taiwanjc.org

It’s a free app. It will scan your PC (at regular intervals if you like) and tell you what you have that’s old or out of date. It gives you links to updates as well as user reviews of the apps. Updates come to you from our Download.com site, so you know they’re safe and spyware-free.

(Credit:
Screenshot by Rafe Needleman/CNET)

Back in the old days of CNET, we had a product I loved called CNET Catchup. It scanned your computer and told you which software on it had updates available. I’m happy to report that we’ve brought the function back, in a completely new product called TechTracker.

The Windows version is in public beta (get it here). A Mac version should be out soon.

I could use some updates.

This is not an impartial expert review. We don’t review our own apps. This is a pure pitch. I like TechTracker and I’m proud of the team here that built it. So go get it and tell the folks who made it what you think.

Several groups acting on behalf of publishers and authors sued Google in 2005 over its plan to digitize books, and the suit was granted class action status. That meant that when Google and the publishing groups settled the lawsuit in 2008, publishers and authors that held the rights to books that were out of print but still protected by copyright law had to opt out of the settlement if they didn’t want to participate in the project. They have until next month to do so.

A new objection to Google’s Book Search settlement with books rights holders plans to argue that the parties to the settlement are “trying to ram this through so that millions of copyright holders will have no idea that this is happening.”

Gant will file a brief with the court arguing that this is “an abuse of the class action process,” according to the Times, which also noted that some legal scholars believe this is a novel challenge to the settlement. Many of the objections have focused on the fact that with the settlement, there’s only one institution in the United States that has the legal authority to scan out-of-print books still protected by copyright: Google.

Google told the Times that regardless of how the deal was reached, rights holders still have control over their destiny, and can opt out of the settlement should they wish to prohibit Google from scanning their work. A final hearing in the case is scheduled for October.

The class action status meant that Google did not have to individually negotiate with rights holders for “orphan works,” a vast undertaking that nonetheless should have been conducted if Google and the parties to the settlement were truly interested in preserving the rights of authors, Gant argues. As part of the settlement, Google has had to show that it is taking as many steps as possible to ensure all possible rights holders have been informed about the settlement and their options under the agreement, but Gant’s brief plans to say that licensing agreements should not be established via class action lawsuit.

Google’s plan to digitize books on a grand scale has its fair share of detractors, and Scott Gant will soon join them in opposition to the settlement according to The New York Times. Gant, a lawyer with Boies Schiller & Flexner, says he’s acting on his own as an author concerned about the use of class action status to lump all authors into the same pool.

Collaborative-storage provider Box.net on Tuesday announced that it had acquired Mountain View, Calif.,-based Increo Solutions, a company with two Web products: Embedit.in and Backboard.

Financial terms of the deal have not been disclosed.

In a company blog post on the acquisition, Box’s community manager, Sean Lindo, said these products will continue to run independently but that both would later be integrated into Box.net as added features.

Embedit.in, which was launched in June, lets users post and share their documents in the cloud using an Adobe Flash-based viewer. And Backboard, which is the company’s only paid product, lets users get feedback and collaborate on projects using that same document viewer.

Philadelphia-based collaboration tool WizeHive is getting a handful of useful updates today.

(Credit:
CNET)

WizeHive continues to be a free service through its “beta” period. After that, users will have to pay $39 a month, along with an extra few dollars for additional storage and users in a group. See also Seattle-based Liquid Planner, which offers fuzzy due dates on tasks.

The service, which is aimed at helping both groups and individuals manage projects and juggle tasks, is evolving into something designed to replace desktop productivity software with features like an integrated word processor, file previewer, and storage with versioning controls that let users roll back to an older version of any file.

Coming next month will be a way to view previews of certain types of files from within WizeHive. Currently you have to download a file, then open it up in a local application–something that really doesn’t work if you’re on a computer without the proper software installed. This can also be problematic if you’re on a limited connection such as cellular data. Storage services like Box.net have been doing this for a while, and it can be a big time saver.

Starting today, WizeHive users can create and collaborate on Zoho documents from within WizeHive, and without having to open a Zoho account. Whatever they save is also stored along with the rest of their files and projects back on WizeHive.

Users can now upload up to 50 files at a time, up to 100 MB a pop.

Along with the editor, WizeHive users can also store and share larger files on the service, and more of them at a time. The new cap per file is 100 MB, up from 10. The new uploader also lets users upload up to 50 files at a time, up from single file uploads.

(Credit:
CNET)

Using CommuTweet I was able to set up my commute parameters in about a minute. The problem, at least for California, is that it’s a big state with many different transportation mediums. In most cases I’m better served simply subscribing to the news feeds of the public transit services I use, or logging into their sites to see if there are any alerts. That’s where this tool really impressed me though–it’s already subscribed to these feeds. As long as the transportation service has a Twitter feed it’ll show up on CommuTweet. This solves one of the biggest problems with these crowd-sourced solutions, which is seeding any lapse of user-created data with a constant stream of information from the source.

The service revolves around the use of a specially formatted tweet that can be localized to whatever state you’re in, and what kind of transportation you plan on riding. To get things narrowed down to this level, users have to construct their outgoing messages in a special format. This starts with a #CommuTweet hash tag, followed by the abbreviated name of the state, followed by a one letter short code that tells other users what part of the transit system is down or backed up, be it bus, subway, ferry and rail. When completed, this leaves users with around 125 letters to type any additional information about what’s gone wrong.

Related: Who owns transit data?

See also TrafficTweet, which lets users tweet traffic alerts for specific cities. It also has a mobile app which can add exact location and show you where jams are happening, which CommuTweet cannot currently do.

(via KillerStartups)

Twitter’s usefulness can most often be measured during times of disaster, when the quick spread of important information can really make a difference. And guess what–that works for traffic jams too. CommuTweet is proof of that, with a new service that lets those who are unfortunate enough to get stuck in traffic, or a long-delayed bus or train line to share that information with others.

To access all of this information, users can either view and sort it from CommuTweet’s site, or through Twitter’s search tool. However, the benefit of using CommuTweet is that you can log-in using your Twitter credentials and get it to automatically add the hash tag and location to your outgoing messages–that is as long as they’re done from its composition tool. It can also post the message just to CommuTweet and not your public timeline, as well as filter the tweets you see from others to just your state and your preferred form of transportation.

Seesmic on Monday released an update that adds more minor features to the Twitter and Facebook desktop manager.

The cross-platform Adobe AIR app will now auto-complete Twitter usernames, a feature that competitor TweetDeck has offered for a while. Seesmic 0.5 also adds a home timeline configuration, so you can include or exclude replies, private messages, and search results from one column.

Other minor changes include maximizing and bringing to the front the Seesmic window when you click on the notification pop-up window, and optionally minimizing the program to the system tray in Windows. The full list of changes can be read here.

The vulnerability only affects phones that have been misconfigured by the original equipment manufacturer so that they accept any message sent through WAP Push (Wireless Application Protocol), a service that runs on top of SMS, said researcher John Hering.

John Hering and Kevin Mahaffey of Flexilis demonstrate an SMS attack targeting a Windows Mobile phone.

Phone owners can test their phone to determine if they are affected by the issue. Hering and Kevin Mahaffey, Chief Technology Officer at Flexilis, are releasing a free tool that can be used to test whether a mobile phone is vulnerable, and if so fix the issue.

WAP Push messages should only be accepted when sent by a trusted party such as the mobile operator, said Hering, chief executive of Flexilis, which provides software for protecting mobile phones from attack.

Also on Thursday, Charlie Miller of Independent Security Evaluators and independent researcher Collin Mulliner demonstrated another type of attack in which they can take complete control over an iPhone merely by sending special SMS messages. They proved the attack the night before with a denial of service attack on my non-jailbroken iPhone, which runs OS 3.0.

(Credit:
Elinor Mills/CNET News)

The researchers said they had not yet determined whether the iPhone or other devices were vulnerable. They said they have notified carriers, or Microsoft, and fixes are being worked on.

Since SMS is available on so many devices and is always on–as long as the phone is turned on–it makes for an attractive target for attackers, according to researchers.

(Credit:
Elinor Mills/CNET News)

LAS VEGAS–In one of a handful of SMS-related presentations here at the Black Hat security show, researchers demonstrated on Thursday how they can force certain types of smartphones to visit a malicious URL or install an app without user approval.

The researchers built this device for testing for the vulnerability on multiple phones at once.

The vulnerability spans all Windows Mobile devices including HTC, Motorola, and Samsung, he said. The phones that are vulnerable have been misconfigured and it’s random which ones have the weakness.

The attack works on GSM networks, the men said, adding that they had not yet tested it on CDMA networks.

The researchers have developed free, open-source software called “Fuzzit,” which is designed to test the security of mobile devices and is geared towards mobile manufacturers, operators, and software developers. It will be released shortly. They also built a device that allows for the testing of multiple phones on different platforms at once for internal research and development.

In a presentation earlier in the day, Zane Lackey of ISEC Partners and independent researcher Luis Miras demonstrated how an attacker could spoof an MMS (multimedia messaging service) type of SMS message that appears to be sent from a trusted source and trick the recipient into visiting a malicious Web site.

Their session was just one of a handful that dealt with vulnerabilities on mobile phones and SMS, in particular.

Amazon’s new Virtual Private Cloud offering is just another example of how they listen to their customers when they build solutions. Not so much unique and innovative, as a near perfect execution of a simple solution to a raft of thorny problems, Amazon’s VPC service is essentially a powerful VPN gateway which allows Amazon services to be added to the customer’s network.

The video demonstrates wizard-based provisioning and drag-and-drop resource topology design, both of which are similar to features from GoGrid and Sun, though perhaps a little more aligned with the latter than the former.

However, one has to wonder as application architectures adjust to cloud computing, how much longer they are going to be tightly coupled to data center architectures. At what point will it no longer be advantageous for application owners to define infrastructure in terms of servers, storage, and security devices?

Access control and user account management was a little sketchy in most of the services I saw, although some showed real promise.

Terremark vCloud Express: Terremark is one of the first out of the gate with a basic “one server at a time” offering based on VMWare’s vCloud Express infrastructure. Targeted at the same users who find Amazon’s EC2 so easy to use, the service is meant as a simple, low-risk way for customers to acquire compute capacity.

What I like about Project Spirit is its sense of configurability; something that I think has been missing from many IaaS offerings to date.

Here is a brief analysis of the offerings that recently caught my eye:

This is just the beginning of a long evolution, folks.

Each network comes with eight public IP addresses (more can be added), and you can add resources such as servers, storage, and firewalls as you see fit. You can also create as many networks as you’d like for each account.

In a video recorded at VMWorld, Simon West, Terremark’s VP of marketing, demonstrates provisioning a server in the service. Like other services in its class, it focuses on allowing you to select a server image from a menu of possibilities, click a button, and boot the resulting server in a few minutes. Pricing starts at $.036/hr for a 1 “VPU,” 0.5GB server, but as Chris Flex of Citrix Systems notes in a blog post, Terremark charges differently than Amazon, so the CPU cost does not necessarily reflect cheaper overall operation costs.

That being said, the independence of distributed applications from underlying architecture is a long way off, even from the enterprise perspective. I expect that by this time next year, we will see a stable of very strong enterprise public cloud offerings, with support for various compliance standards, sophisticated networking, and cloud-centric security services and technologies.

Terremark’s new service complements its existing Enterprise Cloud service, which is targeted at larger, more sophisticated infrastructure needs.

One of the most interesting aspects of the weeks leading up to and including this year’s VMWorld was the incredible innovation in cloud-computing service offerings for enterprises–especially in the category of infrastructure as a service. A variety of service providers are stepping up their cloud offerings, and giving unprecedented capabilities to their customer’s system administrators.

Savvis “Project Spirit”: Available in beta “by the end of this year,” Savvis’s Project Spirit adheres to a “Virtual Private Data Center (VPDC)” concept very similar to the Virtual Data Center vision espoused by Sun. In a video providing an overview of the service, Savvis indicates that Project Spirit provides three tiers of service, each with an increasing set of capabilities and improved quality of service (QoS).

In this category, enterprises are most concerned about security, control, service levels, and compliance; what I call the “trust” issues. Most of the new services attempt to address some or all of these issues head on. Given that this is the infancy of enterprise cloud computing, I think these services bode well for what is coming in the next year or two.

OpSource Cloud: Hosting vendor, OpSource, is taking a more network-centric approach toward cloud definition, similar to the “subnets” that Amazon allows customers to create in its VPC offering. The OpSource cloud is in pre-beta now, with an October target for “public release.” When the OpSource team demonstrated their user interface to me, they showed me a metaphor that begins with the definition of a “network,” which is an isolated through custom routing capabilities at the OpSource data centers.

Obviously, there are many more offerings like these in the market today. However, it is interesting to note that the common theme here seems to be security, either through “isolation” via networking, and/or through the availability of enterprise-class firewalls, load balancers, and the like. The expansion of virtual data center offerings is also interesting, as I think it shows the early growth of what will likely be the true enterprise cloud-computing space.

Now, this doesn’t directly address security, compliance, or service levels, but it gives enterprise customers a level of control over network configuration that was previously unavailable from Amazon, which in turn enables the customer greater latitude to address those issues.

Amazon Web Services Virtual Private Cloud: There is no doubt that the smart people at Amazon continue to innovate at a breathtaking pace. The last three years have seen a whirlwind of new and upgraded services, ranging from storage and server capacity, to payment processing and content delivery.

Kai-Fu Lee leaving Google

Google tweaking Android Market

Download today’s podcast

Today’s stories:

Get ready for virtualization to affect you, too

That and other headlines of the day on Friday’s CNET News Daily Podcast.

Listen now:

If you’re not affiliated with corporate data centers, you probably haven’t given much thought to the term virtualization. But the era in which virtualization directly affects us regular folk may be on its way. CNET News reporter Stephen Shankland, who attended VMWare’s VMworld conference in San Francisco this week, explains.

Photos: Mars orbiter’s abstract impressions

Amazon apologizes for deleting Kindle e-books

Restoration starts on one of oldest computers

Frankencamera is open source, runs on Linux

Microsoft reports attacks using IIS vulnerability

IBM plunges into the ’smart grid for water’

Symantec is betting heavily that program behavior is the future battlefront of security and is making a big push in its 2010 security program lineup with a behavioral engine called Quorum.

Take a tour of Norton Internet Security 2010 in this slideshow, and keep in mind that the look is very similar to Norton AntiVirus 2010. The biggest differences between the two include ancillary features, price, and the number of computers supported by one license.

Norton Internet Security 2010