thewardour.com

Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher.

A spokesperson for Adobe said Thursday night, “We are aware of and investigating this. Our initial findings are consistent with those reported by the researcher that this is a denial-of-service issue.”

Updated September 12 at 11:12 a.m. with comment from Adobe.

The alert cites a blog by researcher Jeremy Brown, who provides working exploit code. In one example, Brown uses the string “acroie:///DoS” to cause a DoS in Adobe Acrobat 9 running on
Windows Vista.

According to an alert from the SecuriTeam mailing list, “a vulnerability in Adobe Acrobat 9 allow attackers to cause the program to crash by providing it with a malformed URL.”

Bloomberg reports that a judge in Chicago has dismissed Jose Trujillo’s lawsuit against Apple claiming the company deceived him regarding the user replaceable status of the iPhone battery. The judge simply read the packaging on the iPhone, which described the battery has having “limited recharge cycles and may eventually need to be replaced by Apple service provider,” and ruled that was sufficient warning prior to purchase that the battery had to be replaced by Apple or a third party.

(Credit:
TechRepublic)

Apple won’t have to deal with a lawsuit filed over the
iPhone battery.

Trujillo’s lawsuit never seemed to have much of a chance–the original complaint completely misrepresented key facts, such as the expected life of the battery–but he was probably hoping to cash in by linking his case to a successful one over the iPod’s battery. However, the case isn’t completely dead yet. AT&T still has to work out some sort of deal after the judge ruled that Trujillo was not aware prior to purchase that any dispute between himself and AT&T would have to be worked out through arbitration, not the court system.

Removing the iPhone's battery (the big white thing) is not a trivial process, but a judge has ruled that Apple warned people ahead of time.

One company worth checking out if you’re heading to the show is
Redwood City-based MokaFive. They
specialize in mobile desktop virtualization - meaning, you can both
virtualize your desktop and take it on the road with you, loaded onto
an
iPod or USB stick.

If you’re like me and tired of scurrying to whip out your laptop to
get through airport security, MokaFive offers free software to create
virtual desktops - they call them LivePCs - that separates your
computer operating system from your hardware. This means you can port
your desktop on a variety of different machines - including mobile
devices.

According to Purnima Padmanabhan, VP of Product Management at
MokaFive, LivePCs work online or offline - you don’t need a constant
network connection, and your data is automatically backed up to the
cloud. “No one is chained to their desktop these days. You shouldn’t
be chained to your virtualized desktop either,” she said. The
user can even remotely destroy their virtual desktop if the device is
lost.

For all you
iPhone junkies, MokaFive will be moving onto mobile phones
soon, and is offering a free software prototype, called iPhone
Sentinel, allowing a portion of the flash storage on an iPhone to
essentially function as a removable drive for Windows and
Mac OS
users.

The company has plans to introduce additional smartphone
prototypes in the future. For now, you can download the iPhone
Sentinel here.

As virtualization fanatics gear up for VMworld this week in Las Vegas,
desktop virtualization will no doubt be among the hottest topics. In
the last few months, everyone seems to want a piece of the pie -Sun,
HP, Dell, Microsoft are jumping in as desktop virtualization brings in
a new technical variable to the quietly reigniting war for desktop
domination. Red Hat bought Qumranet this past week for $107 million
and immediately
went after VMWare.

“Wi-Fi offers us a way to provide high-speed access in an area where we don’t have 3G, like in a rural setting.” –Mike Woodward,
VP of business mobility,
AT&T

T-Mobile USA was the first major U.S. wireless carrier to see the merits of using Wi-Fi. Last year, the German-owned phone company, which is the fourth largest mobile operator in the U.S., launched its Hotspot @Home service that automatically switches between subscribers’ home Wi-Fi networks and its cellular network. For $10 more a month, subscribers are able to talk as much as they like while on the Wi-Fi network.

When asked if its Hotspot @Home users could use a mobile version of Skype, T-Mobile’s Sims said they could, but he added, “We’re not necessarily going to advertise that.”

AT&T primarily sees Wi-Fi as a way to fill in coverage gaps for its 3G wireless data service.

What’s more, because Wi-Fi mobile services are delivered over a consumer’s own broadband connection, it reduces the transport cost that the carrier has to pay to get the traffic from the cell tower to its wired backbone network. Some experts say that Wi-Fi can actually help reduce this so-called backhaul expense by a factor of about 10.

Even though the technology has been developed for large companies, Pat Calhoun, CTO for Cisco’s wireless networking business, said carriers could eventually adapt the technology for use on their own networks.

Better coverage, less cost
For one, Wi-Fi is an inexpensive way to improve in-home coverage. And as carriers migrate to 3G services, it’s likely to get harder for them to provide in-home coverage because 3G service operates at higher frequencies, which don’t penetrate walls as well. So if customers weren’t getting good cell phone reception in their homes or offices with current cellular technology, the situation won’t be much improved with 3G. But Wi-Fi could help because it allows operators to leverage a high-speed wireless network that already exists in consumers’ homes to achieve full, “five bar” coverage.

Once seamless hand-offs between Wi-Fi and cellular are mastered, there are essentially no technical barriers that would keep a cell phone operator from using Wi-Fi technology. And, in fact, carriers could reap many benefits from using Wi-Fi to offload voice traffic, especially as the price for voice minutes continues to decline.

“What we’re offering today is about connecting laptop computers to a high-speed wireless network,” Woodward added. “Right now, we don’t do seamless hand-off from one network to another. And I have a hard time envisioning where that might happen.”

Joe Sims, vice president and general manager of T-Mobile USA’s Broadband and New Business Division, claims the hand-off between the two networks works very well.

Indeed, for Wi-Fi to be truly useful on mobile devices like handsets a seamless hand-off between the cellular and Wi-Fi networks is necessary. But carriers like AT&T do hand-offs between cellular technologies all the time. When AT&T subscribers travel between its 2.5G EDGE network and the 3G HSPA network, the device switches from one network to another and callers on either end have no idea.

Now it looks like other carriers are jumping on the Wi-Fi bandwagon. But operators, such as AT&T, are hesitating when it comes to offering Wi-Fi services for handsets. Recently AT&T, the largest mobile operator in the U.S., said it would allow its broadband subscribers and 3G, or third-generation, laptop data users to have free access to its 17,000 Wi-Fi hot spots around the country. The company also has launched a promotion with Starbucks coffee shops to give users two hours of free Wi-Fi access with the purchase of a Starbucks reward card.

Popular devices such as Research In Motion’s BlackBerry and Apple’s iPhone already have Wi-Fi built in. Still some carriers, such as Verizon Wireless, say they don’t need Wi-Fi. Instead, Verizon is focused on deploying a faster 4G wireless network. But in the meantime, there are already millions of Wi-Fi hot spots throughout the country, and with or without their mobile carrier, consumers will soon figure out ways to use them.

U.S. cell phone operators are starting to embrace Wi-Fi in order to extend the reach of their high-speed wireless networks without breaking the bank, but some are being more cautious than others.

So why aren’t more mobile operators jumping on the Wi-Fi bandwagon? The reason is simple: They’re scared. Specifically, they are worried about cannibalizing their existing voice services and making their networks so open that subscribers can bypass their own services and applications completely.

And finally, Wi-Fi allows cellular operators to compete more aggressively on price. If the voice traffic is carried over a low-cost IP network instead of over a more costly cellular network, they can offer more aggressive prices and still make decent profit margins.

“It’s seamless,” he said. “You can’t tell that the call is switching from one network to another.”

And their biggest fear is that the same thing will happen in their mobile businesses. Still, dual mode wireless devices are coming whether cell phone operators like it or not. In-Stat forecasts that the global supply of dual mode voice and data Wi-Fi handsets will increase by nearly 360 percent this year.

Cisco Systems also recently introduced a network-based hand-off technology that it’s selling to its corporate customers. The software, which runs on its new mobility appliance, keeps track of devices and phones on the network. When it detects a device is leaving the Wi-Fi network , it automatically switches the connection to the cellular network and vice versa.

“Wi-Fi offers us a way to provide high-speed access in an area where we don’t have 3G, like in a rural setting,” said Mike Woodward, vice president of business mobility for AT&T. “There might be a coffee shop or some other hot spot in that area that offers our Wi-Fi service, and customers can connect that way.”

But AT&T hasn’t yet opened the free access to its mobile phone customers. Not even users of the
iPhone–which has built-in Wi-Fi but doesn’t yet allow the download of voice over IP clients like Skype–can get access to the Wi-Fi hot spots for free. What’s more, AT&T seems cagey about putting any of its voice traffic over a Wi-Fi network.

This is a legitimate concern. Phone companies have already seen the same scenario play out on the broadband side of their businesses. Today, broadband providers compete on speeds and feeds. They have tried offering Web portals and content directly to consumers, but the reality is that consumers can bypass their traditional phone service with services like Skype or Vonage. And they can get content directly from the likes of Google or YouTube. Essentially, the broadband providers have been reduced to dumb pipe providers.

Switching among networks
The same thing needs to happen between Wi-Fi networks and cellular networks. And while the technology for this hand-off is somewhat more complicated between Wi-Fi and cellular than it is between two cellular technologies, it already exists. T-Mobile uses a technology called UMA (Unlicensed Mobile Access), which detects when one signal fades and another comes into range.

Maybe it’s time for Ricky to go to the Opera. Version 9.5 of the Opera browser, running on Windows XP, prints the entire article, although it also feels the need to start with an appetizer of an empty first page. Internet Explorer 7 prints the entire article perfectly, no blank first page.

In Firefox 2, not one word of the article prints. Not a single word. Print preview shows one mostly blank page.

Update August 20, 2008: A commenter below noted that
Safari can print the article in question, I haven’t tried this. The person didn’t say however if it was Safari on the
Mac or on Windows. I only tried Firefox on Windows XP, another commenter below said that Firefox 3 on a Mac printed this page fine. Firefox version 2 had an optional toolbar button to report web sites that didn’t display well in the browser (the button looked like a spider web). Version 3 of Firefox eliminated this button, so problems like this can no longer be reported to Mozilla.

I read lots of Web pages in hard copy and from the get-go (version 0.8 or so) Firefox has underperformed when it comes to printing Web pages. That issue and the slow start-up time are two constant annoyances endured by devoted Firefox users. It’s been quite awhile now, and I think it’s time that Mozilla get around to making Firefox the equal of Internet Explorer in terms of printing Web pages.

In Firefox 3, the first page is the same as Firefox 2, page 2 has the article and page 3 has some links from the page footer. But, the article is about 7 or so pages and page 2 has only the first page. In other words, Firefox 3 can’t print the vast majority of the article.

See a summary of all my Defensive Computing postings.

What are they thinking at Mozilla? How could they devote time and effort to eye candy like new icons and drastically reworking the address bar when
Firefox so often fails at printing.

How did printing get pushed to the bottom of the priority list?

This page deserves special mention: SSLVPN Vulnerabilities - Client Certificates offer a superior defense over OTP devices.

Firefox is Lucy Ricardo. For those of you who recall I Love Lucy, I’m Ricky. I love my wife, Lucy, but sometimes she just does the craziest things.

“What’s happened in the developer community is that we have a ton of developers writing applications for OpenSocial and Facebook. There’s a huge appetite for writing against these APIs,” Welch said, and now it’s time for Photobucket to take the plunge.

Photobucket CEO Alex Welch

Ultimately, Welch believes the move will mean more Web site traffic for PhotoBucket and potentially lucrative advertising and sponsorship deals. Toyota, for example, sponsored a Photobucket partnership with an online image-editing tool, FotoFlexer.

Photobucket’s move is just the latest in a long line of companies to woo programmers; that courtship has moved online as the Web has grown to house rich, sophisticated applications.

Web 2.0 loosely refers to the gradual rebuilding of the Internet as a more interactive domain, with users supplying their own content, information from one Web site being embedded into services from another, and bloggers avidly commenting on all the developments. APIs are the mechanism by which much of those interconnections are made, and without them, a Web site risks being an island unto itself.

• Time Warner’s AOL will launch an application called BlueString that will let people browse Photobucket and other content.

Programmers who want to use Photobucket’s API can sign up for a free key online, Welch said, and they’re free to try to profit from the resulting work. “For the small developer, we’re not concerned if they’re monetizing it in some way,” Welch said.

(Credit:
Photobucket)

• Snapvine is integrating Photobucket into its Web-based audio commentary and blogging technology.

The company will announce several new partnerships Tuesday, too:

The company is releasing an application programming interface (API) for its site, said Chief Executive Alex Welch. That means that ordinary developers will be able to build more sophisticated services around the Photobucket services and content.

Even if many impressive but unprofitable Web sites fall by the wayside, those with the programming skills will likely stay gainfully employed. A Monday report by analyst firm Forrester says corporations will spend a lot of money to use Web 2.0 technologies within their walls. In the report, the firm predicts growth from $764 million in spending in 2008 to $4.65 billion in 2013.

• Intercasting is working on technology that could let mobile phone users upload their pictures taken with camera phones to Photobucket accounts.

Some developer limitations
Well, not concerned up to a point. The developer API will let Photobucket throttle Web site traffic to prevent abuse, but the company will watch for busy applications that could be new business opportunities, he added.

The API will let developers write applications that can be used to log in to accounts, upload photos and videos, search public content, access and change metadata such as titles and tags, and share content through e-mail, Photobucket said.

“If we see a noncommercial application that’s doing something clearly in our commercial terms of service or doing something very creative, it’s our responsibility to go out and figure a way to partner,” Welch said.

Photobucket got its start as a no-frills site that could store photos, but hardly as an island. It’s widely used to host pictures that actually appear on Web sites such as MySpace, eBay, or Facebook. And after Photobucket’s 2007 acquisition, it’s a part of News Corp.’s Fox Interactive Media division, along with MySpace. And it’s gradually become more fully featured.

Missing from Welch’s peer-pressure list is Flickr, a Yahoo photo site that rivals Photobucket in scale. But Walsh wasn’t afraid to give his competitor some props. “I think it’s a fairly well done API,” Welch said. “It’s been interesting to watch and learn from.”

Following Flickr
For an illustration of what an open API can get you, look no farther than Photophlow, a site that builds a lively photo-sharing and chat room interface atop Flickr. With it, users can post photos into a chat room for discussion, add comments directly onto the Flickr site, and flag pictures as favorites in their own Flickr account. It was put together without formal help from Flickr.

Photobucket already made its API available to commercial partners, but now ordinary coders will be able to get access by signing up on the Web site, Welch said. The company is announcing the news in conjunction with the Web 2.0 Expo in San Francisco.

Photobucket, is making a significant change aimed to weave the widely used photo-sharing site more tightly into the Web 2.0 fabric.

The API makes Photophlow on Photobucket possible, said Photophlow co-founder Neil Berkman. “We’re interested in enabling real-time media sharing in a variety of contexts, and since Photobucket is one of the largest hosts of photos and video, we’d certainly consider building on top of their API,” he said. “Their audience is a bit different from Flickr’s, so this would likely be a separate application, taking advantage of the same technical core we’ve built Photophlow on,” he added.

Current partners using Photobucket’s commercial API include FotoFlexer and TiVo, which can present slideshows on TVs drawn from Photobucket members’ accounts and let people search Photobucket content.

Varian took issue with several elements of the study, but led off with this one: “ad prices are not set by Yahoo or Google, but by advertisers themselves,” through the search-ad keyword bidding process. Varian also said the study assumed Yahoo will show Google ads for as many searches as possible, which indeed Yahoo has said isn’t its intent. Other gripes are in Varian’s blog post

Facing antitrust scrutiny in the United States, Europe, and Canada, Google and Yahoo are working hard to prove the merits of the deal.

Yahoo is expected to get the bulk of the financial benefit–$800 million in new revenue in the first year of the deal. Google justified the deal in part as a way to help a fellow Internet company fend off Microsoft’s mostly unwelcome attempt to acquire Yahoo.

Google’s chief economist, Hal Varian, said Tuesday that “flawed assumptions” and “questionable methodology” undermine a SearchIgnite study that predicted a 22 percent ad price increase from Yahoo’s search-ad deal with Google.

Of course, there are longer-term issues with the deal Varian didn’t dig into. What happens if Yahoo grows accustomed to the revenue from Google and expands the use of Google’s ads over time? Some believe there will be a feedback loop that will push advertisers toward Google’s system, further undermining Yahoo’s service, further advancing Google’s position. If there’s only one market for search ads, will advertisers bid the prices higher?

That additional cost could penalize any investor who votes for Icahn’s slate, potentially making his proxy fight more difficult and throwing a little cold water on investors’ hopes that Microsoft will come back to the table to buy Yahoo, given the potential added cost of acquiring the company with the severance plans in place, an attorney representing shareholders said in a previous interview with CNET News.com.

Those involved with the suit, filed in the Delaware Chancery Court, are hoping to invalidate the severance package, which, in turn, could assist major Yahoo investor Carl Icahn in his proxy battle to unseat Yahoo’s current board of directors.

“The current Yahoo board was careful not to burden itself with the cost of the severance plan when it was drafted, but the way this plan works is, it essentially punishes any shareholder who wants to vote for a new set of directors,” said Mark Lebovitch, a partner at Bernstein Litowitz Berger & Grossmann, which is representing two Detroit retirement systems that have filed a shareholder lawsuit against Yahoo. “A new set of directors will have to face paying severance anytime they want to change someone’s job. That’s money out of Yahoo shareholders’ pockets.”

The first part of the employee severance package is triggered if there is a change of control, which would occur if Icahn is successful in winning a majority of Yahoo’s board seats. Then, if any employee is terminated or quits because their responsibilities or title has greatly been changed in the two years following the change of control, Yahoo will have to pay severance to that employee.

Yahoo shareholders filed a statement late Monday seeking a trial date to invalidate the company’s controversial employee severance plan prior Yahoo’s annual shareholder meeting.

When Microsoft withdrew its unsolicited buyout bid on May 3, the window to remove the employee severance plans was set to pop up on June 3. But because Icahn filed his proxy slate days after Microsoft withdrew its buyout bid, one “potential change in control” event was replaced with another.

In the shareholder lawsuit, Yahoo’s outside advisers on the severance plans characterized giving all full-time employees an accelerated vesting of stock options, a move typically reserved for executives, as “nuts.” The consultants estimated that, should all employees receive the golden-parachute package if Microsoft pays $31 a share to acquire the company, Yahoo could end up paying $2.1 billion in severance costs.

“A prompt trial on the validity of the severance plans is now essential and appropriate, not least because Yahoo’s board disabled itself from rescinding the severance plans during the pendency of a proxy fight, even if doing so is essential to realizing a favorable deal and because Icahn’s slate is barred from resinding the severance plans, if it prevails in its proxy contest,” the plaintiffs’ brief states. The New York Times first reported the filing of the brief on Monday.

For Icahn, this latest motion by the shareholders could resolve a problem he faced. One source told News.com that Icahn may not have owned his Yahoo shares before the severance plans were put in place, potentially removing his right to ask the Delaware Chancery Court to invalidate the severance plans.

According to the brief: “The cost of the severance plans may represent the difference between whether a mutually agreeable sale price with Microsoft is struck.”

The shareholders argue that a potential sale of Yahoo may rest on the validity of the challenged severance plans.

On Friday, Art Kern, longtime Yahoo director and chairman of the company’s compensation committee, will be deposed as part of the shareholders’ lawsuit, according to the plaintiffs’ brief.

Meanwhile, because Icahn currently has an active proxy fight under way, as previously reported, a “potential for a change of control” exists, making it difficult for Yahoo’s board to simply remove the severance plans. In order for Yahoo’s board to take the initiative, it would have to show that removing the plans would not harm its current employees.

Yahoo’s board could also remove the severance plans 30 days after the threat of a “potential change of control” goes away, but it’s unlikely that Icahn will drop his proxy fight by the end of this month, which, in turn, would allow for the 30-day window before the August 1 shareholders meeting.

Updated June 10 at 6:23 a.m. PDT with information from the brief.

What’s your theory on the cause of the Amazon.com outage?

Amazon.com was inaccessible to many U.S. visitors for more than an hour and a half Friday.

(Credit:
Keynote Systems)

Update 3:22 p.m. Amazon has declared the outage over. For details, check our follow-up posting. Updated 12:43 p.m. PDT with further details, including partial site recovery.

Expensive problems
Based on last quarter’s revenue of $4.13 billion globally, a full-scale global outage would cost Amazon more than $31,000 per minute on average. For North America, it would be more than $16,000 per minute. (To be fair, those figures don’t include revenue from other sources such as search or contextual advertisements or Amazon Web Services.)

Representatives of the company haven’t responded to requests for comment.

Amazon Web Services unaffected
It appears Amazon Web Services such as the S3 storage and EC2 computing services still are functioning, at least for some customers, though the AWS page at Amazon.com isn’t working.

Amazon posted an apology placeholder page for broken links.

Customers who need to get to their AWS pages can follow a direct link, Amazon said.

“At noon PDT, we started to see the site getting better,” said Shawn White, director of external operations for Keynote. “We are seeing about 70 percent availability.”

One-off outages are no fun, but sustained problems can be a serious problem. eBay suffered outages in 1999 that outraged users and sent the stock down, and even a backup system didn’t ward off more problems in 2002.

The security group WebSense concluded the Amazon problems are “not security related” as far as it’s aware. Arbor Networks Chief Technology Officer Jose Nazario was more cautious, though: “I’ve got nothing on it as to why or what happened. I’m not sure if it’s an attack or service outage via failures on their end or what.”

The site went offline completely by 10:21 a.m. PDT, but efforts to restore the site appeared to be taking effect about noon, said Keynote Systems, which monitors Web site responsiveness. As of 12:45 p.m., the site was working intermittently, with many product pages functioning but others still broken.

“Http/1.1 Service Unavailable” was the message that appeared when Amazon customers across the country attempted to use the site.

Of course, money lost can be money gained for a competitor. A
Sony PlayStation 3 promotion with the Metal Gear Solid 4 game went on sale at 10 a.m. PDT, according to some CNET News.com readers. Another reader went to BuyDig.com to buy a birthday present.

News.com staff writers Greg Sandoval, Rafe Needleman, and Robert Vamosi contributed to this report.

(Credit:
Amazon.com)

What is the cause of the Amazon outage?

( surveys)

And for major commerce sites, the problem can have ripple effects. Both Amazon and eBay provide a commercial foundation used by many partners and entrepreneurs.

“S3 and EC2 continue to function for us as normal,” said Don MacAskill, chief executive of photo-sharing site Smugmug. Mashery.com CEO Oren Michels, who uses AWS for several functions and who has several customers who use AWS, reported no problems Friday.

Amazon sites outside the United States appear to be working, including those in China, France, the United Kingdom, and Germany.

Keynote Systems showed Amazon.com's availability drop from nearly 100 percent down to 10 percent or lower at 10:21 a.m. PDT Friday.

The only problems I ran into were small visual quirks. For example, in-box media manager Xoopit (review) works just fine, but retains its old-school Google look and thus sticks out like a sore thumb. I’m assuming any other Gmail add-ons that haven’t been integrated into the makeshift style sheet will experience the same thing until special bits of CSS are included to skin them too.

[via Google Blogoscoped]

Gmail Redesigned lets you skin Gmail to look dark and mysterious while retaining all of its speed and menus. (Click to enlarge)

Besides your in-box, the add-on skins the compose page, the Google Talk side bar, and entire conversation strings. This is one thing actually improved in the translation, as the color-coding of the conversations (which go from colorless windows to having colored headers) makes it easier to parse through multicontact communications.

Stylish, a
Firefox extension that lets you make big changes to other people’s Web sites with minimal effort, enables one of the cooler Gmail re-skin jobs I’ve seen. For people who like drumsticks, instead of Gmail’s boring, yet supple thigh meat, installing a Stylish plug-in named simply “Gmail Redesigned” lets you turn Gmail’s exterior into a gradient and plastic button-filled playground. The best part is that it retains its speed, button placement, and all around “Gmailness” you’re grown to love.

(Credit:
CNET Networks)

To get going just install the Stylish plug-in here, then restart Firefox. Once you’re back up and running, click the download button on this page and enable the new look from the plug-in options menu under Tools –> Add-ons. When you return to Gmail it will be dark and mysterious.