Tech News Today 519
Recorded: June 11, 2012
Published: June 11, 2012
Tech News Today 519: Asymmetrical Fanboy!
Why dual core doesn't matter for mobile, Swordfighting games get real, a bunch of Apple stuff, and more.
Submit and vote on story coverage at technewstoday.reddit.com
- Tom Merritt ( )
- Sarah Lane ( )
- Iyaz Akhtar ( )
- Jason Howell ( )
- Nicole Carrico
- Here's the short version of the announcements from Apple's Worldwide Developers Conference keynote. Apple announced brand new MacBook Airs and MacBook Pros with Ivy Bridge processors, plus the new Flagship MacBook pro with a retina display, all available today. Mountain Lion coming next month for $20. AND iOS6 adds Facebook integration, Siri on iPad, PassBook for tickets and gift cards, and Apple's new Map app all coming in the autumn.
- Kaspersky Lab researchers say espionage tool Flame is directly tied to the Stuxnet worm, after discovering part of the module that allows Flame to spread via Windows machines contains the same code that was used in a version of Stuxnet that attacked computers in Iran in 2009. The module, which was known as Resource 207 in Stuxnet, was removed from later versions, but ended up as a platform for the Flame malware in existence today.
- Robert Scoble posted on Google+ that Android head honcho Andy Rubin was about to skip out on Google and move to a startup called CloudCar. Rubin headed to Twitter to debunk the rumor and said he has "no plans to leave Google" and that over 900,000 android devices are activated every day. Rubin also posted on Google+ his relationship with Cloudcar - Rubin provides free office space to the company in Los Altos.
- GigaOm reports that the leaks of Last.fm's passwords happened at least three months ago — and remained undetected, though the company suspected in May it had been targeted. Meanwhile LinkedIn said in a blog post over the weekend that it had received no reports that member accounts were breached as a result of its stolen passwords.
- Sprint no longer has a majority stake in Clearwire which allows Sprint to increase its voting rights in Clearwire without risk of a default trigger on its own debt. Previously, Sprint was the biggest shareholder, and Clearwire faced loan defaults. Now that Clearwire has issued out more shareholder equity, Sprint's shares are under 50%, which helps it vote on Clearwire's future with a cleaner slate.
- Are you sick of the inaccurate physics involved with sword fighting in video games? Well sci-fi author and "Sword and Laser" guest Neal Stephenson is with you! He's starting a Kickstarter project to raise $500,000 to build an arena combat game called "Clang" that brings "obsessive attention to real-world detail." The game will use a motion controller with high precision and low latency. Funding ends July 9th.
- An ad featuring NASCAR driver Brad Keselowski ran during the 2012 Pocono 400 this weekend. During the ad, Keselowski, held up his iPhone to take a picture. Viewers were then encouraged to see what he sees at the URL Twitter.com/#nascar. Twitter's head of sports, Omid Ashtari posted earlier this week that this was an experiment.
- Variety reports that Valve's Source engine will power an animated movie about a post-WW3 apocalypse called Deep. Valve will serve as a low-cost solution for real-time rendering and editing to Brown Bag Films, the film's production studio that licensed the Source engine. Deep has a budget of less than $19M as compared to a company like Pixar, with budgets into the hundreds of millions.
- Okay, all you spec-nerds - take a breath. Speaking to The Inquirer, Intel GM of Mobile and Communications Group Mike Bell said current versions of Android are making a lousy use of dual-core processors. Bell says that certain single core processors run faster than some dual core processors due to threading issues. Bell went on to say that a second core can be a detriment and that some of the blame is on the chipmakers.
- Google has reached a deal with French publishing group SNE to allow the scanning and publishing of books online - ending a six-year legal battle. A court ruled in 2009 that Google infringed copyright by digitizing French books without permission. As part of the deal, Google will give money to a scheme helping primary school children learn to read.
- Dual Core Processors Wasted on Android, Intel Claims
- Mike Bell, GM Intel's Mobile & Comm. Group says Android's thread scheduler can't handle multi-core processors. Intel's Medfield Atom single-core processor has Hyperthreading technology that mimics multi-threading, ARM chip designers Nvidia, Qualcomm and Samsung all tout dual or quad-core processors.
- While multicore processors offer performance boosts on a machine without power constraints, Bell says smartphones have limits on both power consumption and thermal tolerances. He says as Intel moves to multiple cores, "we're actually putting a lot of investment into software to fix the scheduler and fix the threading so if we do multi-core products it actually takes advantage of it."
- didn't call anyone out specifically but "We ran our own numbers and [in] some of the use cases we've seen, having a second core is actually a detriment, because of the way some of the people have not implemented their thread scheduling."
- he says chip makers could adjust thread scheduling issues in their chips but just haven't
- Bell says that's not the case with smartphones, which have limits on both power consumption and thermal tolerances.
- so is multicore processing a marketing tool for android handset makers who want to stand out? dual-core processors preceeded Android supporting them
- Intel just now getting into smartphone game, Motorola and Lenovo lined up with Medfield processors
- Microsoft thought about Nokia buy; promptly backed out -- report
- Microsoft 'mulled Nokia buyout, ran away screaming'
- The Register reports that Nokia opened up its books to Microsoft last year to evaluate which parts, if any, were worth acquiring
- As you know, MS didn't buy any parts of Nokia. Register says: " The story is that having had a gander, Microsoft walked away."
- Register also says that the January rumor that MS would buy Nokia's smartphone division was not true
- Neal Stephenson's 'Clang:' changing the sword fighting game
- Neal Stephenson is the public face of a project called Clang that wants to improve sword fighting simulation in video games
- Wants to raise $500,000 on Kickstarter to create the engine. (July 9 deadline)
- Will implement it in an Arena combat game -- Descriobes the aim as "Guitar Hero with swords"
- Clang will use a "low-latency, high-precision motion controller"
- Apple hardware announcements
- First Pics Of The Redesigned MacBook Pro
- Macbook Pro video
- MacBook Air, 3rd Gen Ivy Bridge i7, USB 3.0, 8 GB RAM 512 GB ssd, 720p FaceTime camera, Ships Today 13-inch 1440x900
- MacBook Pro , IvyBridge 3rd-gen, 8GB, GeForce GT 650M graphics, 1280 x 800
- 15-inch starts with quad core Ivy Bridge. 1440 x 900. Ships today
- Next Generation MacBook Pro - Retina Display, thin as MB Air --0.71 inches thin, less than 4.5 pounds 15.4-inch diagonal, 2880 x 1800, 220 ppi, reduced glare, Apple apps updated for resolution
- Photoshop and AutoDesk updated. Other apps pixel doubled. Diablo III, Battery dominates, 16GB RAM, quad-core i7. GeForce GT 650M, 768 GB SSD, HDMI,
- SD slot, HDMI, Thunderbolt, USB 2 and 3 on both sides, headphone, magsafe... thinner.
- $2199 - shipping today
- iOS 6 announcement
- iOS 6 developer beta previewed in leaked photos
- Apple selects TomTom as primary iOS 6 maps provider
- Siri. Partnered with Yelp and apparently ScoreL, Open Table, RottenTomatoes, Twitte rintegrated, Eyes Free. Integrated with major car manufacturers.
- New language support.
- Full Siri on new iPad.
- Facebook integration.
- Like apps on Facebook. API to add functionality.
- Facebook integration to contacts
- Start a reminder of a missed call, or reply with message
- Do Not Disturb -- Allows exceptions for favorites.
- Facetime over cellular. Unifying phone number and the Apple ID.
- Safari - iCloud tabs, smart app banners (instead of full screen takeover), upload photos from Safari to websites
- Shared Photo Stream.
- VIPs (kind of a priority inbox)
- Passbook -boarding passes, movie tickets, store cards, geolocate will pull up your card
- Guided Access - Can just circle controls to disable interface elements, and home button doesn't leave the app.
- Maps - Brought it in house. local search, Integrated Yelp, Anonymous real-time crowd-source traffic, turn by turn, Quick Route, Siri Integration, Flyover 3D, redesigned app store,
- iOS6 to developers today. Coming this fall, support for 3GS+, 4th gen iPod touch, and 2nd-gen iPad+.
- Mountain Lion, Airport express
- Apple intros new iPad Smart Case: clever enough to cover both sides, priced at $50
- Apple's WWDC keynote: what we didn't get
- Mac Pro gets an unannounced speed bump
- Apple adopts new MagSafe 2 connector, offers an adapter for your old gear
- In other news:
- Mountain Lion got shown off, many of the features shown off before. New features: Voice Dictation, new Safari with iCloud tab syncing, PowerNap brings updates to notifications while your machine is asleep. $19.99, available next month, and upgrades Snow Leopard and higher
- Airport Express also got an update. $99, now it does dual band 802.11n 2.4GHz and 5GHz (like the Aiport Extreme). Looks like a white AppleTV. 2 10/100 ethernet ports (AE does gigabit), Still does wireless printing, airplay audio and can serve as a wireless network extender.
- The big iPad announcement everyone missed! A new iPad Smart Case. It's like a SmartCover + a back cover. Polyurethane, not leather. Covers back and front of your iPad. Works with 2nd gen iPad and higher. $50
- MacPro update: fastest processor option is now: 12-core 3.06 GHz CPU, Xeon X5675 processors. (previously 12-core 2.93 GHz). No Thunderbolt or other updates.
- MagSafe to MagSafe 2 adapter also available, $10
- Cnet took a look at the what we didn't get - pretty much looking at the rumors that surrounded WWDC:
- No 4G on Macbook, no new Mac Minis or Mac Pro (MP did get a spec bump on the site).
- No Apple TV/iTV or Apps on AppleTV
- No iPhone (no kidding), no mini iPad, no new iTunes"
- Google to axe Meebo apps on 11 July - it already offers Meebo functionality in Google+, was only a matter of time. Google bought Meebo last month for $100M
- Windows 8 UX Training - Fundamentals (great for Metro app development) online free class presented by Microsoft
You were talking about the difficulty of updating the password hashing mechanism due to not having access to the pain text passwords.
I wrote a patch for ThinkUp that improves the security of password hashing and thought I'd share some thoughts with you.
The first idea I had was to do it as follows:
Add a new column to the table called updated?
Then at every login:
- If updated()
- hash the password with the new hashing mechanism and check if its valid
- if !updated() && passwordValidUsingOldHash()
- take the plain text password you have because the user gave it to you and hash it with the new mechanism, save the new password hash in the database and set updated? to true
This method is completely transparent to the user but the obvious downside to this is that it increases the number of database queries every time the user logs in.
Which is why we went with the following method:
Whenever a user changes their password hash it using the new mechanism and set updated? to true.
Obviously this is not as secure as the first method as if a user does not update their password despite being told to do so they are at risk, but it does reduce the number of database queries at every login.
As always security is a trade of between a number of things.
"Hey TNT crew, thanks all of you for the great show and congrats on the anniversary.
In response to Bill in Jacobs Town on ep.518. Here are 2 ways to change methods of password hashing that won’t irritate your users:
Option 1, Quick and dirty: Rehash the original badly hashed password with the salt. Then add that same process in to the verification method. No user action required, instantly more secure.
Option 2, Move from an old method to a new method:
You have 2 columns in the DB for the hashed passwords. One for the current hashed passwords that used the old, insecure, method and another new column that starts blank.
When the user logs in they will provide their user name and password. At this point the system will check to see if the new hashed password column is blank.
If it IS blank, hash the provided password with the old method and compare to the column for the old password hash. If it does not verify then it was the wrong password for the user. If it does verify then hash the password with the new method, that is hopefully more secure than the last, and enter that new hash into the new hashed password column. Clear out the value of the old hashed password column, because if you keep that in the DB then there isn't much reason for doing all this.
If the new hashed password column is NOT blank then they have already been through this process. Hash the provided password with the new method and compare the 2 values to authenticate the user. If they don’t match it was the wrong password for the user.
Now as users log in they will be automatically moved to the new more secure method transparently. You can use this method for n months until all the truly active users have logged in and then send a notice to all the users who's new hashed password field is still blank and let them know they need to come log in. This will actually engage users that have not been active for n+ months and you may get a few old users coming back.
This is, of course, a per-compromised solution. If the old hashes are already out there then you will HAVE to have the users change their passwords.
-Hope this is helpful, Ben in Dallas."
"I just thought I'd send this your way, today The Oatmeal had this tweet: https://twitter.com/Oatmeal/status/212277865234964480 which details a threatened lawsuit against him and his response. The important part though is that he's raising money for charity as part of his response, and has in the ~20 minutes from the tweet/post raised 9,520 dollars. It has been a total of 17 hours since he set the donation project up, and he has until the 26th to reach his goal of 20,000. I think he's going to go way over it, and since it's a good cause I thought you could add it in the randomizer.
The direct link is here: http://www.indiegogo.com/bearlovegood?a=393480
- Jerod Lycett"
- ad times: :44-:59 and 6:15-7:50
- ad times: :59-1:13 and 23:23-25:05
- Edited by: Jason
|This area is for use by TWiT staff only. Please do not add or edit any content within this section.|