Hey there! Thanks for dropping by Theme Preview! Take a look around
and grab the RSS feed to stay updated. See you around!

Archive for January, 2019

Steven Warshak, the man behind the "natural male enhancement" product Enzyte often advertised on late-night TV, has successfully challenged the government's ability to access his e-mails without obtaining a search warrant or giving notification to Warshak. HangZhou Night Net

The Sixth Circuit Court of Appeals ruled yesterday that the government had acted improperly in its wire fraud and money laundering case against Warshak and his company. As part of the case (which we reported on earlier), the feds secured a court order under the Stored Communications Act (SCA)that allowedthem to access Warshak's stored online e-mail.

A court order does not require the full "probable cause" level of evidence demanded by a subpoena, but it does involve some judicial oversight. Normally, a court order of this kind requires notification so that the subject of the order can challenge it, but in this case, the judge gave the government 90 days to look at the e-mails before it needed to contact Warshak. This is allowed under the SCA, but Warshak argued that gaining access to his e-mail without 1) a warrant or 2) a court order with notification was a violation of the Fourth Amendment.

The Appeals Court ruled in Warshak's favor. In the decision, the Court noted that the rules "still allow seizures of e-mails pursuant to a warrant or with prior notice to a subscriber" but that the ability to get the court order without notification was no longer allowed.

The court also responded positively to the idea that e-mails should be given the same privacy protection as phone calls. This means that getting access to an ISP's customer information database would be allowed without a warrant, but getting access to the actual text of the e-mails would not. In the telecom world, this is analogous to the "pen register" that grabs data about what phone numbers are being dialed but does not provide access to the content of the call.

The Court found that "individuals maintain a reasonable expectation of privacy in e-mails that are stored with, or sent or received through, a commercial ISP," dealing a blow to government attempts to get easier access to e-mails stored with an ISP than those stored on a suspect's own computer. Protecting the privacy of e-mail is "as important to Fourth Amendment principles today as protecting telephone conversations has been in the past."

"E-mail users expect that their Hotmail and Gmail inboxes are just as private as their postal mail and their telephone calls," said EFF staff attorney Kevin Bankston, who helped draft an amicus brief in the case. "The government tried to get around this common-sense conclusion, but the Constitution applies online as well as offline, as the court correctly found. That means that the government can't secretly seize your emails without a warrant."

With that important e-mail issue resolved, the case against Warshak will continue.

After a few runs, I began to ask whether I was pushing myself hard enough. I could always try to up my personal best, but that isn't always the best indication of whether you are working as hard as you should be. Ideally, I would use a heart rate monitor, but that is significantly more money than I'd already spent. Second best would be a personal trainer to motivate me to work my hardest, but unfortunately that would be even more expensive than the heart rate monitor.HangZhou Night Net

So what am I (and you) to do? Luckily for us, Nike has us covered. On the iTunes Store, the shoe company has a variety of different workouts available to help keep your running steady. Today we will look at Improve our Endurance 1.

There is the saying "Nothing in life is free." Well, these workouts are no exception. Some might even consider them a poor value, but hold any judgment until the end. For $14.99, you get ten full-length songs from the hip-hop genre, including tracks by Obie Trice, Busta, and the Pussycat Dolls. You also get an additional track entitled the "Continuous Mix," which is the full workout track, and a digital booklet. The "Continuous Mix," which changes songs to go along with the speed in which you are supposed to run at any given time, also features a voiceover with training instructions (the continuous mix only works with iPod nanos, by the way). Here, the instructions say to do a ten-minute warmup, four sets of three-minute speed intervals, and then ten minutes of cool-down.

I know what you are asking: "If that's the workout routine, why not just do that? Why not just use music you already have and a stopwatch?" For some, that method might be enough, but for those of us that like the encouragement and time updates that a personal trainer, a coach, or a voiceover track provides, this workout works well. There is something to be said for a voice telling you that you are halfway there or that there are "only three minutes" remaining. The change of tempos and intensity throughout the workout does a lot for your mindset during your run, too. If the 42:49 running time seems like too much or doesn't fit into your schedule, you can always do what I do and tailor it to your ability or needs. For me that means not using the entire 42 minutes but instead using the track for a given distance.

Here is the bad: if you are to the point where you can run intervals more than twice a week, and this is the only interval training track you have, this music will get pretty boring pretty quickly. If you run this interval training once a week, it isn't so bad, but you will begin to feel some hatred for the Pussycat Dolls after a while. Be warned!

Gateway has announced that it is recalling 14,000 notebook batteries from laptops sold during the months of May and June 2003. The recall is in response to high temperatures that occur in lithium-ion batteries that could potentially cause a fire. The faulty batteries can be found in Gateway notebook models 400VTX and 450ROG and will be replaced for free. Not every model uses these batteries though, so here's how to find out if yours does. HangZhou Night Net

To find your battery number, you'll need to remove your battery from your laptop. Before doing this, make sure your LCD is closed, and your laptop is face down, back up. Unlock the notebook battery lock and slide open the battery release latch, then slide the battery out of the bay. On the battery you'll find two numbers: a serial number and a battery part number. If your battery has part numbers 6500760 or 6500761, then you have one of Gateway's faulty batteries. To exchange your battery for a new one, fill out Gateway's Battery Exchange Request Form.

Last year Sony issued a worldwide recall for Sony-manufactured lithium-ion batteries that shipped in Lenovo/IBM, Dell, Apple, and Toshiba notebook computers after battery malfunctions caused a Lenovo ThinkPad battery to burst into flames in a Los Angeles airport. Earlier this year, Lenovo recalled ThinkPad batteries for over 208,000 notebooks after overheating issues caused damage to a number of notebooks. Speaking of Toshiba, the company yesterday stepped up its own notebook battery recall after a laptop caught fire in Britain last month. Toshiba is currently in talks with Sony to discuss a reimbursement for the recall, which is expected cost Sony roughly $400 million when all is said and done.

A new battery standardization project hopes to make recalls a thing of the past. The Association Connecting Electronics Industries (IPC) Lithium Ion Battery Subcommittee said last year that the IPC expected to have a completed a lithium-ion battery standard for laptops and handheld devices by this time (it has yet to arrive). In December the IEEE said that it expected its revised IEEE 1625 standard to be completed by the end of 2007, at that rate though, we likely won't see the finished product until sometime in 2008.

Without an official standard for lithium-ion batteries, manufacturers like Matsushita have taken matters into their own hands. Last December Matsushita developed a safer lithium-ion battery for notebooks that uses a heat-resistant insulator between the cathode and the anode of a battery that prevents punctures from short-circuiting batteries.

2007 has not been kind to AMD. The company saw its workstation market share slip, has taken on $2 billion of new debt, lost almost $1.2 billion over the past two quarters, has been unable to close the gap with Intel when it comes to CPU performance, and has been the subject of recent rumors that Barcelona will be delayed. AMD has been in cost-cutting mode for the past several months and, according to IDG News Service, is considering getting out of the fabrication business. HangZhou Night Net

Currently, AMD operates two fabs: Fab 30 and Fab 36. Fab 30 is in the process of being fitted to handle 300mm production, and when the transition is complete, it will be rechristened Fab 38. It hasn't come cheaply, either—the chip maker has invested over $2.5 billion to expand its 300mm capabilities. AMD has also been talking up a new 45nm plant in Malta, NY, that would come online in 2009.

Speculation is building in the analyst community that AMD will attempt to further cut costs by outsourcing more—or all—of its chip making as early as 2008. One Citigroup analyst is predicting a "transformational move" that would result in AMD's lower-end CPUs being manufactured by a third party and possibly selling off part or all of its Dresden, Germany facility. Another report from Goldman Sachs outlines the investment firm's belief that the company will leave manufacturing completely in the hands of third parties.

Currently, Chartered Semiconductor handles some of AMD's manufacturing, and AMD told Ars Technica last fall that its plans called for Chartered to eventually manufacture CPUs on a 65nm process. AMD also has a long-standing partnership with IBM under which AMD gets to use Big Blue's East Fishkill, NY, plant for R&D and manufacturing.

An AMD spokesperson told Ars Technica that the company is looking to extend a model that it already has in place to other parts of the manufacturing and supply chain. "For instance, on the process technology side, we have a joint development agreement with IBM," AMD spokesperson Drew Prairie told Ars. "We use their 300mm R&D facilities right now. One extension of that is looking at taking some of the assets that are currently on our books off our books." We also asked whether AMD was head in the direction of going completely fab-less as part of its asset-light strategy. "At no time did we signal that going fab-less was part of the discussion with asset-light," said Prairie.

Getting out of manufacturing is certainly a plausible—if not likely—scenario for AMD. It would allow AMD to drastically cut costs and possibly stave off a private equity buyout. Outsourcing chip manufacturing would save the company a large chunk of money, and other semiconductor manufacturers—TI and Sony come to mind—have taken steps towards a fab-less existence.

But it's a different story for CPU makers. From a technical perspective, ditching your fab capabilities is an iffy proposition as it introduces a separation between design and manufacturing that could ultimately stretch out development times. AMD would no longer be able to design CPUs with its own fabs in mind, as both it and Intel currently can. AMD may be confident that its history of successful partnerships with the likes of Chartered and IBM will allow it to overcome the obstacles inherent in becoming a fab-less company and that it would be better off selling its own manufacturing facilities to free up cash.

Growing a review

I have a confession to make: I've never owned an iPod. I have nothing against them, and every time I've used a friend's iPod or taken a spin with the latest model in an Apple store, I've always been impressed with the product. I don't have to tell you how great iPods are. You probably have one. Everyone has one. I can't walk down the street without seeing dozens of little white earbuds on display as people make it clear they shouldn't have to listen to the sound of cars. iPods are ubiquitous these days, and that drives me crazy. HangZhou Night Net

The contenders and the king

I know the fact that this bothers me makes me petty, and I'm comfortable with that. I have nothing against Apple or iPods as products; I just wouldn't buy one. I get bothered by consumer electronics that are so popular you're able to put them in vending machines.

Which put me in an awkward position when I decided I wanted an MP3 player. I don't need to carry my entire library; I rarely need to have multiple days of music with me. I wanted to spend less than $100, be able to put a few episodes of This American Life in a small device, and take off.

$80 would get me a Shuffle. I should get a Shuffle. They come in different colors now, you know. I could turn myself into shadow and dance to very hip music against a brightly colored background. But I'm not very hip, and $80 seemed a little steep for 1GB of storage and a button. There had to be something better.

The problem is that everyone I asked just told me to buy a Shuffle. People seemed unconvinced that other companies actually made MP3 players. Apple has done a great job of carving out a dominant position when it comes to iPods; people almost default into an Apple product.

So here is what I did: near my house is a farmer's market, and you can get all sorts of crazy things like pig guts and DAP seeds. That's right, you can grow these things now. So I bought two seeds, put them in dirt, and fed them ripped up pictures of Steve Jobs. In just a few days, I had my players to review! I grew a Sansa Express and the Creative Zen Stone, and I hoped they would be as good, if not better, than a Shuffle. Let's do some testing!

Although they've been touted by banks as a security improvement over simple password protection, there's study data to indicate that image authentication systems aren't as useful or effective as some think. These systems (my own bank refers to them as "Personal Security Images") present the end user with a previously chosen image, typically at the same time password input is required. HangZhou Night Net

On paper, this doubtlessly sounded like a marvelous idea for creating an additional security barrier between an end user and the soulless minions of evil that would gobble his or her bank account data like Halloween candy. In practice, however, recent tests performed on image authentication systems by study authors Rachna Dhamija and Andy Ozment (et al.) seem to indicate that such measures are less effective than one might think.

In order to test the efficacy of modern-day authentication techniques, users were first divided into three groups. Group 1 was composed of users who were told they were performing everyday banking tasks on a Sunday afternoon. Group 2 was composed of role-players (similar to Group 1), but were told to put an additional emphasis on security. Group 3 was composed of individuals using their own user ID and passwords, at their own banking web site.

Groups were tested with three ascending "stairs" of insecurity. When offered a login page where the "https://" had been removed and a standard "http://" substituted, all 63 participants in all three groups entered their login data and password. When image authentication images were removed and replaced with a generic "This service is being upgraded" tag, 58 of the 60 individuals chose to continue and enter the relevant data. When presented with a dramatic warning page and information indicating that the security certificate for the web site might be unsafe, over half of the participants (30 out of 57) still decided to enter their login data and proceed.

It's worth noting, as the study authors did, that breaking down the data on which groups chose to proceed yields different results. Although a total of 30 people chose to proceed despite the warning page, a majority of those people were in groups of role players (22 out of 35). Of the remaining group (those using their own personal information), only eight of 14 chose to continue and log in to the service.

Even after factoring in the role-playing element, however, this study raises questions regarding the efficacy of image authentication systems in general. Even when presented with clear evidence that the image authentication system was not functioning and hence could have been compromised, the vast majority of users (97 percent) chose to enter their login information and proceed.

Ars Technica interviews Mike Bombich about CarbonCopyCloner

Ars Technica's Clint Ecker sat down with Mike Bombich this past Wednesday to talk about his company, Bombich Software. We also talked about his most well-known software, CarbonCopyCloner, as well as how development life is treating him. Click the play button above to watch the entire interview. HangZhou Night Net

Update (6/27/2007): Transcript has been added! Read the transcript after the jump.

VO: One Wednesday during WWDC, Clint Ecker sat down with Mike Bombich of Bombich software to talk about CarbonCopyCloner.

CE: So you make CarbonCopyCloner.

MB: That's right.

CE: What was the impetus for you making that? Did you make that out of something of your own need or something that you heard people [needed]?

MB: I really created CarbonCopyCloner for myself. Back when Mac OS X was initially introduced, there really wasn't anything that could do that. Even Retrospect didn't quite have the capacity for it. I was working for Bowling Green State University, doing just basic tech support and I needed a tool that would clone OS X. And I developed the core functionality of it probably in October 2001. I wrote up some articles; that's when I first kicked off my own website. And in December of '01, Apple introduced AppleScript Studio. And I had tinkered with AppleScript before and I thought it was great. And suddenly I could create a GUI application that was based on AppleScript and it was great.

So I had this great application for myself and for using it at work. And then somebody suggested to me that I could share it with other people because they might find it useful. So I did and I remember the day that I posted it to VersionTracker. I was sitting there with my wife on my lunch break and I had the page crafted up on VersionTracker, and I was ready to click Submit. And I was just nervous. There was that feeling that surely somebody would have developed this tool and they were going to submit it at the same time and just completely blow me out of the water and I'd fall into obscurity. But I was just completely blown away when there were like 5,000 downloads the first day. It was just stunning. But that's kind of the origin of CCC.

CE: So for people who aren't really familiar with all of your products, you make another product called NetRestore. Can you tell us a little bit about that and what purpose that serves compared to Carbon Copy Cloner?

MB: So when I first created CarbonCopyCloner, my role in tech support was deployment. And the only tool we had for deployment at the time was to use a FireWire hard drive attached to a machine, boot that machine into target disk mode, and use CarbonCopyCloner to clone that hard drive. Well as it turns out, it's not a very scalable deployment model. So in 10.2 I think, Apple released a command-line version of Apple Software Restore which is the tool that I used in Mac OS 9. It's a great utility and now it was available as a command-line tool. So command-line tool plus AppleScript Studio equals another GUI application, now for scalable mass deployment. That's where NetRestore comes in. NetRestore–the name implies that you do it over the network, and you certainly can. It also does basic volume to volume cloning, pretty much anything Apple Software Restore can do.

So probably about three years I made a transition from CCC to NetRestore for doing mass deployment. And a lot of people didn't really follow. There's always been a little bit of confusion about which tool people should use for mass deployments. And for the longest time, I've been saying to use NetRestore. That's really the tool that was designed for mass deployment. And really, the methodology that's used within NetRestore is far superior to that of CarbonCopyCloner. That said, the version 3 of CarbonCopyCloner that I've developed is now built partially upon Apple Software Restore. It's still not a tool for mass deployment. I just want to make that clear.

CE: Go on a little bit more into CarbonCopyCloner 3. What's there that's new for people who are more familiar with CarbonCopyCloner 2? I know it's out as a beta and people can try it, but what's the big, bullet points there?

MB: So, there's huge differences. I actually completely rewrote CarbonCopyCloner. It's now 100 percent Objective-C; not that there's anything wrong with AppleScriptStudio, it's just not quite as scalable. So for starters, CCC 3 is quite a bit more robust. I added some new features. The volume cloning is based on Apple Software Restore, which means that under certain conditions we can actually get a block-level output, so we can get some really blazing speed. That was never really possible in version 2.3.

The other thing that I added is the ability to use r-sync to backup to a network volume. So if you've got another machine on your network running 10.4.8 or later, you can use CarbonCopyCloner to back up to that volume. And a lot of people asked for that, and I thought "Network backups, that's never going to happen." So here it is. Now we have a robust tool built into Mac OS X, r-sync. I actually made some tweaks to it for myself, but fundamentally under the hood, CCC is using r-sync. And that gives me a lot of additional functionality.

The other thing, the third point I guess, is much more robust volume synchronization. It was kind of an add-on to version 2.3, and it was kind of an ugly hack. But now volume synchronization is pretty much the core. It's how CCC works.

CE: Out last question: you make an application that some people depend on in a critical way to copy over information that's near and dear to them. Whereas a lot of applications and app developers, they may corrupt a preference file and it's no big deal. Do you find that that makes developing CCC and your other applications a little bit more strenuous? Do you spend a lot of time making sure?

MB: Yeah, the worst e-mails that I get are "I backed up my hard drive and found out that there was nothing there and my other hard drive crashed." Every one of those I pay very close attention to, and I feel terrible that I could have potentially caused something like that. But at the same time, that's why I do this work. My files are very important to me. They're very important to my wife as well. And I think of the thousands of people that I've probably helped out in the opposite way. They've had that backup and tragedy struck and it bailed them out.

So it definitely adds stress to the development cycle. I have to think really hard about security in particular, about where you're writing. Hard drive selection alone is actually kind of complex. In CCC 2.3 I just get a list of devices that are in selectable volumes, which is a horribly counter-robust way to get a list of disks. So now in version 3, I access the disk arbitration framework directly. I ask for a list, and I get a list of disks and whenever I make references to volumes, I make a reference to either the UUID or that actual BSD Device ID.

So things like that you really have to pay very close attention to, so that you don't accidentally screw up and wipe out the wrong disk. So yeah that definitely adds a level of stress to it.

CE: Okay, well thanks for talking to us today.

Ah, summer. Time to sit around the campfire, making s'mores and talking about everyone's favorite new codec, ProRes 422, which was introduced with Final Cut Studio 2. Now that folks have had some time to bang on it a bit, we're getting a clearer picture of what this puppy can and can't do. Tim Wilson over at Creative Cow has taken the time to sift through their forums and collect the general consensus. He wants to clear up a lot of misconceptions about Apple's new trophy codec that compresses HD content down to SD bitrates with a negligible loss in visual quality. HangZhou Night Net

Wilson is quick to point out (several times in fact) that many are failing to take in the context of the term "lightweight." Relative to uncompressed HD, ProRes 422 is certainly a big improvement, but uncompressed HD is a feat that requires specialized hardware for even the beefiest of machines. Even 10-bit uncompressed SD (to which ProRes is supposed to be comparable in terms of bitrate) is a challenge for pre-Intel machines, so if you want to make use of ProRes at HD resolutions, you still need the biggest, baddest Mac you can get your hands on. Another important note is the fact that you'll have to have FCP 6 installed to use it, which is unlikely to be a problem for most but seems like a silly limitation.

Don't let me give you the impression that it's all doom and gloom. Overall, the general consensus seems to be that ProRes 422 is going to be an excellent addition to the HD toolbox, and Wilson is positively glowing about the ability to use the "medium quality" feature to squeak out four times the performance with almost no loss in visual quality. If you work with 1080i/60 in FCP (or plan to in the near future), it's definitely worth your time to check out the article.

Now where did I put my pointy stick and marshmallows?

Verizon has begun to use URL redirection services in some markets to "help" users when they mistype URLs. The service, called "Advanced Web Search," and first noticed by a reader at Broadband Reports, will provide a listing of links that may be relevant to what the user was trying to get to if they accidentally typed things like arstechnica.cmo or verzion.com into the address bar. Verizon claims that this new service is "designed to reduce the amount of dead-end, 'no file exists' or similar error messages you see." HangZhou Night Net

Of course, Verizon's Advanced Web Search is just another version of OpenDNS-type services—when a user mistypes something in the address bar or tries to go to a nonexistent web site, it not only displays search results but also ads. The attempt to "profit" off of users' typos bring back fond memories of the VeriSign Site Finder debacle, wherein VeriSign implemented a similar service for mistyped top-level domains but was then barred by the Internet Corporation for Assigned Names and Numbers (ICANN) from doing so. VeriSign sued ICANN for violation of antitrust laws by preventing VeriSign from adding "features" to top-level domains. Eventually, VeriSign eventually settled the suit with ICANN; the settlement barred VeriSign from relaunching Site Finder in exchange for maintaining control of .com and .net domains.

Verizon acknowledges, however, that the Advanced Web Search may cause problems for some users. For example, the service may break applications that rely on NXDOMAIN messages and, in some cases, could override other search results pages. Users have the opportunity to opt out of the service, though, although some have reported that the opt-out instructions did not work for them.

Verizon's trial of the service has been constrained so far to the midwestern US, primarily in Indiana, Illinois, Michigan, and Wisconsin.

When I saw Spore for myself at last year's E3 I knew we were in for something special. Unfortunately the game has suffered delay after delay, and then this month's Game Informer hit and told us the game was "delayed indefinitely." I always thought that meant the game was canceled? Kotaku contacted EA, who stated the game had "slipped out of fiscal 08 and into fiscal 09." This is not good news for gamers hoping to get their Spore fix in the near future. Or even within a year. So what's going on? We hazard three guesses. HangZhou Night Net

The game will ship on every platform

This is EA, and Spore could be the next Sims if it takes off. Hell, there is an entire group at EA that is dedicated to the business of the Sims; EA knows how maximize a popular franchise. So it's possible they're holding off on releasing the game until they have the 360, PS3, DS, PSP, PS2, Zune, mobile phone, and iPod versions of the game ready to go. And that would certainly take time.

Things aren't working, and it will take a very long time to fix them

When you see a live demo, it's pretty much the same demo everyone sees. It may look like the whole thing is off the cuff, but in reality you're seeing a carefully scripted show. It's possible giant chunks of the game are missing, and the illusion of the title being near completion is mostly smoke and mirrors. With a game this open-ended, it's possible the development team is running into a slew of unforeseen problems.

EA has something big planned for distribution

EA has already updated EA Link once, but it doesn't have the juice of more popular distribution services like Steam or even Xbox Live. It's possible that EA is sitting on the game in order to roll it out with something big in fiscal 2009. EA has a lot of large titles, but nothing approaching the pull that Spore has among both console and PC gamers. It's a huge game from a huge name, and if EA is hoping to piggy-back a big announcement using the buzz of the game's release, it could be a good business decision to let the game sit for a while.

Of course, this is all speculation, and it all feels pretty far-fetched to me. Still, there has to be some reason, and these guesses are as good as anything else. What do you guys think?