杭州龙凤

Microsoft opens public bug database for IE 7 and beyond

Microsoft has announced the launch of a new site dedicated to public feedback for Internet Explorer 7 and future versions. The Internet Explorer Feedback site is open to anybody who wishes to report issues and log bugs, or just leave comments or feature suggestions for future versions. This sort of feedback is new for Internet Explorer, and the web site explains the reasons for the change:HangZhou Night Net

“Many customers have asked us about having a better way to enter IE bugs. It is asked ‘Why don’t you have Bugzilla like Firefox or other groups do?’ We haven’t always had a good answer except it is something that the IE team has never done before. After much discussion on the team, we’ve decided that people are right and that we should have a public way for people to give us feedback or make product suggestions. We wanted to build a system that is searchable and can benefit from the active community that IE has here.”

The site is run using the Microsoft Connect feedback engine, used by both internal and public Microsoft beta programs. Signing in requires a Passport account—which most people will recognize as their account info for Hotmail and MSN Messenger, but is also used at Microsoft for things such as MSDN subscriptions. Once you’ve entered your Passport info, the site requires that the user fills in some personal details, then there is a there is a long legal disclaimer screen, and finally the user is presented with a list of possible projects to “apply” for, one of them being the Internet Explorer 7 beta.

The site is organized fairly simply, with a search bar for finding existing bugs and a list of the “top” bugs in the product at the moment, as well as a list of related articles for the product. Each bug is given a rating, validation by other testers, and a comments section. While there are still relatively few people actively using the site (most bugs have around 30 to 40 votes and fewer than ten comments) the activity is expected to rise as the product nears completion. The site is cleaner and somewhat easier to navigate than Mozilla’s Bugzilla page, although it is a much more laborious process to get access (reading bugs requires no login at all on Mozilla’s site).

So how useful are public bug databases in creating a good quality software product? Opinion varies wildly on the issue. Many open-source projects use these databases for generating feedback (many of these projects also use Bugzilla), but some people have commented about the difficulties encountered when using public forums for large-scale projects. Useful feedback can often be lost under a morass of poorly written, emotionally charged posts. Companies with professional testers report that the general public will typically find only the most obvious bugs, and often fail to accurately describe the procedures for recreating them.

Still, for a product such as a web browser that is expected to work properly with all the millions of strange and wonderful web pages out in the wild, a place for public feedback may uncover problems that in-house testers failed to find. As well, the existence of such a site presents a more open face of the IE development process, which may be helpful in reversing the public’s perception of Internet Explorer as a stagnant product.

Global warming and hurricanes

Shortly after hurricane Katrina struck some
people started to blame particular hurricane events on global
warming. Most climate
scientists do not support such claims since climate models provide a window
into average climate conditions that will, in general, change the rate and
intensity of extreme events, rather than making predictions about specific
events. What we do know is that climate
models provide a strong link between greenhouse gases and warmer ocean surface
temperatures. It is also well understood
that hurricanes and tropical storms flourish over warm waters.HangZhou Night Net

Several studies have shown that hurricane frequency and intensity has been steadily increasing for the last 25 years. Scientists from Georgia Tech * have attempted to link this with various climate variables. They examined ocean surface temperatures, humidity and wind conditions using satellite data collected from 1970 to 2004. Analyzing data of this sort is extremely complex since it is an intrinsically multi-variable system. However, using statistical methods derived from information theory they were able to show that ocean temperature was the strongest predictor of hurricane frequency and intensity. At this point someone will usually point out that correlation != causation, however, the mechanisms for generating hurricanes are fairly well understood, especially in terms of the role of surface ocean temperature. In this case it is fair to say that the link they have discovered really only confirms what we already knew.

Climate modeling and our understanding of physical and chemical atmospheric processes provide a strong link between greenhouse gases and ocean surface temperatures. Thus it appears that some of the doom-saying is in fact coming true and that there are more serious consequences than a rising sea level associated with global warming.

*=press report, I could not read the ScienceExpress article

The slow approach of the self-driving car

I know a number of people for whom the coolest part of Minority Report was the highway full of futuristic, self-driving cars. (For my part, I was more into the jet packs, but whatever.) The 2005 DARPA Grand Challenge, in which a computer-controlled VW Touareg successfully navigated 132 miles of desert, was the first step in such a driverless future, and a new EET feature article outlines many of the intervening steps that it will take to bring fully autonomous vehicles to a highway near you. HangZhou Night Net

The plan appears to be progressive automation, in which computers slowly take charge of different parts of the driving experience over the course of the next two or three decades. Right now, computers adaptively tweak things like steering and suspension, and before long they’ll be slamming on the brakes for you when the in-car radar detects an imminent, unavoidable collision. Eventually, a car’s computer and sensor array will allow you to place the vehicle on autopilot so that you can read the morning paper during the commute to work.

At any rate, you’ll want to check out the article, which talks to a number of experts in the field to get a sense of how and on what timetable self-driving vehicles will arrive.

Braking factors: liability, safety, cost

As the article mentions in passing, redundancy will be critical. I think it’s unlikely that we’ll see military-style triple-redundancy, where each critical system is backed up by two other completely different implementations that were designed in isolation from each other, but I wouldn’t be surprised to see something pretty close. The main reason is liability.

If I’m cruising at 75mph in the 2019 Honda WireDrive SUV and one crucial part of the car’s complex nervous system of electronics fails, causes me to veer into the oncoming lane, and sets off a 20-car pile-up, all of the passengers in all 20 of the cars will sue one Honda—not me—for fifty hojillion yuan (that’s about US$500 million in today’s currency, accounting for inflation and for the fact that in 2019 we’ll all be using the currency of our Chinese economic overlords).

Automakers will want to be 100 percent certain that when they take over for themselves the accident liability risk from the driver, their systems are not to blame for any property damage or loss of life. And in this respect, I think liability and safety issues, and not raw technical challenges, will probably be the main factor determining the pacing of the rollout of these autonomous driving technologies. When the first fully autonomous cars hit the road, it probably won’t be because completely autonomous driving has just now become technically possible, but because automakers were finally able to provide the necessary redundancy at a low enough cost.

Speaking of redundancy, I also expect that autonomous vehicles’ internal networks of sensors and processors will expand to include nearby cars in a kind of ad-hoc wireless mesh. Your car will be get a heads-up when the vehicle three cars ahead spots an obstacle in the lane, and it’ll take appropriate action. So when you pull onto the Interstate, you’ll also join a giant, roving, ad-hoc mesh network that includes hundreds of other cars, as well as government traffic systems, emergency and police vehicles, etc. And who knows—maybe the people in the car next to you will be up for a pick-up game of DNF deathmatch over the inter-vehicular network.

Mobile phone exam cheating on the rise in England

According to a new study from England’s Qualifications and Curriculum Authority (QCA), the number of students in the country who are using mobile phones to cheat on exams is rising fast:HangZhou Night Net

“Over recent years we have seen a noticeable rise in the number of mobile-phone related incidents in examination halls across the country,” said QCA Chief Executive Ken Boston.

The report found that over 4,500 students were penalized for cheating during the last round of A-level (pre-university exams) and GCSE (high school) tests, up 27 percent over last year. Of these incidents, candidates caught with mobile phones accounted for nearly a quarter of the offences.

Because of the rise of mobile phone cheating during exams, students are instructed not to bring them into exam rooms, and advised to leave them at home if possible. Students can currently be docked marks or even failed for simply having a mobile phone during exams, whether they use them to cheat or not.

The good news is that the overall number of students who are penalized remains low, with less than one incident for every 1,500 exams written. Other offenses included plagiarism, disruptive behavior, failing to follow the invigilator’s instructions, and cheating using more traditional methods.

Cheating has been a problem for examiners as long as there have been exams, but does the rise of wireless technology present a special problem for education? Traditional mobile phones would not be much use for in-exam cheating, but being able to text or SMS your friend who wrote the same exam yesterday (or last year) would be a much more discreet method of cheating. However, educators can adjust in much the same way as they did to the cheating possibilities provided by programmable calculators: by simply not allowing them to be used.

Is the rise of mobile phone cheating indicative of a larger societal problem? Already there are some concerns about the fact that today’s generation of gadget-obsessed kids may sacrifice concentration and accuracy to the holy grail of multitasking. However, the low percentages of cheating seem to indicate that the traditional examination is not under an immediate threat. What will happen to the education system when students get Google feeds directly implanted into their visual cortex is, of course, another question.

Two new Internet phone services step up to the plate

If you’re someone who loves to use the Internet to connect your voice to someone else’s ears, two more options have become available. As with so many things online, the mature business model for voice over IP (VoIP) has yet to really solidify, and we currently seem to be in a state of affairs in which, if a service doesn’t yet exist that offers what you want, you can wait five minutes and one will come along.HangZhou Night Net

With that in mind, both Jajah and Lycos Phone offer slightly different takes (and business models) on how to use those dandy little IP packets to magically scoot your voice around the world. Here’s a quick breakdown of what they have to offer:

Jajah

Jajah began life last summer as an Australian-based PC-to-phone service. It was cheap, and the users that migrated to the company liked that aspect, but it never achieved much popularity. It didn’t take long for the founders of Jajah to realize that there’s only so far a company can go in a price war before competition from better-funded rivals drives it out of business. With that in mind, they decided to redesign their service to make it simple for a user with any phone to make VoIP calls with little more than a link to a web page. Because the interface is web-based, anyone with a browser can access it.

The Jajah paradigm works like this: a user with an account logs into the Jajah web site and enters the phone number he or she would like to call, along with the phone number of the phone (landline or mobile) they’d like to use. Jajah then dials the user’s phone. Once connected, Jajah dials the remote phone. When the remote phone is answered, Jajah connects the two phones using VoIP.

As an introductory offer, Jajah is currently allowing US users to call a number almost anywhere in the world for up to five minutes for free with no registration. I gave it a try, and it seemed to work well.

Lycos Phone

Lycos is perhaps best known as the search engine that isn’t Google or Yahoo or AOL or MSN. It is also not Alta Vista, Excite, or any of another dozen also-rans. Lycos had its greatest success in the pre-Google age, and would like nothing more than to find something it does well enough to attract a decent quantity of users back to the service, or lacking that, uncover a way of packaging all of its portal offerings to turn it into a convenient one-stop for ‘Net surfers.

To that end, the company has unveiled Lycos Phone. Lycos Phone works only through a computer, and requires a client application and some type of speaker/microphone combination. Currently, only a Windows version of Lycos Phone is available, but support for other operating systems is planned for the future.

True to its portal roots, the Lycos Phone application ties in streaming video, MP3s, search features, ads (which can be viewed to earn free minutes), faxes, and even video calls. The service also provides the user with a phone number which can be used to receive calls from non-VoIP phones.

Bundling aside, Lycos Phones still falls short of a service like Skype in a few areas. For one thing, Lycos keeps you tethered to the PC, whereas Skype provides the fee-based option of forwarding your call to any non-VoIP phone. Skype also provides conference call capability, and Skype already offers Mac, Linux, and Pocket PC support.

Both of these services offer somewhat different methods of saving money by bypassing the regular phone companies’ connection charges in favor of VoIP. In so doing, they join a host of competitors like Vonage, Skype, and others offering similar services. Of the two, Lycos has a bit too much bundling going on for my taste. Jajah is cleaner and simpler, but both suffer from the fact that it’s hard to surpass the ease of use of a regular phone. The cost savings is nice, but even Jajah appears to be most useful as a long-distance alternative. You might as well make local calls the regular way. As always, your mileage may vary, and if you don’t like any of your VoIP options, wait five more minutes.

Proposed German law aims to send pirates to prison

A proposed German law could result in file sharers getting some hard jail time. Under provisions of the bill, people who download movies and music could face up to two years. Real pirates—those who illegally download movies and music for commercial distribution—could receive five-year prison sentences if converted. The German government do throw consumers a bone in the proposed legislation, as copying DVDs that they own for backup or other personal use would remain legal under the law.HangZhou Night Net

Christian Democratic Party spokesperson Günther Krings likened file-sharing to shoplifting, saying that the proposed law is necessary because "there should be no legal distinction between stealing chewing gum from a shop and performing an illegal download."

Krings’ assertion is debatable, at best. Unlike shoplifting a pack of gum or candy bar, which results in one fewer pack of gum in the store owner’s inventory, downloading music and movies does not automatically equate to a lost sale, and there’s no loss of physical inventory. In fact, the biggest problem facing the music industry is apathy, not file sharing. P2P users actually do buy music, and if consumers liked what they were hearing a bit more, they would buy more albums. It’s the same story for the motion picture industry, which has seen theater attendance drop because the public doesn’t think Hollywood has been making very many good movies lately.

As is the case in other nations, the German music industry is asserting that such legislation is necessary, pointing to a seven-year decline in sales totalling 45 percent since 1998. Oh, and apparently German PTA meetings look quite a bit different than they do in the US:

Many Germans watch the latest Hollywood film at home before it has reached the cinemas; parents’ evenings sometimes end with a showing of an illegally copied film in the school gym.

Man, all we get at my daughter’s school is some store-bought chocolate-chip cookies and some weak decaf in the cafeteria.

Large-scale pirates—the kind that are responsible for the five-dollar DVDs sold on street corners in seedy neighborhoods—definitely could use a dose of jail time. However, criminalizing all illicit download activity is not going to help produce better movies and music. Perhaps a few would-be downloaders will be scared straight by the prospect of jail time. But until both moviemakers and the record labels move to fix their broken business models, no amount of scare tactics will cause movie and music sales to reverse their long decline.

Universal opts not to downscale HD content; ICT dead on arrival?

One of the nastier capabilities of both Blu-ray and HD DVD allows for content holders to force image quality degradation onto users whose TVs aren’t quite up to snuff. The original plan was simple: if a TV lacked a secure HD input (i.e., HDMI or something else supporting HDCP), studios could instruct next-generation disc players to reduce the quality of the video output to something less than 720p. This has been billed as an anti-piracy measure, inasmuch as it is designed to keep the pristine, full digital HD signal away from anything that’s not locked down. Consumer advocates have attacked the plan, however, saying that the only thing it is likely to stop is honest people from enjoying their discs’ full HD potential.HangZhou Night Net

Following on the heels of Sony, Universal has confirmed that they will not be using such capabilities to downgrade video on their offerings, at least for now. This marks what looks to be a major studio to turn away from the so-called image constraint token—the name given to the AACS software functionality that allows for downsampling video to 960×540 (approximately NTSC). Paramount, Disney and Twentieth Century Fox have all backed off of using the ICT, leaving Warner Brothers as the only major studio saying that they will use the it. According to BusinessWeek, sources say that Warner will use the ICT on "at least some" of their initial titles.

The question is, why are they forgoing ICT? For now, it looks like good business sense is driving the discussion. Even today, not all new TV sets support HDCP, and the vitally important "early adopter" crowd contains no small number of people with HD sets that were sold before the HDCP requirements were known. In short, most of the studios understand that launching new, expensive players alongside rather expensive movies could flop if the ICT is used extensively. After all, a Blu-ray player may cost $1,000, but if you can’t get anything much better than existing DVD playback, why bother?

If this is the studios’ motivation, we should expect the ICT to become more prevalent as the penetration of TV sets with HDCP support increases. There’s always a chance that studios will shy away from this functionality entirely, but holding your breath is not advised.

Security company rolls its own IE patch

Last week, two Internet Explorer (IE) vulnerabilities were discovered, leaving Microsoft with a total of three possible IE flaws for the month of March. Of those three, one has been really hitting the hype circuit over the last few days, and that is the "createTextRange()" vulnerability. According to CNET, over 200 websites have exploited the flaw leaving users with a fistful of malware. Microsoft has said that it will be issuing a patch in the near future, but no exact date has been set. Now, instead of waiting on Microsoft to issue a fix, a company known as eEye Digital Security has rolled its own patch. Sound familiar? Yes, it could be the WMF fiasco all over again. HangZhou Night Net

Microsoft claims that one way to prevent the "createTextRange()" exploit from being executed is to turn off Active Scripting. According to eEye's Steve Manzuik, some users may not be able to disable the feature, and that is precisely why the company came up with its own patch.

"Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation…This patch is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw."

eEye is currently playing the Good Samaritan by allowing anyone to download the patch from its website. Regardless, Microsoft is telling its users to hold off on using the questionable fix.

"We have not tested this mitigation tool…We can't recommend it because we have not tested it…Customers should weigh the risk of applying something like this to their systems."

CNET is also reporting that security experts aren't standing behind eEye's patch like they did with the unofficial WMF patch. eEye has not supplied its source code, not to mention this flaw doesn't hold the same level of severity as the WMF exploit did. Microsoft has stated that it may release a patch for this exploit outside of its normal release schedule, but nothing has been set in stone

Update: I have been notified that the patch's source code is available for download (*.txt) from eEye's website.

US telecommunications law rewrite a mixed bag

The US House of Representatives Committee on Energy and Commerce released the final draft (PDF) of the Communications Opportunity, Promotion and Enhancement Act, sorely needed legislation that would modify earlier telecommunications legislation to account for changes in technology. HangZhou Night Net

Network neutrality

Those hoping network neutrality would be enshrined as the law of the land will be disappointed, as the bill omitted a requirement in the original proposal that would have barred "Broadband Internet Transmission Services" (BITS) providers from blocking or hindering "lawful content." In its place is a provision that would amend the Communications Act of 1934 to give the Federal Communications Commission the ability to "adjudicate any complaint alleging a violation of the broadband policy statement or the principles incorporated there-in."

The broadband policy statement (PDF) referred to in the legislation calls for the US "’to preserve the vibrant and competitive free market that presently exists for the Internet’ and ‘to promote the continued development of the Internet.’" One implication is that consumers should be able to access any Internet content that they desire.

Cable TV

Other aspects of the legislation deal with cable television and appear to be aimed at satisfying the desires of erstwhile phone companies like AT&T and Verizon to offer cable television over fiber. The bill would create a new "national franchise" category for cable operators and allow them to offer service throughout the US without having to negotiate franchise agreements with local municipalities. However, the franchise could be revoked in specific geographic areas if a national franchise becomes the only local service provider.

VoIP

VoIP providers will also have to provide full 911 and E-911 access to all of their customers, according to the bill. Owners of the E-911 networks (e.g., the local phone companies) will have to provide VoIP companies with access to their networks at "just and reasonable, nondiscriminatory rates, terms, and conditions." Exactly what constitutes "reasonable and nondiscriminatory" would be determined by the FCC.

Municipal broadband

Finally, a provision in the original draft of the legislation that would allow municipalities to deploy and operate their own broadband networks remained largely intact. So-called "public provider[s] of telecommunications service, information service, or cable service" would be able to operate free of state restriction. If the legislation passes as written, state laws in Arkansas, Florida, Missouri, and Texas would be superseded and cities and towns in those states would be able offer broadband and other communications services if they so desired.

Although absent from the bill, the issue of network neutrality is not dead yet. In the face of intense criticism, AT&T and Verizon have both backed off on the tiered Internet talk, saying last week that they do not have plans to hinder third-party traffic on their networks. Sen. Ron Wyden (D-OR) proposed legislation earlier this month that would enforce the principles of network neutrality, and that bill is still alive.

When I covered the initial draft of the legislation back last September, I found myself pleasantly surprised by some of its aspects. The lack of guaranteed network neutrality in the bill’s apparently final form have put a bit of a damper on that, but there is still something for consumers here. State politicians lobbied by big ISPs such as AT&T and Comcast will no longer be able to halt the development and deployment of municipal broadband networks. VoIP customers should be happy as well, as dialing 911 will no longer be a crapshoot in some instances, meaning that stories like this one will hopefully disappear.

Lenovo laptop deal draws scrutiny from government agency

Last year IBM sold its PC manufacturing division to the Chinese computer maker Lenovo in a nearly US$2 billion deal. Despite that, ThinkPads are still arguably the most-coveted x86 laptop with the geek crowd, and the ThinkPad love apparently extends all the way into the US government. A recent decision by the US State Department to buy 15,000 ThinkPads and desktop PCs from Lenovo is raising concerns within other parts of the US government.HangZhou Night Net

The US-China Economic Security Review Commission (USCC) wants an official probe into the purchase, fearing that the PCs and laptops could come complete with bugging devices enabling the laptops to phone home to their Chinese overlords. Larry Wortzel, chairman of the USCC, spells out the rationale behind the review:

"If you’re a foreign intelligence service and you know that a [US] federal agency is buying 15,000 computers from [a Chinese] company, wouldn’t you look into the possibility that you could do something about that?"

With the recent ruckus over the Dubai World Ports deal still fresh in the minds of politicians, it is almost inevitable that the State Department’s purchasing computers from a Chinese-owned company would raise eyebrows. What the USCC apparently does not realize is that many laptops sold in the US by US vendors (e.g., HP, Dell, and Apple) are assembled in China. So if the Chinese intelligence service wanted to implant bugging devices into PCs or laptops, they have had plenty of opportunities to do so already.

When the Lenovo-IBM deal went down, the Committee on Foreign Investments in the United States reviewed the deal for possible national security implications. Security issues were raised then, but primarily over corporate espionage and the transfer of US intellectual property to China. After its review, CFIUS found that those fears were largely unwarranted when it signed off on the deal last March.

Lenovo is critical of another probe, with Lenovo’s vice president for government relations Jeff Carlisle, saying the company has "nothing to hide." The company is also worried that future government deals would result in additional, unwarranted scrutiny.

History is rife with governments attempting to conduct espionage through novel means. Most notable perhaps, is the construction of a new US embassy in Moscow. Begun in 1979 during the days of the "evil empire" Soviet Union, the embassy was to be built by Soviet construction workers using Soviet-made construction materials. The KGB seized the opportunity, planting bugs inside the walls and tweaking the building’s steel skeleton so it could be used as a giant antenna. The US government finally caught on in 1985, and a costly reconstruction effort followed.

Is there a parallel here? It’s theoretically possible that a Lenovo motherboard could be modified to communicate surreptitiously with an outside intelligence agency. In reality, it would be very difficult to pull it off. Perhaps most importantly, doing so and getting caught would put a severe damper on Lenovo’s future ambitions in the US market.

Powered by WordPress. Design: Supermodne.