, Mike Shaver, acknowledged the danger that insecurely hosted and updated add-ons pose, and he urged extension developers to fix the problem.

"We strongly encourage the providers of such add-ons to remedy their hosting situation promptly to minimize the exposure to the users of their software," Shaver said. "Users of add-ons hosted on AMO, including all of the ones we've been working on, are not at risk here."

On another note Mozilla released 6 new patches for FireFox today. The updates bring the current browser to Version 2.0.0.4, and the 2005 edition to 1.5.0.12. Firefox 2.0.0.4 can be downloaded from the Mozilla Web site for Windows, Mac OS X and Linux; Firefox 1.5.0.12, meanwhile, is available from a different page. Current users can also update using the Check for Updates command in the help menu.

Google Adds Street-Level Pictures to Google Maps

Initially, Street View images are available in Denver, Las Vegas, Miami, New York, and San Francisco. Additional cities will be covered in the future.

Google today launched Google Maps Street View, a new Google Maps feature that shows a 360-degree view from the streets of select cities.

"With Street View, you can virtually explore city neighborhoods by viewing and navigating within 360-degree scenes of street-level imagery," said Stephen Chau, product manager for Google Maps, in a blog post. "It feels as if you're walking down the street!"

Initially, Street View images are available in Denver, Las Vegas, Miami, New York, and San Francisco. Additional cities will be covered in the future.

At some point, these images may include live video feeds. While Google has other engineering priorities right now, Alan Eustace, senior VP of engineering & research, expressed interest in live video feeds while speaking with reporters at Google's recent Searchology event and noted that company co-founder Larry Page felt similarly.

Amazon's A9.com search engine pioneered the use of street images in its local search service back in January 2005. The company spent eight months compiling a database of 35 million images in 22 cities by sending drivers around the streets of major cities in vehicles equipped with GPS devices, cameras, and computers. Former A9.com CEO Udi Manber now works at Google as a VP of engineering.

Sony, Philips Unveil Flexible OLED Displays

Two of the world's biggest flat-panel display makers unveiled flexible full-color displays this week.




Two of the world's biggest flat-panel display makers, Sony Corp. and LG.Philips LCD Co. Ltd., unveiled flexible full-color displays at a display industry show in California this week.

Sony took the wraps off its prototype on Thursday and released an impressive video showing the display being bent to form a semi-circle while still displaying a moving video image. The 2.5-inch display has a resolution of 160 pixels by 120 pixels making it a little larger than the typical cell phone screen and a little lower resolution.

The screen from LG.Philips LCD is larger at 4 inches in diagonal width and has a higher resolution of 320 pixels by 240 pixels. In contrast to Sony's video, LG.Philips LCD released only a photo that showed the display curved at a slight angle.

Typically flat-panel displays are built onto thin sheets of glass but the Sony and LG.Philips screens are made on thin sheets of plastic and metal respectively. That allows them to be bent but also introduces a range of other problems such as keeping everything aligned and working while the panel is flexed. Indeed the video of Sony's prototype showed several bad pixels and other problems.

Neither company has said when it thinks the displays will be ready to go on sale but early customers might be attracted to them for reasons other than their flexibility, said Paul Semenza, an analyst with iSuppli Corp., who attended the Society for Information Display conference where they were announced.

"What tends to get forgotten is that these displays are also rugged and lightweight," he said. "Those are valuable properties."

Sony sees OLED technology as important for its future products and is putting a lot of research and development resources behind screens like that unveiled this week.

The screens are different from today's LCD (liquid crystal display) and PDP (plasma display panel) screens in that OLED pixels use an organic material that emits its own light, so no backlight is needed. That means the screens consume less power and can be made thinner. OLEDs also handle fast-moving images better and offer good color reproduction.

At the Consumer Electronics Show in Las Vegas in January the company showed off prototype televisions based on larger, non-flexible 11-inch and 27-inch OLED panels. Thanks to the lack of a backlight the 11-inch prototype was just 11 millimeters thick but displayed a vibrant, colorful image. Sony plans to have its first OLED TVs on sale in Japan this year.

Last week in Tokyo Sony unveiled its latest OLED TV prototypes, which appeared to be close to commercialization. The sets had an integrated digital TV tuner and could also accept a high-definition input via an HDMI (high definition multimedia interface) connector.

Michigan man dodges prison in theft of Wi-Fi

A Michigan man who used a coffee shop's unsecured Wi-Fi to check his e-mail from his car could have faced up to five years in prison, according to local TV station WOOD. But it seems few in the village of Sparta, Mich., were aware that using an unsecured Wi-Fi connection without the owner's permission--a practice known as piggybacking--was a felony.

Each day around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car and--without actually entering the coffee shop--check his e-mail and surf the Net. His ritual raised the suspicions of Police Chief Andrew Milanowski, who approached him and asked what he was doing. Peterson, probably not realizing that his actions constituted a crime, freely admitted what he was doing.

"I knew that the Union Street had Wi-Fi. I just went down and checked my e-mail and didn't see a problem with that," Peterson told a WOOD reporter.

Milanowski didn't immediately cite or arrest Peterson, mostly because he wasn't certain a crime had been committed. "I had a feeling a law was being broken," the chief said. Milanowski did some research and found Michigan's "Fraudulent access to computers, computer systems, and computer networks" law, a felony punishable by five years in prison and a $10,000 fine.

Milanowski, who eventually swore out a warrant for Peterson, doesn't believe Milanowski knew he was breaking the law. "In my opinion, probably not. Most people probably don't."

Indeed, neither did Donna May, the owner of the Union Street Cafe. "I didn't know it was really illegal, either," she told the TV station. "If he would have come in (to the coffee shop), it would have been fine."

But apparently prosecutors were more than aware of the 1979 law, which was revised in 2000 to include protections for Wi-Fi networks.

"This is the first time that we've actually charged it," Kent County Assistant Prosecutor Lynn Hopkins said, adding that "we'd been hoping to dodge this bullet for a while."

However, Peterson won't be going to prison for piggybacking. Because he has no prior record, Peterson will have to pay a $400 fine, do 40 hours of community service and enroll in the county's diversion program.

Software pirate to pay $205,000 fine for illegal eBay sales

The defendant also agreed to help authorities ID others involved in the scheme

May 22, 2007 (Computerworld) -- A software pirate who sold illegal copies of Symantec Corp. software on the online auction site eBay Inc. has agreed to pay a $205,000 fine.

In an announcement today, the Software & Information Industry Association (SIIA) trade group, which filed suit in the case on behalf of Symantec -- a SIIA member -- said the defendant has also agreed to assist authorities in identifying the parties who actually made and distributed the illegal software that was sold.

Keith Kupferschmid, senior vice president of intellectual property for the Washington-based SIIA, said the name and location of the defendant is being kept secret under the terms of the settlement.

"We give a certain level of confidentiality in order for us to get additional information," Kupferschmid said. The lawsuit, Symantec et al. v. Chan (a pseudonym) et al., was one of several civil cases brought by the SIIA. Several cases are still pending, as are several criminal cases being brought by the FBI, he said.

The case was originally filed in U.S. District Court in the Central District of California as part of the SIIA's Auction Litigation Program, which was started to monitor online auction sites for illegal software sales and file related lawsuits on behalf of member vendors.

Some 90% of the software sold on auction sites such as eBay is counterfeit, according to studies, Kupferschmid said.

The $205,000 settlement is in excess of the amount the unnamed software pirate made through the sales of the software.

In the lawsuit, the SIIA charged the defendant with infringing on Symantec's copyrights and trademarks in such titles as Norton PartitionMagic, Norton AntiVirus, pcAnywhere and Norton SystemWorks, as well as illegally reselling OEM, unbundled and counterfeit software.

The SIIA says it represents more than 800 members, including software and information companies.

Top Threat: Windows Hacktivation

Symantec is reporting on a Trojan horse that mimics the Windows activation interface.

What they are calling Trojan.Kardphisher doesn't do most of the technical things that Trojan horses usually do; it's a pure social engineering attack, aimed at stealing credit card information. In a sense, it's a standalone phishing program.

Once you reboot your PC after running the program, the program asks you to activate your copy of Windows and, while it assures you that you will not be charged, it asks for credit card information. If you don't enter the credit card information it shuts down the PC. The Trojan also disables Task Manager, making it more difficult to shut down..

Running on the first reboot is clever. It inherently makes the process look more like it's coming from Windows itself, and it removes the temporal connection to running the Trojan horse. The program even runs on versions of Windows prior to XP, which did not require activation.

This is not an attack that will sneak by you. The executable is nearly 1MB large. But if you find yourself in this situation you should be able to disable it in Windows Safe mode by removing the registry keys described in the Symantec writeup and deleting the program it points to. Updated antivirus software should also be able to remove it.

Yahoo shuting down popular services

Yahoo Inc. has told users it will shut down its North American Web auction site. Just last week they announced plans to shut down Yahoo Photos in June, asking users to move to Yahoo's Web 2.0 photo sharing site, Flickr.

According to a message posted on the Yahoo Auctions site at auctions.yahoo.com, the service will no longer accept new auction lists from June 3. The last day to bid or buy goods and services on the auction site is June 16.


The latest closure applies to Yahoo's U.S. and Canadian auction sites. Yahoo auction sites in three Asian markets—Hong Kong, Singapore and Taiwan will remain open.

"After careful consideration, we have decided to close down our Yahoo US and Canada Auction sites to better serve our valued customers through other Yahoo properties," the U.S. auctions site told visitors on Tuesday.

Yahoo continues to offering a range of U.S. e-commerce sites, including ones for shopping, auto sales, classified advertising and small business.

On Friday, Jeff Weiner, executive vice president of Yahoo's Network Division, said in a company statement: "We are making great strides in our ongoing efforts to align Yahoo's resources and focus on core strategic priorities."


According to audience measurement firm comScore Inc., online auction leader eBay Inc. accounted for more than 94 percent of online auctions activity among U.S. Web users last week. Online retail giant Amazon.com Inc.'s U.S. auction site accounted for one-third of a percentage point, while Yahoo's auctions held only an 0.2 percent share.

"It comes with little surprise given Yahoo's advertising relationship with eBay, and eBay's massive dominance of the auction category," Hitwise research director LeeAnn Prescott wrote in a blog post.

A year ago, eBay and Yahoo announced a strategic alliance to cooperate on a range of services in their core U.S markets.

As of Friday, May 4, 2007 certain Yahoo auction features were discontinued. A limited set of customer service features and account tools will be available through October 29.

Memory prices drop again analyst expect good eals through June.

DRAM prices drop again; deals likely through June

A glut in the memory market is keeping prices down

Users looking to add more dynamic RAM to their PCs are likely to see bargains throughout May and June as prices of memory chips continue to crash.

The contract price of the most widely used DRAM -- 512Mbit, 667-MHz double data rate, second generation (DDR2) chips -- slid below $2 for the first time in the first half of May. The chips dropped 8.8% from mid-April to $1.94 per chip, according to DRAMeXchange Technology Inc., a Taiwan-based company that runs an online DRAM market.

That's great news for users. Falling DRAM rates can help offset recent increases in prices for LCD panels and keep PC prices in check. Users wanting to boost their systems' speed can also add more DRAM at a low cost. These prices aren't likely to last longer than the next few months. At $1.94 each, the chips are well below the $2.50 to $3 cost of production for chip makers, which will likely shift their production strategies in order to reverse the decline.

The second half of the year is also the strongest for PC sales, another factor that could stop the current downward trend.

DRAMeXchange said the DRAM market appears to be weaker than expected in May and June, and many companies in the supply chain, including module makers and PC vendors, have already built up inventories. Prices won't rebound until these inventories are drawn down.

The fall below $2 was also significant because of its relative ease, noted Gartner Inc. There was less resistance at that psychologically important level than expected, the industry researcher said.

Even though chip makers are producing DRAM at a loss, prices may not rebound quickly. The companies have to continue selling the chips to bring in cash so they can pay for their expensive DRAM factories. They could try shifting some production to other products, such as NAND flash memory and image sensors, where prices are firmer, but it takes months to tweak production lines for such a change. BY making that kind of shift, they could miss an uptick in the DRAM market.

Around three-fourths of all DRAM chips are bought and sold through contracts between DRAM makers and major PC vendors such as Dell Inc. Prices are renegotiated twice per month. The remaining one-fourth is sold on open spot markets, like commodities such as oil and gold.

Contract prices of the chips have fallen 67% since the start of the year, when they were fetching $5.95 each. Although many analysts watch DRAM prices as an indication that PC shipments might be slowing down, that's not likely the case this time.

DRAMeXchange said the decline was caused by chip makers switching some production lines to DRAM from NAND flash memory, which had seen prices fall for nearly six months before recently stabilizing. The change has caused an oversupply in DRAM, while the glut in NAND flash memory has eased. There does not appear to be any problem with the PC market, analysts said.

Joost gone wild!

Everywhere you turn these days Joost is all the buzz. From forum to forum, friend to friend invites or requests for invites seem to be spreading everywhere. Well why not spread it to my section of the world. Ive recently become a beta tester and now have a few Joost invites available. For more information on the Joost phenomena read my previous post "Joost ready to go live".

So far from my limited testing I'd have to say I can see a lot of potential here. However there seem to be a few things in the interface that I find lacking. The speed of the streaming video seems to be adequate, however on 384k-1.5mb AT&T dsl its nowhere near functional.

As it is still in beta mode and I've only been able to test it for a short period of time I'll limit my skepticism and say that I am optimistically hopeful that it not just a bunch of hype!

Top 15 geek blog sites

Lifehacker took our top spot because of its great time-saving tips
Computerworld staff

May 01, 2007 (Computerworld) -- Some blogs educate, help people collaborate, spark ideas and just plain expand our thought universe. Others stir emotions and anger us or make us laugh. The editors of Computerworld got together and offered up a list of their favorite blog sites. We pared down more than 50 submissions to the top 15 technology blog sites based on breadth of information, newsworthiness, design, frequency of updates and entertainment value.

Sure, the list is subjective, but we think this is one of the best catalogs of blogs that has ever been published. The entries ran the gamut, from serious technology news and reviews to commentary on games and the latest tech gadgets. We included some honorable mentions at the end because the competition was so close.

Of course, not everyone will agree with our selection. If you think a blog site that's not on our list deserved a top 15 spot, share it with us in the comments section.

1) Lifehacker
www.lifehacker.com
Lifehackers' motto says it all: "Don't live to geek, geek to live." This blog offers timesavers of just about every stripe, from Firefox shortcuts to tips from the "Getting things done" faithful.

2) IT Toolbox Blogs
http://blogs.ittoolbox.com
IT Toolbox has a number of "in the trenches" IT pros who talk about technology and management issues. There are specialist blogs dealing with security, databases and project management, among other subjects. It's a versatile site.

3) Valleywag
http://valleywag.com
Bring in the noise, bring in the snark. Valleywag is for those who believe that the tech industry lives or dies by the scuttlebutt pinging around Silicon Valley. And it's amusing for those of us who prefer that the lotus-eaters of Northern California stick with the dishing and tongue-wagging, leaving the rest of us to get the real work done.

4) Kotaku
http://kotaku.com
Kotaku is the snarky, gamer uber-blog. It has everything from reviews and gossip to cheat tips. Just about anything you'll ever need, including which game to buy and how to play it.

5) Danger Room
http://blog.wired.com/defense
Wired's military and defense blog writes about some of the coolest and scariest military technologies -- not to mention scandals, debates and other military news. Lots of video and imagery are included.

Next page

Tired of that big bulky computer? Buy one the size of your wallet!

Via details credit-card-size motherboard

Taiwan's Via Technologies Inc. on Thursday released details of its upcoming Pico-ITX motherboard, which is roughly the same size as a credit card and opens the door to very small PC designs.

Measuring just 10 centimeters (cm) by 7.2 cm -- or about 4 in. by 3 in. -- the Pico-ITX is designed for Via's C-7 and Eden microprocessor families. It uses chip sets like Via's VX700, which packs the memory controller, integrated graphics and I/O hub into a single chip instead of two. The motherboard has a single memory slot that can hold up to 1GB of DDR2 (double data rate 2) memory.

Via hasn't announced precisely when the new boards will be available but said it plans to release its first Pico-ITX product "shortly."

In the meantime, Via has published a detailed overview of the motherboard's specifications (download PDF), hoping to win device makers over to the new motherboard form factor.

Via is the third-largest supplier of x86 processors, trailing far behind Intel Corp. and Advanced Micro Devices Inc. But the Taiwanese chip company has blazed a trail to PCs that are smaller and consume less power than anything seen before.

Five years ago, Via began shipping the first Mini-ITX motherboards, designed for embedded applications, which caught on with enthusiasts interested in making smaller PCs. Measuring 17 cm by 17 cm, or roughly 6.5 in. square, the Mini-ITX is significantly larger than the Pico-ITX.

How to Speed Up Movie Downloads

Researchers have designed a new way to get the most out of peer-to-peer file-sharing networks, decreasing the time it takes to download movies and music.

By Brendan Borrell TechReview.com

Let's face it: peer-to-peer file transfers on the Internet are slow. More than half of all downloads fail, and the average transfer time for a 100-megabyte file is more than 24 hours. But now, a team of computer scientists led by Himabindu Pucha at Purdue University, in Indiana, say that they can double the speed of these transfers by taking advantage of overlap in data chunks contained within nonidentical multimedia files posted on peer-to-peer distribution networks. This would improve the likelihood of success of these transfers.

Locating that file with just 10 percent similarity could speed up downloads by 8 percent. For music files with greater than 90 percent similarity, a five-minute download on BitTorrent would take just over two minutes with SET.

Peer-to-peer distribution networks such as BitTorrent and Kazaa allow people to download individual files from others' computers. These systems first locate the copies of the requested file in the network's global lookup table using its "hash"--a unique identifier computed from the file's data sequence. Then, the file is divided into chunks so that each user's computer only has to upload a small piece of it. This technique speeds up file transfers because home users typically have greater bandwidth allocated to downloads compared with uploads. Of course, the overall speed of the transfer will depend on the number of file sources and how much spare upload capacity they have. The more popular a file is, the faster it is to download and the greater the chance of success.

Computer scientist David Andersen, a professor of computer science at Carnegie Mellon University, worked with the Purdue group to develop a way to increase the size of the pool of uploaders called similarity-enhanced transfer (SET). The approach takes advantage of multiple variants of the same music files, video clips, and software, which are often floating around file-distribution networks. "We hope that SET gives you access to a larger pool of people to download from," says Andersen. "And by doing so, we think you're more likely to find one of these people who have more spare capacity."

Before Andersen and his colleagues conducted their study, it was not at all clear how much redundancy existed in file-sharing networks and whether it could be exploited, says Cornell University computer scientist Emin Gün Sirer, who was not involved in the study. The SET team analyzed almost two terabytes of music and video files from file-sharing networks, and it discovered that similar files typically shared anywhere between 20 and 99 percent of their content. With music files, even misspellings in user-defined header labels that identify artist and song titles are enough to throw off BitTorrent, despite the fact that 99 percent of the file is the same. Similarly, multiple versions of the same video are often available with different language tracks.
Next Page

Windows Xp and Vista Tips for Everyone

Whether you've jumped to Vista or are sticking with XP, our tips will make your computing faster and safer--and even a little more stylish.
Preston Gralla, PC World

Right out of the box, Windows is just a so-so operating system. It doesn't really reach its potential until you've cracked it, hacked it, and otherwise bent it to your will.

Whether you want to speed up XP, customize Vista's Aero interface, manage your disk partitions, or do quick-and-dirty photo editing, our Windows projects will show you how. We start off with some performance boosters, and then move on to cover file management, interface tweaks, network and browser options, and Windows Media Player.

The work isn't done until you plug Windows' many holes, which we cover in "Tweak Security Settings in XP and Vista." If you're switching over to the new OS, see our tips in "Make the Move to Vista," and then try our Vista alterations in "Change Vista's Defaults."

Continued at pcworld.com

AMD lowers desktop-chip prices

Monday April 9th AMD announced further price reductions on some of its best desktop processors, a sign there is still no end in sight to its price war with rival Intel Corp. With Intel slated to lower prices at the end of April this ss great news for users. We have been treated to improved microprocessor technology and better deals over the past year as the two giants slug it out.

AMD slashed prices on its top-of-the-line desktop PC microprocessors to US$799 per pair for the 3GHz version and US$599 for a pair for the 2.8GHz version, from US$999 and US$799, respectively, in its previous price list issued on Jan. 22. The company also reduced the price of some of its best dual-core processors, the Athlon 64 X2 5600+, which runs at 2.8GHz, to $241 each, from $505, and the Athlon 64 X2 5200+, to $188 from $295.

In addition, AMD lowered three of its dual-core offerings for the desktop to below $100 each. The new price list shows AMD isn't about to back down in this price war despite the obvious impact on its finances.

With Intel slated to make a 20-40% cut in prices of the popular core 2 duo core 2 extreme and core 2 quad processors as well as the recent fall in Memory prices May looks to be a great month for upgrading your current rig to something top notch.

Joost Is Ready To Go Live

TV, the way you want it

The magic of television, with the power of the internet built right in. Joost puts you in control, and TV will never be the same again. Currently, the software is in beta-testing stage. A beta invite is required to join the Joost community however it should be available to the public soon.

Joost (pronounced 'juiced') is an interactive software for distributing TV shows and other forms of video over the Web using peer-to-peer tv technology, created by Niklas Zennström and Janus Friis (founders of Skype and Kazaa).

Joost began development in 2006. Working under the code name "The Venice Project," Zennstrom and Friis have assembled teams of some 150 software developers in about a half-dozen cities around the world, including New York, London, Leiden and Toulouse. Joost's CTO is Dirk-Willem van Gulik.[1]

The teams are currently in negotiations with TV networks. It has signed up with Warner Music, Ministry of Sound TV and production company Endemol for the beta.[2] In February 2007, Viacom entered into a deal with the company to distribute content from its media properties, including MTV Networks, BET and film studio Paramount Pictures.

Company representatives have gone on record as saying the name should be pronounced as "juiced"[3]. This differs from the pronunciation of the Dutch first name Joost, which is pronounced 'Yohst.'

The program is based on P2PTV technology and is expected to deliver near-TV resolution images. It turns a PC into an instant on-demand TV without any need for additional set top box. News updates, discussion forums, show ratings, and multi-user chat sessions (often linked to the active stream/channel) are made possible through the use of semi-transparent widget overlays.

The current version of the software is based on XULRunner and the audio management re-uses the ZAP Media Kit. The peer to peer layer comes from the Joltid company, which also provided the peer to peer layer of Skype. The video playback utilizes the CoreCodec, CoreAVC H.264 video decoder.

Operating system support

Currently, Joost beta/alpha software supports:

* Windows XP Home/Professional with SP2
* Windows Vista
* Mac OS X 10.4.6 and above

This support is limited to computers running with x86 processors (Intel, AMD, etc.).

A PowerPC version is planned to open support for Mac users without Intel processors. Linux versions are also reportedly in development, and the port to "Linux and PowerPC" is in the midst of development.

As opposed to streaming technology in which all clients get the feed from the server, P2P TV technology differs in the sense that the servers serve only a handful of clients; each of the clients in turn propagate the stream to more downstream clients and so on. This moves the distribution costs from the channel owner to the internet service providers.

The Joost service will be ad-supported, with advertising analogous to that shown on traditional TV, according to CEO Fredrik de Wahl.

For more information and great reviews visit cybersurge.org

'Do I have to be online to get to the Internet?' (and other crazy help desk questions)

Readers provide their own 'you can't make this stuff up' stories
David Ramel (Computerworld)

Readers really enjoyed our last compilation of "Crazy questions that stump the help desk," and many sent in stories of their own bizarre experiences with users for everyone to enjoy.

One reader recommended that we start a regular column of these things. Hmm....

So let's keep this train a-rollin'! Send your own wacky, unbelievable, twisted or just plain kooky stories to david_ramel@computerworld.com

But right now, sit back, relax and have a chuckle.

(Note: Where we didn't get permission to use full names, we have used initials.)

Yes, it was a real question

I work at an IT help desk, and I once got a call from a student at our university that baffled me to no end.

I answered the phone, "Computer services help desk, how may I help you?"

The student responded, "Yeah, I have a question. Do I have to be online to get to the Internet?"

-- M.H.

The wrong ruler

We work on a storage team and frequently allocate storage for projects. One work order requested storage space for a document imaging system that could scan documents and store them digitally.

After receiving the work order, I contacted the lead engineer to ask how large each digital doc would be on average, to which the engineer replied: "8-1/2 by 11!"

-- D.S.

You don't want a mouse with a broken leg, do you?

I had a user who called the help desk complaining that her mouse wasn't working properly. She couldn't really explain the problem and asked me to dial into her PC so she could show me.

I used NetMeeting to access her PC remotely and asked her to demonstrate the problem. She did so and I saw the mouse cursor move to almost be able to click on an icon and then stop.

I asked her what the problem was and she said she couldn't move the mouse any farther ... or it would fall off the mouse pad!

-- Jeff Wingate

You didn't say whose tech you supported

Once a "customer" called tech support and immediately showed his disgust and demanded to talk to engineering. Since I am the software support engineer, the call was forwarded to me, and I let the "customer" vent for several minutes, wondering what he might be talking about.

After he was done bashing the product, I asked him which piece of software he was using. He replied with the name of a competitor's product -- he apparently dialed the wrong support number.

Continued

The Google phone revealed

It's real, it's spectacular, but it's not what you think
Mike Elgan

You've heard that Google is working on a cell phone everyone is calling the Google Phone. And you've also heard that they're not working on one. Well, which is it?

The "evidence" is compelling in both cases:

* A pervasive rumor suggests that Google operates a secret lab staffed with 100 engineers and led by former Apple executive, Andy Rubin, the designer of the Sidekick mobile gadget who now works for Google.

* The U.K.'s Guardian reported late last year that Google held talks with Orange, the giant European carrier owned by France Telecom, on a "multibillion-dollar" deal involving a co-branded cell phone made by Taiwan's HTC.

* Recently, someone claimed in an online post to have taken part in a market research survey in which he was asked questions about a possible Google phone made by Samsung. The poster says the phone bill for this device would be subsidized by advertising.

* Google's top executive in Spain, Isabel Aguilera, told Noticias.com that "some of our engineers' time is dedicated to the development of a mobile phone," according to a translation on the Ars Technica Web site.

* Venture capitalist Simeon Simeonov of Polaris Venture Partners blogged recently that Google is working on a "BlackBerry-like device" code-named Switch, powered by an operating system and optimized Java that supports voice over IP.

* Nomura analyst Richard Windsor reportedly told clients last week that Google confirmed at CeBIT that it's working on a phone designed to "bringing Google to users who don't have a PC."

All that sounds pretty convincing. But other facts suggest that Google is not working on a handset:
continued

Connecticut Investigating Best Buy's Intrastore Web Site

By Evan Schuman, Ziff Davis Internet

Best Buy is getting into some hot water because of an intrastore version of its Web site.

The Connecticut Attorney General's Office has launched a probe into the chain's use of an internal version of its Web site that looks and acts virtually identical to the public Web version except that it sometimes offers higher prices, according to Connecticut Attorney General Richard Blumenthal.

Blumenthal, in a telephone interview with eWEEK.com on March 3, said his office began the probe after a column published by The Hartford Courant raised questions about the site.

Although the probe began on Feb. 9, Best Buy officials have yet to formally talk with the attorney general's investigators, instead opting to send "a written communication," Blumenthal said. That communication was less than explicit, he said. In an interview with the Courant, Blumenthal said, "Their responses seem to raise as many questions as they answer. Their answers are less than crystal clear."

What Best Buy is accused of doing is misleading consumers. The original reports had store associates disputing special offers announced on the Web site and making their case by calling up a copy of the Web site right there and then, in the store.

The initial question raised by the reports were whether this was simply a matter of having Web site prices for Web purchases—requiring the delay of shipments for the consumer and the lack of brick-and-mortar costs for the retailer—being different from in-store prices. But the initial defenses offered by Best Buy—both to local media and to the Connecticut Attorney General's Office—make no mention of this. If that were the case here, one would think it would be the first defense offered.

The Courant columnist, George Gombossy, told eWEEK.com that employees described to him their ability to access either the public Web site or the intrastore version, depending on what they wanted to do.

He published an account of his attempts to replicate the problems of one of his readers, in which he was indeed able to reproduce the apparent dual Web site bait-and-switch scheme, he said. He wrote that one "long-time employee" showed him both versions of the site.

"The salesman told me it was a site that only employees could access because it contained confidential information as well as item prices. Sometimes, as in the case of [a product that had been purchased by the reader who complained], the clerk said, the intranet site would not show the discount. In rare cases, the intranet site will show an even lower price than the Internet site."

Best Buy officials did not immediately return calls seeking comment, but they apparently did issue a statement to the Courant that said, in part: "Although we have an intra-store web site in place to support store operations—including products and pricing—we are reminding our employees how to access the external BestBuy.com web site to ensure customers are receiving the best possible product price."

That line prompted Gombossy to try to put that education process into context. "That last sentence seems to indicate that Best Buy, which is supposed to be staffed by tech-savvy employees, is putting the blame on memory lapses: that employees have somehow forgotten how to access BestBuy.com from the store. Having been to many Best Buy stores where some helpful employees showed me how they access the intranet and Internet, I can assure Best Buy officials that the re-education process will probably not be lengthy," he said. "After making sure the computer is turned on, employees should click twice on the Yahoo Internet icon and then type in BestBuy.com."

The initial reports of the incident suggested the possibility that Best Buy was simply displaying a local version of the Web site, so that consumers could peruse their Web content but be unable to surf over to a competitor's site or a price-comparison site or even to a publication such as Consumer Reports.

If that had been the case, then the pricing disconnects might have been nothing sinister, but merely a result of the fact that the external Web site is updated much more frequently than a static version in the stores.

But some of our own conversations with Best Buy employees March 3 cast doubt on that theory, with employees saying that they are only aware of the public version. (Gombossy's reporting also found many Best Buy employees who were unaware of two sites.)

Another scenario is that the dual-site effort might be regionally localized, as opposed to being a national corporate effort. But that also seems unlikely, as such a site would likely be sanctioned by corporate. Why would such a site be created and then only offered to isolated areas? Is this some sort of a pilot program? This is one story eWEEK.com will be watching closely.

Retail Center Editor Evan Schuman has tracked high-tech issues since 1987, has been opinionated long before that and doesn't plan to stop any time soon. He can be reached at Evan_Schuman@ziffdavis.com.

RIAA Opposes New Fair Use Bill

New bill would let customers make limited numbers of copies of copyrighted works
By Grant Gross, IDG News Service

A new bill in the U.S. Congress aimed at protecting the fair use rights for consumers of copyright material would "legalize hacking," the Recording Industry Association of America said.

The Freedom and Innovation Revitalizing U.S. Entrepreneurship (FAIR USE) Act, introduced Tuesday by U.S. Representatives Rick Boucher, a Virginia Democrat, and John Doolittle, a California Republican, would allow customers to circumvent digital copy restrictions in six limited areas when copyright owners' business models are not threatened, Boucher said in a press release. So-called fair use doctrine allows customers of copyright works to make limited numbers of copies, particularly for reviews, news reporting, teaching and research.

The bill would allow exemptions to the anticircumvention restrictions in the Digital Millennium Copyright Act (DMCA), passed by Congress in 1998. The bill is revamped from similar bills introduced in the last two sessions of Congress, Boucher said.

"The fair use doctrine is threatened today as never before," Boucher said in a statement. "Historically, the nation's copyright laws have reflected a carefully calibrated balanced between the rights of copyright owners and the rights of the users of copyrighted material. The Digital Millennium Copyright Act dramatically tilted the copyright balance toward complete copyright protection at the expense of the public's right to fair use."

But the RIAA said the bill would effectively repeal the DMCA. The bill would "allow electronics companies to induce others to break the law for their own profit," it said in a statement. Advances such digital music sales, online games, on-demand movies and e-books can be traced to DMCA protects, the RIAA said.

"The difference between hacking done for non-infringing purposes and hacking done to steal is impossible to determine and enforce," the RIAA said in its statement.

The Boucher bill would limit the availability of statutory damages against individuals and firms who may be found to have engaged in contributory infringement, inducement of infringement, or other indirect infringement. The bill would allow libraries to circumvent digital locks or secure copies of works that have been damaged, lost or stolen.

The Consumer Electronics Association applauded the bill, saying it would give protections to consumers, educators, and libraries. Without fair use protections, consumers couldn't use devices such as VCRs and digital TV recorders, the trade group said.