Vodafone, the biggest-earning mobile company, China Mobile, the company with the largest user base, and Softbank, the third-place Japanese carrier, form the coalition.

Mobile carriers so far have not been noted for their excellence in designing mobile services. With giants like Google, Yahoo, and Baidu on the scene, the carriers will have their work cut out for them. Perhaps we should expect to see joint-development deals…

A catalyst for this kind of usage, he said, is the
iPhone. “As the Apple iPhone hit the market our back end servers really noticed,” Lee said. “Even though the iPhone’s [market] share is not large, on a per-phone basis the web usage is about 15 times more than other web-capable phones.”

FT writes, “The collaboration underlines how mobile operators are keen to stop internet search engines such as Google and Yahoo dominating the provision of potentially lucrative services on the wireless internet.”

A trio of mobile companies including two global giants will collaborate to find more ways to profit from and develop mobile phone-based internet use, the Financial Times reported.

Many of these changes are occurring now because the traditional PC-based Internet has changed the way in which people communicate with each other. And let’s face it, people buy a cell phone primarily to communicate, not to listen to music, take pictures, or watch TV.

“The first thing we must do is deliver a world-class user experience,” he said. “(Customers) expect us to deliver a mobile Internet service that is familiar. They want services to be compelling. They want a good user interface. And they want us to design Internet services for the mobile world.”

Instead of allowing people to surf the open Internet and find the content and applications they wanted, cell phone operators wanted a world where they would be in complete control of the content and where their customers would go on the Internet. They would strike deals with content providers and act as gatekeepers, providing access to content that they chose. And as such, they would be able to charge a premium, not only for accessing the network, but also for the content itself.

So instead of encouraging customers to use their mobile phones as an extension of their Internet experience at home, carriers initially pushed new services like mobile music downloading and mobile TV. But the reality is that consumers aren’t downloading a lot of music over wireless networks, and they aren’t yet watching much TV on their mobile phones.

Verizon Wireless, traditionally the most closed cell phone operator in the industry, is a prime example. The company said in November that it will open its network to any device and any application to spur innovation. And by extension the company is beginning to tear down the walls that have separated its subscribers from the real Internet.

(Credit:
Marguerite Reardon/CNET Networks)

If Apple’s iPhone has taught the industry anything, it’s that people do want to access the Internet on their phones. And they want it to have the same look and feel that they’re used to on their PCs at home.

Sarin’s recommendations are a tall order to fill. The mobile market is much more fragmented than the PC market was when the Internet first developed. The mobile market has dozens of operating systems and hundreds of handset models. But the quicker the industry can deliver a “world-class experience,” the faster mobile operators will see their bottom lines grow as customers fill those 3G pipes.

“Something different is happening that will shape the future development of the industry and change who the successful companies are going to be and that’s the mobile Internet,” he said. “The mobile Internet is the new, new thing in the industry. And it is here for real and happening now.”

LAS VEGAS–Vodafone’s CEO Arun Sarin shared a revelation during his keynote here at the
CTIA trade show Wednesday.

And then it dawned on me. While 3G was expected to allow cell phone users to access Internet-based content, mobile operators envisioned a different kind of Internet than the one consumers have come to know on their PCs.”

Vodafone CEO Arun Sarin addresses an audience at CTIA.

But Sarin acknowledged that the industry is still struggling to give customers what they really want. And he called on device makers, carriers, and application developers to work together to ensure that customers get what they want.

“Customers want to communicate in new ways, like IM, social networking, and videos,” Sarin said during his speech. “That doesn’t mean they aren’t making phone calls. But in the communications industry, we need to provide them with all of their communications needs.”

My initial reaction to his deep insight was “Duh, isn’t providing Internet access to cell phones the reason why you and the rest of the carriers have been spending billions of dollars to build 3G high-speed networks? So what’s the big surprise?

Murata Girl, aka Seiko-chan, can ride forward and backward at 2 inches per second–or idle in place. Tiny sensors tell the bot when it’s about to bump into something, and gyroscopes on her back, plus a spinning disc embedded in her stomach, help her stay balanced.

(Many thanks to my co-worker Takayuki Sakurai for helping me make sense of the Japanese on Murata’s product page.)

Bicycle-riding robot Murata Boy has a cute new cousin–and she’s so one-upping him by getting around on a unicycle.

(Credit:
Murata Electronics)

Three female art school graduates designed Murata’s new girl, which the company will officially unveil at Ceatec Japan 2008, kicking off September 30 outside Tokyo. Crave’s own Erica Ogg leaves for the show Saturday, and she promises to meet Murata Girl in person and tell us more about her.

If Eve from Wall-E and Rosie the Robot Maid from The Jetsons had a love child…

Murata Electronics, an electrical components maker based in Japan, uses Murata Boy to promote science education and advertise its brand. It describes Murata Girl as “active but shy” (she occasionally blushes) and from central Japan, noting that she’s programmed to follow her cousin around (no doubt taunting him endlessly for only being able to manage on two wheels). Users can control Seiko-chan via Bluetooth.

As for eMachines, it remains committed to bringing you dual-core PCs on the cheap. We’re glad to see that it has embraced AMD’s full-fledged Athlon X2 chips, rather than the half-baked AMD Sempron chips it had lying around the warehouse. The T5246 offers the Athlon 64 X2 4200+, 2GB of RAM, a 400GB hard drive, and a dual-format DVD burner for $430. That’s about as much computer as you would need for basic
Windows Vista usage. Further down the budget scale, eMachines still has a single-core PC to offer with the $350 T3642 and its Athlon 64 4000+ chip.

The Gateway GM5664, depicted with a monitor not included in the $1,150 price tag.

(Credit:
Gateway)

The most interesting component of this news is the hybrid Blu-ray/HD DVD drive coming to Gateway’s new, retail-only GM5664 desktop. The system includes a quad core AMD Phenom 9600 CPU, a 1TB hard drive, and a 256MB ATI Radeon HD 2400 XT graphics card for $1,150. That’s not a bad configuration for the price, especially the hard drive. However, if it’s the Blu-ray and HD DVD playback you’re after, the $949 HP Pavilion SlimLine s3330f has a better price and a more living room-friendly chassis. The similar, non-HD, 500GB hard drive-equipped Gateway GT5662 also debuted today for $750.

On the heels of the gaming-oriented Gateway FX7020, we get a few more desktop announcements this morning from recent Acer-acquisition Gateway, as well as from its eMachines subsidiary.

When the focus of the debate shifted, Lessig brought up a more provocative point: Is the golden age of newspapers, when journalists “could write the truth and not fear retaliation,” over? I’m not convinced that’s entirely the case, but the signposts point to trouble ahead. In the last several years, we’ve watched the increasingly flimsy line between church and state at many newspapers come under more pressure. Recall the Los Angeles Times’ horrid profit-sharing arrangement with the Staples Center a few years back and the editorial rebellion it triggered. Since then, a succession of LA Times edit chiefs have struggled to contain the publishing moguls’ cupidity and stupidity. I’m afraid they’ll lose that fight.

The outburst was the highlight of the day during an otherwise predictable panel discussion on the “future of professionally created content” down here at Stanford. Actually, a better promotional tagline would have been “Beat up on Andrew Keen Saturday. Come and get some.”

As if they would shed new light.

Then it was Mount Vesuvius in the flesh with Nutsy Fagin shouting from his seat about a tangled conspiracy involving Gary Webb and the CIA and journalistic cover-ups. If you don’t recall, Webb was an investigative reporter who authored a series of 1996 pieces for the San Jose Mercury News, reporting on a CIA link to Nicaraguan drug dealers in Los Angeles. The paper later distanced itself from the articles, and Webb wound up dead from what the police said was a self-inflicted gunshot to the head.

Jeff Jarvis, who was not here, has written eloquently about how mainstream newspapers can redefine themselves in the Internet era. But is there enough urgency at old institutions like the LA Times or The New York Times to order a remake as digital companies where they become more of a platform for local news? Per Jarvis: “This means that the staff must change radically as roles evolve from producing content to organizing, enabling, and educating collaborative and distributed networks.” That sounds like a sensible way to reverse a trend that very few people believe will be in the public interest. Not even the crazy guy in the front row.

PALO ALTO, Calif.–It was only a matter of time before the crazy guy in the front row blew up. He had been fidgeting in his seat all morning. All it took was for author Andrew Keen to bemoan the public’s loss if more struggling newspapers bite the dust.

So it was that Stanford gathered Keen alongside Larry Lessig; Hal Varian, a professor-turned-chief economist at Google; Tom Rubin, who is in charge of copyright legal policy at Intel; and Paul Cappuccio, the chief legal officer at Tim Warner, to consider the question.

(Credit:
Charles Cooper)

Then again, this is old hat for Keen, the author of The Cult of the Amateur: How Today’s Internet is Killing our Culture. The book’s marketing director purposely chose a title designed to antagonize the maximum number of people in Silicon Valley–and boy, did that wish come true. For a while, I was sure some locals would invite the media to witness Andrew Keen pinata parties where the assembled could take a whack just for the hell of it.

Keen’s book offers an acerbic take on the Internet’s impact on the larger culture–especially as it touches the wider world of media. Critics, who seized on the holes in his narrative, have dismissed the book as a transparent polemic. Well, Keen on Saturday was back in the belly of the beast. The guy’s been doing the book circuit for the last year and has learned how to give as good as he gets.
But halfway into this, I started mumbling the Rodney King line about getting along already. Why can’t so many smart people move past this stale debate already? I was sure the controversy had exhausted itself. Apparently not.

Left to right: Larry Lessig, Andrew Keen, Hal Varian, Tom Rubin, and Paul Cappuccio

Saturday’s face-off was little different. Lessig, who is fiercely smart and a professor of law at Stanford Law School, got skewered in The Cult of the Amateur, and this was payback time. He had fun pointing out mistakes in the book, which Lessig reminded the audience was “professionally produced content.” And if it was so riddled with mistakes, what does that suggest about how the traditional system works? Yes, he allowed, many blogs are “crappy” but the professional world can be just as bad as that of the amateur. It’s hard to dispute the good professor.

Failing to deliver the text before the press announced it probably didn’t help Obama’s marketing campaign, either.

There were just two problems with that plan. First, the Obama campaign chose the traditional route of handing the news first to a favored reporter: Joe Biden’s selection was first reported by CNN. Second, many messages never arrived (one of my colleagues is still waiting).

Keynote Systems on Thursday called it a “technical bellyflop.”

It sounded like a great idea at the time: Barack Obama announced that he’d announce his veep selection through text messaging.

A campaign e-mail message on August 12 promised: “Let me be very clear. You are the ones who built this campaign, and Barack wants you to be the first to know who will join him in leading our movement for change.”

Nearly 3 million people received the August 23 text message–sent out around 3 a.m. EDT–Nielsen reported earlier. However, Keynote estimates that 40 percent to 50 percent of people who signed up to receive the text either received it late or not at all. Keynote Systems measures and monitors e-business performance.

The Obama campaign promised us we'd be the first to know. Nearly a week later, we're still waiting.

The late and failed texts demonstrate “the inadequacy of the SMS technical infrastructure to support large-scale marketing campaigns,” said Shlomi Gian, director of mobile business development for Keynote.

(Credit:
Declan McCullagh/CNET News)

An engineer speaks
On Friday, Dr. Alma Whitten, an engineer in Google’s security team added her two cents to the debate, in a lengthy post on Google’s Public Policy Blog. According to Whitten:

Adios Alberto
For the last few years, Peter Fleischer, the company’s Paris-based Global Privacy Counsel has been the public face for Google’s privacy policies–most frequently offering his views on the company’s official Public Policy Blog. Fleischer is a forceful advocate of his employer, who has in the past engaged in public shouting matches with critics of the company. It was Fleischer who first introduced the company’s log “anonymization” policy, as well as the decision to reduce the length of cookies from 30 years to 2 – a move ridiculed as only useful to the dead or those confined to a maximum security prison.

If the millions of IP addresses in Google’s logs are not identifying information, why is the company fighting so hard to keep them? Instead of following Microsoft, Yahoo and Ask.com’s lead in deleting the entire IP address after 18 months, Google instead smudges out the last octet (up to 3 digits) of an IP address after that same period.
The IP address may not be identifying when Google possesses it, but when subpoenaed by law enforcement, it can easily lead to a subscriber name and address when coupled with ISP log data. An IP address is enough probable cause for law enforcement to get a search warrant for someone’s home. One court confirmed this, stating that “though it was possible that the transmissions originated outside of the residence to which the IP address was assigned, it remained likely that the source of the transmissions was inside that residence.” The Recording Industry Association of America (RIAA) seems to think that an IP address is identifying information. Using just an IP and an allegation of copyright infringement, the RIAA has been able to force Internet service providers and universities into giving up the names and addresses of the alleged pirates.

Fleischer’s statements, like those of Attorney General Alberto Gonzales in his final weeks at the job, are simply no longer trusted. Which, of course, makes Google’s recent hire of a Gonzales appointed Department of Justice privacy czar all the more interesting.

Finally, I am currently a paid technology policy fellow with the Electronic Privacy Information Center, a group that has repeatedly criticized Google in the past. I did not speak with anyone at EPIC while writing this blog post, nor does it reflect the opinions or policy of EPIC.

With intense pressure coming from European regulators, Google seems to be scrambling to defend itself. However, instead of adapting its privacy policies to match the changing political climate, the search giant has opted for an alternative approach: denial. In a major public relations push this week, multiple Google employees have publicly stated that network IP addresses are not private identifying information.

One British tech news site sarcasticly compared Whitten’s argument to the Chewbacca defense from TV’s South Park. A tip for those in charge of strategy at the Googleplex: when your policy positions are being compared to OJ Simpson defense lawyer Johnny Cochran, you have a problem.

“If you’re an ISP…and you know the name and address of the person who holds that account, then that IP address is more like personal data, even though multiple people could still be using it. On the other hand, the IP addresses recorded by every Web site on the planet without additional information should not be considered personal data, because these Web sites usually cannot identify the human beings behind these number strings.”

A request for comment sent to Whitten was forwarded to a member of Google’s public relations staff, who had yet to respond to my questions by press time.

The EU’s rules insist that Net surfers must consent to their data being collected and that the search engines give a person the right to object or verify their information. As long as Google has an office or data center within EU territory, the stricter European rules apply.

It’s simply dishonest to continually imply otherwise in order to hide the real political and monetary reasons that Google chooses to hang onto this data.

Whitten’s statement has been thoroughly debunked by the tech media, members of the blogosphere and even The New York Times. I won’t rehash the things that have been covered elsewhere, but I will make the following four points:

Of course, this entire IP address debate only applies to people who do not have a Google account. Anyone who uses Google’s free email service and does a search while they are logged into their email account will find their searches logged, and associated with their name. The company is even nice enough to opt users in to this handy feature by default, providing one-click access to every search issued by a logged in user.

Disclosure: I worked as an intern for Google in 2006 in the same group as Alma Whitten. I received a patent invention payment from Google in 2007, and have twice received a $5000 tuition fellowship from Google and the Hispanic College Fund. I interviewed for an internship with Google’s Policy team in Washington DC in February of 2008. I have also applied for a Google funded Public Policy Fellowship.

According to an Associated Press report, European data privacy regulators confirmed this past Thursday that Internet search engines based outside Europe must also comply with EU rules dictating how person’s Internet address or search history is stored.

Google could soon be forced to delete identifying user information from its search logs, statements by the European Union data regulators suggest. The search engine’s lawyers have long argued that network addresses don’t really count as personal information, and even if they did, the company’s policy of masking the last few digits of an IP address after 18 months is more than sufficient. European regulators don’t appear to be buying Google’s claims.

I think it’s quite reasonable to state that at this point, Peter Fleischer has little to no credibility with the privacy community or members of the technology press. When that is taken into consideration, it is not so surprising that Google chose to rebrand its privacy policy, and have a PhD wielding engineer lend her name by repeating the company’s Politburo issued talking points.

What’s happened (in discussions of electronic voting) is that a strong, loud populous advocacy voice said “We are computer scientists and know quite well the vulnerabilities of electronic voting systems and those vulnerabilities are so severe that the democratic process is at risk.” I don’t think those conclusions are justified.

Carnegie Mellon’s Michael Shamos, pictured here in his home in Pittsburgh, says that paper trails are hardly the solution to worries about the security of electronic voting machines, and when mandated by law, stifle further research.

I’m not saying you can’t make a reliable paper trail. You can use ATM technology. The reason we don’t use ATMs is that they cost 10 times as much as voting machines.

The Holt bill failed. If it hadn’t failed, it would have outfitted these (voting machines) with cheap printer parts. You won’t hear that from the advocates. They will never admit that a paper trail machine loses votes.

The naysayer thinks it’s throw-the-election-to-Republicans code. That’s not there. It’s horrible spaghetti code, lack of software engineering. These things have to satisfy every quirk of the voting laws in all 50 states.

One way to address that problem is to use some kind of cryptographic mechanism, like a digital signature, on each piece of paper.

Shamos: You have stated that one can put various cryptographic codes on the ballots to ensure their authenticity. The fundamental problem is that they’re not human-readable.

Does that mean that you think that some of the fuss over Diebold is overblown?

Shamos: The equipment is not as reliable as it should be. The software is not designed as well as it could be. The manufacturers are secretive. I’ve been involved in a number of source code audits of voting systems and these audits always produce a huge list of vulnerabilities. I’ve never found bugs that interfere with the integrity of an election. But you don’t want them there.

When you say “advocates,” who or what do you mean?

Shamos: Let’s start with VerifiedVoting.org. And we can go all the way to the EFF and the League of Women Voters. There are numerous organizations that have taken the position that paper trails are the only way to safeguard elections, no matter that they lose 20 percent of votes.

In addition to reviewing the source code of some electronic voting systems under nondisclosure agreements, Shamos has been an e-voting consultant for Texas and Nevada. An April 2004 paper he wrote says that e-voting systems do have risks but paper isn’t the answer (and suggests alternatives). In it, he quips that out of a million or so computer scientists and mathematicians, only 100 or so have signed a statement calling for paper trails; it drew an angry response posted at Verified Voting’s Web site.

How many voting machines in Pennsylvania produce voter-verified paper trails?

Shamos: We don’t have paper trail systems in Pennsylvania. Please don’t use the term “paperless.” It’s a construction of the advocates and it’s false and misleading. They’re not paperless. They just don’t produce a contemporaneous paper that the voter can view.

The real problem is reliability. The systems fail. Furthermore, the code isn’t good. The code is riddled with bugs, most of which don’t affect the accuracy of the tally. But we don’t know when those conditions occur.

Isn’t it optimistic to think that officials and auditors will necessarily be able to detect the first real attack on e-voting machines?.

Shamos: Technology is always required in elections. The days of the hand-counted ballots are over. You can design technology in a way that makes the problems readily apparent or that they’re disguised. My position is that when a problem is found, it’s an engineering problem.

And in every election, we see paper ballots that don’t match up. It’s much worse with paper trails. This creates a severe legal problem in states where the paper trail is the official ballot, Ohio for example. Such states always ignore the law. They have to ignore the law. Twenty percent of paper trails (tend to be) missing or illegible.

You could have a second machine created by a second manufacturer that validates the digital signature on a ballot.

Shamos: The voter could go over to a second machine and say, yes or no, this is a valid ballot. Then the (person who wants to throw an election) goes to the second machine and tampers with that component, too.

Would you agree that a paper trail is important?

Shamos: I wouldn’t agree to that. No. Why is it important?

If I want to screw up an election, all I have to do is modify five votes. Then we have to do a manual recount (which is vulnerable to tampering and ballot-stuffing).

If the codes were published, there would be a period of time when these vulnerabilities would be found–a lot of buffer overflow errors–and then they would be fixed. And everyone would know it’s fixed.

PITTSBURGH–Many computer scientists have been arguing for years that electronic voting machines absolutely must sport paper trails that can be verified by the voter and subsequently used in manual recounts.

It’s a formal policy position of the U.S. arm of the Association for Computing Machinery, the professional organization of computer scientists. Stanford University’s David Dill even created the pro-paper-trail Verified Voting Foundation and has co-authored an article for us that argues against Internet voting, too.

The fundamental difficulty with paper trails is that they’re ridiculously kludgey. The problem is that once you mandate paper trails, it cuts off research. There would be no reason to use anything else because it would be illegal.

So you’re saying it’s easier to hack an election with paper ballots than it is with electronic ones?

Shamos: I say, and the advocates are forced to admit it, that there’s never been any evidence that a DRE machine has been tampered with in an election. They say that doesn’t mean it never happened. I agree with that. But I believe deeply that if people were out there trying to hack elections we would see evidence of failed attempts.

(Credit:
Declan McCullagh/News.com)

The problem is that when you vote electronically, multiple copies of your ballot image are recorded in memory. (Once a memory card is removed it becomes virtually impossible to tamper with.) Those systems are perfectly safe from after-the-fact tampering. They may not be safe from before-the-fact tampering.

Every manipulation of elections that’s been proven has involved the manipulation of paper.

Compared to paper and its vulnerability to after-the-fact tampering?

Shamos: I’m not advocating that we blindly trust machines. We have to have a way to make sure the (record is correct). If anything happens to that piece of paper, if it gets substituted or lost, there’s absolutely no way to reconstruct the election. that’s unlike an electronic system, which is if one memory fails you have the other.

(Often what happens) is that it jams and the printer overprints. The voters don’t notice because they’re not used to this. Another thing that happens is that the bag (of printouts is returned and can be manipulated).

Does that mean you’re suggesting that we should be voting from insecure home computers even if they’re running Windows 98?

Shamos: I can point you to a mechanism (in a paper by Avi Rubin and Dan Wallach) that would allow secure voting on insecure terminals. The notion that the Internet is just not secure enough to do anything important is just wrong. It’s not insurmountable. The right people aren’t thinking about it because you gotta have a paper trail.

Over and over again, some number around 20 percent doesn’t exist or can’t be read. What the law requires is that the electronic count, presumed accurate, must be discarded, and 20 percent of the electorate must be disinfranchised. Yet advocates claim that a paper trail is the most reliable mechanism. How can it be reliable if 20 percent is lost?

Do you think an increasing number of your colleagues are coming around to your point of view?

Shamos: No. I wouldn’t expect them to. (They may be very good technologists, but) they don’t know anything about elections. They don’t know how votes are counted.

Should I try to answer that?

Shamos: You’ll give me an answer. It won’t be a good answer.

We’re going electronic. The next generation is convinced they’re going to vote from their cell phones. (It’s going to happen.)

Q: How many different e-voting systems does Pennsylvania use?

Shamos: The number of different systems we use in Pennsylvania has gone down one because one was decertified. We’re down to 9 or 10. We have one of the most diverse voting systems of any state in the country. We have only 67 counties.

The security on ballot boxes is much lower than the security on voting machines themselves. In order to do anything with those pieces of paper, they have to be handled by people. What do you think happens?

Only in the United States, or in one jurisdiction.

Shamos: What we really want are end-to-end verification systems. I want to be able to tell that my vote was counted. These paper trails do not provide end-to-end verification. No serious manufacturer is working on end-to-end verification. We’re not making any progress toward that end except in the theoretical journals. Why? Because the idea of paper trails has completely gummed up the works.

But support of paper trails is not unanimous. Michael Shamos, a professor of computer science at Carnegie Mellon University who teaches an e-voting class and has been a consultant to the Pennsylvania government since 2004, believes that electronic methods of tabulating votes actually tend to be more secure than paper-based ones.

When a bridge collapses, do we outlaw bridges or do we inspect bridges of similar design? If the design itself is fundamentally flawed, then those bridges are going to have to be taken out of service and rebuilt. If there’s a fix, however, you can add a bracing member.

Let’s assume that 100 percent of voters verify the paper trial, though experimental numbers are closer to 8 percent. How are we going to make use of the paper trail? One is with an audit (that looks at statistical sampling and discrepancies). But if a discrepancy is found, we will not accept any of the electronic totals. That works, assuming that all of those pieces of paper got created correctly, and are subject to the same kind of security safeguards that the advocates insist on for electronic machines.

If they’re a computer printout, why would they be illegible?

Shamos: The real reason is that the printers are made in China and as you saw recently with Ed Felten, they can’t even produce legible numbers. They’re crap.

When someone votes for Hillary, it prints out an invalid bogus code. We put it under a scanner later.

It means that if you were to mount a statewide manipulation, you couldn’t do it. There’s some security in numbers.

The word “paperless” is really insidious. The word “less” is meant to imply that they’re thereby missing something. Whoever decided to come up with the term “paperless” deserves a left-handed prize for their imagination. It’s wonderful for them. Paperless.

To believe that in the lack of evidence means that the first person who hacked an election got it right. Remember Robert Tappan Morris and the Internet worm? I would get worried if we start to see systematic evidence (of increasingly robust) attacks. But we’ve never seen any of those. That’s what consoles me. I have to believe that a really improbable event did not occur: that someone found the perfect hack the first time.

(Take the case of the reported problems with the Diebold GEMS tabulation system). I don’t think it’s utterly fatal to electronic voting machines in the United States. What the advocates will tell you is that that bug is just the tip of the iceberg and if they were granted access to the source code, they would find more. I would agree with them on that.

I sat down with Shamos on Friday at his home near Pittsburgh’s Shadyside neighborhood, a few blocks from campus, to talk about e-voting and the Pennsylvania primary that is scheduled to take place on April 22. Following is a lightly edited (I abbreviated some of my questions and some of his answers) transcript of our conversation.

It held out as long as possible, but a Windows Vista laptop fell to a determined bunch of hackers Friday evening at the Pwn to Own contest at CanSecWest.

Since it was the third day of the contest, which saw a MacBook Air get hacked on Thursday, the TippingPoint Zero Day Initiative relaxed the rules even further. On the first day of the contest, only the operating system could be targeted, but on the second day that was expanded to include standard applications. An undisclosed
Safari flaw led to the MacBook Air’s downfall.

(Credit:
TippingPoint)

Shane Macaulay, Derek Callaway and Alexander Sotirov, were able to gain control of the laptop, which also means they get to keep it. However, since the rules had been relaxed, they only get $5,000; the MacBook Air winners collected $10,000.

But on Friday, hackers could target any “popular” piece of application software that you might find on a system. The Fujitsu laptop, running Vista Ultimate, was compromised by a previously undiscovered flaw in Adobe’s Flash software.

TippingPoint’s Aaron Portnoy, with Shane Macauley and Alexander Sotirov (left to right) take control of a Windows Vista laptop.

A Sony Vaio laptop running Ubuntu remained unscathed at the end of the conference.

Want to watch Hulu videos in your favorite RSS reader? Hulu's got you covered with nine feeds that will serve up playable videos for RSS readers.

(Credit:
CNET Networks)

(Credit:
CNET Networks)

To go along with this new feature, another update that’s less entertaining, but important, are the new buttons that let you share a video not only by e-mail or embedding, but now with the usual smattering of social bookmarking, news, and networking sites like Facebook, Digg, Delicious, et al. Notably missing are other popular services like Mixx, Twitter, and AOL’s Propeller.

To get it to work you simply need to go to this page and pick out any of the feeds then dump it into your feed reader. Make sure to click the “add video” box, which will add the playable video to the feed. One major bummer is that you can’t just do this with any video feed (yet), only the nine specialty feeds provided by Hulu. I tried adding the special ending to regular links in my RSS reader, but to no avail.

Reading blog posts on Google Reader is cool, but creating a feed full of playable video clips is far more entertaining. Video host Hulu’s latest update to its sharing tools has done just that, letting you tweak several RSS feeds to automatically include embed code that will let a video play in its entirety right in your feed reader. More importantly, this can double as a simple way to get around any domain restrictions put in place by your IT department to keep you from watching Hulu videos while at work.