It sure sounds like a steal. On Aug. 31, George Hotz plans to trade in his iPhone for a metallic blue Nissan (NSANY) 350Z sports car and three brand-new iPhones. But the 17-year-old's device is no ordinary Apple phone. Hotz hacked his iPhone and unlocked it so that it can be used on a variety of cell-phone networks, becoming the first person known to have done so. The person buying Hotz's phone, Terry Daidone, believes he's the one getting the deal because Hotz has agreed to work for him at his cell-phone refurbishing company, CertiCell.
Daidone says he doesn't plan to sell unlocked iPhones just yet. Rather, he says that he wants Hotz to teach CertiCell's technicians the secrets to unlocking other kinds of cell phones. But that could change—if he can clear up legal questions surrounding the practice of unlocking mobile phones. "As the need arises to unlock phones, we should be at the forefront of that," Daidone says.
Apple (AAPL) and AT&T (T), the sole authorized supplier of the iPhone in the U.S., are doing what they can to make sure that legal clearance never comes. The two companies have put their lawyers on the case, applying pressure on hackers involved in unlocking iPhones to try to get them to stop. Much is at stake. AT&T has been hoping that as the exclusive provider of the iPhone, it will see a surge in new customers and monthly service charges of at least $60 from each one. Apple is supposed to get a cut of the revenues. If iPhones are unlocked, they can be used on the wireless networks of rivals like T-Mobile USA—and AT&T gets zippo. AT&T wouldn't comment for this story, while Apple didn't return a request for comment.
Fuzzy Laws
So will Apple and AT&T's legal action deter hackers? Hardly. Individual users are already allowed to unlock their own phones under an exemption to the Digital Millennium Copyright Act (DMCA) that the U.S. Copyright Office issued last November. The exemption, in force for three years, applies to "computer programs…that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network."
What's less clear is whether companies and hackers can legally unlock the phones and then sell them to others, or sell unlocking software. "The law here is unclear," says Jonathan Kramer, founder of Kramer Telecom Law Firm in Los Angeles. "There just isn't any case law in this area for us to figure out how it plays out."
Experts believe that AT&T and Apple will point to the DMCA's section 1201, stating that "no person shall circumvent a technological measure that effectively controls access to a work protected under this title." They will claim that a phone lock is just such a technological measure that protects copyrighted work: namely, cell-phone software.
Hackers Undeterred
Problem is, it could be argued that, in reality, the lock only protects access to a carrier's communications network—and communications services aren't copyrightable under the Act, explains Jane Ginsburg, professor of literary and artistic property law at Columbia Law School. "This law was written for DVDs and video games," she explains. "What's going on here is using the Copyright Act to achieve another objective."
Indeed, this time, hackers may have the law on their side. Remember, decades ago, automakers built their instrument panels so that only authorized radios of their own manufacture would fit in. Eventually, U.S. courts ended that practice. "If Apple and AT&T push too hard, they might see a revision of [the Copyright Act, and it won't be in their favor]," says Richard Doherty, director of consultancy the Envisioneering Group.
That's why, for now, some hackers contacted by AT&T lawyers still plan to release their wares. "Over the next few days…you will get what you are looking for," promises an Aug. 27 message posted on the Web site of UniquePhones, which helps people unlock mobile phones.
Opening Up the Networks
Demand for unlocked iPhones, which sell for $499 and $599, is rising. Already, the phone has become a cultural phenomenon, with enthusiastic fans going to great lengths to get their hands on one. Consumers in rural areas where AT&T doesn't have a network or in markets with spotty AT&T coverage may want to use the popular device through T-Mobile's network. Overseas, consumers want to try it in conjunction with Orange (FTE) and Vodafone (VOD) wireless service. "If Apple offered unlocked iPhones for $1,200, they'd probably sell some," Doherty says.
Many hope that the legal wrangling will, eventually, result in major shifts in how the U.S. wireless industry operates. For one, a case could pave the way to making all wireless networks more open to unlocked phones. In the next five years, 10% to 15% of U.S. wireless users could move to unlocked phones, figures Andrei Jezierski, founder of venture consultancy i2 Partners in New York (see BusinessWeek.com, 12/4/06, "Motorola, Nokia Set Cell Phones Free").
Plus, to answer pent-up demand for untethered phones, a cell-phone carrier could differentiate its offerings by selling all of its handsets unlocked, says David Chamberlain, an analyst with consultancy In-Stat. "It's an anomaly that the phones are tied to individual carriers," he says. "Can we change that business as usual? Maybe. But people who want that will fight for a very long time."
Monday, August 27, 2007
Windows Genuine Advantage cries wolf (again)
Over the weekend, thousands of Microsoft customers who tried to download patches or updates for Windows were falsely accused of running a pirated version of Windows.
Microsoft blamed the Windows Genuine Advantage (WGA) glitch on server problems, since fixed. WGA is an anti-piracy program which determines the validity of Windows software running on customer PCs - and phone backs to Redmond with the results.
Between Friday and Saturday, Windows users who tried to update their system were greeted by WGA declaring them liars and cheats.
Microsoft is investigating the cause of the error.
Despite the internet uproar over the weekend, according to Microsoft's WGA blog, fewer than 12,000 systems were affected worldwide. Microsoft denies reports that the error caused some computers to gut itself of features such as DirectX.
From the WGA blog:
This validation failure did not result in the 30-day grace period starting and no one went into reduced functionality mode as a result. The experience of a system that failed validation in this instance was that some features intended for use only on genuine systems were temporarily unavailable. Those features were Windows Aero, ReadyBoost, Windows Defender (which still scanned and identified all threats, but cleaned only the severe ones), and Windows Update (only optional updates were unavailable; security and other critical updates remained available).
Customers who received an incorrect validation response can fix their system by revalidating at the WGA site. Microsoft recommends the affected systems are rebooted to restore the system to normal.
The SNAFU mirrors a similar server outage last year which flagged genuine copies of Windows as pirated booty.
False positives, in addition to privacy concerns have fueled debate on just how advantageous WGA is to legitimate customers.
It is telling to us that Microsoft must constantly remind its customers that it hasn't added WGA because of spite:
"WGA's goal is not to punish the people who purchase these programs; they, of all people are the most victimized," wrote Alex Kochis, WGA senior product manager in the WGA blog. "The goal is to give these people a tool to let them know they have been victimized and can do something about it." ®
Microsoft blamed the Windows Genuine Advantage (WGA) glitch on server problems, since fixed. WGA is an anti-piracy program which determines the validity of Windows software running on customer PCs - and phone backs to Redmond with the results.
Between Friday and Saturday, Windows users who tried to update their system were greeted by WGA declaring them liars and cheats.
Microsoft is investigating the cause of the error.
Despite the internet uproar over the weekend, according to Microsoft's WGA blog, fewer than 12,000 systems were affected worldwide. Microsoft denies reports that the error caused some computers to gut itself of features such as DirectX.
From the WGA blog:
This validation failure did not result in the 30-day grace period starting and no one went into reduced functionality mode as a result. The experience of a system that failed validation in this instance was that some features intended for use only on genuine systems were temporarily unavailable. Those features were Windows Aero, ReadyBoost, Windows Defender (which still scanned and identified all threats, but cleaned only the severe ones), and Windows Update (only optional updates were unavailable; security and other critical updates remained available).
Customers who received an incorrect validation response can fix their system by revalidating at the WGA site. Microsoft recommends the affected systems are rebooted to restore the system to normal.
The SNAFU mirrors a similar server outage last year which flagged genuine copies of Windows as pirated booty.
False positives, in addition to privacy concerns have fueled debate on just how advantageous WGA is to legitimate customers.
It is telling to us that Microsoft must constantly remind its customers that it hasn't added WGA because of spite:
"WGA's goal is not to punish the people who purchase these programs; they, of all people are the most victimized," wrote Alex Kochis, WGA senior product manager in the WGA blog. "The goal is to give these people a tool to let them know they have been victimized and can do something about it." ®
VMware VDI shops get thin-client option with Pano Logic
IT shops looking to implement VMware virtual desktop infrastructure (VDI) -- server-hosted desktops running in virtual machines (VMs) -- now have another
For more on virtual desktop infrastructure:
VDI benefits without VDI: Desktop management
What technology makes VDI possible?
VDI versus server-based computing desktops
thin-client option for end users' desks.
For more on virtual desktop infrastructure:
VDI benefits without VDI: Desktop management
What technology makes VDI possible?
VDI versus server-based computing desktops
Pano Logic Inc., a startup in Menlo Park, Calif., announced its Pano desktop computer, a thin-client device designed specifically for desktop virtualization and in particular for VMware Inc.'s VDI.
[Pano Logic is] definitely targeted at the average business user, but I'm able to watch Windows video on it.
Ryan Ritchie,
IT manager, R Systems
Compared with traditional thin clients from vendors like Wyse Technology Inc., Hewlett-Packard Co. and NEC Corp., the Pano device is notable for what it doesn't have: no CPU, no memory, no software, no operating system and no drivers. What the device does have are connectors to a keyboard, monitor and mouse, audio ins and outs, an Ethernet connection, and a USB.
Since the device has no processing resources of its own, Pano runs what it calls a Pano service within the Windows OS, which does things like translate the display Remote Desktop Protocol and present remote USB devices back to Windows. Taking this approach, Windows believes that the device is local, and users can use normal, native drivers for all their USB devices, Pano reported.
The benefits of a stripped-down device are easier management, the ability to share devices between users, low power consumption and low cost (about $300), said Mike Fodor, Pano Logic vice president of product management. But for now, end users will have to content themselves with "YouTube quality" audio and video, he said. Pano Logic hopes to resolve quality issues down the road, however. "We recognize the trend of more audio and video and have plans for a silicon solution in the future," Fodor said.
For more on virtual desktop infrastructure:
VDI benefits without VDI: Desktop management
What technology makes VDI possible?
VDI versus server-based computing desktops
thin-client option for end users' desks.
For more on virtual desktop infrastructure:
VDI benefits without VDI: Desktop management
What technology makes VDI possible?
VDI versus server-based computing desktops
Pano Logic Inc., a startup in Menlo Park, Calif., announced its Pano desktop computer, a thin-client device designed specifically for desktop virtualization and in particular for VMware Inc.'s VDI.
[Pano Logic is] definitely targeted at the average business user, but I'm able to watch Windows video on it.
Ryan Ritchie,
IT manager, R Systems
Compared with traditional thin clients from vendors like Wyse Technology Inc., Hewlett-Packard Co. and NEC Corp., the Pano device is notable for what it doesn't have: no CPU, no memory, no software, no operating system and no drivers. What the device does have are connectors to a keyboard, monitor and mouse, audio ins and outs, an Ethernet connection, and a USB.
Since the device has no processing resources of its own, Pano runs what it calls a Pano service within the Windows OS, which does things like translate the display Remote Desktop Protocol and present remote USB devices back to Windows. Taking this approach, Windows believes that the device is local, and users can use normal, native drivers for all their USB devices, Pano reported.
The benefits of a stripped-down device are easier management, the ability to share devices between users, low power consumption and low cost (about $300), said Mike Fodor, Pano Logic vice president of product management. But for now, end users will have to content themselves with "YouTube quality" audio and video, he said. Pano Logic hopes to resolve quality issues down the road, however. "We recognize the trend of more audio and video and have plans for a silicon solution in the future," Fodor said.
Sony caught playing with rootkits again
Sony's Microvault USB memory key deploy software that could render users vulnerable to a malware attack, security vendor F-Secure claimed.
The Sony devices feature an integrated fingerprint reader that allows the user to securely store information. Unlocking the information however requires the installation of special software on a Windows computer.
Among things, the application creates a hidden directory on the user's hard drive. At least some anti virus applications will be unable to access and scan the contents of this directory, claimed F-Secure researcher Mika Tolvanen. This potentially allows malware authors to hide their creations from security software.
The technology offers rootkit-like, a term that is used for applications designed to hide files and processes from the end user as well as the system. Rootkits are best known for their use by malware authors, who use it to prevent detection and removal of their creations by security applications. The term originally referred to tools that allow attackers to gain root access to Unix systems without the owner's knowledge, but has since taken on the meaning of cloaking technologies.
The Microvault case closely resembles a highly publicized security scandal from 2005. Sony at the time used rootkit technology to hide digital rights management software from end users when they tried to play certain audio CDs on a Windows computer. The XCP software, developed by First 4 Internet, was generally considered to be clumsily architected.
Sony initially denied that its technology comprised any security risk, but quickly subsided when malware emerged that exploited the flaw. The firm paid several millions settling lawsuits.
Sony's entertainment division at the time deployed the rootkit technology to prevent users from uninstalling the digital rights management technology, an action that critics charge to be at odds with fair use.
In the case of the Microvault memory keys, F-Secure suggested that the file could be hidden to ensure the accuracy of the data signatures, thereby protecting the data stored on the device.
"We feel that rootkit-like cloaking techniques are not the right way to go here," Tolvanen commented.
F-Secure said that it was unsuccessful in contacting Sony.
Sony didn't immediately respond to request for comment.
The Sony devices feature an integrated fingerprint reader that allows the user to securely store information. Unlocking the information however requires the installation of special software on a Windows computer.
Among things, the application creates a hidden directory on the user's hard drive. At least some anti virus applications will be unable to access and scan the contents of this directory, claimed F-Secure researcher Mika Tolvanen. This potentially allows malware authors to hide their creations from security software.
The technology offers rootkit-like, a term that is used for applications designed to hide files and processes from the end user as well as the system. Rootkits are best known for their use by malware authors, who use it to prevent detection and removal of their creations by security applications. The term originally referred to tools that allow attackers to gain root access to Unix systems without the owner's knowledge, but has since taken on the meaning of cloaking technologies.
The Microvault case closely resembles a highly publicized security scandal from 2005. Sony at the time used rootkit technology to hide digital rights management software from end users when they tried to play certain audio CDs on a Windows computer. The XCP software, developed by First 4 Internet, was generally considered to be clumsily architected.
Sony initially denied that its technology comprised any security risk, but quickly subsided when malware emerged that exploited the flaw. The firm paid several millions settling lawsuits.
Sony's entertainment division at the time deployed the rootkit technology to prevent users from uninstalling the digital rights management technology, an action that critics charge to be at odds with fair use.
In the case of the Microvault memory keys, F-Secure suggested that the file could be hidden to ensure the accuracy of the data signatures, thereby protecting the data stored on the device.
"We feel that rootkit-like cloaking techniques are not the right way to go here," Tolvanen commented.
F-Secure said that it was unsuccessful in contacting Sony.
Sony didn't immediately respond to request for comment.
Sony gets jump on Blu-ray iMac with new TV/PC
While Apple watchers wait for Apple to deliver on its promise of a Blu-ray equipped Mac, Sony has moved directly into iMac territory with a Blue-ray equipped version of its all-in-one 22" TV/PC today. Let's take a gander at what's inside.
Like an iMac, the Sony VAIO LT has all of its guts loaded into its monitor. It also has a 1680x1050 widescreen display, Vista Ultimate, a 1.3 megapixel camera, a built-in Blu-ray drive, 802.11n wireless support, and 2GB of RAM. Unfortunately, the hard drive capacity, type of Intel Core 2 Duo processor, and further information on the included discrete GPU are unknown at this time. Sony claims the hard drive will have plenty of room for recording HD content, and a GPU powerful enough to handle graphics-intensive games and HDTV. In order to watch TV or HD content on the VAIO LT, users will need to install a CableCARD that can be rented or bought from most cable companies.
One of the coolest features of the new VIAO PC/TV is its ability to be mounted on a wall. Because it only has a 22'" screen, it's probably best suited for office walls and not for hanging above the mantel in your living room. Sony also claims that users will be able to turn the TV off or on without having to worry about the PC shutting down or booting up--meaning, you won't need to wait for your TV to boot.
The VAIO LT will be available in October for $1,900 without the Blu-ray drive, or $2,900 with the Blu-ray drive.
UPDATE: The Sony VAIO LT has a recordable Blu-ray drive, which can store up to 50GB on dual-layer Blu-ray discs. This explains the $1,000 price difference between the Blu-ray and non-Blu-ray models.
iOMEGA, kewl network storage
At one time, network storage was an expensive proposition. Iomega is aiming to shatter the preconception with its new line of Home Network Hard Drives. The drives, available in 320GB, 360GB, and 500GB capacities, set new low-water marks for network storage. The 320GB model costs $149, as will the 360GB model when it ships in September. The 500GB model carries a retail price of $199.
According to Tom Kampfer, president and COO of Iomega, the goal with these new hard drives is to make network storage mainstream, by closing the differential in price from getting a standard USB 2.0 and a drive equipped with ethernet. With these new models, the gap falls to about $20--the cost of a meal out. Kampfer sites the prevalence of home networks as a big motivator in Iomega trying to move into this space; Iomega's next step-up 500GB StorCenter costs $299.
To achieve the lower costs, Iomega is leveraging some of its advantages in volume production—as well as using a different chipset than the one found in its recently announced StorCenter line of network-attached storage devices. This means, among other things, that you will see a performance difference between the Home and StorCenter lines.
The Home models have both ethernet and USB 2.0 connectivity (useful if, for whatever reason, you need to jack the unit directly into a PC for a direct connection), and are optimized for use by up to four users simultaneously. These models also include Iomega's Discovery Tool Home utility for Windows, and two licenses of EMC Retrospect HD backup software (a $50 value unto itself).
According to Tom Kampfer, president and COO of Iomega, the goal with these new hard drives is to make network storage mainstream, by closing the differential in price from getting a standard USB 2.0 and a drive equipped with ethernet. With these new models, the gap falls to about $20--the cost of a meal out. Kampfer sites the prevalence of home networks as a big motivator in Iomega trying to move into this space; Iomega's next step-up 500GB StorCenter costs $299.
To achieve the lower costs, Iomega is leveraging some of its advantages in volume production—as well as using a different chipset than the one found in its recently announced StorCenter line of network-attached storage devices. This means, among other things, that you will see a performance difference between the Home and StorCenter lines.
The Home models have both ethernet and USB 2.0 connectivity (useful if, for whatever reason, you need to jack the unit directly into a PC for a direct connection), and are optimized for use by up to four users simultaneously. These models also include Iomega's Discovery Tool Home utility for Windows, and two licenses of EMC Retrospect HD backup software (a $50 value unto itself).
Intel's vPro Chips Mean More Security for Businesses
With the introduction of its latest vPro microprocessors on Monday, Intel contends it is injecting a heavy dose of new security capabilities for the benefit of business customers and third-party technology providers alike.
By wrapping a set of expanded security features around the vPro Core 2 Duo chips, the chip giant maintains it can help IT departments more easily protect and support their desktop systems, in large part by offering additional hooks for other vendors' PC defense and management tools.
With the addition of features that extend malware behavior-detection further onto the CPU level and wall off virtualized software systems from attack, Intel says it can greatly enhance the chips' interaction with complementary security technologies.
By adding new capability for desktops to communicate directly with so-called network access control (NAC) systems, Intel contends it can offer full-fledged security management opportunities that circumvent the need for device-OS interaction.
"The time [available] to respond to vulnerabilities is down and the sophistication of malicious attacks is increasing," said Gregory Bryant, general manger of Intel's Digital Office Platform Division. "We're trying to make security more proactive by driving it into the platform itself."
Intel is also touting other systems management and power-efficiency features in the chips, formerly known by the code-name Weybridge, but its sales pitch for the new vPros is centered on its security tools.
Bryant acknowledges that it may take years for the processors to find their way onto a large share of enterprise desktops. However, the vPros' technologies are aimed at other emerging IT phenomena such as virtualization and NAC, he said, which will help the processors fall in line with those trends.
By wrapping a set of expanded security features around the vPro Core 2 Duo chips, the chip giant maintains it can help IT departments more easily protect and support their desktop systems, in large part by offering additional hooks for other vendors' PC defense and management tools.
With the addition of features that extend malware behavior-detection further onto the CPU level and wall off virtualized software systems from attack, Intel says it can greatly enhance the chips' interaction with complementary security technologies.
By adding new capability for desktops to communicate directly with so-called network access control (NAC) systems, Intel contends it can offer full-fledged security management opportunities that circumvent the need for device-OS interaction.
"The time [available] to respond to vulnerabilities is down and the sophistication of malicious attacks is increasing," said Gregory Bryant, general manger of Intel's Digital Office Platform Division. "We're trying to make security more proactive by driving it into the platform itself."
Intel is also touting other systems management and power-efficiency features in the chips, formerly known by the code-name Weybridge, but its sales pitch for the new vPros is centered on its security tools.
Bryant acknowledges that it may take years for the processors to find their way onto a large share of enterprise desktops. However, the vPros' technologies are aimed at other emerging IT phenomena such as virtualization and NAC, he said, which will help the processors fall in line with those trends.