Tech Roundup: Heartbleed, Project Ara & More
[A recurring feature on the latest in Science & Technology.]
Internet afflicted by Heartbleed bug; password reset advised:
A newly disclosed security flaw in OpenSSL, a popular open source cryptography library that's widely used for secure communications over computer networks, put the Internet in panic-mode, with many web services scrambling to patch the vulnerability within hours after the bug was made known. Called Heartbleed (technically, CVE-2014-0160) and introduced in OpenSSL version 1.0.1, that was released on April 19, 2012, the bug takes advantage of the absence of a bounds check during heartbeat requests so as to retrieve more data than it should from the server due to a memory leak, thus providing hackers and cyber-criminals with an opportunity to steal encryption keys and user credentials, and eavesdrop on communications.
The flaw first came to light through Neel Mehta of Google Security on March 21 and a patch was later pushed on the same date across all Google servers, with OpenSSL being informed of the vulnerability. Finnish IT security testing firm Codenomicon separately discovered the same bug on April 2, and by April 7, a new version of OpenSSL (1.0.1g) was released with the fix in place. The complete timeline of the events can be found here at the Sydney Morning Herald.
While it is very much advisable to change your passwords (I spent a couple of hours doing that!), what's perplexing is the lack of proper communication. Except for IFTTT, who sent me an email asking me to immediately reset my password, I haven't received any other emails with regard to this. The big list includes, if not all, Google (although it states a password change is not required), Facebook, Pinterest, Instagram, Tumblr, Yahoo!, Flickr, Netflix, SoundCloud, Box, Dropbox, GitHub, Wikipedia, Flipboard, Pocket, IFTTT, Wordpress, Wunderlist, Quora and Reddit. Twitter's is unclear yet, though they have applied a patch. And of course, it makes no sense to change the passwords until the issue itself is fixed in each of the affected websites.
Amazon, Apple, LinkedIn, Microsoft, eBay, Groupon, Pandora and Evernote seem to be on the clear, but it's better to be safe than sorry if you have similar passwords set up. Over and above that, the infamous Heartbleed bug goes beyond your favourite websites too, specifically targeting Android phones and tablets running on version 4.1.1 aka Jelly Bean, as per a new post by Google. Millions of devices (there are 80 phones/tablets) still run on this version, a Google spokesperson confirmed to Bloomberg, and the "patching information for Android 4.1.1 is being distributed to Android partners," says the post.
Bloomberg, in the meanwhile, also reported that the US National Security Agency exploited the bug in its spying and surveillance operations, a claim the NSA has denied, adding it had no prior knowledge about the flaw before anyone else. In a worrisome development, Canada Revenue Agency recently became the first victim of Heartbleed after it reported the theft of Social Insurance Numbers belonging to 900 taxpayers.
Google terms of service updated to explicitly state it's scanning your emails:
Google has finally updated its terms of service to explicitly state that a user's incoming and outgoing emails are being automatically scanned for purposes of targeted advertising, reminding us once again of what little choice we have. "Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored," goes the newly added clause.
Google's email scanning has been a hotbed of controversy since its debut over concerns of user privacy and fellow competitor Microsoft seized this opportunity as part of its Scroogled campaign, calling for a switch from Gmail to Outlook. But ironically it found itself in hot waters and its hypocritical side exposed when it admitted to reading the Hotmail inbox (now rebranded as Outlook.com) of an unidentified blogger, who reportedly received early copies of Windows 7 and Windows 8 from a former disgruntled Microsoft employee, even without his permission. And that's how Microsoft scroogled itself!
Apple and Samsung back in court for the second time:
Tech giants and the most profitable smartphone manufacturers Apple and Samsung are back in court once again and this time over the latter's infringement of Apple's hyperlinking, background data sync, Siri universal search, auto-complete, and slide-to-unlock features. Samsung, for its turn, is fighting to ban all Apple devices that were running between 2010 and 2012 over a photo gallery feature and a video compression technology patent aimed at FaceTime. It has also added that all the iOS features it is accused of copying, save for slide-to-unlock, are Android's and not something it had come up with on its own, thus dragging Google directly into the battle despite Apple not targeting Android straight away.
Dropbox appoints Condoleezza Rice on its board of directors; kicks up storm:
At a recent San Francisco event, cloud storage service Dropbox announced a couple of things. It launched Mailbox, the nifty swipe-based email sorting and filtering email client, for Android and desktops, and even debuted a new photo-sharing app called Carousel (the company has since then acquired an iOS based cloud storage photo sharing app Loom to beef up its offerings). And while it confirmed former Motorola CEO Dennis Woodside as its COO, what was surprising was the appointment of former US Secretary of State Condoleezza Rice on its board of directors.
"We're proud to welcome Dr. Condoleezza Rice to our Board of Directors," CEO Drew Houston wrote in a blog post. "When looking to grow our board, we sought out a leader who could help us expand our global footprint." Given Dr. Rice's role in US's warrantless surveillance program, which has become the eye of the storm post Edward Snowden revelations, the move has apparently not gone down well, with some users threatening to discontinue using the app. CEO Houston has however defended the company's decision, stating "she brings an incredible amount of experience and insight into international markets and the dynamics that define them. As we continue to expand into new countries, we need that type of insight to help us reach new users and defend their rights. Dr. Rice understands our stance on these issues and fully supports our commitments to our users."
Choosing Dr. Rice might have been a shrewd move considering the legal hurdles posed by different nations like China where the service is blocked and censorship is widespread, but vocal protesters, who have set up the website Drop Dropbox, are calling for her ouster, going to the extent of suggesting "fantastic" alternatives. From being a simple cloud storage alternative to Google Drive and the likes, it's worth pointing out that Dropbox has been slowly gobbling up small app startups - Mailbox, document collaboration application Hackpad, ebook reader Readmill, corporate chat tool Zulip and now Loom, as it tries to offer a seamless experience to view, edit and share documents, photos and media files all under its platform.
Google acquires Titan Aerospace:
A few weeks back I mentioned how Facebook is planning to take on Google's balloon powered Project Loon with solar powered drones to provide internet for all. Now Google has announced that it's acquired Titan Aerospace, a drone startup that was under Facebook's watch for a probable acquisition for its Internet.org plan. The drone maker is the latest to join a long list of robotics firms like Boston Dynamics which has been acquired by Google. Whether they would add to Project Loon is anybody's guess.
Project Ara sounds very promising, but is it practical?
Google may not have pleased Wall Street in its latest quarterly earnings with cost-per-click rates for its search ads declining 9% year over year, but the search giant is for sure looking at other places and out-of-the-box ideas. Originally part of Motorola's Advanced Technologies and Projects team, Project Ara is a free, open hardware platform just like Google's free, open software platform, Android, to create modular smartphones with an aim to reduce electronic waste and increase handset shelf-life. This is promising and interesting, but is it practical?
Replacing, say, just a camera module instead of the whole smartphone either as an upgrade or due to a malfunction, or swapping out a smaller battery for a bigger one will definitely allow gadget enthusiasts to hold on to their phones for a longer time than they would otherwise when new innovations emerge. As Google plans to unveil first such phones, exclusively for the 6 billion, early next year, one cannot but help wonder about its feasibility. Even if such a phone is successfully made, what is the guarantee that it would be cheaper than simply upgrading to a whole new phone? Won't it sort of make the upgrade process more messy? At a time when OEMs are competing over specs (with respect to the phone in its entirety), module-level improvements would trigger a faster upgrade race and may not exactly tackle the actual problem of smartphone obsolescence.
Chances are that moving to a better display would entail moving to a faster processor and a bigger battery. In such a situation, isn't better to buy a new phone altogether? Furthermore, would anybody be interested in buying a second-hand camera module in case you are putting it up for sale? It's like trying to sell your spare parts. Project Ara is doubtless the way to go, and while we really don't know the exact specifics of the implementation, the idea for now has a lot of hurdles to cross.
Air pollution driving freak weather events across the world:
A new study by Texas A&M University's Department of Atmospheric Sciences has found that air pollution in Asia is affecting weather patterns over the Pacific and other regions across the world, leading to severe storms and higher global temperatures. This was concluded by studying the amount of particulate matter in the air and comparing their levels in present day to the preindustrial conditions. Aerosols floating over Asia, particularly China, are being transported to the Pacific, where they intensify the storms originating in the area, the study reveals.
Aerosols, while necessary for cloud formation, are being released in huge amounts into the atmosphere due to human activities like fossil fuel burning, thereby making clouds thicker and bigger. "Aerosols provide seeds for cloud formation. If you provide too many seeds, then you fundamentally change cloud patterns and storm patterns," says co-author of the study, Renyi Zhang. China's capital Beijing is already battling severe smog conditions due to air pollution and the government recently made plans to tackle the crisis with anti-pollution drones to freeze the pollutants, causing them to fall to the ground.
In other news:
Internet afflicted by Heartbleed bug; password reset advised:
A newly disclosed security flaw in OpenSSL, a popular open source cryptography library that's widely used for secure communications over computer networks, put the Internet in panic-mode, with many web services scrambling to patch the vulnerability within hours after the bug was made known. Called Heartbleed (technically, CVE-2014-0160) and introduced in OpenSSL version 1.0.1, that was released on April 19, 2012, the bug takes advantage of the absence of a bounds check during heartbeat requests so as to retrieve more data than it should from the server due to a memory leak, thus providing hackers and cyber-criminals with an opportunity to steal encryption keys and user credentials, and eavesdrop on communications.
 |
| Heartbleed |
While it is very much advisable to change your passwords (I spent a couple of hours doing that!), what's perplexing is the lack of proper communication. Except for IFTTT, who sent me an email asking me to immediately reset my password, I haven't received any other emails with regard to this. The big list includes, if not all, Google (although it states a password change is not required), Facebook, Pinterest, Instagram, Tumblr, Yahoo!, Flickr, Netflix, SoundCloud, Box, Dropbox, GitHub, Wikipedia, Flipboard, Pocket, IFTTT, Wordpress, Wunderlist, Quora and Reddit. Twitter's is unclear yet, though they have applied a patch. And of course, it makes no sense to change the passwords until the issue itself is fixed in each of the affected websites.
Amazon, Apple, LinkedIn, Microsoft, eBay, Groupon, Pandora and Evernote seem to be on the clear, but it's better to be safe than sorry if you have similar passwords set up. Over and above that, the infamous Heartbleed bug goes beyond your favourite websites too, specifically targeting Android phones and tablets running on version 4.1.1 aka Jelly Bean, as per a new post by Google. Millions of devices (there are 80 phones/tablets) still run on this version, a Google spokesperson confirmed to Bloomberg, and the "patching information for Android 4.1.1 is being distributed to Android partners," says the post.
Bloomberg, in the meanwhile, also reported that the US National Security Agency exploited the bug in its spying and surveillance operations, a claim the NSA has denied, adding it had no prior knowledge about the flaw before anyone else. In a worrisome development, Canada Revenue Agency recently became the first victim of Heartbleed after it reported the theft of Social Insurance Numbers belonging to 900 taxpayers.
Google terms of service updated to explicitly state it's scanning your emails:
Google has finally updated its terms of service to explicitly state that a user's incoming and outgoing emails are being automatically scanned for purposes of targeted advertising, reminding us once again of what little choice we have. "Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored," goes the newly added clause.
Google's email scanning has been a hotbed of controversy since its debut over concerns of user privacy and fellow competitor Microsoft seized this opportunity as part of its Scroogled campaign, calling for a switch from Gmail to Outlook. But ironically it found itself in hot waters and its hypocritical side exposed when it admitted to reading the Hotmail inbox (now rebranded as Outlook.com) of an unidentified blogger, who reportedly received early copies of Windows 7 and Windows 8 from a former disgruntled Microsoft employee, even without his permission. And that's how Microsoft scroogled itself!
Apple and Samsung back in court for the second time:
Tech giants and the most profitable smartphone manufacturers Apple and Samsung are back in court once again and this time over the latter's infringement of Apple's hyperlinking, background data sync, Siri universal search, auto-complete, and slide-to-unlock features. Samsung, for its turn, is fighting to ban all Apple devices that were running between 2010 and 2012 over a photo gallery feature and a video compression technology patent aimed at FaceTime. It has also added that all the iOS features it is accused of copying, save for slide-to-unlock, are Android's and not something it had come up with on its own, thus dragging Google directly into the battle despite Apple not targeting Android straight away.
Dropbox appoints Condoleezza Rice on its board of directors; kicks up storm:
At a recent San Francisco event, cloud storage service Dropbox announced a couple of things. It launched Mailbox, the nifty swipe-based email sorting and filtering email client, for Android and desktops, and even debuted a new photo-sharing app called Carousel (the company has since then acquired an iOS based cloud storage photo sharing app Loom to beef up its offerings). And while it confirmed former Motorola CEO Dennis Woodside as its COO, what was surprising was the appointment of former US Secretary of State Condoleezza Rice on its board of directors.
"We're proud to welcome Dr. Condoleezza Rice to our Board of Directors," CEO Drew Houston wrote in a blog post. "When looking to grow our board, we sought out a leader who could help us expand our global footprint." Given Dr. Rice's role in US's warrantless surveillance program, which has become the eye of the storm post Edward Snowden revelations, the move has apparently not gone down well, with some users threatening to discontinue using the app. CEO Houston has however defended the company's decision, stating "she brings an incredible amount of experience and insight into international markets and the dynamics that define them. As we continue to expand into new countries, we need that type of insight to help us reach new users and defend their rights. Dr. Rice understands our stance on these issues and fully supports our commitments to our users."
Choosing Dr. Rice might have been a shrewd move considering the legal hurdles posed by different nations like China where the service is blocked and censorship is widespread, but vocal protesters, who have set up the website Drop Dropbox, are calling for her ouster, going to the extent of suggesting "fantastic" alternatives. From being a simple cloud storage alternative to Google Drive and the likes, it's worth pointing out that Dropbox has been slowly gobbling up small app startups - Mailbox, document collaboration application Hackpad, ebook reader Readmill, corporate chat tool Zulip and now Loom, as it tries to offer a seamless experience to view, edit and share documents, photos and media files all under its platform.
Google acquires Titan Aerospace:
A few weeks back I mentioned how Facebook is planning to take on Google's balloon powered Project Loon with solar powered drones to provide internet for all. Now Google has announced that it's acquired Titan Aerospace, a drone startup that was under Facebook's watch for a probable acquisition for its Internet.org plan. The drone maker is the latest to join a long list of robotics firms like Boston Dynamics which has been acquired by Google. Whether they would add to Project Loon is anybody's guess.
Project Ara sounds very promising, but is it practical?
Google may not have pleased Wall Street in its latest quarterly earnings with cost-per-click rates for its search ads declining 9% year over year, but the search giant is for sure looking at other places and out-of-the-box ideas. Originally part of Motorola's Advanced Technologies and Projects team, Project Ara is a free, open hardware platform just like Google's free, open software platform, Android, to create modular smartphones with an aim to reduce electronic waste and increase handset shelf-life. This is promising and interesting, but is it practical?
Replacing, say, just a camera module instead of the whole smartphone either as an upgrade or due to a malfunction, or swapping out a smaller battery for a bigger one will definitely allow gadget enthusiasts to hold on to their phones for a longer time than they would otherwise when new innovations emerge. As Google plans to unveil first such phones, exclusively for the 6 billion, early next year, one cannot but help wonder about its feasibility. Even if such a phone is successfully made, what is the guarantee that it would be cheaper than simply upgrading to a whole new phone? Won't it sort of make the upgrade process more messy? At a time when OEMs are competing over specs (with respect to the phone in its entirety), module-level improvements would trigger a faster upgrade race and may not exactly tackle the actual problem of smartphone obsolescence.
Chances are that moving to a better display would entail moving to a faster processor and a bigger battery. In such a situation, isn't better to buy a new phone altogether? Furthermore, would anybody be interested in buying a second-hand camera module in case you are putting it up for sale? It's like trying to sell your spare parts. Project Ara is doubtless the way to go, and while we really don't know the exact specifics of the implementation, the idea for now has a lot of hurdles to cross.
Air pollution driving freak weather events across the world:
A new study by Texas A&M University's Department of Atmospheric Sciences has found that air pollution in Asia is affecting weather patterns over the Pacific and other regions across the world, leading to severe storms and higher global temperatures. This was concluded by studying the amount of particulate matter in the air and comparing their levels in present day to the preindustrial conditions. Aerosols floating over Asia, particularly China, are being transported to the Pacific, where they intensify the storms originating in the area, the study reveals.
Aerosols, while necessary for cloud formation, are being released in huge amounts into the atmosphere due to human activities like fossil fuel burning, thereby making clouds thicker and bigger. "Aerosols provide seeds for cloud formation. If you provide too many seeds, then you fundamentally change cloud patterns and storm patterns," says co-author of the study, Renyi Zhang. China's capital Beijing is already battling severe smog conditions due to air pollution and the government recently made plans to tackle the crisis with anti-pollution drones to freeze the pollutants, causing them to fall to the ground.
In other news:
- In a first, scientists discover four new Neutrogla insect species in Brazil with sex-reversed genitalia.
- Sea otters found to be the new carriers of H1N1 influenza virus.
- Kepler telescope discovers the most Earth-like planet yet; the planet Kepler 186f found located in the Goldilocks zone orbiting a five-planet system 500 light years away.
- One-fifth of China's soil (16.1% in total and 19.4% of its arable land) is contaminated with cadmium, nickel and arsenic, shows new government study conducted between 2005-2013.
- Biologists create synthetic chromosome of yeast in a landmark feat of biomedical engineering.
- Sony PlayStation 4 sells 7 million units so far; Microsoft's Xbox One manages 5 million in sales as console war heats up.
- US's Federal Trade Commission okays Facebook's WhatsApp acquisition.
- Samsung Galaxy S5 goes on sale in 125 countries; priced at Rs. 51,500 in India.
- Facebook has 100 million active users in India, its largest base outside the United States.
- Microsoft Office Online lands on Chrome Web Store following its arrival on iPad.
- Apple iOS 7 adoption rate hits 87% in latest distribution figures.
- Twitter gets a major redesign with emphasis on photos; acquires Gnip, a data startup that monitors the micro-blogging network's real-time user activity.
- Apple iPhone 4s gets a price drop in India from Rs. 31,500 to Rs. 24,000; relaunched iPhone 4 sold out.
- Motorola's Moto X goes on sale in India for Rs. 23,999.
- Facebook to turn off Messenger in its Android and iOS mobile apps; asks users to install standalone Messenger app instead.
- Automattic, the company behind online publishing platform WordPress, acquires Longreads, a website that publishes long-form stories from the web.
- Apple mulling a $100 price rise with the next iPhone, say new (unconfirmed) reports.
- Microsoft urges Windows 8 users to compulsorily upgrade to Windows 8.1 before next Patch Tuesday ie. May 13 or risk losing out on further security updates.
- Professional social network LinkedIn now has 300 millions users.
- Google's upcoming developers conference to focus big on design as new leaks suggest drastic design overhaul of various Android apps.
Comments
Post a Comment