Archive for June 17, 2009

This morning I reposted a Download Blog intro to Opera Unite; here now is an attempted summary of an article by Betanews on possible security issues arising from using Unite as your browser based web server.

opera-unite-screen

The main question is whether the Unite APIs expose users file systems. Opera’s security documentation indicates that no Unite user can access another user’s file system directly because each user acting as a server creates a virtual image of his/her file system on Opera’s proxy servers, generating so-called mount points to which other users are given access.

Right now Unite capable apps work as widgets; question: can they expose these mount points. A widget’s config.xml file includes a reference to the File I/O API and that reference contains a parameter pointing by default to a designated shared folder. This folder could be be a safe one if designated by the widget and the widget itself being safe. But even then, according to the Opera documentation the parameter includes shortcuts leading directly to system folders in Windows, Mac, and Linux (e.g. My Documents in Windows) – how safe is that?

Exposing system files via the mount point is one thing – another is access rights. According to the Opera documentation, the end user’s level of access to the virtual file system is determined by the corresponding level of access in the Unite server’s physical file system, and the job of securing them is left to the developer. The documentation says:

WARNING: Once mounted, the mount point will be read-write unless the underlying file system defines it to be read-only,” the documentation reads. “Be careful to protect your data by controlling how data gets written to them. You should supply some sort of authentication of users who access these directories and be careful to not leave code open to exploitation.

So, it sounds like the developer has to offer the user clear access rights options and the user has to be aware of them, understand their importance and then make use of them accordingly. Whether all developers will be that conscientious or benevolent is doubtful.

Next question is: can the config.xml file be altered by third parties? The answer according to Opera is no: “The config.xml … is hidden away from the Unite protocol and other Web protocols that the browser responds to. It cannot be altered by any unsolicited requests.”

But: can a widget be designed to deliver malicious payloads or otherwise wreck havoc on a user’s file system? Again Opera plays down this security risk by saying that it will ‘pre-screen’ all developer widgets and certify the developer’s claims. This of course would only be the case for widgets downloaded from their http://unite.opera.com repository. But we know from Mozilla how many extensions are being downloaded directly from developers’ sites. Will Opera allow the same for Unite widgets? Can it actually prevent this from happening? And if clients use non-approved widgets, how will Opera servers distinguish between them and the accredited ones? And what about developers running their own malicious widgets from their sites – how can Opera’s servers detect them?

Opera says that the communication between the widget and its servers is not based on SSL but its own protocol. “The authentication between the Opera Unite client and the Opera proxy happens via http://auth.opera.com which is our secure authentication server. This is the same server that is used to authenticate all our services, like Opera Link.” Link is currently being used to synchronise data like bookmarks and other browser data between desktops and mobile platforms, and it is the communication between these platforms that is encrypted; what is not though is the access to the system. What risk will that pose?

Many of the comments to the Betanews post show that that current beta users of Unite seem to have little concern about these and other security issues. That in itself could already be a problem, making the whole system vulnerable. But I guess as Unite grows out of beta, hopefully security fears will be laid to rest. In the meantime I certainly will wait with using Unite.

obama_netanyahu_closeup_smiles

There was nothing new in Netanyahu’s speech, as many commentators have pointed out. When Netanyahu talks about ‘two free people’ he means the kind of racist homeland model that South Africa had under its apartheid regime. It was just a reheating of the same old disgustingly tasting soup, disgusting to those naively hoping for peace, equality, justice and the end of human rights abuses in Palestine and Israel itself. It is the same hope people have when they hear Obama talking, but the chances that any beneficial change for the Palestinians will emerge under his administration are highly unlikely too.

Let’s be realistic: militarily, the US is already up to its neck mired in the war fields of Afghanistan and still Iraq. In addition it depends on the Arab states for oil. Both factors make it necessary to appease the Arab community, to maintain the split between pro-Western and less Western friendly countries and therefore to appear as if America is genuinely concerned about Palestine’s destiny (ie a two-state solution) – especially with Iran growing its regional influence and using the Palestinian people’s plight as a political football.

At the same time America’s political class is culturally, financially and religiously deeply linked to the Jewish elite at home and abroad; that’s why we hear those constant pledges from both sides of US politics and have heard them ever since and even before the State of Israel was established on Palestinian land. Therefore little will change, whatever might be said by whoever is whenever the Israeli prime minister or the US president.

Bennis Phyllis is a bit more hopeful when she sees the ball being in Obama’s court; read her excellent and thorough analysis on the settlements, the terms ‘Palestinian State’ and ‘State of the Jewish people’ and on the Israel/Iran/Us relationship triangle:

(more…)

blue-connections

Microbes May Be More Networked Than You Are

Wired Science
By Yuri Gorby

When we think of networks, we think of humans and the cables we’ve run around the world to connect our species. Figuring out how to move electrons has transformed human society, but we are not the only species on earth that lives in a wired world.

A few years ago, microbiologist Gemma Reguera of Michigan State University reported that a certain type of bacteria could use rust to grow electrically conductive appendages. Shortly thereafter, my lab showed that many more bacterial species also had the ability to grow nanowires. The oxygen-making cyanobacteria that “invented” photosynthesis produce conductive nanowires in response to limited amounts of carbon dioxide. Heat-loving, methane-producing consortia of microorganisms even appear to produce nanowires that connect organisms from separate domains of life.

We are slowly, yet steadily, realizing that many (perhaps most?) bacteria produce nanowires. And the extracellular structures connecting bacterial cells into complex integrated communities create a pattern that looks suspiciously like a neural network.

I believe we now stand at the edge of a new scientific frontier. The study of Electromicrobiology will certainly provide new insights into the components, reactivity and roles of bacterial nanowires. Deeper knowledge of bacterial activity is tantamount to greater knowledge of our own bodies and the Earth. A human body contains a natural complement of 10 times more bacterial cells than human cells. Prokaryotes, organisms that lack a cell nucleus like bacteria and archaea, form the majority of the Earth’s biomass and are responsible for cycling its most important nutrients.

We’re still in the early stages of this research: Only six studies have been published on bacterial nanowires, but a number of intriguing possibilities exist about what role they could play in the bacterial world.

It is already generally accepted that many species of bacteria communicate by releasing and sensing certain types of chemical signals. One of the most exciting hypotheses concerning bacterial nanowires is the possibility that they are part of another type of primitive (or advanced?) communication system. When one considers that individual cells — each with their own set integrated of metabolic reactions — are connected by electrically conductive filaments, this hypothesis is quite reasonable. The rate or frequency of electron transfer from one organism to another could reasonably serve a form of communication.

Demonstrating that bacteria can communicate using integrated neurobiological circuitry will be no easy feat, but success in this pursuit will fundamentally change our understanding of microbial physiology and ecology.

Scientists in my lab and others are still characterizing these tiny electrical appendages. We know that nanowires are composed largely of protein, but the type of proteins appears to vary from organism to organism. They can grow to be more than ten times the length of a typical bacterium and are typically 8 to 10 nanometers in diameter. Long wires like this could be used as a kind of breathing tube. The evidence suggests that nanowires can transfer electrons over distances ten times the length of an individual cell. This would allow cells to access an energy source that is relatively far away from them, but it’s still unclear whether the nanowires can be used this way.

Perhaps more importantly, understanding the strategies for efficient energy distribution and communication in the oldest organisms on the planet may serve as useful analogies of sustainability within our own species.

Yuri Gorby is an electromicrobiologist at the J. Craig Venter Institute in San Diego. He began his groundbreaking work on the electrical interactions between microbes at the Department of Energy’s Pacific Northwest National Laboratory in Richland, Washington. His previous work included major publications on bioremediation of contaminated locations by bacteria.

See Also:

CopyPaste-iPhone3.0By Erica Ogg
CNet News

Many of the iPhone‘s long-awaited features will finally become reality Wednesday when Apple rolls out iPhone OS 3.0.

Current iPhone owners can download the software from iTunes for free, and iPod Touch users can get it as well, but for a fee of $9.95, just like the last OS update. What time exactly, we don’t know yet. Apple will only say iPhone OS 3.0 will come out sometime Wednesday.

The update includes many functions other phones have had for a while, including multimedia messaging (if supported by your carrier–AT&T won’t offer it until later this summer), voice recording, buying and renting movies and TV shows over the air, full system search, tethering (again, if your carrier allows it), and push notifications.

Apple has also bundled in some extras, like landscape virtual keyboard for certain apps, more extensive parental controls, in-app purchasing, and a feature for MobileMe customers called Find My Phone.

There will also be stereo Bluetooth available, as well as the capability to create applications specifically for interfacing with third-party hardware. That could lead to a boon in the accessories market for the iPhone as well as the iPod Touch, as my CNET colleague Donald Bell has pointed out.

As anticipated as Wednesday’s OS 3.0 launch is, it’s only the second most important product rollout for Apple this week. The new iPhone 3G S is scheduled to hit stores Friday morning. In the meantime, check out our First Take of the new iPhone and our detailed look at OS 3.0.

The Download Blog posted a fairly comprehensive article on Opera‘s new app United, which allows to transform your browser into a web server. For convenience I have reposted it here.

(more…)

It was only a matter of time before the P2P community came up with some workable options for anonymizing our activities. Sure, Tor has been able to do it for quite some time, but torrenting is very taxing on the network and transfers can be painfully slow. Recently, however, three new services have appeared that could provide the privacy protection we’ve been waiting for.

iPredator VPN – We’ve known this one was coming for a while. The beta launch date got pushed back quite a bit, but that little courtroom skirmish may have slowed things down a little. In a blog post yesterday, the iPredator team announced that the first 3,000 beta invites have been sent out. If you’re in the queue, don’t start drooling just yet. There are 179,999 others names lined up.

Furk (pictured)
– Find a torrent, paste it into Furk, and you’re provided a direct download link. Even with the free account, I still averaged about 275k/s, which isn’t much slower than what I typically manage on a straight torrent download (thanks to my ISP). Download links are also passed to you with SSL encryption. Just don’t use it to download stuff like what’s in the capture – it’s there for illustration purposes only, of course…

Paid accounts are just under 10 Euros a month or 24/three months.

BitBlinder
Jay posted about this service the other day. The open source project aims to anonymize not only torrent downloads but also your web browsing. How does it work? Think of your Internet traffic as the fruit in a smoothie. Now take all your friends’ fruit, chuck it all into a blender, and press ‘liquify’. Pour it into a glass, and all you see is smoothie – you can’t tell what’s your fruit and what belongs to your friends.

As with iPredator you may be waiting a while to get your invite and download link.

Reposted from Download Squad

Reblog this post [with Zemanta]

snow leopard ripoffThis stinks! It makes me even like Micro$oft better. Download Squad reports that Apple has decided to charge users, who buy a Mac now sporting the Leopard OS, US$9.95 if they want to upgrade to the soon to be released Snow Leopard. Micro$oft on the other hand offers buyers who get a computer now with Vista onboard a coupon for a free upgrade  for the also soon to be released Windows 7.

What’s the matter with Apple? Of course, $9.95 isn’t much, and that alone would be a reason to drop the charge. But this case is also about principles: it’s simply unethical to charge users extra money a couple of months after the purchase date when you know already that what you sell them now will be outdated then. To level such a charge simply is an act self-conceited arrogance (which of course is a vital part of Steve Job’s personality).

Another LaVaonne track, this time on domestic violence in lesbian relationships. California native Mélange LaVonne, is an outspoken, openly lesbian hip-hop activist and artist.

Presented by POWER UP.

It’s been around for a couple of years and had 114,086 views so far, but it can’t be watched often enough: a song by Mélange Lavonne against gay bashing and Christian hate-filled homophobia. Fictional character Kevin, Mélange’s friend, becomes a victim of a hate crime. Mélange’s confronts those including the “Church” who condemned him and his lifestyle.

Directed by Little Red Pictures.

myspace.com/melangelavonne

Reblog this post [with Zemanta]

melange

Spezify is a new freeform search tool for the visually excitable. Unlike standard search engines, which produce search results as a list of links with some textual clues, Spezify returns a multimedia imagery collage made up of pics from websites, video clips, ebay and Flickr fotos, and text clips from microblogging sites and sites like Wikipedia (see image above). Depending on your screen size, the collage might not horizontally fit onto a webpage; being presented a bit like a multimedia wall you’ll have to scroll across in addition to up and down.

The images don’t have an immediately visible caption; to get an idea of what they represent you’ll have to click on them to access the content clue as well as the URL for the website. To go back to all search results click the image again and it will merge back into the wall. Videos can be watched without leaving the page; like with all other images, clicking on them brings them forward to enlarge them for viewing. Once finished watching, click on them again and they’ll disappear into the background. Text results show a lot more content than Google previews, but with the focus on imagery there are less of them.

Spezify does not make your favourite standard search engine obsolete but it provides a great complement, especially if your brain’s preferred information processing mode is ‘visual’ and you’re looking for a topic overview.

[Via Download Squad]