Blog

Big libraries are neat – the idea of having so much information (and entertainment) available in one place is just inherently attractive.  The trouble is, big libraries can also be overwhelming, and so Google Books has tried to make its own virtual library a little more accessible by creating a list of available magazines.

Jeffrey Peng, a software engineer, put together the list.  It’s available in either a "cover view" or a list view that provides more text and information.  Users can sort the magazines according to how much of them can be seen by the non-paying public, too.

Admittedly, this doesn’t sound huge.  But stick with us a moment.  Just shy of 100 magazines are available through Google Books, and although that number isn’t overwhelming, it is unwieldy.  Magazines are meant more for enjoyment than heavy research, so it makes sense to be able to browse a list rather than rely on a search function.

Furthermore, this development may signal that additional magazines will soon become available through Google Books.

Then here’s the other significant thing about the list: Peng wrote on the Inside Google Books blog that it was created in response to user requests (specifically, perhaps, a Facebook group with 45 members).  So this is a nice example of someone within a multibillion-dollar corporation listening to what "the little people" want.

Related Articles:

> November 9th Target Set In Google Books Case

> French Case Over Google Books Begins

> Google Books Opens Door To On-Demand Printing

By Scott M. Fulton, III, Betanews

A blog post Tuesday by Sophos senior security engineer Chester Wisniewski stated that recent Sophos tests revealed that User Account Control — the part of Windows that prompts the user for permission before granting elevated privileges — was ineffective in stopping common samples of malware from running, in a Windows 7-based system without virus protection.

Whereas two of the ten chosen malware samples for the test would not run in Win7 without UAC turned on at all, only one more sample (a low-prevalence worm code-named W32/Autorun-ATK) was thwarted by UAC. The other seven ran as though they were being blocked only by a stack of dominoes.

Those items that ran unimpeded were: Troj/FakeAV-AFY and Troj/FakeAV-AFX, two low-prevalence Trojans that pretend to be a free anti-virus test; Mal/EncPk-KY and Mal/EncPk-KP, two garden-variety spam viruses; Troj/Agent-LIW, a low-prevalence Trojan that adjusts the behavior of Internet Explorer; Troj/Zbot-JN, a variation of the Trojan that attempts to steal online banking login information by first masquerading as an anonymous e-mail request for a date; and W32/Autorun-ATC, a garden-variety worm that changes the startup script.

“User Account Control did block one sample; however, its failure to block anything else just reinforces my warning prior to the Windows 7 launch that UAC’s default configuration is not effective at protecting a PC from modern malware,” Wisniewski wrote.

That default configuration is a new setting for Windows 7, that’s one level down (and one level less annoying for some users) than Vista’s default. During the testing process earlier this year, Windows 7 generated considerable controversy for effectively enabling some applications to generate a kind of “privilege self-elevation privilege” for themselves, which some saw as a vulnerability gift-wrapped for anyone wanting to go exploiting it. Others complained about a more sweeping potential problem: that the whole point of generating the message in the first place (stopping privilege elevation) is forfeited if developers leave a back door wide open.

As Wisniewski told Betanews this afternoon, his intention was not to prove UAC pointless in and of itself, but to suggest that Windows 7 may be vulnerable right out of the box unless and until users do something above and beyond the default.

“This was a quick test to determine if the efficacy of restricting administrative rights through the use of UAC alone will protect against malware infecting a computer running Windows 7,” Wisniewski told us. “I did not test how it would have behaved if UAC was dialed up, or perhaps run in what people are calling ‘Vista mode.’”

But if anti-virus is the solution to the problem (of course, Sophos is an anti-virus software maker), then what good is UAC at all, even if it’s dialed up? Is Chet suggesting the whole thing is pointless anyway?

“I am performing some follow-up testing, although as is the case with malicious software, it does take a bit of time to safely perform these tests. With the data I have at the moment, I am not making recommendations as to what you do with UAC,” he responded, “merely warning people that it does not protect a machine effectively against malware. I think Microsoft acknowledges this with their efforts on Microsoft Security Essentials and Forefront.”
But isn’t UAC generally effective against malicious applications that seek elevated privilege levels, even if they’re not among the most dangerous viruses cited by Sophos?

“We did not select specific malicious or difficult samples, merely the most recent ten at the time. Most were ‘Fake AV’ even if the sample names did not indicate that. We have generic detection for malicious packers and other nastiness that proactively finds many samples…With proper anti-malware protection, Windows 7 is far safer,” acknowledged Sophos’ security engineer.

“One benefit that UAC could have provided,” he continued, “is an additional layer of protection that would help in the event that your anti-virus has failed to detect a new sample. It does not appear from my results that this is the case.”

Copyright Betanews, Inc. 2009

Ford just announced the inflatable seatbelt, intended to protect passengers seated in the back of the vehicle, where they are more vulnerable to head, chest, and neck injuries. How long will it be before our vehicles are filled with SecureFoam, filling our vehicles whenever we crash.

The new seatbelts will be available starting next year, debuting in the 2010 Ford Explorer. Ford has stated that they intend on offering the new seatbelts on all of their cars worldwide in the future. The new seatbelts are considered to be much safer then the current technology, and more comfortable. Ford hopes that the new design will help to increase the usage of rear belts.

Take that, fat-cats in Congress!

OMG! Did you hear? Lenovo has just added a BIOS feature to its new ThinkPads allowing you to swap Ctrl and Fn! Apparently this was a big request for many people in the world and Lenovo, being good guys, listened intently and pushed this passed the faceless bureaucrats in accounting and GOT THIS THROUGH! Hope, people, is what Lenovo promised, and change is what you get.

Honestly, though, has anyone even thought they needed this BIOS tweak let alone requested it? Anyone out there TOTALLY big into Ctrl being on the outside?

via Eng

“Chanting ‘Kill the bill,’ thousands of conservatives rallied at the Capitol on Thursday against the Democrats’ health care overhaul plan, labeling it a government takeover of the nation’s medical system,” The Associated Press reports. “‘This bill is the greatest threat to freedom that I have seen,’ House Republican leader John Boehner of Ohio told the crowd gathered on the lawn near the West Front of the Capitol. The protest attracted many of the so-called Tea Party demonstrators angry with increased spending and an expanded government role under the Obama administration” (Kellman, 11/5).

The Washington Post: “Dozens of Republican lawmakers, led by Rep. Michele Bachmann (R-Minn.), stood on the Capitol steps and pledged to do everything they could to defeat the health-care reform bill by Saturday, when House members plan to vote. ‘You came! You came to your House!’ said Bachmann, who organized the ‘Hands Off Our Health Care!’ rally in recent days with impassioned pleas on conservative talk radio and cable television shows” (Rucker, 11/5).

The New York Times: “A series of spot interviews suggests that the protesters have come to Washington from all across the country – Texas, Ohio, Oregon and the greater Washington area. It’s a generally older crowd, many in their 50s and 60s, predominantly, white, and many self-identified as Christians. They are fiercely conservative and deeply skeptical of the government, many of them adamantly opposed to abortion rights” (Herszenhorn, 11/5).

ABC News: “Dozens of buses, organized by the conservative group Americans for Prosperity carried grassroots activists and concerned citizens from Pennsylvania, New Jersey, Maryland and North Carolina. Organizers said activists became energized after Republican victories in Virginia and New Jersey Tuesday. ‘Speaker Pelosi did not get the message on Tuesday that people aren’t happy with the way things are going,’ Dave Schwartz, Maryland state director of Americans for Prosperity, told ABC News. ‘We need to send her another message’” (Dwyer, 11/5).

Google announced the beta testing of a new AdSense interface today. It is being tested with a small group of publishers. Google says the new interface was designed based on the top three requests from users:

1. Provide insights to help you make more informed decisions about you sites.

2. Offer you more control over the ads that appear on your sites.

3. Help you manage you account more efficiently

With the new interface, AdSense publishers can get more detailed performance reports that let them view daily stats in graphical formats. In addition, it provides metrics like amount you’ve earned from various ad, targeting, and bid types.

The interface includes some improvements to the Ad Review Center that will give users more options to manage ads that appear on their sites, and offer what Google says is a cleaner interface that will make it easier to find and review them within the Ad Review Center.

"We’ve streamlined the AdSense interface to simplify common tasks, such as making a change to several ad units simultaneously," says Google. "Additionally, to help you get the most out of AdSense, we’ve added more relevant help on every page, a message inbox for tips from our team, and alerts with important account related notices."

The limited beta testing is taking place in English, Spanish, French, German, Italian, and Japanese. The test will be rolled out to thousands of publishers over the coming weeks (they will be notified via email notification).

Related Articles:

> Google Familiarizes AdWords Users with New Interface

> Blogger Gets AdSense For Feeds Integration

> Google Friend Connect Gets an AdSense Feature

Sometimes books come out of practical experiences. That is what led authors Rebecca E. Hamik and Catherine (Cat) M. Wilson to write their new book, Singin’, Sweatin’, and Storytime: Literature-based Movement and Music for the Young Child." Their new "kid-tested" book links music, movement and literature in the classroom.

Hamik is a physical education teacher, while Wilson, an MENC member, teaches general music. They teamed up when their school switched to all-day kindergarten. Given 45 minutes for the class, they wanted to fill them with meaningful classroom instruction for their students aged four to six.

“What we developed was a series of joyful lesson plans that not only give children a music foundation, but also teach physical education and other classroom skills,” Wilson says.

Each lesson has a story for the teacher to read to the children, a music activity, and a physical activity. The book also includes adaptations for regular classroom teachers and paraprofessionals and a music CD.

MENC and Rowman & Littlefield Education copublish Singin’, Sweatin’, and Storytime. Visit rowmaneducation.com for ordering information, the table of contents, reviews, and other book details. The book is $95 for the cloth version with an audio CD or $55 for the paperback version with an audio CD. MENC members receive a 25% discount.

In a joint interview, Wilson and Hamik discussed how they developed their book.

 

 Authors Catherine (Cat) M. Wilson (left) and Rebecca E. Hamik

Question: In the chapter, “The Skeleton and Singing a Spiritual,”the pairing of “The Skeleton Inside You” and “Dry Bones” is so much fun. Can you describe how you went about linking the stories with the music?

Wilson:  We were developing this health lesson plan near Halloween. The kids were very enthusiastic about learning about bones, and they loved the song “Dry Bones.” The song has historical value as an African American spiritual and it always gets the kids moving. We decided that the combination was fabulous!

Hamik: I want to provide the kids with important health information at an early age. The skeleton is a great way to introduce bones and body parts. I searched on several web sites to find books to go with each lesson.

Question: The music is diverse, from opera to spirituals to geographic locations like Africa. Did you want to provide music and movement from different genres and if so, how did you decide what went together?

Wilson: We wanted the musical genres to be very diverse to give students a wide variety of music to enjoy. We paired the countries with the songs and the games to give students an understanding of the world around them. We tried to choose countries from each continent, and countries from which some of our students immigrated so that they could share a piece of their culture with their classmates.

Hamik: Ditto!

Question: You discuss literacy and the young child and lay out what children are likely be able to do by the end of kindergarten. It must be wonderful to see children progress as they learn to sing and also to control their body movements.

Wilson: Young children develop rapidly, and it is amazing to see the difference in a very young child from the beginning of the year to the end of the year. Physically, socially, emotionally, and academically, they make tremendous progress. Giving them a musical, physical experience that is very diverse lays a strong foundation for their future musical and physical education. Education is a layering process…Children retain what they learn, too. I often have older kids come up to me and say they loved doing ‘The Three Piggy Opera.’ 

Hamik: I am amazed at how far our children grow and learn in a year’s time and it stays with them in future years.

Question:  You have created a work with 42 different lessons. Do you have a favorite lesson?

Wilson: It would be hard to pick a favorite lesson. My favorite unit is 6, because I love studying world cultures and celebrations.

Hamik: I love the unit 2 health lessons, especially the germs.

Question: Is music or literature or movement more important in some lessons than others? Or is each element pretty equal in each lesson?

Wilson: I feel like all three of these elements reinforce each other. I personally would emphasize the musical study and Becky would probably emphasize the movement. A regular classroom teacher might be more inclined to emphasize the literature component. I think that this will all depend upon the teacher using the book. Unit 4 is skill based, and some lessons in that unit are geared more for movement or more for music. Most of the time we tried to balance the activities.

Hamik: Some lessons don’t have as much movement but the concepts that are taught are important for this age group, so if you forgo movement one day, you pick it up in the next lesson.

Question: Is there anything else you would like readers to know about your book?

Wilson: We want potential readers to know that we had a great time developing this curriculum for our very young students, and they were so enthusiastic to come and see us every day. Our first priority when writing this book was to develop plans for teachers that would involve and inspire very young students in a way that was joyful, creative, active, an appealing to all types of learners whether they were visual, aural, or kinesthetic modality. We strove to make a resource that would get lots of classroom use.

Hamik: Young children come to school with a varying amount of background information. This book gives teachers the opportunity to expand their knowledge base and to provide life long skills. The book is cross-curricular, provides higher order thinking skills. It also gives a good foundation into 3 subject areas and their standards.
 

—Roz Fehr, November 5, 2009. © MENC: The National Association for Music Education
 

Another update for White Knight Chronicles coming up, but no, Level 5 Games isn’t finished with the North American release. They did, however, finis…

We’ve discussed in the past how silly it is for countries to have “crown copyright” (basically granting the government copyright over government documents). Luckily, the US has no such thing, but it makes no sense elsewhere. The government doesn’t need copyright incentives to create works. The only purpose crown copyright can serve is for the sake of censorship. Canada has a perfect example of that, as the Auditor General issued a takedown to both The Globe and Mail and Scribd, for posting one section of the Auditor General’s report on immigration. The Auditor General claims that to post parts of her report, newspapers (and others) need to ask permission on a case-by-case basis, due to the copyright. Of course, The Globe and Mail is a newspaper, and posted it as part of its reporting — which should be clear fair use/fair dealing (even if there was copyright over this material — which there shouldn’t be). And yet, we keep being told that Canada’s copyright laws are too lenient?

Permalink | Comments | Email This Story

The audiobook reviewed here is ‘The Beginner’s Guide to Dream Interpretation’ by Clarissa Pinkola Estes who also narrates the audiob0ok. Firstly turning to the narration, I thought this was exceptionally good. Compared to the narration in the previous audiobooks I have reviewed here, which have also been of an exceptional quality, Estes brings a unique approach.  She uses a style which gave the impression of listening in to her having an informal conversation interspersed with relevant anecdotes and always in a very light-hearted manner. She is able to do this while covering the introductory material to dream interpretation. There was some overlap with material covered by John Betts in his excellent podcast series on Jungian Analytic Psychology (e.g. see reviews here, here, here and here which link to relevant episodes). Thus we see familiar themes such as the benefits of keeping a sleep diary and Estes refers in the work to Jung’s approach to dream analysis. As this is a relatively short introductory guide to dream interpretation it serves the purpose of informing those new to the field as the title suggests and Estes attains this goal succinctly by explaining the central concepts while holding the listener’s attention. What I found particularly interesting in this book was the description of the common types of dreams that occur across many cultures including falling, flying and animals amongst others. Indeed listening to this list triggered one of my recent ‘forgotten’ dreams and perhaps reinforced that many of my dreams would fit into these common themes (although it could of course be coincidence!). However another fascinating resource reviewed earlier on the blog – the Dream Journal (see review here and site here) consists of dream narratives entered by members of the forum. A look at this at the time of writing revealed common themes or content in dreams including friends, relatives, searching, ‘peaceful’, fear, water and driving! While this is not a formal research area and members are self-selected (meaning it might not be representative of the general population) there are sufficiently large numbers of dreams to be able to ask some interesting questions. This site also shows that inquiry into the subject of dreams can follow both a qualitative and quantitative approach and while it is inherently difficult due to the nature of dreams it is not unreasonable to expect that such study will (and has) produced useful results. It is interesting to note that dream analysis has preceded the psychoanalytic movement and indeed the more formal analysis dates back many centuries. Nevertheless the Swiss psychiatrist Carl Jung contributed many valuable insights into this field and as Estes is a Jungian analyst she is able to communicate many of these insights to the reader. I found this to be a very useful resource for those new to the field of dream analysis.

Twitter

You can follow ‘The Amazing World of Psychiatry’ Twitter by clicking on this link

Podcast

You can listen to this post on Odiogo by clicking on this link (there may be a small delay between publishing of the blog article and the availability of the podcast).

Responses

If you have any comments, you can leave them below or alternatively e-mail [email protected]

Disclaimer

The comments made here represent the opinions of the author and do not represent the profession or any body/organisation. The comments made here are not meant as a source of medical advice and those seeking medical advice are advised to consult with their own doctor. The author is not responsible for the contents of any external sites that are linked to in this blog.

In the near future, a mysterious, growing, black void dubbed the Schwarzwelt appears at the Earth’s southern pole. So begins the story in Atlus’ first…

More than 14,000 federal and military personnel participated in the GreenGov Challenge – submitting over 5,300 ideas and casting more than 165,000 votes.  Today at 3:30pm EST, some of the top ideas are being presented to the Steering Meeting on Federal Sustainability, a group comprised of a senior official from each agency who is responsible for delivering their agency’s sustainability plan.

Tune-in at Whitehouse.gov/GreenGov to learn how we’re turning your GreenGov ideas into action.

[UPDATE: This event has now concluded. You can watch the video below.]

By Scott M. Fulton, III, Betanews

Internet security engineers who had been meeting secretly to discuss a possible extension to Transport Layer Security (TLS) to thwart a possible low-level exploit, were compelled yesterday to reveal the existence of their meetings after another security engineer unconnected to their project went public with a conceptual framework of the very type of exploit they were working to pre-emptively patch.

The problem is essentially a repeat of what developers of TLS and its parent protocol, Secure Sockets Layer (SSL), have dealt with a handful of times in the past: the potential of man-in-the-middle attacks by malicious servers that can pass themselves off as security authenticators. As the team from wireless security service provider PhoneFactor discovered last August, it was possible using both Microsoft IIS 7.0 and Apache httpd Web servers to demonstrate a situation where a false TLS server authenticates itself to a genuine Web client, then authenticates itself to a genuine TLS server, effectively setting itself up as a go-between that’s privy to the complete contents of what appears to the innocent client to be a fully encrypted SSL session.

With online bank transactions worldwide currently covered just with SSL, the potential for global exploit now that the technique behind the attack is widely known, has just become enormous.

As PhoneFactor engineer Marsh Ray blogged this morning, he first suspected the possibility of a vulnerability while doing code testing of a product that a PhoneFactor partner was developing to support its software. “We realized this situation needed to be handled with a good measure of care,” Ray wrote. “Over the first part of September 2009, we began disclosing the initial group of independent security consultants for independent verification and advice on how to proceed.”

With the cooperation of groups such as the Internet Engineering Task Force, a working group was formed with the objective of developing an extension to TLS. Security vendors with representatives to the IETF, Ray implied, are aware of his and supervisor Steve Dispensa’s work, so it’s likely that remedial code for the problem has already been developed, and is being tested now.

Without divulging the technical details, here is the basic theory of Ray’s and Dispensa’s discovery: During a typical TLS (SSL) session, a handshaking process initiated by a client results in the legitimate server validating the client’s certificate, and the client validating the one passed by the server. From there, an exchange takes place whose result is the production of an exclusive session key. Methods exist for one or the other party to request a change in the parameters of their transactions, perhaps to switch to a different, stronger cipher suite. However, because of the “post-only” nature of HTTP — the transaction protocol around which the TLS session is based — moving the session over to the stronger suite cannot mean suspending transactions in progress and picking them back up again later after the move. Instead, the old session is effectively ended and a new one begins.

At least, that’s what’s supposed to be enabled to happen, and there’s where the trouble starts. The old session is ended, but in order to renegotiate the session, the client and server have to start all over again. In a situation similar to someone’s e-mail application replying to your e-mail with a message whose subject line begins, RE:, the conversation between client and server over what to change to, contains a reference to the request for renegotiation — the request that had, when sent earlier, been encrypted.

Now it’s not, and that’s the problem. The certificate chain that had been encrypted is now revealed in clear text; and it becomes possible for a malicious middleman to inject code into that chain. Ray was able to demonstrate the methods to security vendors, and that’s where we’ll stop before we get too detailed.

On a different IETF mailing list yesterday afternoon, a security researcher with SAP, who was running tests on Microsoft IIS, effectively discovered the same concept, and disclosed his discovery in a responsible manner as well. The problem: Someone reading that mailing list effectively broadcast the news “TLS is cracked,” or something to that effect, to all his friends on Twitter.

Apparently last night — maybe in the middle of the night — is when Ray and Dispensa began getting phone calls from partners. The news was out, and now the need to keep “Project Mogul” secret had evaporated. Though a solution has already been in the works since at least early September, the race to secure the principal protocol governing the Web’s monetary transactions has just kicked into overdrive.

Copyright Betanews, Inc. 2009

Max Burger-Calderon has retired as chairman of Apax Partners‘ Asia operations, according to Dow Jones. He will now serve as part-time nonexecutive chairman, and will not be succeeded in his fulltime role. Dow Jones also reports that Michael Prahl has left Apax, where he focused on retail and consumer investing out of the firm’s Hong Kong office. www.apax.com

ShareThis

Before the days of the PSP and the DS, only one name came to mind when it came to portable gaming – the Nintendo Game Boy. Since its launch in 1989,…

Ever wonder how much of your personal information you’ve willingly donated to Google over the past 11 years? Today, Google announced the launch of a new product to help you find out, and it’s titled Google Dashboard. The Dashboard allows you to view all facets of your Google life: Gmail, Google Calendar, web history, what mobile phones are syncing with your account, YouTube, and more. You can view your purchase history in Google Checkout, see that you have an Orkut account that you didn’t know about, and see how many people have called your Google Voice number. It’s a nice gesture but this is all the stuff we’ve voluntarily leaked to Google, we’re curious about the dirt the big G has managed to collect on its own! 

Read

http://www.huffingtonpost.com/william-s-becker/road-to-copenhagen—part_b_345572.html

If you spend any amount of time using the Internet as we know it today, chances are you have suffered some inconvenience from the variety of interpretations of the various “standards” used to create the web. Every web browser renders web pages slightly differently; some Flash content isn’t compatible with older versions of Flash (and some versions of Flash aren’t supported on some operating systems at all!), etc. If you make your living creating web content, all of those problems may be amplified several times. Doesn’t it make you long for a real standard, where content is king, and presentation of said content is the same, regardless of whether you’re shopping for shoes or looking for an academic journal? The Gopher protocol, created in the early 1990s, had all that, and it ain’t dead yet!

Ars Technica has a nice retrospective of the Gopher protocol. It’s a no-nonsense information presentation mechanism that places content squarely at the forefront. No pictures-of-text or confusing and inconsistent navigation elements to slow you down: navigating one Gopher site is the same as navigating any other Gopher site.

Firefox provides native support for the Gopher protocol, and the Overbite project provides an enhanced add-on for Firefox, as well as an Adobe AIR standalone Gopher client. Old protocols die hard, I guess. There’s even a Twitter-over-Gopher solution (although everyone knows that Twitter-over-IRC earns more geek points).

I used Gopher at my university’s library, where the entire card catalog was indexed in a Gopher space. It was, at the time, remarkably obtuse and hard to use; but then again I was still fighting SLIP connections on my home dial-up to access the “Internet”. Everything was a little kludgey back then.

Given Gopher’s limited resurgence in popularity, what kind of Gopher site would you create today?