Friday, December 21, 2012

Redesigned Technology blog moves to new address

Tech blog

The L.A. Times Technology blog has been redesigned, and with our new duds we're rolling out a new URL. So if you've been a loyal follower of our work, please update your bookmarks.

Our hope is that you'll find the new look to be cleaner and easier for reading, viewing photos and watching videos. Please let us know what you think about the new look by leaving us a comment on the Technology blog's Facebook page or by shooting a tweet to @LATimesTech.

Thanks for reading, watching and clicking.

-- Nathan Olivarez-Giles

Nathan Olivarez-Giles on Google+

Facebook.com/nateog

Twitter.com/nateog

Image: A screen shot of the Technology blog's new look. Credit: Los Angeles Times

Farrah Fawcett Arnold Schwarzenegger

Steve Jobs turning over in his grave? Look-alike touts rival Android

Fake_steve_jobs

Steve Jobs likeness continues to pop up in the most unlikely places. He's been immortalized as a bronze statue in an office park in Hungary, his image was painstakingly recreated in what might be the world's most detailed action figure, and now a Taiwanese commercial making its way around the Internet depicts the recently deceased Apple visionary as a shill for an Android-based tablet called Action Pad.

Oh, the irony!

The man playing Jobs in the commercial is Taiwanese comedian and impersonator Ah-Ken, according to a report in Reuters. The commercial never explicitly uses Jobs name, but Ah-Ken is dressed in Jobs trademark black turtleneck and blue jeans, his hair is a silvery grey, and he's wearing glasses. He's standing on a stage meant to mimic those that Jobs paced across during major Apple announcements and speaking excitedly to an applauding audience. One thing he has that Jobs never had: a halo and wings.

At the end of his talk he says, "Thank God I can play another pad."

Jobs of course hated Android with his whole being. His biographer Walter Isaacson writes that he never saw Jobs as angry as when he was talking about a lawsuit Apple had filed against Android.

After telling Isaacson that he considered Google's Android to be a wholesale ripoff of the iPhone, he said:

"I will spend my last dying breath if I need to, and I will spend every penny of Apple's $40 billion in the bank, to right this wrong. I'm going to destroy Android, because it's a stolen product. I'm willing to go thermonuclear war on this. They are scared to death, because they know they are guilty."

Maybe things change in the afterlife?

Action Electronics, the company that makes the Action Pad along with other electronic gadgets, sees no problem with the advertisement. "Steve Jobs always promoted things that were good for people, Apple products, so his image can also promote other things that are good," a spokeswoman told Reuters. "It's just an impersonator, not Jobs," she said.

The reaction on YouTube has been mixed with commenters vacillating between disgust and amusement, but the video itself is rapidly racking up views.

ALSO:

Steve Jobs statue unveiled in Budapest office park

Demand for iPhones in China could skyrocket, analyst says

Steve Jobs action figure is advertised; will Apple respond?

-- Deborah Netburn

Image: Screen grab from a Taiwanese commercial for Action Pad that depicts Steve Jobs as a shill for the Android-based tablet. Credit: YouTube

Thora Birch Veronika Zemanova

Poll: Would You Pay $1 to Send Facebook Messages to Non-Friends?

Facebook has long splashed the banner message, “It’s free and always will be,” across its homepage.

While Facebook has remained free to use, the company continues to experiment with ways to charge for premium features.

Today Facebook said it is testing a feature that lets members send messages to those outside their “friends” circle for $1 per message.

Currently, Facebook routes messages from non-friends to a user’s often-missed “Other” folder, rather than the Inbox.

This feature would display the message directly in a user’s Inbox. It would only be limited to individuals — so a brand like Coca-Cola cou ldn’t spam a bunch of inboxes. Facebook says it’s testing it out to a small group of users in the U.S., and the recipients can only receive one message in this fashion per week.

Facebook also recently rolled out a feature that will let individuals promote announcements to a larger group of friends for a fee of $7 per post. When we asked our readers whether they would pay for this, 96% said no.

So readers, would you pay $1 to send messages to non-friends? Let us know why or why not.

Shirly Jones Angie Hart

Thursday, December 20, 2012

Inside The Empowerhouse, A Gorgeous $250,000 Passive Home

The Department of Energy’s Solar Decathalon functions like an annual accelerator for new ideas in green building: teams from around the country compete to come up with innovative designs for sustainable housing, constructing models to display on the National Mall in Washington, D.C. Then, once prizes have been awarded, the teams go home and the designs are either forgotten about, sold off, or displayed on college campuses.

Not so with the Empowerhouse, the award-winning design by a team of students from The New School in New York City and the Stevens Institute of Technology in Hoboken, New Jersey. Instead, their design crossed the Anacostia River to become a two-unit home for families in the Deanwood neighborhood of D.C., installed by Habitat for Humanity and completed earlier this month. The effort was the first in the Decathalon’s history when a team partnered with a nonprofit and government agencies as a part of the design process to bring a sustainable--and affordable--home to a D.C. community.

The Empowerhouse follows the principles of Passive House construction, an approach to building that emphasizes insulation, high-performance windows, and air-tight construction. “This means the home simply does not leak heat or cooling in the way other houses do,” says Orlando Velez, the project’s director of operations. “So you can have a much smaller heating and cooling system, which runs basically on the same amount of energy that it takes to power a hair dryer.”

It also means the house is cheaper to live in, consuming 90% less energy for heating and cooling compared to a typical house, and cheaper to build than other green homes. “You don’t need 50 solar panels,” states Velez. “Just use the materials really efficiently.” Other savings come from using affordable materials, like insulation made from recycled newspaper, unfinished cedar siding.

And unlike other green-building initiatives whose designs stick out from the traditional architecture of an urban neighborhood (like Brad Pitt’s Make It Right Houses in New Orleans), Empowerhouse’s community-based approach--which involved design charettes to take input from the community and learn about local needs--should make the house fit in.

“Deanwood has a strong porch culture, which resulted in the strong emphasis on the front porches on the house," adds Velez. "There is also a strong emphasis on family and cooking, which led to a large, open kitchen that is a focal point to the living spaces in the home.” The homes also include garden space to grow food. Laura Briggs, the faculty lead on the project, says that success was due, in part, to close cooperation with community members. "We listened to their desires and feedback and went through several iterations to meet their ambitions."

The units cost about $250,000 each to build. Habitat plans to build six more elsewhere in the city.

Christine Anu Rachael Leigh Cook

Smartphone Maker Xiaomi Tech Hints That Its Next Stop Is Hong Kong As It Seeks To Become “China’s Apple”

Chinese smartphone maker Xiaomi, which has been referred to as “the Apple of China,” strongly hinted at an expansion into Hong Kong on its official Twitter account. Though the tweet was cryptically worded, attached is a graphic featuring the company’s latest model, the Xiaomi Mi2, with specs listed in traditional Chinese characters (which is used in Hong Kong, but not mainland China), Hong Kong floral emblem the Bauhinia flower and a silhouette of the Hong Kong islands and peninsulas.

Xiaomi Twitter

Xiaomi’s Twitter teaser comes just two days after the company announced that it will sell phones directly from Sina Weibo, China’s top microblogging platform, which boosts 400 million members.

Xiaomi founder Lei Jun has already stated that he plans to expand to Taiwan and Hong Kong very soon. One of the most successful entrepreneurs in China, Lei is frequently referred to as China’s Steve Jobs. His resume includes Joyo.com, which was purchased by Amazon in 2004 for $75 million in 2004 and is now Amazon China.

At TechCrunch Disrupt Beijing 2011, Lei told Sarah Lacy how he plans to take on Apple in China by producing high-quality phones priced at near cost and then making money through software. Like Apple, the company also has a disarmingly cute name (xiaomi means “little rice”) and has already garnered an enthusiastic fan base in China by incorporating user feedback into the design of its latest handphone sets and encouraging viral marketing by releasing phones in small batches.

Staffed by former employees of Microsoft, Google and Motorola, Xiaomi Tech was founded less than three years ago, but is already valued at $4 billion. The company only started selling smartphones in October 2011, but is on target to sell 7 million handsets by the end of this year, far outstripping its goal of 2 million.


Jodie Foster Olivia Pascal

TechCrunch Goes To Athens On January 4th To Meet Up With Greek Geeks

When I left Athens, Greece, over a decade ago, startups were definitely not cool. In fact, there were no tech startups at all. Since then a lot has changed. Tech entrepreneurship has become a global thing and, inspired by cultural influences like The Social Network in addition to more serious factors, hackers all over the world want to build the next big thing.

Despite the Greek government-debt crisis and the high unemployment rate, tech-savvy Greek folks are following the global trends and forging ahead to create their own jobs by founding promising early stage ventures. Tech entrepreneurship has become a legitimate career option for many of Greece’s ambitious youth; perhaps they can contribute into turning the economy in a few years time?

The Greek startup ecosystem definitely has a high energy level currently, but it faces many challenges. In any case, there is a lot going on there. And because of this momentum, we’ve decided to host a TechCrunch Meet Up in Athens on January 4, 2013. The primary purpose of this meetup is to foster awareness of the Greek entrepreneurial ecosystem, help connect everybody involved in it, and surface role models for the Hellenic startup community.

We’ve culled some of Greece’s most promising founders, accomplished entrepreneurs, active VC investors and passionate startup ecosystem builders and have filled three+ hours with insightful panel discussions and stimulating fireside chats followed by a very lively networking session where geeks, startup enthusiasts, and founders can mingle. If you happen to be in Athens during that time, you can register here for free.

Like last time, this TechCrunch meetup is organized in collaboration with OpenCoffee, an organization instrumental in helping to build the tech community in Greece. Amazon Web Services will generously provide drinks to the participants.

I will be moderating the event along with Mike Butcher, TechCrunch’s European Editor, and Niko Bonatsos (@bonatsos), co-founder of the SV Greeks & Greekamericans Club and VC at General Catalyst Partners (Disclosure: Niko and I are in a relationship).

The agenda of the TechCrunch Athens Meet Up is below. And I promise this will go way better than the last time I touched upon the topic of Greece. ;)

Agenda

• 5.00pm – 5.15pm: Opening Remarks by Alexia Tsotsis, co-editor at TechCrunch and Niko Bonatsos, co-founder of SV Greeks & Greekamericans and VC at General Catalyst Partners.

• 5.15pm – 6.00pm: Greek Founders’ Panel: Panos Papadopoulos (BugSense), Alexis Pantazis & Emilios Markou (Hellas Direct), Nick Drandakis (Taxibeat), TBD (People Per Hour). Moderator: Alexia Tsotsis.

• 6.00pm – 6.15pm: Break

• 6.15pm – 7.00pm: Ecosystem Builders’ Panel : Stavros Messinis (CoLab), Yorgos Koutsoyannopoulos (HSIA & Helic), Dio Synodinos (Greece JS & InfoQ), Bill Vatikiotis (Ruby Euruko) and Fotis Draganidis (Microsoft Innovation Center). Moderator: Mike Butcher.

• 7:00pm – 7.15pm: Fireside Chat with Marco Veremis (Upstream).

• 7:15pm – 8.00pm: Greek Investors’ Panel : George Tziralis (OpenFund), Vassilis Theoharakis (PJ Tech Catalyst), Spyros Trachanis (Odyssey Venture Partners), Dimitris Kalavros-Gousiou (HackFwd). Moderator: Niko Bonatsos.

• 8:00pm – 10:00pm: Networking Session.

As Greece has a very rich history, we could not help but hold the TechCrunch Athens Meet Up somewhere just as illustrious — the famed Benaki Museum in Athens. This venue has generally been pretty welcoming for Greek founders and geeks, as all OpenCoffee Athens events over the past three years have been hosted there, too. Special thanks to Microsoft Hellas for contributing to secure the venue.

We hope to see you all there, so register now here.

Alexis Bledel Sienna Miller

Microsoft Stores taking $25 deposit on Nokia Lumia 900

Nokia Lumia 900

AT&T, Microsoft and Nokia haven't said when the Lumia 900 will hit stores or how much it will cost, but if the flagship Windows Phone is a device you just have to have, you can now pre-order it.

Microsoft's retail stores are currently taking a $25 deposit for those looking to reserve themselves a Lumia 900 on launch day, whenever that is. The deposit offer was first reported by The Verge and confirmed to The Times on Friday through Microsoft Store employees.

Rumor has it that the Lumia 900 could launch in March at a price of about $99 on a 2-year contract, which would undercut top-of-the-line rivals such as Apple's iPhone 4S and the Android Ice-Cream-Sandwich-equipped Galaxy Nexus, built by Samsung.

In the U.S., the Lumia 900 will be exclusive to AT&T and feature a 4.3-inch display, a polycarbonate body in cyan or black, a 1.4-gigahertz Qualcomm single-core processor, 512 megabytes of RAM, 16 gigabytes of built-in storage, an 8-megapixel/720p video rear camera and a 1.3-megapixel front-facing camera.

I spent a bit of time with the Lumia 900 at CES in Las Vegas last month, and the phone did look quite impressive and something I thought could sell at $150 or $200 on a 2-year contract. Check out my hands-on look at the Lumia 900 below.

RELATED:

Nokia's Lumia 900 Windows Phone may launch at $99

Lumia 710, Nokia's first U.S. Windows Phone -- review

CES 2012: Lumia 900, Nokia's first 4G LTE Windows Phone, debuts [Photos and Video]

-- Nathan Olivarez-Giles

Nathan Olivarez-Giles on Google+

Facebook.com/nateog

Twitter.com/nateog

Photo: A Nokia Lumia 800 smartphone sits on display inside a Nokia retail store in Helsinki, Finland. Credit: Ville Mannikko / Bloomberg

Paula Jones Josie Bissett

TIME Person of the Year Runner-Up: Tim Cook



Cook received runner-up for successfully filling Steve Jobs' shoes

TIME has named U.S. President Barack Obama the Person of the Year for the second time (he was also Person of the Year in 2008), but one of the runners-up for TIME's annual award was none other than Apple's CEO Tim Cook.

Why Cook? TIME had a list of reasons, ranging from the fact that Cook was the first to professionally transition to Apple's CEO without a civil war within the company, to his "Apple" look, to his ability to step in and run the company when so many thought that Steve Jobs was Apple.

"Like an Apple product, Cook runs smooth and fast," said Lev Grossman, TIME. "When Jobs died on Oct. 5, 2011, of pancreatic cancer, there were questions about whether Cook could lead Apple. Some, myself included, wondered whether Apple was even a viable company without Jobs. Since then Cook has gone about his business apparently unintimidated by his role as successor to one of the greatest innovators in history. Cook’s record hasn’t been flawless, but he has presided in a masterly way over both a thorough, systematic upgrading of each of the company’s major product lines and a run-up in the company’s financial fortunes that can only be described as historic."


Apple was considered a tech superpower when Jobs held the reigns, putting out wildly popular devices like the iPod, iPhone and iPad during his tenure. He was a forceful, outspoken and emotional person, making the quiet and smooth Cook a questionable follower for the position.

Jobs stepped down as CEO in August 2011 and died that October having already told Cook that he was chosen as the next CEO of Apple. Since then, Cook has successfully launched products that continue to be explosively popular (the new iPad, iPhone 5, iPad mini) and has hit some record-breaking sales.

"Cook has done it his way," said Grossman. "Jobs was famously over the top: he came at you from across the room, flashing his lightning-bolt eyebrows, and he browbeat you till you either agreed with him or pretended to, just to make him for God’s sake stop. That’s not how Cook operates. He’s a seducer, a Southern drawler, slow and soft-spoken. He has been observed winking. He doesn’t come at you; he waits for you to come to him. And sooner or later you do, not because you have to but because, dang it, you want to."

Cook certainly has brought Apple through some tough times since his takeover. Earlier this year, The New York Times attacked the company for standing by while its Asian suppliers provided subpar working conditions for its workers.

Later, Apple released its first mapping service after ditching Google Maps, but once it launched, the app was a catastrophe. The service gave images that looked nothing like the location it represented, the navigation was off, and people have even gotten lost in dangerous areas thanks to Apple's mapping.

Cook apologized to customers for the issues, and Apple executives in charge of the maps service like Scott Forstall and Richard Williamson.

Source: TIME

Diamond Tracey Shaw

IBM Predicts: Cognitive Computers That Feel And Smell, Within The Next Five Years

The computing giant's annual list of technology predictions for the next five years foresee computers that can taste, see, smell, hear, and touch.


Computers With A Sense Of Taste Will Help Us Eat Smarter

Computers With A Sense Of Taste Will Help Us Eat Smarter IBM

At the end of each year, IBM releases its “5 in 5”--five technology predictions that IBM researchers foresee coming to fruition within the coming five years. These predictions are based on everything from emerging market trends to cultural and social behaviors to actual technologies IBM has incubating in its many labs. And if this year’s predictions are to be believed, many computational systems--from your tablet and laptop to your smartphone--are about to get a lot more sensory, learning to see, hear, touch, taste, and smell in their own digital ways.

Welcome to the era of cognitive systems, IBM’s researchers say. “Cognitive computing systems will help us see through complexity, keep up with the speed of information, make more informed decisions, improve our health and standard of living, enrich our lives and break down all kinds of barriers—including geographic distance, language, cost and inaccessibility,” the company says in a press release.

How? By mimicking the senses. IBM predicts that things like computer vision will revolutionize computing, particularly through health care where images like MRIs and CT scans won’t just be used by individual doctors to diagnose specific patients, but to find trends and meaning within huge volumes of medical image data. Where sound is concerned, IBM believes distributed sensor systems will begin to capture and analyze sound in new and meaningful ways (by assigning relevance to the inaudible characteristics of sounds waves, for instance) to do all kinds of things, from testing materials for weak spots to deciphering baby talk (no joke). Likewise, computers will have a sense of smell. Computers like your smartphone will be able to diagnose illnesses based on biomarkers on your breath, helping to aggregate epidemiological data and keep health authorities out in front of outbreaks.

Perhaps most interesting, though, are IBM’s visions of computers that can taste and feel. Where food is concerned, IBM more or less predicts the end of the chef who creates flavor pairings by intuition. IBM is already working on a system that “experiences” flavor compounds and uses that data to create flavor pairings and recipes at a very fundamental level, based on both food chemistry and human psychology. “In five years a computer system will know what I like to eat better than I do,” says Dr. Lav Varshney, research scientist in IBM’s Services Research branch.

And then there’s the sense of touch, which IBM thinks will become something we experience through our smartphone screens. Using specially tuned vibrations, it is already possible to create the sensation of textures that aren’t there. What we lack is a “dictionary of textures,” a kind of lexicon of vibrational patterns that allow us to generate virtually any texture sensation that we want. IBM predicts that we will create this--and is in fact working on doing so--and that it will create a whole new online experience. Think: the ability to feel the texture of a shirt you are shopping for online through the screen of your smartphone.

If any of this sounds far-fetched, it is. And IBM’s track record at predicting the future isn’t flawless. In its own accounting of its success, there are years (particularly 2011 and 2009) where its predictions have not yet borne fruit--though the five-year clock hasn’t run out on those predictions yet. Others, like real-time speech translation (2006), near-field communication payment technology for cell phones (2007), driver-assist technologies like self-parking and voice-activated commands (2007), and consumer market mind-reading devices (2011) have all proven true to some degree.

Judging purely from IBM’s previous record, at least some of the technologies described above should be on the five-year horizon. Siri suddenly seems quaint by comparison.

[IBM]

Angie Hart Carey Lowell

Microsoft Stores taking $25 deposit on Nokia Lumia 900

Nokia Lumia 900

AT&T, Microsoft and Nokia haven't said when the Lumia 900 will hit stores or how much it will cost, but if the flagship Windows Phone is a device you just have to have, you can now pre-order it.

Microsoft's retail stores are currently taking a $25 deposit for those looking to reserve themselves a Lumia 900 on launch day, whenever that is. The deposit offer was first reported by The Verge and confirmed to The Times on Friday through Microsoft Store employees.

Rumor has it that the Lumia 900 could launch in March at a price of about $99 on a 2-year contract, which would undercut top-of-the-line rivals such as Apple's iPhone 4S and the Android Ice-Cream-Sandwich-equipped Galaxy Nexus, built by Samsung.

In the U.S., the Lumia 900 will be exclusive to AT&T and feature a 4.3-inch display, a polycarbonate body in cyan or black, a 1.4-gigahertz Qualcomm single-core processor, 512 megabytes of RAM, 16 gigabytes of built-in storage, an 8-megapixel/720p video rear camera and a 1.3-megapixel front-facing camera.

I spent a bit of time with the Lumia 900 at CES in Las Vegas last month, and the phone did look quite impressive and something I thought could sell at $150 or $200 on a 2-year contract. Check out my hands-on look at the Lumia 900 below.

RELATED:

Nokia's Lumia 900 Windows Phone may launch at $99

Lumia 710, Nokia's first U.S. Windows Phone -- review

CES 2012: Lumia 900, Nokia's first 4G LTE Windows Phone, debuts [Photos and Video]

-- Nathan Olivarez-Giles

Nathan Olivarez-Giles on Google+

Facebook.com/nateog

Twitter.com/nateog

Photo: A Nokia Lumia 800 smartphone sits on display inside a Nokia retail store in Helsinki, Finland. Credit: Ville Mannikko / Bloomberg

Anne Archer Hetty Baynes

The Best Workspaces Of 2012

Throughout the year, the folks at Lifehacker feature the coolest workspaces from all over the world, submitted by everyone from professional designers to journalists to photographers to DIY aficionados who've discovered a new, creative home-office hack. They've rounded up 20 of the year's most popular featured workspaces, including home offices hacked together with Ikea furniture, a DIY standing desk, and an office that attaches to a leather recliner. (Seriously.) Check out 18 sumptuous spaces above.

[Main Image: Flickr user Thomas Høyrup Christensen]

Zooey Deschanel Sara Cox

Wednesday, December 19, 2012

Smartphone-Controlled Japanese Toilet Keeps A Personal Poop Diary


Satis Smartphone Toilet

Satis Smartphone Toilet via Lixil

The day will come, and come soon, when we will control our entire domestic lives with a phone. We will turn the lights on and off, we will change the temperature to the precise level we desire, we will cook our dinners and make our beds and brew our coffee and close our blinds and feed our pets with a tap and a swipe. We can do most of that now, in fact, though it's kind of expensive and cobbled-together to implement.

A good step forward is the new Satis toilets from Lixil, which connects to an Android smartphone via Bluetooth so you can tell it to do all those amazing things Japanese toilets can do. Tap to extend the oddly phallic bidet hose. Scroll to lift the toilet seat or flush. Select your favorite song to play it through the toilet's stereo, because the toilet has a stereo.

Perhaps the weirdest feature is that "you can set up a 'toilet diary' to monitor your visits to the can and check on your health," according to JapanTrends, which adds that it includes "cute euphemistic symbols for what you managed to achieve on different days." Not sure exactly how cute a symbol could be for what I personally "achieve" on the toilet, but I'm glad someone's trying! The toilet should be released in February of next year.

[via JapanTrends]

Nicki Minaj Mia Farrow

Instagram, Twitter Spar for Your Photos

• Invalid email address.

• You can't enter more than 20 emails.

• Seperate multiple addresses with Commas.

• Must enter an email address.

• You must enter the verification code below to send.

• Invalid entry: Please type the verification code again.

Renee O\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'conner Tara Reid

Directr Launches To The Public, With An App To Help Regular Users Make Watchable Mobile Videos

Earlier this year, I wrote about funding for a stealthy video-editing app called Directr, which had raised $1.1 million in seed funding to help people make better mobile videos. But we didn’t really know how it was planning to do so.

Well, the wait is over. The Directr app has officially launched, with an interesting approach to making actual watchable short mobile movies. While some apps are focused on helping people edit videos after they’ve already been shot, Directr has a whole different approach — it wants to help teach people how to make better videos. It does that by providing them with a framework of different video types, which they can then fill in with their own shots.

techcrunch_verticalThe process is called storyboarding and is used all the world around by actual movie and TV producers to prep before shooting. But due to the relative newness of the mobile video market, it hasn’t necessarily caught on with regular users. And guess what? That means regular users generally create crappy videos. Anyway, the app provides a bunch of potential storyboards for various types of videos, gives users examples of what their videos could or should look like, and then lets them shoot their own.

According to co-founder Max Goldman, about 20 percent of its beta users seemed to follow the storyboards exactly, while another 10 percent just ignored them altogether. It’s that middle 70 percent that are interesting, because those are the people who are using the storyboards for inspiration, but then riffing on them to create their own stories semi-independently. While providing some guidance, the app is designed to give users the freedom to do that.

There are more than 60 storyboards for users to test out right now, and the startup is adding more each week. But in preparation for Christmas, it’s rolling out a big group of holiday-themed pack of storyboards for users to help capture some of their holiday memories with. Use them and “your Christmas will never have looked better,” Goldman said.

Well okay then. Investors in Directr include NextView Ventures, Boston Seed Capital, Advancit Capital, and Alexis Ohanian and Garry Tan’s Initialized Capital, as well as angels like Thomas Lehrman, Ron Shah, and Joe Caruso. The company is based in Cambridge, Mass., and has about 12 employees now.


Suzanne Snyder Alek Wek

Why Samsung Drops Apple Sales Ban Requests

In a major turn of events in the global smartphone patent war, Samsung will drop its injunction applications against Apple in five European countries. The WSJ’s Yun-Hee Kim explains why this move will be good for both companies and what’s ahead in the Apple vs. Samsung dispute.

Neriah Davis Lori Petty

What Did The Air Force Just Launch Into Space?

English: The X-37B Orbital Test Vehicle in the...

The X-37B Orbital Test Vehicle in its encapsulation cell on April 13, 2010, in Titusville, Florida. (Photo credit: Wikipedia)

At 1:03 p.m. eastern time on Tuesday afternoon, the U.S. Air Force launched an unmanned Atlas 5 rocket into space from Cape Canaveral Air Force Station in Florida. The rocket’s cargo, a small shuttle called the X-37B Orbital Test Vehicle, is an autonomous spacecraft that’s been under development by the U.S. government for over a decade –though very few people know exactly what it’s supposed to do.

Depending on who you ask, speculation on the X-37B’s purpose ranges from an orbital fighter plane meant to destroy enemy satellites; a bomber capable of dropping nukes from outer space; a giant spy camera array; or just a simple science project, meant to prove the viability of a new generation of reusable spacecraft.

The U.S. government freely acknowledges the existence of the orbiter, but is deliberately vague about its purpose: “The focus of the program remains on testing vehicle capabilities and proving the utility and cost-effectiveness of a reusable spacecraft,” Air Force spokeswoman Tracy Bunko told Reuters before today’s launch.

What we do know for sure is that X-37B is about 29 feet long with a wingspan of 15 feet, about a quarter of the size of NASA’s now retired space shuttles. It’s solar powered and can remain in orbit for a year or more. And there’s no crew –it’s completely autonomous, capable of completing its mission and even returning to Earth and landing on its own.

The X-37B is the result of a quasi-secret program, started in 1999 by NASA, Boeing and the Air Force, but later transferred to the  Defense Advanced Research Projects Agency. Since taking over in 2004, DARPA has kept the vehicles development and budget under wraps.

This is the third flight of the Orbital Test Vehicle; the same ship circled earth for 224 days beginning in 2010, and a sister ship blasted off in 2011 and spent 469 days in space. Both shuttles were built by Boeing’s advanced R&D division, Boeing Phantom Works, based in Huntington Beach, California.

You can now pre-order my book, Of Dice and Men: The Story of Dungeons & Dragons and The People Who Play It. You can also follow me on Twitter, Facebook or Google +.

Related on Forbes:

Neriah Davis Lori Petty

Popular Photography's Camera Of The Year Is...


Canon EOS 5D Mark III

Canon EOS 5D Mark III Satoshi

It's that time of year again--the time of year to take incredibly detailed macro shots of pointsettias. And what better camera to do it with than the Canon EOS 5D Mark III, the winner of Popular Photography's hotly contested "Camera of the Year" contest? The follow-up to one of the most important cameras in the history of photography, the Mark III bests its predecessor in every way, topping strong competitors on its way to the prize. Read more here.

Rachael Leigh Cook Barbara Bouchet

How To Get Superpowers

Look up in the sky! It’s a bird! It’s a plane! It’s… you?

Why not? We’ve all dreamed about what it would be like to cast off the bonds of gravity and soar through the air like Superman, stick to the side of buildings like Spider-Man, or turn into the Incredible Hulk every time we get angry. Unfortunately, reality tends to get in the way of a good fantasy. People can’t really modify their bodies to fly, shoot laser beams or bench-press pickup trucks, despite what the latest Disney action flick might tell you.

Or can they? In comic books, heroes develop their powers in a variety of remotely plausible ways, including radiation exposure, high-tech super-suits and genetic engineering. If you really wanted to power-up and take on crime, would any of the comic book methods actually work?

Here’s how the heroes do it –and the truth behind the fiction.

THEY BUILD A SUPER SUIT
The Fiction: Why not follow in the footsteps made by Iron Man’s heavy boots of lead? Defense contractor Tony Stark uses a custom-made battle suit –equipped with repulsor rays, missile launchers and flight-capable jetboots– to combat all manner of threats.

The Truth: Engineers for the U.S. Army are working on an initiative to outfit soldiers in a lightweight, lethal, fully integrated individual combat system that will include built-in firearms, liquid body armor, and a strength-boosting exoskeleton. Just don’t expect it in the field anytime this decade. Unless you’re a billionaire, genius inventor, best to write this option off.

THEY UNDERGO EXTREME TRAINING
The Fiction: Who needs super powers? Heroes like Batman and the Green Arrow fight crime with little more than highly developed skills, well-toned physiques, and a fanatical devotion to justice.

The Truth: It’s true: You don’t have to be super-human to be a superhero, and a strict regimen of training is your best bet to becoming a real-world Batman. But look around you: how many high-powered vigilantes do you see solving crimes? The amount of discipline required to truly make yourself super is as rare as kryptonite.

THEY’RE BORN WITH MUTANT GENES
The Fiction: The Uncanny X-Men all boast a genetic anomaly that manifests itself in extraordinary ways –from super-strength to the ability to heal serious wounds.

The Truth: More often than not, changes in DNA caused by mutation are completely insignificant. Sometimes, they can be quite damaging: cancer, hemophilia and cystic fibrosis can all be caused by genetic mutation. But the X-Men are sort of remotely plausible. Genetic mutation is the driving force of evolution, and sometimes it can manifest in amazing ways. In 2004, The New England Journal of Medicine reported on a German baby with a genetic mutation that boosts muscle growth. At the age of four, this “superboy” had muscles twice the size of other kids his age and could hold seven-pound weights with his arms extended, a feat many adults can’t accomplish.

THEY’RE BORN IN OUTER SPACE
The Fiction: Superman gained his powers as an accident of birth. The sole survivor of the destroyed planet Krypton, his alien anatomy is supercharged by the light of our yellow sun, giving him abilities as varied as flight, heat vision, and bullet-proof skin.

The Truth: Much of Superman’s story doesn’t ring true, but there could be something to the source of his powers. Krypton orbited a star that was a red giant, which is cooler than our own sun, and puts out less ultraviolet light. So –hypothetically– if there was some way to harness ultraviolet energy into superpowers, at least the man on Krypton/Superman on Earth part of the story works.
Presumably, however, if you’re reading this, you were born right here on Earth, so you’re out of luck.

THEY TAKE SOME DRUGS
The Fiction: Costumed crusaders usually fight the drug trade, but more than a few have custom pharmaceuticals to thank for their powers –like scrawny college student Steve Rogers, who became Captain America thanks to the Super-Soldier Serum.

The Truth: Members of the military have relied on drugs to help them improve their performance for decades, including fighter pilots, who take amphetamine “go-pills” to ward off fatigue on long flights. The Pentagon’s Defense Advanced Research Projects Agency does research compounds that increase endurance, boost strength, and keep soldiers at peak performance for a week without sleep. But until those chemicals get the green light, the use of drugs to boost performance remains a highly controversial –and highly dangerous– practice.

THEY MASTER THE ARCANE ARTS
The Fiction: Dr. Strange is Earth’s Sorcerer Supreme, protecting mankind from mystic and arcane enemies. Taught the ways of magic by an ancient hermit in a Himalayan cave, Strange now casts spells and studies the supernatural from his mansion in New York City’s Greenwich Village.

The Truth: Penn and Teller can’t really catch bullets in their teeth. If Lance Burton really cut a woman in half, she’d die. And no incantation, evocation or spell has ever done anything that violates the laws of physics. Save the magic tricks for kid’s birthday parties.

THEY UTILIZE ALIEN TECHNOLOGY
The Fiction: Some comic book characters have been given alien gizmos to fight crime –like the Green Lantern, who wears a power ring granted to him by the Guardians of the Universe, administrators of an intergalactic police force.

The Truth: The odds are good that there’s life elsewhere in the universe, and if if we meet an alien life form in the flesh, it’s likely to either be very simple –like bacteria– or incredibly complex. An intelligent species that’s been through a few million more years of technological development than us could easily pack enough tech in a ring to make a human fly –as Arthur C. Clarke wrote, “any sufficiently advanced technology is indistinguishable from magic.”
Of course, there’s no evidence that we’ve ever been visited in aliens, or ever will be. So if you’re waiting for Abin Sur to show up and hand you some jewelry, you’re likely to remain empty-handed.

THEY GET EXPOSED  TO RADIATION
The Fiction: Spider-Man, The Incredible Hulk and Daredevil all benefited from exposure to radioactive materials –what about giving yourself a dose of some unstable atomic nuclei to jump-start your powers?

The Truth: Not a good idea. When radioactive particles enter your body, they collide with atoms and molecules in your cells. Small doses cause damage that can easily be repaired. A little more can make you very sick. Crank up the dosage past 600 rem –an amount 1600 times what the average person is exposed to every year– and you’ll be dead within two weeks. The radiation damages the cells that line your small intestine, and you literally leak out the gut.

You can now pre-order my book, Of Dice and Men: The Story of Dungeons & Dragons and The People Who Play It, or follow me on Twitter, Facebook and Google +.

Rosa Blasa Catherine Bell

Researcher: Pesky Microbe May Have Caused the Biggest Extinction in History



Methane-producing bacteria may have leverage nickel from volcanism to flood the atmosphere with methane

It was called "The Great Dying".

I. A Time of Death and Desolation

If that title sounds dire it is because it was indeed a grim time for life on Earth.  Occurring about 252 and one-third million years ago, the mass extinction came at a time when life on Earth had become fairly advanced.  Terrestrial life consisted of a rich mix of large amphibians (think huge cousins of today's salamanders) and scaly reptilian dinosaur predecessors.  The seas teemed with life.

Then some sort of cataclysm swept the globe.  Ninety-six out of every one-hundred marine species (96%) went exinct, while seventy out of every one-hundred terrestrial vertebrate species (70%) also bit the metaphorical dust.  The exinction to this day remains the most severe mass extinction in Earth's history and what is believed to be the only mass extinction to feature a major extinction of insects -- traditionally among the Earth's most hardy species.

So what caused this severe event?


In line with all the hype and fervor surrounding global warming, some past researchers have suggested climate change may have played a role.  Criticism of this hypothesis has traditionally been that it's improper to assume the markers of climate change -- atmospheric and ocean carbon levels -- as causing ecological changes, when ecological changes can also cause climate change.

Massachusetts Institute of Technology Professor Daniel Rothman has become the latest researcher to throw his hat in the paleontological ring, offering up an interesting alternate hypothesis of how such a catastrophic climate change incident may have been triggered, leading to the Earth losing so much biodiversity.

The Great Dying marked the edge of the Permian.  Its end ushered in a new era -- the Triassic -- which would become the first of three major historical eras when the land-masses were ruled by large reptiles (dinosaurs).

To look for clues as to what caused The Great Dying, Professor Rothman dug back into sediments from the end of the Permian era.  Examing deposits in China, he found something intriguing.

Carbon levels in the sediment indeed appeared to rise quickly.  But the interesting part is that they rose so quickly that he feels that the sedimentary analysis rules out change by slower-acting forms of carbon release, such as volcanoes.

He also observed that oceanic nickel levels spiked 251 million years ago, as volcanoes in Siberia dumped tons of molten nickely into the sea.

II. What Caused Carbon Levels to Spike? 

Nickel is a ubiquitous catalyst in certain kinds of biochemical reactions.  Microorganisms, such as the ocean-based methane-producing bacterium methanosarcina, often use the metal to speed up reactions that produce carbon waste byproducts.

Thus Professor Rothman suggests that methanosarcina likely exploited the rising nickel levels to transform carbon dioxide and hydrogen into methane.  

In fact, Professor Rothman believes that methanosarcina fortuitously acquired the its triple metal-catalyzed methane-producing metabolic pathways about 251 million years ago, just as the nickel levels spiked.


The loss of atmospheric carbon dioxide would likely have twin adverse impacts -- first as plants require carbon dioxide to produce sugars, there likely would be mass loss of foliage globally; second as methane is a more potent warming gas than carbon dioxide, temperatures likely would have spiked globally.

The researcher's hypothesis was set forth on Dec. 4 at the annual meeting of the American Geophysical Union.  The meeting was held in San Francisco, Calif. at the Moscone Convention Center.

If he is correct it suggests that methanosarcina could be the most diabolical murderer in history, by far eclipsing mankind's worst impact in terms of speciation.

Not all experts are convinced.  Anthony Cohen, a researcher at the Open University in the United Kingdom, comments, '"[For the hypothesis to be correct] there are a lot of assumptions you have to make."

Sources: Live Science, AGU Meeting Schedule

Gisele Bundchen Eliza Szonert

Tuesday, December 18, 2012

Are You a Royal Tenenbaum? A Suzy Bishop? This Infographic Can Tell You

As we’ve mentioned before, life can sometimes feel like a Wes Anderson movie. However, now there’s a new method for determining precisely which movie, and even which character.

The team at Flavorwire has put together a charming infographic that reveals, via flowchart, which Wes Anderson character you favor. All quirky playwrights, for instance, can be simply divided into the Max Fischer group or the Margot Tenenbaum camp, depending on their vices. Best of all, the infographic contains GIFs, so you can see Fantastic Mr. Fox's Badger staring into your soul.

Famke Janssen Thora Birch

Facebook CEO Donates $500 Million in Stock to Silicon Valley Group

Facebook CEO Mark Zuckerberg said he has donated roughly $500 million worth of stock in the social site to the Silicon Valley Community Foundation, a philanthropy research and investment group based not far from his office in Menlo Park, Calif.

In a note on his Facebook page, Zuckerberg wrote that he and his wife Priscilla have signed the so-called Giving Pledge, a philanthropy effort aimed at the wealthy and launched by Bill Gates and Warren Buffett a couple of years ago. The pledge involves promising to give away at least half of one’s fortune during his or her lifetime.

While he’s already donated funds to public schools in Newark, N.J., Zuckerberg wrote that the new donation to the Silicon Valley Community Foundation will “lay the foundation for new projects.” In particular, he writes that “together, we will look for areas in education and health to focus on next.”

On its website, the Silicon Valley Community Foundation says that last year it had $2 billion in assets under management, and awarded $235 million in grants from all of its funds in dozens of countries. The Silicon Valley Community Foundation says it gives to a broad array of causes, with the biggest share of its grantmaking going last year to education. Other categories included community building, the environment, health, arts and culture, the group says.

“Mark’s generous gift will change lives and inspire others in Silicon Valley and around the globe to give back and make the world a better place,” said Emmett Carson, Silicon Valley Community Foundation’s CEO.

Zuckerberg is making his donation in the form of 18 million shares of Facebook, which closed Tuesday at $27.71 a share. Facebook went public in May with its shares initially priced at $38 apiece, though they proceeded to dip below $20. However, the shares have risen nearly 27% in the last three months leading up to Tuesday’s close.

Paula Prentis Alicia Silverstone

The incredible 'alien' skull discovered in a Mexican cemetery

  • Find is new evidence of cranial deformation, where skulls were tightly bound in wooden supports to alter their shape
  • Unique head shape was used to differentiate different social classes

By Mark Prigg

|

It is an astonishing image that could have come straight from the plot of a Ridley Scott movie.

Archaeologists in Mexico today revealed the astonishing skull of a person suffering from a cranial disfiguration.

Believed to be 1,000 years old, the find was made near the small Mexican village of Onavas.

Scroll down for video

One of the 13 individuals with cranial deformation discovered in the cemetery in Mexico

One of the 13 individuals with cranial deformation discovered in the cemetery in Mexico

The find is eerily similar to the Alien in Ridley Scott's film of the same name

The find is eerily similar to the Alien in Ridley Scott's film of the same name

The find is believed to be the first in the region showing the practice of binding a skull to change its shape.

'Cranial deformation in Mesoamerican cultures was used to differentiate one social group from another and for ritual purposes,' said archaeologist Cristina Garcia Moreno, director of the research project.

The burial ground consists of 25 individuals; 13 have intentional cranial deformation and five also have dental mutilation.

'This unique find shows a mix of traditions from different groups of northern Mexico,' said Moreno.

The use of ornaments made from sea shells from the Gulf of California had never been found before in Sonoran territory and this discovery extends the limit of influence of Mesoamerican peoples farther north than has been previously recorded,” she said in a video posted to YouTube.

Some of the individuals were wearing ornaments such as as bangles, nose rings, earrings, pendants made from shells found in the Gulf of California, and one burial contained a turtle shell, carefully placed over the abdomen, according to Past Horizons.

The burial ground contained 25 individuals, and 13 of them have what researchers describe as 'intentional cranial deformation

The burial ground contained 25 individuals, and 13 of them have what researchers describe as 'intentional cranial deformation

Dental disfigurements were also found is several of the skulls, which was believed to be a rite of passage

Dental disfigurements were also found is several of the skulls, which was believed to be a rite of passage

Garcia Moreno has been conducting work on behalf of Arizona State University with approval of the National Institute of Anthropology and History (INAH).

The dental mutiliations discovered are believed to be a rite of passage.

'The dental mutilation in cultures such as the Nayarit was seen as a rite of passage into adolescence,' said Moreno.

'This is confirmed by the findings at the Sonora cemetery where the five bodies with dental mutilation are all over 12 years in age.'

SKULL BINDING THROUGH HISTORY

Painting by Paul Kane, showing a Chinookan child in the process of having its head flattened, and an adult after the process

Painting by Paul Kane, showing a Chinookan child in the process of having its head flattened, and an adult after the process

Also known as head binding or head flattening, the practice was usually done to signify group affiliation or as a way to demonstrate social status.

The earliest written record of cranial deformation dates to 400 BC in Hippocrates' description of the Macrocephali or Long-heads, although it is believed the Neanderthals may also have used the technique.

It was typically carried out on infants as their skulls could be easily moulded.

To create the effect, wooden boards were applied to the skull with pressure, typically starting at the age of about one month, and then for the next six months.

However, the method was extremely risky, and in the latest find, researchers believe the fact many of those with disfigured skulls died young show just how dangerous it was.


Three drawings of methods that were used by Maya peoples to shape a child's head

Three drawings of methods that were used by Maya peoples to shape a child's head

However, she continued,'In this case, you cannot recognise any social differences because all the burials seem to have the same characteristics.

'Nor have we been able to determine why some were wearing ornaments and others not, or why of the 25 skeletons only one was female. “

The team say the number of infants and pre-pubescents could show the high risks involved in the cranial deformation, which can kill from the excessive force squeezing the skull.

The find has been dated to the year 943 CE from samples taken from one of the individuals.

Many of the skulls showed signs of cranial or dental mutiliation

Many of the skulls showed signs of cranial or dental mutiliation

Experts at the site, where 25 bodies were discovered

Experts at the site, where 25 bodies were discovered

Believed to be 1,000 years old, the find was made near the small Mexican village of Onava

Donna Gubbay Ashley Greene

DotNetNuke acquires software firm iFinity to beef up its Web content management platform

DotNetNuke (DNN), the Silicon Valley company behind a popular Web content management platform for Microsoft .NET, this morning announced that it has bought iFinity, a website and software development company headquartered in Queensland, Australia.

The acquisition of iFinity, a supplier of modules and consulting services for the DotNetNuke website platform, will enable DNN to beef its flagship solution up with a complete URL management solution, helping customers improve search engine optimization.

iFinity founder Bruce Chapman will join the DNN development team, effective immediately.

He writes:

The immediate plans for all the Url-related software are to integrate the codebase into DotNetNuke 7.1, a process which has been kicked off immediately. The underlying Url Master technology will become the standard way of powering all Url related functions in DotNetNuke, for all editions, for all versions from 7.1 onwards.

The majority of the Url management features will go straight into the commercial editions of DotNetNuke, but the underlying capability and improved Urls will be in the open-source community platform.

Financial terms of the deal were not disclosed, but all of the available iFinity software products IP will be transferred to DotNetNuke.

DotNetNuke says there have been over 7 million downloads of its open-source project, and that its global community is 1 million members strong.

Founded in 2006 and funded by Sierra Ventures, August Capital and Pelion Venture Partners, DotNetNuke is headquartered in San Mateo, California, with offices in Vancouver and Amsterdam.

Image credit: Thinkstock

Rosa Blasa Catherine Bell

Microsoft Stores taking $25 deposit on Nokia Lumia 900

Nokia Lumia 900

AT&T, Microsoft and Nokia haven't said when the Lumia 900 will hit stores or how much it will cost, but if the flagship Windows Phone is a device you just have to have, you can now pre-order it.

Microsoft's retail stores are currently taking a $25 deposit for those looking to reserve themselves a Lumia 900 on launch day, whenever that is. The deposit offer was first reported by The Verge and confirmed to The Times on Friday through Microsoft Store employees.

Rumor has it that the Lumia 900 could launch in March at a price of about $99 on a 2-year contract, which would undercut top-of-the-line rivals such as Apple's iPhone 4S and the Android Ice-Cream-Sandwich-equipped Galaxy Nexus, built by Samsung.

In the U.S., the Lumia 900 will be exclusive to AT&T and feature a 4.3-inch display, a polycarbonate body in cyan or black, a 1.4-gigahertz Qualcomm single-core processor, 512 megabytes of RAM, 16 gigabytes of built-in storage, an 8-megapixel/720p video rear camera and a 1.3-megapixel front-facing camera.

I spent a bit of time with the Lumia 900 at CES in Las Vegas last month, and the phone did look quite impressive and something I thought could sell at $150 or $200 on a 2-year contract. Check out my hands-on look at the Lumia 900 below.

RELATED:

Nokia's Lumia 900 Windows Phone may launch at $99

Lumia 710, Nokia's first U.S. Windows Phone -- review

CES 2012: Lumia 900, Nokia's first 4G LTE Windows Phone, debuts [Photos and Video]

-- Nathan Olivarez-Giles

Nathan Olivarez-Giles on Google+

Facebook.com/nateog

Twitter.com/nateog

Photo: A Nokia Lumia 800 smartphone sits on display inside a Nokia retail store in Helsinki, Finland. Credit: Ville Mannikko / Bloomberg

Robin Quivers Kevin Smith

Why You Really Do Want Your Tweet Archive

When third-party companies, licensed by Twitter to resyndicate its data, began selling access to historical tweets earlier this year, privacy advocates were quick to point out an inconsistency in the platform's policies.

Data analytics companies such as DataSift and Gnip were making money from past tweet data, but individual Twitter users still couldn’t easily access the full log of tweets they had created. “By locking users out of their own data, Twitter has managed a rare feat: making Facebook look good,” wrote The Globe and Mail.

But if Twitter moves forward with a personal archive option it began testing this week (as promised), it can end this incongruity. The company already grants users rights to all of their tweets in its terms of service. With the new feature, it will finally grant them...their tweets. Rather than making users fish tweets from the archive using an exact URL, they will be able to download a zip file that contains their Twitter history with a few clicks. The feature is similar to Facebook’s "Download Your Info" feature or Google's "Takeout" products.

Giving users' access to their archives provides a good comeback line for Twitter. But does the new feature provide any value to users? Here's how it might.

Users can already search Twitter history through third-party apps such as Topsy. But, points out Cathy Marshall, a principal researcher in Microsoft's Silicon Valley Lab who studies personal digital archiving, that doesn’t remove the risk of losing it. “What guarantee do you have that a small company has any stability itself? You’ve backed up your tweets to another service, and you don’t know what its general outlook is.”

Downloading tweets directly from Twitter, where they'll be safe even if the Internet explodes, reduces the risk of losing content. It provides an easy way for even someone who doesn't have a lot of computer skills to save what they've created.

"If you’re a geek, you care a lot, because this is about data sovereignty," says Marc A. Smith, the cofounder of the Social Media Research Foundation, an organization that develops free and open tools for all kinds of users who want to understand networks and social media. "If I don’t actually have my own controllable copy that could be redeployed in some other service, than I’m cattle. If I can’t exit and then reengage with some other person in the marketplace, then every time I submit a bite of content to any depository, I have to do so knowing that that is a data roach hotel. Data goes in, it never comes out. I think so far we all live in data roach hotels, and we don’t have sovereignty."

Twitter's new tool gets halfway there. It gives some users a controllable copy of their content. But it doesn't exactly make their data portable. Good luck uploading your Twitter archive to Facebook, for instance. Or vice versa.

“By comparison, email, it usually is possible to download a bunch of email archives and walk over to another server and upload those archives and then, bang, you’re pretty much back in business,” Smith says. “When enterprises need data portability, they typically get it. When consumers want data portability, they don’t get it."

Creating what looks like a simple download option becomes more difficult when scaled for 140 million users who together create 340 million new tweets every day. Twitter may very well have more in mind for its archive option than it has released in its first test.

Tweet search engine and data analytics company Topsy may come closest to fully understanding the challenge. It has created a searchable three-year archive of Twitter chatter that contains more than 100 billion tweets, and, says VP of Product Jamie de Guerre, it's been no walk in the park. “Google’s index of the entire Internet ranges from about, in some estimates, 45 billion web pages to 125 billion web pages,” he says. “So the size of Twitter is on the order of the size of the Internet--just in tweets instead of web pages. Having all of that data available, being able to query across and return a large data file to a user is definitely quite a challenge.”

Although for now there’s not much to do with your Twitter archive but reminisce, De Guerre hypothetically imagines new ways to visualize history, not unlike Facebook Timeline. Smith insists there's no reason that online services can't cooperate to provide full portability for their users, citing proposed common languages such as Activity Streams and GraphML.

For now, he says, Twitter's archiving feature is a step in the right direction. "My Goodness!" he exclaims when I comment that I'm not sure why I'd want my tweet archive. "The data has value," he says. "We know it has value because it’s traded on marketplaces."

[Image: Flickr user rkramer62]

Glenn Close Kristy Hinze

Samsung Galaxy Flaw Lets Hackers Tunnel Into RAM

A flaw in the kernel of the Samsung processor at the heart of several Galaxy series devices allows access to the phone's RAM. It looks as if Samsung downplayed security in setting up permissions for kernel access, said Carl Howe, research vice president at the Yankee Group. "That's a bit concerning because it means that this may only be one of many vulnerabilities."

A new security flaw has been discovered in Samsung's vulnerability-plagued Galaxy S III. This time, the problem lies in the company's Exynos 4 series of chips.

The flaw was discovered by a hacker with the handle "Alephzain," who posted the information on the XDA Developers Forum.

Three hackers have posted solutions for the vulnerability so far.

However, Samsung has remained silent on the flaw.

Samsung did not respond to our request to comment for this story.

About the Exynos Flaw

The flaw, which is a bug in the Exynos 4 series' kernel, affects only devices running the Exynos 4210 and 4412 processors. These include the international versions of the Galaxy S III and Galaxy Note, and Galaxy Tab 2 and Galaxy Note 10.1.

However, versions of the Galaxy S III sold in the United States are not affected.

The flaw gives access to the device's RAM. This will let a malicious user download the contents of an affected device's RAM and examine them. It will also let malicious users upload new processes of their own. In theory, a malicious app concealing this exploit can root a victim's phone on the sly and send data on the phone to third parties, for example.

Such apps could be downloaded from Google Play, Alephzain warned.

While there are other ways to access a device's RAM to dump its contents or inject malicious code into its kernel, this Exynos flaw makes things easier for the bad guys, Alephzain said. It's easy to conduct exploits with native C and the Java Native Interface.

Workarounds for the Problem

Three hackers, "Chainfire," "Supercurio" and "RyanZA" have all posted solutions on the Web for the Exynos vulnerability.

Chainfire's solution lets users disable the exploit, re-enable it and disable the exploit at boot, before any Android app runs. However, Chainfire warns that this will require rooting the mobile device and is a workaround, not an actual fix.

Rooting mobile devices voids the manufacturer's warranty.

Supercurio's solution does not require rooting, doesn't modify the device's system, copy files or flash anything, can be enabled or disabled at will, and is free. It works on any device and lets users know if their device is vulnerable.

However, it breaks the proper function of the front camera on some Galaxy S III and Note II firmware when activated. Other flaws include being unable to protect efficiently against some potential attacks, Supercurio warns.

RyanZA's fix is similar to Supercurio's but allows users to toggle it on or off in order to use the camera.

Who Really Cares?

"It's not a problem in the U.S. because our Galaxy S IIIs have a different chip ... but it does sound like Samsung developers weren't concerned about security in how they set up the permissions for the virtual directory within the kernel," Carl Howe, research vice president at the Yankee Group, told TechNewsWorld. "That's a bit concerning because it means that this may only be one of many vulnerabilities."

In September, Galaxy S III and S II smartphones were discovered to be vulnerable to remote malicious resets. A single malicious line of code concealed in a Web page could remotely wipe these devices, Ravi Borgaonkar, a researcher at the Technical University Berlin, demonstrated at the Ekoparty security conference in Argentina.

However, "I don't think consumers keep up with [security issues]," Maribel Lopez, principal analyst at Lopez Research, said. "They care about whether the device has the apps they want and the screens they want."

Over time, we have become less concerned about privacy, Lopez told TechNewsWorld. Further, "two decades of PC viruses have desensitized us [to security flaws]. The average consumer assumes we'll have a patch."

Still, smartphone manufacturers have to pay attention to securing smartphones, which "have become essential computing devices for most of the world, or face backlashes from consumers," Howe suggested.

Security is an issue for consumers, according to a survey from Crossbeam Systems. More than half of the respondents said they'd consider changing providers, and another 19 percent said they'd definitely change providers if their smartphones had security issues.

Marisol Thomas Catherine Bach

Tweeting Tie-in to Complement Nielsen TV Ratings

Twitter said Monday it’s tying up with TV ratings giant Nielsen to create the “Nielsen Twitter TV Rating,” a new audience metric based on the popular microblogging service.

The move seems to be a natural extension for Twitter, which becomes particularly useful when it lights up in real time during notable TV events like a presidential debate, say, or even a benefit like the recent music extravaganza held to benefit victims of Hurricane Sandy—when it was used to monitor perception of the current state of decrepitude of the Rolling Stones, for example.

This so-called “second screen” phenomenon often plays out as a Twitter user watches the tube with a mobile device or tablet in hand.

Nielsen said in a statement that the new Twitter TV Rating will be used to gauge “the reach of the TV conversation on Twitter,” and will start in the fall 2013 TV season. The new metric will complement current TV ratings, and will give “TV networks and advertisers the real-time metrics required to understand TV audience social activity,” Nielsen said.

Twitter head of media Chloe Sladden wrote in a post on the company blog that “our TV partners have consistently asked for one common benchmark from which to measure the engagement of their programming.”

“This new metric is intended to answer that request,” she added.

Closely-held Twitter is in the midst of dramatic growth, and its ability to translate its vast audience into vast amounts of revenue is sure to come under increasing scrutiny as it moves toward a potential IPO. That’s particularly true in the wake of several IPOs among Twitter’s peers that have turned out to be less-than-enticing for many investors, such as those staged by Facebook Zynga and Groupon .

Allie Mutch David Beckham

Monday, December 17, 2012

NASA probes Ebb and Flow intentionally crash onto moon's surface in dramatic end to year-long mission

  • Impact was not be visible from Earth, scientists said, as small probes had no fuel to cause explosion on impact
  • Action follows end to a successful year-long mission
  • Landing site named in honor of Sally Ride, the first American woman in space, who died earlier this year

By Nick Mcdermott, Science Reporter

|

They have danced around the moon for almost a year, making detailed maps of its interior.

Flying in formation over the lunar surface, the two NASA probes - named Ebb and Flow - helped further our understanding of the early solar system.

But Monday, in a dramatic climax to their mission, the two spacecraft plunged seconds apart into a mountain near the moon's North Pole.

Afterward, NASA said it had dedicated the impact site in honor of mission team member, Sally Ride, the first American woman in space who died earlier this year.

Scroll down for video

Ebb and Flow Satellites crash into moon

Projection: The Ebb and Flow Satellites' trajectory to crash into the moon on December 17

Heavenly bodies: An artist's depiction of the twin spacecraft (Ebb and Flow) that comprise NASA's Gravity Recovery And Interior Laboratory (GRAIL) mission.

Heavenly bodies: An artist's depiction of the twin spacecraft (Ebb and Flow) that comprise NASA's Gravity Recovery And Interior Laboratory (GRAIL) mission.

Using a precision formation-flying technique, the twin GRAIL spacecraft -- Ebb and Flow -- have mapped the Moon's gravity field, as depicted in this artist's rendering.

Mapping the moon: Using a precision formation-flying technique, the twin GRAIL spacecraft -- Ebb and Flow -- have mapped the Moon's gravity field, as depicted in this artist's rendering.

By design, the spot was far away from the Apollo landings and other historical sites.

With their fuel running low, NASA was keen to prevent them from crashing near the historically important Apollo landing sites.

Honoring: NASA said it had dedicated the impact site in honor of mission team member, Sally Ride, the first American woman in space who died earlier this year

Honoring: NASA said it had dedicated the impact site in honor of mission team member, Sally Ride, the first American woman in space who died earlier this year

And even the keenest stargazer would not have spotted the two-washing machine sized probes as they impacted at a speed of 3,800mph, as the collisions occurred on the dark side of moon.

But NASA's Lunar Reconnaissance Orbiter which circles the moon will soon be passing over the site and will attempt to photograph the skid marks after the craft slammed into the surface.

The mission, codenamed Grail - Gravity Recovery and Interior Laboratory - was launched in September 2011 from Cape Canaveral and has been deemed a success.

The twin craft collected data about the moon's gravity while orbiting at an average altitude of 34 miles, revealing its surface is much thinner than previously thought, gouged out by the impact of thousands of asteroids and comets.

'It is going to be difficult to say goodbye to our little robotic twins,' says MIT professor Maria Zuber, Grail principal investigator. 'Planetary science has advanced in a major way because of their contributions.' Ebb and Flow conducted one final experiment before their mission ends, firing their main engines until their propellant tanks are empty in a bid to determine precisely the amount of fuel left in their tanks.

NASA engineers hope this information will help improve predictions of fuel needs for future missions.

'Our lunar twins may be in the twilight of their operational lives, but one thing is for sure, they are going down swinging,' said Grail project manager David Lehman of NASA's Jet Propulsion Laboratory in California.

Trajectory: The twin lunar-orbiting NASA spacecrafts went on a controlled crash into a site named after Sally Ride

Trajectory: The twin lunar-orbiting NASA spacecrafts went on a controlled crash into a site named after Sally Ride

Crash landing site: The map shows the region where the twin spacecraft of NASA's Gravity Recovery and Interior Laboratory mission will impact on Monday

Crash landing site: The map shows the region where the twin spacecraft of NASA's Gravity Recovery and Interior Laboratory mission will impact on Monday

A successful mission: The map created by Ebb and Flow has revealed an incredibly pulverized lunar crust, suggesting the moon, Earth, Mars, Mercury and Venus were pounded by long-ago impacts far more violently than previously thought.

A successful mission: The map created by Ebb and Flow has revealed an incredibly pulverized lunar crust, suggesting the moon, Earth, Mars, Mercury and Venus were pounded by long-ago impacts far more violently than previously thought.

The $496 million Grail mission ¿ short for Gravity Recovery and Interior Laboratory ¿ launched in September 2011, and Ebb and Flow reportedly arrived in lunar orbit about three months later.

Blast Off: The $496 million Grail mission - short for Gravity Recovery and Interior Laboratory - launched in September 2011, and Ebb and Flow reportedly arrived in lunar orbit about three months later.

'Even during the last half of their last orbit, we are going to do an engineering experiment that could help future missions operate more efficiently.' The twin craft focused exclusively on measuring the moon's lumpy gravity field in a bid to learn more about its interior and early history.

'After flying in formation for months, they produced the most detailed gravity maps of any body in the solar system.

Since the dawn of the Space Age, more than 100 missions have involved the moon, including Nasa's six Apollo landings that put 12 astronauts on the surface.

The last time the US space agency intentionally fired a man-made object at the moon was in 2009, but it was for the sake of science. Spectators on Earth barely saw the faintest of flashes, but the experiment proved that the moon contained water.

'Grail has produced the highest-resolution, highest-quality gravity field for any planet in the solar system, including Earth,' Zuber reportedly said.

The resulting map has revealed an incredibly pulverized lunar crust, Zuber added, suggesting that the moon, Earth, Mars, Mercury and Venus were pounded by long-ago impacts far more violently than previously thought.

Mission managers on Friday turned off Ebb and Flow's science instruments and ordered a maneuver putting them  on course for the rim of the crater, which reportedly sits at a latitude of 75.62 degrees north and a longitude of 26.63 degrees east.

New moon: This locations on the moon that NASA considers 'lunar heritage sites' and the path GRAIL will take to avoid hitting any of them

New moon: This locations on the moon that NASA considers 'lunar heritage sites' and the path GRAIL will take to avoid hitting any of them

Impact: These 3D renderings show the lunar mountain targeted by the GRAIL mission for controlled impact of the Ebb and Flow spacecraft

Impact: These 3D renderings show the lunar mountain targeted by the GRAIL mission for controlled impact of the Ebb and Flow spacecraft

LUNAR GRAVEYARD: HOW THE EBB AND FLOW WILL BE IN GOOD COMPANY

More than 100 missions have been flung to Earth's nearest neighbor since the dawn of the Space Age including NASA's six Apollo moon landings that put 12 astronauts on the surface.

The demise of Ebb and Flow comes on the same month as the 40th launch anniversary of Apollo 17, the last manned mission to the moon.

Ebb and Flow focused exclusively on measuring the moon's lumpy gravity field in a bid to learn more about its interior and early history. After flying in formation for months, they produced the most detailed gravity maps of anybody in the solar system.

Secrets long held by the moon are spilling out. Ebb and Flow discovered that the lunar crust is much thinner than scientists had imagined. And it was severely battered by asteroids and comets in the early years of the solar system - more than previously realized.

Data so far also appeared to quash the theory that Earth once had two moons that collided and melded into the one we see today.

Besides a scientific return, the mission allowed students to take their own pictures of craters and other lunar features as part of collaboration with a science education company founded by Ride, who died in July of pancreatic cancer at age 61.

bout 3,600 classrooms around the world participated, sending back 114,000 photos.

Scientists expect to sift through data and images from the $487 million mission for years.


Jacinta Stapleton Portia De Rossi

Web Served, part 4: Get your database on

Web served

  • Web served, part 3: Bolting on PHP with PHP-FPM
  • Web served, part 2: Securing things with SSL/TLS
  • How to set up a safe and secure Web server
View all…

For new readers just joining us, this is the fourth in a series of articles on getting your hands dirty by setting up a personal Web server and some popular Web applications. We've chosen a Linux server and Nginx as our operating system and Web server, respectively; we've given it the capability to serve encrypted pages; and we've added the capability to serve PHP content via PHP-FPM. Most popular Web apps, though, require a database to store some or all of their content, and so the next step is to get one spun up.

But which database? There are many, and every single one of them has its advantages and disadvantages. Ultimately we're going to go with the MySQL-compatible replacement MariaDB, but understanding why we're selecting this is important.

To SQL or NoSQL, that is the question

In most cases these days, when someone says "database" they're talking about a relational database, which is a collection of different sets of data, organized into tables. An individual record in a database is stored as a row in a table of similar records—for example, a table in a business's database might contain all of that business's customers, with each record consisting of the customer's first name, last name, and a customer identification number. Another table in this database might contain the states where the customers live, with each row consisting of a customer's ID number and the state associated with it. A third table might contain all the items every customer has ordered in the past, with each record consisting of a unique order number, the ID of the customer who ordered it, and the date of the order. In each example, the rows of the table are the records, and the columns of the table are the fields each record is made of.

A relational database is called such because each table contains like items—items with a relationship to each other. Each record in each table must contain some way of uniquely identifying it, too—in our customer name table, there might be several different customers named "John Smith," but they'll each have a unique customer ID number. This unique thing is called the primary key and every table has a column designated as such. (Database admins will understand that I'm greatly simplifying, because otherwise we will be here all day!)

Relational databases are mostly managed with a programming language called SQL, for "Structured Query Language" (and there's a never-ending holy war over whether "SQL" is pronounced as "sequel" or as three letters, "ess-queue-ell"—I favor the former, but plenty of folks prefer the latter). SQL contains language elements which enable you to manipulate a relational database's structure and contents, and to find and bring together the things you're looking for in a database, which may be scattered through many different tables. For example, in the made-up database of the previous few paragraphs, a SQL query could be written to find and display the last names of all customers in Oregon who've ordered something within the past month, even though that information is spread between three different tables.

Relational databases are a fairly old concept, having been around for more than 40 years, and they get the job done. However, they're not the only game in town. There's a broad class of databases referred to as NoSQL databases, which eschew tables and primary keys and Structured Query Language, instead using alternate kinds of storage, organization, or language. The NoSQL landscape is vast, but one of the more common NoSQL databases is MongoDB, which has some SQL-like properties but which stores its data in JSON format. Another is Redis, which is a very fast database (it lives entirely in RAM, though it backs itself up to disk periodically) that stores its contents as key-value pairs instead of in tables.

NoSQL is exciting, especially to developers tired of dealing with the limitations of traditional databases. But we run into a fundamental problem when we look at it: none of the popular Web apps we're going to talk about installing work well with a single NoSQL database system—that is, there's no single NoSQL database that we can use for all the popular Web apps we want to spin up and try. If you're a developer and you want to build something on Redis or MongoDB or any of the other interesting NoSQL database systems, then good for you and have fun exploring, but we must part ways here. For the sake of compatibility, we're going to go with a SQL database for our setup.

SQL it is, but which?

We've settled on SQL, but which SQL database should we install? There are many potential choices, and in a perfect world I'd like to pick PostgreSQL. It's fast, relatively secure, and easy to manage; unfortunately, it's also more complicated to make it work with everything we might want to install—for instance, WordPress doesn't work out of the box with PostgreSQL, requiring a plug-in to make it compatible. That plug-in then might break other WordPress plugins that require direct database access, a future WordPress update might break the PostgreSQL plugin. Some forum applications (like phpBB) support PostgreSQL, but others (like Vanilla) don't. MediaWiki, the 800-pound wiki application, has volunteer-maintained support for PostgreSQL, but it isn't official.

If you want to install PostgreSQL, you should. It's got its advantages, not the least of which is a bit of security-through-obscurity (it's popular, but nowhere near as pervasive as MySQL). In order to maximize compatibility, we're going to go with the popular choice and pick MySQL.

Actually, that's not quite true. We're not going to pick MySQL—we're going to go with a binary-compatible replacement for MySQL called MariaDB.

MySQL versus MariaDB

MySQL is far and away the most popular relational database for running web applications, and it pairs nicely with our choice of PHP as our scripting language. It's an open source application, currently owned by Oracle, and freely available. It's supported by just about any web application you'd want to run, and it's not terribly difficult to install.

And we're not going to use it, either. We're going to use an alternative called MariaDB.

There are several reasons for doing this. MariaDB's lead developer is a fellow named Michael Widenius, who is one of the original developers of MySQL. "Monty", as he is known, sold MySQL to Sun (who in turn passed it to Oracle when Oracle purchased Sun), but forked MariaDB off of the MySQL codebase and continued development as a separate project. MariaDB remains free and independent of any potential license changes from Oracle.

More tangibly, MariaDB has a great number of performance improvements and bug-fixes over vanilla MySQL. At the same time, it remains completely compatible with MySQL, to the point that applications don't know the difference between the two. MariaDB looks and acts exactly like MySQL (and it should, being a direct fork), even down to using the same binary names and same installation locations for all the files.

So it's faster than MySQL and has fewer bugs, but still acts exactly like MySQL as far as applications are concerned. What's not to like? Let's get it!

Installing MariaDB

The MariaDB folks have their own set of repositories for different Linux distros. If you've been following along with the guide then you're using Ubuntu Server 12.04, and so we need to tell Ubuntu Server where the correct MariaDB repository lives and then tell it to install MariaDB from there.

This requires several steps, but they only need to be done once. After this, the repository will be added and MariaDB can be updated with aptitude update and aptitude upgrade just like any other installed application.

The first step is that we need to add the developer's public key to our local keystore, so that our computer will be able to determine the authenticity of the MariaDB repository and its contents. This is for our protection, so that we know for certain that the repository is owned by who it's supposed to be owned by. To do this, pop open a terminal window and type the following:

 sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db 

Once the key has been imported, we can actually add the MariaDB repository to our sources list. Open the file /etc/apt/sources.list with the text editor of your choice, and add the following lines:

 # MariaDB 5.5 repository list - created 2012-12-07 13:36 UTC # http://downloads.mariadb.org/mariadb/repositories/ deb http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu oneiric main deb-src http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu oneiric main 

If you receive an error about sources.list being a read-only file, make sure to edit it with root privilege, either by running your text editor as root (sudo vim /etc/apt/sources.list) or by launching a root shell and working in there.

After the repository has been added, refresh your sources list with a quick aptitude update, and then run the following command in order to install MariaDB and the PHP MySQL connector:

 sudo aptitude install mariadb-server php5-mysql 

During the installation of MariaDB, you will be prompted to select a password for the MariaDB root user. The database root user will have all privileges on all of your databases, and so it's recommended that you pick a suitably complex password to keep the account protected.

Enlarge / Choosing a root password for MariaDB. Pick something secure, since this password will allow unlimited access to all of your databases.

After this, the installation process will complete and you'll be returned to your prompt.

Listing image by Lee Hutchinson / stock.xchng

A bit of configuration

Just as with PHP in the previous example, by default MariaDB prefers to talk to other applications via a TCP port. This ensures greater compatibility, but it's not as fast as direct communication using Unix sockets. In fact, we want to go ahead and disable network communication all together for our database—we'd need it if we were running the database on a separate box from the Web server, but we're not. Leaving it active is an unnecessary security risk. We want to ensure that MariaDB is listening only on our local Unix socket.

First, pop open /etc/mysql/my.cnf as root. Locate the "Basic Settings" section and add the following line at the bottom:

 skip-networking 

Save and exit, then restart MariaDB with sudo /etc/init.d/mysql restart.

Next, we need to tell PHP to use MariaDB's Unix socket for communication. Edit /etc/php5/fpm/php.ini as root and locate the mysql.default_socket setting. Change it as follows:

 mysql.default_socket = /var/run/mysqld/mysqld.sock 

Save and exit, then restart PHP with sudo /etc/init.d/php5-fpm restart.

To ensure that PHP is actually connecting to MariaDB, we can use the PHP info page we configured in the previous article, at http://yourwebserver/phpinfo.php. If it's working correctly, you should see a couple of new sections, including "mysql" and "mysqli", which make reference to the MariaDB Unix socket:

Enlarge / PHP's info function, after installing MariaDB.

Tuning

Whatever Web applications you wind up needing to run, you'll need to alter MariaDB's settings in order to run them more efficiently. However, until you actually know what apps you're going to run, there's no way to really predict what you'll need to tweak. There are plenty of MySQL tuning guides on the Web (which are applicable to MariaDB, because it uses the same settings and the same configuration file layout), but until we've got an idea of what we're doing, it's impossible to say how helpful they'll be.

There are scripts that you can run to give recommendations, though. One is the MySQL Performance Tuning Primer Script, which has some incompatibilities with MariaDB but which can provide valuable information—you can download it and run it directly from your home directory. Another is MySQLTuner-perl, which as the name suggests is a Perl script that you can run for additional tuning advice.

Running either of these right now won't yield enough advice to be really useful, since they both gather recommendations by looking at MySQL performance counters and stats, judging them against some basic rules-of-thumb. However, they're good resources to have available.

A word on running scripts against your database: be sure that you're downloading what you think you're downloading. By running scripts directly against your database locally, you're potentially bypassing your system's protections and letting the script do whatever it wants, with root or system maintenance account privilege. For performance tuning, this is fine, but be cognizant of the source of any scripts you choose to run.

Hardening tips

MySQL is, frankly, a common attack vector. The database's popularity ensures that it has more than its share of hacks targeted directly at it. Most MySQL vulnerabilities (and by extension most MariaDB vulnerabilities) are quickly patched, but it's impossible to protect against everything. Adding MySQL (or any database, really) to your system means potentially opening another vector for attack, though risk can be minimized through some basic common sense.

In its default configuration, MariaDB is not insecure; there are no gaping vulnerabilities or unpatched holes. You can potentially improve on its default state by renaming the "root" account to something non-obvious, since "root" will attract the most unsavory attention. This can be done with some simple command line magic. First, log into the MariaDB Monitor using this command:

 mysql -u root -p 

You'll be prompted for the root password you set during MariaDB's setup.

Once you're authenticated and sitting at the MariaDB [(none)]> prompt, issue the following command to rename the root user:

 rename user root@localhost to bob@localhost; 

Here we've renamed "root" to "bob", though you can obviously use whatever you want.

One tip that does come up often, and which we won't be using, is to disable the use of the LOAD DATA LOCAL INFILE SQL command. Though disabling this command's usage will indeed stop some attacks, some Web applications require this command in order to function. If you know for certain you won't be using anything that requires it, you can disable it in the /etc/mysql/my.cnf file.

The rest of the most common MariaDB security tips read like a list of standard sysadmin guidelines. Keep current with updates, never assign more privilege than necessary to any account, and remove obsolete accounts when you're done with them. As we get to installing and configuring Web applications in the subsequent articles, we'll make sure to hew close to these guidelines.

Admin tools—phpMyAdmin or other

We could stop at this point, since we have a functional database subsystem and the ability to manage it via the command line. However, there are some other management options available, and MariaDB (and its contemporaries, too!) are complex enough that a graphical interface might be helpful to some folks.

The most popular graphical admin tool for MySQL and its forks is phpMyAdmin. It's incredibly powerful and has a huge and rich feature set, but it has a significant potential downside: its overwhelming popularity makes it a huge target for attacks. If you use it, or any other graphical admin tool, it's recommended that you take significant precautions—including forcing it only talk over HTTPS and preventing it from being accessed outside your LAN. Optionally, you might also consider locking it behind Web server-based authentication to add an additional user name/password layer of protection.

There are alternatives to phpMyAdmin, including the light and quick SQL Buddy, which I prefer to use. However, the alternatives are vulnerable to most of the same kinds of misconfiguration problems as phpMyAdmin, and ultimately any window into your database that can be accessed via a Web browser brings with it inherent compromises in security.

Installing SQL Buddy

That being said, we're going to install and configure SQL Buddy because we don't really need to huge feature list phpMyAdmin brings with it.

There's no package for SQL Buddy, but that's okay—the application is prêt-à-porter. We simply need to download it, unzip it, and then configure Nginx to serve it. Technically, we don't even need to configure Nginx, since SQL Buddy is a PHP application and Nginx will already serve PHP applications, but we can improve on our default configuration and make it more secure.

First, install unzip, so that we can use it to unzip SQL Buddy:

 sudo aptitude install unzip 

Then, navigate to the Nginx web root and actually download SQL Buddy:

 cd /usr/share/nginx/html/ sudo wget --content-disposition https://github.com/calvinlough/sqlbuddy/zipball/master 

We're using wget above to follow the download link on the SQL Buddy home page, which includes a redirect to the actual file's location (hence the --content-disposition flag, which enables wget to name the downloaded file correctly). Once the file is downloaded, unzip it in place:

 sudo unzip calvinlough-sqlbuddy-207c6fc.zip 

This will produce a directory with the same name as the zip file. We want to rename that directory, then remove the zip file:

 sudo mv calvinlough-sqlbuddy-207c6fc sqlbuddy sudo rm calvinlough-sqlbuddy-207c6fc.zip 

Finally, we want to change the ownership of the directory to the Nginx www-data user. This ensure that Nginx has the access it needs, and it's a good idea to keep your Web root and its contents owned by the Web server's account anyway.

 sudo chown -R www-data:www-data /usr/share/nginx/html/sqlbuddy 

(As an aside, be careful with chown -R, which changes ownership on the directory you specify and on all its files and subdirectories. A typo can leave you accidentally changing the ownership on things you didn't intend to change! Don't ask me how I know this. I...uh, read about it once.)

Configuring Nginx to serve SQL Buddy

We need to define an Nginx location for SQL Buddy; also, while we're in the www virtual host file, we're going to make sure that we only serve out SQL Buddy's pages via HTTPS. Since we'll have to authenticate to SQL Buddy using a MariaDB user name and password, forcing SQL Buddy to HTTPS means we won't be sharing that user name and password in the clear!

To make this happen, we're going to add a bit of code in the regular, non-HTTPS server part of our www virtual host file, which will look for HTTP requests to the SQL Buddy directory and flip them to HTTPS. Open the www file (which, remember, is located at /etc/nginx/sites-available/www and add the following in the top server section, below your existing locations:

   location ^~ /sqlbuddy/ {                 rewrite ^ https://$server_name$request_uri? permanent;         } 

This location will match all non-HTTP requests to /sqlbuddy/ and redirect them to HTTPS, keeping the rest of the URL the same.

Now we'll add another location to the HTTPS server section. We already have one for executing PHP everywhere, but we're going to remove that at some point; having a distinct location defined for SQL Buddy and its PHP files will ensure that it functions as intended no matter what else is going on in other locations.

Add the following location to the HTTPS server block:

   location ~ /sqlbuddy/.*\.php$ {                 allow 192.168.1.0/24;                 allow 127.0.0.1;                 deny all;                 try_files $uri =404;                 include fastcgi_params;                 fastcgi_pass php5-fpm-sock;                 fastcgi_param HTTPS on;                 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;                 fastcgi_intercept_errors on;                                              } 

Replace the first allow netblock with your own LAN's IP address scope. Also, if you don't have your Web server configured for SSL/TLS, then you can ignore the bit about the HTTPS redirect and just put the above block in your regular server section—just make sure to remove the fastcgi_param HTTPS on; line.

The last thing we need to do is adjust the Web server so that it knows to seek out a PHP index file in each directory if it doesn't find a regular HTML index file. Most PHP applications have index.php files in their directories to catch your Web server's attention, and we want to make sure Nginx knows to look for them. To do this, modify the index directive in the HTTPS server section as follows, adding index.php onto the end:

 index index.html index.htm index.php; 

Then, tell Nginx to reload its config files to make all of your changes live:

 sudo /etc/init.d/nginx reload 

Finally, you should be able to navigate to http://yourserver/sqlbuddy and see the following:

Enlarge / Logging into SQL Buddy, using whatever you renamed the "root" account to. I'm not using SSL/TLS here, but I am on my real server.

Feed in your root username and password, and you'll be sitting at the SQL Buddy main menu, with the default list of databases at the left. We haven't added anything yet, so there's not much to see here. We'll be coming back in here throughout subsequent articles to build databases, add users, and set permissions.

Enlarge / Initial login screen for SQL Buddy.

All right! What's next?

We've got a Web server, some PHP, and a database. What ever shall we do with it? Run a forum? Start a blog? Build a wiki?

Stay tuned—we're going to do all three. Next time, we dive head-first into applications, starting with self-hosted WordPress.

Carla Bonner Claudia Schiffer