apeksi.com

(Credit:
Dell)

The Dell Precision M2400 uses an LED-backlit display.

Dell announced on Wednesday that within 12 months, all displays in its new laptops will be light-emitting diode (LED)-based.

LED backlights are known to be mercury-free and very recyclable. Compared to cold cathode fluorescent lamp (CCFL) technology, which most LCD displays use today, LED displays are much more energy efficient. Dell says that its 15-inch LED displays consume an average of 43 percent less power at maximum brightness.

Over the past year or so Dell has been committed to “Hulking out” (you know, turning green?) as a company. In June 2007, Dell announced plans to reduce its corporate carbon footprint by 15 percent or more within 5 years. In May 2008, it announced its desire to cut PC-energy use by 25 percent. In June of this year, Dell said that it had become the first company to introduce a “80 PLUS Gold-certified” power supply for servers. It launched its Studio Hybrid in July, which, according to Dell, uses 70 percent less energy than a traditional desktop.

Dell estimates that, overall, this could save consumers approximately $20 million and 220 million kilowatt-hours in 2010 and 2011 combined, the equivalent of the annual CO2 emissions of more than 10,000 homes’ energy use. This figure was based on Dell’s internal analysis using U.S. EPA carbon-conversion calculators.

Dell says that as of December 15, two-thirds of its Latitude E-Family laptops, as well as its Precision line, will be shipped with mercury-free LED backlighting as standard.

By the end of 2009, Dell plans to have at least 80 percent of all of its laptops delivered with LED backlit displays. By 2010, it expects that number to rise to 100 percent.

Security Update 2008-003 and Mac OS X v 10.5.3 are available from Apple’s Software Downloads Web site.

Meanwhile, other updates fix vulnerabilities that could lead to information disclosure and allow a local user to manipulate files with the privileges of another user in Mail; allow a remote attacker to read arbitrary files related to Ruby; expose passwords supplied to sso_util to other local users when using Single Sign-On; expose user names on servers with Wiki Server enabled to a remote attacker; and not warn users before opening certain potentially unsafe content types.

In addition, the software fixes a vulnerability that could lead to information disclosure when viewing a maliciously crafted BMP or GIF image and lead to unexpected application termination or arbitrary code execution when viewing a maliciously crafted JPEG2000 image file.

Security Update 2008-003 is for Mac OS X v 10.4.11 and Mac OS X Server v 10.4.11. The fixes are included in the latest Leopard edition, Mac OS X v 10.5.3, which also was released on Wednesday.

The software fixes vulnerabilities that could have led to arbitrary code execution and/or unexpected application termination related implemntaton of: AFP Server, AppKit, Apple Pixlet Video, ATS, CoreFoundation, CoreGraphics, Flash Player Plug-in, Help Viewer, and iCal. The iCal vulnerability was discovered by Core Security, which last week announced it had found three vulnerabilities in iCal.

It also fixes vulnerabilities that could have led to disclosure of sensitive information related to implementation of technologies including CUPS, International Components for Unicode, and CFNetwork when visiting a maliciously crafted Web site due to an issue in
Safari’s SSL client certificate handling.

Apple released a hefty security update for the
Mac OS X and OS X Server on Wednesday that fixes more than 40 vulnerabilities, a number of which could be exploited to enable someone to run programs on the machine remotely or lead to the disclosure of sensitive data.

It’s super easy to use and does one thing extremely well:

commentary (Credit:
Lighthead Software)

Verdict? It’s awesome. Get it now. It’s not open source, but it is freeware.

Ever in the middle of a presentation and the
Mac screen dims or your Mac goes to sleep? Yes, you can go in and edit your preferences to avoid this, or you can get Caffeine.

Caffeine is a tiny program that puts an icon in the right side of your menu bar. Click it to prevent your Mac from automatically going to sleep, dimming the screen or starting screen savers. Click it again to go back. Hold down the Command key while clicking to show the menu. The menu now has a sub-menu for deactivating Caffeine automatically after a number of minutes.

IBM is rumored to be working toward a merger with Sun mostly due to the strength of Sun’s server business. SPARC is Sun’s chip architecture, while Solaris is Sun’s operating system that runs on both SPARC chips and x86 processors from Intel and Advanced Micro Devices.

“Sun has a terrific installed base,” Alex Yost, vice president IBM BladeCenter, said in a phone interview earlier this week in response to a question about Sun as a competitor.

Part of the challenge of absorbing Sun would be to integrate Sun’s products with IBM’s. On its Web site, Themis describes its T2BC Blade Server as enabling Solaris applications “to run natively, on an UltraSPARC T2 chip…within an IBM BladeCenter.” The Themis product description continues: “The T2 Blade Server can share the same chassis with server blades that utilize other processor architectures and operating systems.”

Yost went on to say that IBM has an active business of migrating customers from Sun’s SPARC architecture to x86-based servers. “I have a number of clients that are looking to go to Solaris on x86 or Linux on x86,” he said. “That’s very much something that we’re actively doing.”

An IBM server vice president discussed IBM’s strategy to tap into Sun Microsystems’ customer base, in the wake of reports that IBM is in talks to buy the Santa Clara, Calif.-based server supplier.

Yost added that there are some IBM customers that require Sun’s SPARC architecture. “We also have some clients in very specialized environments that require native Solaris on SPARC,” he said. For these clients, IBM has partnered with Themis to offer SPARC blade server on IBM BladeCenter, Yost said.

Late last month, researchers at Princeton made headlines when they published a paper exposing weaknesses in PC encryption technologies. It seems that DRAMs retain resident data for several minutes after PCs are shut down. This vulnerability can lead to “cold boot attacks” that can expose any information stored in PC memory–including encryption keys. Using several different types of attacks, researchers were able to exploit this vulnerability to defeat several disk encryption systems including BitLocker (Microsoft Windows), FileVault (Apple Macintosh), and TrueCrypt (Open Source). Read more about this security research here. (PDF)

When I first read this study, my initial reaction was that this was old news that was only relevant to the security research and academic communities. If my PC is stolen at Logan Airport or I leave it in a New York City cab, chances are pretty good that it gets fenced on the street for a few hundred bucks or traded for tubes of crack. In a situation like this, any Full-Disk Encryption (FDE) solution serves its purpose by providing anti-disclosure insurance. In other words, if my PC contains regulated data when it is stolen, FDE gives me a “get out of jail free” card on regulations like California SB 1386–I don’t have to disclose this data breach to the public or suffer the associated embarrassment and cost.

Yes, there are ways to minimize the possibility of a cold boot attack against vulnerable encryption tools but security best practices state that if you are going to implement security technologies, you ought to choose those that provide the highest security possible. BitArmor, Intel (Danbury), and Seagate offer examples of encryption technologies immune to the Princeton attacks. My guess is that others will quickly follow.

The Princeton report renewed a well-understood problem in the security community. Many encryption technologies are far more vulnerable than you think. That said, should chief information security officers be concerned? Yes and no.

Given this scenario, Joe Blow FDE software is sufficient most of the time, but security attacks are getting more targeted and sophisticated each day. Additionally, ESG Research data indicates that about one-third of large organizations (for example, 1,000 employees or more) suffered a data breach in the last 12 months and about half of these breaches were carried out by insiders. Given the right circumstances, a junior IT administrator could use a cold boot attack to steal valuable information from a C-level executive. Cold boot attacks also provide a new avenue for industrial espionage since many users leave laptops in hibernation mode when they travel.

With information security, never underestimate the bad guy’s skills and desires. As Sun Tzu said in The Art of War, “If you know your enemy and know yourself, you need not fear the results of a hundred battles. If you know yourself but not your enemy, for every victory gained you will also suffer a defeat. If you know neither your enemy nor yourself, you will succumb in every battle.”

The service has been live for three months, and to be honest, there aren’t a whole lot of listings, so you’re unlikely to see information about that job you just found on Craigslist. However, I really like the idea and the execution. Despite the fact that job satisfaction is subjective, and any number of things frequently change at any company, everyone deserves a heads up on a potential employer–be it good or bad.

Ever had a bad job before? When you were done working there, did you have the urge to steer others clear of treading the same path of personal destruction? I know I did. At one of my old jobs, people were so angry after layoffs that they started their own anticompany blogs.

Scope out jobs to see if they're worthy of your talents and/or sanity.

For the slightly more level-headed there’s JobDud, a site that lets you anonymously rant about how good, or bad an employer is. Like Yelp, JobDud uses a five-star rating and each company gets its own page where user reviews are listed and put together for an aggregate score. JobDud covers 21 major cities including Los Angeles, New York, and San Francisco, which seem to be the most active so far.

So what’s in it for you to post to the service? For most, it’s merely a chance to get something off your chest, and if it’s a good place to work you can let others know about it. The site’s creators hope JobDud can serve two major purposes: help people on their job hunts by sorting out the good from the bad places to work, and give companies a quick gut check on what their employees think.

(Credit:
CNET Networks)

Oh, and don’t forget Microsoft, which has a massive network of value-added resellers and hosting providers locked in to Windows and who will undoubtedly adopt Hyper-V.

Overall this move is beneficial for the whole virtualization market, but it’s hard to see how VMware can maintain its dominant position if cloud providers see them as a threat instead of a partner or technology supplier.

Things should start to get interesting for Xen and XVM. I only have cursory knowledge of Red Hat’s Qumranet acquisition, but there is a clear opportunity for basically everyone who is not VMware to go after the providers that are currently locked in.

But why has VMware taken so long to embrace the cloud? And what will happen to all of the providers who are VMware customers who now find themselves competing directly with the source?

VMware’s announcement Monday of its new VCloud initiative is an early attempt to offer a more “enterprise-class” cloud offering. Considering that most cloud offerings are based on virtual machine images, it’s a smart (and obvious) move by VMware to stake its claim.

To date, the majority of cloud offerings have lacked certain enterprise fundamentals–things like security models, licensing agreements, and so on that are requirements, not accessories. By aligning with hosting providers like Rackspace, VMware starts to offer show some of the enterprise type of attributes we’ll eventually see from companies like IBM and Hewlett-Packard.

• RayTrace: Ray tracer benchmark based on code by Adam Burmister (3,418 lines).

• Richards: OS kernel simulation benchmark, originally written in BCPL by Martin Richards (539 lines).

Google introduced Chrome in part because it wants faster browsing and the richer Web applications that speed will unlock. So how does Chrome actually stack up?

(Credit:
Stephen Shankland/CNET News)

Here’s the site description of the speed tests:

(Credit:
Stephen Shankland/CNET News)

• Crypto: Encryption and decryption benchmark based on code by Tom Wu (1,689 lines).

But when pressed for specifics, he told me to try them out. So I did.

A few notes: First, your mileage may vary; I ran these tests on my dual-core Windows XP machine.

Click here for full coverage of the Google Chrome launch.

Google offers a site with five JavaScript benchmarks. On each one of these tests, Chrome clearly trounced the competition. I hope benchmarking experts and developers will weigh in with comments about how well these tests represent true JavaScript performance on the Web–either for ordinary sites or for rich Web apps.

Google's overall score is head and shoulders above the competition for executing JavaScript.

Google's Chrome overpowers the other browsers on the five subtests by which Google measures its browser's JavaScript performance.

Third, I tried to run the SunSpider benchmark tests as well, but perhaps because a lot of other curious people had the same idea on the day Chrome launched, I couldn’t get to the site.

• DeltaBlue: One-way constraint solver, originally written in Smalltalk by John Maloney and Mario Wolczko (880 lines).

Second, my apologies here to Opera, whose browser I don’t have installed.

Lars Bak, the Google engineer who was the technical leader for Chrome’s V8 JavaScript engine, said at the launch event Tuesday he’s confident Chrome is “many times faster” than the rivals at running JavaScript, the programming language that powers Google Docs, Gmail, and many other Web applications.

• EarleyBoyer: Classic Scheme benchmarks, translated to JavaScript by Florian Loitsch’s Scheme2Js compiler (4,682 lines).

If the latter, it becomes doubly interesting when you consider Projity’s license: CPAL. In this case, CPAL might prohibit users from removing the very web bug that Projity uses to track their use of the software.

They’re not alone. As Projity CEO Marc O’Brien recently told Linux.com’s Tina Gasperson, 500,000 individuals have downloaded OpenProj to date.

commentary

Marc or someone else care to comment on how the tracking is managed? I’m sure a range of open-source companies would love to learn who is using their software, provided it doesn’t abrogate a user’s control of their privacy.

Perhaps most intriguing in all of this is that Projity knows which companies have downloaded and installed its software, since it can’t get that information from Sourceforge, from which individuals download the software. (It could, of course, be the case that each of the companies noted above is a paying customer, but since several of these are unlikely to serve as public references….) I’m guessing that Projity has some sort of a “call home” feature in its project, or perhaps a simple web bug that registers with Projity each time a page is refreshed.

While perhaps no indication of what these companies are buying, it’s still interesting to discover that Bank of America, Hewlett-Packard, General Electric, IBM, Siemens, Toshiba, Honeywell, and Nortel have downloaded and installed Projity’s OpenProj, an open-source replacement for Microsoft Project.

UPDATE: Marc O’Brien, CEO of Projity, emailed me to clarify the privacy issues I raised above:

I was disappointed you choose to raise issues that are erroneous and really counter productive for the open source success of OpenProj. ALL companies mentioned and all companies that we know are using OpenProj and Project-ON-Demand have provided us with their contact information. We do not know of ANY company using OpenProj or Project-ON-Demand who has not proactively given us their contact information.

Thanks for the clarification, Marc, and congratulations on getting these exceptional customers. That says a great deal about the quality of the software.

Walsh took the stage at the Web 2.0 Expo to talk about what he saw as the secret sauce (ha, ha!) behind Whopper Sacrifice’s success: what he calls “deceptive simplicity.”

He also acknowledged that not all the feedback was glowing.

CP&B, after all, was the creator of the “Whopper Sacrifice” phenomenon, a Burger King ad campaign on Facebook that promised a coupon for a free hamburger if participants deleted 10 people from their friends lists on the social network. It was a wild success: the Facebook application was installed nearly 60,000 times in a matter of days, nearly 20,000 Whopper coupons were sent out, and well over 200,000 Facebook friends were deleted. Facebook members even created unofficial groups, offering to let other members add them as friends and then delete them for Whopper Sacrifice purposes.

“For so long, friendship in the social space has kind of been a form of social currency,” Walsh explained. Social networks’ “entire system is kind of dependent on you aggregating as many of your friends as possible in the network, ballooning as quickly as possible, but at the end of the day that’s all fine and good in the ramp-up when everything is novel…quite a few years into the social-networking arena now, there’s really a question of what is friendship in the 2.0 world?”

But the decision-making process behind the campaign was more theoretical, almost anthropological. Walsh said that another core element of Whopper Sacrifice’s popularity was the fact that it tapped into a real “tension” in digital culture–how social networking has changed our ideas of what friendship means.

“It’s a very, very simple idea,” Walsh said. “And it’s something that to a user is a very easy message to communicate. Sacrifice ten of your friends, get a free Whopper. It’s got kind of the ultimate elevator pitch.”

“Some people thought it was a little brutal because we did send notifications,” Walsh admitted. “If I defriended you, you would get a message saying that you were worth less than one-tenth of a Whopper.”

But Facebook disabled the campaign after ten days, claiming that it was a violation of user privacy because Whopper Sacrifice notified friends if they had been deleted. “(It) challenged the very concept of Facebook,” Walsh said. “Whopper Sacrifice had been sacrificed.” In an ironic twist, that just led to even more buzz for the campaign.

(Credit:
Burger King)

SAN FRANCISCO–”I don’t know how many of you actually got sacrificed out there, but condolences to you,” said Matt Walsh, head of the Interaction Design department at ad agency Crispin Porter & Bogusky, as he surveyed the audience at his Friday morning talk at the Web 2.0 Expo.

“You’re going to be faced with a lot of questions, and you’re going to be faced with a lot of what-ifs, and you’re going to be faced with a lot of bells and whistles added on,” he suggested to marketers in the audience. “Whopper Sacrifice was one that went viral with pretty much zero media budget. We had a few small media banners on Facebook itself, but outside of that…we had a press release and that was it. It blew up because it was something that really resonated with people.”

Combining that provocativeness with a simple, no-brainer campaign is what Walsh said made it work.