The All-time Best Selfie goes to Curiosity Rover

curiosity-rover-selfie

NASA’s Curiosity Rover has sent back a couple of quite beautiful selfies from its Martian home, offering both a beautiful and tragically empty view of its red, rocky planet which it calls its home.

A Diligent Worker

Some didn’t look to the skies in wonder, passing comments on Twitter about how it’s great, but

The Curiosity Rover on Mars, just kept on working everday since the launch. And now, with all of the interest in Pluto, Comet 67P, and Earth 2.0 finally receding to normal levels, it’s striking for its fifteen minutes of fame.

For Curiosity has sent us back a selfie. A wonderful, expansive, no doubt hella expensive selfie, primed for some exposure on E! channel.

Five Fleeting Minutes of Fame

Curiosity’s latest important mission is actually pretty huge. The Marias Pass is filled with this Buckskin, which NASA researchers want to investigate, as the area’s rocks have significantly higher levels of silica and hydrogen than they expected.

Igor Mitrofanov of the Space Research Institute said:

The ground about one metre beneath the rover in this area holds three or four times as much water as the ground anywhere else Curiosity has driven during its three years on Mars.

mars-curiosity-rover-1

mars-curiosity-rover-2

This machine has officially beaten all of the other selfies that any celebrity has ever taken so far. Nice job going to the robots.

The Internet’s Aging Protocols Make Juicy Targets for Hackers

target

According to Akamai’s Quarter 2 2015 “State of the Internet — Security” report, built from data harvested across Akamai’s networks, DDoSing continues to rise — and attackers continue to change their games in interestingly surprising ways.

Among some of  the trends singled out in the report: Attacks are not only getting bigger in terms of total traffic, but are more aggressively exploiting and showing the limitations in the older protocols, and they’re happening at a large enough scale that even the Internet backbone hardware is at risk of being routinely gummed up and could cause outages.

Some of the infrastructure attacks involve abusing limitations in existing protocols to flood victims with massive data requests. Three of the protocols in the report showing an uptick in activity — RIPv1, CHARGEN, and NTP — are all older or outright obsolete protocols. The Linux Foundation is spearheading attempts to try to fix these protocols, such repairs don’t come on a short notice or update cycle.

What’s more, DDoSing is reaching the point where they are threatening to routinely cripple Internet border edge routers by their sheer size and volume alone of each of the attacks.

Attack campaigns [of 50 megapackets per second or more] can exhaust ternary content addressable memory (TCAM) resources in border edge routers, such as those used by Internet service providers…. This can then result in collateral damage across the ISP’s network, which can manage production traffic for hundreds or thousands of organizations.

The most common infrastructure attacks are SSDP and SYN flooding. They are typically launched by exploiting unsecured in-home consumer devices, such as broadband routers. These devices often remained unpatched or unreplaced for very long periods of time, making these attacks way easier to manage.

Akamai also tracks, several application-layer attacks: SQL injections, cross-site scripting, local file inclusion, and remote file inclusion. They aren’t by themselves anywhere new, but the picture about which ones were being deployed changed after Akamai altered parts of its analysis, adding cross-site scripting and Shellshock attacks to the roundup. Shellshock attacks made up more than 90% of the attacks launched via HTTPS in the first part of Quarter 2, although it dropped off drastically to less than 10%.

The more an application is used across the web, the more likely it is to be an attack victim or vector for hackers. A really good example is, WordPress (said to power 25 percent of the entire Web if not more thanks to the customizations that people can create) earned its own section of the report.

There, Akamai singled out the plugins of WordPress as the biggest issue for exploitation; while WordPress plug-ins are vetted on initial submission, they aren’t vetted as stringently later on after they have been accepted as a plugin.

The report stated:

Your secure plug-in of today could be your attacker’s plug-in of choice when the plug-in is updated in six months.

When it comes to mitigating attacks that use older protocols, Akamai’s opinion is the best defense will come from the side of our ISPs, and not the end user or the enterprise.

An ISP could globally filter any unnecessary services that could potentially be exploited,” said David Fernandez of Akamai’s PLXsert, in an email, referring to SSDP refection attacks as an example. “SYN floods are traditionally the most popularly used attack vector by malicious attackers and requires a more dedicated mitigation strategy.

Always-On IoT Devices Will Create a Hacker’s Paradise

hacker-in-hoodie

Depending who you talk to between 35 and 50 billion devices could be connected to the internet of things by 2020.

A report commissioned by Nexusguard and conducted by Cybersecurity Ventures warns that many internet of things devices, namely routers, are likely to be targeted as a jumping off point for hackers to gain access to the devices.

DDoSing is often the first method attack by hackers who use them to distract companies from more targeted points of entry. One method of attack is the software updates and used as proxy servers to launch attacks on businesses and extort cash to get the hackers to stop.

Steve Morgan, CEO at Cybersecurity Ventures said:

The Internet of Things brings new layers of interconnectedness and efficiency, but the risks cannot be ignored.

Vulnerable Routers Will Be the Achilles Heel

Routers are being used in Simple Service Discovery Protocol (SSDP) reflection attacks which are targeting unpatched or un-patchable routers.

These SSDP attacks are especially dangerous because they can utilise vulnerable routers to amplify an attack beyond normal bandwidth limits while also hiding the original source of the attack.

Terrence Gareau, Chief Scientist at Nexusguard said:

Home routers and other similar internet-connected devices are easy access points for hackers, who can use them to launch DDoS or setup proxies for internet fraud that can shut down ISPs or cripple a business.

These attacks can be especially harmful to the providers of IoT services, for example if an alarm system is controlled by an app, the attack could completely shut down this capability, rendering the entire service unusable. We’re the dominant player in DDoS and IoT attack prevention and believe it is important to raise industry awareness about the persistent IoT threat.

Cybersecurity Ventures predicts that by the end of 2017 roughly 20% of businesses will use security services to protect their internet of things initiatives.

It also says that the multi-trillion dollar internet of things market will increase security research and spending up to at least 2025.

A good many of these devices will rely on shared libraries for firmware and as older devices are no longer supported by manufacturers and patches and fixes cease, there will be increased opportunities for hackers to find an attack method.

According to Nexusguard in the past seven days the company saw 64 internet-based scans for SSDP services.

In a recent attack the company has tracked 559 edge devices — devices that provide an entry point into enterprise or service provider core networks — that were actively being exploited, with more than half located in the US, China, Bulgaria and Russia.

The Important New Features of Android 6.0

image

Google is previewing Android 6.0, also known as Android M (for Marshmallow, which will be competing with Apple’s iOS 9 and raise the stakes in the smartphone industry.

Android Marshmallow is coming very soon, and last night Google has revealed the SDK for developers to upgrade their applications for when the new OS arrives this autumn.

Google is also understood to be working on two new Nexus smartphones that will showcase the new operating system to the people who want vanilla Android.

There’s a lot at stake for Google, whose Android OS is installed on roughly 80% of the world’s smartphones.

So what’s going to be new in Android Marshmallow?

ApplicationsPermissions

Application Permissions is designed to give users way better control over what functions apps they download can access on their phone. For example, users can now have granular control over whether applications can access information such as images, contacts, location and more. Users can also disable permissions on existing apps, such as location, like I always do currently when it asks for location.

Tracking Memory

Android M seems to be all about getting the most out of your device regardless if you have a high or low end smartphone. The Track Memory feature will let you know which of your applications is using the most memory. The new memory tab will show you how much memory each application is taking up and monitor how much memory they are running better.

Doze/Power Saving

Doze is a new good set of behaviours for making sure applications don’t suck your battery life as badly as they usually do. It will also detect the lack of motion, for example if your phone is by your bedside, and will enter a new kind of deep sleep mode that will ensure your battery isn’t drained as badly while you aren’t using the device.

Nadella Turns around Microsoft for Real

satya-nadella

The ghost of Steve Ballmer is still haunting Microsoft. But his successor is working hard to exorcise Ballmer’s spirit. By all reasonable measures, Nadella is succeeding. Simply put, Satya Nadella looks like the real deal.

Eighteen months after Ballmer left to run a basketball team, Nadella is making the hard choices that Ballmer refused to make. The Nokia acquisition was a multi-billion-dollar mistake. Unwinding it financially torpedoed Microsoft’s last quarter and cost thousands of jobs. Nonetheless, it had to happen — and Nadella did it.

Nadella has shepherded Windows 10 out the door and presided over Microsoft’s most successful product launch in years. Sure, we have yet to know what will happen when enterprises begin to deploy it, and other issues should certainly cause you to hold off deploying Windows 10. But from the mainstream consumer point of view, Windows 10 looks like a double or a triple, if not a home run.

Shortly after he took the job, Nadella stuck a foot deeply into his mouth with an ill-considered, and frankly stupid, remark to the effect that women shouldn’t ask for raises. Last month, though, Microsoft said it will expand fully paid maternity and paternity leave to 12 weeks for corporate employees in the United States. That’s up from its previous parental leave policy, which provided four paid weeks and eight unpaid weeks. Other tech companies have done better, but it’s a big step in the right direction, and I’d say Nadella has made up for his early gaffe.

The Nokia Deal Led to $7.6 Billion down the Drain

I hate layoffs and so-called right-sizing, but there was simply no way that the acquisition of Nokia’s mobile phone business was going to work. Ballmer envisioned it as a way to make Microsoft more competitive in a market dominated by Apple, Google, and Samsung.

But Nokia was the wrong platform and Microsoft’s flawed Windows Phone mobile operating system wasn’t going to make it any better. Instead of rethinking his strategy, Ballmer doubled down, and as a result Nadella has to clean up the mess and take a $7.6 billion write-down. Even worse, Microsoft is laying off an additional 7,600 employees, which will bring the total of Nokia-related job losses to about 25,000.

That blood is on Ballmer’s hands, but to be fair, Nokia was in trouble before the acquisition, which is why the Finnish company took Microsoft’s money and ran. There’s no way to know what the fate of those workers would have been if Microsoft had not thrown $9.5 billion (less Nokia’s $1.5 billion cash in hand) at the phone maker.

But we do know Finnish workers alone didn’t take the hit — Microsoft’s shareholders had to bite it as well. It was easier for Nadella to admit to a corporate mistake he reportedly opposed than for Ballmer to do so, but the new CEO deserves credit for unwinding a wrongheaded and expensive mistake.

Now that Nokia is gone, the real test for Nadella is the creation and execution of a winning mobile strategy, which has eluded Microsoft for years.

Windows 10 is a Success so Far

There’s no reason to beat on the dead horse that is Windows 8. Microsoft is in do-over mode, and although Windows 10 wasn’t conceived on Nadella’s watch, he made sure it launched on time. By making it a free upgrade, he’s done much to speed adoption.

According to a blog post from Microsoft, 14 million computers were running Windows 10 a mere 24 hours after the new operating system was released. Windows 10 already accounts for more than 3.5 percent of desktop operating systems, up from a little less than 1.4 percent the week before (it had been widely available in a preview version), according to StatCounter, which measures market share by counting the prevalence of operating systems hitting Web servers. The gain in share, reported this week by The Register, came largely at the expense of Windows 8.1.

Keeping Windows 10 free for a year will cost Microsoft significant revenue, but given the distaste for Windows 8 by users, developers, manufacturers, and the press, the no-cost upgrade was absolutely necessary.

There is, though, a big question mark: Can Microsoft convince developers to return to the platform? Aalyst Rob Sanfilippo from Directions in Microsoft questions Nadella’s strategy of universal Windows app as a lure for developers:

The biggest challenge is getting the same app to run on these devices and phones. But Microsoft’s recent de-emphasis on Windows phones has gutted the promise of Windows 10 Mobile.

Microsoft is not only a Boys Club

A lot has been written about why the proportion of women working in tech and venture capital investments in woman-run firms are both still so low. There’s of course the bro culture, the out-and-out sexism detailed in the Ellen Pao suit against Kleiner Perkins, and a host of 1950s-type ideas about women in the workforce.

Attitudes can’t be changed by corporate or government fiat, but working conditions can be.

The United States is one of the very few developed countries in the world that doesn’t by law grant paid time off for working women who are new mothers. Men deserve time off too, but the lack of provisions for new mothers keeps women out of the tech workforce and contributes to very high turnover when they have babies.

In recent months, Adobe, Netflix, and now Microsoft have liberalized maternity and paternity leave policies. It’s the right thing to do, and even if Microsoft’s policy doesn’t entirely measure up, adding eight weeks to paid time off for child rearing is a significant step. It’s a credit to Nadella’s leadership that it happened on his watch.

I’m not minimizing the challenges Nadella faces. They are legion. But now that Ballmer’s ghost is no longer haunting the halls of Redmond, Nadella has a chance to yank Microsoft out of its PC-centric past and build a modern company.

Google Has ‘Destroyed’ the Market for Java

oracle-java

Oracle has expanded the scope of its ongoing copyright battle against Android and accused Google of “destroying” the market for Java.

Oracle made a request late last month to broaden its case against Android. Now, a supplemental complaint filed Wednesday in San Francisco district court encompasses the six new Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat, and Lollipop.

Oracle charged:

As with previous versions of Android, these six Android releases copy thousands of lines of source code from the Java platform, as well as the structure, sequence and organization of that platform. Just as before, this copying constitutes copyright infringement.

Oracle also noted that Android has expanded beyond smartphones over the years to include wearable devices, TVs, cars and various household appliances. Advertising on the mobile platform has increased dramatically as well, it said, thereby bolstering Google’s core source of revenue and allowing the search giant to reap enormous profits from both its direct and indirect exploitation of the infringing code.

As a result of all this, Oracle’s Java business has been seriously harmed, it said.

Oracle wrote:

Given the widespread dominance Android has achieved with its continued unauthorized use of the 37 Java API packages over the past few years, Android has now irreversibly destroyed Java’s fundamental value proposition as a potential mobile device operating system.

Oracle seeks a declaratory judgment, an injunction, damages and an order covering its costs and attorney’s fees.

Google declined to comment for this story. Oracle did not respond immediately to a request for comment.

In May 2012, a San Francisco jury decided that Google infringed Oracle’s copyright, but it was split on the question of fair use, which permits copying under limited circumstances. The judge in the case, William Alsup, later decided that Oracle’s Java programming interfaces were ineligible for copyright protection.

A federal appeals court partially reversed that decision in May 2014, ruling that programming interfaces in Oracle’s Java technology can be protected under U.S. copyright law. Google then appealed to the Supreme Court, which rejected the case in June.