walterbyrd writes “In 2012, IBM started retiring the Lotus brand. Now 1-2-3, the core product that brought Lotus its fame, takes its turn on the chopping block. IBM stated, ‘Effective on the dates listed below, [June 11, 2013] IBM will withdraw from marketing part numbers from the following product release(s) licensed under the IBM International Program License Agreement:’ IBM Lotus 123 Millennium Edition V9.x, IBM Lotus SmartSuite 9.x V9.8.0, and Organizer V6.1.0. Further, IBM stated, ‘Customers will no longer be able to receive support for these offerings after September 30, 2014. No service extensions will be offered. There will be no replacement programs.’” Read more of this story at Slashdot.
In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem — through much of the 1990s, AT&T’s CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company’s switches to listen in on the highest levels of government. But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility — it doesn’t matter if you can intercept someone else’s phone calls or network traffic if the data you’re captured is unbreakably scrambled. In response, the FBI has floated the idea of “CALEA II”: a mandate to put wiretapping capabilities in computers, phones, and software. As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it’s doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn’t matter if you trust the government not to abuse this power (though, for the record, I don’t — especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) — deliberately weakening device security makes you vulnerable to everyone, including the worst criminals: Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss. Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system. Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks. Felten’s remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI’s proposal. It’s an important read — maybe the most important thing you’ll read all month. If you can’t trust your devices, you face enormous danger. CALEA II: Risks of wiretap modifications to endpoints
pacopico writes “Every night, Netflix accounts for about one-third of the downstream Internet traffic in North America, dwarfing all of its major rivals combined. Bloomberg Businessweek has a story detailing the computer science behind the streaming site. It digs into Netflix’s heavy use of AWS and its open-source tools like Chaos Kong and Asgard, which the Obama administration apparently used during the campaign. Story seems to suggest that the TV networks will have an awful time mimicking what Netflix has done.” Read more of this story at Slashdot.
judgecorp writes “BT Retail has started testing Carrier Grade NAT (CGNAT) with its customer. CGNAT is a controversial practice, in which IP addresses are shared between customers, limiting what customers can do on the open Internet. Although CGNAT goes against the Internet’s original end-to-end principles, ISPs say they are forced to use it because IPv4 addresses are running out, and IPv6 is not widely implemented. BT’s subsidiary PlusNet has already carried out CGNAT trials, and now BT is trying it on “Option 1″ customers who pay for low Internet usage.” Read more of this story at Slashdot.
An anonymous reader writes “Terrafugia has unveiled plans to build a semi-autonomous, hybrid-electric, vertical-takeoff-and-landing vehicle for personal aviation. The new design, called TF-X, is in the works even as the company’s first product, Transition, is still awaiting production because of technical and regulatory hurdles. Terrafugia’s founder says the goal of TF-X, if it can get past the safety issues in both aviation and automotive industries, is to ‘open up personal aviation to all of humanity.’ But it will have a lot of competition from companies including AgustaWestland, Pipistrel, and the stealthy Zee.Aero, all of which are working on vertical-takeoff-and-landing vehicles for consumers.” Read more of this story at Slashdot.
Another day, another Johnny Cash-accompanied test of Elon Musk’s SpaceX Grasshopper rocket—which is not to say this isn’t exciting, because consistency is the name of the game for a commercial reusable rocket. Especially the Grasshopper, which can take off and land vertically. In this most recent test, the Grasshopper takes off, hovers at about 820 feet, and lands neatly back on its launch pad. For those who haven’t been keeping track, that’s about triple the height of the last test , and six times higher than the test before that ! [ Elon Musk ] More »
MojoKid writes “The concept of gaming accessories may have just been taken to a whole new level. A company called Virtuix is developing the Omni, which is essentially a multidirectional treadmill that its creators call ‘a natural motion interface for virtual reality applications.’ The company posted a video showing someone playing Team Fortress 2 and using the Omni along with the Oculus Rift virtual reality headset. You can see in the video how much running and movement this fellow performs. With something like the Omni in your living room, you’d likely get into pretty good shape in no time. Instead of Doritos and Mountain Dew, folks might have to start slamming back Power Bars and Gatorade for all night gaming sessions.” Read more of this story at Slashdot.