Latest Entries »

Windows 8 To Offer Both Desktop, Tablet Interface

Users of the coming Windows 8 operating system will be able to switch between a traditional desktop PC user interface and a tablet-friendly look patterned after Microsoft’s Windows Phone platform.

Some industry observers clearly have been worried about the dumbing down of the next Windows OS release. However, users who highly value the full-blown desktop experience will have the full set of PC capabilities at their fingertips, said Steven Sinofsky, the president of Microsoft’s Windows division, writing in a blog.

“If you want to, you can seamlessly switch between Metro style apps and the improved Windows desktop,” Sinofsky wrote. “Essentially, you can think of the Windows desktop as just another app.”

Windows 8 tablet users who prefer Windows Phone’s Metro-style UI for accomplishing tasks on the fly will never even need to see the platform’s desktop version.

“We won’t even load it — literally the code will not be loaded — unless you explicitly choose to go there,” Sinofsky said.

Moreover, the new Metro-style UI “is much more than the visual design — [it is] fast and fluid, immersive, beautiful, and app-centric,” Sinofsky said. And tablet users who do not need the full-blown Windows desktop experience won’t have to comply with its more stringent memory, battery life and hardware requirements, he added.

The Innovator’s Dilemma

Microsoft has to negotiate an innovator’s dilemma with Windows 8, said Al Hilwa, director of applications software development at IDC.

“They have to create a product which is appealing to an apparently large segment of the user population who loves a simpler touch-first approach to computing, while maintaining Window’s existing user-base that is comfortable with the precise control a keyboard, a mouse and a file-oriented interface provides,” Hilwa said.

Just how Microsoft will go about accomplishing the delicate balancing act of having both Windows 8 user interfaces operating together harmoniously remains unclear right now. However, more concrete details are expected to emerge at Microsoft’s Build conference for developers beginning Sept. 13 in Anaheim, Calif.

The bottom line is that Microsoft will need to ensure that both user segments remain happy with Windows 8, Hilwa said. The software giant also will need to “maintain two parallel application development models until these begin to blend more naturally down the road,” he added.

The Ribbon Users Love To Hate

Already featured in the 2007 and 2010 releases of Microsoft’s Office business productivity suite, the ribbon is one design element that some Office users love to hate. This helps explain this week’s flurry of negative comments about the addition of a ribbon to the new file management tool for Windows 8.

Still, Sinofsky pointed out that the addition of a ribbon will enable the platform’s designers to create an optimized file manager that positions the most frequently used commands at reliable, logical locations.

“The flexibility of the ribbon with many icon options, tabs, flexible layout and groupings also ensured that we could respect [Windows] Explorer’s heritage,” Sinofsky said.

What’s more, the Windows Explorer ribbon provides for a much more reliable and usable touch-only interface than pull-down-menu or context-menu designs could provide, Sinofsky said. Though some critics have complained about the additional screen real estate that this feature would occupy, Sinofsky said users would be able to display the Windows Explorer ribbon in either an open or minimized state.

Source: NewsFactor

SkyDrive client app coming for Windows, iOS, Mac, and Android too?

A few days ago we just told you about a potential official SkyDrive app might be coming for Windows Phone, and today we’ve received tips pointing to possible SkyDrive client apps being developed for other platforms too. LiveSide reader Nikhil Jain left us a tip in the comments saying that a SkyDrive client for Windows, iOS, Mac, and Android is also in development, in addition to the Windows Phone app. While Nikhil didn’t mention any sources, after doing a bit of digging we found an interesting Microsoft job postingfor the Windows Live Devices & Roaming Experience (DRX) team which seems to confirm Nikhil’s claims. Here’s an excerpt from the job posting:

The Windows Live DRX team produces the SkyDrive client applications that fuel our customers thirst for stable, secure and available online storage. DRX is building experiences to deliver all of your content from the cloud and your devices to any of your devices anywhere anytime. Our team develops clients for Windows, Windows Phone, iPhone, Mac and Android. We are looking for developers that are looking for their next challenge to build the highly distributed platform and multi-platform clients for the SkyDrive suite of products delivered through Windows Live and Windows.

For those of you who doesn’t know what the Windows Live DRX team do, they’re best known (or so they say) for developing Windows Live Mesh for the Wave 4 release back in 2010. If the DRX team is now working on SkyDrive client applications (for both Windows and other platforms), does that mean these “SkyDrive client applications” are actually some form of Windows Live Mesh? If you recall, the cloud-based “synced storage” component for the current Windows Live Mesh has one major shortfall – it is not integrated with the actual Windows Live SkyDrive in any way. Would this news also mean the synced storage for Mesh will finally be integrated with the actual SkyDrive?

If we trace back to the history of Windows Live Mesh, you might remember that the origin of Windows Live Mesh – which happens to be called Live Mesh – had a vision of being able to run across a variety of platforms and devices, including mobile, Mac, Xbox and Zune. The following video (thanks Avatar X!) from the Microsoft keynote during the 2008 Web 2.0 Expo might give you a good reminder of what Live Mesh could’ve been like:




Microsoft quietly finding, reporting security holes in Apple, Google products

Researchers at Microsoft have been quietly finding — and helping to fix — security defects in products made by third-party vendors, including Apple and Google.

This month alone, the MSVR (Microsoft Security Vulnerability Research) team released advisories to document vulnerabilities in WordPress and Apple’s Safari browser and in July, software flaws were found and fixed in Google Picasa and Facebook.

The MSVR program, launched two years ago, gives Microsoft researchers freedom to audit the code of third-party software and work in a collaborative way with the affected vendor to get those issues fixed before they are publicly compromised.

The team’s work gained prominence in 2009 when a dangerous security hole in Google Chrome Frame was found and fixed but it’s not very well known that the team has spent the last year disclosing hundreds of security defects in third-party software.

Since July 2010, Microsoft said the MSVR team identified and responsibly disclosed 109 different software vulnerabilities affecting a total of 38 vendors.

More than 93 percent of the third-party vulnerabilities found through MSVR since July 2010 were rated as Critical or Important, the company explained.

“Vendors have responded and have coordinated on 97 percent of all reported vulnerabilities; 29 percent of third-party vulnerabilities found since July 2010 have already been resolved, and none of the vulnerabilities without updates have been observed in any attacks,” Microsoft said.

This week’s discoveries:

  • A vulnerability exists in the way Safari handles certain content types. An attacker could exploit this vulnerability to cause Safari to execute script content and disclose potentially sensitive information. An attacker who successfully exploited this vulnerability would gain sensitive information that could be used in further attacks.
  • A vulnerability exists in the way that WordPress previously implemented protection against cross site scripting and content-type validation. An attacker could exploit this vulnerability to achieve script execution.

Source: ZDNet

TouchPad’s Lesson: Tablets Cost Too Much

Sure, HP’s TouchPad fire sale could take sales away from low-volume tablet makers and further solidify Apple’s market share. Then again, maybe those low-volume tablet makers — HP included — have been hurting themselves with a pricing structure that isn’t attractive to most consumers.

After dropping the TouchPad’s price to $99 for the 16Gb model and $149 for the 32GB variation, HP has sold an estimated 350,000 units this weekend. That’s comparable to launch weekend sales for Apple’s tablet. Granted, HP’s tablet is discontinued and on clearance, but it shows that many consumers are willing to forget about the iPad, if the price is right.

Here’s the problem with the current system: many entry-level tablets cost somewhere around $500 and that’s the same price as the iPad. I’m guessing most consumers that decide to spend a $500 on a tablet will opt to get an iPad. If other manufacturers want to be competitive with Apple’s tablet, which is in many ways the definitive device on the market, they need to give consumers a reason to pick up their device instead.

That hasn’t really been done until now.

HP offering its discontinued tablet for a one-fifth the cost of Apple’s tablet seems to have registered with many price-conscious and deal-hunting consumers.

Sure, I get that everyone likes a deal, myself included. (I picked up a TouchPad at my local BestBuy yesterday.) Obviously, HP’s price drop is a unique situation that other tablet makers probably don’t want to emulate, but maybe more thought should go into the tablet designing process than “let’s make
something like the iPad, that costs the same amount as the iPad.”

If nothing else, the fire sale shows that there is a lot of consumer interest in tablets and a lot of missed opportunities by other tablet makers. There are some tablet options under the $300 price point, but not too many that are mainstream.

Source: PC World

RIM Planning a Music Service on BlackBerry

Research In Motion is planning a music service for users of its BlackBerry device, according to media reports.

The music service will be offered as part of BlackBerry Messenger (BBM), its instant messenger service, according to the reports. The service may be launched as early as next week, said The Wall Street Journal.

A source familiar with the plan confirmed on condition of anonymity that the service was indeed being launched, but did not provide details.

Subscribers will get access to around 50 songs at a time, which they can listen to on their phones and share with other subscribers through BBM, the reports said.

RIM is not intending to compete with other music services like Apple’s iTunes or Spotify, WSJ said. Instead it is focusing on making its devices more attractive to younger users who would like to customize their phones and share music, the newspaper said.

RIM said in an e-mailed statement on Thursday that its “standard policy is to decline comment on rumors and speculation”. BBM is one of the largest mobile social networks in the world with over 45 million users, it added.

RIM is said to be in negotiations with four major recording labels for licensing deals, and may have closed some of the deals, according to the reports. The labels it is said to be negotiating with are Universal Music Group, Sony Music Entertainment, Warner Music Group, and EMI Group.

Source: PC World

Red Hat CEO thinks the desktop is becoming a legacy application

A running joke at this years LinuxCon is that “X is the year of the Linux desktop.” Jim Zemlin, head of the conference’s sponsoring organization, The Linux Foundation, started it with his keynote in noting how often he’d made that prediction and how often he’s been wrong. The current prediction, which I believe Linus Torvalds made last night was : “2031! The year of the Linux desktop.” Jim Whitehurst, CEO of Red Hat, has another year in mind for the Linux desktop though: Never. Oh, and the Windows and Mac desktops? Get ready to say good-bye to them soon.

In an interview with me, Whitehurst told me that he believes that the “Fat client operating system [the traditional desktop] is becoming a legacy application.” What he meant by that isn’t that your desktops are suddenly going to vaporize into puffs of smoke in 2016 like from some really lame disaster movie. No, his point is that the cost of maintaining and securing a desktop operating system is growing increasingly higher.

So, what he sees happening is that everyone, and it’s not just Linux, “writing their functionality for the back engine. Why would anyone with all the different platforms—smartphones, tablets, etc.—and the costs of securing all of them want to spend money on that? The cost to manage and secure a fat client is ridiculous.”

So what will replace it? He sees several possibilities. In the short run, for businesses he sees Virtual Desktop Infrastructure (VDI) becoming increasing more important. Here, he sees Citrix, which has long provided Windows desktops via its VDI platform, continuing to be the major player. “It’s Citrix’s market to lose,” said Whitehurst.

Red Hat will also play a role in VDI as well. In 2012, Red Hat will be reintroducing ts Simple Protocol for Independent Computing Environments (SPICE)-based VDI. On the server side, SPICE depends on KVM (Kernel Virtual Machine) for its horsepower. Don’t think though that Red Hat plans on head-to-head competition with Citrix for tomorrow’s VDI desktop. They don’t.

Instead, Whitehurst said, “SPICE will be part of a packaged offering for those who want it.” He sees its market as being primary users who are already using Linux desktops, terminal applications, or Linux-based thin-clients. It’s a great offerings, but as for using it to run say “20,000 Windows desktops?” No, that’s Citrix’s market.”

So what kind of desktop does he see the enterprise user moving to, since after all, there’s only so much you can do with any tablet or smartphone? Whitehurst thinks it will probably be based on a KVM-based cloud and using a Web browser as its primary interface.

He added that he thinks Google’s Chrome operating system looks promising and that he plans on trying out the Samsung Chromebook himself sometime soon. You see, unlike many CEO’s, Whitehurst is also a techie. His first exposure to Linux was running Slackware on his own. Today, he runs Fedora 15 as his desktop. He knows Linux. As Red Hat gets ready to become the first billion-dollar open-source company, it’s clear he knows business. He knows the desktop. If he says the fat-client desktop is getting ready to become yesterday’s news, I’m inclined to listen to him.

Source: ZDNet

Firefox 6 patches 10 dangerous security holes

Mozilla has shipped a critical Firefox update to fix at least 10 security vulnerabilities, some serious enough to expose web surfers to drive-by download attacks.

According to an advisory from the open-source group, 8 of the 10 vulnerabilities are rated “critical,” meaning that they can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Here’s a glimpse of the critical issues:

Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

These include a WebGL crash, a JavaScript crash, a crash in the Ogg reader, memory safety issues and unsigned scripts.  These all affected Firefox 4 and 5.

Mozilla also credited researcher Michael Jordon of Context IS  with reporting a pair of critical issues — that an overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code; and a potentially exploitable heap overflow in the ANGLE library used by Mozilla’s WebGL implementation.

Some additional security problems fixed:

  • Security researcher regenrecht reported via TippingPoint’s Zero Day Initiative that a SVG text manipulation routine contained a dangling pointer vulnerability.
  • Mike Cardwell reported that Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Daniel Veditz reported that redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy.
  • nasalislarvatus3000 reported that when using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain.

Firefox 6 is being distributed via the browser’s automatic update mechanism.

Source: ZDNet

Google buying Motorola: Nokia, Samsung, and other industry players react

Google said this morning that it dropped its “top five” Android partners a line yesterday to let them know that this Motorola acquisitionwas taking place — so naturally, many of them had prepared statements ready to go. The move will have ripple effects across several entire industries, though — not just the Android ecosystem alone — so we wanted to reach out and get reactions from a few companies that have a vested interest in Google’s successes and failures.

Overall, the theme across Android licensees’ initial statements is unwaveringly supportive at this point. Considering that Google’s primary goal is to shore up Android’s shaky patent situation, that comes as little surprise — though the striking similarity in some of the messaging suggests that Mountain View may have applied some pressure to show a unified front today. Regardless, the ball will be in Google’s court going forward to make sure that these guys aren’t put at a competitive disadvantage against Motorola — a move that could drive them away from Android altogether and into alternatives like Windows Phone, as Nokia’s statement seems to imply.

Follow the break for the full rundown from Nokia, HP, Samsung, HTC, Sony Ericsson, and LG.



From Nokia, which had bypassed Android for its “commoditization risk” and is preparing to introduce a lineup dominated by Windows Phone devices in the coming years:

“This further reinforces our belief that opportunities for the growth of Nokia’s smartphone business will be greatest with Windows Phone. This could prove to be a massive catalyst for the Windows Phone ecosystem. Additionally, with our respective intellectual property portfolios, Nokia and Microsoft are working together to build and nurture an innovative ecosystem that benefits consumers, operators, developers and other device manufacturers.”


HP hopes to go big with webOS through its own devices (and perhaps licensing deals at some point), which means it’s not directly affected by the Google-Motorola deal — but the seismic shift in the wireless ecosystem has the potential to affect the company’s fortunes nonetheless. Alas, they’ve issued a standard “no comment” today.


Though Samsung Mobile US hasn’t specifically weighed in on the deal, JK Shin, President of Samsung Mobile’s global operations, had this to say:

“We welcome today’s news, which demonstrates Google’s deep commitment to defending Android, its partners, and the ecosystem.”


HTC — which splits its time between Android and Windows Phone — called on CEO Peter Chou for this quote:

“We welcome the news of today’s acquisition, which demonstrates that Google is deeply committed to defending Android, its partners, and the entire ecosystem.”

Additionally, the company insists that the deal won’t have an effect on its working relationship with Google:

“We are supportive of Google’s acquisition of  Motorola Mobility as this is a positive development to the Android ecosystem, which we believe is beneficial to HTC’s promotion of Android phones. The partnership between HTC and Google remains strong and will not be affected by this acquisition.”

Sony Ericsson

Bert Nordberg, CEO of the embattled company, released one of the briefest comments of the day — though it echoes the same sentiment that’s being conveyed by other Android manufacturers:

“I welcome Google‘s commitment to defending Android and its partners.”


LG Mobile boss Jong-Seok Park seems to have cribbed off Nordberg’s notes (or vice versa):

“We welcome Google‘s commitment to defending Android and its partners.”

Source: Thisismynext

Firefox 8 to block unapproved add-ons

Starting with Firefox 8, Mozilla will automatically block browser add-ons installed by other software until users approve them, a company product manager announced yesterday.

Software-bundled add-ons have been a problem for Firefox users, who have sometimes been surprised to find browser extensions show up on their machines without their consent.

An add-on included with Skype, for example, caused such a high number of browser crashes that Mozilla added it to a list of banned extensions last January. And in 2009, an add-on that Microsoft silently slipped into Firefox left browser users open to attack, a fact that Microsoft itself admitted.

“While some of these applications seek the user’s permission beforehand, others install add-ons into Firefox without checking to make sure the user actually wants them,” said Justin Scott, product manager for add-ons, on a Mozilla company blog.

Scott ticked off numerous issues with such add-ons, ranging from slowing down Firefox’s startup and page loading times to not keeping up with Firefox’s feature and security updates. “Most importantly, they take the user out of control of their add-ons,” Scott said.

Changes slated for Firefox 8, which will hit Mozilla’s “Aurora” preview channel next week and is scheduled to release in final form on Nov. 8, will return control to users, argued Scott.

If Firefox 8 finds that another program has installed an add-on, the browser will automatically disable it until the user has agreed to its installation. “Users that want the functionality provided by a third-party-installed add-on can easily allow the installation, while users who don’t can cancel or ignore the prompt,” said Scott.

Previously-installed add-ons will also be tagged when users upgrade to Firefox 8, and won’t be enabled until the user explicitly agrees.

Developers who follow Mozilla’s rules — asking users to opt-in — will be affected as well as those who try to slip an add-on by users, something that immediately raised questions.

“We have an installer on Windows that installs an add-in to Firefox (via an .exe). Its only job is to install the add-on and the user is agreeing to install the add-on,” said Michael Kaply, a former IBM developer who now consults with corporations on customizing Firefox for their workers or clients. “How do we keep this prompt from appearing in this case?” Kaply asked in a comment appended to Scott’s blog.

Mozilla didn’t have an answer for Kaply.

“Firefox unfortunately doesn’t have any way of knowing if the user was ever asked about installing the extension,” acknowledged Alex Faaborg, a principal designer at Mozilla, in another comment. “So the only way to ensure user control is to ask them when Firefox launches.”

Scott echoed that, saying that impact of bad add-ons outweighed the pain that will be felt by developers who abide by the rules. “Unfortunately, the extent of unwanted add-ons installed through these methods has caused us to take action, but we’re confident that users who truly want such add-ons to be installed will opt in when Firefox prompts them,” he said.

Users can try out the new add-on management features by downloading Firefox 8 after it lands on the Aurora channel next week.

Ryan:  Users should be given the option to choose whether or not they’d like to update or install an add-on in the first place.

Source: ComputerWorld

Security expert warns hackers can attack Android

A mobile security expert says he has found new ways for hackers to attack phones running Google Inc’s Android operating system.

Riley Hassell, who caused a stir when he called off an appearance at a hacker’s conference last week, told Reuters he and colleague Shane Macaulay decided not to lay out their research at the gathering for fear criminals would use it attack Android phones.

He said in an interview he identified more than a dozen widely used Android applications that make the phones vulnerable to attack.

“App developers frequently fail to follow security guidelines and write applications properly,” he said.

“Some apps expose themselves to outside contact. If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message.”

He declined to identify those apps, saying he fears hackers might exploit the vulnerabilities.

“When you release a threat and there’s no patch ready, then there is mayhem,” said Hassell, founder of boutique security firm Privateer Labs.

Hassell said he and Macaulay alerted Google to the software shortcomings they unearthed.

Google spokesman Jay Nancarrow said Android security experts discussed the research with Hassell and did not believe he had uncovered problems with Android.

“The identified bugs are not present in Android,” he said, declining to elaborate.

It was the first public explanation for the failure of Hassell and Macaulay to make a scheduled presentation at the annual Black Hat hacking conference in Las Vegas, the hacking community’s largest annual gathering.

They had been scheduled to talk about “Hacking Androids for Profit.” Hundreds of people waited for them to show up at a crowded conference room.

Hassell said in an interview late on Thursday the pair also learned — at the last minute — that some of their work may have replicated previously published research and they wanted to make sure they properly acknowledged that work.

“This was a choice we made, to prevent an unacceptable window of risk to consumers worldwide and to guarantee credit where it was due,” he said.

A mobile security researcher familiar with the work of Hassell and Macaulay said he understood why the pair decided not to disclose their findings.

“When something can be used for exploitation and there is no way to fix it, it is very dangerous to go out publicly with that information,” the researcher said. “When there is not a lot that people can do to protect themselves, disclosure is sometimes not the best policy.”

Hassell said he plans to give his talk at the Hack in The Box security conference in Kuala Lumpur in October.

Ryan:  If you are running an Android phone, two must have apps for your phone are:  Lookout Mobile Security for Android & Advanced Task Killer.

Source: Reuters

Chromebooks get VPN, secure Wi-Fi, Citrix virtualization

Since the unveling of its Chromebook, Google has billed the cloud-based notebook as the ideal device for both enterprise customers and their beleaguered IT departments.

With the most recent update, Google is proving its case.

In an addition that perhaps should have been part of the Chromebook from the beginning, Google is adding virtual private network (VPN) support, allowing users secure remote access of their corporate or institutional networks.

That’s not all. Google is also adding support for the secure 802.1X protocol, which allows network managers to require authentication for users to access secure Wi-Fi networks.

Sweetening the deal is Citrix desktop application vitualization, ideal for companies that rely on expensive software suites but are increasingly made up of road warriors.

Google says all three feature additions are in response to feedback from its business and education customers. With such widely-used features in these sectors, though, why wasn’t it a no-brainer?

Source: ZDNet / Google