Red Bull Sea To Sky

Red Bull – Sea To Sky | The Most Enjoyable Hard Enduro Event

The Most Enjoyable Hard Enduro Event

27-29 September, Kemer-Antalya/Turkey


NIST Invites Comments on Structure of Forensic Science Guidance Groups

The National Institute of Standards and Technology (NIST) is seeking input on the structure of guidance groups that would promote scientific validity and reliability in forensic science. NIST is inviting comments on the structure of the groups through a Notice of Inquiry published Sept. 27, 2013, in the Federal Register.
The groups, each focused on a specific forensic science discipline, will develop guidance for forensic science practitioners. The proposed mission of the guidance groups, defined in the notice, "is to support the development and propagation of forensic science consensus documentary standards, monitor research and measurement standards gaps in each forensic discipline, and verify that a sufficient scientific basis exists for each discipline."
NIST is responsible for administering and coordinating support for the guidance groups, as outlined in a February 2013 memorandum of understanding* signed by NIST and the Department of Justice (DOJ) to support and strengthen forensic science in the United States. This effort follows a National Academy of Sciences report** detailing the need to strengthen forensic science.
The guidance groups will replace an existing ad hoc system of scientific working groups that are funded by a variety of agencies and have different sizes, structures and output. The groups' impact within their respective fields also varies. NIST seeks to leverage the best work of the existing working groups to standardize activities and output across disciplines.
"We envision the guidance groups as being voluntary collaborative organizations of forensic science practitioners and researchers from a wide array of disciplines. Members would represent all levels of government, academia, non-profits and industry," said Susan Ballou, NIST program manager for forensic science.
Under the memorandum with DOJ, the guidance developed by the NIST-administered groups would be made publicly available so that forensic science practitioners at the state and local levels could adopt it, and it could be considered by the Attorney General for implementation at federal labs.
NIST is considering several possible models for the groups' structure, but all proposed models should have the following attributes:
  • transparency and openness;
  • balance of interests of stakeholders;
  • due process for stakeholder input;
  • consensus process for decision making; and
  • an appeals process.
The Notice of Inquiry asks for comments and responses to questions within four broad areas: structure of the groups, impact of the groups, representation on the groups and the scope of the groups. The comment period will close on Nov. 12, 2013, 11:59 p.m. Eastern Time.
To read the Notice of Inquiry, visit Questions as well as written comments on the guidance groups may be submitted to Susan Ballou, NIST forensic science program manager. Please send questions or comments by email to or to the National Institute of Standards and Technology, c/o Susan Ballou, 100 Bureau Drive, Mailstop 8102, Gaithersburg, MD 20899.
*See the Feb. 15, 2013, NIST news announcement, "Department of Justice and National Institute of Standards and Technology Announce Launch of National Commission on Forensic Science" at
**The NAS report is available at

Twitter Quietly Adds Website Analytics (& You’ll Love It)

Did you know you can see how your website is performing on Twitter?
You can see all the tweets that link to your website, whether or not they include your @username. You can see tweets that link to any specific page on your website. You can see how often Twitter users click on links to your website, or to any specific page.
It’s true. And it’s all right there in Twitter Analytics, quietly added sometime in the past couple months.
Back in June, when we covered the Twitter Analytics public launch, the “Analytics” dropdown had two options — Timeline activity and Followers. Both of those provide data related to the Twitter account like follower growth and how your tweets are performing.
Now, we’re seeing a third option called “Websites” as shown below comparing an image from our June article with what’s there today.
The “Websites” screen is different because it presents data not about your Twitter account, but about a website that you verify by adding code to the home page. (Multiple websites can be added to the dashboard.)
And it’s incredibly detailed. (In other words, you’ll love it.)
Twitter’s website analytics focuses on two main metrics: tweets and link clicks. The first shows tweets from any account that link to the website, and it appears that it doesn’t matter what link shortener is being used. The latter, link clicks, shows exactly what it sounds like — how often those links are being clicked. For both, you can choose to see “top” or “all.”
You can see analytics for a specific page on the website via the “View page within website” option in the upper right, and you can change to any one of a dozen timeframe presets (shown below — click for a larger version).

By Matt McGee
Source and more:

3D-Printed Robot Cracks Your Android PIN Code

Using a PIN to lock your Android phone will keep it safe from most people, but not from R2B2 — a robot designed to brute-force its way through any four-digit code in less than a day.
R2B2, the Robotic Reconfigurable Button Basher, is the invention of Justin Engler — a senior security engineer at New York-based iSEC Partners. The robot has debuted on YouTube in advance of its appearance at the Black Hat security conference in Las Vegas.
Instead of using sophisticated software to crack Android PINs, R2B2 adopts the tried-and-true method of entering every possible combination until something clicks.

In hacking, this method is known as a "brute-force" attack, but R2B2 is unique in that it exhibits brute-force behavior in real life rather than digitally. The robot — four yellow manipulators that control a central appendage, resting atop two "legs" — can sit atop an Android phone and simply press buttons over and over again.
There are 10,000 possible four-digit PINs — a relatively small number, but still too many for one human to work through. R2B2, on the other hand, has no need for food, sleep or mental stimulation, and can work through every possible PIN in just 20 hours.
If a user enters five incorrect PINs in a row, the Android OS enforces a 30-second waiting period before the person can try again — but that is the only disincentive. This is why R2B2 wouldn't work on iOS devices: Apple employs an iterative system that makes a user wait increasingly longer to retry after each incorrect PIN entry.

By Marshall Honorof
Source and read more:

Projecting without a projector: sharing your smartphone content onto an arbitrary display

Previously, we presented Deep Short, a system that allows a user to “capture” an application (such as Google Maps) running on a remote computer monitor via a smartphone camera and bring the application on the go. Today, we’d like to discuss how we support the opposite process, i.e., transferring mobile content to a remote display, again using the smartphone camera.

Although the computing power of today’s mobile devices grows at an accelerated rate, the form factor of these devices remains small, which constrains both the input and output bandwidth for mobile interaction. To address this issue, we investigated how to enable users to leverage nearby IO resources to operate their mobile devices. As part of the effort, we developed Open Project, an end-to-end framework that allows a user to “project” a native mobile application onto an arbitrary display using a smartphone camera, leveraging interaction spaces and input modality of the display. The display can range from a PC or laptop monitor, to a home Internet TV and to a public wall-sized display. Via an intuitive, projection-based metaphor, a user can easily share a mobile application by projecting it onto a target display.

Open Project is an open, scalable, web-based framework for enabling mobile sharing and collaboration. It can turn any computer display projectable instantaneously and without deployment. Developers can add support for Open Project in native mobile apps by simply linking a library, requiring no additional hardware or sensors. Our user participants responded highly positively to Open Project-enabled applications for mobile sharing and collaboration.

Three Paradoxes of Big Data


Big data is all the rage. Its proponents tout the use of sophisticated analytics to mine large data sets for insight as the solution to many of our society’s problems. These big data evangelists insist that data-driven decisionmaking can now give us better predictions in areas ranging from college admissions to dating to hiring to medicine to national security and crime prevention. But much of the rhetoric of big data contains no meaningful analysis of its potential perils, only the promise. We don’t deny that big data holds substantial potential for the future, and that large dataset analysis has important uses today. But we would like to sound a cautionary note and pause to consider big data’s potential more critically. In particular, we want to highlight three paradoxes in the current rhetoric about big data to help move us toward a more complete understanding of the big data picture. First, while big data pervasively collects all manner of private information, the operations of big data itself are almost entirely shrouded in legal and commercial secrecy. We call this the Transparency Paradox. Second, though big data evangelists talk in terms of miraculous outcomes, this rhetoric ignores the fact that big data seeks to identify at the expense of individual and collective identity. We call this the Identity Paradox. And third, the rhetoric of big data is characterized by its power to transform society, but big data has power effects of its own, which privilege large government and corporate entities at the expense of ordinary individuals. We call this the Power Paradox. Recognizing the paradoxes of big data, which show its perils alongside its potential, will help us to better understand this revolution. It may also allow us to craft solutions to produce a revolution that will be as good as its evangelists predict.
Authors: Neil M. Richards, Jonathan H. King
Source and read the full paper:

Google Fiber vs. Broadband - Provo City


Secure Domain Name System (DNS) Deployment Guide


The Domain Name System (DNS) is a distributed computing system that enables access to Internet resources by user-friendly domain names rather than IP addresses, by translating domain names to IP addresses and back. The DNS infrastructure is made up of computing and communication entities called Name Servers each of which contains information about a small portion of the domain name space. The domain name data provided by DNS is intended to be available to any computer located anywhere in the Internet.This document provides deployment guidelines for securing DNS within an enterprise. Because DNS data is meant to be public, preserving the confidentiality of DNS data. The primary security goals for DNS are data integrity and source authentication, which are needed to ensure the authenticity of domain name information and maintain the integrity of domain name information in transit. This document provides extensive guidance on maintaining data integrity and performing source authentication. DNS components are often subjected to denial-of-service attacks intended to disrupt access to the resources whose domain names are handled by the attacked DNS components. This document presents guidelines for configuring DNS deployments to prevent many denial-of-service attacks that exploit vulnerabilities in various DNS components.

Authors: Ramaswamy Chandramouli; Scott W. Rose
Source and read the full text:

Chaos Computer Club breaks Apple TouchID


The biometrics hacking team of the Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apple's TouchID using easy everyday means. A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with TouchID. This demonstrates – again – that fingerprint biometrics is unsuitable as access control method and should be avoided.
Apple had released the new iPhone with a fingerprint sensor that was supposedly much more secure than previous fingerprint technology. A lot of bogus speculation about the marvels of the new technology and how hard to defeat it supposedly is had dominated the international technology press for days.

"In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake", said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. "As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints." [1]

The iPhone TouchID defeat has been documented in a short video.

The method follows the steps outlined in this how-to with materials that can be found in almost every household: First, the fingerprint of the enroled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone. This process has been used with minor refinements and variations against the vast majority of fingerprint sensors on the market.
The process described above proved to be somewhat unreliable as the depth of the ridges created by the toner was a little too shallow. Therefore an alternative process based on the same principle was utilized and has been demonstrated in an extended video available hereFirst, the residual fingerprint from the phone is either photographed or scanned with a flatbed scanner at 2400 dpi. Then the image is converted to black & white, inverted and mirrored. This image is then printed onto transparent sheet at 1200 dpi. To create the mold, the mask is then used to expose the fingerprint structure on photo-senistive PCB material. The PCB material is then developed, etched and cleaned. After this process, the mold is ready. A thin coat of graphite spray is applied to ensure an improved capacitive response. This also makes it easier to remove the fake fingerprint. Finally a thin film of white wood glue is smeared into the mold. After the glue cures the new fake fingerprint is ready for use.

"We hope that this finally puts to rest the illusions people have about fingerprint biometrics. It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token", said Frank Rieger, spokesperson of the CCC. "The public should no longer be fooled by the biometrics industry with false security claims. Biometrics is fundamentally a technology designed for oppression and control, not for securing everyday device access." Fingerprint biometrics in passports has been introduced in many countries despite the fact that by this global roll-out no security gain can be shown.
iPhone users should avoid protecting sensitive data with their precious biometric fingerprint not only because it can be easily faked, as demonstrated by the CCC team. Also, you can easily be forced to unlock your phone against your will when being arrested. Forcing you to give up your (hopefully long) passcode is much harder under most jurisdictions than just casually swiping your phone over your handcuffed hands.

Many thanks go to the Heise Security team which provided the iPhone 5s for the hack quickly. More details on the hack will be reported there.
[1] Fingerprint Recognition at the Supermarket as insecure as Biometrics in Passports (2007)



The Human Behind a Favorite Spambot, Horse_eBooks

For months, the Internet was captivated by the mysterious and strangely poetic Twitter spam account Horse_ebooks. The account spat out comical snippets of speech, including: “Unfortunately, as you probably already know, people,” and the occasional link to a Web site advertising e-books about horses. It was an Internet phenomenon that spawned legions of fans, who created Web comics and jewelry devoted to memorializing its bizarre existence and even led to a hunt to unearth the people behind it.
On Tuesday, Jacob Bakkila, a 29-year-old artist and Buzzfeed employee and one of the creators behind the account, stepped forward to claim the account as his own, which he described as a “conceptual but performative” art piece.

“The idea was to perform as a machine,” he said in an interview on Monday. Mr. Bakkila said he first came across the account in 2011 and reached out to its original owner, a Russian named Alexei Kouznetsov, to inquire about taking over the account. Mr. Kouznetsov agreed and Mr. Bakkila said he has been operating it himself for the last two years, since September 2011.
So how does one perform as a spambot? Relentlessly and tirelessly, said Mr. Bakkila. “The goal was not to appropriate the account but to become the account,” he said.
He mimicked the activity of a spam account, even occasionally tweeting links to the equestrian electronics books that the account was originally set up to try to sell. To create the odd non sequitur that the account became known for, he searched for articles on weight loss, bodybuilding and other types of self-improvement and self-help and skimmed them for material that he could tweet out at random intervals.
Horse_ebooks is Mr. Bakkila’s primary presence on social media. He said he has a Facebook account but that it’s more like “a phone book.”
The two-year project culminates in an art installation on Tuesday in a gallery on the Lower East Side of Manhattan. Beginning at 10 a.m., Mr. Bakkila and his collaborator, Thomas Bender, will be taking phone calls from people who want to hear them read excerpts from the Horse_ebooks account. They will also be showing off another installations, an interactive video art piece called Bear Stearns Bravo.

By Jenna Wortham

Google: The Redesign

Source and watch:

European Cyber Security Month

In October 2013, the first fully-fledged European Cyber Security Month (ECSM) will take place all over Europe. The challenge is to improve trust in public and private IT services, used in everyday lives.

The campaign is under intensive planning with more than 40 partners and, currently, stakeholders in 25 countries across Europe participating. The EU’s ‘cyber security’ agency ENISA is, together with the European Commission Vice President and Commissioner Neelie Kroes and the Commission Directorate General DG CONNECT, supporting this first full scale European Cyber Security Month, with more than 50 activities.
But what is the ECSM?
The European Cyber Security Month is an EU campaign that takes place in October. Its purpose is
  • to promote cyber security among citizens,
  • to change their perception of cyber-threats, and
  • to provide up-to-date security information, through education and sharing good practices.
Activities all over Europe
ECSM activities will take place in these 25 countries (22 EU Member States and 3 partner countries): Austria, Belgium, Bulgaria, the Czech Republic, Germany, Estonia, Greece, Spain, Finland, France, Ireland, Iceland, Italy, Latvia, Lithuania, Luxembourg, Moldova, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Sweden and the United Kingdom.
More than 40 partners from both public and private bodies are active in the campaign, among them Europol, the European Economic and Social Committee (EESC) and the European Commission’s Europe Direct network, as well as professional information and communication (ICT) associations (e.g. ISACA and the Information Systems Security Association, ISSA -) and industry representatives.
The activities will include video, radio and TV talk shows and programmes, lectures, expert workshops, conferences, online games, and fairs in all ECSM countries. For example, in Austria a record number of activities is being organised: (15); in Ireland a Cyber Psychology Research Centre will be launched.
ENISA’s Executive Director, Professor Udo Helmbrecht commented: “ENISA is a broker of cyber security knowledge. The European Cyber Security Month campaign makes it possible to share best practices, and to increase the results of the security communities’ work. It’s about your security, and in your best interest; online security requires your active participation”.
He added; “In a time when cyber security is of increasing importance for society and the economy, the challenge is to bring the skills of citizens and SMEs up to speed, to improve the trust in public and private IT services, used in everyday lives”.


"Granatum": 'Biomedical Facebook': New web portal for drug discovery

Researchers can now use to socially interact and cooperate, build and share hypotheses, search databases, design and execute in-silico experiments to screen potential chemoprevention drugs ahead of in-vitro and in-vivo test.
The GRANATUM web portal, a kind of 'Facebook for researchers', is online. It is ready to connect biomedical researchers and provide access to information about cancer research and established pharmaceutical agents from 83 global data sources in an integrated, semantically interlinked manner.
The European GRANATUM project started two years ago. Mission: to build a collaboration platform for biomedical researchers in the field of cancer drug research. Version 1.0 of this web portal is now available at It provides access to the globally available biomedical knowledge and data resources that the scientists need to prepare complex experiments to identify novel agents for cancer prevention and to design experimental studies. This will accelerate research and reduce its costs.
Faster research results
Scientists from universities, research institutes and pharmaceutical companies are invited to use the GRANATUM Platform to share their knowledge and cooperatively generate expertise and experimental data, thus producing research results faster. Based on the GRANATUM Biomedical Semantic Model researchers can semantically annotate, manage and access biomedical resources, e.g. public databases, digital libraries and archives, online communities and discussions.
A Scientific Workflow Management System for biomedical experts provides a set of advanced tools to create, update, store, and share in-silico modeling experiments for the discovery of new chemopreventive agents.
Connecting socially
"The GRANATUM Portal will socially connect biomedical research across national boundaries, ease scientific exchange and, for the first time, allow collaboration in formulating hypotheses and testing potential drugs", explains Prof. Wolfgang Prinz, the coordinator of the GRANATUM project and deputy director of the Fraunhofer Institute for Applied Information Technology FIT.
The GRANATUM Portal is based on the BSCW Shared Workspace System developed by Fraunhofer FIT and OrbiTeam Software GmbH ( It was designed and built in the GRANATUM project as "A Social Collaborative Working Space Semantically Interlinking Biomedical Researchers, Knowledge And Data For The Design And Execution Of In-Silico Models And Experiments In Cancer Chemoprevention", partially funded by the European Commission as part of the FP7 framework.
The GRANATUM consortium includes seven partners:
National University of Ireland Galway (NUIG-DERI), Cybion Srl. (Italy), Centre for Research and Technology Hellas (Greece), University of Cyprus (UCY/CBC and UCY/CS), German Cancer Research Center (DKFZ), UBITECH (Greece), and Fraunhofer FIT acting as project coordinator.


Dainese: D-Air

D-air®: Intelligent clothing

D-air® Intelligent clothing is technology you can wear thanks to the innovative integration of expertise from a variety of fields, including electronics, mechanical engineering and ergonomics. Integration that's made possible by another field of expertise – that of designing safety tailored to the human body.
What makes clothing "intelligent"? Its ability to protect users in situations where they are unable to control what's happening around them – even without their own intervention.
What is D-air? D-air® is a protection technology platform that uses an intelligent system to detect dangerous situations and inflate special airbags around the body.


D-air® Racing works in synergy with the existing body armour in professional racing leathers, shielding the following areas of the rider's body:

  • Neck
    D-air® Racing limits the inclination of the head in relation to the neck and reduces helmet movement during rolling.
  • Shoulders
    The system brings the extra shoulder protection of an airbag certified both to the current EN1621-1 standard and to the future EN 1621-4. (Tested by TÜV SÜD Product Service GmbH)
  • Collar bones
    D-air® Racing reduces the risk of direct helmet impact on the collar bones.
Source and more:

Downloading Is Mean! Content Industry Drafts Anti-Piracy Curriculum for Elementary Schools

Listen up children: Cheating on your homework or cribbing notes from another student is bad, but not as bad as sharing a music track with a friend, or otherwise depriving the content-industry of its well-earned profits.
That’s one of the messages in a new-school curriculum being developed with the Motion Picture Association of America, the Recording Industry Association of America and the nation’s top ISPs, in a pilot project to be tested in California elementary schools later this year.
A near-final draft of the curriculum, obtained by WIRED, shows that it comes in different flavors for every grade from kindergarten through sixth, to keep pace with your developing child’s ability to understand that copying is theft, period.
“This thinly disguised corporate propaganda is inaccurate and inappropriate,” says Mitch Stoltz, an intellectual property attorney with the Electronic Frontier Foundation, who reviewed the material at WIRED’s request.
“It suggests, falsely, that ideas are property and that building on others’ ideas always requires permission,” Stoltz says. “The overriding message of this curriculum is that students’ time should be consumed not in creating but in worrying about their impact on corporate profits.”
The material was prepared by the California School Library Association and the Internet Keep Safe Coalition in conjunction with the Center For Copyright Infringement, whose board members include executives from the MPAA, RIAA, Verizon, Comcast and AT&T.
Each grade’s material includes a short video, and comes with a worksheet for teachers to use that’s packed with talking points to share with students.
An entrepreneurial schoolyard artist finds her business selling dragon drawings is ruined after a fellow third-grader takes a photo with her cell phone.
In the sixth-grade version, (.pdf) teachers are asked to engage students with the question: “In school, if we copy a friend’s answers on a test or homework assignment, what happens?”
The answer is, you can be suspended from school or flunk the test. The teachers are directed to tell their students that there are worse consequences if they commit a copyright violation.
“In the digital world, it’s harder to see the effects of copying, even though the effects can be more serious,” the teacher worksheet says.
The material is silent on the concept of fair use, a legal doctrine that allows for the reproduction of copyrighted works without the rights holder’s permission. Instead, students are told that using works without permission is “stealing.”
“Justin Bieber got started singing other people’s songs, without permission, on YouTube. If he had been subjected to this curriculum, he would have been told that what he did was ‘bad, ‘stealing,’ and could have landed him in jail,” says Stoltz.
“We’ve got some editing to do,” concedes Glen Warren, vice president of the California School Library Association, the non-profit that helped produce the material with the Internet Keep Safe Coalition and industry.
The Internet Keep Safe Coalition is a non-profit partnering with various governments and some of the nation’s biggest corporate names like Google, Microsoft, Facebook, Target, Xerox, HP and others.
Its president, Marsali Hancock, says fair use is not a part of the teaching material because K-6 graders don’t have the ability to grasp it.
The curriculum, she said in a telephone interview, “is developmentally consistent with what children can learn at specific ages.”
She said the group will later develop material for older kids that will discuss fair use.
A 45-second video for second graders, for example, shows a boy snapping pictures and deciding whether to sell, keep or share them.
“You’re not old enough yet to be selling your pictures online, but pretty soon you will be,” reads the accompanying text in the teacher’s lesson plan. (.pdf) “And you’ll appreciate if the rest of us respect your work by not copying it and doing whatever we want with it.”
Hancock said the lessons were developed with “literacy experts,” and that some of the wording and kinks may still need to be ironed out.
She said the material has not yet been approved by the Center For Copyright Information, the group that commissioned the curriculum.
The Center for Copyright Information is best known for working with the White House and rights holders to forge an internet monitoring program with some of the nation’s biggest ISPs. That program provides for extrajudicial punishment of internet users who download copyrighted works without permission. Commenced earlier this year, the program’s punishment for repeat violators includes temporary internet termination and throttling connection speeds.
Hancock said the center is expected to be briefed on the proposed curriculum — dubbed “Be a Creator” — perhaps as early as this week.
The center’s executive director, Jill Lesser, told a House subcommittee Wednesday that she hoped the program would be integrated in “schools across the country.”
She testified that it’s best to attack piracy through youth education.
“Based on our research, we believe one of the most important audiences for our educational efforts is young people. As a result, we have developed a new copyright curriculum that is being piloted during this academic year in California,” according to her testimony.
“The curriculum introduces concepts about creative content in innovative and age-appropriate ways. The curriculum is designed to help children understand that they can be both creators and consumers of artistic content, and that concepts of copyright protection are important in both cases,” Lesser testified.
She said the CCI’s board is expected to sign off on the program soon, although she cautioned that it currently is in “draft” form.
“We are just about to post those materials in the next week or two on our web site,” Lesser said in a telephone interview.
Gigi Sohn, the president of Public Knowledge and an adviser to the CCI, declined to comment because she said she hasn’t seen the curriculum.
Overall, the curriculum’s message is anything but “sharing is caring.”
“We all love to create new things—art, music, movies, paper creations, structures, even buildings! It’s great to create — as long as we aren’t stealing other people’s work. We show respect for other artists and their work when we get permission before we use their work,” according to the message to first graders. (.pdf) “This is an important part of copyright. Sharing can be exciting and helpful and nice. But taking something without asking is mean.”
The fifth-grade lesson introduces the Creative Commons license, in which rights holders grant limited permission on re-use. But even in explaining the Creative Commons, the lesson says that it’s illegal to make any copies of copyrighted works. That’s a message that essentially says it’s even unlawful to rip CDs to your iPod.
“If a song or movie is copyrighted, you can’t copy it, download it, or use it in your own work without permission,” according to the fifth-grade worksheet. (.pdf) “However, Creative Commons allows artists to tell users how and if their work can be used by others. For example, if a musician is okay with their music being downloaded for free — they will offer it on their website as a ‘Free download.’ An artist can also let you know how you can use their work by using a Creative Commons license.”
Warren, of the library association, agreed that it’s incorrect to tell students they can never use copyrighted works without permission, as the fifth-grade worksheet says. He said some of the package’s language has been influenced by the rights holders on the Center for Copyright Information.
“We’re moving along trying to get things a little closer to sanity,” Warren said in a telephone interview. “That tone and language, that came from that side of the fence, so to speak.”
By David Kravets

RainDance Technologies

Digital PCR and Targeted DNA Sequencing

Source and more:

Sector RoadMap: Multicloud management in 2013

Enterprise use of the cloud is becoming increasingly complex. Typically no longer satisfied with the limitations of a single public or private cloud deployment (or simple hybrids of the two), the enterprise is instead seeking ways to deploy best-of-breed infrastructure that spans multiple public and private cloud instances. This multicloud trend creates complex on- and off-premise IT estates that need careful management, creating a growing set of challenges for those following this path and significant opportunities for the suppliers of cloud-management solutions.
This GigaOM Sector RoadMapTM identifies and categorizes the principal disruption vectors at play, and it profiles a number of the significant solution providers in the space.
This report will examine:
  • The rise of multicloud and the growing tension between best of breed and simplicity
  • The role of cloud-management solutions
  • The future of cloud-management tools: Are they products or features?
  • The importance of APIs
  • Emerging business models and companies to watch
 Source: GigaOM Research


Found: The Lost 'Steve Jobs Time Capsule' From 1983

It includes a Rubik's cube, a computer mouse, and a six-pack of beer.

The year was 1983. A group of tech geeks were attending a conference in Aspen: the International Design Conference. They wanted to commemorate the occasion; they wanted to commemorate the year. So they did what any group of preemptively nostalgic nerds would do: They created a time capsule. Specifically, they created a collection of mementos -- artifacts that represented the moment they were living -- and put them in a large tube. They named the resulting archive, officially and rather awesomely, the Aspen Time Tube.
So if your goal is to curate a collection of culturally representative mementos, and if your further goal is to make those mementos representative of 1983 ... what would you include? A Rubik's cube, for one thing. And a Moody Blues recording. And name tags from the conference. Oh, and also: a mouse used for a presentation given by conference attendee Steve Jobs. A mouse used specifically with the early Lisa computer -- and used to give a presentation that some say foreshadowed wireless networking and the iPad.
For that reason, the detritus-of-1983-filled tube quickly became known, its official name notwithstanding, as the "Steve Jobs Time Capsule." The group that had created it buried the tube. Their plan was to unearth their time capsule in a year that seemed appropriately epic: 2000.
They encountered a problem, however, that will be familiar to many would-be time capsule digger-uppers: The area where they buried the time capsule evolved in the 17 years that followed its interment. The group had marked the location, but the location had been re-landscaped significantly between 1983 and 2000 -- changed enough, alas, to make it hard to find the tube when the time came. "And so," as CNET puts it, "for 30 years, the Steve Jobs Time Capsule was hidden underground, unavailable to the many historians eager to see what was inside."
That just changed. Because of cable TV. The National Geographic Channel has a show called Diggers. Which involves ... well, it's pretty self-explanatory. The show's team decided to take on the task of finding this buried treasure from the early '80s, and, yesterday, they hit gold: gold in the form of a 13-foot tube. Gold in the form of a time capsule. They had -- 13 years late being much better than never -- unearthed the Steve Jobs Time Capsule.
The capsule, it turns out, was decidedly un-Jobsian in one way: It was cluttered. It was packed full of objects -- to the extent that it will take some time before the crew can excavate the tube they've just excavated. "When the end came off," Diggers co-host Tim Saylor told CNET, "literally things just poured out. There must be literally thousands of things in there."
There is, however, one '80s artifact the team has already removed from the capsule, though: a six-pack of beer. Balantine, to be exact. Which was there to serve not necessarily as archival evidence of a time gone by, but as a refreshing beverage for whoever ended up unearthing the tube. As Harry Teague, president of the 1983 conference, recalled of the logic that informed that particular design decision: "The guys that dig this up will be sweaty and appreciate a six-pack."
By Megan Garber

Cutting Through the Cloud

Over the next few years, what happens to the several trillion dollars that businesses spend on technology will be decided by executives like Jeff Allen.
As big business hitches its computer systems to the latest technology wave, Mr. Allen and others will have the tricky job of ensuring that old systems work with the many new systems finding their way into his company.
“A lot of normal companies are struggling to stitch together lots of different software” from different technology providers, said Mr. Allen, a marketing vice president at Standard Register, a specialty publishing and communications company in Dayton, Ohio. Eventually, he said, he will have to choose from only three or four big suppliers.
Eventually. But not right now.
Corporate technology buyers are looking at a menu of new and old technologies and names both familiar and obscure. Old-guard companies like Microsoft, Oracle, Dell and Hewlett-Packard have been joined by new names like, Workday and NetSuite. Google and Amazon now have corporate-computing services. And yet another group of upstarts is nipping at that newer generation’s heels, ready to provide easy-to-use apps like the ones consumers download to their smartphones.
It is a confusing number of choices with big stakes: Who will you entrust with your most precious asset — data about you and your customers?
“There is a changing of the guard,” said Paul Daugherty, chief technology officer at the consulting firm Accenture. “Some of the new guys will get big, and some of them will get acquired. Customers are trying to structure things to take advantage of the changes, but it’s hard.”
The biggest driver of this change is cloud computing, where the software is based somewhere else and retrieved over the Internet. With cloud computing, upfront costs are usually much less and new versions of software appear as easily as an update on a smartphone, so the product is never out of date.
Moving a company to cloud-computing services is also typically faster than old corporate software installations, which can take years and require the services of expensive consultants.
But there are risks with this shift. There are fears that the old tech suppliers don’t understand the new way of doing things and may be unable to help their customers enjoy the benefits of new technology, while the new companies may not have staying power. And making sense of it all and controlling this upgrade process can be confounding.
“We can do things a lot faster, because we aren’t bound by big software upgrades every two years, with lots of consultants,” said Douglas Menefee, who runs corporate technology at the Schumacher Group, a Lafayette, La., company that manages 3,000 emergency room physicians across the country. “There are lots of pain points, too, though — too many products from different providers.”
This shift to a new generation from the corporate technology suppliers that grew in the ’90s has been years in the making, but it has accelerated in recent months as companies like Dell, Hewlett-Packard and even Microsoft have struggled.
Just as consumers are moving away from buying music and movies toward monthly subscriptions, corporate tech buyers are moving away from owning the technology outright and are instead asking others to do it for them in return for a monthly or annual fee.
Amazon and Google have built enormous global clouds to capitalize on this change, and they are angling to pick up the computing loads companies used to do on their own servers, at a fraction of the cost. The most lasting legacy of Steven A. Ballmer, the chief executive of Microsoft, who recently announced his retirement, might be the cloud service built under his watch called Azure, to better compete in this new environment.
The worst hand right now seems to be held by hardware makers. More companies allow employees to bring in whatever smartphone, laptop or tablet they want, since they all connect to a cloud. “We have H.P. hardware, but it’s not a strategic priority,” said Mr. Allen, who uses a Samsung smartphone and an Apple iPad.
Nokia, which could not compete with Apple and Google in smartphones, sold its handset unit to Microsoft last month for $7.2 billion. On Friday, BlackBerry, another device company in trouble, announced that it would lay off 4,500 employees.
It is unlikely that many of the big companies will go away soon, of course. They still have deep pockets that allow them to buy into the new wave of corporate computing.
By Quentin Hardy
Source and read more:

iPhone a Clear Favorite Among House Members

Members of the U.S. House of Representatives prefer Apple's iPhone more than competitor Blackberry by over twice as much. According to a survey conducted by Meet the Press, 58 percent of the House uses an iPhone, compared to 23 percent who use a Blackberry.
The iPhone also maintains wide bipartisan support and is the runaway favorite between both sides: 61 percent of Republicans and 56 percent of Democrats.
This follows news Friday from both of the tech companies: Blackberry announced they will cut 40 percent of their workforce following a nearly $1 billion quarterly loss and Apple, which controls about 43 percent of the U.S. smartphone market according to data from consumer research firm Kantar Worldpanel, launched two new iPhone models.
Android, Google's mobile operating system that owns 51 percent of U.S. the smartphone market, is used by only 4 percent of the House.


LinkedIn hits back at lawsuit, claims users permit it to access emails

Business-focused social network LinkedIn has hit back at claims that it hacks into users’ email accounts to blast out messages without permission.
The allegations, which are part of a lawsuit filed in California last week, were rejected by Blake Lewit, Senior Director of Litigation at LinkedIn, who penned a blog post to “set the record straight” and go beyond comments provided to Bloomberg.
“Quite simply, this is not true,” Lewit wrote, before pointing out three key points that LinkedIn claims contradict the current “misinformation” around the topic:
We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false.
We never deceive you by “pretending to be you” in order to access your email account.
We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.
Essentially, LinkedIn does send messages out to a user’s entire contact list, but it requires their specific consent to do so. The lawsuit claims the option to opt-out is not clear enough.
One plaintiff told Bloomberg that he unwittingly contacted more than 200 people, including a number of ex-girlfriends, via the LinkedIn emails. LinkedIn is said to have told him that this was because he hadn’t unchecked the default setting which permits the communication.
LinkedIn has used ‘growth strategies’ to help increase its user base to nearly 240 million registered members, including contacts from every Fortune 500 company and a significant overseas user base, particularly in India.
Often celebrated as a genuinely successful social networking business — LinkedIn held its IPO back in May 2011 — it is coming under focus for being ripe for disruption, as this post from analyst Benedict Evans outlines.


ENISA Threat Landscape mid year 2013

ENISA presents in this short paper a first “taste” of current developments related to the Threat Landscape 2013.
Sep 19, 2013
Downloads ENISA Threat Landscape Mid-year 2013.pdf — PDF document, 543 kB (556,782 bytes)


Dirty Job Made Easier: Microfluidic Technique Recovers DNA for IDs

A team of researchers at the National Institute of Standards and Technology (NIST) and Applied Research Associates, Inc. (ARA, Alexandria, Va.) has demonstrated an improved microfluidic technique for recovering DNA from real-world, complex mixtures such as dirt. According to a recent paper,* their technique delivers DNA from these crude samples with much less effort and in less time than conventional techniques. It yields DNA concentrations that are optimal for human identification procedures and can potentially be miniaturized for use outside the laboratory.
Forensic DNA testing is extensively used to link individuals to crimes, establish paternity, solve missing person cases, identify casualties in military and mass fatality events, and provide genealogical histories. Typically, it takes a skilled technician in a properly equipped laboratory 1-2 days to extract DNA from a sample, quantify the amount, make multiple copies of specific genetic sequences (PCR amplification), and then create a "DNA signature" that is unique to an individual. However, when crude samples are the source of the desired DNA, the contaminants and particulates mixed in with the genetic material can seriously complicate the reading of a complete and accurate DNA signature. The additional purification steps needed for conventional means of handling crude samples, such as filtering, not only lengthen the processing time but also tend to reduce the quantity and concentration of DNA delivered—making human identification more difficult or impossible.
The new NIST/ARA technique is based on one the team first developed four years ago** for crude samples called "gradient elution moving boundary electrophoreses" or GEMBE. GEMBE separates specific components of a sample by a molecular "tug-of-war." The sample is pushed in one direction by an electric field and in the other by the counterflow of a buffer solution. Gradually reducing the buffer flow allows selected components from the sample to pass into a microfluidic channel to be analyzed. Unwanted components of the crude sample are kept out. (For details, see "'No Muss, No Fuss' Miniaturized Analysis for Complex Samples Developed" in NIST Tech Beat, Nov. 17, 2009, and "Researchers Expand Capabilities of Miniature Analysis for Complex Samples" in NIST Tech Beat, Aug. 30, 2011.)
To work with DNA, the researchers modified GEMBE so that two different buffer solutions—one with ions that move quickly and one with ions that move slowly during electrophoresis—are placed in the separate reservoirs connected by the microchannel. When a crude sample is suspended in the slow ion solution and electric current is applied, the DNA within the sample moves into the microchannel and concentrates at the interface between the two buffers. Unwanted contaminants and particulates—including those that can inhibit PCR amplification—are left behind. The collected DNA can be quantified directly in the microchannel and then delivered into a vial for further processing.
To demonstrate the forensic capabilities of its new technique, the NIST/ARA team extracted, purified, quantified and concentrated human genomic DNA from both clean and dirty buccal (cheek cell) swabs. In both cases, the process yielded full DNA signatures.
*E.A. Strychalski, C. Konek, E.L.R. Butts, P.M. Vallone, A.C. Henry and D. Ross. DNA purification from crude samples for human identification using gradient elution isotachophoresis. Electrophoresis, Vol. 34, No.17, pp. 2522–2530. Published online Sept. 2, 2013. DOI 10.1002/elps.201300133.
** and

NIST Nose a Hit When They Smell It: A New Generation of Odor-Releasing Materials for Training Dogs

officer and dog
Credit: Talbott/NIST

Traditionally, the training of bomb-sniffing dogs has been a hazardous job, but newly developed odor-releasing materials could take the risk out of that work. Scientists at the National Institute of Standards and Technology (NIST) are seeking to patent a novel system that can capture scents and release them over time.
These odor-releasing materials provide a safer, more consistent way to train the dogs used by police agencies to sniff out explosives and other contraband. The inventors at NIST hope to eliminate the need to transport, handle, or in some cases manufacture actual samples of explosives and other illicit or dangerous substances, an expensive and time-consuming task due to chain of custody requirements and safety concerns.
Dogs have an incredible sense of smell that can detect certain compounds at parts per trillion. This feat is the equivalent of tasting about a quarter teaspoon of sugar dissolved in an Olympic-sized swimming pool. This ability makes dogs invaluable to law enforcement and customs and border protection, and greatly surpasses efforts to date to replicate with portable detectors. Still, a talented nose is not enough; dogs need training and practice if they are to perform at their best.
According to NIST chemist and co-inventor of the new system Bill MacCrehan, police dogs are presently trained to sniff out explosives using actual explosives. In practical terms, this means that the materials have to be transported to the site, stored in a secure, explosion-proof location, documented before and after each use, and destroyed when they have expired.
The new system developed by MacCrehan and his collaborators uses a porous plastic with a consistency similar to a popular gelatin-based dessert. The plastic absorbs smells by being exposed to, or otherwise infused with, the volatile vapors of the desired sample material itself or chemical analogues, or "smell-alikes," that have been synthesized in the lab.
"In addition to standard materials, we can build training aids for exotic things that are not easily accessible; the prime example is the improvised explosive TATP," says MacCrehan. "Preparing pure improvised explosives for dog training has proven to be very dangerous. Inert materials that provide the correct odors is the answer to this improvised explosive dilemma."
According to MacCrehan, once the polymer is infused with the odor, it can be shipped anywhere safely and easily, because while the polymer is infused with the volatile compounds of an explosive, the polymer itself does not become explosive. An additional safety feature of this approach is that the infused molecules cannot be extracted from the polymer to create an explosive.
Once the sample is put into the testing environment, the rate at which the odor is released into the air can be precisely controlled using the accompanying enclosure and can be sustained 11 days or more, depending on the vapor profile.
Another critical advantage of the system is that it will make it possible to achieve uniformity in training.
"Right now, dogs are trained by local police departments using real samples of varying age and composition, which can affect their vapor profiles," says MacCrehan. "This means that dogs trained in different jurisdictions will perform differently because they are not evaluated using the same performance standard. Identical training standards will make it so that dogs across jurisdictions can be trained to the same high level."
The Department of Homeland Security (DHS) provided partial funding for the project.


Strickling : We Strongly Favor the Multistakeholder Model of Internet Governance

Assistant Secretary of Commerce in US responsible for communications and information policy and National Telecommunications and Information Administration (NTIA) Administrator Larry Strickling : "With respect to internet governance, we strongly favor the multistakeholder model of governance and by that I mean a process that involves not just governments but also businesses, civil society and academics... anyone really in participating in these discussions. And more importantly be involved in the actual decision making. So we talked about a minute ago about ICANN which is an example of a multistakeholder organization. Anybody by simply coming to the meetings can participate as a same level as anyone else at these meetings. There is no difference you know, just because you're from government doesn't give you a greater say than somebody from the business. And also somebody from the business doesn’t have a greater say than somebody form civil society. Everyone is equal in these discussions.

Source and read full text:

Google knows nearly every Wi-Fi password in the world

If an Android device (phone or tablet) has ever logged on to a particular Wi-Fi network, then Google probably knows the Wi-Fi password. Considering how many Android devices there are, it is likely that Google can access most Wi-Fi passwords worldwide.

Recently IDC reported that 187 million Android phones were shipped in the second quarter of this year. That multiplies out to 748 million phones in 2013, a figure that does not include Android tablets.

Many (probably most) of these Android phones and tablets are phoning home to Google, backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.

Sounds like a James Bond movie.

Android devices have defaulted to coughing up Wi-Fi passwords since version 2.2. And, since the feature is presented as a good thing, most people wouldn't change it. I suspect that many Android users have never even seen the configuration option controlling this. After all, there are dozens and dozens of system settings to configure.

And, anyone who does run across the setting can not hope to understand the privacy implication. I certainly did not.


  • In Android 2.3.4, go to Settings, then Privacy. On an HTC device, the option that gives Google your Wi-Fi password is "Back up my settings". On a Samsung device, the option is called "Back up my data". The only description is "Back up current settings and application data". No mention is made of Wi-Fi passwords.
  • In Android 4.2, go to Settings, then "Backup and reset". The option is called "Back up my data". The description says "Back up application data, Wi-Fi passwords, and other settings to Google servers".

Needless to say "settings" and "application data" are vague terms. A longer explanation of this backup feature in Android 2.3.4 can be found in the Users Guide on page 374:

Check to back up some of your personal data to Google servers, with your Google Account. If you replace your phone, you can restore the data you’ve backed up, the first time you sign in with your Google Account. If you check this option, a wide variety of you personal data is backed up, including your Wi-Fi passwords, Browser bookmarks, a list of the applications you’ve installed, the words you’ve added to the dictionary used by the onscreen keyboard, and most of the settings that you configure with the Settings application. Some third-party applications may also take advantage of this feature, so you can restore your data if you reinstall an application. If you uncheck this option, you stop backing up your data to your account, and any existing backups are deleted from Google servers.

A longer explanation for Android 4.0 can be found on page 97 of the Galaxy Nexus phone users Guide:

If you check this option, a wide variety of your personal data is backed up automatically, including your Wi-Fi passwords, Browser bookmarks, a list of the apps you've installed from the Market app, the words you've added to the dictionary used by the onscreen keyboard, and most of your customized settings. Some third-party apps may also take advantage of this feature, so you can restore your data if you reinstall an app. If you uncheck this option, your data stops getting backed up, and any existing backups are deleted from Google servers.

Sounds great. Backing up your data/settings makes moving to a new Android device much easier. It lets Google configure your new Android device very much like your old one.

What is not said, is that Google can read the Wi-Fi passwords.

And, if you are reading this and thinking about one Wi-Fi network, be aware that Android devices remember the passwords to every Wi-Fi network they have logged on to. The Register writes

The list of Wi-Fi networks and passwords stored on a device is likely to extend far beyond a user's home, and include hotels, shops, libraries, friends' houses, offices and all manner of other places. Adding this information to the extensive maps of Wi-Fi access points built up over years by Google and others, and suddenly fandroids face a greater risk to their privacy if this data is scrutinised by outside agents.

The good news is that Android owners can opt out just by turning off the checkbox.

Update: Sept 15, 2013: Even if Google deletes every copy of your backed up data, they may already have been compelled to share it with others. And, Google will continue to have a copy of the password until every Android device that has ever connected to the network turns off the backing up of settings/data.

The bad news is that, like any American company, Google can be compelled by agencies of the U.S. government to silently spill the beans.

When it comes to Wi-Fi, the NSA, CIA and FBI may not need hackers and cryptographers. They may not need to exploit WPS or UPnP. If Android devices are offering up your secrets, WPA2 encryption and a long random password offer no protection.

I doubt that Google wants to rat out their own customers. They may simply have no choice. What large public American company would? Just yesterday, Marissa Mayer, the CEO of Yahoo, said executives faced jail if they revealed government secrets. Lavabit felt there was a choice, but it was a single person operation.

This is not to pick on Google exclusively. After all, Dropbox can read the files you store with them. So too, can Microsoft read files stored in SkyDrive. And, although the Washington Post reported back in April that Apple’s iMessage encryption foils law enforcement, cryptographer Matthew Green did a simple experiment that showed that Apple can read your iMessages.

In fact, Green's experiment is pretty much the same one that shows that Google can read Wi-Fi passwords. He describes it:

First, lose your iPhone. Now change your password using Apple's iForgot service ... Now go to an Apple store and shell out a fortune buying a new phone. If you can recover your recent iMessages onto a new iPhone -- as I was able to do in an Apple store this afternoon -- then Apple isn't protecting your iMessages with your password or with a device key. Too bad.

Similarly, a brand new Android device can connect to Wi-Fi hotspots it is seeing for the very first time.

Back in June 2011, writing for TechRepublic, Donovan Colbert described stumbling across this on a new ASUS Eee PC Transformer tablet:

I purchased the machine late last night after work. I brought it home, set it up to charge overnight, and went to bed. This morning when I woke I put it in my bag and brought it to the office with me. I set up my Google account on the device, and then realized I had no network connection ... I pulled out my Virgin Mobile Mi-Fi 2200 personal hotspot and turned it on. I searched around Honeycomb looking for the control panel to select the hotspot and enter the encryption key. To my surprise, I found that the Eee Pad had already found the Virgin hotspot, and successfully attached to it ... As I looked further into this puzzling situation, I noticed that not only was my Virgin Hotspot discovered and attached, but a list of other hotspots ... were also listed in the Eee Pad's hotspot list. The only conclusion that one can draw from this is obvious - Google is storing not only a list of what hotspots you have visited, but any private encryption keys necessary to connect to those hotspots ...

By Michael Horowitz
Source and read the full article:

Caltech Establishes New Division of Biology and Biological Engineering

The California Institute of Technology, in a move that creates an academic division unlike any other among its peer institutions, has combined the disciplines of biology and biological engineering into a new Division of Biology and Biological Engineering (BBE). The division, formally approved by the Caltech Board of Trustees in April, expands Caltech's Division of Biology, which was founded in 1928 by Nobel Prize–winning geneticist Thomas Hunt Morgan. Biological engineering focuses on using a "bottom up" approach to manipulate biological substrates, such as genes, proteins, and cells, to produce a given outcome or to encourage fundamental discovery—as opposed to the "top down" engineering of chips, medical implants, or other macroscopic devices."Biological engineering represents an engineering discipline that is based on the fundamental science of biology, and the formation of BBE further highlights Caltech's distinctive nature, as we tend to be extremely quantitative in our approach," says Stephen Mayo, William K. Bowes Jr. Foundation Chair of the division and Bren Professor of Biology and Chemistry. "Although other schools have biological engineering programs within their schools of engineering, none have a college or school in which biological engineering is integrated directly with biology, so they can enhance each other—allowing those people who are doing engineering to interact more closely with those who are doing fundamental work and obtaining basic knowledge. The potential synergy is powerful and important.""The creation of BBE is a critical part of an effort at Caltech to enhance bioengineering and biological sciences and to continue Caltech's position at the forefront of these fields," says Edward M. Stolper, Caltech's president and provost.As part of this change, a total of 11 professors have been added to BBE from other Caltech divisions; they represent research areas spanning genetic engineering, translational medicine, synthetic biology, molecular programming, and more. The restructured division will consist of three administrative groupings: biology, biological engineering, and neurobiology. Caltech's undergraduate program in bioengineering, previously administered by the Division of Engineering and Applied Sciences (EAS), will be managed by BBE, and the existing bioengineering graduate program also will move to BBE.The division will manage the existing biology graduate and undergraduate options; a newly established neurobiology graduate option; the biochemistry and molecular biophysics (BMB) graduate option in collaboration with the Division of Chemistry and Chemical Engineering (CCE); and the computation and neural systems (CNS) graduate option in collaboration with EAS. Caltech's Donna and Benjamin M. Rosen Bioengineering Center, founded in 2008 through an $18 million gift from the Benjamin M. Rosen Family Foundation, will remain the campus hub for bioengineering activities and will continue to be jointly administered by BBE, EAS, and CCE."The formation of BBE is a reflection of the diversity and breadth of the activities in biological sciences and engineering at Caltech—from the structure and function of proteins at the atomic level to developing nanoprobe electrodes that can simultaneously measure the activity of thousands of neurons in the brain," says Mayo. "Putting these activities into one division increases the potential and the pace for providing transformative solutions to some of the biggest problems in science, medicine, and health."The last time a division at Caltech changed its name was in 1970, when the Division of Geological Sciences became the Division of Geological and Planetary Sciences.

By Kathy Svitil


21 Eylül 2013 CUMARTESİ
Resmî Gazete
Sayı : 28772


Gümrük ve Ticaret Bakanlığından:




MADDE 1 - 31/5/2013 tarihli ve 28663 sayılı Resmî Gazete'de yayımlanan Sermaye Şirketlerinin Açacakları İnternet Sitelerine Dair Yönetmeliğin 4 üncü maddesinin birinci fıkrasının (d) ve (j) bentleri yürürlükten kaldırılmıştır.

MADDE 2 - Aynı Yönetmeliğin 5 inci maddesi aşağıdaki şekilde değiştirilmiştir.

"MADDE 5 - (1) Bu Yönetmeliğin yürürlüğe girdiği tarihten itibaren kurulan şirketlerin kuruluşlarının ticaret siciline tescil edildiği tarihten itibaren üç ay içinde internet sitesi açmaları ve bu sitenin belirli bir bölümünü şirketçe kanunen yapılması gereken ilanların yayımlanması için özgülemeleri gerekir.

(2) Bu Yönetmeliğin yürürlüğe girdiği tarihten sonra kapsama dahil olan sermaye şirketlerinin, kapsama girdikleri tarihten itibaren üç ay içinde internet sitesi açmaları ve bu sitenin belirli bir bölümünü şirketçe kanunen yapılması gereken ilanların yayımlanması için özgülemeleri gerekir.

(3) Şirketler topluluğuna dahil olup da doğrudan bağımsız denetim kapsamında olmayan sermaye şirketleri, internet sitesi açmakla yükümlü değildir.

(4) Şirketler, internet sitesine ilişkin yükümlülüklerini doğrudan kendileri yerine getirebilecekleri gibi MTHS'lerden destek hizmeti almak suretiyle de yerine getirebilirler.

(5) Şirketler topluluğuna dahil olan şirketlerin internet sitesine ilişkin yükümlülükleri, MTHS yetkisine sahip olmasa bile topluluk içinde yer alan şirketlerden biri tarafından da yerine getirilebilir. Bu durumda hizmet alan topluluk şirketi kendi internet sitesini açmış sayılır. Şirketler topluluğunda internet sitesi yükümlülüğü ile ilgili destek hizmeti sağlayan şirketin, topluluktan ayrılması halinde bu hizmeti sürdürebilmesi için ayrılacağı tarihte MTHS yetkisine sahip olması zorunludur.

(6) Kanun uyarınca oluşturulan internet sitesi, şirketlerin MERSİS numarası altında tescil edilir."

MADDE 3 - Aynı Yönetmeliğin 10 uncu maddesinin birinci fıkrasının birinci cümlesinde yer alan "Şirketler" ibaresi "MTHS'lerden destek hizmeti alan şirketler" olarak ve dördüncü fıkrası aşağıdaki şekilde değiştirilmiş, ikinci fıkrasında yer alan "şirket unvanı" ibaresi yürürlükten kaldırılmıştır.

"(4) Sahip oldukları internet sitesi üzerinde bu bilgileri sağlayan şirketler, ilgili bilgilere erişim için internet sitesi içinde "http://firmaalanadi/bilgitoplumuhizmetleri" adresinden ya da ikinci fıkra doğrultusunda doğrudan MTHS'ye yönlenmeyi sağlarlar."

MADDE 4 - Aynı Yönetmeliğin 11 inci maddesinin dördüncü fıkrası aşağıdaki şekilde değiştirilmiş ve beşinci fıkrasında yer alan "Arşiv Elektronik İmza Uzun Dönemli ve SİL Kontrollü Güvenli Elektronik İmza Politikaları (Profil P3)'na veya" ibaresi yürürlükten kaldırılmıştır.

"(4) Şirketler ve MTHS'ler, işleyiş ve güvenlik kriterlerine ilişkin olarak Türkiye Bilimsel ve Teknolojik Araştırma Kurumu Kamu Sertifikasyon Merkezinin internet sitesinde ( yayımlanan İnternet Sitesi Yükümlülüğüne Tabi Şirketlerin veya MTHS'lerin Alacakları Teknik Raporda Yer Alması Gereken Teknik Kriterler Rehberindeki şartları sağlarlar."

MADDE 5 - Aynı Yönetmeliğin 14 üncü maddesinin birinci fıkrasında yer alan "ikinci fıkrada belirtilen kurumlara tespit ettirmek ve söz konusu kurumlar" ibaresi, "Türkiye Bilimsel ve Teknolojik Araştırma Kurumuna tespit ettirmek ve söz konusu kurum" olarak ve ikinci fıkrası aşağıdaki şekilde değiştirilmiştir.

"(2) İnternet sitesi yükümlülüğünü kendisi yerine getiren şirketler, birinci fıkrada öngörülen yükümlülüklerini, internet sitelerini açtıkları veya var olan internet sitelerini bu amaca özgüledikleri tarihten itibaren en geç bir yıl içinde yerine getirirler. Haklı gerekçelerin varlığı halinde, şirketlere talepleri üzerine Bakanlıkça ek süre verilebilir. Düzenlendiği tarih dikkate alınarak teknik rapor, MTHS'lerce üç yılda, internet sitesi yükümlülüğünü kendisi yerine getiren şirketlerce ise beş yılda bir yenilenir ve Bakanlığa verilir."

MADDE 6 - Aynı Yönetmeliğe aşağıdaki geçici 2 nci madde eklenmiştir.

"Ek rapor alma yükümlülüğü

GEÇİCİ MADDE 2 - (1) MTHS hizmeti vermek amacıyla bu maddenin yürürlüğe girdiği tarihten önce teknik rapor almak için Türkiye Bilimsel ve Teknolojik Araştırma Kurumuna başvuranların talepleri, Yönetmeliğin bu maddenin yürürlüğe girmeden önceki hükümlerine göre sonuçlandırılır. Bu maddeye göre teknik rapor alan MTHS'ler, belirlenen kriterlerin sağlandığını gösterir ek raporu, teknik raporun alındığı tarihi takip eden bir yıl içinde almak ve Bakanlığa vermekle yükümlüdür."

MADDE 7 - Bu Yönetmelik yayımı tarihinde yürürlüğe girer.

MADDE 8 - Bu Yönetmelik hükümlerini Gümrük ve Ticaret Bakanı yürütür.


Online and Classroom Training For Professional Certification Courses


Senator Concerned About Apple's Fingerprint Tech

Sen. Al Franken is asking Apple for more clarity on privacy and security concerns he has with its use of fingerprint recognition technology in the new iPhone 5S.
The iPhone 5S, which went on sale Friday, includes a fingerprint sensor that lets users tap the phone's home button to unlock their phone, rather than enter a four-digit passcode.
But Franken said that the fingerprint system could be potentially disastrous for users if someone does eventually hack it. While a password can be kept a secret and changed if it's hacked, he said, fingerprints are permanent and are left on everything a person touches, making them far from a secret.
"Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life," the Minnesota Democrat said in a letter to Apple CEO Tim Cook.
Apple Inc. officials didn't immediately return an email seeking comment on Franken's letter.
But the Cupertino, Calif., company has said that this kind of technology significantly boosts security for users.
According to Apple, the fingerprint data is stored on the phone in a place that's inaccessible to other apps and to Apple's remote servers. In addition, Apple says it's not possible to convert a fingerprint from a police file into something the phone will recognize, as the sensor reads a sub-epidermal layer of the finger.
Meanwhile, anyone worried about fingerprint scan has the option of disabling the feature and sticking with the passcode.
By The Associated Press

Why privacy settlements like Facebook’s “Sponsored Stories” lawsuit aren’t working

A legal process intended to compensate consumers and promote privacy is instead breeding alarmism and lining lawyers’ pockets — while letting the tech companies that created the privacy problems brush off the mistakes as a cost of doing business.
This point was reinforced yet again last week when the John D. and Catherine T. MacArthur Foundation revealed that it will turn down its share of a $20 million settlement intended to compensate Facebook users whose photos were misused for advertising. The Foundation, one of 14 non-profit groups selected to receive money by Facebook and class action lawyers, declined the award on the ground that it doesn’t work on issues related to consumer privacy.
The news is just the latest example of how pricey lawsuits filed in the name of consumers’ privacy often do little to educate people about how companies like Facebook and Google actually use customer data. Instead, the legal process appears to be perpetuating a cottage industry in “privacy panic” that leaves ordinary internet users excluded and discouraged.

Groups “surprised” to receive money

In late August, a federal judge in San Francisco gave final approval to a revised $20 million class action settlement intended to benefit more than 150 million Facebook users. Legal filings show that $5 million will be paid for lawyers and fees, while 614,994 Facebook users who submitted claims will receive $15 each. The remaining $5 million or so will be divided among 14 non-profit groups, who will collect either 10 percent or 6 percent of the pot (see chart at end of story).
As part of an investigation to determine how the money was awarded and how it will be spent, GigaOM contacted the non-profit recipients as well as Facebook and the class action lawyers who brought the suit. In response, the John D. and Catherine T. MacArthur Foundation provided the following statement:
“[..]MacArthur did not ask to participate. The Foundation has informed lawyers representing both parties in the settlement that we respectfully decline to accept any settlement funds. Instead, in this case, we have suggested those funds be redirected to other non-profit organizations engaged in the underlying issues and identified in the settlement as possible recipients.[..]“
While some organizations, including Stanford Law’s Center for Internet and Society, filed court documents to explain why they were suited to receive the money, others described the money as a gift from the blue.
“We were surprised but delighted,” said Larry Magid, who runs ConnectSafely, a non-profit that creates resources to help parents and children navigate the web and social media sites like SnapChat and Facebook. (ConnectSafely receives funding from Facebook, a fact it discloses).
Several other non-profits likewise expressed a lack of familiarity with the deal, including details about the amount they were to receive or how they had been selected in the first place.
Overall, the recipients, which include respected names like the Electronic Frontier Foundation and Harvard’s Berkman Center, do not have specific plans for educating Facebook users about how the social network uses their photos. Instead, they stated by email that they would use the money for privacy research and advocacy, some of which would relate to Facebook.
Eric Goldman, a law professor involved with the High Tech Law Institute at Santa Clara University, which is one of the recipients, is very familiar with the case. He explained that the Institute has yet to form specific plans, in part because the nature of the legal process has meant it’s been unclear when the money will be forthcoming.
“When we get to the point of making plans, we will carefully follow any instructions from the court, and we will take very seriously our obligations to provide value to the class,” said Goldman by email.
Four of the 14 groups who will receive money — the Berkeley Center for Law and Technology, NYU’s Information Law Institute, WiredSafety and the Joan Ganz Cooney Center — did not respond at all to inquiries about the settlement.
For this story, GigaOM repeatedly contacted Facebook and the class action lawyers to inquire how the non-profit groups selected by the settlement were selected, and how the money should be spent. They did not respond.

A settlement from “thin air”

The MacArthur Foundation’s decision to turn back the Facebook money is not the first nor the most serious objection to the Sponsored Stories settlement process. Last year, in a watershed ruling, the judge overseeing the case blew up an earlier version of the settlement and scolded the lawyers for plucking numbers out of “thin air” and for using a ”clear-sailing” provision that ensured Facebook wouldn’t challenge the lawyers’ fees.
That earlier deal likewise required Facebook to pay $20 million but did not call for any of the money to go to Facebook users. Instead, it called for the cash to be split 50-50 between lawyers and non-profit groups. Under the revised scheme, Facebook users could apply to receive cash. The final amount — $5 or $10 — would be determined by how many people applied; in the end, so few people made a claim that the deal ultimately awarded $15 to those who did.
While the judge has finally signed off on the deal, it will still be a while until anyone gets paid; at least one Facebook user has appealed, while some privacy groups claim it doesn’t do enough to protect minors.

Facebook, Google and the “Privacy Panic” industry

The Facebook “Sponsored Stories” settlement has probably received more media attention than any other privacy-related class action deal in the tech industry, but it’s hardly the first of its kind. In recent years, there has been a steady drip-drip of other litigation involving big tech companies that hundreds of millions of people use of a daily basis.
Other prominent class action settlements include: $8.5 million for Google Buzz (a failed social network that exposed a person’s frequent contacts before asking them); $8.5 million for Facebook Beacon (which revealed peoples’ online purchases); $3.5 million for Adobe (which used invasive Flash cookies).
In all of these cases, the class action system appeared, on the surface, to be doing its job: punishing companies through a legal process more powerful than what a single citizen could muster on his or her own. In theory, every user who suffered a privacy violation received a bit of compensation while the tech companies learned to be more careful about privacy.
Unfortunately, it hasn’t worked out that way. As with the first version of the “Sponsored Stories” settlement, users in the other privacy cases didn’t get any of the millions paid out in their name; instead, the deals paid money to lawyers and to privacy groups for undefined work.
The result is not simply a disconnect between consumers and the legal process that collects money in their name. The process also provides an incentive for groups to employ alarmist tactics.
In a phone interview, a former spokesman for a major technology company complained that certain organizations engaged in “privacy panic” — issuing dramatic press releases over big events, small events and non-events — in order to pressure tech firms into paying settlement money. The spokesman, who did not want to be identified, added that only some organizations engage in such behavior but that the media and the public often fail to distinguish between which groups are credible and which are not.
Another person, who formerly served on the board of an oft-quoted privacy watchdog, related that privacy alarms were part of the group’s fund-raising strategy.

An alternative to the privacy merry-go-round?

Last week, not long after Judge Seeborg approved the final version of the Sponsored Stories settlement, the New York Times reported that the Federal Trade Commission is looking into Facebook’s new privacy policies, which were supposed to go into place this month. At the same time, Sen. Edward Markey (D-Ma) is pressing the agency to launch a larger investigation into whether “Facebook users will lose control over their personal information.”
These new calls for investigation and widespread unease with Facebook’s privacy practices illustrate how consumers may be winning in court, but ultimately losing out in the larger battle to understand and control how tech companies use their personal information.
Under the current model, the legal process serves to stoke privacy panic while also failing to explain to consumers the basic nature of the contract they undertake when they sign on to Facebook or Google: consumers receive an incredibly useful product for no money, but pay instead with personal information that the companies collect for advertising.
In many cases, the tech companies are reluctant to make the nature of the trade-off explicit, preferring instead to offer reassurances like, “It’s actually a good thing to be tagged in more photos” (as Facebook did while attempting to quell the latest privacy concerns). The result is a yawning information gap between the tech companies and their users.
The $10 or $20 million pay-outs, meanwhile, amount to little more than rounding errors for the massive tech companies, and will do nothing to discourage them from barreling forward with invasive new features.
One solution to this could entail courts ordering that future privacy pay-outs be directed specifically at the company and the harm involved — and to invite consumers, rather than companies and class action lawyers, to vote on how the money should be directed. They could also force the tech companies to use other forms of media like television (rather than obscure websites larded with legalese) to explain their advertising practices. The result would likely diminish the sense of powerlessness and confusion that, for many, pervades current attitudes about privacy.
How Facebook sponsored stories money will be spent
OrganizationSettlement amount (approx)What they’re doing with it
Center for Democracy and Technology $500,000“We plan to expand our privacy work — advocating for comprehensive privacy law, more aggressive application of existing law, reform of government access laws, etc.”
Electronic Frontier Foundation $500,000“We would put it towards efforts to advocate for users’ privacy rights. In the case of Facebook, this has generally meant analyzing changes to site policies or technology, and then highlighting the privacy implications for users. Facebook is also included in EFF’s annual ‘Who Has Your Back’ report.”
MacArthur Foundation $500,000“MacArthur did not ask to participate. The Foundation has informed lawyers representing both parties in the settlement that we respectfully decline to accept any settlement funds.”
Joan Ganz Cooney Center $500000Did not respond.
Berkman Center for Internet and Society (Harvard Law School) $300,000“Cy pres funding would mainly benefit the Berkman Center’s Youth and Media Lab…cy pres funds would support research (focus groups, surveys) on privacy-relevant youth and social media practices in the commercial context; privacy curriculum development; and creation of educational privacy tools.”
Information Law Institute (NYU Law School) $300,000Did not respond.
Berkeley Center for Law and Technology (Berkeley Law School) $300,000Did not respond.
Center for Internet and Society (Stanford Law School) $300,000“Continue our work with WC3 on developing the Do Not Track specifications…Second, CIS will continue its [work] building tools with the Stanford Security Lab for users to learn more about third-party web tracking and developing technologies that allow advertisers to continue operations without compromising user privacy.”
High Tech Law Institute (Santa Clara University School of Law) $300,000“Because any cy pres payouts still could be years away (depending on appeals), and until recently it wasn’t even clear there would be any cy pres funds at all, we have not yet developed any specific plans for allocating the cy pres funds. When we get to the point of making plans, we will carefully follow any instructions from the court, and we will take very seriously our obligations to provide value to the class.”
Campaign for Commercial-Free Childhood $300,000“Funds will help us address the escalation of child-targeted marketing made possible through new, portable technologies offering apps, gaming, virtual worlds, and social networking to younger and younger children. In addition, we plan to expand our efforts to protect students’ confidential data from being leveraged for commercial purposes.”
Consumers Federation of America $300,000“We haven’t heard anything formally about this nor do we have a good idea of any amount that may be received. But if we did receive funds, we would undertake a multi-year effort to encourage consumer users of social media to make more informed decisions.”
Rose Foundation: Consumer Privacy Rights Fund $300,000“The RFP will invite proposals that would educate users, regulators, and enterprises regarding critical issues relating to the protection of privacy, identity and personal information thorough user control, and that protect users from online threats.” $300,000ConnectSafely will use the funds to continue educating children about social media and to produce information for parents and kids about popular websites, including Facebook. $300,000Did not respond.

Table by Rani Molla

By Jeff John Roberts