Tuesday, June 2, 2009

Sci-Fi Shows Drive BBC America into HD Universe


BBC America is riding an old sci-fi classic, a new sci-fi hit and an up and coming premiere to highlight the unveiling of the network’s HD channel.

The new high-definition broadcast takes flight on July 20 with a week of exclusive premieres, including Torchwood: “Children of Earth,” a Doctor Who special (”Planet of the Dead“), a new BBC America co-production (Being Human), and the season finale of Primevals third series.

That means we finally have an official premiere date for the week-long mini-series markingTorchwood’s return to U.S. screens. Starting July 20 at 9:00 p.m. ET/PT, Captain Jack (John Barrowman), Gwen Cooper (Eve Myles) and Ianto Jones (Gareth David-Lloyd) will have only five episodes to save the world.

Saturday, July 25 brings the finale to Primeval’s current run. At 8:00 p.m. ET/PT, the constantly shifting team at the Anomaly Research Center will try to stop the world greatest monster — human ambition.

A new show already making waves in the U.K. will join Primeval that Saturday at 9:00 p.m. ET/PT. Being Human features a dramedy look at the lives of three 20-somethings living double-lives as a werewolf, a vampire and a ghost while struggling with the common issues faced by young people. Think a slightly older Twilight with a sense of humor.

Finally, Sunday, July 26 at 8:00 p.m. ET/PT is the U.S premiere of Doctor Who’s Easter special, ”Planet of the Dead,” offering the first of four final hours of David Tennant in the role.

Image courtesy BBC

Why Tetris Creator Secretly Plays World of Warcraft as Woman

Have you recently teamed up with a mysterious druid in World of Warcraft that happens to love math puzzles? You could have been on a raid with Tetris creator Alexey Pajitnov.

“I recently started playing World of Warcraft, and I’m still playing it and enjoying it a lot,” Pajitnov said in a recent interview with Wired.com on the eve of his legendary puzzle game’s 25th anniversary.

Pajitnov is currently playing a level-74 female druid in the popular massively multiplayer online game. And it’s not his first character: He says he’s also played a warlock up to level 70 and a hunter before that.

He never tells anyone that he created one of the most popular videogames of all time, though.

“Nobody even knows that I am male,” he said. “I play just female characters.”

As you might expect, Pajitnov is interested in the MMO world’s complex game design. “It was very interesting for me, how the design works,” he said. “I really enjoyed the design work in Warcraft, because they must have a really huge team, and it was amazing how they distribute their activity and create together.”

Playing WoW has been “a very unusual experience,” he says, because in his 25-year career as a game designer, he has rarely gotten hooked on other people’s videogames. The only other games he’s played with the same level of passion were Nintendo’s Zelda games and the four-color CGA version of Lode Runner. (”I was absolutely addicted for more than a year.”)

Although Pajitnov mostly plays Warcraft solo, he has partnered with others on occasion.

“I’ve joined several guilds,” he said. “I did have a group which I used to play with a lot together, but later we lost each other and now I just have temporary alliances with different groups.”

So now you’ve got to ask yourself: Is that level-74 druid in your guild a game-design legend in disguise?

Jet Cyclist Hits 73 MPH and Lives to Tell the Tale


rocketman_01sized

Motor madman Bob Maddox is back with a twin-engine jet bike that makes the raucous rocket he rode last year look tame.

He recently bolted a dual-exhaust pulse jet engine to the side of an ordinary bicycle, donned a leather jacket and helmet and then held on tight as he peeled off a 73-mph run down a deserted back road. And we thought he was crazy when he hit 50 mph on one of his single-engine contraptions last year.

“When you get up to 60 or so, you’re thinking ‘I really don’t want to know how fast it will go,’” he told Wired.com.

Strong words from a guy who used to jump out of planes with a pulse jet strapped to his chest.

rocketman_04Pulse jet technology dates to the beginning of the 20th century when it was developed in Sweden. Germany used pulse jets during World War II to propel its V-1 “buzz bombs.” The exceedingly simple internal combustion engines ignite a mixture of air and fuel in “pulses” that occur about 70 times a second. They’ll run on just about anything.

Maddox, an artist and cabinetmaker in Medford, Oregon, started playing with pulse jets eight years ago. He built a sweet purple pulse jet cruiser last year for a collector in the Netherlands. His latest creation is beautifully retro-looking machine based on a 2005 Electra cruiser. It weighs 85 pounds and gets its power from a pair of pulse jets.

Why two? Why not?

“This bike has two [engines], although it is really one engine with two tail pipes,” Maddox said. “I stacked two 60-pound thrust engines and opened a hole between the combustion chambers and that makes them cycle as one.” The new engine also has a push-button starter and throttle.

Did we mention it’s loud? Forget your earplugs and you’re as good as deaf. A pulse jet at full throttle can pop your eardrums.

“Those Harley guys with the short pipes don’t even come close the the noise this thing makes, good or bad.”

Despite the lopsided engine placement and the skinny bicycle wheels, Maddox says the ride is pretty smooth. “People wonder if it pulls to one side. It does not,” he said. “The wheels have heavy spokes and the tires are aired to 65 pounds with heavy tubes, [so] there is no vibration and I feel real safe buzzing around at 50 or so.”

This bike is headed for the Netherlands. Maddox is already working on his next project - a drag bike he estimates will have 1,400 pounds of thrust and “should be the fastest in the world.” We’ll keep you posted.

Photos: Bob Maddox

rocketman_02

rocketman_03

In Legal First, Data-Breach Suit Targets Auditor


credit_card

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report.

In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised.

More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices.

They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies.

“We’re at a critical juncture where we need to decide . . . whether [network security] auditing is voluntary or will have the force of law behind it,” says Andrea Matwyshyn, a law and business ethics professor at the University of Pennsylvania’s Wharton School who specializes in information security issues. “For companies to be able to rely on audits . . . there needs to be mechanisms developed to hold auditors accountable for the accuracy of their audits.”

The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards.

Credit card companies have touted the standards and the auditing process as evidence that financial transactions conducted under their purview are secure and trustworthy. Yet Heartland Payment Systems and RBS WorldPay, two processors that recently experienced large breaches, were certified compliant before they were breached. And Hannaford Bros. was certified in February 2008 while an ongoing breach of the company’s system was underway.

A Visa executive told an audience earlier this month that the companies were not compliant, though auditors certified they were. “No compromised entity has yet been found to be in compliance with [the standards] at the time of the breach,” she said.

In the CardSystems case, Merrick Bank, which is based in Utah and services 125,000 merchants, suedSavvis last year in Missouri. Merrick says Savvis was negligent in certifying that CardSystems was compliant. The case was moved to Arizona five months ago but only recently assigned a judge, allowing the suit to finally move forward.

According to Merrick’s complaint, in June 2004 Savvis, a managed services company that bills itself as “the network that powers Wall Street,” certified that CardSystems had met the Cardholder Information Security Program (CISP) standards. CISP is the precursor to today’s Payment Card Industry Data Security Standard (PCI DSS).

CISP was developed by Visa, which required card processors and merchants that handled Visa transactions to certify through an auditor that they met a list of standards that included such things as installing firewalls and encrypting data.

Three months after Savvis certified CardSystems, the latter was hacked by intruders who installed a malicious script on its network and stole card numbers. The data belonged to card transactions that CardSystems had retained on its system and stored in unencrypted format, both violations of CISP standards.

The hack, which was discovered only in May 2005, was one of the first that was publicly disclosed under a 2003 California breach notification law. Shortly after the breach became public, VISA disclosed that CardSystems had not been compliant, even though it passed an audit before the breach. A Visa spokeswoman told Wired at the time that CardSystems had initially failed an audit in 2003, before being certified in 2004, though she wouldn’t reveal the reason for the failure.

That earlier audit could become crucial evidence in the case against Savvis, if the plaintiffs can show that Savvis knew about pre-existing problems with CardSystems’ security and intentionally overlooked them or failed to ensure they’d been fixed.

According to the complaint, in 2003 CardSystems contracted with a different auditor named Cable and Wireless. Toward the end of that year, the auditor submitted its findings to Visa, which rejected CardSystems’s compliance for unspecified reasons. Shortly thereafter, Merrick Bank contracted with CardSystems to process card transactions for its merchant customers, on the condition that the processor achieve certification from Visa.

A second audit was conducted by Savvis, which had bought Cable and Wireless’s auditing division. In June 2004, Savvis concluded that CardSystems “had implemented sufficient security solutions and operated in a manner consistent with industry best practices.” Visa subsequently certified the processor.

After the hack, it was discovered that CardSystems, which has since filed for bankruptcy, had been improperly storing unencrypted card data for more than five years, something Savvis should have known and reported to Visa. The processor’s firewall was also non-compliant with Visa’s standards. “Consequently, Savvis’ . . . indicating that CardSystems was in full compliance with CISP was false and misleading,” the complaint says.

Merrick claims the hack cost it about $16 million in fraud losses paid to banks that issued the cards, as well as in legal fees and penalties it suffered for contracting with a non-compliant card processor. Merrick says Savvis “owes a duty of care” to audit companies and “breached its duty to competently and professionally assess CardSystems’ compliance.”

The issue raises questions about the due care placed on certifying certifiers.

PCI auditors are certified by the PCI Security Council, a consortium representing the credit card companies that oversees the PCI standards and certification. According to the Council, about 80 percent of PCI audits are done by a dozen of the largest PCI-certified auditors.

Under the current PCI system, security companies seeking to become auditors must pay the PCI Council a general fee of between $5,000 and $20,000, depending on the company’s location, plus $1,250 for each employee engaged in auditing. Auditors are required to undergo annual re-qualification training, which costs $995.

In light of the recent spate of breaches at companies that were certified compliant, the PCI Council said last year that it was tightening its oversight of auditors.

Previously, only the company being audited was able to view the auditing report, since it was paying for the audit — a situation that mirrors what occurred in the electronic voting machine certification process for years. Now auditors have to submit a copy of the reports to the PCI Council, though the name of the company being audited is redacted.

The Council did not respond to a request for comment, but Bob Russo, general manager of the PCI Security Standards Council, told CSO magazine last year, “We want to make sure no one is rubber-stamping something. We want all these assessors to be doing things with the same rigor.”

The Council said it will also be looking at resumes of people conducting the audits, though it acknowledged that it has only three full-time staff members handling its auditor certification program.

The rules and requirements for auditors reveal a number of potential conflicts of interest (.pdf) that could arise between an auditor and the entity it’s assessing. For example, many security auditors also make security products. The rules state that a security company will not use its status as auditor to market its products to companies it audits, but if the auditor should happen to find that the client would benefit from its product, it must also tell the client about competing products.

The auditing process isn’t the only problem. Critics say the standards themselves are too complex, and maintaining ongoing compliance is tricky as companies install new programs, change servers and alter their architecture. A company that is certified compliant one month can quickly become non-compliant the next month if they install and configure a new firewall incorrectly.

At a congressional hearing in April to discuss the standards, Rep. Yvette Clarke (D-New York) said that while the standards weren’t worthless, PCI compliance wasn’t enough to keep a company secure. “It is not, and the credit card companies acknowledge that,” she said.

These factors are likely to be part of Savvis’ defense as it fights Merrick’s suit.

Matwyshyn says the case may raise questions about whether an auditor has an ongoing duty to maintain the accuracy of its certification when a company’s security status can change at any time.

“I think it’s not clear as a matter of law to what extent a certification authority has liability in this particular context for a negligent misrepresentation of the security level of an enterprise,” she says.

Matwyshyn says that Merrick’s case against Savvis may turn on an Arizona law that allows an entity that is not a direct party to a contract to seek recovery if they are an “intended beneficiary” of the contract. In this case, even though Merrick didn’t contract with Savvis directly to certify CardSystems, it relied on that certification being trustworthy.

June 2, 1953: Coronation Shown on Global Kluge TV


elizabeth_ii

1953: Elizabeth II is crowned as Queen of the United Kingdom of Great Britain and Northern Ireland, and of her other Realms and Territories. Television cameras allow her subjects to view the ceremony live, but in this pre-videotape and pre-satellite era, millions of viewers in North America and elsewhere have to wait a few hours.

Elizabeth II became queen immediately on the death of her father, King George VI, on Feb. 6, 1952. After flying back from Kenya, where she was on an official tour, her reign was formally recognized and acknowledged in an Accession Council at St. James Palace in London on Feb. 8. The heraldic officials of England and Scotland then publicly proclaimed her the queen in brief ceremonies in London, Windsor and Edinburgh.

The coronation itself took more than a year to plan. It was a religious ritual, parts of it unchanged for a thousand years. The rite included the wearing of special garments, anointing, and oaths by the nobles to serve the queen, and by the queen to serve her people. She was presented with symbols of dominion: golden spurs, bracelets, a jeweled orb and cross, a coronation ring, two scepters and two ritual swords.

In the climactic moment the Archbishop of Canterbury placed St. Edward’s Crown (weighing 5 pounds and encrusted with 440 jewels and semiprecious stones) on Elizabeth’s head. The assembled multitudes inside Westminster Abbey then rose and shouted “God Save the Queen,” trumpets sounded and, miles away at the Tower of London, cannon fired.

All told, quite a show. Not to mention the procession from Buckingham Palace to the Abbey and back again in a golden coach. Crowds line the route. And nearly all of it was seen on TV.

The coronation of Elizabeth II’s father, George VI, in 1937 was the first broadcast on radio, and about10,000 people with early televisions were able to watch the processions. The coronation of her grandfather, George V, in 1911 had preceded the age of mass-media broadcast.

Conservatives in 1953, including Prime Minister Winston Churchill, opposed the plan to televise from inside the Abbey, seeing it as a technological intrusion on a sacred, mystical moment. They lost their argument to those, including the young queen herself, who wanted the monarchial ceremony democratized. The only compromise: The sacred anointing was hidden from the view of the TV cameras.

Throughout Britain, people watched the hours-long ceremonies on small black-and-white screens, often newly bought for the occasion, and often in the company of many neighbors who could not yet afford the still-expensive entertainment novelty. About 56 percent of the population watched on TV, compared to 32 percent who listened on radio. Viewers in France, Holland and West Germany also watched live.

People elsewhere listened to the ceremony on a live, global radio hookup. But those who wanted to see it had to wait a few hours.

Communications satellites were a decade in the future. Even videotape was still a few years off. Instead, networks made kinescope films of the the BBC television signal at Heathrow airport. They also rushed newsreel film by motorcycle relays from Westminster to the airport. They then loaded the undeveloped film in batches onto airplanes specially fitted out to develop the film in flight. The films were processed while flying west across the Atlantic.

Record-breaking Canberra PR3 jets of Britain’s Royal Air Force flew the films to Gander, Newfoundland. Then CFIOOs of the Royal Canadian Air Force took one series of films to Montreal, which supplied CBC in Canada and — through a special hookup to New York City — ABC and NBC in the United States. (This was Plan B for NBC, whose own hired jet developed mid-Atlantic mechanical troubles and had to turn back.) RCAF Mustang P51s flew films directly to Boston for the CBS national broadcast.

Once on the North American mainland, the freshly developed films were rushed to TV studios to be broadcast, sight unseen, to a waiting public. CBS lagged 10 minutes behind the other networks in getting its coverage on the air. But it was NBC that came in for considerable criticism for running too many commercials, and for airing a coronation “interview” with its famous Today show chimpanzee, J. Fred Muggs.

The era of “global village” mega-events would not dawn until a decade later, with the state funerals of President John F. Kennedy in 1963 and erstwhile coronation-on-TV opponent Churchill in 1965.

Source: Various
Photo: AP

Three-Application Limit Dropped for Windows 7 Starter


Microsoft has dropped the three-application limit it had planned for its Windows 7 Starter operating system. The entry-level Windows 7 Starter edition is expected to be installed on many netbooks and now will run as many applications as customers want. An analyst said the netbooks will do some things easier than smartphones.

Microsoft Relevant Products/Services has decided to drop the three-application limit it had planned for its entry-level Windows 7 Starter operating system, which is slated for introduction this fall.

Many netbook vendors intend to deploy Windows 7 Starter on the next round of mini-notebook products for price-conscious consumers. Microsoft said it had decided to drop its Windows 7 Starter app limit after receiving feedback from partners and customers asking for an entry-level OS that delivers a richer small notebook PC experience.

Windows 7 Starter customers therefore will have "the ability to run as many applications simultaneously as they would like, instead of being constricted to the three-application limit that the previous starter editions included," said Brandon LeBlanc, a spokesperson for the Microsoft Windows development team.

The 3G Netbook Option

LeBlanc said Microsoft believes the changes will make Windows 7 Starter an even more attractive option for customers who want a small notebook PC for performing very basic tasks, such as browsing the Web, checking e-mail and enhancing personal productivity. However, analysts note that some businesses also are beginning to deploy low-cost netbooks.

"Due to their small size and low price, PC vendors have begun to find some traction for mini-notebooks in the transportation, logistics, repair and servicing, manufacturing and health-care markets," said Tracy Tsai, a senior research analyst at Gartner.

With many wireless operators now subsidizing the price of the netbooks running on their 3G infrastructures, some enterprises may want to consider netbooks running Windows 7 as a way to fulfill some enterprise functions that previously were the exclusive purview of smartphones, noted Shiv Bakhshi, an independent analyst covering mobile devices. "The beauty of netbooks is that as wireless networks provide more bandwidth, you can do a lot of stuff with them which users find a bit more limiting to conduct on smartphones," he said.

When it comes to Web browsing, for instance, "the limitations of the smartphone as work real estate become a bit more acute and visible as users become more involved in intense activities online," Bakhshi explained. "And when Windows 7 becomes available this fall, it will eliminate the three- or four-minute bootup time delay, allowing netbooks to become more like a flip phone and function almost as an instantly-on device."

Other Considerations

On the other hand, there are several caveats for using netbooks in business environments, noted Gartner Research Vice President Leslie Fiering.

"Most of the systems currently sold, and certainly the lowest-priced ones, are consumer models," which means "lower-quality assurance testing --resulting in lower reliability and higher failure rates -- and higher model churn," Fiering said. So many netbooks fall short of the mark when it comes to delivering the platform stability "which many organizations require to reduce the number of supported system images," Fiering said.

LeBlanc said Windows 7 Starter should not be considered "the netbook SKU," as most machines in this category can run any edition of Windows 7. "Many of our beta users have installed Windows 7 Ultimate on their small notebook PCs and have given us very positive feedback on their experience," LeBlanc said.

However, having to deploy a higher-priced edition of Windows 7 on a netbook eliminates the cost factor as a potential selling point for businesses, Fiering noted. There already are several vendors "that offer business features in mini-notebook form factors, but prices range from $700-1,800," and so are "no bargain compared to regular notebooks."

Microsoft's IE8, Google's Chrome post record gains in browser share

Overall IE numbers still dropping as IE8 gains share at the expense of IE7 while rivals like Firefox and Safari gain users

Google's Chrome and Microsoft's IE8 (Internet Explorer 8) were the big winners last month in the browser share sweepstakes, according to Web measurement company Net Applications.

Chrome's usage share climbed by 0.4 of a percentage point, from 1.4 to 1.8 percent, the largest one-month increase since the browser debuted last September. The gain represented a 27 percent surge over April.

[ Earlier this year, a study found that most of IE8's gains were coming at the expense of IE7. ]

Microsoft's newest browser also posted its biggest-ever increase, gaining 3.7 percentage points to end May at 7.6 percent -- a one-month growth rate of over 91% -- as the upgrade process rolled out to more users.

Microsoft launched IE8 in March, but didn't begin offering IE6 and IE7 users an upgrade until the third week of April. Not until May, however, did Microsoft open the Windows Update throttle for the IE8 offer. The browser will not be pushed to corporate PCs managed by Windows Server Update Services (WSUS) until July, at which time IE8 should receive an additional bump in share.

IE8 presents a special tallying problem for Net Applications, the company said today. The trouble stems from IE8's "compatibility view" feature, which lets users display sites as rendered by the older -- and often Web standard-incompatible -- IE7. "This has lead to underreporting of Internet Explorer 8, since about one-fifth of IE8 browsing in our sample is done in compatibility view mode," Net Applications noted on its Web site.

Starting in mid-May, Net Applications began differentiating between "normal" IE8 mode and what it calls "IE8 Compatibility Mode," then adding the two to get the total estimated share of the new browser.

IE8 was Microsoft's only silver lining in May, as its other browsers' share continued to plummet. IE7 lost nearly 3.7 percentage points to finish at 40.8 percent; the ancient IE6, meanwhile, dropped 0.6 percentage point to end the month at 16.9 percent.

Tabulating the IE8 gains against the losses of IE6 and IE7, Net Applications pegged Internet Explorer overall as losing 0.6 of a percentage point, putting Microsoft's browser in charge of 65.5% of the total share. As in months past, that was another record low.

Mozilla's Firefox and Apple's Safari both gained ground in May, continuing the trend where those two pick up most of IE's losses. Firefox ended the month at 22.5 percent, a gain of just 0.03 percentage point, while Safari climbed 0.2 percentage point to close the month at 8.4 percent, a record for Apple's browser.

Firefox's puny increase was significantly off its 0.3 point average for the last 12 months, and effectively stalled the open-source browser's march to the next major milestone of 25 percent, which Net Applications' data had earlier predicted Mozilla would reach by November. According to the newest numbers, Firefox now won't make the 1-in-4 mark until January 2010.