Blogs | Créer un Blog | Avertir le modérateur

  • ASUS AP23-T91 Battery

    The Reg team thinks it has given itself a nice set of challenges to chase in 2016. Our overall resolution is to become an even better business tech news publication. We want new regular readers to admire our improvement, former readers to find reasons to return and of course to attract new readers too! Those readers might be career techies, technology managers, a CIO, a CEO or a student. Whatever your role in making IT a part of business, we're aiming to be one of your valued sources for insightful news. And hopefully the number one source.So there you have it: our resolutions for 2016. We’re also going to do something about that big pile of sweets and doughnuts at the end of the editorial desk, iron shirts more often and stop splitting infinitives once we figure out the rules of grammar and what they have to do with our mother’s mother.From all of us to all of you: all the best for a healthy, prosperous, stimulating and healthy 2016. If we get this right, we plan to be a big part of the prosperity and the stimulation.

    32c3 Security concerns around Intel's x86 processors – such as the company's decision to force the secretive Management Engine microcontroller onto its silicon – have raised fundamental questions about trust in personal computers, whatever architectures they may be based upon. The founder of Invisible Things Labs, security researcher Joanna Rutkowska, delivered one of the first talks to the 32nd Chaos Communications Congress (32c3) in Hamburg on Sunday, restating the issues she considers make Intel x86 "insecure and untrustworthy" before explaining how she believed they may be practically solved in her talk, Towards (reasonably) trustworthy x86 laptops.The lecture was based on Rutkowska's October paper (PDF), which asserts that most modern operating systems are too trusting, plus her December recommendations (PDF).That issue is that kernels, drivers, and other low-level code are assumed to be trustworthy even though bugs hidden within them can be exploited to disable whole security mechanisms. Rutkowska added: "A successful exploit against one of the thousands of drivers, networking protocols and stacks, filesystem subsystems, graphics and windowing services, or any other OS-provided services, has been considered unlikely by the systems architects."

    Firmware-level vulnerabilities (eg, LightEater) and bungled implementations of boot security (eg, Intel TXT), alongside the small horde of attack vectors introduced through peripherals, provide ample ammunition to attackers, according to Rutkowska.This means you can't really trust your sensitive data with your hardware, and instead crucial information should really be kept apart from the main machine. She said a "strict separation of state-carrying (trusted) element from the rest of the hardware" has become necessary as people and personal computers become increasingly interdependent.Rutkowska said the communal effort on improving personal security in the application layer in recent years – from GnuPG and Tor, through to OpenVPN and disk encryption tool LUKS – “is meaningless if we cannot trust our operating system, because the operating system is the trusted part – if it is compromised then everything is lost.”

    There have been notable efforts to create a trustworthy operating system stack. Rutkowska herself had started the open-source Qubes OS project five years ago, which now has dozens of contributors. Qubes works by running different applications in their own virtual machines – for example, the VM running a browser used to visit any old website is separate to the VM running GPG; if the browser is compromised, the attacker has to break through the Xen hypervisor to get to the encrypted email client.Version 1.0 of Qubes OS was released in 2012, while 3.0 was released in October of this year.The core of her talk dealt with the widespread assumption of trustworthiness in hardware, particular in regards to laptops, which it doesn't deserve.Intel's x86 platform is ubiquitous in modern laptops, and “present Intel processors really integrate everything and the kitchen sink,” said Rutkowska. “Ten years ago we used to have a processor, a Northbridge, a Southbridge, and perhaps even more discrete elements on the motherboard. Today, nearly all of these elements have been integrated into one processor package.“Of course there is only one company making these,” Rutkowska said. “It's an American company called Intel, and it's a completely opaque construction. We have absolutely no ways to examine what's inside [its chips]. The advantage is that it makes the construction of laptops very easy now, and lots of vendors can produce little sexy laptops.”

    When we talk about processors today, we are no longer talking about just the CPU, said Rutkowska. “The processor is now the CPU, GPU, the Memory Controller Hub, PCI express, some southbridge – so for example SATA controller – and so on, as well as something called Management Engine (ME).”Intel ME is a microcontroller, and part of Intel's AMT hardware and firmware technology which allows administrators to remotely manage the hardware over network – all underneath whatever operating system is running. As this management is conducted at a low-level in the stack, it dodges the OS – meaning overwriting your out-of-the-box Windows installation with a Linux distro will not guarantee any trustworthiness.The ME microcontroller comes with its own RAM, it can access the system's RAM, and it has its own private ROM of firmware code, which nobody may inspect. “It runs a whole bunch of proprietary programs,” said Rutkowska, “and even runs Intel's own proprietary operating system, and this is all happening whenever you have some power connected to your processor, even in sleep mode, and it could be doing anything it wants.”

    The first thought for security people is that this is an ideal backdooring or rootkitting infrastructure. Which is true. However there is another problem, what I call the 'Zombification' of personal computing.
    As a former stealth malware researcher, Rutkowska said she could not imagine a more ideal infrastructure for malware than the Management Engine: “ME has access to everything that is important. It has unconstrained access to DRAM, to the actual CPU, to GPU, it can also talk to your networking card, especially your Ethernet card, the controller for which is also in the Southbridge in the processor. It also has its own dedicated partition on the SPI Flash which can be used to store whatever ME wants to store there. This is really problematic, and we don't know what it runs.” Typically, people run software in the application layer, and expect all the decision making by software to happen there; the low-level code below acts as a middleman, instructing the hardware to do what the users wants it to do.Citing a book by one of the Intel architects who had designed ME – as “it's about the only somehow official source of information about Intel ME,” according to Rutkowska – the researcher reckons Intel wishes to completely invert this model.

    Intel “essentially wants to eliminate all the logic that touches data from apps, and the operating system even, and move it to Intel ME. Remember, Intel ME is also an operating system, a separate operating system... nobody knows how it works. Nobody has any possibility to look at the source code, or even reverse-engineer as we cannot analyse the binaries. It is an operating system which is fully controlled by Intel, as is any functionality it offers,” she said.The ME blackbox is not trustworthy, says Rutkowska: “The complexity of the architecture … doesn't look like it could be solved effectively.”Although this seemingly borked Qubes OS's confidence that it could securely lock down and compartmentalize software on a machine, there may be a different way to win the game: “You cannot really win under the old rules," said Rutkowska, who added that it was perhaps time to begin to change those rules. "That starts with recognising that most of the problems here begin with the persistent state.”

    Infosec wild man John McAfee has taken time off from his US presidential campaign to launch a fresh funding drive for a password replacement product.The proximity-based authentication and access control product, dubbed EveryKey, is also touted as a replacement for physical keys, as the pitch explains.Everykey replaces your passwords and keys. When Everykey is close to your phone, laptop, tablet, house door, car door, or another access-controlled device, it unlocks that device.
    When you walk away, that device locks back down. Everykey can also log you into your website accounts. If you lose your Everykey, you can remotely freeze it, so no one else can use it.Everykey, which is designed to be paired with an associated smartphone or laptop using Bluetooth, would also store a password keychain.The whole idea is still at the prototype stage despite three years of development and repeated delays. Estimated delivery currently stands at March 2016.

    McAfee, chief evangelist at Everykey, has launched an Indiegogo campaign to fund production for Everykey. Would-be early adopters have already shelled out $61K with 13 days of the funding drive still to run.A YouTube promo video of McAfee demoing EveryKey can be viewed below.The idea tackles an all too real problem but caution is still advisable. Infosec consultant Paul Moore argues that there's still little to show for the project after three years of development and multiple delays."It's a great idea with (I believe) real potential... but talk of "receiving samples" after three years and $1.2 million dollars of investment, frankly, worries me no end," Moore writes. Water cooler El Reg, some friends of mine have been showing me blog posts about Microsoft keeping secret copies of all our encryption keys. What's going on?Since Windows 8, Microsoft has built drive encryption into its operating system, so none of this should really be a shock. And this encryption feature shouldn't be confused with Bitlocker, which is aimed at power users and businesses; think of this feature as a diet Bitlocker.Whenever you first log into a new Windows 10 computer or device using a Microsoft account, the OS quietly and automatically encrypts the internal storage drive, and uploads a recovery key to Redmond's OneDrive servers. While you're logged into your machine, your data is decrypted and accessible. If someone steals your PC or tablet, and they don't know your password, they shouldn't be able to get at your files because they can't decrypt them.

    If you forget your password or somehow can't log into your PC or device any more, you won't be able to use your drive because it will remain encrypted. If you change your motherboard, you won't be able to decrypt your data either because the system ties the encryption to a crypto key stored in the chipset. The new board won't have that key.This still doesn't explain why the recovery key is held in the cloud.Imagine the tech support calls Microsoft and PC makers must get every day from people – people who think the caps lock key is cruise control FOR COOL. People who can't remember how to turn on Bluetooth. Now imagine the sheer hell of dealing with hundreds of thousands, if not millions, of people who wake up one morning and can't remember their passwords, only to be told: "Sorry, it's gone. All your data is gone."It's not a hassle Microsoft wants to deal with, so it provides people a recovery key, stored on the corporation's servers, to sign back in. If you have recovery key for an encrypted drive, you can decrypt it.

  • Laptop Battery for ASUS A32-K52

    Unfortunately, it appears that the Fierce XL will not support Continuum, which requires hardware with dual display capability. The ability to connect to an external display is not enough.Although the advent of new Windows Phone vendors seems positive for the platform, these new models also reflect Microsoft's problems in this market.The success of the Jade Primo depends on enthusiasm for Continuum, which is unproven, and is it hard to see the low-end Alcatel OneTouch device winning much traction in a market dominated by Android. That's according to Accenture, which carried out a survey of 28,000 people across 28 countries, and found "sluggish demand" for the most popular consumer electronics.Not that we've stopped buying them: "just" 48 per cent of us plan to buy a new smartphone in the next year – still huge demand but demand that has fallen 20 per cent from last year. Likewise, across the board, "only" 30 per cent of us are planning to get a new TV, tablet or laptop: a drop of roughly 10 per cent on last year.Why are we noticeably less excited about these consumer devices? Because we're "satisfied" with what we've got. Most satisfying is the TV – 56 per cent; then the laptop with 49 per cent, smartphones with 47 per cent and lastly tablets with 36 per cent.

    This is all very depressing for Accenture, especially since its survey is called Igniting Growth in Consumer Technology."The slowdown in the consumer technology market is irrefutable, serious and global," the group's managing director of high tech Sami Luukkonen said. "The market is not about the glitzy gadgets any more – rather, it's about providing secure, innovative and practical digital services and more open collaboration." And so in a bid to keep those dollars coming in, it turned to: the internet of things! And was equally disappointed.Demand for smart goods is increasing, but only slightly (one per cent), which is not nearly enough to offset the drop in traditional electronics. So while 13 per cent of us are apparently planning to get a smart watch this year, all those Apple Watches are not going to fill iPhone-sized gaps.It's good news for smart thermostats: nine per cent of consumers are planning to ditch their beige box and pay the premium for things like the Ecobee and Nest. Eight per cent said they were planning to get virtual reality headsets – presumably because they've heard that 2016 will be the year of VR.

    What's promising is that the most famous of them – the Oculus Rift – will be going into pre-order on Wednesday. What's less encouraging is that still, no one knows how much they will cost, which almost certainly means too much.And price is the biggest factor stopping us from purchasing IoT goods, according to Accenture: a whopping 62 per cent of us aren't sure they're worth the price tag. Second biggest obstacle is privacy and security concerns: 47 per cent of us aren't sure we want our highly personal information out there just waiting for a poorly patched server to provide it to the world.The Backup Plus Ultra Slim is claimed to be the world's thinnest 2TB mobile hard drive, being a thinner version of the existing Backup Plus Slim, which has a 2TB capacity as well.For file-sharing purposes, 200GB of Microsoft OneDrive cloud storage for two years is included. The BPUS has Lyve software bundled with it "which helps users to protect ... photos and videos from their digital cameras and smartphones and automatically organises them into a single unified library accessible from any mobile device or computer."There is additional software – the Seagate Dashboard, which offers users either one-click on-demand or customisable, scheduled backups for their devices.

    The BPUS box is 9.6mm thick, and Seagate says it's more than 50 per cent thinner than other 2TB drives on the market. It has a golden or platinum metal finish, "designed to complement the looks of stylish computers, tablets and phones." The drive inside is likely Seagate's Ultra Mobile Technology product, which was announced as a technology in September, 2015, with two platters, a 7mm thickness, 2TB capacity, and 3.17oz weight. The rotation speed was unspecified but we think it's 5,400rpm.The LaCie Chromé is a mirror-finish desktop external drive sitting at an angle on a rounded base: It's a Neil Poulton design; he's designed other LaCie external drives, and features 2 x 500GB M.2 SATA SSDs inside the aluminium casing, with USB 3.1 gen 2 technology (10Gbit/s) with USB-C connectivity and a flash drive inside. The SSDs are in a RAID 0 configuration and the bandwidth is up to 940MB/sec.Seagate suggests two hours of 4K GoPro footage could be written to the drive in a little over one minute. You could edit hi-res video stored on this drive. It does not have a Thunderbolt interface by the way.

    The USB-C connector has no up or down side and the connectors at both ends of the cable are the same. It is compatible with standard USB 3.0 (Type-A) ports via an included adapter cable.There is a fan to introduce cool air and a heat sink that draws hot air away from the SSDs.As usual with LaCie and Neil Poulton drives, the launch blurb goes into design rhapsody mode:This signature device has been designed in collaboration with acclaimed industrial designer Neil Poulton to bring uncommon sophistication to a workspace. The elevated form is an homage to a 1935 bronze statue from Constantin Brâncuși, one of the most influential sculptors of the 20th century. Once machined, the enclosure is hand assembled, then chromed to a mirror polish. Forged from solid chromed zinc, the stand securely docks the product with powerful neodymium magnets – and detaches for easy transport.Enjoy this Neil Poulton quote: "The LaCie Chromé is a concept reduced to its essence: a rectangle tilted onto its corner, melting into its base like quicksilver."

    LaCie's Porsche Design external mobile and desktop drives also use the USB-C connector to hook up their aluminium rectangular slabs to desktop or laptop hosts. The design house is Porsche Design Group (Porsche Lizenz- und Handelsgesellschaft mbH & Co. KG, not the VW-owned Porsche cars business).There are mobile drives in this set with 1, 2 and 4TB capacities. The desktop versions have 4, 5 and 8TB capacities.The rounded corners, high-polish beveled edges and a sandblast finish combine to form the distinctly Porsche Design modern and elegant style. Since 2003, LaCie and Porsche Design have worked closely to deliver products with flawless functionality in its purest form. The sports and luxury-lifestyle brand and the leading technology company complement one another, with technical influence from LaCie and an exclusive and impeccable design presented by Porsche Design."Discerning consumers value elegant design in their devices and accessories," said Dr. Christian Kurtzke, CEO, Porsche Design Group. "These new drives meld high-tech materials with the sleek visual purism of Porsche Design's iconic style."

    If the drive is connected to its own power source then it will power a connected and compatible* notebook and charge its' battery. That's a property of the USB-C connector used. The Seagate Backup Plus Ultra Slim will be available this quarter from Amazon and 1TB LaCie Chromé has a 2-year limited warranty that can be extended and upgraded. It includes complimentary web-based resources, in-house technical support and worldwide repair and/or replacement coverage.Its MSRP is a cool $1,100.00 and this shiny little desktop exec toy should be available this quarter through the LaCie Online Store and LaCie Resellers.Ohio's Regional Income Tax Agency (RITA) slipped out a quiet end-of-year confession that it has lost a backup DVD with information and documents on 50,000 individuals.The loss was discovered on November 10, 2015, but only made public on December 31. RITA's statement says the agency was preparing a bunch of backup DVDs for destruction when it noticed that one of the cases was empty. The backups had been stored offsite at a "third-party vendor's secure facility."

    By November 17, the agency had worked out what data was held on the missing DVD: copies of income tax documents, as well as "names, addresses, social security numbers and possibly dates of birth."Individuals who may have been affected will be offered a year of free credit monitoring by Experian.News website notes that it's not the first time RITA has mislaid data. In 2006 a laptop belonging to the agency was stolen from an employee's vehicle.The agency's announcement is here. At the time of writing, RITA's site was down, but it appears to be staggering to its feet now. Here's a copy in Google's cache just in case. We launched as an email newsletter in 1994, hit the web four years later and are now a multinational media entity operating on three continents. Millions of people read us every month, which is humbling.We may have missed our birthday, but did do some proper “we've turned 21 and that means we're probably quite grown up now” introspection, and resolved to make a few changes.We're not changing the fundamentals. You'll still get a very familiar Reg package complete with cracking headlines, stories written in playful language, plus a mix of business, personal and weird technology. There’ll be plenty of science and bootnotes. Regulars like BOFH aren't going anywhere.

    But you will see us re-focus our energies on the things we do best: serving IT professionals of all sorts by breaking news and offering insightful analysis on business technology and the policies that shape it.We'll continue to Bite The Hand That Feeds IT, a phrase we understand to mean considering information with studied scepticism informed by long experience, not negativity or cynicism.It's never been more important to take that stance than it is today, a time when governments and vendors subject you to pervasive surveillance and therefore make deep consideration of policy essential. 2016 is also a year in which suppliers will accelerate their moves to subscription models, an arrangement promoted as flexible and cheap by an army of communications professionals dedicated to putting a ShinyHappyTM sheen on everything.In that and in every other area we cover, The Reg will crunch the numbers, reveal the gotchas and try to keep the wool off your eyes.Among our plans are a new way to treat the news of the day, so that you – and our team – can get across a day's news quickly, then delve into deeper coverage of the things that matter most to you.

    As an older and wiser publication, we've also come to realise that some of our more adolescent behaviours are starting to look a little inappropriate. Expect less SHOUTINESS, an evolving sense of humour, more modern and global cultural touchstones, science coverage that gives proper prominence to peer-reviewed, evidence-based research and a recognition that attempted self-aware hopefully ironic sexism is almost always indistinguishable from actual sexism.Forgive us the use of the term “reader experience” but we're going to try to improve it too. We'll revisit the site's design on all devices and for those of you who read through aggregators. We're also conscious that the web can now host any form of content, but we rely heavily on the written word. Indulge us in an experiment or three as we explore how to use the medium.Regular readers have probably noticed that we've already made some changes. A few of our writers have moved on. We've retired the Weekend Edition, which did lovely things for our Saturday and Sunday traffic but turned out not to be the best use of our resources.