Copy Link
Add to Bookmark
Report
Atari Online News, Etc. Volume 16 Issue 15
Volume 16, Issue 15 Atari Online News, Etc. April 11, 2014
Published and Copyright (c) 1999 - 2014
All Rights Reserved
Atari Online News, Etc.
A-ONE Online Magazine
Dana P. Jacobson, Publisher/Managing Editor
Joseph Mirando, Managing Editor
Rob Mahlert, Associate Editor
Atari Online News, Etc. Staff
Dana P. Jacobson -- Editor
Joe Mirando -- "People Are Talking"
Michael Burkley -- "Unabashed Atariophile"
Albert Dayes -- "CC: Classic Chips"
Rob Mahlert -- Web site
Thomas J. Andrews -- "Keeper of the Flame"
With Contributions by:
Fred Horvat
To subscribe to A-ONE, change e-mail addresses, or unsubscribe,
log on to our website at: www.atarinews.org
and click on "Subscriptions".
OR subscribe to A-ONE by sending a message to: dpj@atarinews.org
and your address will be added to the distribution list.
To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE
Please make sure that you include the same address that you used to
subscribe from.
To download A-ONE, set your browser bookmarks to one of the
following sites:
http://people.delphiforums.com/dpj/a-one.htm
Now available:
http://www.atarinews.org
Visit the Atari Advantage Forum on Delphi!
http://forums.delphiforums.com/atari/
=~=~=~=
A-ONE #1615 04/11/14
~ The History of Atari! ~ People Are Talking! ~ Sony's Yoshida on PS!
~ GOP Granted .gop Domain ~ Google Glass 1-Day Sale ~ AT&T Hacker Is Freed!
~ Heartbleed, Understand! ~ Super Smash Brothers! ~ Date Set for ET Dig!
~ Feds Address Concerns! ~ IBM Mainframe Turns 50! ~ Facebook Censorship!
-* A Race To Plug Internet Hole *-
-* NSA Denies It Exploited Heartbleed! *-
-* New Heartbleed Bug Poses Major Data Threat *-
=~=~=~=
->From the Editor's Keyboard "Saying it like it is!"
""""""""""""""""""""""""""
Another crazy week - what else is new! However, I did want to make mention
of a couple of things this week, at least briefly. If using an Atari
system is only a "part-time" use; and you use a PC for some or most of your
computing needs, you may still be using Windows XP (like me). If so, you
are likely aware that Microsoft has ended its support of the XP operating
system. That means that new future threats such as hacking, etc. will no
longer be "protected". This week, we offer a few articles pertaining to
this predicament. Personally, I will continue to use my XP machine, but I
will phase out its use; I recently purchased my first Mac computer. Once
I get used to it and ported over most of my applications, my PC use will be
restricted to certain functions that I may not be able to easily do on the
Mac (at least for the present time). It's time, and I've had enough of the
Windows environment!
The other piece of news unveiled this week is the "Heartbleed" bug which
poses a major threat to user data. Hopefully, although the total impact of
this threat has not been identified yet, is that web sites and related
servers fix these holes quickly. As depicted in the numerous articles in
this week's issue, the repairs have begun, Do what you can to further
protect yourself!
Until next time...
=~=~=~=
->In This Week's Gaming Section - New Super Smash Brotherss Out This Summer!
""""""""""""""""""""""""""""" Sonys Yoshida on Two Decades of PlayStation!
IGN Presents: the History of Atari!
And much more!
=~=~=~=
->A-ONE's Game Console Industry News - The Latest Gaming News!
""""""""""""""""""""""""""""""""""
Nintendo Announces the New Super Smash Brotherss Will Be Out This Summer
Nintendo announced on Tuesday night that the highly anticipated next-gen
installment of Super Smash Bros. will finally release on the 3DS this
summer and on the Wii U in fall. Along with the release window, Nintendo
also went into detail about the visual enhancements of the multiplatform
title, the games dedication to the competitive fighting community and
the introduction of some new (and not-so-new) faces.
Unlike previous games in the series, Super Smash Bros. for 3DS and Wii U
will run at 60 frames per second, although some of the additional in-game
features, such as Pokemon and Assist Trophies, will run at 30 fps.
Both versions of the game will also feature two separate modes of play:
For Fun and For Glory. In For Fun mode, players will be thrown into a
random stage with all the games items turned on. In this mode, only wins
will be recorded to your profile. If you decide to play For Glory
instead, youll play on an anti-frill Final Destination version of a map,
which is completely flat so as not to distract from the battle. In For
Glory, your wins and losses will be recorded.
As for new characters, Nintendo revealed that character transformations
will no longer be a part of the game, thus allowing Zero Suit Samus, Sheik
and Charizard to serve as singular characters this time around. Greninja,
a brand new Pokemon, will also be joining the fight, along with the
returning egg-tosser, Yoshi.
Sonys Shuhei Yoshida Reflects on Two Decades of PlayStation
With the PlayStation 4, Sony has put forth a narrative of learning from
past mistakes and re-focusing on features for the players. At the
Computer History Museum in Mountain View, Calif., last night, Sony
Worldwide Studios President Shuhei Shu Yoshida traced his own arc
through four console generations and talked a bit about whats ahead.
Interviewed by longtime collaborator and PS4 lead system architect Mark
Cerny for the museums Revolutionaries speaker series, Yoshida said his
role has changed greatly over the years. Shu 1.0 was a business
development guy, the first to join the team of 20-odd engineers
developing the PlayStation under Ken Kutaragi, in 1993.
At the time, consoles were considered a kids toy, Yoshida said.
Someone in management said we should not go into the toy business, so we
named it Sony Computer Entertainment.
At first, he was only working with Japanese game publishers like Namco,
Konami and Square Enix, but Yoshida recounted how Cerny showed up in
Japan, insistent on obtaining a PlayStation development kit for his
company at the time, the Silicon Valley-based Crystal Dynamics. The hitch
was that Sony had only Japanese versions of the development contracts,
but Cerny came back and signed for the kit all the same.
As Yoshida later found out, Cerny didnt have the signing power with
Crystal Dynamics to broker such a major deal.
The two worked together on the first Crash Bandicoot game alongside
future Sony Computer Entertainment president and CEO Andrew House, the
games marketing VP. Shu 2.0? focused more and more on America and less
on Japan, losing interest in the legacy developers from his home country.
Even though he has since moved back to Japan, Yoshida maintained that
its still tough for Japanese publishers in the console world.
They should really focus on what they do best, he said. Many games try
to appease Western audiences, not understanding the culture, and most of
them fail.
Shu 3.0, the current model, oversees all game production in the
PlayStation world. However, Yoshida has increasingly become part of the
consoles public face, appearing in a viral video mocking Microsofts
initially announced (now abandoned) restrictions on sharing video game
discs on Xbox One:
He described himself as unofficial customer service because his morning
routine includes using his tablet to check Twitter for gamers with
complaints or feature suggestions. Twitter is more and more becoming
part of my job, he added, with both Sony and outside game developers
asking him to tweet things on behalf of their products and games.
Yoshida doesnt only tweet about PlayStation games, though. He owns two
units of all the gaming consoles since some titles on some systems are
region-locked to Japan, and has been banned twice, but seemingly
temporarily from Nintendos Wii social community, Miiverse. First, he
tried to use his Twitter handle @yosp as his Miiverse name, but was told
that was against the rules. He now goes by ShuYoshida, but was
reprimanded a second time when he posted I <3 PS," referring to
PlayStation.
Youre not supposed to promote a commercial product in Miiverse,
Yoshida said.
But whats next for PlayStation now that the PS4 is out and selling well?
In a brief interview with Re/code after the Revolutionaries interview,
Yoshida said hes happy with Facebooks acquisition of Oculus VR because
it validates Sonys own nascent virtual reality headset, Project
Morpheus. Now, he said, its Sony vs. Facebook rather than Sony vs. a
startup.
He also indicated that as the cloud gaming service PlayStation Now
test-launches this summer, Sony will shift to [be] service-oriented,
delivering games to new devices that couldnt previously play them. All
of which raises the question: In six or seven years, will there be a need
for a PlayStation 5?
Its really up to the game creators, Yoshida said. If they still feel
that we need more machine power We want to realize this and that and
that, but we cannot do [it] with PS4' if thats the case, theres a
good reason to have PS5, so that developers can create their vision. So,
well see.
=~=~=~=
->A-ONE Gaming Online - Online Users Growl & Purr!
"""""""""""""""""""
IGN Presents: the History of Atari
(Part 3 of 4)
In 1976, Bushnell - having bought out his co-founder, Ted Dabney, in 73
- sold Atari to entertainment conglomerate Warner Communications for a
widely-publicized $28 million (of which Bushnell personally received in
the region of $15 million). This, it would turn out, was the beginning
of Ataris first death, and it wouldnt be all that long before
Bushnells involvement with the company he created would come to an
end. Before that happened, though, there was another massively
important Atari invention to come: the VCS, the home games console
later known as the Atari 2600.
This was the beginning of Ataris first death.
I was born in 1988. When I was growing up, I had games consoles, Cartoon
Network, movies on tape - kids entertainment had become, by that point,
totally commercialized and massively over-served. But in the Seventies,
in the UK, there existed three TV channels, and programming for kids left
a lot to be desired. During the summer of 1979, an 11-week ITV strike
added insult to injury. My older friends tell me that kids had to
actually go outside - or read comics, play records or fiddle with Lego.
Sure, video games existed in the latter half of the 70s, but only in
the most primitive sense imaginable; if you wanted to play games outside
of your local arcade, you most likely had a cheap knock-off Pong system,
or some handheld abomination. Honestly, childhood in the seventies
sounds exceptionally boring. Just as well the music was so good.
Its not hard to see why the first home computers, and the games that
came with them, had such a gigantic impact on that generation.
The story of the Atari VCS (later rebranded the Atari 2600) technically
starts in 1975, when Atari was looking for a way to bring all of its
successful arcade games to the home (the project was codenamed Stella).
What made it happen was the release of the MOS Technology 6052, the first
affordable microprocessor, which was one of the technological revolutions
that made home computers possible. The Atari VCS would use it, as would
its cousins the Atari 400 and 800 home computer, the Apple II, the NES,
the BBC Micro and the Commodore 64. Combined with the ROM cartridge, an
extremely cheap way of storing the games themselves, it represented a
way to get quality video games into the home without asking people to
pay thousands of dollars.
But Atari couldnt afford to produce it, even though Bushnell suspected
that it could be a huge hit. Meanwhile, other companies were making forays
into cartridge-based home gaming, further eroding the sales of Ataris
home Pong units. This need for cash is what motivated the sale to Warner
- the company promised to finance the manufacturing of the VCS as quickly
as possible following the acquisition.
Released in October 1977 in the US, and the following year in Europe, the
Atari VCS shipped with two joysticks that have since become icons of video
games, and was also compatible with a keypad and paddle controllers. It
cost $199 - the equivalent of nearly $800 today. It would eventually be
one of the most successful games consoles ever, but bizarrely, it would
take years to get up to speed. The pricing, combined with the publics
slow realization that you could play something other than Pong on the VCS
(and everybody had had quite enough of Pong by 1977), held it back. It
underperformed in both 1977 and 1978, selling only just over half its
manufactured stock. By the end of 1978 only around 750,000 machines had
been sold, despite a $5,000,000 marketing spend by Warner.
It was in 1978 that Nolan Bushnell left the company. His Atari was always
known for its legendarily laid-back, creative working environment.
Bushnell literally hosted hot-tub parties, and company retreats were
famous for the prevalence of drink and drugs. Megacorp Warner could
hardly have been a more different prospect, and higher-ups hated
Bushnell and his engineers Friday parties and lax dress code. Following
repeated disagreements with the companys new owners and managers,
including a stand-up row with a Warner executive in front of the board,
Bushnell got himself fired. His entrepreneurial spirit would see him
involved in a huge array of other companies - but in interviews, you
always sense that he would have loved to have taken Atari forwards
himself.
In 1979, though, under new CEO Ray Kassar, everything would change.
Taitos Space Invaders had hit the arcades and caused an explosion of
interest in games again, and Warner continued to spend more marketing
money on the VCS. It became a best-seller, selling a million units in
1979 alone. It was the home conversion of Space Invaders that really did
big business - in 1980 the Atari 2600 sold two million units. The console
continued selling double what it had the year before, until it hit 10
million in annual sales in 1982. Having started out as almost a flop, the
Atari VCS had become dominant. Meanwhile, the architecture was adapted
for the Atari 400 and 800 home computers, which became widely available
in 1979 and had both a cartridge slot and a keyboard.
The idea of being able to play arcade games at home was mind-blowing at
the time. But the VCS didnt just offer the games people already knew in
a home setting - there were hundreds of games coming out for it, from
Ataris own (Adventure, Yars Revenge) to third-party games from
opportunistic software houses. It proved to be a fertile development
ecosystem.
In 1982 Ataris revenues made up a stunning 70% of its parent company
Warners income - bigger than music, bigger than film. But even as the
Atari 2600 became a huge worldwide hit, new CEO Ray Kassar had been
gutting the parts of the company that would have been able to follow it
up. The R&D department was cut in 1979, replaced largely with more
marketing staff, with the aim of to dissolving the influence that Ataris
creative engineers had enjoyed under Bushnell. These changed caused the
people actually making games at Atari to leave in droves from 1979
onwards, massively frustrated by management and the lack of credit they
were getting for their creations.
In 1979, four of Ataris best former engineers started a new company
called Activision. Their aim: to make games for the VCS that were better
and would sell better than Ataris own. This would be the beginning of
third-party publishing. Warner could not abide this. With both the Atari
400/800 series of home computers and the games-centric VCS, Warner wanted
to own everything: hardware, software, the lot. Instead of making open
platforms for developers to play with, they wanted a closed system. In
1981, Atari actually sued Activision for making games for its console.
Activisions games were massively successful on the VCS and Atari
continued to hit them with lawsuits, to no effect. The modern equivalent
of this legal battle would be Microsoft suing EA for selling so many
copies of FIFA on Xbox - the video game industry has come a long ways
since 1981.
Meanwhile, there was a huge glut of low-quality software jamming up the
market - much of it coming from within Atari itself, including a
lackluster Pac-Man conversion in 1982. The so-called video game crash of
1983 would hit Atari extremely hard. Unsold merchandise was dumped in the
desert and covered with concrete (according to a New York Times report
from August 1983), reportedly including thousands of copies of the
famously atrocious E.T. The Videogame. A Microsoft-funded documentary is
hoping to excavate the site this year. Atari lost an astonishing $310.5
million in the second quarter of 1983 alone.
Date Set for New Mexico Dig for Atari 'E.T.' Games
Organizers of a search in a New Mexico landfill for a rumored stash of
what some call the worst video game ever made by Atari announced Thursday
that the dig will get underway this month.
The dig at the Alamogordo landfill where Atari reportedly discarded
millions of "E.T. the Extra-Terrestrial" game cartridges in 1983 is
scheduled for April 26, officials with Microsoft-owned Xbox said.
The excavation will be open for public viewing, according to Xbox.
The company is joining with Fuel Entertainment and LightBox Interactive to
search the landfill. All three companies are making a documentary about
the project. Microsoft plans to release the documentary on its Xbox One
console.
City officials told the Alamogordo Daily News on Wednesday that the city
has rights to any discovered games. City Attorney Stephen Thies said any
game cartridges will be stored by the city for possible marketing.
However, a tentative agreement between the Alamogordo City Commission and
Fuel Entertainment's parent company calls for Fuel to receive some games.
The city will give Fuel either 100 game cartridges or 10 percent,
depending on which is the lesser amount, according to Thies. But Fuel
cannot receive more than $2,500 worth of games. The company plans to hand
out the cartridges to film crews.
City commissioners also want Fuel's $1.5 million liability insurance to
be raised to $3 million.
"If they decide they don't want any of the games, then the original $1.5
million insurance will apply." Thies said. "Because it is our landfill,
anything that's out there is our property, if any games are found those
are our games."
All three companies gained approval last month from the New Mexico
Environmental Department for their waste excavation plan. The agency
plans to send a representative to monitor the project once it commences.
Atari paid director Steven Spielberg tens of millions of dollars to
license the wildly popular 1982 movie's name, and game developers
completed the project in just six weeks. In the game, the player takes on
the role of the titular alien and tries to elude FBI agents while
collecting pieces of a telephone to call E.T.'s spaceship.
The end result was a huge commercial dud that caused the troubled
company's worth to sink even further.
Atari purportedly disposed of millions of game cartridges and other
equipment by the truckload at the landfill. The area's supposed role as a
gaming burial ground has taken on urban-legend status over the years.
The landfill was first used as a dumping ground in the 1920s but has been
closed since the late 1980s, officials said.
Huge Collection Of Classic Games Needs A New Home
Facing mounting financial pressure, the Danish museum Spilmuseet ("The
Games Museum") is about to jettison a massive collection of classic video
games and related hardware. And with nobody opening their doors yet, all
these refugees of console wars past are still in need of a new home.
The collection consists of roughly "10,000 console and computer games,
4,000 arcade games and 1,400 arcade machines," according to the Wall
Street Journal. Rune Keller, the museum's head, told the paper that he's
"pretty sure our arcade collection is the world's largest." That's all
the more impressive considering that he assembled the whole thing with
his dad. The Journal didn't say how long it took the father-son duo to
fill out the collection, but Keller said that they poured "roughly a
million dollars" into the project and "invested their spare time in
restoring the items."
There are some real gems in the collection, such as a working version of
the 1981 arcade game Space Fortress and a European version of the 1979
game Sheriff, the first Nintendo title to feature artwork by Super Mario
and The Legend of Zelda creator Shigeru Miyamoto. That's in addition to
classics like Pong and formative consoles from Amiga and Atari.
With so much great stuff at his fingertips, you might be wondering: why is
Keller letting it all go? He told the Journal that he decided to hand off
the collection after he failed to win over government support for the
endeavor. But seeing as he and his dad were able to spend a cool million
on this passion project in the first place, Keller isn't in dire enough
financial straits to just let anybody take his games away. Rather, he's
looking for someone (or something) that will purchase the entire
collection and keep it in the public eye.
"We think it is important to conserve the history of gaming, just as it is
to conserve films, books or music," Keller said. So rather than hand the
collection to another individual benefactor or eager gamer, he wants to
find a like-minded institution that will use the archive to "serve the
public good."
New York City's Museum of Modern Art ranks as one of the most prestigious
museums in the world. You can go there to see iconic creations like
Keller told the Journal that he's been approached by "organizations from
Sweden and France as well as a 'big, established museum in the U.S.'"
Several prominent U.S. museums have taken an increased interest in games
in recent years, so there's no telling where the games might find
themselves if they end up making the journey across the pond. In any
case, it's nice to see that video games are finally beginning to emerge
from their position as "second-class citizens" in the "pantheon of pop
culture," as Kill Screen founder Jamin Warren put it back in 2012 when
the Museum of Modern Art first introduced them to its permanent
collection.
=~=~=~=
A-ONE's Headline News
The Latest in Computer Technology News
Compiled by: Dana P. Jacobson
New Heartbleed Bug Poses Major Threat to Data
A newly discovered bug in widely used web encryption technology has made
data on many of the worlds major websites vulnerable to theft by hackers
in what experts say is one of the most serious security flaws uncovered
in recent years.
The finding of the so-called Heartbleed vulnerability, by researchers
with Google and the small security firm Codenomicon, prompted the U.S.
governments Department of Homeland Security to advise businesses on
Tuesday to review their servers to see if they were using vulnerable
versions of a type of software known as OpenSSL.
It said updates are already available to address the vulnerability in
OpenSSL, which could enable remote attackers to access sensitive data
including passwords and secret keys that can decode traffic as it
travels across the Internet.
We have tested some of our own services from [an] attackers
perspective. We attacked ourselves from outside, without leaving a
trace, Codenomicon said on a website it built to provide information
about the threat, heartbleed.com.
Computer security experts warned that means victims cannot tell if their
data has been accessed, which is troubling because the bug has existed
for about two years.
If a website is vulnerable, I could see things like your password,
banking information and healthcare data, which you were under the
impression you were sending securely to your website, said Michael
Coates, director of product security for Shape Security.
Chris Eng, vice president of research with software security firm
Veracode, said he estimates that hundreds of thousands of web and email
servers around the globe need to be patched as soon as possible to
protect them from attack by hackers who will rush to exploit the
vulnerability now that it is publicly known.
The technology website Ars Technica reported that security researcher
Mark Loman was able to extract data from Yahoo Mail servers by using a
free tool.
A spokeswoman for Yahoo confirmed that Yahoo Mail was vulnerable to
attack but said it had been patched, along with other main Yahoo sites
such as Yahoo Search, Finance, Sports, Flickr, and Tumblr.
We are working to implement the fix across the rest of our sites right
now, she said Tuesday evening.
After Heartbleed Bug, A Race to Plug Internet Hole
Popular websites and millions of Internet users scrambled to update
software and change passwords Wednesday, after a security bug in crucial
encryption code was disclosed sooner than researchers had planned.
Facebook Inc. and Yahoo Inc.s blogging site Tumblr advised users to
change their passwords because of the so-called Heartbleed bug. Canadas
tax agency shut its filing website as a precaution, weeks before its
April 30 filing deadline.
Websites for Airbnb Inc., the Four Seasons hotel chain and Netflix Inc.
were vulnerable for a time, said Wayne Jackson, CEO of Sonatype Inc.,
which manages open-source software. Airbnb and Netflix said they had
updated their software. Four Seasons didnt immediately respond to a
request for comment.
Its easily the worst vulnerability since mass-adoption of the
Internet, said Matthew Prince, CEO of CloudFlare Inc., a San Francisco
cybersecurity company. Its going to be really bad.
The hole in the Internet was supposed to be fixed quietly. Researchers at
Google Inc. who found the bug told the team in charge of the code, OpenSSL
Project, last week, said Mark Cox, an OpenSSL manager.
OpenSSL then planned to tell trusted website operators how to fix the bug
before making it public Wednesday. Some big sites, including Facebook and
Akamai Technologies Inc., did get a heads up, people familiar with the
research said.
But managers feared that news of the security hole had leaked to hackers,
and so they disclosed it on Monday. That caught companies from Amazon.com
Inc. to Yahoo unprepared.
A Yahoo spokeswoman said the company had made the appropriate
corrections. Amazon Web Services posted a security bulletin detailing
what services it had updated.
The episode illustrates the delicate task of managing the Internets
plumbing to keep it safe for banks, social networks and retailers. When
companies find flaws, they have to decide how to tell as many people as
possible without tipping off hackers.
If the news gets out too quickly, the patches to fix the bug may not be
ready, said Christopher Soghoian, a technologist at the American Civil
Liberties Union. Move too slowly, and hackers will learn of the weakness.
A Google spokeswoman declined to comment on who was notified early.
Codenomicon, whose researchers also helped find the bug, didnt respond
to a request for comment.
The Heartbleed bug is problematic because it affected about two-thirds of
Internet servers when it was disclosed Monday. Websites where users have
to log in increasingly use encryption to make sure users personal
information is unreadable as it traverses the Internet.
The majority, including Internet companies, banks and the federal
government, use a free version of this code from OpenSSL, a library of
encryption code for websites managed by Mr. Cox and three other European
developers.
The bug affected OpenSSL versions released in the past two years. In
vulnerable systems, hackers can grab previously encrypted data from a
websites server before it is deleted.
Researchers said it is impossible for a website to detect whether or not
hackers use the bug to steal data. That means companies cant notify
consumers who may have been hacked.
CloudFlares Mr. Prince said its systems were vulnerable for a time. The
company was notified of the bug last week and made the recommended
fixafter signing a non-dsclosure agreement.
Security teams at Facebook and Akamai, which helps move videos across the
Internet, received similar warnings, people familiar with the matter said.
We added protections for Facebooks implementation of OpenSSL before this
issue was publicly disclosed, said a Facebook spokesman, who declined to
elaborate. An Akamai spokesman said the company was contacted by the
OpenSSL team in advance.
Google also had patched its systems ahead of time. The search giant told
users Wednesday they didnt need to change Google passwords.
The Canada Revenue Agency said that, after learning late Tuesday about
the Heartbleed bug, it decided to halt access to its online tools that
allow individuals and businesses to make tax filings electronically.
In an update Wednesday, the agency said it was working on a remedy to
restore online tax-filing services and expected the services to resume
sometime this weekend.
Despite being used by most websites, OpenSSL is a relatively overlooked
piece of computer code. Many of its contributions come from volunteers,
and a team of four core members manage what winds up in the encryption
tools used by hundreds of thousands of websites.
After Google contacted it last week, Mr. Cox and his team planned to get
patches ready as they notified major Web companies before April 9. They
notified some server operating system vendors, including Red Hat Inc. and
Canonical Ltd.
On Monday, though, Mr. Coxs team began to worry the bug had leaked after
it received a warning about the bug from the National Cyber Security
Centre Finland.
This spooked the group, which decided to disclose the bug Monday. At least
one person worked through the night, said Steve Marquess, president of the
OpenSSL Software Foundation, which provides funding for the OpenSSL team.
Matthew Green, an encryption expert at Johns Hopkins University, said
OpenSSL Project is relatively neglected, given how critical of a role it
plays in the Internet. Last year, the foundation took in less than $1
million from donations and consulting contracts.
Donations have picked up since Monday, Mr. Marquess said. This week, it
had raised $841.70 as of Wednesday afternoon.
What You Need To Know About The Heartbleed Bug
Millions of passwords, credit card numbers and other personal information
may be at risk as a result of a major breakdown in Internet security
revealed earlier this week.
The damage caused by the "Heartbleed" bug is currently unknown. The
security hole exists on a vast number of the Internet's Web servers and
went undetected for more than two years. While it's conceivable that the
flaw was never discovered by hackers, it's nearly impossible to tell.
There isn't much that people can do to protect themselves until the
affected websites implement a fix.
Here are answers to some common questions about Heartbleed and how you can
protect yourself:
Q: What is Heartbleed and why is it a big deal?
A: Heartbleed affects the encryption technology designed to protect online
accounts for email, instant messaging and e-commerce. It was discovered by
a team of researchers from the Finnish security firm Codenomicon, along
with a Google Inc. researcher who was working separately.
It's unclear whether any information has been stolen as a result of
Heartbleed, but security experts are particularly worried about the bug
because it went undetected for more than two years.
Q: How does it work?
A: Heartbleed creates an opening in SSL/TLS, an encryption technology
marked by the small, closed padlock and "https:" on Web browsers to show
that traffic is secure. The flaw makes it possible to snoop on Internet
traffic even if the padlock is closed. Interlopers can also grab the keys
for deciphering encrypted data without the website owners knowing the
theft occurred.
The problem affects only the variant of SSL/TLS known as OpenSSL, but
that happens to be one of the most common on the Internet.
Q: So if the problem has been identified, it's been fixed and I have
nothing to worry about. Right?
A: It depends on the website. A fixed version of OpenSSL has been
released, but it's up to the individual website administrators to put it
into place.
Yahoo Inc., which has more than 800 million users around the world, said
Tuesday that most of its popular services including sports, finance and
Tumblr had been fixed, but work was still being done on other products
that it didn't identify.
Q: So what can I do to protect myself?
A: Ultimately, you'll need to change your passwords, but that won't do any
good until the sites you use adopt the fix. It's also up to the Internet
services affected by the bug to let users know of the potential risks and
encourage them to change their passwords.
Q: I plan to file my income taxes online. Is that safe considering how
much personal information is involved?
A: The IRS released a statement on Wednesday saying that it's not affected
by the bug or aware of any related security flaws. It advised taxpayers to
continue filing their returns as they normally would in advance of the
April 15 deadline.
But Canada's tax agency on Wednesday temporarily cut off public access to
its electronic filling services just three weeks before its tax deadline
citing Heartbleed-related security concerns.
The Canada Revenue Agency said it's working to restore secure access as
soon as possible. The agency said consideration will be given to taxpayers
who are unable to comply with their filing requirements because of the
interruption.
NSA Denies Report It Exploited Heartbleed for Years
The Heartbleed security flaw that exposes a vulnerability in encryption
has reportedly extended its reach well beyond Web services.
According to Bloomberg, citing "two people familiar with the matter," the
National Security Agency knew about Heartbleed for at least two years and
used the hole in encryption technology to gather intelligence.
However, the agency strongly denied the substance of Bloomberg's report.
"NSA was not aware of the recently identified vulnerability in OpenSSL,
the so-called Heartbleed vulnerability, until it was made public in a
private-sector cybersecurity report,'' the agency said in a statement.
"Reports that say otherwise are wrong."
This follows a separate Bloomberg report the security flaw impacts
Android smartphones and tablets that run the 4.1.1 version of the Google
operating system.
In a statement on Google's online security blog, the company says
patching information has been submitted to partners.
Meanwhile, The Wall Street Journal reports some network products created
by Cisco and Juniper contain the flaw. The vulnerability affects products
such as routers and firewalls.
In an update published Thursday, Cisco says multiple products incorporate
OpenSSL, a variation of the Secure Sockets Layer (SSL) protocol used to
encrypt sensitive data.
A spokesperson for Juniper tells the Journal updating equipment to patch
up the security hole could take some time.
Heartbleed is a flaw that would allow anyone to read the memory of servers
running OpenSSL, which leaves information such as usernames, passwords and
credit card data exposed.
"This allows attackers to eavesdrop on communications, steal data directly
from the services and users and to impersonate services and users," says
Codenomicon, a security firm that helped uncover Heartbleed and
established a website to inform others.
Web services have scrambled since the revelation of Heartbleed to fix the
bug. Several companies including Facebook, Google and Yahoo have confirmed
they are clear. Most recently, Apple confirmed to Re/code its services
like iOS and Mac OS X were not impacted.
The Department of Homeland Security has joined the chorus of impacted
services urging consumers to change their passwords on updated sites. In
a statement, the agency notes no attacks or incidents tied to Heartbleed
have been confirmed.
"We have been and continue to work closely with federal, state, local and
private sector partners to determine any potential impacts and help
implement mitigation strategies as necessary," says the department in a
statement.
Tech site Mashable has compiled a list of sites and services to determine
whether passwords should be updated immediately.
We Need a National Change Your Passwords Day
Heartbleed, the major flaw that left passwords and other user information
vulnerable to hackers this week, wasnt the first security flaw to affect
the Internet. And it wont be the last. Security failures, hacks, leaks,
and vulnerability discoveries are inevitable. As is the typical reaction:
When news of a hack surfaces, we worry, and then some of us spring to
action, generally changing passwords on affected accounts especially
if the affected sites force us to.
But you should change your passwords regularly, even if you arent facing
down a flaw like Heartbleed. What we need is a National Change Your
Passwords Day so you dont forget. Heres why.
One thing Heartbleed has shown us is that there are hacks and attacks,
which sometimes we hear about and react to, and then there are the more
worrisome discoveries of security flaws, which are worse.
Heartbleed was a discovery, not an attack. A team of security engineers
discovered a flaw in a version of common software, OpenSSL, that many
major sites (and many more minor ones) use to protect and encrypt users
data. This flaw had existed for over two years; it was only now
discovered.
The discovery of this flaw doesnt necessarily mean that bad guys have
been exploiting it, and it doesnt point to any specific attacks. Rather,
it means that if anyone else (like, say,the NSA) also discovered this bug
between the time when it was first included in the software, and when the
Heartbleed discovery team told the world about it, they could have been
using it to access or attack your data.
There is no way to completely protect yourself from threats you dont know
about. But you can and should take precautions. The most obvious
precaution: Limiting your exposure to individual hacks by making sure you
have a unique and strong password for each different online account. I
cant stress enough how important it is to have different passwords for
different accounts. Its more important than having strong (unguessable)
passwords, in fact. The only reasonable way to manage all these different
passwords is with a password manager. I wrote a primer on these apps back
in February.
Now, you cant know when a flaw like Heartbleed exists until someone
discovers it, and having a unique and strong password on an account
doesnt mean that another flaw isnt leaving you exposed anyway, even if
youre doing all the right things. So one more thing you can do is change
your passwords regularly.
Since changing a lot of passwords is a colossal pain the neck (and I mean
massively inconvenient), even with a good password manager to help you,
perhaps itd be best if you set aside a big chunk of time to do it. Like,
a day. Maybe, in fact, a day off from work. A paid day off from work. Hey,
I can dream. And keeping people (more) secure will actually save the
country money, at least compared to the potential economic catastrophe of
a real, pervasive, and exploited breakdown in Internet security.
Another thing you might want to do is enable two-factor authentication
(also called two-step authentication) on sites that support it, like
Google and Dropbox. Two-factor authentication makes it much more
difficult to sign on to an account unless you have the account owners
smartphone with you, on which a second, always-changing password (the
second factor or step) is displayed. Well have more on two-factor
authentication in a future article.
So when is this new National Change Your Passwords Day? Id propose we
use the transition from Standard to Daylight time as the day for this,
since more clocks are setting themselves these days and we have all that
extra time to mind our technology. In fact, we should do password resets
more than once a year, so lets make it a twice-yearly holiday and use
the transition from Daylight to Standard, too.
So heres the bad news: Even regularly changing your passwords wont
completely protect you from unknown theft of your personal data. It
protects you a bit more, but not completely. It can take just microseconds
for a hackers system to exploit a security flaw on a service you use. But
the more often you change your locks, the less likely a stolen key will to
work in them.
If youve been hacked, and then you change your password, youre protecting
yourself against future intrusion into your account. Thats very good and
necessary. But the digital goods you want to protect may already have been
stolen. In particular, your credit card numbers are vulnerable, if you save
those numbers in online accounts.
You think its inconvenient to change passwords? Try changing credit card
numbers. You cant just call your issuers and ask for new cards just to
be safe. You can report your card stolen, in which case theyll
immediately deactivate your existing card send you a new one. That might
take a few days, and of course any automatic payments set up on that card
will fail the next time they come due.
And lets not talk about trying to change other financially-relevant data,
like a social security number. (Although if an online or commerce site
other than a financial institution asks for a social security number, you
would be wise to wonder why.)
The good news when it comes to Heartbleed (yes, there is some), is that,
as far as we know, no actual banks or brokerages used the OpenSSL software
that Heartbleed attacked.
Once more, with feeling: A password manager can improve your online
security while also removing a lot of the hassle of keeping different
passwords. However, password managers themselves are protected by
passwords, which means they could potentially become vulnerable to a
Heartbleed-like vulnerability.
The good news (again!) is that of the three password managers I recommend
Lastpass, 1Password, and Dashlane none are directly vulnerable to the
Heartbleed flaw.
I say, directly because Lastpass and 1Password both have some small
exposure. Lastpass uses OpenSSL to transmit data, but it encrypts the data
before the OpenSSL software sees it, so Lastpass claims theyre not
vulnerable to Heartblleed attacks.
1Password has a slight possibility of a flaw if you use its synchronizing
service, 1PasswordAnywhere, with Dropbox to keep your passwords in sync
across devices. If youre in that camp, theres a small chance that a
possible Heartbleed vulnerability on Dropbox could allow an attacker to
replace your 1Password sync file with a malicious version of your file,
causing havoc across your 1Password account (while not actually stealing
your passwords).
So if you are using one of these password managers, you might want to
read their blog posts about Heartbleed. Here they are:
Lastpass | 1Password | Dashlane.
The main takeway: As part of the Hearbleed password panic, its a good
idea to change your most important passwords now, starting with your
password manager, if you have one. And then change it again, perhaps the
next time National Change Your Passwords Day rolls around and youre
changing all your other critical passwords.
And if you dont have a password manager, get one now.
Minnesota Court To Hear All Target Data Breach Cases
The U.S. Judicial Panel on Multidistrict Litigation ordered that the many
lawsuits that accuse Target Corp of failing to protect customers from a
data breach will be consolidated in the retailer's home state Minnesota.
The order brings together 33 lawsuits across 18 districts, and potentially
many more tag-along actions, before the U.S. District Judge Paul Magnuson
in Minnesota.
The centralization will eliminate duplicative discovery, prevent
inconsistent pre-trial rulings, and conserve the resources of the parties
and the judiciary, according to the transfer order.
Target, the third-largest U.S. retailer, faces several class-action
lawsuits and action from banks that could seek reimbursement for millions
of dollars in losses due to fraud and the cost of card replacements.
The case is in re: Target Corporation Customer Data Security Breach
Litigation; case number 02522, U.S. District Court, Minnesota.
Appeals Court Overturns Conviction of AT&T Hacker 'Weev'
A federal appeals court rules that Andrew "Weev" Auernheimer was tried in
the wrong state and overturns his conviction under the Computer Fraud and
Abuse Act.
A federal appeals court on Friday vacated the conviction against hacker
and Internet troll Andrew Auernheimer.
Auernheimer, a security researcher who goes by the nickname "Weev," was
found guilty of hacking in 2012 for accessing a non-password protected
portion of AT&T's Web site to obtain the email addresses of more than
100,000 iPad users. Auernheimer, who was convicted under the controversial
Computer Fraud and Abuse Act, was sentenced to 41 months in prison.
The US Court of Appeals for the 3rd Circuit, however, did not overturn the
conviction because it had come to some new revelation about the fraud law,
but instead found that Auernheimer was tried in the wrong federal court.
"Although this appeal raises a number of complex and novel issues that are
of great public importance in our increasingly interconnected age, we find
it necessary to reach only one that has been fundamental since our
country's founding: venue," the court wrote in an opinion.
Auernheimer was originally tried and convicted in federal court in New
Jersey, which the 3rd Circuit concluded was improper since neither
Auernheimer nor the AT&T servers he accessed were in New Jersey.
"Evidence at trial showed that at all times relevant to this case,
[Auernheimer's co-defendant Daniel Spitler] was in San Francisco,
California and Auernheimer was in Fayetteville, Arkansas," the court wrote
in its opinion. "The servers that they accessed were physically located in
Dallas, Texas and Atlanta, Georgia."
As a result, the appeals court ruled that the venue did not lie in New
Jersey and vacated Auernheimer's conviction. Auernheimer is expected to be
released from the Allenwood Federal Penitentiary in the coming days,
reported The Verge.
"Today's decision is important beyond Weev's specific case," Hanni
Fakhoury, a staff attorney for the Electronic Frontier Foundation and one
of the attorneys on Auernheimer's appeal, said in a statement. "The court
made clear that the location of a criminal defendant remains an important
constitutional limitation, even in today's Internet age."
Auernheimer and co-defendant Spitler were arrested and charged in January
2011 after they created a script to download the records from AT&T and
gave the results to Gawker. Auernheimer was convicted in November 2012 of
one count of conspiracy to gain unauthorized access to computers and one
count of identity theft. Spitler pleaded guilty to the charges in June
2011. Their appeal, which was filed in July 2013, argued that - in
addition to New Jersey being the wrong venue for the trial -
Auernheimer's actions did not violate theft because as a result of AT&T's
lax security, the information was freely available on the Internet.
In an interview with CNET in 2010, Auernheimer admitted that the hackers
had compromised the AT&T 3G iPad customer Web site and released data on
120,000 accounts but said they did so with the intention of warning AT&T
and protecting consumers.
Auernheimer was convicted under the CFAA, a controversial law that was
enacted to deter intrusions into NORAD but was expanded over time to
criminalize terms of use violations. Federal prosecutors were using the
CFAA against Aaron Swartz, who committed suicide in January 2013, for
performing a bulk download of academic journal articles in violation of
a terms of use agreement.
Feds Address Antitrust Concerns On Cyberthreat Sharing
The Justice Department and the Federal Trade Commission are trying to
allay private-sector fears that sharing cyberthreat information could be
seen as a violation of antitrust laws.
In an important signal to private enterprises, on Thursday the DOJ
Antitrust Division and the FTC released a joint policy statement to "make
it clear that they do not believe that antitrust is - or should be - a
roadblock to legitimate cybersecurity information sharing."
Sharing technical cyberthreat information is fundamentally different from
sharing competitively sensitive information, the agencies explained. The
policy statement covers different types of sharing, structured and
unstructured, person-to-person, automated or hybrid. Information can
include incident or threat reports, threat indicators, threat signatures,
and alerts.
[Easing industry's concerns for sharing cyberthreat information may also
speed adoption of White House guidelines for protecting critical
infrastructure. Read more: Feds Launch Cyber Security Guidelines For US
Infrastructure Providers.]
The policy statement does not change anything; sharing that does not have
a negative impact on competition already is allowed under the FTC's
Competitor Collaboration Guidelines and the agencies have never
considered sharing of security information a violation.
The policy statement says that sharing this type of technical information
is allowed and encouraged in any industry sector. "It remains the
agencies' current analysis that properly designed sharing of
cybersecurity threat information is not likely to raise antitrust
concerns," it said.
Increased threat-information sharing has long been seen as necessary to
improving the nation's cybersecurity. Despite this, actually sharing such
information has remained challenging. Government agencies with access to
details about cyberthreats are often reluctant to share those details
with industry because of the sensitive nature of the intelligence; and
industry executives are reluctant to share with government because of
concerns about liability and exposure of confidential information.
Concerns about antitrust laws have stymied cooperation among companies.
This does not mean that information sharing is not happening. A number
of "trust networks" have been established, and a number of industry
sector Information and Sharing and Analysis Centers serve as vehicles
for collaboration.
But many organizations still are cautious and, in the absence of
legislation specifically enabling cooperation, the administration is
promoting sharing through executive action. In a February 2013 executive
order, President Obama highlighted the need for government to share
information with the nation's private sector. But sharing also is needed
within the private sector, and the DOJ-FTC policy statement provides
clearance for that.
In a White House blog post, cybersecurity coordinator Michael Daniel
wrote that, "reducing barriers to information sharing is a key element of
this Administration's strategy to improve the nation's cybersecurity, and
we are aggressively pursuing these efforts through both executive action
and legislation."
He praised the policy statement and warned of the risk of doing nothing.
"Companies should assess whether the remaining risks they perceive for
engaging in legitimate information sharing are greater than those they
face for failing to protect their customer data, their intellectual
property, and their business operations from the growing cyberthreats to
them."
"Today's announcement makes clear that when companies identify a threat,
they can share information on that threat with other companies and help
thwart an attacker's plans across an entire industry," Daniel said.
Facebook Adds Censorship Data to Transparency Report
Content on Facebook was censored most often in India and Turkey last year,
the social network revealed.
Facebook on Friday released its second official government transparency
report, and this time the social network is shining a spotlight on
censorship efforts.
"We have expanded on our first report to include information not only
about government requests for account information, but also about
government requests to restrict or remove content from our service on the
grounds that it violates local law," the social network said in a blog
post.
Between July and December 2013, Facebook removed 4,765 pieces of content
in response to requests from the Indian government, the most of any
country. Turkey came in second with 2,014 pieces of restricted content,
most of which violated local laws prohibiting defamation or criticism of
Ataturk or the Turkish state.
The revelation comes after Turkish Prime Minister Recep Tayyip Erdogan
last month blocked access to Twitter after the micro-blogging service
ignored court orders to remove "illegal" links.
"We do not remove content from our service entirely unless we determine
that it violates our community standards," Facebook said. "We take a
similar approach to government requests for account information. When we
receive a request for information, we carefully assess whether we are
legally required to comply."
Twitter did not censor anything in the U.S., but the U.S. lead the pack
with 12,598 requests for Facebook user data, impacting more than 18,000
users or accounts. Facebook provided information in response to 81 percent
of those requests. The U.K. followed with 1,906 requests, 71 percent of
which were granted.
The social network said it pushes back on requests that are "overly broad,
vague or do not comply with legal standards." When it is required to
provide information, Facebook shares only the most basic information in
most cases, including a user's name and IP address.
Last year, the social network and other Internet giants made a public push
for government surveillance reform. Facebook and firms like Google,
Microsoft, and Yahoo have also been pushing the U.S. for permission to
provide more information about national security-related requests they
receive.
The two sides finally reached a deal in January whereby the DOJ gave firms
two options for reporting national security-related data, and it appears
Facebook selected the first option, which lets companies disclose the
number of National Security Letters (NSLs), FISA requests for content, and
FISA requests for non-content in bands of 1,000. In its latest report,
Facebook said it received between 0 and 999 national security letters from
the U.S. between July and December 2013.
Republicans Are Granted .gop Web Domain
The Republican Party has won approval for the .gop domain from the
Internet Corporation for Assigned Names and Numbers (ICANN), a move the
party hopes will consolidate its online outreach efforts and make official
websites easier to find. The domain will be available in 75 days.
Democrats have not countered with their own domain extension yet.
Republicans didnt lose in 2008 and 2012 because people had trouble
finding their addresses, Democratic National Committee spokesman Michael
Czin told FoxNews.com.
ICANN began approving new domains last summer, adding everything from
.horse to .xyz. Some brands have had trouble securing their names,
however. Retailers Patagonia and Amazon had their applications for their
eponymous domains rejected after objections from South American
governments who said the names should be reserved for their geographical
counterparts.
Google Glass Available April 15 in U.S. for One Day Only
Google will make a limited supply of its controversial Internet-linked
Glass eyewear available for purchase in the United States beginning and
ending on April 15.
Anyone in the United States with $1,500 to spend on Glass will be able to
join the ranks of Explorers who have gotten to test out the devices
prior to them hitting the market, the California-based Internet titan
said Thursday in a post at Google+ social network.
Our Explorers are moms, artists, surgeons, rockers, and each new
Explorer has brought a new perspective that is making Glass better,
Google said in the post.
But every day we get requests from those of you who havent found a way
into the program yet, and we want your feedback too.
On April 15, starting at 9 a.m. Eastern, Google will commence what it
billed as the biggest expansion of the Explorer program to date by
letting anyone in the U.S. buy the eyewear online here, noting that there
would be a limited number of units available.
Google in March said it is joining forces with the frame giant behind
Ray-Ban and other high-end brands to create and sell Glass
Internet-linked eyewear in the United States.
The partnership with Luxottica was portrayed as Googles biggest step
yet into the emerging smart eyewear market.
Luxottica brands include Oakley, Alain Mikli, Ray-Ban, and Vogue-Eyewear.
The first smart glasses by Luxottica for Google Glass will go on sale in
2015, the head of the Italian eyewear group said Tuesday.
Google has been working to burnish the image of Glass, which has
triggered concerns about privacy, because the devices are capable of
capturing pictures and video.
Google recently sent out a release to debunk Glass myths including that
it invades privacy, distracts wearers, and is for technology-worshipping
geeks.
If someone wants to secretly record you, there are much, much better
cameras out there than one you wear conspicuously on your face and that
lights up every time you give a voice command or press a button, Google
said.
If a company sought to design a secret spy device, they could do a
better job than Glass.
During the Explorer testing phase, developers are creating apps for Google
Glass, which can range from getting weather reports to sharing videos to
playing games.
Google in February gave the early adopters a bit of advice: Dont be
Glassholes.
It was the final suggestion in a recommended code of conduct posted online
for the software developers and others taking part in the Explorer
program.
Google appeared intent on avoiding the kinds of caustic run-ins that have
seen some Glass wearers tossed from eateries, pubs, or other
establishments due to concerns over camera capabilities built into
devices.
Glass connects to the Internet using WiFi hotspots or, more typically, by
being wirelessly tethered to mobile phones. Pictures or video may be
shared through the Google+ social network.
Seven Safety Tips for People Sticking with Windows XP
Everybody panic! On Tuesday, April 8, Microsoft will stop supporting
Windows XP. If youre still using a computer thats running this old
operating system, you do have options. I covered them very recently:
Still on Windows XP? Heres Some Bad Advice.
But what if none of the options work for you? What if, for a perfectly
good reason (like the fact that upgrading from XP will cost you either
money or time, and you have neither), youre stuck with a computer using
XP? Whats going to happen to you and your computer on April 9?
Nothing youll notice, at least not right away. Windows XP will continue
to work. But your risk of a security breach into your computer increases
over time. Microsoft is adamant that Windows XP can no longer be
considered a safe place to store your digital assets.
Even though the operating system has been repaired (patched) literally
over 1,000 times, its got an old foundation, and it cant stand up to
modern security threats. Unless you want your data stolen, your home
network hacked, or your computer taken over to be used as a slave to
send spam, you need to get off this creaky platform. Thats what
Microsoft says.
But if you have to keep using an old XP machine, you can decrease your
exposure in a few ways:
1. Get the last version.
Make sure you have the final version of Windows XP. Connect your computer
to the Internet and let it update itself. Or find Windows Update on your
computer and let it run. Make your version of XP as secure as possible,
because its not going to get any better after this.
The author digs out his old IBM laptop to give it one final update.
2. Update your antivirus software.
Microsoft will continue to support its own Security Essentials add-on app
for Windows until July 2015. Make sure its updated (it should handle
this itself, or you can force it by opening the app and asking it to
update). Security software is a strong line of defense, but it cant
protect you from everything.
3. Make sure your browser is up to date.
Since the most common threats your machine is likely to see will probably
come
through websites you visit, be sure youre running a modern and
up-to-date browser. All the current versions of the major browsers offer
better security than that other giant Microsoft product that people still
use, Internet Explorer 6. Get off that thing right now.
4. Be extra careful with email.
Do not open attachments on your XP computer: PDFs, Word files, attached
programs, and so on. Even those that appear to be from people you know.
The from line in an email message can be forged, and happy-looking
emails from friends are great vectors for infection.
5. The same goes for Facebook.
Its fine to read updates, but youre at risk if you click on links to
stories or sites that show up in your feed, even if they appear to be
from people you know.
6. Be extra, extra careful with USB sticks, CDs, and DVDs.
These can carry malware. Your security software might catch it, but it
might not. Best bet is to not use any kind of external media with this
computer, especially USB sticks.
7. For the ultimate in safety, disconnect from the Internet.
Not a joke. And its actually a workable idea for people who are using
their XP computers for dedicated functions, like cash registers. If it
doesnt need to be connected to the world, disconnect it. Do your email
and web browsing on a modern device, like your smartphone or tablet, if
you can.
Microsoft has a public document stating when it will stop supporting
various versions of Windows. Today may be the end for XP, but its newer
products have termination dates, too. If youre on Windows Vista (which
hopefully youre not; its terrible), you have until April 11, 2017.
Windows 7 users will be abandoned on Jan. 14, 2020. The clock is even
ticking on Windows 8.1: Microsoft is planning to end support for todays
operating system on Jan. 10, 2023.
Time to Move On: You Can Trade in That Windows XP Machine
Weve already given you XP holdouts seven tips for braving this whole
discontinuation of Microsoft support thing (which takes effect after
Tuesday, by the way). In the event that youve been officially scared
off all together, consider this tip number eight:
Trade in your XP machine for money toward a new PC.
As reported by ZDNet, Best Buy is the latest retailer to offer a cash
for old XP machines offer, and its not bad. Though it stipulates the
trade-in must be a laptop, youll get a minimum of $100 that can be
put toward any other computer, including a Mac or a Chromebook. The deal
runs until April 19.
The Microsoft Store will also give you $100 for trading in your old XP
relic, desktop or laptop, though this money can be put only toward a
Windows computer, of course. This would include a Surface (original
model), in the event that youre feeling frisky and want to try the
switch to a more mobile Windows 8 device. The offer is good until
June 15.
Even though a quick eBay search will show that there is a fair-sized niche
market for powerful Windows XP computers with some selling for well over
a few hundred bucks its not likely that yours is capable of being a
commercial server machine (sorry). So, unfortunately, the couple of
trade-in options mentioned above are your only real chances to get a head
start on buying a shiny new device.
So good luck, and dont worry about that lack of a Start menu with
Windows 8. Word on the street is that its coming back real soon.
Die, XP, Die! Why the Operating System from 2001 Wont Go Away
How can we miss Windows XP if it wont go away?
Microsoft is finally pushing this operating system out the airlock after
years of ongoing support and constant updates. But the long-promised end
of updates for XP today has yet to dislodge this 2001-vintage release
from a dismayingly high number of computers.
StatCounter put its worldwide market share at 18.6 percent in Marchand
no, Americans cant blame backwards foreigners for that, as XPs share in
the U.S. is a full 15 percent. NetMarketShare, using different methods
that factor in more computers that rarely go online, found XP on 27.7
percent of computers worldwide.
When Windows XP made its debut on Oct. 25, 2001, personal computing was
a different game. We counted storage costs in dollars per gigabyte, not
pennies. Cloud computing meant hoarding attached documents in a Hotmail
or (ahem) Yahoo Mail account. The closest thing to a social network was
the buddy list in AOL Instant Messenger.
But even just five years in, XP had aged poorly. Its security had been
revealed to be so thoroughly broken that Microsoft had to ship the
equivalent of a new version of Windows in the form of the massive
Service Pack 2 download.
After another decade of security fixes, XP remains fundamentally
insecure. Any one app can have the run of the whole system. It still
needs work.
Remember, if your XP box gets hacked and enlisted into a botnet that
spams people with viruses, your preference for a vintage OS suddenly
becomes everybodys problem.
Why has this fossilized release stuck around so long? In part, its
because when Microsoft had its big first chance to ship a compelling
sequel to XP, it delivered Vista instead. And then it made the next
update, Windows 7, a dicey upgrade from XP.
If youve long since repressed those memories, take yourself back: Vista
suffered from having the most visible part of its overdue security
upgrades be the User Account Control are-you-sure? dialog that popped
up every time you installed an app or maybe just looked at the
computer the wrong way. Then Microsoft decided to crack down on
unauthorized Windows installationsexcept that its anti-piracy checks
locked out law-abiding users too.
Oh, and many machines built for XP couldnt run Vistas slick new Aero
Glass interface. In fact, until October 2010, Microsoft had to let
manufacturers keep shipping the old XP operating system on the
underpowered netbook laptops that had hit the market.
Windows 7 fixed many of those things, but Microsoft made upgrading from XP
to 7 something to dread: In some scenarios, Windows 7s installer would
nuke your existing setup, leaving you to reload all your apps, settings
and data from a backup.
Some businesses that had committed to Windows in general found their way
blocked, too. The worst-case scenario involved companies and government
agencies that had custom software written for XP. They became stuck
there. In some cases, upgrading to a newer flavor of Windows would have
been a function of spending millions of dollars to rewrite the
software, Intel Security vice president Candace Worley said at a
conference in Washington last week.
Similar migration woes plagued consumers. For example, if you used an
older version of Intuits QuickBooks software to manage a home business,
going from XP to Windows 7 would mean buying a new release, even if you
didnt need any of its new features. And just a few weeks ago, I had to
enlist a Mac to get some footage off a neighbors 2003 Sony camcorder,
because Sony had not shipping post-XP driver software for USB video
transfer.
(Meanwhile, Apple has gotten its developers to leap through so many
hoopsrewriting apps for PowerPC chips in the mid 90s, rewriting them
again for OS X around the turn of the century, then a third time for
Intel processors.)
For some users, the easiest upgrade is to just get a new computer. As
ZDNets longtime Windows blogger Ed Bott wrote in an e-mail, theres
financial logic to that: For many of them the cost of an upgrade
(including the technical help to complete the upgrade) would be equal to
or larger than the cost of a new Windows 7 or 8 system.
But will all these long-time XP users be game to pay? I am betting not. I
am also betting that in January of 2020, well see about as much angst
when Microsoft terminates support for Windows 7.
Attention Windows 8.1 Users: Update 1 Is Not An Option
Windows 8.1 Update 1 (that is so clumsy) has been rolling out all week
and reviewers are singing hosannas to the update, which focuses on making
the OS more keyboard- and mouse-friendly.
The Update is designated as an "Important" security update in Windows
Update, when a more appropriate term would be "mandatory." You see,
Microsoft is going to require all Windows 8.1 users to have Windows 8.1
Update 1 installed for them in order to receive future updates.
In an April 7 post discussing the update, Microsoft's Premier Field
Engineering blog, Microsoft leaves no room for ambiguity.
"Failure to install this (Windows 8.1) Update will prevent Windows Update
from patching your system with any future updates starting with Updates
released in May 2014 (get busy!)"
So much for giving people time to test it before rolling it out. But I
suspect Windows 8's enterprise penetration is minimal anyway.
However, if you are still using the original Windows 8, unmodified with
the 8.1 update, then you won't need to apply Update 1. Windows 8 will be
supported by Microsoft until January 12, 2016, according to the Windows 8
lifecycle page. However, there is one bit of good news: you can go
straight from Windows 8 to 8.1 Update 1 without having to install 8.1
first. Update 1 is a cumulative update.
Work continues on the Windows 8 line. Microsoft has said that a restored
Start Menu and windowed Metro-Style apps will eventually be available in
the much-maligned operating system, a mea culpa that admits the original
design was flat wrong.
Adding these features is not trivial, so I expect that it will take
Microsoft some time. Some people are wondering why the Start menu wasn't
included in Update 1, but if you look at Start, it's woven through the
entire OS. It has to track all your apps, your document history, have
integrated search for the PC and know all of your PC, since it runs the
Control Panel from Start.
That's a whole lot of integration and touching virtually every component
of the operating system. So it will take Microsoft some time to get that
installed and properly tested. It's not something they can just bolt on.
I've experimented with Update 1. While it does finally add all of the
necessary features for us keyboard and mouse users, I have a stable,
smooth-functioning Windows 7 machine and see no reason to disrupt it and
spend days getting back to square 1. Maybe if the day comes that I have
to reinstall the OS, I'll consider moving 8.1 from the test bed to the
main machine, but for now, it's just too much disruption for too little
gain.
But hey, at least I'm not saying it sucks.
Half-century Milestone for IBM Mainframes
The IBM mainframe is celebrating its 50th anniversary.
The first System 360 mainframe was unveiled on 7 April 1964 and its
arrival marked a break with all general purpose computers that came
before.
The machines made it possible to upgrade the processors but still keep
using the same code and peripherals from earlier models.
Later this year the British rival to IBM's machine, the ICL 1900, also
celebrates its 50th anniversary.
Despite their age, mainframes are still in wide use now, said Barry
Heptonstall, a spokesman for IBM.
"I don't think people realise how often during the day they interact with
a mainframe," he said.
Mr Heptonstall said mainframes were behind many of the big information
systems that keep the modern world humming and handled such things as
airline reservations, cash machine withdrawals and credit card payments.
The machines were very good at doing small-scale transactions, such as
adding or taking figures away from bank balances, over and over again, he
said.
"We don't see mainframes as legacy technology," said Charlie Ewen, chief
information officer at the Met Office, which has been using mainframes
for 40 years.
"Mainframes have several characteristics that are enormously valuable for
us," he said. They are "resilient, robust and are very cost-effective for
some of the work we do", he added.
The Met Office uses its machines to slice its data sets in many different
ways for different clients and keeps them running all day every day, said
Mr Ewen.
"The mainframes are the production house of our IT operation and help us
provide four million forecasts a day," he said.
Mr Heptonstall said the introduction of System 360 also changed the way
computers were used.
"Before System 360 arrived, businesses bought a computer, wrote programs
for it and then when it got too old or slow they threw it away and
started again from scratch," he said.
Kevin Murrell, co-founder of the National Museum of Computing, said the
name IBM adopted for its range of machines dated from an earlier,
non-computer, era.
Scientific equipment such as oscilloscopes were often built around a
"main frame" on which customers could choose to put extras or add-ons
specific to their research needs.
In addition, he said, in the post office the "main frame" was the part of
a telephone exchange where all the incoming wires were located.
"It was quite a common name," he said.
In the early days of computers, the size of a mainframe made it easy to
distinguish it from other types of computer.
"If it was big enough to walk around then it was a mainframe," he said.
"If you could get it in your living room it was a mini-computer, and if
you could carry it then it was a micro."
Soon after the appearance of the System 360 family, ICL produced its own
rival line of mainframes that started with the 1900. A series of events
is being planned to celebrate the arrival of that machine and its
successors, said Mr Murrell.
The machines have a legacy seen on many modern keyboards, he said. The
"escape" key was a common way to exit from a menu system on a mainframe
and the "SysRq" key on some keyboards also dates from that era of
monolithic computing.
"If you were using a terminal-based system, 'System Request' let you
interrupt what you were doing and run another job," he said. "But I'm
not sure it's ever had a use in Windows."
=~=~=~=
Atari Online News, Etc. is a weekly publication covering the entire
Atari community. Reprint permission is granted, unless otherwise noted
at the beginning of any article, to Atari user groups and not for
profit publications only under the following terms: articles must
remain unedited and include the issue number and author at the top of
each article reprinted. Other reprints granted upon approval of
request. Send requests to: dpj@atarinews.org
No issue of Atari Online News, Etc. may be included on any commercial
media, nor uploaded or transmitted to any commercial online service or
internet site, in whole or in part, by any agent or means, without
the expressed consent or permission from the Publisher or Editor of
Atari Online News, Etc.
Opinions presented herein are those of the individual authors and do
not necessarily reflect those of the staff, or of the publishers. All
material herein is believed to be accurate at the time of publishing.
