New Release: Microsoft Windows Thin PC

Google’s Les Paul doodle rocks the Web

With apologies to Jon Bon Jovi, Google’s latest doodle has seen a billion faces and rocked them all.

With the launch yesterday of its doodle honoring musician and electric-guitar innovator Les Paul, Google created the world’s largest jam session by giving everyone on the Web a playable and recordable guitar. And by the looks of things, everyone was getting their Jimmy Page on.

As of this writing, Web guitarists have posted nearly 4,000 recordings of their musical efforts to YouTube. That apparently struck a chord with Google, which announced this evening that due to popular demand, it is leaving the doodle up on its main page through Friday as an encore.

Google’s video-sharing site was strumming with videos produced by music lovers who probably know more about defragging a hard drive than tuning an ax. (However, for those who actually know more about notes than notebooks, The Washington Post has composed this handy guide to how the chords line up with the doodle’s strings and your keyboard.)

As if defying the guitar shop’s rules in “Wayne’s World,” apparently one of the more popular songs for users to try to cover was Led Zeppelin’s “Stairway to Heaven.” More than a dozen were brave enough to give it a go and upload their performances to YouTube.

One standout showed his work verse by verse while using his keyboard instead of his mouse to crank out his version of the rock anthem:

Doodle

VMware ties disaster recovery to vSphere

VMware’s Site Recovery Manager now supports vSphere, eliminating one of the obstacles preventing customers from updating to the latest version of VMware’s virtualization platform.

vSphere 4, the succesor to ESX 3.5, was unveiled in April ‘09 but until now did not work with Site Recovery Manager, VMware’s software for recovering virtual machines in case of disaster.

VMware has now released SRM version 4, with support for vSphere and other upgrades including a “many-to-one failover (that) protects multiple production sites with automatic failover into a single, shared recovery site.”

Because SRM did not immediately support vSphere, numerous customers have delayed upgrades from 3.5, acknoledges John Bock, productmarketing manager for VMware’s server business unit.

Google Wave

Individuals engage in “hosted communications” called waves. Waves can consist of any combination of conversations (such as email and IM) and documents (collaboration), providing rich interaction via text, photos, videos, maps, and more, according to Google. If you think of how an email thread and an IM conversation might be combined into a single entity, that’s pretty much a wave. A playback capability lets participants “rewind” the wave at any point and review what’s already happened. You can edit any part of the wave at any time, and it’s always possible to see who did what. Some Wave capabilities Google has highlighted so far include realtime collaboration, natural language tools (including context-sensitive spell checking), and Google Wave’s extensibility model, which lets third-party developers add gadgets to the platform and embed waves in other sites.

Google Wave runs completely in the browser. It’s based on HTML 5 and Google Web Toolkit, and its basic layout is similar to Microsoft Outlook’s. It features a multi-pane (“panel” to Google) interface with Navigation (“folders” like Inbox) and Contacts panes on the left, the selected folder in the middle (which Google calls the Search panel), and, on the right, the selected wave (the message, in an email application). Similarity to Outlook and other email applications was no doubt intentional, to help users make the transition to this new communications and collaboration model. When you create a new wave, you typically start as you would with an email message, by typing a message (as contrasted with an IM where you select a contact or group of contacts first). You can then add users—or participants, as Wave calls them—using a pop-up window.
To users participating in a wave, the experience is very much like email. You hit Reply to write your response. This can happen offline, where the conversation is conducted like a long-distance chess match via email. But waves go beyond email by providing for live, interactive conversations—like IM—and by providing more granular ways to
converse. With IM, you can typically see that the other participant is typing a message (because it will say something like “Rafael is typing…”) but you don’t see the message as its being typed. With Wave, you do. In the future you’ll be able to drag and drop multimedia content, like pictures and video, into a wave. This feature isn’t supported by the
HTML 5 standard, so Google is working to get it added. You’ll also be able to embed a wave in a traditional web site, to
allow others to participate in a conversation from the web, adding their own comments and replies. (You can also just create waves from these sites and forego the Wave web app entirely if you want.)

Social Security number code cracked, study claims

For all the concern about identity theft, researchers say there’s a surprisingly easy way for the technology-savvy to figure out the precious nine digits of Americans’ Social Security numbers. “It’s good that we found it before the bad guys,” Alessandro Acquisti of Carnegie-Mellon University in Pittsburgh said of the method for predicting the numbers. Acquisti and Ralph Gross report in Tuesday’s edition of Proceedings of the National Academy of Sciences that they were able to make the predictions using data available in public records as well as information such as birthdates cheerfully provided on social networks such as Facebook. For people born after 1988 — when the government began issuing numbers at birth — the researchers were able to identify, in a single attempt, the first five Social Security digits for 44 percent of individuals. And they got all nine digits for 8.5 percent of those people in fewer than 1,000 attempts. For smaller states their accuracy was considerably higher than in larger ones. Acquisti said in a telephone interview that he has sent the findings to the Social Security Administration and other government agencies with a suggestion they adopt a more random system for assigning numbers. Social Security spokesman Mark Lassiter said the public should not be alarmed by the report “because there is no foolproof method for predicting a person’s Social Security number.”

“The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration,” Lassiter said via e-mail. However, he added: “For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs. This system will be in place next year.” The researchers say their report omits some details to make sure they aren’t providing criminals a blueprint for obtaining the numbers. The predictability of the numbers increases the risk of identity theft, which cost Americans almost $50 billion in 2007 alone, Acquisti said. A problem in the battle against identity thieves is that many businesses use Social Security numbers as passwords or for other forms of authentication, something that was not anticipated when Social Security was devised in the 1930s. The Social Security Administration has long cautioned educational, financial and health care institutions against using the numbers as personal identifiers. “In a world of wired consumers, it is possible to combine information from multiple sources to infer data that is more personal and sensitive than any single piece of original information alone,” he said, warning against providing too much data on social network sites. Acquisti, who researches the economics of privacy, said he got interested in what could be learned from easily available by looking at social networks, which he termed “a great experiment in self-revelation.” People were willing to include their date of birth and hometown, he said, and he already knew that was part of the information used in issuing Social Security numbers.

So the researchers turned to the SSA’s “Death Master File,” which lists the numbers of people who have died. The purpose of making that file public is to prevent impostors from assuming the Social Security numbers of deceased people. But by plotting the data for people listed on the file between 1973 and 2003 the researchers were able to develop patterns for number issuance. “I was surprised by the accuracy of certain predictions,” Acquisti said. The system can produce a range of possibilities for the last four numbers, making it easier for a computer to test the possibilities until the correct number is found for an individual, Acquisti explained. In addition, “attackers can exploit various public- and private-sector online services, such as online “instant” credit approval sites, to test subsets of variations to verify which number corresponds to an individual with a given birth date. While it was well known that the numbers have a geographic component, past studies have used the patterns plus other data to estimate when and where a specific number may have been issued.

“Our work focuses on the inverse, harder, and much more consequential inference: it shows that it is possible to exploit the presumptive time and location of SSN issuance to estimate, quite reliably, unknown SSNs,” Acquisti said. The research was supported by the National Science Foundation, the U.S. Army Research Office, Carnegie-Mellon University and the Pittsburgh Supercomputing Center.

Microsoft warns of serious computer security hole

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn’t fixed yet. The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software. It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail. The so-called “zero day” vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into. Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s Web site, while the company works on a “patch” — or software fix — for the problem. Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it’s because the vulnerabilities are very serious. A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.