Saturday, July 30, 2016

Clinton Campaign Latest Target of Hackers Linked to Russia

The campaign of Democratic presidential nominee Hillary Clinton is the latest possible victim of a series of hack attacks some cybersecurity experts have linked to the Russian government, according to press reports Friday.

Campaign officials acknowledged that an analytics program it uses, which is maintained by the DNC, was accessed in a breach discovered earlier this month. However, its internal systems apparently were not compromised.

The FBI reportedly is investigating the Clinton campaign hack along with a related cyberbreach at the Democratic Congressional Campaign Committee, the official campaign arm of Democratic candidates for the House of Representatives.

The latest news comes less than a week after Wikileaks published nearly 20,000 emails stolen in the earlier hack attack on the Democratic National Committee.

The bureau is probing whether the latest attacks are linked to the DNC breach.

"The DCCC can confirm that we have been the target of a cybersecurity incident," said Meredith Kelly, national press secretary of the organization. "Upon discovering the issue, we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing this incident.

Based on the information the DCCC has to date, it appears that the breach is similar to prior incidents, including the DNC breach that is already under investigation, Kelly said, adding that the organization takes the matter very seriously.

"With the assistance of leading experts, we have taken and are continuing to take steps to enhance the security of our network in the face of these events," she added. "We are cooperating with the federal law enforcement with respect to their ongoing investigation."

Code42

CrowdStrike Probes

CrowdStrike, which has been working with the DNC to investigate the earlier breach, confirmed that it also is working with the DCCC.

"We can confirm that the DCCC has hired CrowdStrike following the DNC breach and we are investigating the matter," spokesperson Ilina Dimitrova told TechNewsWorld. "This is an ongoing investigation and we're not able to provide further comments."

The FBI issued a statement acknowledging it was aware of media reports regarding cyberintrusions involving "multiple political entities," and that it was working to determine the accuracy, nature and scope of "these matters."

The bureau takes allegations of intrusions seriously, it said, promising that anyone who posed a threat in cyberspace would be held accountable.

The FBI earlier this week launched a probe into the DNC breach, after questions surfaced about the possibility that Russian hackers delivered the stolen emails to Wikileaks in an attempt to help the presidential campaign of Republican nominee Donald Trump.

Trump set off a firestorm when he urged Russia to find and disclose more than 30,000 deleted emails belonging to Democratic presidential nominee Hillary Clinton.

Trump's remarks came after the Clinton campaign raised suspicions that Russian hackers, working with Russian intelligence services, had coordinated the leaks of DNC emails to help the Trump campaign. Trump campaign officials publicly ridiculed the Clinton campaign's allegations as an attempt to divert the public's attention.

However, following withering attacks from national security experts and both Democratic and Republican party officials, Trump later backtracked from encouraging Russia to find and expose Clinton's private emails, saying his comments were meant to be sarcastic.

Vulnerable Systems

The breaches raise troubling questions about the security systems of various public agencies, as well as the integrity of the presidential election itself, said Marc Rotenberg, president of the Electronic Privacy Information Center.

"EPIC said at the outset of this election year that data protection is the most important, least well understood issue in the country today," he told TechNewsWorld. "All across the U.S., consumers confront issues of identity theft, data breach and financial fraud. Yet Washington has been unwilling to update U.S. privacy law or back strong security techniques."

"The consequences are growing more severe," he added, yet not a single speaker addressed the issue at either convention.

The U.S. can't rely on its adversaries playing by the rules, warned Andrea Castillo, program manager for the Technology Policy Program at George Mason University's Mercatus Center.

The government must take proactive steps to strengthen the U.S. cyberinfrastructure, he told TechNewsWorld.

"There's been a lot of speculation, but I think the takeaway is more about our generally poor cybersecurity," said Castillo. "A hack like this was more a matter of when, not if."


,

Friday, July 29, 2016

LINUX PICKS AND PANS Homegrown Budgie Desktop Shows Off the Beauty - and Beastliness - of Solus Simplicity

Homegrown Budgie Desktop Shows Off the Beauty - and Beastliness - of Solus Simplicity

The Solus Project version 1.2, released last month, shows considerable maturity in the homegrown Budgie desktop.

Solus 1.2 is the second minor release in the Shannon series, built around a custom Budgie desktop developed in-house and the eopkg package manager forked from PiSi. Solus is a Linux distribution built from scratch.

The Budgie desktop can be set to emulate the look and feel of the GNOME 2 desktop, but it is a different flavor from the GNOME 2-0 retread, MATE. It is tightly integrated with the GNOME stack.

This is the latest stable version since the developer last year began rebuilding the distro after a few branding disputes with other Linux communities. That lead to a series of branding changes from Solus OS to Evolve OS to the current Solus Project distro.

I reviewed this rebranded distro last July. That initial release had a completely different Linux underbelly. Solus OS was based on Debian Linux. The change to Evolve OS brought a complete rebuild, leaving the Debian lineage behind.

The third redirection as the Solus Project changed direction from where Evolve stopped. The Shannon series is not a complete porting of the old Evolve. The built-from-scratch Budgie desktop remains and has grown considerably. Much of the guts of the distro otherwise have been gutted.

Solus is available for 64-bit (x86_64) computers only, largely because the distro targets more current computer architecture to run its optimized software inventory. That is in line with one of the developer's goals: to lay the framework for a high-performance gaming experience.

Solus 1.2 builds upon the groundwork of 1.0 and 1.1. I was pleased to find many improvements to the Budgie desktop. However, a few key features are still missing.

Budgie's increased maturity is thanks to numerous bug fixes, icon and GTK switches in CSS themes, and a heightened focus on tuning software to run on Budgie.

Better Budgie Performance

Budgie has grown from its inception in Solus OS through Evolve OS. Designed with the modern user in mind, Budgie focuses on simplicity and elegance. It has a plain and clean style, and is easy to use.

Solus 1.2
Solus 1.2 offers a simplified panel and user-friendly desktop environment.

A huge advantage for the Budgie desktop is that it is not a fork of another project. It is designed for easy integration into other distros and is an open source project in its own right. The Budgie desktop environment offers an intuitive menu that enables quick access to your installed programs, offering both category and compact views.

It controls the GTK and icon theming. It makes it easy to add, remove and modify Budgie panels along with their properties and displayed applets. It also gives you quick access to system settings and power options such as restart, suspend and shutdown.

The heart of adjusting the desktop in Solus is Raven, an applet, notification and customization center. It is the key to controlling the user experience through easy customizations. Within the Raven applet, you can change widget, icon and cursor themes. You can show desktop icons with a single click and tweak a variety of system fonts.

With the Panel settings section, you can choose placement of the panel and its inner applets. You also gain granular control over individual applet settings.

Building Better Gaming

Solus 1.2 ups the Linux gaming experience. It includes multilib packages and adds its own native, optimized runtime as an alternative to Steam's prepackaged and unoptimized code.

Linux Steam Integration -- an open source tool developed in-house -- makes it easy to switch between the native and prepackaged Steam runtime. It also forces 32-bit mode for Steam.

As a result, the widest variety of Linux games are available for use in Solus. This release also includes support for a variety of gaming devices, including the Steam and DualShock controllers.

Code42

Software Optimizations

Solus 1.2 delivers a large set of targeted software optimizations that leverage work done by the Clear Linux Project for Intel Architecture. Solus targets modern personal computing devices and the x86_64 architecture. That allows bolder optimizations on software than other tier-one operating systems can provide.

The installed collection of software is a bit skimpy -- there's no office suite in the default software. Users can select from a large assortment of titles from the Solus Software Center, but options are limited to that repository. Universal software strongholds such as the Synaptic Package Manager are not supported in Solus.

The Software Center in Solus 1.2 has new code for more efficient use and performance. It enables the installation of supported third-party software from within the Software Center, which avoids having to drop down to a terminal for the installation of applications like Chrome. Even the base installation of Solus 1.2 is easier with the improvements made to the Installer.

Solus 1.2 ships with numerous applications to enhance its desktop experience. It includes Firefox 47, Nautilus 3.18.5, Rhythmbox 3.3.1, Thunderbird 45.1.0 and Vic 2.2.4. It also has Gstreamer media libraries; a multitude of system utilized fonts, such as Clear Sans and Hack; and the Breeze Snow cursor theme. The distro leverages the GTK 3.18 stack.

Solus 1.2 is UEFI-enabled via goofiboot -- a distribution-agnostic fork of gummiboot -- to ensure a wider variety of modern hardware is capable of using Solus.

Solus ships with the Long Term Support version of the Linux kernel, 4.4.13.

Design and User Experience

The Budget design is similar to the look and feel of the Android OS' material design. For instance, the application menu has no cascading views. It sports a white background. The text is light gray. The application names are dark, and they stand alongside very minimal one-color small flat icons. The design of the application windows follows this same approach.

I dislike two critical shortcomings in the Budgie desktop. Both of them stem from Solus' goal of simplifying the desktop environment. This aspect of Solus is a classic example of how oversimplifying some things creates a loss of functionality in others.

For example, you can not resize or minimize windows. Every window opens to a standard size. That makes it impossible to rearrange multiple windows on the screen.

Budgie desktop
The Budgie desktop limits window size options to full-screen or one-size-fits-all. No resizing or minimizing exists.

Clicking the minimize icon seems to have the same effect as clicking the close or X icon. Minimizing the window makes it disappear. It does not have a placeholder on the panel, so you have to go to the menu to reopen it.

The other problem with Budgie is the lack of any virtual workspaces, which results in an Android-like user experience and limits the overall functionality.

Bottom Line

The Budgie desktop -- and thus Solus itself -- lacks the glitz and glitter found in more seasoned desktop environments. Animation is nonexistent. It also lacks any right-click menu finesse other than the ability to change background or settings.

The Solus Project's distro is very user-friendly, but experienced Linux users will need more optimized software and desktop functionality in the next release to be tempted to give up more advanced desktop flavors.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.

And use the Talkback feature below to add your comments!


,

Thursday, July 28, 2016

Trump Tries to Walk Back Comments on Clinton Emails

Republican presidential nominee Donald Trump on Thursday attempted to walk back some of his remarks at a Wednesday morning press briefing during the Democratic National Convention, saying they weren't meant to be taken seriously.

Among other things, Trump suggested that Russian intelligence services should look for more than 30,000 deleted emails belonging to former Secretary of State Hillary Clinton and reveal them to the world.

"Russia, if you're listening, I hope you'll be able to find the 30,000 emails that are missing," Trump said. "I think you will probably be rewarded mightily by our press."

Trump made the astounding comments in response to the Clinton campaign's charges that Russian hackers, working in conjunction with Russian intelligence agencies, orchestrated the leak of nearly 20,000 Democratic National Committee emails, and that they timed their release to help the Trump presidential campaign.

Damage Control

Security experts, Democratic officials and some members of Trump's own party were among those who blasted his Wednesday remarks. House Speaker Paul Ryan, R-Wisc., put out a statement calling Russian President Vladimir Putin a "thug" and warning that Russia should "stay out of this election."

Facing a fierce backlash, with some officials questioning whether he had financial motivations to cozy up to the Russian government, Trump told Fox News that he was being sarcastic and did not intend that his comments be taken literally.

Trump officials did not immediately respond to a request for comment.

Yuri Melnik, press secretary for the Russian Embassy to the U.S., declined to comment on any of the specific comments by Trump or anyone else, and said he had no knowledge of Trump's business activities in Russia or elsewhere.

"In general, I believe that the Russia-related allegations floating around are completely inadequate and inappropriate," Melnik told TechNewsWorld. "It's surprising how childish the narrative is."

U.S. privacy and civil liberties advocates blasted Trump's statements, given the nature of the cybersecurity breaches that have impacted the government and private sector in recent years.

"At a time when the U.S. is confronting serious cybersecurity threats from foreign adversaries, the comments of the Republican candidate for President are beyond reckless," Electronic Privacy Information Center Executive Director Marc Rotenberg told TechNewsWorld.

Code42

Not Quite Deleted

The potential breach of even nonclassified email belonging to the former Secretary of State constitutes a serious security risk, said Kevin O'Brien, CEO of GreatHorn.

A string of recent security breaches, including the 2015 hack of the Office of Personnel Management and more recent attacks, up to the DNC breach in May, likely were the work of Russian cyberthieves, he told TechNewsWorld.

On the issue of the thousands of Clinton's deleted emails, that information trail in the age of cloud computing is not necessarily safe from rediscovery, O'Brien added.

"Whether it's removed from the recipient's systems and servers has no impact on that data's continued existence in the myriad systems that it moved through prior to arrival, or was copied to if those systems were themselves compromised," he explained.

The deleted emails could have been vulnerable to "direct endpoint compromise," which means the server might have been infected with malware that made shadow copies of the deleted emails, or that third-party applications that ran in conjunction with the email transfer agent and server software may have been compromised. The extended perimeter of any individual who received messages in any of those threads also may have been compromised.

Russia's Meddling

The FBI earlier this week launched an investigation into whether the Russians were involved in the DNC hack.

Cybersecurity experts at CrowdStrike last month published evidence linking Russian hackers operating under the names "Cozy Bear" and "Fancy Bear" to the DNC breach. The groups have been tied to a series of infiltrations of U.S. government agencies and other American entities.

A spokesperson at the FBI did not comment specifically in response to Trump's comments, but pointed to an extensive statement FBI Director James Comey released about Clinton's use of a personal email server.

The agency "did not find direct evidence that Secretary Clinton's personal email domain, in its various configurations since 2009, was successfully hacked," he said.

However, Comey did make an interesting reference to the potential for cyberthieves to access Clinton's emails through a back door: "We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account."

Clinton used her personal email "extensively" while traveling outside of the U.S., including sending and receiving emails "in the territory of sophisticated adversaries," he pointed out.

"Given that combination of factors," said Comey, "we assess that it is possible that hostile actors gained access to Secretary Clinton's personal email account."


,

Playing at Science – Tomas Rawlings

As Tom is the Design and Production Director of Auroch Digital, and the creator of its initiative GameTheNews, he is often asked to talk or write about his experiences with gaming being used to tackle news topics and how successful this can be.

newcompetition(Image from http://fold.it/portal/)

In the article, Tom references the case where gamers, through playing the game Fold-It, deciphered the structure of the Mason-Pfizer Monkey virus. This was a problem that had been left unsolved for over 15 years, showing not only that games can be a successful way to increase awareness of a difficult topic, but also by using games to approach a problem from a different angle and different set of eyes, we can begin to solve problems that conventional methods have yet to crack.

Click here to read the full article.

Source : gamethenews[dot]net

Xiaomi Unveils Budget-Friendly MacBook Air Rival

Xiaomi on Wednesday unveiled the Mi Notebook Air, its challenger to the MacBook Air.

The 13.3-inch model is priced at US$750, compared to the MacBook Air's $1,050 price tag in China. The device is also available in a 12.5-inch version.

The Mi Notebook Air, which runs Windows 10, offers a number of features that aren't available in a MacBook Air.

"This is Xiaomi's way of saying, 'Let's not let Apple, Lenovo, or the bigger manufacturers from Taiwan, like Acer and Asus, take this opportunity from us," said Jeff Orr, a senior practice director at ABI Research.

While Xiaomi is "in the shadow of Apple from a brand perspective, they let Apple be that iconic brand," he told TechNewsWorld, and instead "give people something like the functionality and experience of Apple at a more affordable price but in the Windows experience."

Under the Hood

The Mi Notebook Air has a full-sized backlit keyboard and an edge-to-edge glass screen with thin bezels.

The 13.3-inch model is gaming-ready, with a full HD display (1,920 x 1,080 pixels), an Intel Core i5 processor, Nvidia's GeForce 940MX discrete graphics card, 8 GB of RAM, 256 GB of storage, and a SATA slot that can handle drives of up to 256 GB.

It weighs about 2.8 pounds. It has one USB-C port for charging, two USB 3.0 ports, one HDMI port and a 3.5mm audio port.

It has a 9-hour battery life, and the battery gets a 50 percent charge in 30 minutes, according to the company.

Xiaomi Mi Notebook Air
Xiaomi's Mi Notebook Air

Users can play games like Dota 2 at 85 frames per second at full HD resolution, Xiaomi said.

The 12.5-inch Mi Notebook Air has a 12.9 mm frame that weighs about 2.4 pounds. It has an Intel Core i3 processor, 4 GB of RAM and 128 GB of storage.

It does not have discrete graphics. Battery life is said to be more than 11 hours, and it's priced at about US$525.

Code42

State of the PC Market

There have been some recent encouraging signs in the global PC market.

Its sales decline has slowed, according to IDC. Worldwide PC shipments in Q2 totaled 62.4 million units, a 4.5 percent decline year over year. The firm had expected a 7.4 percent drop.

That sets up the market for improved performance in the second half of the year, IDC suggested.

Xiaomi may benefit from this expected slight upturn.

"The opportunity in China is the younger middle class," ABI's Orr remarked. "This kind of computing platform would be a centerpiece in their home environment, and I'd expect multiple users rather than a single user."

Xiaomi is "offering both lightness and great performance, and this will elevate them above local original device manufacturers, who make products for Taiwanese OEMs," Orr suggested. "What those local ODMs lack that Xiaomi has is marketing and distribution."

Locking Horns With Apple?

Apple's revenue from China fell 33 percent year over year, to $8.8 billion, and it no longer is the company's second-biggest market.

"This laptop from Xiaomi mostly targets Lenovo, Asus and Acer customers rather than Apple's," observed Eric Smith, a senior analyst at Strategy Analytics.

"It's just sexier to call out Apple," he told TechNewsWorld.

In any event, "Apple isn't going to try to open all the doors in China for its products," ABI's Orr remarked. "The reason it wants to have Macs in China is because of the developer potential. If you can develop more Mac content and services that benefit the regional market, you create a demand and distinction for the Mac."


,

Wednesday, July 27, 2016

Google Beefs Up Phone App's Spam-Fighting Skills

Google on Tuesday released an updated version of its Phone app for Android with a new spam protection feature that warns users when an incoming call is likely to be spam. It also lets them block numbers and report spam.

The app is available on Google Play.

The spam warning feature works on Nexus and AndroidOne devices on the T-Mobile USA, Project Fi and Orange France networks.

"For me, mobile spam calls are a nightmare," remarked Rob Enderle, principal analyst at the Enderle Group.

"I get calls throughout the day now, and it's incredibly annoying," he told LinuxInsider.

Mobile call spam is a growing problem, said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

"Most mobile numbers aren't listed anywhere, and so spamming has been [difficult] -- but automation is rapidly eroding the protection of anonymity," he told LinuxInsider. "It's possible for call systems to quickly scan down a block of numbers, identify the ones that get answered, and compile lists of active numbers."

Code42

Spam Suspects ID'd

The Google Phone app already offered Caller ID and call blocking, and Caller ID displayed known businesses, but the older call blocking feature "was just blocking an individual contact," Google said in comments provided to LinuxInsider by spokesperson Crystal Dahlen. "This update includes the ability to report spam and show alerts for suspected spam callers."

Previously the Caller ID showed known businesses through Google My Businesses, and "nothing about this feature is changing," the company noted.

Users already could place calls from Google Maps, but with the update, "a user doesn't need to open another app," Google said. "Just type 'locksmith' in the Phone app and the three nearest results will appear."

Early Reactions

There already are a number of complaints on the Phone app's Google Play page.

"Visual Voicemail is broken with latest update. Nothing is currently displayed in the tab even though the settings look fine. Rolling back to the previous version solves that issue," wrote Salim Ahmed.

"I can't be notified when I receive a text message when I'm on a call," posted Axel.

Overall, the app is "pretty good," wrote Andy Baughman, who uses a Nexus 6P. However, "it takes a long time to open, no customization available, and the favorites page is very ugly for an official Google app. "

The app is "straight forward, effective," wrote Chris Matta. "The only thing that could use a change at this point is that I would like to be able to set a default feature on launch."

The comments have not gone unnoticed.

Google is "looking at the feedback on an ongoing basis," noted spokesperson Dahlen.

More Robust Approach

The new spam-blocking feature goes further than some other solutions.

Caller ID can be misleading, and call blocking "isn't very effective, given [spam callers] can use a variety of trunk lines, each of which has to be blocked to work," noted Enderle. The new app "would seem to be far more proactive and work more like email spam filters."

There are services users can subscribe to, such as YouMail, that will intercept calls automatically, Enderle said, noting that YouMail "provides this as a free service to get you interested in their other calling features."


,

New Office 365 Features Help Build a Better Research Paper

Microsoft on Tuesday announced a slew of cloud-powered intelligent services in Office 365 apps that aim to assist research and writing efforts.

Researcher lets users access the Bing Knowledge Graph to find and incorporate sources and content for research papers without leaving Word.

Editor uses machine learning and national language processing, combined with input from Microsoft's linguists, to make proofing and editing suggestions designed to help users improve their writing.

These updates will be rolling out to Office 365 within the coming months, a Microsoft spokesperson said in comments provided to TechNewsWorld by company rep Lenette Larson.

Researcher will be available this month for Word 2016 users. Editor will arrive in August, with expanded capabilities scheduled to roll out this fall.

Microsoft's plans include expanding Researcher to mobile platforms.

Going to the Source

Researcher lets users pull in relevant material from the Web through Bing Knowledge Graph and add it in properly formatted citations.

Microsoft plans to expand Researcher's body of reference materials to include sources like national science and health centers, encyclopedias, history databases and more.

Researcher Mobile will let users create quick outlines for papers on any device.

"My first thought was, 'Damn! Why didn't they have this when I was in school?'" said Laura DiDio, a research director at Strategy Analytics.

Researcher "is a double-edged sword," she told TechNewsWorld. "On the one hand, it's a useful tool; on the other hand, who vets the sources?"

The feature "isn't a silver bullet, but it's better than nothing," DiDio said, "and will have an immediate, tangible -- and ostensibly, positive -- impact on researchers."

The question of which sources will be included in Knowledge Graph searches is a big issue, observed Charles King, principal analyst at Pund-IT.

"Microsoft says that it will continue expanding Researcher's body of reference materials," he told TechNewsWorld. "That's great, but it'd be nice to know which specific sources are currently -- and will eventually be -- included."

Smart Enough?

Editor's capabilities may raise concerns with people who have struggled with autocorrect and autofill capabilities.

"There's nothing worse than doing a spell and grammar check and finding out your checker is schizophrenic when it comes to words like 'its' and 'it's,' for example. Or it keeps changing 'IoT' to 'iota,'" DiDio remarked. "Will Editor be helpful, or will it be an annoyance?"

The technology behind Editor is "a new Office-created intelligence engine that uses the best of local and online machine learning and linguistic technologies with deep partnerships with Bing and Microsoft research," the Microsoft spokesperson noted. "Editor uses online services when appropriate."

Editor supports more than 90 languages, including various flavors of English, and "is smart enough to understand the market differences in languages," the spokesperson pointed out, "and the help it provides is tailored to the market the user is in."

Security Misgivings

The specter of Researcher pulling in tainted websites automatically is a real concern, especially in the wake of the Cerber zero-day ransomware attack on Office 365 users last month.

Microsoft detected the attack and began blocking the Cerber ransomware attachment the next day, but roughly 57 percent of organizations using Office 360 received at least one copy of the malware during the attack, according to Avanan.

"There is currently no known way to decrypt a Cerber-encrypted file," said Gil Friedrich, CEO of Avanan. "The only solution is to recover from backup or pay the ransom."

The growth of Office 365 within more companies "makes it a more desirable delivery vector," Friedrich told TechNewsWorld. Bing Knowledge Graph is a new vector, and "the victim will trust every file because it has been filtered -- but not necessarily for malware."

Protecting against infection requires using multiple types of detection mechanisms, Friedrich said.


,

Tuesday, July 26, 2016

GADGET DREAMS AND NIGHTMARES Gadget Ogling: Pretty Printers, Bargain Smartwatches, and Font Finders

Welcome to Gadget Dreams and Nightmares, when we take a break from exploring the world around us in search of Pokémon just long enough to bring you the most compelling -- for better or worse -- recent gadget announcements.

In our Pokédex this time are a printer with a difference, a hyper-affordable smartwatch, a way to bring 3D sound to your headphones, and a font-capturing tool.

As always, these are not reviews. The ratings denote only how much I'd like to try each product, and are in no way reflective of how desperate I am to find a Pikachu.

Pleasing Paper

I recently looked at three home robots that were so adorable, you'd need an impossibly horrifying day to wipe the smile off your face after seeing them.

That said, I never thought I'd write the following: You can add a printer to the list of cute gadgets that I never want to be without.

Paper, designed by Ludwig Rensch, is sadly a concept for now. It holds a ream of paper to make loading the printing material easier than shuffling with a stack of loose leafs. It can scan documents and send them to your phone if you desire. It can make copies.

There's a string of LEDs to show how much ink is left for each color, and there's even a handle on top to make the compact printer easy to move.

At first glance, it seems abundantly easy to use. The design is clean, though I'm a little disappointed there are no anthropomorphic elements.

I moved to a new apartment recently, and the very last thing I did at my old place was to dump my old, bulky printer that never saw use more than a few times a year. If I were someone who needed to print documents often, I'd be clamoring for this. It's a shame it's not an actual product, at least not for the time being.

Rating: 5 out of 5 Perfect Printouts

Wallet-Friendly Watch

In a world of Apple Watches and Gear S smartwatches that can set you back hundreds of dollars, it's heartening to know there are some functional smartwatches that cost about the same as a cocktail.

One, the U8 Smartwatch, now sells for less than US$8. It can make phone calls, track your steps and sleep, and alert you to updates with notifications. Somewhat astonishingly, it has a touchscreen.

There's a catch, for me at least, since it works only with Android, and I'm an iPhone owner. Although I'm skeptical of smartwatches in general, I'd actually be tempted here if I had an Android smartphone. Even if only so I could pretend I'm a Secret Service agent when talking into my wrist.

Rating: 4 out of 5 Cheap Chronometers

True Surround Sound

For all the buzz about virtual reality, something that gets lost a little in the current audiovisual conversation, at least from where I'm sitting, is 3D sound -- sound that appears to come from anywhere within a 3D space. You won't have to shell out for dedicated headphones to make the effect work, thanks to a new peripheral.

The 3D Sound One Module fastens to your over-ear headphones and uses Bluetooth to connect to your computer, iPhone, or iPad. It has nine sensors to track your head movement, and the music you play through a dedicated app will reach your ears in surround sound.

3D Sound One Module headphones

At $99, it's a relatively inexpensive way to try out 3D sound and learn if it's how you'll listen to music in the years to come. The technology is interesting, and -- much like the glass speakers I looked at in the most recent edition of this column -- could point to how we're all going to enjoy audio in the not-too-distant future.

Rating: 4 out of 5 Songs in Space

Text Trapper

Spector is a device that can capture and identify printed fonts and colors. It can then send those details to Adobe InDesign for you to use. Alternatively, you can store up to 20 fonts in the device's memory for later use.

It works by capturing an image of the font and color(s) and determines the font using a database. While Spector can identify font size, leading and kerning to replicate the text you've found exactly, the device is currently a prototype, and for now it can pinpoint only seven fonts.

I'm not exactly what you call a designer, though I do appreciate good fonts. It's a neat idea, and I'm heartened to know I'll never again need to send a cover letter in Comic Sans when racking my brain for an option that will help me stand out.

Rating: 4 out of 5 New Romans


,

Aquila Test Flight Carries Facebook's Internet Ambitions Aloft

Facebook last week carried out the first full-scale test flight of Aquila, a high-altitude solar-powered unmanned aircraft designed to provide Internet access to remote regions.

The company had flown a one-fifth scale version of the airplane for several months.

The full-sized craft has the wingspan of a Boeing 737 -- 46 yards -- but reportedly weighs less than 900 pounds fully laden, thanks to the carbon fiber materials used in its construction.

The goal of last week's test flight was to verify Facebook's operational models and the overall aircraft design.

The flight originally was scheduled to run 30 minutes, but its successful performance allowed engineers to extend it to a 90-minute run. The ground crew was able to verify several performance models and components, including aerodynamics, batteries, control systems and crew training.

"In our next tests, we will fly Aquila faster, higher and longer, eventually taking it above 60,000 feet," said Jay Parikh, global head of engineering and infrastructure at Facebook.

Code42

When complete, Aquila will be able to circle a region up to 60 miles in diameter at a height of more than 60,000 feet.

It will use laser communications and millimeter wave systems to provide connectivity.

Facebook Connectivity Lab researchers have proposed using an optical detector coated with fluorescent materials for free-space optical communications. They demonstrated a detector that achieved data rates of up to 2.1 Gbps.

The company's plan is for the Aquila drones to fly over remote regions and deliver connectivity for up to three months at a time.

"This will require significant advancements in science and engineering to achieve," Parikh noted, adding that the current world record for a solar-powered unmanned flight is two weeks.

Facebook will have to work closely with operators, governments and other partners to implement the program.

The company reportedly wants to have a fleet of about 10,000 Aquila aircraft flying to areas where and when they are needed.

"They'd need a lot of traffic controller work," said Rob Enderle, principal analyst at the Enderle Group.

The drones will fly at heights of more than 60,000 feet in order to avoid commercial aircraft, according to Facebook, but "military planes -- especially spy planes -- fly higher, and they don't have traffic controllers either," he told TechNewsWorld.

Further, with a fleet of 10,000 planes, "a one-in-a-thousand chance of failure would give us 10 failures, on average," Enderle estimated.

Command and control for 10,000 craft would be a problem, said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

"To put this in perspective, 10,000 drones are more than all the militaries of the world are currently flying," he told TechNewsWorld.

The Economics of the Plan

Some of the economic aspects of Facebook's plan also raise questions.

Considerable engineering and scientific work needs to be done, as Parikh acknowledged, which means Facebook likely will have to invest millions of dollars in getting Aquila to the point where it can remain in the air reliably for three months at a time.

It also will have to spend lots of time and money negotiating with governments, regulatory authorities and commercial partners, and it will have to obtain all the necessary permits.

"I'm still trying to figure out how they will convince governments these aren't really spy planes or flying ballistic deathtraps," Enderle said.

Not all countries have been on board with Facebook's Internet access plans up to now. India and Egypt banned Free Basic, the low-cost Facebook service that Aquila airplanes will enable.

Whether Facebook can recover the costs from its target customer base -- largely people with little discretionary income -- remains in doubt.

"This does seem improbable," said Frost's Jude. "This is one of those ideas that sounds interesting on the surface but becomes less compelling the closer you look."


,

FBI Launches Probe Into DNC Email Hack

The FBI on Monday confirmed it has opened an investigation into allegations that the Wikileaks email dump of nearly 20,000 Democratic National Committee emails over the weekend might be linked to the Russian government. Hackers connected to Russian intelligence agencies allegedly have been working to help tilt the United States presidential election.

Hillary Clinton's campaign manager, Robby Mook, made a bombshell allegation on Sunday, claiming that the hack of thousands of DNC emails that revealed efforts to undermine the Bernie Sanders campaign was the work of Russian intelligence.

DNC Chair Debbie Wasserman Schultz announced she would resign her post after the convention ended, succumbing to pressure following the leaks.

"The FBI is investigating a cyber intrusion involving the DNC and is working to determine the nature and scope of the matter," the agency said in a statement provided to TechNewsWorld by spokesperson Jillian Stickels. "A compromise of this nature is something we take very seriously and the FBI will continue to investigate and hold those accountable who pose a threat in cyberspace."

Code42

The Wiki Dump

The Clinton campaign was informed that the release of the emails to Wikileaks, which published the files on Friday, was part of an effort to aid the campaign of Republican nominee Donald Trump, who is seen as being more favorable to Russian President Vladimir Putin, Mook told CNN's Jake Tapper.

Cybersecurity experts linked the email hack to a number of Russian groups connected to past attempts to infiltrate several U.S. government agencies and private think tanks, Mook said.

The most damaging of the leaks involved Brad Marshall, the CFO of the DNC, suggesting in a May email that the party plant a story in Kentucky or West Virginia that questioned whether Sanders was an atheist or embraced his Jewish heritage.

Trump campaign Chairman Paul Manafort on Sunday denied the allegations that it was working with Russia, calling the charges "absurd" on This Week with George Stephanopoulos.

Donald Trump on Monday joked about the alleged Russian connection in a tweet.

The new joke in town is that Russia leaked the disastrous DNC e-mails, which should never have been written (stupid), because Putin likes me

— Donald J. Trump (@realDonaldTrump) July 25, 2016

Russian government officials told TechNewsWorld that the allegations were groundless.

"As per your request, we see the flood of inadequate and inappropriate allegations that has inundated the U.S. media," said Yuri Melnik, press secretary of the Embassy of Russia in the USA. "One can only be surprised by such childish, groundless accusations that are far beyond reality."

Other indications that Russia might be orchestrating hack attacks against the DNC surfaced last month, when CrowdStrike reported that two groups linked to Russian intelligence were behind breaches of the DNC system.

Guccifer 2.0, a hacker believed to be connected with Russia, had claimed credit for the breach and posted documents claiming to be from the DNC.

Lions, Tigers and Bears

Although the Guccifer 2.0 postings might have been part of a disinformation campaign, CrowdStrike stood by its original analysis.

After the DNC called on the firm to investigate the suspected breach, it immediately identified two adversaries -- Cozy Bear and Fancy Bear -- that had gone after other CrowdStrike customers in the past, according to the firm's CTO Dmitri Alperovitch.

"In fact our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis," he wrote. "Their tradecraft is superb, operational security second to none and the extensive use of 'living off the land' techniques enables them to easily bypass many security solutions they encounter."

Cozy Bear, which is also known as "CozyDuke" or "Apt 29," in the past has accessed unclassified sections of the White House, State Dept., U.S. Joint Chiefs of Staff and targeted companies in the defense, financial, energy and other industries.

The group's usual approach is through a broadly targeted spearphishing campaign with Web links to a malicious dropper, according to CrowdStrike.

Fancy Bear, also known as "Sofacy" or "Apt. 28," has been active since the mid-2000s and gone after entities in the aerospace, defense, energy, government and media sectors, with victims in numerous countries around the world, including the U.S., Western Europe, Brazil, Canada, Japan, South Korea and others.

Fancy Bear often targets defense ministries and may be affiliated with GRU, the leading Russian military intelligence service. It is known to register domains that look very similar to the legitimate organizations being targeted. Among known victims are the German Bundestag and France's TV5 Monde.

The Cozy Bear intrusion at the DNC dates back to the summer 2015, while the Fancy Bear breach occurred in April of this year, according to CrowdStrike. However, no evidence exists of collaboration between the two groups.

The DNC attack is most likely part of an ongoing set of attacks from the same group, suggested Kevin O'Brien, CEO of GreatHorn.

"So-called advanced persistent threats -- attacks that are highly targeted, occur over long periods of time, and which bypass traditional security -- are on the rise," he told TechNewsWorld.

There has been a drastic increase in these kind of cyberattacks over the past 90 days, particularly in the financial services sector, O'Brien said, noting that GreatHorn has analyzed more than 75,000 mailboxes.

Emails are an attractive target for hackers, he noted, because they have a combination of high-value data and near-universal user adoption, including by people who may not be aware of how these threats manifest themselves and who may be using systems with weak native security.


,

Monday, July 25, 2016

OPINION Windows RIP: Thankfully It Died With Windows 8

As we approach the end of the free Windows 10 upgrades this month and get used to the anniversary edition, it suddenly hit me the Windows we knew died with Windows 8 -- what we got with Windows 10 really isn't what we've come to know as Windows.

Hell, looking at Microsoft's latest financials, Microsoft really isn't Microsoft any more, either. Both are so different from what they were just last decade, they are like a brand new product and company.

We're on the eve of big Windows changes. I'll explain and then close with my product of the week: a US$360,000 fantasy Jaguar that would make Bill Gates and Jay Leno jealous.

Code42

Windows: We Knew It Well

I've been covering Windows since it was a real product. In fact, Windows 95 was my path to fame, and it was largely responsible for launching my career as an analyst. It was also pretty crappy. That wasn't entirely Microsoft's fault -- that was when hardware differences went vertical, and Microsoft learned how not to support a product that sold in the tens of millions.

Windows was defined by its releases. Each one was tied to release date and the need to generate revenue -- not build and ensure a platform upon which an empire not only could be built but also sustained. It clearly worked as a builder, but with the PC market collapse the "sustain" part was forgotten.

One of the now most ironic videos to watch is Steve Ballmer's "developer, developer, developer" speech -- ironic because it was largely the loss of developers that forced him to step down. The old Steve was right. Unfortunately, it was a new and improved Steve who ran Microsoft, and that didn't work out so well.

The product was hard to install, hard to update, and buggy, and it stood as one of the biggest barriers to folks buying new PCs. I'm actually kind of surprised the PC market didn't collapse a decade earlier. I remember going to a meeting at Intel and asking why more Intel employees didn't have newer PCs, and it was because they didn't want to go through the pain of upgrading.

Some versions of Windows were so bad they became legendary. Windows Millennium kind of set the bar for horrid, but Windows 2000 wasn't that much better and both were rushed because of the Y2K bug. Then there was the disaster that was Windows Vista, and finally the train wreck that was Windows 8 -- which did, finally, crater the PC market.

Microsoft brought out the Xbox and shifted most gaming efforts to that in an attempt to keep Sony from taking over the segment. It was a bad bet. The Xbox pulled a ton of value from Windows, and because Sony imploded, the PlayStation never became a threat to the PC. So Windows became less valuable over time as the Xbox bled premium buyers away from it.

We stuck with Windows, regardless of the pain, but Windows as we knew it died with Windows 10.

Windows 10

Now I've been on Windows 10 since before its release, and it is such a breath of fresh air. Migrations are easy. I typically just have to hit one button on my keyboard to wake it up in the morning, and updates are both free and relatively often -- each one bringing a few new surprises, good ones for the most part.

Migrations to new hardware take minutes instead of days, and it currently is running on a whopping 350 million devices. That is pretty impressive for a version of Windows this young. There are 1,500 different products shipping with Windows 10 preloaded, showcasing much more variety than we have ever had before.

Gone are the pains of Windows 95, and ME. Gone are the screw-ups with Vista and Windows 8. Windows 10 is much more like what we've come to expect from a smartphone operating system in terms of ease of use and reliability, and yet it still runs on the most powerful systems in market.

In addition, Microsoft has re-energized game playing on the platform. I can speak to this, because I've already racked up a whopping 282 hours on Ashes of the Singularity, and I only started playing it last month. I'm kind of surprised my mouse hand still works.

Finally, as Apple backed away from being the design leader in the segment, Microsoft stepped in with the Surface tablets and everyone upped their game. Now companies like Acer, Dell, HP and Lenovo are massively design-forward, and the age of ugly desktop or laptop PCs is over.

However, it isn't just Windows that has been reborn.

Microsoft's Rebirth

When I started, and for much of its life, Microsoft was defined by being just a platform-and-tools company with Office (a product that needs a rebirth). Yet if you look at Microsoft's financials today, it clearly is trending to be the leading company supplying the enterprise cloud with Azure.

I was at a BlackBerry event -- where you'd typically not see Microsoft, because it would be a competitor -- but Microsoft instead was one of the biggest supporters (just after Samsung, which kind of reflects on the change in BlackBerry, come to think of it). Microsoft currently has the best enterprise cloud solution, in terms of coverage and redundancy.

This is actually big, because for a long time it didn't really seem like the whole "enterprise focus" thing was working for the company, and it clearly weren't the first to the cloud platform. However, as with racing, it matters less who has the pole position than who comes in first at the end of the race.

Microsoft historically has been known to be arrogant and nonresponsive to the hardware manufacturers. That honor now belongs to Google, and it isn't unusual to hear thes OEMs lament that they wish Google were more like Microsoft. This is a story in and of itself, because Google rode in as a white knight to kill the black knight, Microsoft, and somehow the two firms switched positions. Go figure.

Wrapping Up: The King Is Dead, Long Live the King!

As we approach the end of the free window for upgrading to Windows 10 and the broad market release of the Windows 10 Anniversary Edition, it is amazing how much change there has been since Satya Nadella took over.

With so much focus on corporate boards selecting clueless CEOs -- seemingly on purpose -- it is great to see a board step up and do it right. Nadella has transformed the company. He not only has fixed Windows so that it bears little resemblance to the product we loved to hate, but also has shifted the focus of the company to the future. Instead of being a bad follower, Microsoft is starting to lead again.

Perhaps boards now will see how critical it is to pick CEOs who know the business, understand the market, actually have a workable vision, and can execute. Maybe, just maybe, turnarounds like we've seen from Apple and Microsoft will become more the rule than the exception. We can only hope.

Rob Enderle

Before the Jaguar F-Type, which I have, there was the XK-180, which was an even tighter homage to the E-Type on the show car circuit. Years ago, while attending F1 racing as a guest of AMD, I saw one of the two Jaguar built, and I immediately fell in love with it. Since then I've been looking for a way to own one, and I recently ran into a company in Europe that is building near-exact replicas.

This is actually a trend now. You can buy near completely new and updated versions of cars like the Jaguar E-Type and Triumph TR-4, but this is the first time I've seen someone create a near-exact replica of a car that never made it to market. This car is rolling art, and it still has modern day performance. (Given that it is less than half the age of the other reproductions, achieving that wasn't so difficult.)

This new Xk-180 isn't a cheap date, though, costing $360K (at current exchange rates), which had my wife looking at me like I'd better get a second and third job if I want that car.

Jaguar XK180 by JePe
Jaguar XK180 by JePe

So, sadly, for me, that won't happen -- but for those who like to dream or maybe have a car that still will be counted in the 10s and be one hell of a collectible -- not to mention drop dead gorgeous -- this is a viable option.

I expect if you want to drive it in the U.S., you'll need to buy a 2000-era U.S. spec XKR and ship it over as a donor, but the rules surrounding this kind of car have become far more lenient of late. In any case, because I so lust for this car, the bespoke XK-180 sports car is my product of the week.

By the way, Bill Gates is a bit of a car collector -- he has an impressive collection. He's not quite in Jay Leno's league but close. I'll bet even Bill and Jay would look at you with envy if you drove up in one of these. Just saying... . You know, that might just be worth it.


,

Saturday, July 23, 2016

Snapchat's Curious About-Face

Fleeting memories will be a thing of the past with a new Snapchat feature currently rolling out.

Snapchat

"Memories," introduced earlier this month, allows users of the app to save photos and photo stories to their phones, as well as share them with friends.

Finding snaps or stories can be done with a simple text search.

Protecting snaps and stories on a phone is easy, too. Items can be moved in and out of "My Eyes Only" mode with a few taps.

Unlike most Snapchat content, which is supposed to be ephemeral, content stored in Memories or sent to My Eyes Only is backed up to the app's servers automatically.

Straying From Core Purpose

When Snapchat was founded, its claim to fame was that it could be used for ephemeral, or "Mission Impossible," sharing of photos and videos. Memories is a departure from that path.

"It's clear that either Snapchat's vision of its purpose has changed over time, or its original incarnation was just a first step in a long-term strategy that we're now seeing play out," said Jan Dawson, chief analyst at Jackdaw Research.

"Whichever it is, it's clear that Snapchat has done a fantastic job building a strong position in a key area, and then expanded out very successfully from there to become an app where a large portion of young people spend significant time," he told TechNewsWorld.

Snapchat is projected to grow 27.2 percent to 58.6 million U.S. users this year, according to eMarketer, surging ahead of rivals Twitter (56.8 million) and Pinterest (54.6 million).

Snapchat has been especially successful at capturing younger users, the firm noted. Its biggest user base is 18- to 24-year-olds (34 percent), followed by 25- to 34-year-olds (27 percent).

The fastest-growing group of Snapchat users is comprised of children under 12, which will grow by 42.9 percent this year, eMarketer found.

Code42

Widening the Usage Gap

Memories is more an expansion of functionality than a departure from Snapchat's core values, observed Brian Blau, an analyst with Gartner.

"With the new Memories feature in Snapchat, we are seeing them keep their main value at the forefront -- that being ephemeral messaging -- but also add a way for the app to be more flexible," he told TechNewsWorld.

That flexibility could have a revenue upside for Snapchat, suggested Jackdaw's Dawson.

"Memories will allow Snapchat to expand into even more roles on people's devices, sucking up time that would otherwise have been spent in other apps, and all that means more opportunities to monetize that usage in different ways," he said.

Memories could help Snapchat get a leg up on one of its biggest competitors, Instagram.

Instagram users in the United States last month spent more time per session with their Android version of the app than Snapchat users spent with theirs, noted Ross Rubin, senior director for industry analysis at App Annie. However, Snapchat had a higher average time per user, per month than Instagram.

"If Snapchat can increase its average session time, it can widen the usage gap between itself and Instagram," Rubin told TechNewsWorld.

"Memories will certainly increase engagement -- time spent in-app," said Laura Naparstek, a researcher with Forrester.

"For most apps, daily active users is not an accurate measurement," she told TechNewsWorld. "For Snapchat, it's huge."

Turning Off Users

Since Memories is likely to have more appeal to an older demographic, Snapchat risks alienating some of its younger users with the feature, cautioned John Carroll, a mass communications professor at Boston University.

"Snapchat wants to add another dimension to itself that they hope will appeal to a wider audience, including an older demographic," he told TechNewsWorld, "but by introducing something that has appeal to an older group, they have to be concerned about reducing the overall appeal of the app to a younger group."

Change always results in griping, remarked Gartner's Blau.

"With any new features, some will protest -- others will love it. I don't think that Memories will be any different," he said. "Ultimately, having that feature's flexibility means that users can do more with Snapchat, and that should increase user satisfaction over time."


,

LINUX PICKS AND PANS Android, Chromebook Make a Sweet Couple

Chrome OS and Android Apps now run together on some Chromebooks. Many, but not all, Chromebook models will get the operating system update that allows it as fall approaches.

The Asus Chromebook Flip C100P -- the first Chromebook to get the upgrade -- is an impressive example of what will come with the hybrid integration of Chrome OS and Android apps. The performance is not flawless, but many of the apps work well enough to offer a nonplussed working experience.

The Google Chrome OS developer team last month released the first Chromebook upgrade that put the Google Play Store on the Chromebook. The Chromebook's Chrome OS has its own inventory of apps and browser extensions provided by the Chrome Web Store.

The Google Play Store gives the Chromebook platform a huge boost in usability. Depending on the Chromebook form factor selected, being able to run Android apps alongside Chrome OS apps and browser extensions could allow users leave their tablets and traditional laptops behind.

Chromebook GooglePlay Store
The Google Play Store is a welcome addition to the Chromebook.

I learned a few weeks prior to the upgrade that it was about to happen. However, my aging Acer C720 Chromebook was nearing the end of its five-year support cycle and would not be included in the rollout.

So I bought the first model rumored to be getting the Android apps upgrade.

Code42

First Impressions

The Asus Chromebook Flip's integration of Android apps is surprisingly solid for a first-run release. However, anyone familiar with Android smartphones and tablets running Marshmallow 6.0.1 will discover quickly that the integration is not yet ready for prime time.

The developers caution early adopters not to use the hybrid platform on primary work Chromebooks, as the transition to Android on Chrome OS is still very much a work in progress. Android apps, in general, do work -- but expect glitches until the developers get some problems resolved.

That said, I am very pleased with the performance. I am a heavy Android tablet and smartphone user. I installed many of the work-related Android apps on the Chromebook I use daily. Since I upgraded the Chrome OS on the Chromebook Flip, I have not used the tablets other than occasionally to power them on to update.

Hardcore Hardware

This review focuses on the hybrid mix of the Chrome OS and Android apps. My intent is not to praise or criticize the hardware. However, the Asus Chromebook Flip configuration might be a key reason for Google starting the software rollout with this unit.

It is particularly significant that the first hardware configuration runs so well on a Rockchip quad-core processor rather than a device with Intel inside. The Asus unit is a bit of a rarity in that is has a full metal body. It also has a two-in-one design with a nearly full-size keyboard that flips into a freestanding touchscreen display and a tablet with an on-screen keyboard.

Here is a quick glimpse of what's inside the Asus Chromebook Flip:

CPU: 1.8-GHz Rockchip 3288-C (quad-core, 1MB cache)
Graphics: ARM Mali T624
RAM: 4 GB LPDDR3 SDRAM
Screen: 10.1-inch, WXGA (1,280 x 800) IPS multitouch display
Storage: 16 GB eMMC
Connectivity: 802.11ac WiFi, Bluetooth 4.1
Camera: 720p HD webcam
Weight: 1.96 pounds
Dimensions: 10.6 x 7.2 x 0.60 inches (WxDxH)

Asus offers a base model with the above specs with 2 GB RAM and 32 GB local storage for US$300. However, I purchased a unit on sale with the 4 GB of RAM and a 16-GB HDD for the same price as the base unit at $239.99.

Storage is not an issue with the 16-GB HDD. The Chromebook is based on the concept of using your Google Drive for continuous cloud storage. However, the Flip has a microSD slot. The 4 GB of RAM with a 16-GB hard drive is a smart combination, especially with the ability to add a large-capacity SD card for more local storage. I popped in an unused 16-GB SD card.

Some Setup Required

The Google Play Store did not come preinstalled on the Chromebook Flip. No doubt the same situation will occur with the other Chromebook models targeted for the upgrade. Right now, you have to switch the Chromebook into developer mode, but the process is not difficult.

You'll need to go into a sort of hidden settings panel to place the Chromebook into developer mode. First, click the settings tab in the far right tray area of the bottom panel bar. Next, click the blue About Chrome OS link at the top of the settings page. Then scroll down the list of options and select the Change button to switch to the Developer channel.

Android on Chromebook set up
Users have to upgrade their Chromebook to prepare for installation of the Google Play Store.

The screen will refresh. Look for a new category on the settings page labeled "Android Apps." Click the check box to activate the option to run the Play Store. That starts the Chrome OS upgrade download. That process can take up to 30 minutes but does not destroy existing files or the current Chrome OS settings and installed extensions.

When the download is finished, reboot the Chromebook. You will see the Play Store icon added to the quick launch row when you click the search button in the far left of the task bar. The first time you click, it will open the sign-in window to register your Chromebook with the Play Store.

Exceeds Expectations

I have used the aging Chromebook C720 as a laptop replacement when I needed to travel light. I have the Chrome or the Chromium Web browsers on all of my gear configured with the same bookmarks and extensions to replicate my work and browsing routines, so my computing platform is nearly identical on whatever device I grab -- desktop, laptop or tablet.

The Chrome OS comes with some Google apps preinstalled, but they are mostly shortcuts to their Web versions that launch the browser to that URL if the browser is closed. Otherwise, Chrome just opens another tab in the browser when you launch an app or extension. The Play Store on the Chromebook changes all that!

Having actual apps that I used on my smartphone and tablets available on the Chromebook provides a much more unified computing platform. The Android apps run in their own windows rather than in a browser tab.

apMemo Lite
Android's apMemo Lite app lets you write notes with your fingertip on the Chrome OS screen.

This is a big boost to my routine, because several Android apps synchronize with my Dropbox account, Google Drive or the app developer's website. Now I can access the same data pool using a desktop or laptop browser, as well as my smartphone or tablet. I can rely on the Chromebook to have the same apps as I use on my smartphone and via my Web browsers. It potentially can replace my other tablets and laptops.

Look and Feel

Android apps are designed for touch input, so unless app developers build in better mouse support, using them on a Chromebook with just a touchpad and no touchscreen could invite user remorse. Some apps do not not run well, if at all, because Chromebooks lack GPS services that certain apps require. Other apps need access to carrier-provided texting (SMS) or phone. Some apps need access to a rear camera. Chromebooks lack these things.

Apps that do not need such hardware and services generally work well on this first Chromebook unit to run Android apps. For instance, business apps such as Adobe Acrobat, Polaris Office + PDF, Skype and the Microsoft Office programs run well.

The Chrome OS places the Android apps in the same menu as the Chromebook apps. Chrome OS has no icons or folders displayed on the desktop. Likewise, you can not create app categories or rearrange app title placement in the menu.

Users adjusting to Android apps on a Chromebook have to settle for scrolling through a common menu listing. The only partial solution is to pin your frequently used apps on the launch bar, along with the frequently used Chrome apps. However, space is limited.

I found a better solution. I installed Swapps, the same third-party Android app drawer that I use on my smartphone and tablets. I set the hotspot for the right edge of the screen. Swiping inward from the hotspot shows a scrollable list of the installed Android apps. I can designate up to 10 apps as favorites at the top of the Swapps menu. A similar custom launcher that does much the same is the App Swapp Drawer.

App Adjustments

Android apps so far are not resizable. You have three display choices: full screen, partial screen (which consumes about 70 percent of the screen), or minimized to the Chrome OS shelf. You can reposition partial app windows around the limited screen real estate, though, if you minimize the Chrome browser.

You also can alt-tab your way from running app to app. In the Asus Chromebook Flip's tablet mode, you can fold the keyboard behind the screen. That activates the switcher button that appears on the far right end of the shelf to display an expo-like thumbnail of all running apps -- both Chrome and Android -- that lets you move from app to app.

Chromebook runningapps view
You can view all running apps -- both Chrome and Android -- in an expo-like display on the Chromebook.

A related "problem" involves app notifications. They mostly do not exist on the Chrome OS. None of the apps I tried had notification sounds. Sure, you can select them in the app menus. They just do not work -- not even reminder alarms. Also, app data updates stop when the app window is not the active operation on the screen. I did find some apps that served notifications if I minimized them to the shelf rather than closed them.

All this should change when Chromebooks start supporting Android N. Android N may bring realizable apps, split screens, and the ability to run multiple apps simultaneously to Android apps on Chromebooks.

Bottom Line

Running Android apps on a Chromebook gives the Chrome OS added functionality. It has the potential to morph the Chromebook into a portable computing device that offers the best of two Linux worlds.

Still, Google engineers have some tinkering to do before Android apps and the Chrome OS are fully implemented and functional. This transition will not be complete until the Google Play Store works out of the box on new Chromebooks without users having to "upgrade" through Developer's Mode.

Want to Suggest a Review?

Is there a Linux software application or distro you'd like to suggest for review? Something you love or would like to get to know?

Please email your ideas to me, and I'll consider them for a future Linux Picks and Pans column.

And use the Talkback feature below to add your comments!


,

Friday, July 22, 2016

SPOTLIGHT ON SECURITY Civil Rights Office Issues Ransomware Guidance

Ransomware infections are on the rise, and healthcare organizations are ripe targets, which may be why the federal government addressed the subject last week.

Ransomware attacks have risen from about 1,000 a day last year to 4,000 a day this year, Symantec has reported.

Many of those attacks are for small change, but some of the larger ones have been directed at healthcare providers. For example, Hollywood Presbyterian Medical Center earlier this year paid hackers US$17,000 to get its systems back online. Also, Medstar Health this spring coughed up $19,000 to return to normal operations.

The U.S. Health and Human Services Department's Office for Civil Rights, which enforces compliance with the Health Insurance Portability and Accountability Act, better known as "HIPAA," has released new guidance for healthcare organizations on ransomware, including the following advice:

  • Conduct a risk analysis to identify threats and vulnerabilities to electronic protected health information, and establish a plan to mitigate or remediate those identified risks;
  • Implement procedures to safeguard against malicious software;
  • Train authorized users on detecting malicious software and report such detections;
  • Limit access to ePHI to only those persons or software programs requiring access; and
  • Maintain an overall contingency plan that includes disaster recovery, emergency operations, frequent data backups and testing of restorations.

Response Plan

Clarification of what to do when an organization is hit with ransomware is the "crown jewel" of the guidance, said Lee Kim, director of privacy and security technology solutions at the Healthcare Information and Management Systems Society.

"There was a lot of confusion in the field about whether or not to report a breach if there was ransomware involved," she told TechNewsWorld.

"This OCR guidance clearly says that chances are that if you're infected with ransomware, it's likely a reportable breach unless there are mitigating circumstances," Kim said. "Healthcare organizations know now that if ransomware encrypts PHI (protected health information), it's likely you'll have to report it."

The guidelines also recommend that organizations have contingency plans in place that can be set into motion when a security event occurs.

"Larger organizations probably already have contingency plans, but for the smaller guys, the guidelines give them a little more clarity about what HIPAA requires them to do and who to contact when something happens," Kim explained.

Where's My Data?

The requirement for organizations to put into place a security management process for risk analysis is a positive step, said Anthony DiBello, senior director and security strategist at Guidance Software.

As part of that analysis, organizations should take a proactive approach to identify, locate and control protected health information, he added.

"Too often, organizations don't fully understand where sensitive information resides on their networks. When you hear estimates that 60-80 percent of stored information is dark data, -- or data that organizations simply don't know what it is -- that creates a tremendous amount of risk," DiBello told TechNewsWorld.

"Organizations must be able to answer questions about stored data," he added, "such as, What is it? Where is it? How valuable is it? Who has access to it? Should they have access to it? and What kinds of rules should attach to them?"

The guidelines are helpful, but they could use more detail, said Lysa Myers, a security researcher at Eset.

"I would like to see a bit more about specific techniques and tactics to prevent malware, such as patch or update software regularly, show hidden file extensions, and block executable files sent in email," she told TechNewsWorld.

Beyond Ransomware

Organizations with savvy management will benefit the most from the guidelines, said DiBello.

"These guidelines will only help healthcare organizations that fully understand the risks and impact of data loss at the C and board level, thus helping to ensure that the appropriate level of importance and budget is dedicated to solving this problem," he said.

"Organizations that invest in people, processes and technologies designed to protect endpoints, respond to threats, and fully identify where sensitive information resides," said DiBello, "will help avoid becoming a victim of a ransomware attack, and ensure the risk of data loss is minimized when the inevitable happens."

The guidelines outline what any security expert would expect to see in any information security management system, and recommend measures designed to give organizations broad protection against cyberattacks, noted Garry McCracken, vice president of technology at WinMagic.

"Ransomware may be the topic of the day, but one should not focus too narrowly just on it," he told TechNewsWorld. "An ISMS (information security manageament system) will help healthcare organizations better protect themselves in general, not just against ransomware."

If followed, the guidelines could give healthcare organizations protection against a variety of attacks, Eset's Myers maintained.

"By adding additional techniques like encrypting sensitive data when it's stored or when it's sent via the Internet, and using multifactor authentication," she suggested, "they can significantly impact an organization's level of risk."

No Antidote for Bad Clicks

Even the best guidelines can't address the core problem that has allowed ransomware to thrive, observed Stephen Gates, chief research intelligence analyst for NSFocus.

"Any new guideline that assists organizations in preventing, detecting, containing and responding to threats, especially ransomware, is a step in the right direction," he told TechNewsWorld. "However, the question is, will guidance solve the bigger problem of the unsuspecting click?"

Proposing guidelines is one thing; having them followed is another, especially if they're burdensome. However, that's not the case with these rules, maintained Myers.

"While the techniques listed may require a significant change in how healthcare organizations handle data, these are not extraordinary measures by any stretch of the imagination," she said. "Most of these things can be done with minimal purchase of new technology. Most of the cost will just be in terms of personnel power to implement new policies."

Breach Diary

  • July 10. Twitter accounts of Yahoo CEO Marissa Mayer and Twitter cofounder Jack Dorsey briefly hijacked by hackers.
  • July 11. Netia, Poland's second largest telecom, confirms hackers gained access to some of its customer data. The hackers claim they stole 14 GB of data from the telecom.
  • July 11. Amazon denies hackers' claim that they stole 80,000 records belonging to Kindle users from one of the company's servers. The company has confirmed that the information did not come from Amazon's servers, and that the accounts in question were not legitimate Amazon customer accounts, it says.
  • July 11. Datadog, whose customers include AWS, Slack, MongoDB and Fastly, advises users to reset their credentials due to a data breach, ZDNet reports.
  • July 11. U.S. Department of Health and Human Services' Office of Civil Rights issues guidance for healthcare providers for dealing with ransomware.
  • July 11. Ambulatory Surgery Center at St. Mary's is alerting some 13,000 patients their personal information is at risk from a data breach discovered June 1, reports Bucks County Courier Times in Pennsylvania.
  • July 12. European Commission approves "Privacy Shield" that regulates the flow of data between Europe and the United States.
  • July 12. More than 50,000 payment cards at 49 of the 60 locations of Omni Hotels & Resorts are at risk due to a malware attack and data breach active between Dec. 23, 2015, and June 14, 2016, Dallas Morning News reports.
  • July 12. Pennsylvania Revenue Department announces it is alerting 865 taxpayers some of their personal information was compromised when a laptop was stolen from a rental car in San Francisco.
  • July 12. Security researcher Chris Vickery reports a misconfiguration error has exposed to the public Internet some of the internal security, surveillance and alarms systems of several Department of Public Safety buildings and at least one branch of Midfirst bank in Oklahoma.
  • July 12. Wildly popular Pokeman Go game's user agreement contains a "ripoff clause" barring lawsuits by players in the event of a data breach and requiring complaints to be settled by arbitration, New York Daily News reports.
  • July 12. Federal magistrate court in St. Louis rejects class action lawsuit against retail brokerage Scottrade over data breach that resulted in the theft of confidential information of 4.6 million customers because plaintiffs did not show they suffered damages from the breach.
  • July 13. U.S. House Committee on Science and Technology releases report revealing Chinese hackers compromised computer systems at FDIC and planted malware on 12 workstations and 10 servers, including systems of the agency's chairman, chief of staff and general counsel.
  • July 13. Armscor, a defense and arms supplier owned by the government of South Africa, is denying that classified data was stolen from its systems by Anonymous, which claims it stole the IDs of 20,000 Armscor suppliers, as well as customer names and passwords related to the site, International Business Times reports.
  • July 13. U.S. District Court in Maryland rejects class action lawsuit over a data breach at CareFirst and CareFirst of Maryland because allegations of possible future injury are not adequate to allow such a lawsuit to proceed in court.
  • July 14. Ward Solutions releases survey that finds nearly half of Irish businesses (46 percent) would not disclose a data breach because they feared adverse publicity.
  • July 14. Beaming releases study that finds cybersecurity breaches cost UK companies Pounds 34.1 billion in 2015.

Upcoming Security Events

  • July 23. B-Sides Asheville. Mojo Coworking, 60 N. Market St, Asheville, North Carolina. Cost: $10. July 30-Aug. 4. Black Hat USA. Mandalay Bay, Las Vegas, Nevada. Registration: before July 23, $2295; before Aug. 5, $2,595.
  • July 30-Aug. 4. Black Hat USA. Mandalay Bay, Las Vegas, Nevada. Registration: before July 23, $2295; before Aug. 5, $2595.
  • August 2-3. B-Sides Las Vegs. Tuscany Suites, Las Vegas, Nevada. Registration: limited free badges at door.
  • August 4-7. Def Con 24. Paris Convention Center, 3655 S. Las Vegas Blvd. and Bally Convention Center, 3645 S. as Vegas Blvd., Las Vegas, Nevada. Registration: $240, cash only at the door.
  • August 9. Delivering Data Security with Hadoop and the IoT. 6 p.m. ET. Webinar by HPE Security. Free with registration.
  • August 9. Cyber Security for National Defense Symposium sponsored by Defense Strategies Institute. Mary M. Gates Learning Center, 701 N. Fairfax St., Alexandria, Virginia. Registration: academia and non-profit, $450; industry/contractor, $925.
  • August 25. Chicago Cyber Security Summit. Hyatt Regency Chicago, 151 E. Wacker Drive, Chicago. Registration: $250.
  • Sept. 7. FTC Fall Technology Series: Ransomware. 1 p.m. Constitution Center, 400 7th St. SW, Washington, D.C. Free.
  • Sept. 7-8. International Cyber Security & Intelligence Conference. Ontario College of Management and Technology, 510-240 Duncan Mill Rd., Toronto, Ontario, Canada. Registration: students, $400.01; others, $700.
  • Sept. 8. SecureWorld Cincinnati. Sharonville Convention Center, 11355 Chester Rd., Cincinnati, Ohio. Registration: conference pass, $195; SecureWorld plus, $625; exhibits and open sessions, $30.
  • Sept. 10. B-Sides Augusta. J. Harold Harrison MD, Education Commons, 1301 R.A. Dent Blvd., Augusta, Georgia. Tickets: $20.
  • Sept. 14-15. SecureWorld Detroit. Ford Motor Conference and Event Center, 1151 Village Rd., Dearborn, Michigan. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
  • Sept. 15. B-Sides St. John's. Capital Hotel, 208 Kenmount Rd., St. John's, Newfoundland, Canada. Free with registration.
  • Sept. 17. B-Sides St. Louis. Moolah Shrine, St. Louis, Missouri. Free.
  • Sept. 19-21. Iovation Presents Fraud Force "Fast Forward." Portland Armory, 128 NW Eleventh Ave., Portland, Oregon. Tickets: $495.
  • Sept. 21. New York Cyber Security Summit. Grand Hyatt New York, 109 E. 42nd St., New York, New York. Registration: $250.
  • Sept. 26-28. The Newport Utility Cybersecurity Conference. Pell Center and Ochre Court, Salve Regina University, Newport, Rhode Island. Registration: before July 26, $1,200; after July 25, $1,600.
  • Sept. 27-28. SecureWorld Dallas. Plano Centre, 2000 E. Spring Creek Pkwy., Plano, Texas. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
  • Sept. 29-30. B-Sides Ottawa. RA Centre, 2451 Riverside Drive, Ottawa, Canada. Free with registration.
  • Oct. 5-6. SecureWorld Denver. Colorado Convention Center, 700 14th St., Denver. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
  • Oct. 11-14. OWASP AppSec USA. Renaissance Marriott, 999 9th St. NW, Washington, D.C. Registration: Nonmember, $750; student, $80.
  • Oct. 17-19. CSX North America. The Cosmopolitan, 3708 Las Vegas Blvd. South, Las Vegas. Registration: before Aug. 11, ISACA member, $1,550; nonmember, $1,750. Before Oct. 13, member, $1,750; nonmember, $1,950. Onsite, member, $1,950; nonmember, $2,150.
  • Oct. 18. IT Security and Privacy Governance in the Cloud. 1 p.m. ET. Webinar moderated by Rebecca Herold, The Privacy Profesor. Free with registration.
  • Oct. 18-19. Edge 2016 Security Conference. Crowne Plaza, 401 W. Summit Hill Drive, Knoxville, Tennessee. Registration: before August 15, $250; after August 14, $300; educators and students, $99.
  • Oct. 18-19. SecureWorld St. Louis. America's Center Convention Complex, 701 Convention Plaza, St. Louis. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
  • Oct. 20. Los Angeles Cyber Security Summit. Loews Santa Monica Beach Hotel, 1700 Ocean Ave., Santa Monica, California. Registration: $250.
  • Oct. 27. SecureWorld Bay Area. San Jose Marriott, 301 S. Market St., San Jose, California. Registration: conference pass, $195; SecureWorld Plus, $625; exhibits and open sessions, $30.
  • Nov. 1-4. Black Hat Europe. Business Design Centre, 52 Upper Street, London, UK. Registration: before September 3, Pounds 1199 with VAT; before October 29, Pounds 1559 with VAT; after October 28, Pounds 1799 with VAT.
  • Nov. 9-10. SecureWorld Seattle. Meydenbauer Center, 11100 NE 6th St., Bellevue, Wash. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.

,