Wednesday, May 25, 2011

What Bitcoin Is, and Why It Matters

Recent weeks have been exciting for a relatively new kind of currency speculator. In just three weeks, the total value of a unique new digital currency called Bitcoin has jumped four times, to over $40 million.

Bitcoin is underwritten not by a government, but by a clever cryptographic scheme.

For now, little can be bought with bitcoins, and the new currency is still a long way from competing with the dollar. But this explainer lays out what Bitcoin is, why it matters, and what needs to happen for it to succeed.

Where does Bitcoin come from?
In 2008, a programmer known as Satoshi Nakamoto—a name believed to be an alias—posted a paper outlining Bitcoin's design to a cryptography e-mail list. Then, in early 2009, he (or she) released software that can be used to exchange bitcoins using the scheme. That software is now maintained by a volunteer open-source community coordinated by four core developers.

"Satoshi's a bit of a mysterious figure," says Jeff Garzik, a member of that core team and operator of Bitcoin Watch, which tracks the Bitcoin economy. "I and the other core developers have occasionally corresponded with him by e-mail, but it's always a crapshoot as to whether he responds," says Garzik. "That and the forum are the entirety of anyone's experience with him."

How does Bitcoin work?
Nakamoto wanted people to be able to exchange money electronically securely without the need for a third party, such as a bank or a company like PayPal. He based Bitcoin on cryptographic techniques that allow you to be sure the money you receive is genuine, even if you don't trust the sender.

The basics
Once you download and run the Bitcoin client software, it connects over the Internet to the decentralized network of all Bitcoin users and also generates a pair of unique, mathematically linked keys, which you'll need to exchange bitcoins with any other client. One key is private and kept hidden on your computer. The other is public and a version of it dubbed a Bitcoin address is given to other people so they can send you bitcoins. Crucially, it is practically impossible—even with the most powerful supercomputer—to work out someone's private key from their public key. This prevents anyone from impersonating you. Your public and private keys are stored in a file that can be transferred to another computer, for example if you upgrade.

A Bitcoin address looks something like this: 15VjRaDX9zpbA8LVnbrCAFzrVzN7ixHNsC. Stores that accept bitcoins—for example, this one, selling alpaca socks—provide you with their address so you can pay for goods.

Transferring bitcoins
When you perform a transaction, your Bitcoin software performs a mathematical operation to combine the other party's public key and your own private key with the amount of bitcoins that you want to transfer. The result of that operation is then sent out across the distributed Bitcoin network so the transaction can be verified by Bitcoin software clients not involved in the transfer.

Those clients make two checks on a transaction. One verifies the mathematical relationship between the public and private keys to confirm that the true owner of the pair sent the money; the second refers to a public transaction log stored on the computer of every Bitcoin user to confirm that the person has the bitcoins to spend.

When a client verifies a transaction, it forwards the details to others in the network to check for themselves. In this way a transaction quickly reaches and is verified by every Bitcoin client that is online. Some of those clients - "miners" - also try to add the new transfer to the public transaction log, by racing to solve a cryptographic puzzle. Once one of them wins the updated log is passed throughout the Bitcoin network. When your software receives the updated log it knows your payment was successful.

The nature of the mathematics ensures that it is computationally easy to verify a transaction but practically impossible to generate fake transactions and spend bitcoins you don't own. The existence of a public log of all transactions also provides a deterrent to money laundering, says Garzik. "You're looking at a global public transaction register," he says. "You can trace the history of every single Bitcoin through that log, from its creation through every transaction."

How can you obtain bitcoins?
Exchanges like Mt. Gox provide a place for people to trade bitcoins for other types of currency. Some enthusiasts have also started doing work, such as designing websites, in exchange for bitcoins. This jobs board advertises contract work paying in bitcoins.

But bitcoins also need to be generated in the first place. Bitcoins are "mined" when you set your Bitcoin client to a mode that has it compete to update the public log of transactions. All the clients set to this mode race to solve a cryptographic puzzle by completing the next "block" of the shared transaction log. Winning the race to complete the next block wins you a 50-Bitcoin prize. This feature exists as a way to distribute bitcoins in the currency's early years. Eventually, new coins will not be issued this way; instead, mining will be rewarded with a small fee taken from some of the value of a verified transaction.

Mining is very computationally intensive, to the point that any computer without a powerful graphics card is unlikely to mine any bitcoins in less than a few years.

Where to spend your bitcoins
There aren't a lot of places right now. Some Bitcoin enthusiasts with their own businesses have made it possible to swap bitcoins for tea, books, or Web design (see a comprehensive list here). But no major retailers accept the new currency yet.

Where to spend your bitcoins
There aren't a lot of places right now. Some Bitcoin enthusiasts with their own businesses have made it possible to swap bitcoins for tea, books, or Web design (see a comprehensive list here). But no major retailers accept the new currency yet.

If the Federal Reserve controls the dollar, who controls the Bitcoin economy?
No one. The economics of the currency are fixed into the underlying protocol developed by Nakamoto.

Nakamoto's rules specify that the amount of bitcoins in circulation will grow at an ever-decreasing rate toward a maximum of 21 million. Currently there are just over 6 million; in 2030, there will be over 20 million bitcoins.

Nakamoto's scheme includes one loophole, however: if more than half of the Bitcoin network's computing power comes under the control of one entity, then the rules can change. This would prevent, for example, a criminal cartel faking a transaction log in its own favor to dupe the rest of the community.

It is unlikely that anyone will ever obtain this kind of control. "The combined power of the network is currently equal to one of the most powerful supercomputers in the world," says Garzik. "Satoshi's rules are probably set in stone."

Isn't a fixed supply of money dangerous?
It's certainly different. "Elaborate controls to make sure that currency is not produced in greater numbers is not something any other currency, like the dollar or the euro, has," says Russ Roberts, professor of economics at George Mason University. The consequence will likely be slow and steady deflation, as the growth in circulating bitcoins declines and their value rises.

"That is considered very destructive in today's economies, mostly because when it occurs, it is unexpected," says Roberts. But he thinks that won't apply in an economy where deflation is expected. "In a Bitcoin world, everyone would anticipate that, and they know what they got paid would buy more then than it would now."

Does Bitcoin threaten the dollar or other currencies?
That's unlikely. "It might have a niche as a way to pay for certain technical services," says Roberts, adding that even limited success could allow Bitcoin to change the fate of more established currencies. "Competition is good, even between currencies—perhaps the example of Bitcoin could influence the behavior of the Federal Reserve."

Central banks the world over have freely increased the money supply of their currencies in response to the global downturn. Roberts suggests that Bitcoin could set a successful, if smaller scale, example of how economies that forbid such intervention can also succeed.

Monday, May 23, 2011

Mac Malware Scare: 7 Questions

It was only a matter of time. Numerous reports from the field leave little doubt that Apple OS X has become the target of its first widespread malware campaign -- in the form of MacDefender (aka, MacSecurity or MacProtector). Mac Defender is classic scareware: You're prompted to download and install an antivirus program to protect your system, when in fact the program itself is malicious.

Because the OS X malware campaign is the first of its kind, both Apple and Apple customers seem confused, with flames flying back and forth in various forums -- aggravated by a recent report that Apple support is refusing to help users remove the malware.

[ Master your security with InfoWorld's interactive Security iGuide. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. | Discover the key Mac, iOS, and Apple tech trends for business users with InfoWorld's Technology: Apple newsletter. ]

To clear the air, we offer some basic questions and answers about the ongoing MacDefender travails:

This isn't a virus or vulnerability within OS X, so how is it Apple's problem?Anytime a company's customers are being exploited, it's the company's problem, especially when that company has made a point of saying these sorts of things hardly ever happen on its platform. Even in the Microsoft Windows world, most successful malicious exploits don't depend on a vulnerability within the Windows operating system.

Microsoft doesn't help customers deal with malware, so why should Apple?The premise is dead wrong. After fighting cyber criminals for over two decades, Microsoft's support staff is fully trained at malware detection and removal. Microsoft has multiple commercial and free antimalware products, and large portions of its security websites are dedicated to malware detection and removal. Check the default Microsoft security page for yourself.

What's the best way to stop scareware scams?Education is the best defense. If you know what real antimalware software looks like, you're less likely to fall for the fake kind. Many companies say they do a good job at computer security education, but fail to include a single screenshot of the legitimate antimalware software they've installed on employee machines. Of course, if you're a Mac user, it's likely you don't have an antimalware program at all, other than the extremely limited one provided in OS X by default. Thus, any antimalware warning is fake.

But isn't that already readily apparent to anyone who isn't running an antimalware program?If that was the case, MacDefender wouldn't be making headlines and ruining the week for many OS X users. Never underestimate users' need to believe everything they read and click on anything they've been told to run.

So installing a real antitmalware program like Norton AntiVirus for the Mac would eliminate the risk, right?Unfortunately not. Antimalware scanning programs can't stop a large percentage of malware, simply because they can't keep up with the volume of new exploits. There are thousands of new scare programs created every day, and before they are released, most get scanned by dozens of popular antivirus scanner engines to prove they don't generate an alert. By the time an antivirus vendor includes a new scareware program in its antimalware definitions, it's often too late.

That said, it's probably time to consider antimalware for the Mac. Keep your antimalware definition files up to date, make sure your operating system has the latest patches, and don't download or install any program unless you know where it came from. Common sense measures cut your risk by a magnitude.

Is Apple's sudo approach better or worse than Microsoft's UAC (User Account Control)?Mac and Windows fans have long argued over whether Apple's sudo approach is better than Windows UAC. Most malware requires elevated privileges and permissions to infect and exploit a system. With both sudo and UAC, the operating system vendors disable the super user account by default and force users to do something extra to gain elevated access to the operating system.

I like sudo because it's been around for decades; it's very simple and hasn't changed much over time. With sudo, there is very little configuration, and when you need it, you're pretty sure how it's going to work and what it's going to do.

UAC actually has a lot more functionality and is far more predictive (in most cases) about when it will be needed. My problem with UAC is its complexity. Because it is more intelligent than sudo, there's more for end-users to learn. For example, UAC doesn't just apply to members of the Administrators group, but also to members of 17 other elevated groups: Power Users, Enterprise Admins, Scheme Admins, Network Configuration Operators, Print Operators, and so on. Microsoft provides literally dozens of ways to customize UAC, when it appears, and when it applies. As a result, few users truly understand UAC.

Both sudo and UAC do their jobs well. But in the long-term security scheme of things, neither will significantly decrease malicious hacking when end-users can simply be tricked into running whatever Trojan executable they are presented.

Is Apple going to leave its users twisting in the wind?Apple will change its support policies in the future and respond better. It has to. When Apple had only a few points of global marketshare, it didn't need to worry about malware or strategize about malware response. Now that the company has grown up, it will need new ways of handling customer issues in order to succeed.


Sorry people i was busy with some exams

But now i'm back =)

Thursday, May 12, 2011

Workplace Robots Need a Better View

A coming wave of industrial robots will be smart enough to work safely alongside humans in many different settings, says Rodney Brooks, a professor emeritus of robotics at MIT and a founder of iRobot.

Industrial robots have evolved little since the first ones appeared in General Motors factories about 50 years ago, Brooks says. Most workplace robots—such as those used in car manufacturing—are designed to perform simple, repetitive tasks. And they lack the sensory smarts to work safely alongside humans.

"I think there's room for a real revolution by putting sensors and computation into industrial robots," says Brooks. "What if the robots were smarter and they could go into smaller companies and be easier for ordinary people to use?"

If manufacturing robots could recognize their human coworkers and interact with them safely Brooks says they could be used in many more manufacturing environments, assisting with repetitive and physically demanding manual tasks.

In 2008, Brooks founded a new company, called Heartland Robotics, to develop robots for manufacturing. The company has said that its robots will be intelligent, adaptable, and inexpensive. But the company is still in stealth mode, and hasn't revealed what technologies these robots will use.

In the last few years, robotics researchers have made progress in machine vision, due in part to the falling cost of computer power, and the photo and image resources that can be pulled from the Web and used to train computer vision systems to recognize different objects. However, Brooks says, giving machines more human-like vision remains one of the biggest challenges to the development of more practical robots.

"Perception is really, really hard. For robots, I think it's largely unsolved," says Brooks. "Image-based recognition has worked surprisingly well, [but] it can't do the recognition that a three-year-old child can do."

Commercial machine vision systems are still usually focused on a narrow task. For example, some cars now come equipped with a system that can identify pedestrians and other vehicles, even in a cluttered scene. The system, developed by Mobileye, based in Israel, is connected to an onboard computer that applies the brakes if a collision seems imminent.

"This is the first wide-scale, highly demanding use of computer vision," says Amnon Shashua, the Sachs professor of computer science at the Hebrew University of Jerusalem, and a cofounder of Mobileye.

Shashua says the company's computer vision system works well because it only has to identify a handful of objects. But he hopes that within the next five years, the system will be able to reliably recognize almost everything within a scene. "There are at least 1,000 object classes you need to know in an image to at least do semi-autonomous driving," including signs, lights, guard rails, poles, bridges, exits, and more, he said during a symposium on artificial intelligence at MIT last week.

Mobileye is developing specialized hardware to support the specific demands of rapid image recognition. "There's still a long way to go to build hardware that is efficient, low cost, low power, that can do very complex computer vision," Shashua adds.

Better machine vision systems might lead to significant advances in robotics. "How we deploy our robots is limited by what we can do with perception, so improvements in perception will lead them to be smarter and have modicums of common sense," says Brooks.

Tuesday, May 10, 2011

The Human Body, Searchable in 3-D

The first online 3-D interactive search tool of the human body was released today. It allows a user to view and navigate the human anatomy, male or female, down to the finest detail—from the muscles and deep muscles to the nerves, arteries, vessels, and bones. This new tool, called BodyMaps, was developed by Healthline Networks, a company that provides medical information to consumers online, and GE Healthyimagination, a Web-based platform that shares and promotes projects that focus on consumer health, such as apps or healthy how-to videos.

BodyMaps is a consumer tool developed to educate the user on health conditions or medical ailments. At the center of the BodyMaps page is a 3-D image of the body; at left is textual information about the body section being shown. As a user mouses over the text, the section of the body in the image is highlighted, and vice versa if a user mouses over the image. At the bottom is a scrubber that lets the user rotate the body 360 degrees. The page also features videos, tips on staying healthy, information on symptoms and conditions, and a definition of the section in view.

The user can select a body region to explore by clicking the text or image, or by using the search tool. Selecting shoulders generated a crisp, high-definition 3-D image of the shoulder section, starting at the skin level, with the option to click through to see the muscles, nerves and vessels, and bone. Choosing the deltoid muscle, a definition popped up and the remaining muscles were shaded out. An option to read more provided a lengthy definition and description of the muscle, including common injuries and their causes and symptoms.

There is also an anatomy list for each body section the user chooses to view—the heart even has a cross-section view and a diagram of blood flow while the knee shows each layer of connective tissues.

BodyMaps is a flash application and can be viewed in any browser; it does not require the user to download any software or special programs to run. "This is not a science experiment," says West Shell, chairman and CEO of Healthline Networks. "We have built this as a search product for consumer education," he says.

Google is working on a similar project called Google Body, which is part of Google Labs. Unlike BodyMaps, it requires a Web 3-D standard called WebGL and can only be used in a Chrome browser. Google Body also lacks the level of detail both in its imagery and information that is available in BodyMaps.

BodyMaps was built using Healthline's taxonomy, a database of health and medical information the company spent 10 years building. It relates the different attributes and facets of a disease or condition to relevant symptoms and treatments, types of doctors, and even insurance billing codes. When a user conducts a search, all the relevant information is displayed. To create the 3-D graphics, Healthline and GE Healthyimagination used over 25 medical illustrators to first make the drawings. They then partnered with Visible Productions to do the 3-D modeling and applied the existing taxonomy and search and navigation technology to the models.

Shell says the most viewed information on is visual data such as images, videos, and animations. "We are enhancing the visual learning experience by making the 3-D body the platform for navigation," he says.

The next phase of development for the new 3-D tool is to make it available on mobile devices and tablets. To do so, Healthline is building the application in HTML 5, a programming language that is supported by most devices. Shell expects BodyMaps to be on mobile platforms in the next six months to a year.

The system, while the first of its kind, still needs some work. Some queries, like "large intestine," produce no results, and certain "read more" sections, such as in the knee region, do not have any additional information. Also, choosing to "read more" about the muscle "biceps brachii," displayed in the shoulder region, makes the user go back to the arm section.

The company expects to introduce additional capabilities by June that will let users explore in 3-D graphics the progression of a disease, how a drug works in the body, a medical procedure, or even an injury. At least 20 different scenarios will be launched initially, and new ones will continue to be released. Further planned improvements will let users upload his or her medical imagery into the system and compare it with the information in BodyMaps.

Shell says Healthline is conducting a pilot study with GE, integrating the imagery from the company's electronic medical record system with BodyMaps. This application will not be available to users "for a while," but should be implemented widely across GE for testing later this year, he says.

the page: